nttdocorno.co.jp.xbrtrku.cn
Open in
urlscan Pro
204.44.94.126
Malicious Activity!
Public Scan
Submission Tags: krdtest
Submission: On August 24 via api from JP
Summary
TLS certificate: Issued by R3 on August 24th 2021. Valid for: 3 months.
This is the only time nttdocorno.co.jp.xbrtrku.cn was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: NTT Docomo (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
19 | 204.44.94.126 204.44.94.126 | 8100 (ASN-QUADR...) (ASN-QUADRANET-GLOBAL) | |
1 | 49.102.154.13 49.102.154.13 | 9605 (DOCOMO NT...) (DOCOMO NTT DOCOMO) | |
20 | 2 |
ASN8100 (ASN-QUADRANET-GLOBAL, US)
PTR: 204.44.94.126.static.quadranet.com
nttdocorno.co.jp.xbrtrku.cn |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
xbrtrku.cn
nttdocorno.co.jp.xbrtrku.cn |
232 KB |
1 |
docomo.ne.jp
id.smt.docomo.ne.jp |
219 B |
20 | 2 |
Domain | Requested by | |
---|---|---|
19 | nttdocorno.co.jp.xbrtrku.cn |
nttdocorno.co.jp.xbrtrku.cn
|
1 | id.smt.docomo.ne.jp | |
20 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
nttdocorno.co.jp.xbrtrku.cn R3 |
2021-08-24 - 2021-11-22 |
3 months | crt.sh |
id.smt.docomo.ne.jp DigiCert SHA2 Secure Server CA |
2020-06-08 - 2021-09-30 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://nttdocorno.co.jp.xbrtrku.cn/
Frame ID: B000CDC2F5DA4FDF3E7CB277BDEC8975
Requests: 20 HTTP requests in this frame
Screenshot
Page Title
dアカウント - ログインDetected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
nttdocorno.co.jp.xbrtrku.cn/ |
9 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
auth_layout_v5_style.css
nttdocorno.co.jp.xbrtrku.cn/assets/new/static/css/ |
22 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
auth_layout_v5_pc.css
nttdocorno.co.jp.xbrtrku.cn/assets/new/static/css/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.9.1.min.js
nttdocorno.co.jp.xbrtrku.cn/assets/new/static/js/ |
90 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
auth_IDFPS-IJ0002_v6.js
nttdocorno.co.jp.xbrtrku.cn/assets/new/static/js/ |
17 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
auth_validation_v5.js
nttdocorno.co.jp.xbrtrku.cn/assets/new/static/js/ |
8 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
auth_dispCtl_v2.js
nttdocorno.co.jp.xbrtrku.cn/assets/new/static/js/ |
740 B 419 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
auth_accordion.js
nttdocorno.co.jp.xbrtrku.cn/assets/new/static/js/ |
608 B 373 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
beacon.js
nttdocorno.co.jp.xbrtrku.cn/assets/new/static/js/ |
423 B 294 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
layui.css
nttdocorno.co.jp.xbrtrku.cn/assets/static/css/ |
78 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
layui.js
nttdocorno.co.jp.xbrtrku.cn/assets/layui/ |
284 KB 92 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_header.png
nttdocorno.co.jp.xbrtrku.cn/assets/new/static/picture/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
banner06.jpg
nttdocorno.co.jp.xbrtrku.cn/assets/new/static/picture/ |
31 KB 31 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
footer_copyright.png
nttdocorno.co.jp.xbrtrku.cn/assets/new/static/picture/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
nttdocorno.co.jp.xbrtrku.cn/assets/static/js/ |
94 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
laydate.css
nttdocorno.co.jp.xbrtrku.cn/assets/layui/css/modules/laydate/default/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
layer.css
nttdocorno.co.jp.xbrtrku.cn/assets/layui/css/modules/layer/default/ |
