gtcycx.com
Open in
urlscan Pro
154.91.176.79
Malicious Activity!
Public Scan
Submission: On October 17 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by R10 on October 16th 2024. Valid for: 3 months.
This is the only time gtcycx.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: NTT Docomo (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 154.91.176.79 154.91.176.79 | 400619 (AROSS-AS) (AROSS-AS) | |
1 | 49.102.154.3 49.102.154.3 | 9605 (DOCOMO NT...) (DOCOMO NTT DOCOMO) | |
10 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
gtcycx.com
gtcycx.com |
396 KB |
1 |
docomo.ne.jp
cfg.smt.docomo.ne.jp |
|
10 | 2 |
Domain | Requested by | |
---|---|---|
9 | gtcycx.com |
gtcycx.com
|
1 | cfg.smt.docomo.ne.jp |
gtcycx.com
|
10 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
id.smt.docomo.ne.jp |
dpoint.onelink.me |
www.nttdocomo.co.jp |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.gtcycx.com R10 |
2024-10-16 - 2025-01-14 |
3 months | crt.sh |
cfg.smt.docomo.ne.jp DigiCert TLS RSA SHA256 2020 CA1 |
2024-09-05 - 2025-09-30 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://gtcycx.com/
Frame ID: 6B7239554D826C3F1180AAB6B6F85170
Requests: 12 HTTP requests in this frame
Frame:
https://cfg.smt.docomo.ne.jp/nnlappsdk-7.0.2/iframe.html
Frame ID: 49F35BACA2E64C0B4493050410FECEA2
Requests: 1 HTTP requests in this frame
9 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: IDをお忘れの方
Search URL Search Domain Scan URL
Title: dアカウントとは?
Search URL Search Domain Scan URL
Title: ご利用上の注意
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: 共用のパソコンやタブレットでの利用について
Search URL Search Domain Scan URL
Title: プライバシーポリシー
Search URL Search Domain Scan URL
Title: ご利用規約/ご注意事項
Search URL Search Domain Scan URL
Title: ご利用にあたって
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
gtcycx.com/ |
406 B 536 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chunk-vendors.3f1a91bb.js
gtcycx.com/static/js/ |
173 KB 175 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.2b8eb24d.js
gtcycx.com/static/js/ |
5 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
172.fae44055.js
gtcycx.com/static/js/ |
137 KB 138 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
717.12c11281.css
gtcycx.com/static/css/ |
26 KB 26 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
717.86a80b4d.js
gtcycx.com/static/js/ |
19 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
iframe.html
cfg.smt.docomo.ne.jp/nnlappsdk-7.0.2/ Frame 49F3 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pageServlet
gtcycx.com/api/ |
0 119 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
banner06.d570862c.jpg
gtcycx.com/static/img/ |
31 KB 31 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
102 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
gtcycx.com/ |
773 B 823 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: NTT Docomo (Telecommunication)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| webpackChunkcgi boolean| __VUE__1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
gtcycx.com/ | Name: JSESSIONID Value: F7009F366E6ACCAA0CE25FBDD78CCAB0 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cfg.smt.docomo.ne.jp
gtcycx.com
154.91.176.79
49.102.154.3
126adcd668df35cdc4e83948b880d7f15bc4e6a99ccd9af4a3e0aeb62287b3c6
293b57cc384290eab34796b4a5be203a7de0bbd6c6bcfb9bc41596fe622b5ee9
350f4d5bef39bf376d051c55cde14d8def0435a34f1cf5f3a5355fe0bc2cb356
63db3870b55faa8fae34c4a7168306a24df33f8838e920f22a8f6b47b8ebffa2
687b4426ef7e1103232a8fbd32cae8a85a512b021596718b9e7f1a732239773d
6b13b848fa311670dfb9fe7b1225c6ddc3ea3e844a0590b891904da861b65215
b20d8c37d103635f0b962f47137a7d4e4bbea09e2a51ed472c6ab96bd3dda376
c5b09f7e1258ba3ccce6988a8eb6a150aeb897397fd3d9ecf49780fd8e4ceafd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9c4d8032eb29dbb5beeec2755bc15e2da375fdf5e1c9045201a26c0e0a3f8fc
fea78ee53b3d3107b261b059386bd54508364621a0a216ed56874f0aebf0c70b
ff285d0fd3a5ddb5216fc5af9afeb023a6664a762b96be13a6da63f8045a3d7a