qt.dfgerhd.top
Open in
urlscan Pro
206.238.70.111
Malicious Activity!
Public Scan
Effective URL: https://qt.dfgerhd.top/XNe1nvsNQF/
Submission: On February 02 via manual from JP — Scanned from JP
Summary
TLS certificate: Issued by R3 on February 1st 2024. Valid for: 3 months.
This is the only time qt.dfgerhd.top was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Amazon Japan (Online) Amazon (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:303... 2606:4700:3033::6815:19ea | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
11 | 206.238.70.111 206.238.70.111 | 399077 (TERAEXCH) (TERAEXCH) | |
1 | 2606:4700::68... 2606:4700::6812:1baa | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2600:9000:221... 2600:9000:2218:9e00:10:1731:ff49:ac01 | 16509 (AMAZON-02) (AMAZON-02) | |
14 | 3 |
ASN16509 (AMAZON-02, US)
images-cn.ssl-images-amazon.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
dfgerhd.top
qt.dfgerhd.top |
326 KB |
2 |
ssl-images-amazon.com
images-cn.ssl-images-amazon.com — Cisco Umbrella Rank: 541724 |
69 KB |
1 |
nhetdef.top
idu.nhetdef.top |
245 B |
1 |
ipregistry.co
api.ipregistry.co — Cisco Umbrella Rank: 142954 |
1 KB |
1 |
gdsbjsj.com
1 redirects
666.gdsbjsj.com |
461 B |
14 | 5 |
Domain | Requested by | |
---|---|---|
10 | qt.dfgerhd.top |
qt.dfgerhd.top
|
2 | images-cn.ssl-images-amazon.com | |
1 | idu.nhetdef.top |
amazonjp
|
1 | api.ipregistry.co |
amazonjp
|
1 | 666.gdsbjsj.com | 1 redirects |
14 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.amazon.co.jp |
Subject Issuer | Validity | Valid | |
---|---|---|---|
qt.dfgerhd.top R3 |
2024-02-01 - 2024-05-01 |
3 months | crt.sh |
ipregistry.co Cloudflare Inc ECC CA-3 |
2023-10-03 - 2024-10-02 |
a year | crt.sh |
idu.nhetdef.top R3 |
2024-02-01 - 2024-05-01 |
3 months | crt.sh |
images-cn.ssl-images-amazon.com Amazon RSA 2048 M03 |
2023-10-14 - 2024-11-09 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://qt.dfgerhd.top/XNe1nvsNQF/
Frame ID: AC41CE8CD98EFA4916209196F816E793
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
AmazonサインインPage URL History Show full URLs
-
https://666.gdsbjsj.com/666
HTTP 301
https://qt.dfgerhd.top/XNe1nvsNQF/ Page URL
Page Statistics
10 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: 利用規約
Search URL Search Domain Scan URL
Title: プライバシー規約
Search URL Search Domain Scan URL
Title: パスワードを忘れた場合
Search URL Search Domain Scan URL
Title: その他のログインに関する問題
Search URL Search Domain Scan URL
Title: Amazonビジネスでショッピング
Search URL Search Domain Scan URL
Title: Amazonアカウントを作成する
Search URL Search Domain Scan URL
Title: 利用規約
Search URL Search Domain Scan URL
Title: プライバシー規約
Search URL Search Domain Scan URL
Title: ヘルプ
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://666.gdsbjsj.com/666
HTTP 301
https://qt.dfgerhd.top/XNe1nvsNQF/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
qt.dfgerhd.top/XNe1nvsNQF/ Redirect Chain
|
699 B 547 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jk.js
qt.dfgerhd.top/XNe1nvsNQF/ |
358 B 426 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chunk-vendors.js
qt.dfgerhd.top/XNe1nvsNQF/js/ |
598 KB 127 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.js
qt.dfgerhd.top/XNe1nvsNQF/js/ |
25 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
node_modules_css-loader_dist_runtime_api_js-node_modules_css-loader_dist_runtime_noSourceMaps-459a8b.js
qt.dfgerhd.top/XNe1nvsNQF/js/ |
150 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
src_views_check_vue.js
qt.dfgerhd.top/XNe1nvsNQF/js/ |
27 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
api.ipregistry.co/ |
2 KB 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
transition.e9225637.gif
qt.dfgerhd.top/XNe1nvsNQF/img/ |
65 KB 65 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ip
idu.nhetdef.top/index/api/ |
3 B 245 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
node_modules_crypto-js_index_js-node_modules_css-loader_dist_runtime_getUrl_js-src_views_load-44292b.js
qt.dfgerhd.top/XNe1nvsNQF/js/ |
272 KB 46 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
src_assets_css_01Sdjpc_css_vue_type_style_index_1_lang_css_external.js
qt.dfgerhd.top/XNe1nvsNQF/js/ |
85 KB 12 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
src_views_index_vue.js
qt.dfgerhd.top/XNe1nvsNQF/js/ |
281 KB 37 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
BgnVchebDR5Ds4h.png
images-cn.ssl-images-amazon.com/images/S/sash/ |
60 KB 61 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mm6OmirOcWIcIVK.png
images-cn.ssl-images-amazon.com/images/S/sash/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Amazon Japan (Online) Amazon (Online)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| rFpAcKp1WS object| webpackChunkamazonjp object| __VUE_HMR_RUNTIME__ object| __VUE_INSTANCE_SETTERS__ object| __VUE_SSR_SETTERS__ object| devtoolsFormatters boolean| __VUE_PROD_HYDRATION_MISMATCH_DETAILS__ boolean| __VUE__ object| __VUE_DEVTOOLS_HOOK_REPLAY__ object| __VUE_DEVTOOLS_PLUGINS__0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
666.gdsbjsj.com
api.ipregistry.co
idu.nhetdef.top
images-cn.ssl-images-amazon.com
qt.dfgerhd.top
206.238.70.111
2600:9000:2218:9e00:10:1731:ff49:ac01
2606:4700:3033::6815:19ea
2606:4700::6812:1baa
27961d6fac2f36d45ef0585a878fe89844a5024ece1f28c3c46961125b3bb19b
46336ec044c6d19ea9f1ae3415de903283ef805bdfdc4dcc9828b13dc18f061c
5ad2ea1ac285aacee78ec964213ff95cdeb6428d6fad55cbc0a7f9dc3437c9e9
90bb94c0ce692ce93aa73e0c7a0d3cfdaa123f9156274f8b9d76b354232467df
a75dd9dbb839047dff4d49527f40be3fb82dec9fee73cf3204569452bb89f6c1
bc811751855d24dc412fb2e7c67a26493f2ba6eead7c7853b98ff13dd5d9edb1
c5e829691be4103e8f645ee962bbc3de1ca51d083d147f1716fbf5d59f99c86a
d47ac008cf442468e1f708993ce275924cdcec09acf1a8455ac40238eda2d2e9
dc1d394954221bd4cdcf18e52101af9536b0b02fd8efcfa85020dd91f8bf95a9
de72f2817964b8c9b662ed3393f86cfb88e10d9efbdc8a025f34fa529c35b933
dfd3f3c73cd7bf548bcd5c0691a8dfb76b7f75eb5c3036f93e3c5806599e0506
e3bc2c8dbfd6edeb33b2d93ebbbbdf16e57eae6a8b57728f68bae065759bd694
f3a50736d823f0f6f6bae6afea074bbe8996d5822781e005696f1fb2883c1bce
f9171164593756e56fb197327b529a4955590566560dbe62d586bff41be9d297