nttdocorno.co.jp.xbrtrku.cn Open in urlscan Pro
204.44.94.126  Malicious Activity! Public Scan

URL: https://nttdocorno.co.jp.xbrtrku.cn/
Submission Tags: krdtest
Submission: On August 24 via api from JP

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 20 HTTP transactions. The main IP is 204.44.94.126, located in Los Angeles, United States and belongs to ASN-QUADRANET-GLOBAL, US. The main domain is nttdocorno.co.jp.xbrtrku.cn.
TLS certificate: Issued by R3 on August 24th 2021. Valid for: 3 months.
This is the only time nttdocorno.co.jp.xbrtrku.cn was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: NTT Docomo (Telecommunication)

Domain & IP information

IP Address AS Autonomous System
19 204.44.94.126 8100 (ASN-QUADR...)
1 49.102.154.13 9605 (DOCOMO NT...)
20 2
Apex Domain
Subdomains
Transfer
19 xbrtrku.cn
nttdocorno.co.jp.xbrtrku.cn
232 KB
1 docomo.ne.jp
id.smt.docomo.ne.jp
219 B
20 2
Domain Requested by
19 nttdocorno.co.jp.xbrtrku.cn nttdocorno.co.jp.xbrtrku.cn
1 id.smt.docomo.ne.jp
20 2

This site contains no links.

Subject Issuer Validity Valid
nttdocorno.co.jp.xbrtrku.cn
R3
2021-08-24 -
2021-11-22
3 months crt.sh
id.smt.docomo.ne.jp
DigiCert SHA2 Secure Server CA
2020-06-08 -
2021-09-30
a year crt.sh

This page contains 1 frames:

Primary Page: https://nttdocorno.co.jp.xbrtrku.cn/
Frame ID: B000CDC2F5DA4FDF3E7CB277BDEC8975
Requests: 20 HTTP requests in this frame

Screenshot

Page Title

dアカウント - ログイン

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^/]*\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

20
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

232 kB
Transfer

673 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
nttdocorno.co.jp.xbrtrku.cn/
9 KB
3 KB
Document
General
Full URL
https://nttdocorno.co.jp.xbrtrku.cn/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.44.94.126 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
204.44.94.126.static.quadranet.com
Software
Apache /
Resource Hash
27fc88d7cae41d666c593138e4db3b9d30968df6a7c7b831cb8b13348ac54936

Request headers

:method
GET
:authority
nttdocorno.co.jp.xbrtrku.cn
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 24 Aug 2021 20:54:25 GMT
server
Apache
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
set-cookie
PHPSESSID=5qb8d8i0kkp3btc7l3mfb232ip; path=/
vary
Accept-Encoding
content-encoding
gzip
content-length
3164
content-type
text/html; charset=utf-8
auth_layout_v5_style.css
nttdocorno.co.jp.xbrtrku.cn/assets/new/static/css/
22 KB
6 KB
Stylesheet
General
Full URL
https://nttdocorno.co.jp.xbrtrku.cn/assets/new/static/css/auth_layout_v5_style.css
Requested by
Host: nttdocorno.co.jp.xbrtrku.cn
URL: https://nttdocorno.co.jp.xbrtrku.cn/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.44.94.126 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
204.44.94.126.static.quadranet.com
Software
Apache /
Resource Hash
72aa999389fd2726563f5a8f30c7cfe58d00251d1100232a22a78b9114352166

Request headers

:path
/assets/new/static/css/auth_layout_v5_style.css
pragma
no-cache
cookie
PHPSESSID=5qb8d8i0kkp3btc7l3mfb232ip
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
nttdocorno.co.jp.xbrtrku.cn
referer
https://nttdocorno.co.jp.xbrtrku.cn/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nttdocorno.co.jp.xbrtrku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 24 Aug 2021 20:54:26 GMT
content-encoding
gzip
last-modified
Tue, 10 Aug 2021 19:39:14 GMT
server
Apache
etag
"58bf-5c939a817bc80-gzip"
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
5577
auth_layout_v5_pc.css
nttdocorno.co.jp.xbrtrku.cn/assets/new/static/css/
8 KB
2 KB
Stylesheet
General
Full URL
https://nttdocorno.co.jp.xbrtrku.cn/assets/new/static/css/auth_layout_v5_pc.css
Requested by
Host: nttdocorno.co.jp.xbrtrku.cn
URL: https://nttdocorno.co.jp.xbrtrku.cn/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.44.94.126 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
204.44.94.126.static.quadranet.com
Software
Apache /
Resource Hash
173cf4dc28fb3617648263f11fdf91e6d90e2ae319ca157270b9827033c30bf3

