ewoi42jtd.icu
Open in
urlscan Pro
192.3.235.67
Malicious Activity!
Public Scan
Effective URL: https://ewoi42jtd.icu/eki_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=h...
Submission: On October 20 via manual from IN — Scanned from DE
Summary
TLS certificate: Issued by R3 on October 11th 2022. Valid for: 3 months.
This is the only time ewoi42jtd.icu was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: JR East (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 18 | 192.3.235.67 192.3.235.67 | 36352 (AS-COLOCR...) (AS-COLOCROSSING) | |
17 | 1 |
ASN36352 (AS-COLOCROSSING, US)
PTR: 192-3-235-67-host.colocrossing.com
ewoi42jtd.icu |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
ewoi42jtd.icu
1 redirects
ewoi42jtd.icu |
1 MB |
17 | 1 |
Domain | Requested by | |
---|---|---|
18 | ewoi42jtd.icu |
1 redirects
ewoi42jtd.icu
|
17 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.eki-net.com |
secure.okbiz.okwave.jp |
www.jreast.co.jp |
my.jreast.co.jp |
Subject Issuer | Validity | Valid | |
---|---|---|---|
ewoi42jtd.icu R3 |
2022-10-11 - 2023-01-09 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://ewoi42jtd.icu/eki_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Frame ID: 60192871573CA1D7A0D620401C2EC48D
Requests: 17 HTTP requests in this frame
Screenshot
Page Title
えきねっと(JR東日本)|ログインPage URL History Show full URLs
-
http://ewoi42jtd.icu/jp
HTTP 301
https://ewoi42jtd.icu/jp Page URL
- https://ewoi42jtd.icu/index.php?t=6d68377b39f337530000a634ebbfc09464cef21066ee4494f1bc5965e150759a Page URL
- https://ewoi42jtd.icu/eki_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&a... Page URL
Detected technologies
Akamai Bot Manager (Security) ExpandDetected patterns
Google Tag Manager (Tag Managers) Expand
Detected patterns
- <!-- (?:End )?Google Tag Manager -->
Page Statistics
25 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: JRきっぷ申込/空席案内
Search URL Search Domain Scan URL
Title: のってたのしい列車(観光列車)の申込
Search URL Search Domain Scan URL
Title: おトクなきっぷの申込
Search URL Search Domain Scan URL
Title: JRきっぷ申込とは
Search URL Search Domain Scan URL
Title: えきねっとトクだ値
Search URL Search Domain Scan URL
Title: 新幹線eチケットサービス
Search URL Search Domain Scan URL
Title: えきねっとチケットレスサービス
Search URL Search Domain Scan URL
Title: JRきっぷ申込 ご利用ガイド
Search URL Search Domain Scan URL
Title: JRツアー
Search URL Search Domain Scan URL
Title: 駅レンタカー
Search URL Search Domain Scan URL
Title: 便利な使い方
Search URL Search Domain Scan URL
Title: ポイント
Search URL Search Domain Scan URL
Title: お問い合わせ
Search URL Search Domain Scan URL
Title: よくある質問
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: えきねっとユーザーIDを忘れた
Search URL Search Domain Scan URL
Title: パスワードを忘れた
Search URL Search Domain Scan URL
Title: My JR-EASTのID・パスワードをお忘れの場合(My JR-EASTサイトへ)
Search URL Search Domain Scan URL
Title: メールマガジンのご案内
Search URL Search Domain Scan URL
Title: サービス提供時間
Search URL Search Domain Scan URL
Title: ご利用にあたって
Search URL Search Domain Scan URL
Title: えきねっと利用に関する規約
Search URL Search Domain Scan URL
Title: 個人情報の取扱いに関する基本方針
Search URL Search Domain Scan URL
Title: サイトマップ
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://ewoi42jtd.icu/jp
HTTP 301
https://ewoi42jtd.icu/jp Page URL
- https://ewoi42jtd.icu/index.php?t=6d68377b39f337530000a634ebbfc09464cef21066ee4494f1bc5965e150759a Page URL
- https://ewoi42jtd.icu/eki_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://ewoi42jtd.icu/jp HTTP 301
- https://ewoi42jtd.icu/jp
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
jp
ewoi42jtd.icu/ Redirect Chain
|
1 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor.23238u92u82.js
