8jq1i.cn
Open in
urlscan Pro
23.249.22.242
Malicious Activity!
Public Scan
Effective URL: https://8jq1i.cn/?irPXZBBkISDMHD
Submission: On February 24 via manual from JP
Summary
TLS certificate: Issued by R3 on February 22nd 2021. Valid for: 3 months.
This is the only time 8jq1i.cn was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Rakuten (E-commerce)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 52.204.90.22 52.204.90.22 | 14618 (AMAZON-AES) (AMAZON-AES) | |
17 | 23.249.22.242 23.249.22.242 | 21859 (ZNET) (ZNET) | |
17 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
8jq1i.cn
8jq1i.cn |
124 KB |
1 |
urldefense.com
1 redirects
urldefense.com |
134 B |
17 | 2 |
Domain | Requested by | |
---|---|---|
17 | 8jq1i.cn |
8jq1i.cn
|
1 | urldefense.com | 1 redirects |
17 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
fnykk.cn R3 |
2021-02-22 - 2021-05-23 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://8jq1i.cn/?irPXZBBkISDMHD
Frame ID: 78C2A5179EDEC2A9F8CCB8E9468B4FC8
Requests: 17 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://urldefense.com/v3/__https://8jq1i.cn/?irPXZBBkISDMHD__;!!IIc8w16ASern!_umt9VqsSbPZfPcR09J4Q...
HTTP 302
https://8jq1i.cn/?irPXZBBkISDMHD Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://urldefense.com/v3/__https://8jq1i.cn/?irPXZBBkISDMHD__;!!IIc8w16ASern!_umt9VqsSbPZfPcR09J4QvDa1r65vxfxC-1gCTsCKq7qLItHbpWEb38P7EvPgFNShRZ2zk0$
HTTP 302
https://8jq1i.cn/?irPXZBBkISDMHD Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
8jq1i.cn/ Redirect Chain
|
8 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ichiba_chat_appender_v1_0.css
8jq1i.cn/static/css/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.12.4.min.js
8jq1i.cn/static/js/ |
95 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.validate.min.js
8jq1i.cn/static/js/ |
21 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common_login.css
8jq1i.cn/static/css/ |
11 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loginstyle.css
8jq1i.cn/static/css/ |
969 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
validation.css
8jq1i.cn/static/css/ |
100 B 362 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rakuten_pc_32px@2x_wm.png
8jq1i.cn/static/img/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
t.gif
8jq1i.cn/static/img/ |
43 B 305 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
stop_540x249.png
8jq1i.cn/static/img/ |
57 KB 57 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rakuten_pc_20px@2x.png
8jq1i.cn/static/img/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
challenger.css
8jq1i.cn/static/css/ |
2 KB 931 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pop.gif
8jq1i.cn/static/img/ |
75 B 337 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg_btn_red_btm.gif
8jq1i.cn/static/img/ |
442 B 705 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg_btn_red_top.gif
8jq1i.cn/static/img/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_btn_arrow.gif
8jq1i.cn/static/img/ |
60 B 322 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
info.gif
8jq1i.cn/static/img/ |
360 B 623 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Rakuten (E-commerce)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
8jq1i.cn
urldefense.com
23.249.22.242
52.204.90.22
175cf3a6b7549f715fffaddc3ec5c9f92717e7c5f63b7e36ea9592e091a80a67
2771191104d71c188d9dbdb97ce74cc190b1bd377275e0201bef4648bfc0f186
2e3e3b2660cbfaac5febf7a50b31d0494159989626a84102b2c3792cffe27d13
33be38e33c8eb9aa13a4ed44c2e2813207bef13a5ba265818e485f0ebbc83f3b
3db3a37c8b57df998874da0335cc2f35d75df401c20200498547ac0f486af4b8
62775ef2856f63d6399abc1d54077916df8d62b16414816012b9ff0fad4efada
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
6da28d7a134d543417892f859bad07f0ac729296d84618a57d30b31810cea58a
7a6a7a40c68cebdf9ce6829ffdf782b7da922d049cf39c3ba911b5491f4683e7
7ab9a4d7f597471f82e8ebc6019525cd45f81decff7853062056a3c3417eba59
849cd9d1c481a1b45559f5e833f40e13ee666842e6f8ba72c8e1cad9c8c15f6d
8c18139032ae0385b15a78d32b8deb3c392940f4e34c79fbdd1a069f46f5213c
9c9797b6e4667df722ba99354080145bcfdae2bafd7601647e3400fc85d02b37
a82db64ae2580c53c25c80ed9ab6e1678b81be4ca53788e3bdb7a4b619bbf904
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
d8aac016132945bbe5a1f88a60206628c5d7c12e69917cb5fcbee4a7c24440c6
e1039b942a52729c7bd4fe9427a4f8a86816142ef90dd2be9b6ffcd353145a02