Request headers

:path
/assets/new/static/css/auth_layout_v5_pc.css
pragma
no-cache
cookie
PHPSESSID=5qb8d8i0kkp3btc7l3mfb232ip
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
nttdocorno.co.jp.xbrtrku.cn
referer
https://nttdocorno.co.jp.xbrtrku.cn/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nttdocorno.co.jp.xbrtrku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 24 Aug 2021 20:54:26 GMT
content-encoding
gzip
last-modified
Tue, 10 Aug 2021 19:39:14 GMT
server
Apache
etag
"20b5-5c939a817bc80-gzip"
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
2351
jquery-1.9.1.min.js
nttdocorno.co.jp.xbrtrku.cn/assets/new/static/js/
90 KB
32 KB
Script
General
Full URL
https://nttdocorno.co.jp.xbrtrku.cn/assets/new/static/js/jquery-1.9.1.min.js
Requested by
Host: nttdocorno.co.jp.xbrtrku.cn
URL: https://nttdocorno.co.jp.xbrtrku.cn/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.44.94.126 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
204.44.94.126.static.quadranet.com
Software
Apache /
Resource Hash
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Request headers

:path
/assets/new/static/js/jquery-1.9.1.min.js
pragma
no-cache
cookie
PHPSESSID=5qb8d8i0kkp3btc7l3mfb232ip
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
nttdocorno.co.jp.xbrtrku.cn
referer
https://nttdocorno.co.jp.xbrtrku.cn/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nttdocorno.co.jp.xbrtrku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 24 Aug 2021 20:54:26 GMT
content-encoding
gzip
last-modified
Tue, 10 Aug 2021 19:39:22 GMT
server
Apache
etag
"169d5-5c939a891ce80-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
content-length
32775
auth_IDFPS-IJ0002_v6.js
nttdocorno.co.jp.xbrtrku.cn/assets/new/static/js/
17 KB
4 KB
Script
General
Full URL
https://nttdocorno.co.jp.xbrtrku.cn/assets/new/static/js/auth_IDFPS-IJ0002_v6.js
Requested by
Host: nttdocorno.co.jp.xbrtrku.cn
URL: https://nttdocorno.co.jp.xbrtrku.cn/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.44.94.126 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
204.44.94.126.static.quadranet.com
Software
Apache /
Resource Hash
7683b4e530ca40f167b5695ba3ae55c2922d447d8ff764e8faf08579d7593e85

Request headers

:path
/assets/new/static/js/auth_IDFPS-IJ0002_v6.js
pragma
no-cache
cookie
PHPSESSID=5qb8d8i0kkp3btc7l3mfb232ip
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
nttdocorno.co.jp.xbrtrku.cn
referer
https://nttdocorno.co.jp.xbrtrku.cn/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nttdocorno.co.jp.xbrtrku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 24 Aug 2021 20:54:26 GMT
content-encoding
gzip
last-modified
Tue, 10 Aug 2021 19:39:22 GMT
server
Apache
etag
"454b-5c939a891ce80-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
content-length
3860
auth_validation_v5.js
nttdocorno.co.jp.xbrtrku.cn/assets/new/static/js/
8 KB
2 KB
Script
General
Full URL
https://nttdocorno.co.jp.xbrtrku.cn/assets/new/static/js/auth_validation_v5.js
Requested by
Host: nttdocorno.co.jp.xbrtrku.cn
URL: https://nttdocorno.co.jp.xbrtrku.cn/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.44.94.126 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
204.44.94.126.static.quadranet.com
Software
Apache /
Resource Hash
b873af2cb3674cb4c47edddb6614b4542c4f09b404c3ad278013cbdca192a6ac

