pothys-mycqsarcb.xyz
Open in
urlscan Pro
121.50.171.42
Malicious Activity!
Public Scan
Effective URL: https://pothys-mycqsarcb.xyz/
Submission: On November 26 via manual from JP
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on November 21st 2019. Valid for: 3 months.
This is the only time pothys-mycqsarcb.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: JCB (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 16 | 121.50.171.42 121.50.171.42 | 135544 (VTL-AS-AP...) (VTL-AS-AP Vanta Telecommunications Limited) | |
15 | 1 |
ASN135544 (VTL-AS-AP Vanta Telecommunications Limited, HK)
pothys-mycqsarcb.xyz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
pothys-mycqsarcb.xyz
1 redirects
pothys-mycqsarcb.xyz |
126 KB |
15 | 1 |
Domain | Requested by | |
---|---|---|
16 | pothys-mycqsarcb.xyz |
1 redirects
pothys-mycqsarcb.xyz
|
15 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.jcb.co.jp |
Subject Issuer | Validity | Valid | |
---|---|---|---|
pothys-mycqsarcb.xyz Let's Encrypt Authority X3 |
2019-11-21 - 2020-02-19 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://pothys-mycqsarcb.xyz/
Frame ID: D151AC7D8DC7B7674C94EA2FDCE4D9F5
Requests: 15 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://pothys-mycqsarcb.xyz/
HTTP 301
https://pothys-mycqsarcb.xyz/ Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: 詳しくはこちら
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://pothys-mycqsarcb.xyz/
HTTP 301
https://pothys-mycqsarcb.xyz/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
pothys-mycqsarcb.xyz/ Redirect Chain
|
13 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login.css
pothys-mycqsarcb.xyz/Sheets/ |
11 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
frame.css
pothys-mycqsarcb.xyz/Sheets/ |
31 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
global.js
pothys-mycqsarcb.xyz/Library/ |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.3.2.min.js
pothys-mycqsarcb.xyz/Library/ |
56 KB 22 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
master.js
pothys-mycqsarcb.xyz/Library/ |
828 B 1009 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
pothys-mycqsarcb.xyz/Library/ |
69 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rsa.js
pothys-mycqsarcb.xyz/Library/ |
36 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
pothys-mycqsarcb.xyz/Assets/img/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_blank.png
pothys-mycqsarcb.xyz/Assets/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
error-icon.png
pothys-mycqsarcb.xyz/Assets/img/ |
350 B 523 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_footer.png
pothys-mycqsarcb.xyz/Assets/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.min.js
pothys-mycqsarcb.xyz/Library/ |
85 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.cookie.js
pothys-mycqsarcb.xyz/Library/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
frame.js
pothys-mycqsarcb.xyz/Library/ |
31 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: JCB (Financial)77 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| focusNext function| focusTo function| openProhibitCharactersWindowJcb function| openProhibitCharactersWindowIy function| allDisable function| getCookie function| setCookie function| removeCookie object| RegAndroid object| RegiPhone function| isSmp function| isSpWidth function| getUrlParam function| getRedirectUrl function| getUrl function| removeSmpCookieForDomain function| removeSmpSessionCookie function| displaySmpLink function| setRwdFlag function| getIOSVersionNumber function| $ function| jQuery function| popup function| popup2 function| MM_openBrWindow function| setJcbTopCookie function| setMyJCookie function| Hashtable function| startsWith function| DomDataCollection function| IE_FingerPrint function| Mozilla_FingerPrint function| Opera_FingerPrint function| Timer function| getRandomPort object| ProxyCollector function| BlackberryLocationCollector function| detectFields string| SEP string| PAIR string| DEV function| FingerPrint function| urlEncode function| encode_deviceprint function| decode_deviceprint function| post_deviceprint function| post_fingerprints function| add_deviceprint function| form_add_data function| form_add_deviceprint string| HTML5 string| BLACKBERRY string| UNDEFINED string| GEO_LOCATION_DEFAULT_STRUCT object| geoLocator boolean| geoLocatorStatus function| detectDeviceCollectionAPIMode function| init function| startCollection function| stopCollection function| getGeolocationStruct function| HTML5LocationCollector object| UIEventCollector function| UIEvent function| InteractionElement function| UIElementList function| activeXDetect function| stripIllegalChars function| stripFullPath object| BrowserDetect function| convertTimestampToGMT function| getTimestampInMillis function| debug function| forceIE89Synchronicity function| checkForm0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
pothys-mycqsarcb.xyz
121.50.171.42
079ad8bcc01fc08b38e783b12d89d4629508d1e3ba8cafb9962030650f1a9b89
27a96a60418030e62d3b6ff174e3559b0aa47f99357334affdba7d9a684360ec
3840a7ff0d23710887d512dbd2d51d2ebe8746bdda8f549a4d3a4f8a04b06b75
41c9a7bc7a33f8b367ee44cc6422521c3b221b906ee1cb559060b6f28f4e095c
6034aa1a5202485c861be5b8b5664b920a6ba8e02f65bea1ba7419ad736145c1
793c2f3d02d0bc3ad8a2cdc901b2134159b66245e951ac258fee1ac8b2709f44
80adebc84b57ccb10f21a41231e22b5b051bbe66a81385536650b42e1fd2b50a
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8c0301b3dba5061632d7321cd8bb7bd527f48288d5cb15ff614ea0c1dcc1ad69
93b334e1a1d3b1f7ad60a247c93d72e8d3c03db8b81bc4c4184ad3a3d7ce5b62
9df4b2756fe8b1a67e3e82d7abd6a19643035eb0d57ec3a84eb671fd16a38bf3
c8370a2d050359e9d505acc411e6f457a49b21360a21e6cbc9229bad3a767899
e31442527b933ae1b5c67fea7b4e2f71ad41c7872707ee2c399fadf8f2c8997d
e7c36067725c1dc813cf4700514300c05f9752ac982a39900efc12f21bbe3b53
ee4b638e82cc1e08e1af398cd2bb1ef6533cee80bb338a3281d9ec5a832d675b