ewoi42jtd.icu Open in urlscan Pro
192.3.235.67 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://ewoi42jtd.icu/jp
Effective URL:
https://ewoi42jtd.icu/eki_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=h...
Submission: On October 20 via manual (October 20th 2022, 4:31:56 am UTC) from IN — Scanned from DE

Summary HTTP 17 Redirects Links 25 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 17 HTTP transactions. The main IP is 192.3.235.67, located in Dallas, United States and belongs to AS-COLOCROSSING, US. The main domain is ewoi42jtd.icu.
TLS certificate: Issued by R3 on October 11th 2022. Valid for: 3 months.

This is the only time ewoi42jtd.icu was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: JR East (Transportation)

Domain & IP information

	IP Address		AS Autonomous System
1 18	192.3.235.67 192.3.235.67		36352 (AS-COLOCR...) (AS-COLOCROSSING)
17	1

18 192.3.235.67 (Dallas, United States) 1 redirects

ASN36352 (AS-COLOCROSSING, US)
PTR: 192-3-235-67-host.colocrossing.com

ewoi42jtd.icu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	ewoi42jtd.icu 1 redirects ewoi42jtd.icu	1 MB
17	1

	Domain	Requested by
18	ewoi42jtd.icu	1 redirects ewoi42jtd.icu
17	1

This site contains links to these domains. Also see Links.

Domain
www.eki-net.com
secure.okbiz.okwave.jp
www.jreast.co.jp
my.jreast.co.jp

Subject Issuer	Validity	Valid
ewoi42jtd.icu R3	`2022-10-11` - `2023-01-09`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://ewoi42jtd.icu/eki_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Frame ID: 60192871573CA1D7A0D620401C2EC48D
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

えきねっと（JR東日本）｜ログイン

Page URL History Show full URLs

http://ewoi42jtd.icu/jp HTTP 301
https://ewoi42jtd.icu/jp Page URL
https://ewoi42jtd.icu/index.php?t=6d68377b39f337530000a634ebbfc09464cef21066ee4494f1bc5965e150759a Page URL
https://ewoi42jtd.icu/eki_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&a... Page URL

Detected technologies

Akamai Bot Manager (Security) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

Page Statistics

17
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1266 kB
Transfer

1607 kB
Size

4
Cookies

25 Outgoing links

These are links going to different origins than the main page.

URL: https://www.eki-net.com/Personal/Top/Index

Search URL Search Domain Scan URL

URL: https://www.eki-net.com/Personal/reserve/wb/RouteSearchConditionInput/Index
Title: JRきっぷ申込／空席案内

Search URL Search Domain Scan URL

URL: https://www.eki-net.com/Personal/reserve/wb/JoyfulTrainsTop/Index
Title: のってたのしい列車（観光列車）の申込

Search URL Search Domain Scan URL

URL: https://www.eki-net.com/Personal/reserve/wb/GainTicketSearchConditionsInput/Index
Title: おトクなきっぷの申込

Search URL Search Domain Scan URL

URL: https://www.eki-net.com/top/jrticket/about/
Title: JRきっぷ申込とは

Search URL Search Domain Scan URL

URL: https://www.eki-net.com/top/tokudane/
Title: えきねっとトクだ値

Search URL Search Domain Scan URL

URL: https://www.eki-net.com/top/e-ticket/
Title: 新幹線eチケットサービス

Search URL Search Domain Scan URL

URL: https://www.eki-net.com/top/ticketless/
Title: えきねっとチケットレスサービス

Search URL Search Domain Scan URL

URL: https://www.eki-net.com/top/jrticket/guide/
Title: JRきっぷ申込ご利用ガイド

Search URL Search Domain Scan URL

URL: https://www.eki-net.com/travel/
Title: JRツアー

Search URL Search Domain Scan URL

URL: https://www.eki-net.com/top/rentcar/
Title: 駅レンタカー

Search URL Search Domain Scan URL

URL: https://www.eki-net.com/top/howto/
Title: 便利な使い方

Search URL Search Domain Scan URL

URL: https://www.eki-net.com/top/point/
Title: ポイント

Search URL Search Domain Scan URL

URL: https://www.eki-net.com/top/info/
Title: お問い合わせ

Search URL Search Domain Scan URL

URL: https://secure.okbiz.okwave.jp/eki-net/?site_domain=default
Title: よくある質問

Search URL Search Domain Scan URL

URL: https://www.jreast.co.jp/

Search URL Search Domain Scan URL

URL: https://www.eki-net.com/Personal/member/wb/ID/IDReminderApply
Title: えきねっとユーザーIDを忘れた