Request headers

:path
/assets/new/static/js/auth_validation_v5.js
pragma
no-cache
cookie
PHPSESSID=5qb8d8i0kkp3btc7l3mfb232ip
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
nttdocorno.co.jp.xbrtrku.cn
referer
https://nttdocorno.co.jp.xbrtrku.cn/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nttdocorno.co.jp.xbrtrku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 24 Aug 2021 20:54:26 GMT
content-encoding
gzip
last-modified
Tue, 10 Aug 2021 19:39:22 GMT
server
Apache
etag
"2199-5c939a891ce80-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
content-length
2001
auth_dispCtl_v2.js
nttdocorno.co.jp.xbrtrku.cn/assets/new/static/js/
740 B
419 B
Script
General
Full URL
https://nttdocorno.co.jp.xbrtrku.cn/assets/new/static/js/auth_dispCtl_v2.js
Requested by
Host: nttdocorno.co.jp.xbrtrku.cn
URL: https://nttdocorno.co.jp.xbrtrku.cn/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.44.94.126 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
204.44.94.126.static.quadranet.com
Software
Apache /
Resource Hash
3b4a493be4a3d49f41c289ad95f655725cbfe6d53cc3c400f0d564395fb4bebd

Request headers

:path
/assets/new/static/js/auth_dispCtl_v2.js
pragma
no-cache
cookie
PHPSESSID=5qb8d8i0kkp3btc7l3mfb232ip
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
nttdocorno.co.jp.xbrtrku.cn
referer
https://nttdocorno.co.jp.xbrtrku.cn/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nttdocorno.co.jp.xbrtrku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 24 Aug 2021 20:54:26 GMT
content-encoding
gzip
last-modified
Tue, 10 Aug 2021 19:39:22 GMT
server
Apache
etag
"2e4-5c939a891ce80-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
content-length
366
auth_accordion.js
nttdocorno.co.jp.xbrtrku.cn/assets/new/static/js/
608 B
373 B
Script
General
Full URL
https://nttdocorno.co.jp.xbrtrku.cn/assets/new/static/js/auth_accordion.js
Requested by
Host: nttdocorno.co.jp.xbrtrku.cn
URL: https://nttdocorno.co.jp.xbrtrku.cn/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.44.94.126 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
204.44.94.126.static.quadranet.com
Software
Apache /
Resource Hash
52e33a8577de91c095569ac146a3d4165244decbbe82a7dbf85a4af70b9d62c5

Request headers

:path
/assets/new/static/js/auth_accordion.js
pragma
no-cache
cookie
PHPSESSID=5qb8d8i0kkp3btc7l3mfb232ip
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
nttdocorno.co.jp.xbrtrku.cn
referer
https://nttdocorno.co.jp.xbrtrku.cn/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nttdocorno.co.jp.xbrtrku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 24 Aug 2021 20:54:26 GMT
content-encoding
gzip
last-modified
Tue, 10 Aug 2021 19:39:22 GMT
server
Apache
etag
"260-5c939a891ce80-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
content-length
321
beacon.js
nttdocorno.co.jp.xbrtrku.cn/assets/new/static/js/
423 B
294 B
Script
General
Full URL
https://nttdocorno.co.jp.xbrtrku.cn/assets/new/static/js/beacon.js
Requested by
Host: nttdocorno.co.jp.xbrtrku.cn
URL: https://nttdocorno.co.jp.xbrtrku.cn/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.44.94.126 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
204.44.94.126.static.quadranet.com
Software
Apache /
Resource Hash
4ac2d652afb70293e9b3763d5bb9866010a5b58c031c8e80a2c984369cf96f26

