urlscan.io logo urlscan.io
SecurityTrails logo

visa-co.gq Open in urlscan Pro
104.244.72.174  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://visa-co.gq/
Effective URL: https://visa-co.gq/404.html
Submission Tags: #phishing @ap_zenmashi Search All
Submission: On August 13 via api from FI — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 9 HTTP transactions. The main IP is 104.244.72.174, located in Luxembourg, Luxembourg and belongs to PONYNET, US. The main domain is visa-co.gq.
TLS certificate: Issued by R3 on August 13th 2022. Valid for: 3 months.
This is the only time visa-co.gq was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: J:Com (Telecommunication)

Domain & IP information

IP Address AS Autonomous System
1 8 104.244.72.174 53667 (PONYNET)
2 2606:4700::68... 13335 (CLOUDFLAR...)
9 2
Apex Domain
Subdomains		 Transfer
8 visa-co.gq
visa-co.gq
44 KB
2 myjcom.jp
www.myjcom.jp
17 KB
9 2
Domain Requested by
8 visa-co.gq 1 redirects visa-co.gq
2 www.myjcom.jp visa-co.gq
www.myjcom.jp
9 2

This site contains no links.

Subject Issuer Validity Valid
www.visa-co.gq
R3		 2022-08-13 -
2022-11-11		 3 months crt.sh
*.myjcom.jp
GlobalSign RSA OV SSL CA 2018		 2021-08-23 -
2022-09-24		 a year crt.sh

This page contains 1 frames:

Primary Page: https://visa-co.gq/404.html
Frame ID: AD44525A733B0D803D7A980A3EA32316
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

ログインエラー | J:COMパーソナルID | ケーブルテレビ(CATV)のJ:COM

Page URL History Show full URLs

  1. https://visa-co.gq/ HTTP 302
    https://visa-co.gq/404.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

9
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

60 kB
Transfer

315 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://visa-co.gq/ HTTP 302
    https://visa-co.gq/404.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 404.html
visa-co.gq/
Redirect Chain
  • https://visa-co.gq/
  • https://visa-co.gq/404.html
33 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://visa-co.gq/404.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.244.72.174 Luxembourg, Luxembourg, ASN53667 (PONYNET, US),
Reverse DNS
Software
Apache /
Resource Hash
a75166e2a18ac293f1aefd8531e7d3eaf693d2c79248019286c7fc9c0cf08223

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
11018
content-type
text/html
date
Sat, 13 Aug 2022 16:01:02 GMT
etag
"8464-5e62180b26c03-gzip"
last-modified
Sat, 13 Aug 2022 16:00:51 GMT
server
Apache
vary
Accept-Encoding

Redirect headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-length
6813
content-type
text/html; charset=UTF-8
date
Sat, 13 Aug 2022 16:01:02 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
404.html
pragma
no-cache
server
Apache
vary
Accept-Encoding
font-awesome.css
visa-co.gq/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://visa-co.gq/css/font-awesome.css
Requested by
Host: visa-co.gq
URL: https://visa-co.gq/404.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.244.72.174 Luxembourg, Luxembourg, ASN53667 (PONYNET, US),
Reverse DNS
Software
Apache /
Resource Hash
452734cb367c3b08ce93d514beffc5c94e2fbc1ce96e3dbfd748d923679fc336

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://visa-co.gq/404.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Sat, 13 Aug 2022 16:01:02 GMT
content-encoding
gzip
last-modified
Mon, 21 Mar 2022 08:18:40 GMT
server
Apache
etag
"78fd-5dab624cef800-gzip"
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
7041
bootstrap-dialog.min.css
visa-co.gq/css/ 		2 KB
537 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://visa-co.gq/css/bootstrap-dialog.min.css
Requested by
Host: visa-co.gq
URL: https://visa-co.gq/404.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.244.72.174 Luxembourg, Luxembourg, ASN53667 (PONYNET, US),
Reverse DNS
Software
Apache /
Resource Hash
c2cb5333517974e7fb7209e5447216ddb9a844000687a8cbeed308bea4ee1591

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://visa-co.gq/404.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Sat, 13 Aug 2022 16:01:02 GMT
content-encoding
gzip
last-modified
Mon, 21 Mar 2022 08:18:40 GMT
server
Apache
etag
"72d-5dab624cef800-gzip"
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
483
bootstrap.min.css
visa-co.gq/css/ 		119 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://visa-co.gq/css/bootstrap.min.css
Requested by
Host: visa-co.gq
URL: https://visa-co.gq/404.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.244.72.174 Luxembourg, Luxembourg, ASN53667 (PONYNET, US),
Reverse DNS
Software
Apache /
Resource Hash
c28eb8900abce3c478234e62390838556d839c10b7073b2ba42bcbae20d6e2fc