Search URL Search Domain Scan URL

URL: https://www.eki-net.com/Personal/member/wb/PW/PasswordRegistApply
Title: パスワードを忘れた

Search URL Search Domain Scan URL

URL: https://my.jreast.co.jp/web/ir/RenewPasswordRequestForm.aspx
Title: My JR-EASTのID・パスワードをお忘れの場合（My JR-EASTサイトへ）

Search URL Search Domain Scan URL

URL: https://www.eki-net.com/top/mail_magazine/
Title: メールマガジンのご案内

Search URL Search Domain Scan URL

URL: https://www.eki-net.com/top/service_time/
Title: サービス提供時間

Search URL Search Domain Scan URL

URL: https://www.eki-net.com/top/use/
Title: ご利用にあたって

Search URL Search Domain Scan URL

URL: https://www.eki-net.com/top/kiyaku/
Title: えきねっと利用に関する規約

Search URL Search Domain Scan URL

URL: https://www.eki-net.com/top/privacy/
Title: 個人情報の取扱いに関する基本方針

Search URL Search Domain Scan URL

URL: https://www.eki-net.com/top/sitemap/
Title: サイトマップ

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://ewoi42jtd.icu/jp HTTP 301
https://ewoi42jtd.icu/jp Page URL
https://ewoi42jtd.icu/index.php?t=6d68377b39f337530000a634ebbfc09464cef21066ee4494f1bc5965e150759a Page URL
https://ewoi42jtd.icu/eki_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://ewoi42jtd.icu/jp HTTP 301
https://ewoi42jtd.icu/jp

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

jp Show response
ewoi42jtd.icu/
Redirect Chain

http://ewoi42jtd.icu/jp
https://ewoi42jtd.icu/jp

1 KB
1 KB

399ms
138ms

Document
text/html

192.3.235.67
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL

https://ewoi42jtd.icu/jp

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.3.235.67 Dallas, United States, ASN36352 (AS-COLOCROSSING, US),

Reverse DNS

192-3-235-67-host.colocrossing.com

Software

Apache /

Resource Hash

a6ce435360363a9fbcc5c474c0c0408296acafac775487325215cd3ff5495d09

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
access-control-allow-origin: ewoi42jtd.icu
cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 597
content-security-policy: frame-ancestors 'none'
content-type: text/html; charset=UTF-8
date: Thu, 20 Oct 2022 04:31:51 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: Apache
upgrade-insecure-requests: 1
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

Connection: close
Content-Length: 295
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 20 Oct 2022 04:31:50 GMT
Location: https://ewoi42jtd.icu/jp
Server: Apache

GET
H2 200 vendor.23238u92u82.js Show response
ewoi42jtd.icu/vendor/ 5 KB
2 KB 130ms
129ms Script
application/javascript 192.3.235.67
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL

https://ewoi42jtd.icu/vendor/vendor.23238u92u82.js

Requested by

Host: ewoi42jtd.icu
URL: https://ewoi42jtd.icu/jp

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.3.235.67 Dallas, United States, ASN36352 (AS-COLOCROSSING, US),

Reverse DNS

192-3-235-67-host.colocrossing.com

Software

Apache /

Resource Hash

ae9da3c9a568a7b3602dc54e10c324166db3abe1d3a6892770d6ce6a7cc8c1c6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ewoi42jtd.icu/jp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 04:31:51 GMT
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
content-encoding: gzip
x-dns-prefetch-control: off
content-length: 1907
x-xss-protection: 1; mode=block
last-modified: Fri, 17 Jun 2022 12:31:10 GMT
server: Apache
upgrade-insecure-requests: 1
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
content-type: application/javascript
access-control-allow-origin: (null)
vary: Accept-Encoding
accept-ranges: bytes