Request headers

:path
/assets/new/static/js/beacon.js
pragma
no-cache
cookie
PHPSESSID=5qb8d8i0kkp3btc7l3mfb232ip
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
nttdocorno.co.jp.xbrtrku.cn
referer
https://nttdocorno.co.jp.xbrtrku.cn/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nttdocorno.co.jp.xbrtrku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 24 Aug 2021 20:54:26 GMT
content-encoding
gzip
last-modified
Tue, 10 Aug 2021 19:39:22 GMT
server
Apache
etag
"1a7-5c939a891ce80-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
content-length
242
layui.css
nttdocorno.co.jp.xbrtrku.cn/assets/static/css/
78 KB
14 KB
Stylesheet
General
Full URL
https://nttdocorno.co.jp.xbrtrku.cn/assets/static/css/layui.css
Requested by
Host: nttdocorno.co.jp.xbrtrku.cn
URL: https://nttdocorno.co.jp.xbrtrku.cn/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.44.94.126 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
204.44.94.126.static.quadranet.com
Software
Apache /
Resource Hash
2099b96e5926889f45e5ee5613a8ddc2b81b8ba8a164711d80882523e1353091

Request headers

:path
/assets/static/css/layui.css
pragma
no-cache
cookie
PHPSESSID=5qb8d8i0kkp3btc7l3mfb232ip
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
nttdocorno.co.jp.xbrtrku.cn
referer
https://nttdocorno.co.jp.xbrtrku.cn/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nttdocorno.co.jp.xbrtrku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 24 Aug 2021 20:54:26 GMT
content-encoding
gzip
last-modified
Wed, 16 Jun 2021 21:20:52 GMT
server
Apache
etag
"137e8-5c4e8aa4a3500-gzip"
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
14364
layui.js
nttdocorno.co.jp.xbrtrku.cn/assets/layui/
284 KB
92 KB
Script
General
Full URL
https://nttdocorno.co.jp.xbrtrku.cn/assets/layui/layui.js
Requested by
Host: nttdocorno.co.jp.xbrtrku.cn
URL: https://nttdocorno.co.jp.xbrtrku.cn/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.44.94.126 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
204.44.94.126.static.quadranet.com
Software
Apache /
Resource Hash
92c7997b3dce6ab2368b1bdb34ff4b67ac77957898a126c7eba452a8080bec95

Request headers

:path
/assets/layui/layui.js
pragma
no-cache
cookie
PHPSESSID=5qb8d8i0kkp3btc7l3mfb232ip
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
nttdocorno.co.jp.xbrtrku.cn
referer
https://nttdocorno.co.jp.xbrtrku.cn/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nttdocorno.co.jp.xbrtrku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 24 Aug 2021 20:54:26 GMT
content-encoding
gzip
last-modified
Sun, 30 May 2021 21:18:10 GMT
server
Apache
etag
"471d6-5c392a554e880-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
logo_header.png
nttdocorno.co.jp.xbrtrku.cn/assets/new/static/picture/
2 KB
2 KB
Image
General
Full URL
https://nttdocorno.co.jp.xbrtrku.cn/assets/new/static/picture/logo_header.png
Requested by
Host: nttdocorno.co.jp.xbrtrku.cn
URL: https://nttdocorno.co.jp.xbrtrku.cn/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.44.94.126 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
204.44.94.126.static.quadranet.com
Software
Apache /
Resource Hash
350f4d5bef39bf376d051c55cde14d8def0435a34f1cf5f3a5355fe0bc2cb356

Request headers

:path
/assets/new/static/picture/logo_header.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
nttdocorno.co.jp.xbrtrku.cn
referer
https://nttdocorno.co.jp.xbrtrku.cn/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nttdocorno.co.jp.xbrtrku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 24 Aug 2021 20:54:26 GMT
last-modified
Tue, 10 Aug 2021 19:39:22 GMT
server
Apache
accept-ranges
bytes
etag
"848-5c939a891ce80"
content-length
2120
content-type
image/png
banner06.jpg
nttdocorno.co.jp.xbrtrku.cn/assets/new/static/picture/
31 KB
31 KB
Image
General
Full URL
https://nttdocorno.co.jp.xbrtrku.cn/assets/new/static/picture/banner06.jpg
Requested by
Host: nttdocorno.co.jp.xbrtrku.cn
URL: https://nttdocorno.co.jp.xbrtrku.cn/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.44.94.126 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
204.44.94.126.static.quadranet.com
Software
Apache /
Resource Hash
687b4426ef7e1103232a8fbd32cae8a85a512b021596718b9e7f1a732239773d