ewoi42jtd.icu/vendor/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.php
ewoi42jtd.icu/ |
5 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
signin
ewoi42jtd.icu/eki_ap/ |
22 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common.css
ewoi42jtd.icu/eki_ap/css/ |
120 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
module.css
ewoi42jtd.icu/eki_ap/css/ |
74 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
member.css
ewoi42jtd.icu/eki_ap/css/ |
20 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
ewoi42jtd.icu/eki_ap/css/ |
39 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
top_searchparts.css
ewoi42jtd.icu/eki_ap/css/ |
119 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
load_font.css
ewoi42jtd.icu/eki_ap/css/ |
786 B 364 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_ekinet.png
ewoi42jtd.icu/eki_ap/images/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_jreast.png
ewoi42jtd.icu/eki_ap/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_input_ok.png
ewoi42jtd.icu/eki_ap/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_linkblank.png
ewoi42jtd.icu/eki_ap/images/ |
166 B 212 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_linkblank-1.png
ewoi42jtd.icu/eki_ap/images/ |
166 B 204 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
notosanscjkjp-regular_subset.woff
ewoi42jtd.icu/eki_ap/fonts/ |
1 MB 1 MB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
notosanscjkjp-bold_subset.woff
ewoi42jtd.icu/eki_ap/fonts/ |
548 B 238 B |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: JR East (Transportation)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ewoi42jtd.icu/ | Name: PHPSESSID Value: b2oo7s6le8a73hetrkajv0n4ls |
|
.ewoi42jtd.icu/ | Name: 62345ba76168db0033ce8ae6a90ce5a762956614 Value: nwcMGFHjQc7nDOZDxhWlbg%3D%3D |
|
.ewoi42jtd.icu/ | Name: ak_bmsc Value: cITYO2ZymZbhFZJC%2Fe%2FgJVBxwdcN0zbWCZKlPr%2FscYcfuVXlgILRKWurO2hqjoQwznmqayo%2Bjn8%2Bq3rRJjr8iO6fJ1ELsuMBi3UnvvtKWZ0kaFK5u1vMwHUUt2SnnpojN9b1fZ4qJqwDgwchvqyH9l6edTEXGzYNPt4Ipe2AyD799BnEyUtamSEdmtmkNGJgCZqOgiQmQNndbSzi4lZcFVU2CpqoaBE1HQ5wp6KA3ighs5hSzCkaI8IgiAintdrqyA2Gj6NLCGe4NCXLMiHH3SzmOzA8ZHBLVtCwuxGr44FgoenPLzRZdIwtEd4BiH8mZH2W8jKwlSy9fXwYOm7xvolSrCIJIWW26NVnUP%2BeOZdBvoL%2FBoOR3YqpCR5%2FuTzWIxY6hSjk029UManHrWRTaGC84EY7uyvtfBU9D4jGv3vLmPYMw7E6AlVIYPt8ABDJuVkSfp2%2FrtmxftrH6vG60JopkMWblXOSj1aUx7ALR6EN1A8WKa0p5Ior4%2FIlFBvDuHWrSAEQNSQNEhtg9D9ZsfZ4n8Co7Krh6lzbZ1VjbR5Axpot635%2FxWsS9%2BWjkacug44L3ryIcaxklaqkhpAeWA%3D%3D |
|
.ewoi42jtd.icu/ | Name: _amkc Value: 9dd130c8-a96f-4b39-9985-bd11c4f4e54a |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | frame-ancestors 'none' |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ewoi42jtd.icu
192.3.235.67
3f7c549cfacde11c4129c09b1908d106126d823682cc758f70fc046638d7746b
434379a92cc3af5ca03ccb2bfaadc7f2b8224b1b49f310ec5f4d27ca36777520
6b6805e990d1063ebbf30e49162bf04f8ec247ffa96e1872e4b0d8d3f7e3a02f
8d098739c0c6294a76301fc09bfd53b8f3501a92f6328a1a4995409981532063
8e4d01ee0450f9f5e21ea7178dd0aad676fcebf6808a1a550fddc686fba02542
a6ce435360363a9fbcc5c474c0c0408296acafac775487325215cd3ff5495d09
ae9da3c9a568a7b3602dc54e10c324166db3abe1d3a6892770d6ce6a7cc8c1c6
ba4924716ed0580ae30f974eebb97421a2c10c1e2cf61e8ad60fcd39d8fbca30
bdd84e5ef5aa059a934dc05de1d463e3d1d875727859f301a940426c16e805d8
c3c06cab11490cda8fa71c1fb7b633367a8065180a6fab532500f647bf248e29
c6c23411a9fa7eb2bc546e6269c8243b2efc179dbe9dcedafc141d03057375ec
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
d4d96a513c50320d375f5cb8c1c4f52d6ba868b6ffafec5f451deb8dc9ef05f4
e918e110b6e7e8c5ada678baab1d10bcf4f24d149943804b0b31363ccd976b7a
f32ac72b33743b0a8fcf63463ab1859bc72d25ebe3c02e8249c10420b8ed2a06