GET
H2 200 index.php
ewoi42jtd.icu/ 5 KB
3 KB 236ms
235ms Document
text/html 192.3.235.67
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL

https://ewoi42jtd.icu/index.php?t=6d68377b39f337530000a634ebbfc09464cef21066ee4494f1bc5965e150759a

Requested by

Host: ewoi42jtd.icu
URL: https://ewoi42jtd.icu/jp

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.3.235.67 Dallas, United States, ASN36352 (AS-COLOCROSSING, US),

Reverse DNS

192-3-235-67-host.colocrossing.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ewoi42jtd.icu/jp
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
access-control-allow-origin: ewoi42jtd.icu
cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 2397
content-security-policy: frame-ancestors 'none'
content-type: text/html; charset=UTF-8
date: Thu, 20 Oct 2022 04:31:51 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: Apache
upgrade-insecure-requests: 1
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 Primary Request signin Show response
ewoi42jtd.icu/eki_ap/ 22 KB
4 KB 134ms
134ms Document
text/html 192.3.235.67
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL

https://ewoi42jtd.icu/eki_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1

Requested by

Host: ewoi42jtd.icu
URL: https://ewoi42jtd.icu/index.php?t=6d68377b39f337530000a634ebbfc09464cef21066ee4494f1bc5965e150759a

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.3.235.67 Dallas, United States, ASN36352 (AS-COLOCROSSING, US),

Reverse DNS

192-3-235-67-host.colocrossing.com

Software

Apache /

Resource Hash

8d098739c0c6294a76301fc09bfd53b8f3501a92f6328a1a4995409981532063

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ewoi42jtd.icu/index.php?t=6d68377b39f337530000a634ebbfc09464cef21066ee4494f1bc5965e150759a
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
access-control-allow-origin: ewoi42jtd.icu
cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 4202
content-security-policy: frame-ancestors 'none'
content-type: text/html; charset=UTF-8
date: Thu, 20 Oct 2022 04:31:51 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: Apache
upgrade-insecure-requests: 1
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 common.css
ewoi42jtd.icu/eki_ap/css/ 120 KB
14 KB 137ms
136ms Stylesheet
text/css 192.3.235.67
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL

https://ewoi42jtd.icu/eki_ap/css/common.css

Requested by

Host: ewoi42jtd.icu
URL: https://ewoi42jtd.icu/eki_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.3.235.67 Dallas, United States, ASN36352 (AS-COLOCROSSING, US),

Reverse DNS

192-3-235-67-host.colocrossing.com

Software

Apache /

Resource Hash

c3c06cab11490cda8fa71c1fb7b633367a8065180a6fab532500f647bf248e29

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ewoi42jtd.icu/eki_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 04:31:51 GMT
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
content-encoding: gzip
x-dns-prefetch-control: off
content-length: 14629
x-xss-protection: 1; mode=block
last-modified: Sun, 09 Oct 2022 04:47:44 GMT
server: Apache
upgrade-insecure-requests: 1
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
content-type: text/css
access-control-allow-origin: (null)
vary: Accept-Encoding
accept-ranges: bytes

GET
H2 200 module.css
ewoi42jtd.icu/eki_ap/css/ 74 KB
10 KB 265ms
263ms Stylesheet
text/css 192.3.235.67
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL

https://ewoi42jtd.icu/eki_ap/css/module.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.3.235.67 Dallas, United States, ASN36352 (AS-COLOCROSSING, US),

Reverse DNS

192-3-235-67-host.colocrossing.com

Software

Apache /

Resource Hash

f32ac72b33743b0a8fcf63463ab1859bc72d25ebe3c02e8249c10420b8ed2a06

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ewoi42jtd.icu/eki_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 04:31:51 GMT
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
content-encoding: gzip
x-dns-prefetch-control: off
content-length: 10179
x-xss-protection: 1; mode=block
last-modified: Sun, 09 Oct 2022 04:47:44 GMT
server: Apache
upgrade-insecure-requests: 1
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
content-type: text/css
access-control-allow-origin: (null)
vary: Accept-Encoding
accept-ranges: bytes