Request headers

:path
/assets/new/static/picture/banner06.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
nttdocorno.co.jp.xbrtrku.cn
referer
https://nttdocorno.co.jp.xbrtrku.cn/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nttdocorno.co.jp.xbrtrku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 24 Aug 2021 20:54:26 GMT
last-modified
Tue, 10 Aug 2021 19:39:22 GMT
server
Apache
accept-ranges
bytes
etag
"7a3c-5c939a891ce80"
content-length
31292
content-type
image/jpeg
footer_copyright.png
nttdocorno.co.jp.xbrtrku.cn/assets/new/static/picture/
4 KB
4 KB
Image
General
Full URL
https://nttdocorno.co.jp.xbrtrku.cn/assets/new/static/picture/footer_copyright.png
Requested by
Host: nttdocorno.co.jp.xbrtrku.cn
URL: https://nttdocorno.co.jp.xbrtrku.cn/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.44.94.126 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
204.44.94.126.static.quadranet.com
Software
Apache /
Resource Hash
d27fb126f122a2a567a0eb0a6b9d32edc61ff441a3d99522f8bc989b297ecce3

Request headers

:path
/assets/new/static/picture/footer_copyright.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
nttdocorno.co.jp.xbrtrku.cn
referer
https://nttdocorno.co.jp.xbrtrku.cn/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nttdocorno.co.jp.xbrtrku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 24 Aug 2021 20:54:26 GMT
last-modified
Tue, 10 Aug 2021 19:39:22 GMT
server
Apache
accept-ranges
bytes
etag
"fa6-5c939a891ce80"
content-length
4006
content-type
image/png
jquery.min.js
nttdocorno.co.jp.xbrtrku.cn/assets/static/js/
94 KB
33 KB
Script
General
Full URL
https://nttdocorno.co.jp.xbrtrku.cn/assets/static/js/jquery.min.js
Requested by
Host: nttdocorno.co.jp.xbrtrku.cn
URL: https://nttdocorno.co.jp.xbrtrku.cn/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.44.94.126 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
204.44.94.126.static.quadranet.com
Software
Apache /
Resource Hash
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

:path
/assets/static/js/jquery.min.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
nttdocorno.co.jp.xbrtrku.cn
referer
https://nttdocorno.co.jp.xbrtrku.cn/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nttdocorno.co.jp.xbrtrku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 24 Aug 2021 20:54:26 GMT
content-encoding
gzip
last-modified
Wed, 16 Jun 2021 21:20:52 GMT
server
Apache
etag
"1762a-5c4e8aa4a3500-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
content-length
33225
laydate.css
nttdocorno.co.jp.xbrtrku.cn/assets/layui/css/modules/laydate/default/
7 KB
2 KB
Stylesheet
General
Full URL
https://nttdocorno.co.jp.xbrtrku.cn/assets/layui/css/modules/laydate/default/laydate.css?v=5.3.1
Requested by
Host: nttdocorno.co.jp.xbrtrku.cn
URL: https://nttdocorno.co.jp.xbrtrku.cn/assets/layui/layui.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.44.94.126 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
204.44.94.126.static.quadranet.com
Software
Apache /
Resource Hash
ab9dbdf922a26509951347fcfa83704d86afd2df855c827740c23df72fd8ab3f

