er-66ynkm8b1v62rp95lek41r.karte-io-works.in
Open in
urlscan Pro
52.68.54.130
Malicious Activity!
Public Scan
Submission: On January 23 via manual from JP
Summary
TLS certificate: Issued by Amazon on March 14th 2019. Valid for: a year.
This is the only time er-66ynkm8b1v62rp95lek41r.karte-io-works.in was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: NTT Docomo (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 5 | 52.68.54.130 52.68.54.130 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 35.244.185.137 35.244.185.137 | 15169 (GOOGLE) (GOOGLE) | |
4 8 | 52.199.42.59 52.199.42.59 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a00:1450:400... 2a00:1450:4001:814::2008 | 15169 (GOOGLE) (GOOGLE) | |
2 | 49.102.154.13 49.102.154.13 | 9605 (DOCOMO NT...) (DOCOMO NTT DOCOMO) | |
1 | 2a00:1450:400... 2a00:1450:4001:815::200e | 15169 (GOOGLE) (GOOGLE) | |
10 | 6 |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-68-54-130.ap-northeast-1.compute.amazonaws.com
er-66ynkm8b1v62rp95lek41r.karte-io-works.in |
ASN15169 (GOOGLE, US)
PTR: 137.185.244.35.bc.googleusercontent.com
admin.karte.io |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-199-42-59.ap-northeast-1.compute.amazonaws.com
er-o26x994spg2my5l2xpnmtq.karte-io-works.in |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
karte-io-works.in
8 redirects
er-66ynkm8b1v62rp95lek41r.karte-io-works.in er-o26x994spg2my5l2xpnmtq.karte-io-works.in |
45 KB |
2 |
docomo.ne.jp
id.smt.docomo.ne.jp |
498 B |
1 |
google-analytics.com
www.google-analytics.com |
17 KB |
1 |
googletagmanager.com
www.googletagmanager.com |
33 KB |
1 |
karte.io
admin.karte.io |
607 KB |
10 | 5 |
Domain | Requested by | |
---|---|---|
8 | er-o26x994spg2my5l2xpnmtq.karte-io-works.in |
4 redirects
er-66ynkm8b1v62rp95lek41r.karte-io-works.in
|
5 | er-66ynkm8b1v62rp95lek41r.karte-io-works.in | 4 redirects |
2 | id.smt.docomo.ne.jp |
er-66ynkm8b1v62rp95lek41r.karte-io-works.in
|
1 | www.google-analytics.com |
www.googletagmanager.com
|
1 | www.googletagmanager.com |
er-66ynkm8b1v62rp95lek41r.karte-io-works.in
|
1 | admin.karte.io |
er-66ynkm8b1v62rp95lek41r.karte-io-works.in
|
10 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.karte-io-works.in Amazon |
2019-03-14 - 2020-04-14 |
a year | crt.sh |
*.karte.io GlobalSign RSA DV SSL CA 2018 |
2019-10-30 - 2021-12-22 |
2 years | crt.sh |
*.google-analytics.com GTS CA 1O1 |
2020-01-07 - 2020-03-31 |
3 months | crt.sh |
id.smt.docomo.ne.jp DigiCert SHA2 Secure Server CA |
2019-05-29 - 2020-09-30 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://er-66ynkm8b1v62rp95lek41r.karte-io-works.in/authx/cgi/baseauth
Frame ID: 716E0D7C378690E6ABD2D71CB4B6CBE9
Requests: 10 HTTP requests in this frame
Screenshot
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Google Tag Manager (Tag Managers) Expand
Detected patterns
- html /googletagmanager\.com\/ns\.html[^>]+><\/iframe>/i
- html /<!-- (?:End )?Google Tag Manager -->/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://er-66ynkm8b1v62rp95lek41r.karte-io-works.in/https://id.smt.docomo.ne.jp/css/auth_layout_v5_style.css HTTP 302
- https://er-o26x994spg2my5l2xpnmtq.karte-io-works.in/https://id.smt.docomo.ne.jp/css/auth_layout_v5_style.css HTTP 302
- https://er-o26x994spg2my5l2xpnmtq.karte-io-works.in/css/auth_layout_v5_style.css
- https://er-66ynkm8b1v62rp95lek41r.karte-io-works.in/https://id.smt.docomo.ne.jp/css/auth_layout_v5_pc.css HTTP 302
