xthjdc.cn
Open in
urlscan Pro
43.153.176.66
Malicious Activity!
Public Scan
Effective URL: https://xthjdc.cn/login.php
Submission Tags: falconsandbox
Submission: On July 10 via api from US — Scanned from JP
Summary
TLS certificate: Issued by R3 on July 9th 2023. Valid for: 3 months.
This is the only time xthjdc.cn was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Yamato Transport (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 8 | 43.153.176.66 43.153.176.66 | 132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building) | |
8 | 23.43.249.73 23.43.249.73 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 119.188.86.194 119.188.86.194 | 4837 (CHINA169-...) (CHINA169-BACKBONE CHINA UNICOM China169 Backbone) | |
1 | 2404:6800:400... 2404:6800:4004:820::2003 | 15169 (GOOGLE) (GOOGLE) | |
17 | 4 |
ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)
xthjdc.cn |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-43-249-73.deploy.static.akamaitechnologies.com
auth.kms.kuronekoyamato.co.jp |
ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN)
cdn.bootcdn.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
kuronekoyamato.co.jp
auth.kms.kuronekoyamato.co.jp |
35 KB |
8 |
xthjdc.cn
1 redirects
xthjdc.cn |
129 KB |
1 |
gstatic.com
www.gstatic.com |
5 KB |
1 |
bootcdn.net
cdn.bootcdn.net — Cisco Umbrella Rank: 89986 |
4 KB |
17 | 4 |
Domain | Requested by | |
---|---|---|
8 | auth.kms.kuronekoyamato.co.jp |
xthjdc.cn
auth.kms.kuronekoyamato.co.jp |
8 | xthjdc.cn |
1 redirects
xthjdc.cn
|
1 | www.gstatic.com |
xthjdc.cn
|
1 | cdn.bootcdn.net |
xthjdc.cn
|
17 | 4 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
hengxinkj.cn R3 |
2023-07-09 - 2023-10-07 |
3 months | crt.sh |
*.kms.kuronekoyamato.co.jp DigiCert TLS RSA SHA256 2020 CA1 |
2023-03-01 - 2024-03-03 |
a year | crt.sh |
cdn.bootcdn.net R3 |
2023-05-31 - 2023-08-29 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-06-19 - 2023-09-11 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://xthjdc.cn/login.php
Frame ID: 69E8CF88B5B7B4F861E71454E1DDB8F8
Requests: 17 HTTP requests in this frame
Screenshot
Page Title
ログイン | クロネコメンバーズPage URL History Show full URLs
-
https://xthjdc.cn/
HTTP 302
https://xthjdc.cn/login.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
23 Outgoing links
These are links going to different origins than the main page.
Title: 再配達依頼
Search URL Search Domain Scan URL
Title: Myカレンダーサービス
Search URL Search Domain Scan URL
Title: お届け予定通知
Search URL Search Domain Scan URL
Title: ご不在連絡通知
Search URL Search Domain Scan URL
Title: 宅急便をスマホで送る
Search URL Search Domain Scan URL
Title: 集荷申し込み
Search URL Search Domain Scan URL
Title: 宅配ロッカー発送サービス
Search URL Search Domain Scan URL
Title: 自宅で送り状発行
Search URL Search Domain Scan URL
Title: らくらく送り状発行サービス
Search URL Search Domain Scan URL
Title: お届け完了通知
Search URL Search Domain Scan URL
Title: 梱包材の購入
Search URL Search Domain Scan URL
Title: お届け先アドレス帳
Search URL Search Domain Scan URL
Title: ご依頼主アドレス帳
Search URL Search Domain Scan URL
Title: 保険
Search URL Search Domain Scan URL
Title: 見守りサービス
Search URL Search Domain Scan URL
Title: にゃんPay
Search URL Search Domain Scan URL
Title: 転居転送サービス
Search URL Search Domain Scan URL
Title: 料金・お届け予定日
Search URL Search Domain Scan URL
Title: 営業所・取扱店の情報
Search URL Search Domain Scan URL
Title: 担当店・担当ドライバー
Search URL Search Domain Scan URL
Title: プロフィール
Search URL Search Domain Scan URL
Title: 他社ID連携
Search URL Search Domain Scan URL
Title: ホーム
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://xthjdc.cn/
HTTP 302
https://xthjdc.cn/login.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