GET
H2 200 member.css
ewoi42jtd.icu/eki_ap/css/ 20 KB
3 KB 134ms
133ms Stylesheet
text/css 192.3.235.67
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL

https://ewoi42jtd.icu/eki_ap/css/member.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.3.235.67 Dallas, United States, ASN36352 (AS-COLOCROSSING, US),

Reverse DNS

192-3-235-67-host.colocrossing.com

Software

Apache /

Resource Hash

8e4d01ee0450f9f5e21ea7178dd0aad676fcebf6808a1a550fddc686fba02542

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ewoi42jtd.icu/eki_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 04:31:51 GMT
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
content-encoding: gzip
x-dns-prefetch-control: off
content-length: 3214
x-xss-protection: 1; mode=block
last-modified: Sun, 09 Oct 2022 04:47:44 GMT
server: Apache
upgrade-insecure-requests: 1
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
content-type: text/css
access-control-allow-origin: (null)
vary: Accept-Encoding
accept-ranges: bytes

GET
H2 200 style.css
ewoi42jtd.icu/eki_ap/css/ 39 KB
7 KB 266ms
265ms Stylesheet
text/css 192.3.235.67
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL

https://ewoi42jtd.icu/eki_ap/css/style.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.3.235.67 Dallas, United States, ASN36352 (AS-COLOCROSSING, US),

Reverse DNS

192-3-235-67-host.colocrossing.com

Software

Apache /

Resource Hash

c6c23411a9fa7eb2bc546e6269c8243b2efc179dbe9dcedafc141d03057375ec

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ewoi42jtd.icu/eki_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 04:31:51 GMT
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
content-encoding: gzip
x-dns-prefetch-control: off
content-length: 6590
x-xss-protection: 1; mode=block
last-modified: Sun, 09 Oct 2022 04:47:44 GMT
server: Apache
upgrade-insecure-requests: 1
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
content-type: text/css
access-control-allow-origin: (null)
vary: Accept-Encoding
accept-ranges: bytes

GET
H2 200 top_searchparts.css
ewoi42jtd.icu/eki_ap/css/ 119 KB
12 KB 392ms
391ms Stylesheet
text/css 192.3.235.67
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL

https://ewoi42jtd.icu/eki_ap/css/top_searchparts.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.3.235.67 Dallas, United States, ASN36352 (AS-COLOCROSSING, US),

Reverse DNS

192-3-235-67-host.colocrossing.com

Software

Apache /

Resource Hash

6b6805e990d1063ebbf30e49162bf04f8ec247ffa96e1872e4b0d8d3f7e3a02f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ewoi42jtd.icu/eki_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 04:31:51 GMT
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
content-encoding: gzip
x-dns-prefetch-control: off
content-length: 12592
x-xss-protection: 1; mode=block
last-modified: Sun, 09 Oct 2022 04:47:44 GMT
server: Apache
upgrade-insecure-requests: 1
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
content-type: text/css
access-control-allow-origin: (null)
vary: Accept-Encoding
accept-ranges: bytes

GET
H2 200 load_font.css
ewoi42jtd.icu/eki_ap/css/ 786 B
364 B 264ms
263ms Stylesheet
text/css 192.3.235.67
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL

https://ewoi42jtd.icu/eki_ap/css/load_font.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.3.235.67 Dallas, United States, ASN36352 (AS-COLOCROSSING, US),

Reverse DNS

192-3-235-67-host.colocrossing.com

Software

Apache /

Resource Hash

bdd84e5ef5aa059a934dc05de1d463e3d1d875727859f301a940426c16e805d8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ewoi42jtd.icu/eki_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 04:31:51 GMT
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
content-encoding: gzip
x-dns-prefetch-control: off
content-length: 324
x-xss-protection: 1; mode=block
last-modified: Sun, 09 Oct 2022 04:47:44 GMT
server: Apache
upgrade-insecure-requests: 1
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
content-type: text/css
access-control-allow-origin: (null)
vary: Accept-Encoding
accept-ranges: bytes