Request headers

:path
/assets/layui/css/modules/laydate/default/laydate.css?v=5.3.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
nttdocorno.co.jp.xbrtrku.cn
referer
https://nttdocorno.co.jp.xbrtrku.cn/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nttdocorno.co.jp.xbrtrku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 24 Aug 2021 20:54:26 GMT
content-encoding
gzip
last-modified
Sun, 30 May 2021 21:18:10 GMT
server
Apache
etag
"1cc5-5c392a554e880-gzip"
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
1704
layer.css
nttdocorno.co.jp.xbrtrku.cn/assets/layui/css/modules/layer/default/
14 KB
3 KB
Stylesheet
General
Full URL
https://nttdocorno.co.jp.xbrtrku.cn/assets/layui/css/modules/layer/default/layer.css?v=3.5.1
Requested by
Host: nttdocorno.co.jp.xbrtrku.cn
URL: https://nttdocorno.co.jp.xbrtrku.cn/assets/layui/layui.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.44.94.126 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
204.44.94.126.static.quadranet.com
Software
Apache /
Resource Hash
5cdf3edb27b0c9f8e48918c486e9ae65a9e5beab806b64c4a7bc5bac53c0f540

Request headers

:path
/assets/layui/css/modules/layer/default/layer.css?v=3.5.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
nttdocorno.co.jp.xbrtrku.cn
referer
https://nttdocorno.co.jp.xbrtrku.cn/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nttdocorno.co.jp.xbrtrku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 24 Aug 2021 20:54:26 GMT
content-encoding
gzip
last-modified
Sun, 30 May 2021 21:18:08 GMT
server
Apache
etag
"37bf-5c392a5366400-gzip"
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
2789
code.css
nttdocorno.co.jp.xbrtrku.cn/assets/layui/css/modules/
1 KB
545 B
Stylesheet
General
Full URL
https://nttdocorno.co.jp.xbrtrku.cn/assets/layui/css/modules/code.css?v=2
Requested by
Host: nttdocorno.co.jp.xbrtrku.cn
URL: https://nttdocorno.co.jp.xbrtrku.cn/assets/layui/layui.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.44.94.126 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
204.44.94.126.static.quadranet.com
Software
Apache /
Resource Hash
3f27194c2e479212781a76f993b778d724ac9838e780b19472c0357cd3081431

Request headers

:path
/assets/layui/css/modules/code.css?v=2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
nttdocorno.co.jp.xbrtrku.cn
referer
https://nttdocorno.co.jp.xbrtrku.cn/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nttdocorno.co.jp.xbrtrku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 24 Aug 2021 20:54:26 GMT
content-encoding
gzip
last-modified
Sun, 30 May 2021 21:18:08 GMT
server
Apache
etag
"527-5c392a5366400-gzip"
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
491
bg_spring.png
nttdocorno.co.jp.xbrtrku.cn/assets/new/static/image/
102 B
148 B
Image
General
Full URL
https://nttdocorno.co.jp.xbrtrku.cn/assets/new/static/image/bg_spring.png
Requested by
Host: nttdocorno.co.jp.xbrtrku.cn
URL: https://nttdocorno.co.jp.xbrtrku.cn/assets/new/static/css/auth_layout_v5_pc.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.44.94.126 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
204.44.94.126.static.quadranet.com
Software
Apache /
Resource Hash
293b57cc384290eab34796b4a5be203a7de0bbd6c6bcfb9bc41596fe622b5ee9

Request headers

:path
/assets/new/static/image/bg_spring.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
nttdocorno.co.jp.xbrtrku.cn
referer
https://nttdocorno.co.jp.xbrtrku.cn/assets/new/static/css/auth_layout_v5_pc.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nttdocorno.co.jp.xbrtrku.cn/assets/new/static/css/auth_layout_v5_pc.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 24 Aug 2021 20:54:26 GMT
last-modified
Tue, 10 Aug 2021 19:39:14 GMT
server
Apache
accept-ranges
bytes
etag
"66-5c939a817bc80"
content-length
102
content-type
image/png
empty.gif
id.smt.docomo.ne.jp/img/
43 B
219 B
Image
General
Full URL
https://id.smt.docomo.ne.jp/img/empty.gif?acs_url=https://nttdocorno.co.jp.xbrtrku.cn/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
49.102.154.13 , Japan, ASN9605 (DOCOMO NTT DOCOMO, INC., JP),
Reverse DNS
Software
/
Resource Hash
db5d64a9ea32ed3abb874f295003ef2465cecc2f669efe951930e182c34a5013
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://nttdocorno.co.jp.xbrtrku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Tue, 24 Aug 2021 20:54:26 GMT
Last-Modified
Fri, 21 Sep 2018 12:33:35 GMT
Content-Length
43
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: NTT Docomo (Telecommunication)