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://visa-co.gq/404.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Sat, 13 Aug 2022 16:01:02 GMT
content-encoding
gzip
last-modified
Mon, 21 Mar 2022 08:18:40 GMT
server
Apache
etag
"1da44-5dab624cef800-gzip"
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
19697
animate.css
visa-co.gq/css/ 		71 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://visa-co.gq/css/animate.css
Requested by
Host: visa-co.gq
URL: https://visa-co.gq/404.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.244.72.174 Luxembourg, Luxembourg, ASN53667 (PONYNET, US),
Reverse DNS
Software
Apache /
Resource Hash
d34c3af0d3b74cbb878ca4472668ebae02410ed1bfe8e85b244bb582d1dcb2ea

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://visa-co.gq/404.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Sat, 13 Aug 2022 16:01:02 GMT
content-encoding
gzip
last-modified
Mon, 21 Mar 2022 08:18:40 GMT
server
Apache
etag
"11a43-5dab624cef800-gzip"
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
4430
com_logo_01.png
visa-co.gq/img/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://visa-co.gq/img/com_logo_01.png
Requested by
Host: visa-co.gq
URL: https://visa-co.gq/404.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.244.72.174 Luxembourg, Luxembourg, ASN53667 (PONYNET, US),
Reverse DNS
Software
Apache /
Resource Hash
44228825e6c6f97a874fc9ae07a276ae1108194907b9b80a5dd22a389e7591d5

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://visa-co.gq/404.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Sat, 13 Aug 2022 16:01:03 GMT
last-modified
Fri, 15 Apr 2022 11:58:29 GMT
server
Apache
accept-ranges
bytes
etag
"4a2-5dcb020f78340"
content-length
1186
content-type
image/png
s_code_utf-8.js
www.myjcom.jp/library/common/js/ 		278 B
583 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.myjcom.jp/library/common/js/s_code_utf-8.js
Requested by
Host: visa-co.gq
URL: https://visa-co.gq/404.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:df66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
85304710350e256ed07f0419e5ba8d756afb2b16cd4e5ba9d69885c33316ce94
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://visa-co.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Sat, 13 Aug 2022 16:01:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
MISS
vary
X-FORWARDED-FOR,Accept-Encoding
content-length
216
x-xss-protection
1; mode=block
last-modified
Wed, 14 Aug 2019 01:27:36 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
application/javascript
cache-control
max-age=300, must-revalidate
accept-ranges
bytes
cf-ray
73a2aacf8f7a95fa-ARN
login_ic04.png
visa-co.gq/img/ 		257 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://visa-co.gq/img/login_ic04.png
Requested by
Host: visa-co.gq
URL: https://visa-co.gq/404.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.244.72.174 Luxembourg, Luxembourg, ASN53667 (PONYNET, US),
Reverse DNS
Software
Apache /
Resource Hash
ba87bc26c1d469a27e6affee34adf8548127fea774614f9444899ad0a1093d5a

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://visa-co.gq/404.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Sat, 13 Aug 2022 16:01:03 GMT
server
Apache
content-length
257
content-type
text/html; charset=iso-8859-1
s_code_utf-8.js
www.myjcom.jp/common/js/ 		60 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.myjcom.jp/common/js/s_code_utf-8.js
Requested by
Host: www.myjcom.jp
URL: https://www.myjcom.jp/library/common/js/s_code_utf-8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:df66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd7ea625bcf50bc8ed67a680a298adfb6fce28e69c387571fa59399be17d032c
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://visa-co.gq/
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Sat, 13 Aug 2022 16:01:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
last-modified
Thu, 25 Nov 2021 00:52:52 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
SAMEORIGIN
content-type
text/javascript
strict-transport-security
max-age=604800
accept-ranges
bytes
cf-ray
73a2aad6c95095fa-ARN
vary
X-FORWARDED-FOR,Accept-Encoding
content-length
16250
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: J:Com (Telecommunication)

41 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation string| libraMessageType string| libraMessageText string| jsPath string| jsHostname function| ext_link function| s_getFromTo function| s_set_adnavi function| searchArray function| clickCount function| cs_support function| login_pagename function| cs_no_reason function| sc_getStartPage function| sc_remoteRec function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq string| s_code_version string| hostName string| domainList string| s_account boolean| internalSupportSiteFlag boolean| jplusSiteFlag boolean| jplusSiteFlag_dev object| _sc object| s boolean| sc_doplugin_once function| onYouTubeIframeAPIReady function| onPlayerReady function| onPlayerStateChange number| s_objectID undefined| s_code

1 Cookies

Domain/Path Name / Value
visa-co.gq/ Name: PHPSESSID
Value: 6o3rvbmrgnvf2cr028fgo3s72p

3 Console Messages

Source Level URL
Text
network error URL: https://visa-co.gq/img/login_ic04.png
Message:
Failed to load resource: the server responded with a status of 404 ()
javascript warning URL: https://www.myjcom.jp/library/common/js/s_code_utf-8.js(Line 3)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.myjcom.jp/common/js/s_code_utf-8.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://www.myjcom.jp/library/common/js/s_code_utf-8.js(Line 3)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.myjcom.jp/common/js/s_code_utf-8.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.