l1uh3wapfcm3mqyp8t2.stroyfasa.com
Open in
urlscan Pro
172.67.173.225
Malicious Activity!
Public Scan
Effective URL: https://l1uh3wapfcm3mqyp8t2.stroyfasa.com/login
Submission: On October 01 via api from US — Scanned from JP
Summary
TLS certificate: Issued by WE1 on September 22nd 2024. Valid for: 3 months.
This is the only time l1uh3wapfcm3mqyp8t2.stroyfasa.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: AEON Group (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 22 | 172.67.173.225 172.67.173.225 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 2404:6800:400... 2404:6800:400a:80e::2008 | 15169 (GOOGLE) (GOOGLE) | |
1 | 124.83.185.124 124.83.185.124 | 24572 (YAHOO-JP-...) (YAHOO-JP-AS-AP Yahoo Japan) | |
1 | 172.217.25.164 172.217.25.164 | 15169 (GOOGLE) (GOOGLE) | |
26 | 5 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
stroyfasa.com
1 redirects
l1uh3wapfcm3mqyp8t2.stroyfasa.com |
442 KB |
3 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 57 |
310 KB |
1 |
google.com
www.google.com — Cisco Umbrella Rank: 3 |
|
1 |
yimg.jp
s.yimg.jp — Cisco Umbrella Rank: 7948 |
11 KB |
26 | 4 |
Domain | Requested by | |
---|---|---|
22 | l1uh3wapfcm3mqyp8t2.stroyfasa.com |
1 redirects
l1uh3wapfcm3mqyp8t2.stroyfasa.com
|
3 | www.googletagmanager.com |
l1uh3wapfcm3mqyp8t2.stroyfasa.com
|
1 | www.google.com |
www.googletagmanager.com
|
1 | s.yimg.jp |
l1uh3wapfcm3mqyp8t2.stroyfasa.com
|
26 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
aeonapp-faq.aeon.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
stroyfasa.com WE1 |
2024-09-22 - 2024-12-21 |
3 months | crt.sh |
*.google-analytics.com WR2 |
2024-08-26 - 2024-11-18 |
3 months | crt.sh |
edge01.yahoo.co.jp Cybertrust Japan SureServer CA G4 |
2024-09-20 - 2025-10-19 |
a year | crt.sh |
*.google.com WR2 |
2024-08-26 - 2024-11-18 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://l1uh3wapfcm3mqyp8t2.stroyfasa.com/login
Frame ID: DF6164023DDFBAC4AAE26E67CE76DC3C
Requests: 29 HTTP requests in this frame
Screenshot
Page Title
ログイントップ画面Page URL History Show full URLs
-
https://l1uh3wapfcm3mqyp8t2.stroyfasa.com/
HTTP 302
https://l1uh3wapfcm3mqyp8t2.stroyfasa.com/login Page URL
Detected technologies
Nuxt.js (JavaScript Frameworks) ExpandDetected patterns
- /_nuxt/
Vue.js (JavaScript Frameworks) Expand
Detected patterns
- <[^>]+\sdata-v(?:ue)?-
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtm\.js
- googletagmanager\.com/gtag/js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: お問い合わせ
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://l1uh3wapfcm3mqyp8t2.stroyfasa.com/
HTTP 302
https://l1uh3wapfcm3mqyp8t2.stroyfasa.com/login Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
login
l1uh3wapfcm3mqyp8t2.stroyfasa.com/ Redirect Chain
|
198 KB 30 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
speculation
l1uh3wapfcm3mqyp8t2.stroyfasa.com/cdn-cgi/ |
128 B 578 B |
Other
application/speculationrules+json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
309 KB 103 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
305 KB 102 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ytag.js
s.yimg.jp/images/listing/tool/cv/ |
32 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ |
301 KB 104 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
index.js
l1uh3wapfcm3mqyp8t2.stroyfasa.com/_nuxt/ |
11 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
common.css
l1uh3wapfcm3mqyp8t2.stroyfasa.com/aeon/login_files/ |
403 KB 60 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery-3.6.3.min.js
l1uh3wapfcm3mqyp8t2.stroyfasa.com/aeon/login_files/ |
88 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
6084733.js
l1uh3wapfcm3mqyp8t2.stroyfasa.com/_nuxt/ |
4 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bce2e89.js
l1uh3wapfcm3mqyp8t2.stroyfasa.com/_nuxt/ |
223 KB 79 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
46fcfd8.js
l1uh3wapfcm3mqyp8t2.stroyfasa.com/_nuxt/ |
582 KB 171 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
08f16a4.js
l1uh3wapfcm3mqyp8t2.stroyfasa.com/_nuxt/ |
32 KB 8 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ac597fb.js
l1uh3wapfcm3mqyp8t2.stroyfasa.com/_nuxt/ |
40 KB 9 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
6a0b565.js
