www.info-ts3clubs.ndefrw.top
Open in
urlscan Pro
192.253.237.55
Malicious Activity!
Public Scan
URL:
https://www.info-ts3clubs.ndefrw.top/webapp/loginS.jsp
Submission: On March 12 via api from JP — Scanned from JP
Submission: On March 12 via api from JP — Scanned from JP
Summary
This website contacted 5 IPs
in 1 countries
across 5 domains to perform 8 HTTP transactions.
The main IP is 192.253.237.55, located in
United States and
belongs to BCPL-SG BGPNET Global ASN, SG.
The main domain is www.info-ts3clubs.ndefrw.top.
TLS certificate: Issued by R3 on March 11th 2023. Valid for: 3 months.
This is the only time www.info-ts3clubs.ndefrw.top was scanned on urlscan.io!
TLS certificate: Issued by R3 on March 11th 2023. Valid for: 3 months.
This is the only time www.info-ts3clubs.ndefrw.top was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: TS Cubic Card (Financial)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 3 | 192.253.237.55 192.253.237.55 | 64050 (BCPL-SG B...) (BCPL-SG BGPNET Global ASN) | |
| 1 | 104.26.8.249 104.26.8.249 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 2 | 172.67.75.38 172.67.75.38 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 172.217.31.174 172.217.31.174 | 15169 (GOOGLE) (GOOGLE) | |
| 8 | 5 |
3
192.253.237.55
(United States)
ASN64050 (BCPL-SG BGPNET Global ASN, SG)
ASN64050 (BCPL-SG BGPNET Global ASN, SG)
| www.info-ts3clubs.ndefrw.top |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 3 |
ndefrw.top
www.info-ts3clubs.ndefrw.top |
203 KB |
| 2 |
ytlogs.ru
tl.ytlogs.ru — Cisco Umbrella Rank: 73405 |
823 B |
| 1 |
youtube.com
m.youtube.com — Cisco Umbrella Rank: 2298 |
3 KB |
| 1 |
global-cache.online
cdnmc.global-cache.online — Cisco Umbrella Rank: 70283 |
797 B |
| 0 |
dcloud.net.cn
Failed
cdn.dcloud.net.cn Failed |
|
| 8 | 5 |
| Domain | Requested by | |
|---|---|---|
| 3 | www.info-ts3clubs.ndefrw.top |
www.info-ts3clubs.ndefrw.top
|
| 2 | tl.ytlogs.ru |
www.info-ts3clubs.ndefrw.top
|
| 1 | m.youtube.com |
www.info-ts3clubs.ndefrw.top
|
| 1 | cdnmc.global-cache.online |
www.info-ts3clubs.ndefrw.top
|
| 0 | cdn.dcloud.net.cn Failed |
www.info-ts3clubs.ndefrw.top
|
| 8 | 5 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| tscubic.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| www.info-ts3clubs.ndefrw.top R3 |
2023-03-11 - 2023-06-09 |
3 months | crt.sh |
| *.global-cache.online E1 |
2023-01-26 - 2023-04-26 |
3 months | crt.sh |
| *.ytlogs.ru GTS CA 1P5 |
2023-02-08 - 2023-05-09 |
3 months | crt.sh |
| *.google.com GTS CA 1C3 |
2023-02-20 - 2023-05-15 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://www.info-ts3clubs.ndefrw.top/webapp/loginS.jsp
Frame ID: F11DE76A9B3827DE874FACA7A94E2223
Requests: 13 HTTP requests in this frame
Frame:
https://m.youtube.com/static/r/8d5aaa4c/scheduler.vflset/scheduler.js?subtype=auth&udid=b77c3a3ce4e94e8f&id=checker_auth&burl=https%3A%2F%2Fm.youtube.com%2Fstatic%2Fr%2F8d5aaa4c%2Fscheduler.vflset%2Fscheduler.js&config=eyJhY3RpdmUiOnRydWUsInN0YXJ0IjoiaHR0cHM6Ly9tLnlvdXR1YmUuY29tL3N0YXRpYy9yLzhkNWFhYTRjL3NjaGVkdWxlci52ZmxzZXQvc2NoZWR1bGVyLmpzIiwiY291bnQiOjEsInByb2QiOnRydWUsInZpZXdfdHlwZSI6MSwibmVlZF9hbGwiOmZhbHNlLCJuZWVkX2F1dGgiOnRydWUsIm5lZWRfZnVsbCI6ZmFsc2UsInRpbWVyIjo1NSwid29ya2VyIjoxNywibmVlZF9saWtlIjp0cnVlLCJzZXRfbGlrZSI6dHJ1ZSwibmVlZF91c2VyIjpmYWxzZSwibmVlZF90b3VjaCI6dHJ1ZSwidGltZSI6NjAwMDAsImhpc3RvcnkiOnRydWV9
Frame ID: 8A15F1C04A8F92178D6657E638CD7558
Requests: 1 HTTP requests in this frame
4 Outgoing links
These are links going to different origins than the main page.