84 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery string| DCMID_COOKIE number| DCMID_EXPIRE number| BTN_CTL_ENABLE number| BTN_CTL_DISABLE boolean| COOKIE_SECURE number| BTN_TIMEOUT string| BTN_TYPE string| BTN_TYPE_IMG string| COOKIE_DOMAIN string| DOCOMOID_FORM string| DOCOMOID_UID string| DOCOMOID_PASS string| DOCOMONAME_SAVE string| BTN_NAME number| AUTH_TYPE_PW number| AUTH_TYPE_SEC string| DISP_AUTH_PW string| DISP_AUTH_SEC string| IDMSN_CHANGE_SEPARATOR undefined| userErrMsg number| submitFlg function| loginFormOnLoad function| chgDispById function| chgDisp function| setLoginForm function| setCookie function| getCookie function| doBeforeLogin0 function| doBeforeLogin2 function| changeIDMSNCookie0 function| getCharCDFromString function| getStringFromCharCD function| checkForm0 function| checkFormOneTime0 function| checkLength function| getByteStringLength function| buttonControl function| doBeforeLogin1 function| doBeforeLogin3 function| checkForm3 function| doBeforeLogin4 function| checkForm4 function| doBeforeLogin5 function| checkForm5 function| setDispAuth function| isSet function| isLength function| isLengthUnder function| isLengthUpper function| isBounds function| isAgree function| isCharCode function| isPwCharCode function| isNwPwCharCode function| getMsg function| setErr function| focusErr function| clearErr function| dispCtl function| launchApp function| launchApp2 function| setImg object| layui function| lay number| errors object| layer object| jQuery19106601428155011078 number| isEasyExec number| isEasyUnKnown number| secondDeviceFlg string| scrid

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

id.smt.docomo.ne.jp
nttdocorno.co.jp.xbrtrku.cn
204.44.94.126
49.102.154.13
173cf4dc28fb3617648263f11fdf91e6d90e2ae319ca157270b9827033c30bf3
2099b96e5926889f45e5ee5613a8ddc2b81b8ba8a164711d80882523e1353091
27fc88d7cae41d666c593138e4db3b9d30968df6a7c7b831cb8b13348ac54936
293b57cc384290eab34796b4a5be203a7de0bbd6c6bcfb9bc41596fe622b5ee9
350f4d5bef39bf376d051c55cde14d8def0435a34f1cf5f3a5355fe0bc2cb356
3b4a493be4a3d49f41c289ad95f655725cbfe6d53cc3c400f0d564395fb4bebd
3f27194c2e479212781a76f993b778d724ac9838e780b19472c0357cd3081431
4ac2d652afb70293e9b3763d5bb9866010a5b58c031c8e80a2c984369cf96f26
52e33a8577de91c095569ac146a3d4165244decbbe82a7dbf85a4af70b9d62c5
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
5cdf3edb27b0c9f8e48918c486e9ae65a9e5beab806b64c4a7bc5bac53c0f540
687b4426ef7e1103232a8fbd32cae8a85a512b021596718b9e7f1a732239773d
72aa999389fd2726563f5a8f30c7cfe58d00251d1100232a22a78b9114352166
7683b4e530ca40f167b5695ba3ae55c2922d447d8ff764e8faf08579d7593e85
92c7997b3dce6ab2368b1bdb34ff4b67ac77957898a126c7eba452a8080bec95
ab9dbdf922a26509951347fcfa83704d86afd2df855c827740c23df72fd8ab3f
b873af2cb3674cb4c47edddb6614b4542c4f09b404c3ad278013cbdca192a6ac
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
d27fb126f122a2a567a0eb0a6b9d32edc61ff441a3d99522f8bc989b297ecce3
db5d64a9ea32ed3abb874f295003ef2465cecc2f669efe951930e182c34a5013