auidsevemyadmin.ml - urlscan.io

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 5 HTTP transactions. The main IP is 5.188.38.199, located in Khabarovsk, Russian Federation and belongs to GHOST, LU. The main domain is auidsevemyadmin.ml.

This is the only time auidsevemyadmin.ml was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: au ID (Telecommunication)

Domain & IP information

	IP Address		AS Autonomous System
1 6	5.188.38.199 5.188.38.199		202422 (GHOST) (GHOST)
5	1

6 5.188.38.199 (Khabarovsk, Russian Federation) 1 redirects

ASN202422 (GHOST, LU)
PTR: a42475207.example.com

auidsevemyadmin.ml	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	auidsevemyadmin.ml 1 redirects auidsevemyadmin.ml	133 KB
5	1

	Domain	Requested by
6	auidsevemyadmin.ml	1 redirects auidsevemyadmin.ml
5	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://auidsevemyadmin.ml/pc/index.php
Frame ID: FB33CD0CDB705B1415EBA4F3CBD6167A
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

au IDログイン

Page URL History Show full URLs

http://auidsevemyadmin.ml/ HTTP 302
http://auidsevemyadmin.ml/pc/index.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

5
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

133 kB
Transfer

336 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://auidsevemyadmin.ml/ HTTP 302
http://auidsevemyadmin.ml/pc/index.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request index.php Show response auidsevemyadmin.ml/pc/ Redirect Chain http://auidsevemyadmin.ml/ http://auidsevemyadmin.ml/pc/index.php	10 KB 4 KB	640ms 639ms	Document text/html	5.188.38.199 GHOST
General Check archive.org Show headers Download Go to Full URL http://auidsevemyadmin.ml/pc/index.php Protocol HTTP/1.1 Server 5.188.38.199 Khabarovsk, Russian Federation, ASN202422 (GHOST, LU), Reverse DNS a42475207.example.com Software nginx / Resource Hash `c4178d82a0206400fccfe06f680e79f8e16966bd0ed3424ec33d3d6f088e8c7f` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Response headers Server nginx Date Tue, 28 Dec 2021 12:08:05 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Vary Accept-Encoding Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Content-Encoding gzip Redirect headers Server nginx Date Tue, 28 Dec 2021 12:08:05 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Location ./pc/index.php
GET H/1.1	200 OK	idk.css auidsevemyadmin.ml/pc/css/	43 KB 11 KB	97ms 97ms	Stylesheet text/css	5.188.38.199 GHOST
General Check archive.org Show headers Download Go to Full URL http://auidsevemyadmin.ml/pc/css/idk.css Requested by Host: auidsevemyadmin.ml URL: http://auidsevemyadmin.ml/pc/index.php Protocol HTTP/1.1 Server 5.188.38.199 Khabarovsk, Russian Federation, ASN202422 (GHOST, LU), Reverse DNS a42475207.example.com Software nginx / Resource Hash `6e24853bd77e76a9aa22a6862ba42237a971dfd53c2d8a7fb9c82e6090961465` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://auidsevemyadmin.ml/pc/index.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers Date Tue, 28 Dec 2021 12:08:05 GMT Content-Encoding gzip Last-Modified Mon, 06 Sep 2021 02:32:48 GMT Server nginx ETag W/"61357dd0-ab84" Vary Accept-Encoding Content-Type text/css Cache-Control max-age=43200 Transfer-Encoding chunked Connection keep-alive Expires Wed, 29 Dec 2021 00:08:05 GMT
GET H/1.1	200 OK	checkboxRadio.css auidsevemyadmin.ml/pc/css/	4 KB 1 KB	220ms 219ms	Stylesheet text/css	5.188.38.199 GHOST