GET
H2 200 logo_ekinet.png
ewoi42jtd.icu/eki_ap/images/ 7 KB
7 KB 259ms
258ms Image
image/png 192.3.235.67
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ewoi42jtd.icu/eki_ap/images/logo_ekinet.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.3.235.67 Dallas, United States, ASN36352 (AS-COLOCROSSING, US),

Reverse DNS

192-3-235-67-host.colocrossing.com

Software

Apache /

Resource Hash

3f7c549cfacde11c4129c09b1908d106126d823682cc758f70fc046638d7746b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ewoi42jtd.icu/eki_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 04:31:51 GMT
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
last-modified: Sun, 09 Oct 2022 04:47:44 GMT
server: Apache
upgrade-insecure-requests: 1
x-frame-options: SAMEORIGIN
x-dns-prefetch-control: off
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
access-control-allow-origin: (null)
content-type: image/png
accept-ranges: bytes
content-length: 7480
x-xss-protection: 1; mode=block

GET
H2 200 logo_jreast.png
ewoi42jtd.icu/eki_ap/images/ 3 KB
3 KB 259ms
258ms Image
image/png 192.3.235.67
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ewoi42jtd.icu/eki_ap/images/logo_jreast.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.3.235.67 Dallas, United States, ASN36352 (AS-COLOCROSSING, US),

Reverse DNS

192-3-235-67-host.colocrossing.com

Software

Apache /

Resource Hash

ba4924716ed0580ae30f974eebb97421a2c10c1e2cf61e8ad60fcd39d8fbca30

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ewoi42jtd.icu/eki_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 04:31:51 GMT
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
last-modified: Sun, 09 Oct 2022 04:47:44 GMT
server: Apache
upgrade-insecure-requests: 1
x-frame-options: SAMEORIGIN
x-dns-prefetch-control: off
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
access-control-allow-origin: (null)
content-type: image/png
accept-ranges: bytes
content-length: 2909
x-xss-protection: 1; mode=block

GET
H2 200 icon_input_ok.png
ewoi42jtd.icu/eki_ap/images/ 3 KB
3 KB 259ms
258ms Image
image/png 192.3.235.67
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ewoi42jtd.icu/eki_ap/images/icon_input_ok.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.3.235.67 Dallas, United States, ASN36352 (AS-COLOCROSSING, US),

Reverse DNS

192-3-235-67-host.colocrossing.com

Software

Apache /

Resource Hash

d4d96a513c50320d375f5cb8c1c4f52d6ba868b6ffafec5f451deb8dc9ef05f4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ewoi42jtd.icu/eki_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 04:31:51 GMT
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
last-modified: Sun, 09 Oct 2022 04:47:44 GMT
server: Apache
upgrade-insecure-requests: 1
x-frame-options: SAMEORIGIN
x-dns-prefetch-control: off
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
access-control-allow-origin: (null)
content-type: image/png
accept-ranges: bytes
content-length: 3229
x-xss-protection: 1; mode=block

GET
H2 200 icon_linkblank.png
ewoi42jtd.icu/eki_ap/images/ 166 B
212 B 258ms
257ms Image
image/png 192.3.235.67
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ewoi42jtd.icu/eki_ap/images/icon_linkblank.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.3.235.67 Dallas, United States, ASN36352 (AS-COLOCROSSING, US),

Reverse DNS

192-3-235-67-host.colocrossing.com

Software

Apache /

Resource Hash

e918e110b6e7e8c5ada678baab1d10bcf4f24d149943804b0b31363ccd976b7a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ewoi42jtd.icu/eki_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 04:31:51 GMT
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
last-modified: Sun, 09 Oct 2022 04:47:44 GMT
server: Apache
upgrade-insecure-requests: 1
x-frame-options: SAMEORIGIN
x-dns-prefetch-control: off
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
access-control-allow-origin: (null)
content-type: image/png
accept-ranges: bytes
content-length: 166
x-xss-protection: 1; mode=block