login.php
xthjdc.cn/ Redirect Chain
|
28 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.d9ce12f3.chunk.css
auth.kms.kuronekoyamato.co.jp/auth/static/css/ |
227 KB 28 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
13.02d0eae0.chunk.css
auth.kms.kuronekoyamato.co.jp/auth/static/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3.12cb700a.chunk.css
auth.kms.kuronekoyamato.co.jp/auth/static/css/ |
507 B 654 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
14.8e59e16a.chunk.css
auth.kms.kuronekoyamato.co.jp/auth/static/css/ |
1 KB 862 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
22.92265196.chunk.css
auth.kms.kuronekoyamato.co.jp/auth/static/css/ |
58 B 444 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
12.95bfae83.chunk.css
auth.kms.kuronekoyamato.co.jp/auth/static/css/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
site-jquery.min.js
xthjdc.cn/admin/im/ |
91 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
layui.js
xthjdc.cn/admin/im/ |
284 KB 92 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
layer.min.css
cdn.bootcdn.net/ajax/libs/layer/3.5.1/theme/default/ |
13 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m=el_main_css
www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.69JJaQ5G5xA.L.W.O/d=0/rs=AN8SPfpC36MIoWPngdVwZ4RUzeJYZaC7rg/ |
25 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-group.1072426d.svg
auth.kms.kuronekoyamato.co.jp/auth/static/media/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
laydate.css
xthjdc.cn/admin/im/css/modules/laydate/default/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
layer.css
xthjdc.cn/admin/im/css/modules/layer/default/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
code.css
xthjdc.cn/admin/im/css/modules/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.php
xthjdc.cn/ |
13 B 107 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-checkbox.10bb486a.svg
auth.kms.kuronekoyamato.co.jp/auth/static/media/ |
235 B 575 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Yamato Transport (Transportation)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend function| $ function| jQuery object| layui function| lay number| errors object| layer object| jQuery110103641010055561218 object| mask object| timer object| hb_timer function| heart_beat function| ip_save function| verify1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
xthjdc.cn/ | Name: PHPSESSID Value: fpqa9tcv89j9tnaqq9d4d4rc11 |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
auth.kms.kuronekoyamato.co.jp
cdn.bootcdn.net
www.gstatic.com
xthjdc.cn
119.188.86.194
23.43.249.73
2404:6800:4004:820::2003
43.153.176.66
09c8ae6b88b285be2b79182868239ee5cbe2bcb81db04085980d0c93710f71bb
1ebd8c829000cedeb406fed7213e8891ca0358ef5258fb1c5d0475d4603a895e
26dde8e017d2839076f26e77aee53c91f526ea3ebe4f6b9daa17d8d7b1288351
3f43fccc6dee7b18556b539da76e82d26e7d7c1401cb3c0baad75e4b89295878
5994332aadd364a7350ad226ef61c1c75dc97372f739e01682e190be3abaf672
7db470720bc87269e9bf81c2da2649d4f59d54eb54ca5ed4547855758d6688a0
960d150b0b1407720668ff7a035df3e496b18216ffd9e0be0f6778d3fd763e61
a531913b92863a94f364f68cc584f764038e85094b5ce67939eb1bdeed80bea0
aa3d21398252adb9f16b5208884b4da22eec9f2019a0139b114a61f178396794
bb5ef8b752297cdfb9d693164697a0b40c001213f188512582a39e3f4183e30c
bbfe1536a99000acceb61f549aa59354cc596efc9f10d3843aab6b273f5adb1e
f552a445e6d3f9180c8f648e9287c74d2d24a9e865dd5e7385d5c1d5ae700814
f62b06e7eb5a5bcf2b488e84ddbdf094463348f17d971f7606838864000eee5b
f99199228144a11b7adda7dad83f11c366ecb6f530ba8a352fb155bc0e58fc0e