l1uh3wapfcm3mqyp8t2.stroyfasa.com/_nuxt/ |
31 KB 13 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
f8c59da.js
l1uh3wapfcm3mqyp8t2.stroyfasa.com/_nuxt/ |
23 KB 8 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
0ebc84a.js
l1uh3wapfcm3mqyp8t2.stroyfasa.com/_nuxt/ |
99 KB 15 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
e82756e.js
l1uh3wapfcm3mqyp8t2.stroyfasa.com/_nuxt/ |
20 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
state.js
l1uh3wapfcm3mqyp8t2.stroyfasa.com/_nuxt/static/1719332117/auth/login/ |
281 B 698 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
payload.js
l1uh3wapfcm3mqyp8t2.stroyfasa.com/_nuxt/static/1719332117/auth/login/ |
69 B 557 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
manifest.js
l1uh3wapfcm3mqyp8t2.stroyfasa.com/_nuxt/static/1719332117/ |
2 KB 992 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo.fcda165.svg
l1uh3wapfcm3mqyp8t2.stroyfasa.com/_nuxt/img/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
gantanhao.png
l1uh3wapfcm3mqyp8t2.stroyfasa.com/_nuxt/img/ |
781 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
887 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
859 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
iAEON.3c2b3e4.svg
l1uh3wapfcm3mqyp8t2.stroyfasa.com/_nuxt/img/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
981 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
collect
www.google.com/ccm/ |
0 0 |
Ping
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
l1uh3wapfcm3mqyp8t2.stroyfasa.com/ |
5 KB 2 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: AEON Group (Financial)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| dataLayer number| _gtm_init object| _gtm_ids function| _gtm_inject object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady function| $ function| jQuery function| obtainstatus function| obtainstatus1 function| BeginLogin function| BeginLogin1 function| tosignup object| yjDataLayer object| ytagapi2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
l1uh3wapfcm3mqyp8t2.stroyfasa.com/ | Name: PHPSESSID Value: 4a5a277cba80fbccefd57f62cbdc1c8f |
|
.stroyfasa.com/ | Name: _gcl_au Value: 1.1.1112794488.1727746953 |
12 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
l1uh3wapfcm3mqyp8t2.stroyfasa.com
s.yimg.jp
www.google.com
www.googletagmanager.com
124.83.185.124
172.217.25.164
172.67.173.225
2404:6800:400a:80e::2008
06662df14941dcf91bc8443422528f91931a55e21d4e3b176ac80b7b6339ac50
09e35d1fe80c63114baeb81a90c6e758a542fa7a18b035f9ec468b42ef645f7c
0bb8e7d5b47a51c8f2e85227fa67b5a859992852735482548112f082c1955561
11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d
14c25bfeb3cc1c6c35caed64957232c509b01ad7b099583be8ec5e09f11ae9c3
21216272500bef46d993ee49edad803f2ef705dccfd175a8fbffb5f9900deb18
24f7ca12953e6d47a03892b9dd0a2ea70722240aff34df3c8ec82a557961e64b
3bfb94998d97e8c80f3c0ab6b6d515b5e612eb12070d2755715e066865856ba9
3eb0d58d94d5f2ad329ddd5e08666d478cd67ed83d36d43a39215550ab1172c4
412b99dcd60aa0ea2dc16bb85cf5b4ad1ab078fbc1d805cfa9e9ada05c5533ae
49d04a51c72080a319515ea91c732b0a2c3a939fd1c2e5c557369125c8fc0678
58b74217584b5853bf3723c0ffb9557d681d15d1b8b45c9c9d1a0d0d55d7bd77
5d55082d6d9806ed5772ddd2ba8b9ca0460164991599bd8d7447309e751f1605
6cbe0501c5db065e63a76ce9f376cbed59e4a1ed113c1e0fdf7d42b4debc8cf5
7551fd8b9635f140fba9af078f849372344736d64625d46d4c1317856a6ad3f0
75888f223ca12e729c15aa4e008c075710d98fcacb3ecb96bc54913017f0c19b
928cfcb447dc50dc84d5c8a2e2f7cefc18c858e350b21c12705aa0744543273d
9b18933b256f43702d8740a6e336dc18751ef88690cc625312ebc4bdf01f3994
a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575
af89a28d79df36d5bb7c609963c817e169e81942219d50c901d7ac70d55be19f
b7de01162f184044a1a8bf33a26cb5083b181d40af36eebc1507e1bd7264a89f
c2b5071614458369c62e92b82b48fab0767a5443e87c9a10631993f904c645f3
d357d70f74a510bf5ff886f94a084f1563fdafbbd783f43f46ed02e9f98a4752
e0767bf5e88a73adc611b8e586033ae281232f837466ef813e0a58a4394e0711
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4e9a5dafc88d4956336771c7f64d560006228c269b1ee7425528004eccad480
e9c1ba5021ee333b02a94adfeb21320785ac19ebdd223126e9d6a26139d11f01
f0fb5c0e19baa5935b8e2de7778847847d7379b8943358c584508e1779e93f5b
faa3e3dda438c6d861dd2b0ffd95d135c5638fc51d8c982286aa48a87a0eabf0