GET
H2 200 icon_linkblank-1.png
ewoi42jtd.icu/eki_ap/images/ 166 B
204 B 385ms
385ms Image
image/png 192.3.235.67
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ewoi42jtd.icu/eki_ap/images/icon_linkblank-1.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.3.235.67 Dallas, United States, ASN36352 (AS-COLOCROSSING, US),

Reverse DNS

192-3-235-67-host.colocrossing.com

Software

Apache /

Resource Hash

e918e110b6e7e8c5ada678baab1d10bcf4f24d149943804b0b31363ccd976b7a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ewoi42jtd.icu/eki_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 04:31:51 GMT
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
last-modified: Sun, 09 Oct 2022 04:47:44 GMT
server: Apache
upgrade-insecure-requests: 1
x-frame-options: SAMEORIGIN
x-dns-prefetch-control: off
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
access-control-allow-origin: (null)
content-type: image/png
accept-ranges: bytes
content-length: 166
x-xss-protection: 1; mode=block

GET
H2 200 notosanscjkjp-regular_subset.woff
ewoi42jtd.icu/eki_ap/fonts/ 1 MB
1 MB 134ms
133ms Font
font/woff 192.3.235.67
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL

https://ewoi42jtd.icu/eki_ap/fonts/notosanscjkjp-regular_subset.woff

Requested by

Host: ewoi42jtd.icu
URL: https://ewoi42jtd.icu/eki_ap/css/load_font.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.3.235.67 Dallas, United States, ASN36352 (AS-COLOCROSSING, US),

Reverse DNS

192-3-235-67-host.colocrossing.com

Software

Apache /

Resource Hash

434379a92cc3af5ca03ccb2bfaadc7f2b8224b1b49f310ec5f4d27ca36777520

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ewoi42jtd.icu/eki_ap/css/load_font.css
Origin: https://ewoi42jtd.icu
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 04:31:52 GMT
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
last-modified: Sun, 09 Oct 2022 04:47:44 GMT
server: Apache
content-encoding: gzip
upgrade-insecure-requests: 1
x-frame-options: SAMEORIGIN
x-dns-prefetch-control: off
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
access-control-allow-origin: (null)
content-type: font/woff
vary: Accept-Encoding
accept-ranges: bytes
x-xss-protection: 1; mode=block

GET
H2 200 notosanscjkjp-bold_subset.woff
ewoi42jtd.icu/eki_ap/fonts/ 548 B
238 B 130ms
129ms Font
font/woff 192.3.235.67
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL

https://ewoi42jtd.icu/eki_ap/fonts/notosanscjkjp-bold_subset.woff

Requested by

Host: ewoi42jtd.icu
URL: https://ewoi42jtd.icu/eki_ap/css/load_font.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.3.235.67 Dallas, United States, ASN36352 (AS-COLOCROSSING, US),

Reverse DNS

192-3-235-67-host.colocrossing.com

Software

Apache /

Resource Hash

d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ewoi42jtd.icu/eki_ap/css/load_font.css
Origin: https://ewoi42jtd.icu
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 04:31:52 GMT
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
content-encoding: gzip
x-dns-prefetch-control: off
content-length: 167
x-xss-protection: 1; mode=block
last-modified: Sun, 09 Oct 2022 04:47:44 GMT
server: Apache
upgrade-insecure-requests: 1
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
content-type: font/woff
access-control-allow-origin: (null)
vary: Accept-Encoding
accept-ranges: bytes