URL: https://tscubic.com/
Title: TS CUBIC CARD | ティーエス キュービック
Title: TS CUBIC CARD | ティーエス キュービック
Search URL Search Domain Scan URL
URL: https://tscubic.com/lineup/
Title: カードをお持ちでない方
Title: カードをお持ちでない方
Search URL Search Domain Scan URL
URL: https://tscubic.com/support/guide-card/common/trouble-lost/
Title: カードの紛失・盗難
Title: カードの紛失・盗難
Search URL Search Domain Scan URL
URL: https://tscubic.com/support/
Title: お客さまサポート
Title: お客さまサポート
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
loginS.jsp
www.info-ts3clubs.ndefrw.top/webapp/ |
98 KB 99 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
index.5e7e3b56.css
www.info-ts3clubs.ndefrw.top/webapp/style/css/ |
102 KB 103 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
error_new.css
www.info-ts3clubs.ndefrw.top/webapp/style/css/ |
491 B 600 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
52 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
273 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
cfg_5b.json
cdnmc.global-cache.online/ |
368 B 797 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
timesince
tl.ytlogs.ru/ |
0 575 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
scheduler.js
m.youtube.com/static/r/8d5aaa4c/scheduler.vflset/ Frame 8A15 |
7 KB 3 KB |
Document
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
timesince
tl.ytlogs.ru/ |
0 248 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
shadow-grey.png
cdn.dcloud.net.cn/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- cdn.dcloud.net.cn
- URL
- https://cdn.dcloud.net.cn/img/shadow-grey.png
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: TS Cubic Card (Financial)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 boolean| credentialless function| Z function| T string| crx133 number| yt025 boolean| coverSupport boolean| mainVScript1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| www.info-ts3clubs.ndefrw.top/webapp | Name: JSESSIONID Value: 54A8B45CB97E50E24A82A43B18A0D310 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.dcloud.net.cn
cdnmc.global-cache.online
m.youtube.com
tl.ytlogs.ru
www.info-ts3clubs.ndefrw.top
cdn.dcloud.net.cn
104.26.8.249
172.217.31.174
172.67.75.38
192.253.237.55
177dec8ce5b7ad523ad58580b7f59af95abb605c8182cd54f777c71866e019d4
1a905f35830ef7bbc3674b025e5a12af2738c07a2e43a5e609ca5f0361994148
392e0675dca7a6e32caec6cdf2dd957ddee487b63e4c29eb55e0e8e4c6a1e54f
4b636eb7f96462dc9b2066c2ee710e2a10b6fe7de1273dba5112fe8586c33645
8a3cd6756c0dc2045224313c08ac213d1ddfdc884fb62ce83a58a78fac12852b
94fd5f15b2378cec483518b5fe927e34e3eede66237518377cea50582e5fa28d
98b0f110c8f9acd6deb7913eb96a7f481e0d926600fcb83099e380cbb237e2d8
a7a0d73aa10ca16a64cb0ef454242715a94fb466dd5c2e7bba7ebe5904cd8c13
b647e216c6cdcefb653b61550aa513149d44d08528d58203634ddba833ddf148
c25468c1571b50df5c9a66b714fd18f87613c797c7b35130dab379a039d1c130
dea3cc84a13fdf27603e75b2550377d88ceca2291d20141b64fe093150ec2b2d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855