General Check archive.org Show headers Download Go to Full URL http://auidsevemyadmin.ml/pc/css/checkboxRadio.css Requested by Host: auidsevemyadmin.ml URL: http://auidsevemyadmin.ml/pc/index.php Protocol HTTP/1.1 Server 5.188.38.199 Khabarovsk, Russian Federation, ASN202422 (GHOST, LU), Reverse DNS a42475207.example.com Software nginx / Resource Hash `3161eb2799583d9009881d3d9e669044f2afc39ad040db4ab4b8254a03e6fe6b` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://auidsevemyadmin.ml/pc/index.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers Date Tue, 28 Dec 2021 12:08:06 GMT Content-Encoding gzip Last-Modified Mon, 06 Sep 2021 02:32:48 GMT Server nginx ETag W/"61357dd0-ea4" Vary Accept-Encoding Content-Type text/css Cache-Control max-age=43200 Transfer-Encoding chunked Connection keep-alive Expires Wed, 29 Dec 2021 00:08:06 GMT
GET H/1.1	200 OK	au_id.jpg auidsevemyadmin.ml/pc/image/	34 KB 34 KB	222ms 221ms	Image image/jpeg	5.188.38.199 GHOST
General Check archive.org Show headers Download Go to Show image Full URL http://auidsevemyadmin.ml/pc/image/au_id.jpg Requested by Host: auidsevemyadmin.ml URL: http://auidsevemyadmin.ml/pc/index.php Protocol HTTP/1.1 Server 5.188.38.199 Khabarovsk, Russian Federation, ASN202422 (GHOST, LU), Reverse DNS a42475207.example.com Software nginx / Resource Hash `1ec5abc3e4e21e84224089afccec3c1677323ec02fe04f2bbf6083a9b9d3fc2d` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://auidsevemyadmin.ml/pc/index.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers Date Tue, 28 Dec 2021 12:08:06 GMT Last-Modified Mon, 06 Sep 2021 02:33:20 GMT Server nginx ETag "61357df0-87da" Content-Type image/jpeg Cache-Control max-age=2592000 Connection keep-alive Accept-Ranges bytes Content-Length 34778 Expires Thu, 27 Jan 2022 12:08:06 GMT
GET H/1.1	200 OK	jquery-2.0.3.js Show response auidsevemyadmin.ml/pc/js/	245 KB 83 KB	563ms 563ms	Script application/javascript	5.188.38.199 GHOST
General Check archive.org Show headers Download Go to Full URL http://auidsevemyadmin.ml/pc/js/jquery-2.0.3.js Requested by Host: auidsevemyadmin.ml URL: http://auidsevemyadmin.ml/pc/index.php Protocol HTTP/1.1 Server 5.188.38.199 Khabarovsk, Russian Federation, ASN202422 (GHOST, LU), Reverse DNS a42475207.example.com Software nginx / Resource Hash `cbb66f73861ac5aef51bac8f1d2d66676a1650fc5fe828cd3b98fc61a68c89cf` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://auidsevemyadmin.ml/pc/index.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers Date Tue, 28 Dec 2021 12:08:06 GMT Content-Encoding gzip Last-Modified Sun, 18 Jul 2021 05:04:04 GMT Server nginx ETag W/"60f3b644-3d45b" Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=43200 Transfer-Encoding chunked Connection keep-alive Expires Wed, 29 Dec 2021 00:08:06 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: au ID (Telecommunication)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			auidsevemyadmin.ml/	1969-12-31 23:59:59	Name: PHPSESSID Value: 3hgocma1ate6d0hn4a0942h3m1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

auidsevemyadmin.ml
5.188.38.199
1ec5abc3e4e21e84224089afccec3c1677323ec02fe04f2bbf6083a9b9d3fc2d
3161eb2799583d9009881d3d9e669044f2afc39ad040db4ab4b8254a03e6fe6b
6e24853bd77e76a9aa22a6862ba42237a971dfd53c2d8a7fb9c82e6090961465
c4178d82a0206400fccfe06f680e79f8e16966bd0ed3424ec33d3d6f088e8c7f
cbb66f73861ac5aef51bac8f1d2d66676a1650fc5fe828cd3b98fc61a68c89cf

auidsevemyadmin.ml Open in urlscan Pro 5.188.38.199 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

5 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

133 kBTransfer

336 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

1 Cookies

Indicators

auidsevemyadmin.ml Open in urlscan Pro
5.188.38.199 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

133 kB
Transfer

336 kB
Size

1
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!