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: JR East (Transportation)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
ewoi42jtd.icu/	1969-12-31 23:59:59	Name: PHPSESSID Value: b2oo7s6le8a73hetrkajv0n4ls
.ewoi42jtd.icu/	1970-01-20 06:50:41	Name: 62345ba76168db0033ce8ae6a90ce5a762956614 Value: nwcMGFHjQc7nDOZDxhWlbg%3D%3D
.ewoi42jtd.icu/	1970-01-20 06:50:41	Name: ak_bmsc Value: cITYO2ZymZbhFZJC%2Fe%2FgJVBxwdcN0zbWCZKlPr%2FscYcfuVXlgILRKWurO2hqjoQwznmqayo%2Bjn8%2Bq3rRJjr8iO6fJ1ELsuMBi3UnvvtKWZ0kaFK5u1vMwHUUt2SnnpojN9b1fZ4qJqwDgwchvqyH9l6edTEXGzYNPt4Ipe2AyD799BnEyUtamSEdmtmkNGJgCZqOgiQmQNndbSzi4lZcFVU2CpqoaBE1HQ5wp6KA3ighs5hSzCkaI8IgiAintdrqyA2Gj6NLCGe4NCXLMiHH3SzmOzA8ZHBLVtCwuxGr44FgoenPLzRZdIwtEd4BiH8mZH2W8jKwlSy9fXwYOm7xvolSrCIJIWW26NVnUP%2BeOZdBvoL%2FBoOR3YqpCR5%2FuTzWIxY6hSjk029UManHrWRTaGC84EY7uyvtfBU9D4jGv3vLmPYMw7E6AlVIYPt8ABDJuVkSfp2%2FrtmxftrH6vG60JopkMWblXOSj1aUx7ALR6EN1A8WKa0p5Ior4%2FIlFBvDuHWrSAEQNSQNEhtg9D9ZsfZ4n8Co7Krh6lzbZ1VjbR5Axpot635%2FxWsS9%2BWjkacug44L3ryIcaxklaqkhpAeWA%3D%3D
.ewoi42jtd.icu/	1970-01-20 06:50:41	Name: _amkc Value: 9dd130c8-a96f-4b39-9985-bd11c4f4e54a

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://ewoi42jtd.icu/eki_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1 Message: Failed to decode downloaded font: https://ewoi42jtd.icu/eki_ap/fonts/notosanscjkjp-bold_subset.woff
other	warning	URL: https://ewoi42jtd.icu/eki_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1 Message: OTS parsing error: invalid sfntVersion: 1013478509

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ewoi42jtd.icu
192.3.235.67
3f7c549cfacde11c4129c09b1908d106126d823682cc758f70fc046638d7746b
434379a92cc3af5ca03ccb2bfaadc7f2b8224b1b49f310ec5f4d27ca36777520
6b6805e990d1063ebbf30e49162bf04f8ec247ffa96e1872e4b0d8d3f7e3a02f
8d098739c0c6294a76301fc09bfd53b8f3501a92f6328a1a4995409981532063
8e4d01ee0450f9f5e21ea7178dd0aad676fcebf6808a1a550fddc686fba02542
a6ce435360363a9fbcc5c474c0c0408296acafac775487325215cd3ff5495d09
ae9da3c9a568a7b3602dc54e10c324166db3abe1d3a6892770d6ce6a7cc8c1c6
ba4924716ed0580ae30f974eebb97421a2c10c1e2cf61e8ad60fcd39d8fbca30
bdd84e5ef5aa059a934dc05de1d463e3d1d875727859f301a940426c16e805d8
c3c06cab11490cda8fa71c1fb7b633367a8065180a6fab532500f647bf248e29
c6c23411a9fa7eb2bc546e6269c8243b2efc179dbe9dcedafc141d03057375ec
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
d4d96a513c50320d375f5cb8c1c4f52d6ba868b6ffafec5f451deb8dc9ef05f4
e918e110b6e7e8c5ada678baab1d10bcf4f24d149943804b0b31363ccd976b7a
f32ac72b33743b0a8fcf63463ab1859bc72d25ebe3c02e8249c10420b8ed2a06

ewoi42jtd.icu Open in urlscan Pro 192.3.235.67 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

1266 kBTransfer

1607 kBSize

4 Cookies

25 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

4 Cookies

2 Console Messages

Security Headers

Indicators

ewoi42jtd.icu Open in urlscan Pro
192.3.235.67 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1266 kB
Transfer

1607 kB
Size

4
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!