14 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
code.css
nttdocorno.co.jp.xbrtrku.cn/assets/layui/css/modules/ |
1 KB 545 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg_spring.png
nttdocorno.co.jp.xbrtrku.cn/assets/new/static/image/ |
102 B 148 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
empty.gif
id.smt.docomo.ne.jp/img/ |
43 B 219 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: NTT Docomo (Telecommunication)84 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery string| DCMID_COOKIE number| DCMID_EXPIRE number| BTN_CTL_ENABLE number| BTN_CTL_DISABLE boolean| COOKIE_SECURE number| BTN_TIMEOUT string| BTN_TYPE string| BTN_TYPE_IMG string| COOKIE_DOMAIN string| DOCOMOID_FORM string| DOCOMOID_UID string| DOCOMOID_PASS string| DOCOMONAME_SAVE string| BTN_NAME number| AUTH_TYPE_PW number| AUTH_TYPE_SEC string| DISP_AUTH_PW string| DISP_AUTH_SEC string| IDMSN_CHANGE_SEPARATOR undefined| userErrMsg number| submitFlg function| loginFormOnLoad function| chgDispById function| chgDisp function| setLoginForm function| setCookie function| getCookie function| doBeforeLogin0 function| doBeforeLogin2 function| changeIDMSNCookie0 function| getCharCDFromString function| getStringFromCharCD function| checkForm0 function| checkFormOneTime0 function| checkLength function| getByteStringLength function| buttonControl function| doBeforeLogin1 function| doBeforeLogin3 function| checkForm3 function| doBeforeLogin4 function| checkForm4 function| doBeforeLogin5 function| checkForm5 function| setDispAuth function| isSet function| isLength function| isLengthUnder function| isLengthUpper function| isBounds function| isAgree function| isCharCode function| isPwCharCode function| isNwPwCharCode function| getMsg function| setErr function| focusErr function| clearErr function| dispCtl function| launchApp function| launchApp2 function| setImg object| layui function| lay number| errors object| layer object| jQuery19106601428155011078 number| isEasyExec number| isEasyUnKnown number| secondDeviceFlg string| scrid0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
id.smt.docomo.ne.jp
nttdocorno.co.jp.xbrtrku.cn
204.44.94.126
49.102.154.13
173cf4dc28fb3617648263f11fdf91e6d90e2ae319ca157270b9827033c30bf3
2099b96e5926889f45e5ee5613a8ddc2b81b8ba8a164711d80882523e1353091
27fc88d7cae41d666c593138e4db3b9d30968df6a7c7b831cb8b13348ac54936
293b57cc384290eab34796b4a5be203a7de0bbd6c6bcfb9bc41596fe622b5ee9
350f4d5bef39bf376d051c55cde14d8def0435a34f1cf5f3a5355fe0bc2cb356
3b4a493be4a3d49f41c289ad95f655725cbfe6d53cc3c400f0d564395fb4bebd
3f27194c2e479212781a76f993b778d724ac9838e780b19472c0357cd3081431
4ac2d652afb70293e9b3763d5bb9866010a5b58c031c8e80a2c984369cf96f26
52e33a8577de91c095569ac146a3d4165244decbbe82a7dbf85a4af70b9d62c5
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
5cdf3edb27b0c9f8e48918c486e9ae65a9e5beab806b64c4a7bc5bac53c0f540
687b4426ef7e1103232a8fbd32cae8a85a512b021596718b9e7f1a732239773d
72aa999389fd2726563f5a8f30c7cfe58d00251d1100232a22a78b9114352166
7683b4e530ca40f167b5695ba3ae55c2922d447d8ff764e8faf08579d7593e85
92c7997b3dce6ab2368b1bdb34ff4b67ac77957898a126c7eba452a8080bec95
ab9dbdf922a26509951347fcfa83704d86afd2df855c827740c23df72fd8ab3f
b873af2cb3674cb4c47edddb6614b4542c4f09b404c3ad278013cbdca192a6ac
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
d27fb126f122a2a567a0eb0a6b9d32edc61ff441a3d99522f8bc989b297ecce3
db5d64a9ea32ed3abb874f295003ef2465cecc2f669efe951930e182c34a5013