- https://er-o26x994spg2my5l2xpnmtq.karte-io-works.in/https://id.smt.docomo.ne.jp/css/auth_layout_v5_pc.css HTTP 302
- https://er-o26x994spg2my5l2xpnmtq.karte-io-works.in/css/auth_layout_v5_pc.css
- https://er-66ynkm8b1v62rp95lek41r.karte-io-works.in/https://id.smt.docomo.ne.jp/img/logo_header.png HTTP 302
- https://er-o26x994spg2my5l2xpnmtq.karte-io-works.in/https://id.smt.docomo.ne.jp/img/logo_header.png HTTP 302
- https://er-o26x994spg2my5l2xpnmtq.karte-io-works.in/img/logo_header.png
- https://er-66ynkm8b1v62rp95lek41r.karte-io-works.in/https://id.smt.docomo.ne.jp/img/footer_copyright.png HTTP 302
- https://er-o26x994spg2my5l2xpnmtq.karte-io-works.in/https://id.smt.docomo.ne.jp/img/footer_copyright.png HTTP 302
- https://er-o26x994spg2my5l2xpnmtq.karte-io-works.in/img/footer_copyright.png
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
baseauth
er-66ynkm8b1v62rp95lek41r.karte-io-works.in/authx/cgi/ |
5 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
build.js
admin.karte.io/libs/preview-inframe/ |
606 KB 607 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
auth_layout_v5_style.css
er-o26x994spg2my5l2xpnmtq.karte-io-works.in/css/ Redirect Chain
|
22 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
auth_layout_v5_pc.css
er-o26x994spg2my5l2xpnmtq.karte-io-works.in/css/ Redirect Chain
|
8 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_header.png
er-o26x994spg2my5l2xpnmtq.karte-io-works.in/img/ Redirect Chain
|
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footer_copyright.png
er-o26x994spg2my5l2xpnmtq.karte-io-works.in/img/ Redirect Chain
|
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ |
140 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg_spring.png
id.smt.docomo.ne.jp/img/ |
102 B 279 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
43 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
empty.gif
id.smt.docomo.ne.jp/img/ |
43 B 219 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: NTT Docomo (Telecommunication)21 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| __kartePreviewInframe function| ga boolean| __karte_loaded string| __karte_proxy_iframe_cookie object| simpleRemoteCallMethods boolean| isKartePreview object| tracker string| scrid string| err_code object| dataLayer object| google_tag_manager string| GoogleAnalyticsObject function| _auth_pv_ga object| _autha function| _authb object| google_tag_data object| gaplugins object| gaGlobal object| gaData0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | ALLOWALL |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
admin.karte.io
er-66ynkm8b1v62rp95lek41r.karte-io-works.in
er-o26x994spg2my5l2xpnmtq.karte-io-works.in
id.smt.docomo.ne.jp
www.google-analytics.com
www.googletagmanager.com
2a00:1450:4001:814::2008
2a00:1450:4001:815::200e
35.244.185.137
49.102.154.13
52.199.42.59
52.68.54.130
07a6ac45404fb1ded28738bdee779676b35411cbaa370547e2df2a7573338eb2
293b57cc384290eab34796b4a5be203a7de0bbd6c6bcfb9bc41596fe622b5ee9
32c934398cdbd10d2687530b9af604abcac2165d758340a3c9079782cbb4ae81
350f4d5bef39bf376d051c55cde14d8def0435a34f1cf5f3a5355fe0bc2cb356
5ee94193e7fa5debacb107ce62a50b56eb9afcba7de9268589a157c41c1efcce
6d7c7c99a14edc07ec0e38b016348eb19f7835957c56f847512c639cd34d69d2
84c1d9d8f3219c3909af3a025336f341b312b3f1edd5bfc3ab2a8c517c39c7f5
d27fb126f122a2a567a0eb0a6b9d32edc61ff441a3d99522f8bc989b297ecce3
db5d64a9ea32ed3abb874f295003ef2465cecc2f669efe951930e182c34a5013
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a