ast01.marina.ne.jp
Open in
urlscan Pro
153.122.38.55
Malicious Activity!
Public Scan
Effective URL: http://ast01.marina.ne.jp/tmp/index/net/login.php?bxjer39a0ct7ld8165n9
Submission: On February 17 via automatic, source openphish
Summary
This is the only time ast01.marina.ne.jp was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 153.122.38.55 153.122.38.55 | 131921 (GMOCL GMO...) (GMOCL GMO CLOUD K.K.) | |
1 | 2a00:1450:400... 2a00:1450:4001:820::2004 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:815::2003 | 15169 (GOOGLE) (GOOGLE) | |
11 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
marina.ne.jp
ast01.marina.ne.jp |
212 KB |
1 |
gstatic.com
www.gstatic.com |
93 KB |
1 |
google.com
www.google.com |
613 B |
11 | 3 |
Domain | Requested by | |
---|---|---|
9 | ast01.marina.ne.jp |
ast01.marina.ne.jp
|
1 | www.gstatic.com |
www.google.com
|
1 | www.google.com |
ast01.marina.ne.jp
|
11 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.google.com GTS CA 1O1 |
2020-01-29 - 2020-04-22 |
3 months | crt.sh |
*.google.com GTS CA 1O1 |
2020-01-29 - 2020-04-22 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://ast01.marina.ne.jp/tmp/index/net/login.php?bxjer39a0ct7ld8165n9
Frame ID: 07D9FD54F0D9CC941B58AE1AD0BA3835
Requests: 11 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://ast01.marina.ne.jp/tmp/index/net/login.php?q6laiebfg5eu5agd1h6f Page URL
- http://ast01.marina.ne.jp/tmp/index/net/index.php Page URL
- http://ast01.marina.ne.jp/tmp/index/net/login.php?bxjer39a0ct7ld8165n9 Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://ast01.marina.ne.jp/tmp/index/net/login.php?q6laiebfg5eu5agd1h6f Page URL
- http://ast01.marina.ne.jp/tmp/index/net/index.php Page URL
- http://ast01.marina.ne.jp/tmp/index/net/login.php?bxjer39a0ct7ld8165n9 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
login.php
ast01.marina.ne.jp/tmp/index/net/ |
159 B 554 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.php
ast01.marina.ne.jp/tmp/index/net/ |
180 B 516 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
login.php
ast01.marina.ne.jp/tmp/index/net/ |
15 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
functions.js
ast01.marina.ne.jp/tmp/index/net/crypt/ |
20 KB 20 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
colorone.css
ast01.marina.ne.jp/tmp/index/net/style/ |
17 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
validator.js
ast01.marina.ne.jp/tmp/index/net/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
www.google.com/recaptcha/ |
733 B 613 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fb.png
ast01.marina.ne.jp/tmp/index/net/img/icon/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
background.jpg
ast01.marina.ne.jp/tmp/index/net/img/ |
84 KB 84 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nf-icon-v1-93.woff
ast01.marina.ne.jp/tmp/index/net/fonts/ |
72 KB 72 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha__en.js
www.gstatic.com/recaptcha/releases/JZfekeK8w6ZlhLfH_ZyseSLX/ |
259 KB 93 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| Aes object| Base64 object| Utf8 string| he12p string| gea string| output string| ctrTxt function| validateRecaptcha function| verifyCallback undefined| widgetId1 undefined| widgetId2 function| onloadCallback object| ___grecaptcha_cfg object| grecaptcha boolean| __google_recaptcha_client object| recaptcha0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ast01.marina.ne.jp
www.google.com
www.gstatic.com
153.122.38.55
2a00:1450:4001:815::2003
2a00:1450:4001:820::2004
3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece
48abcf2acffbf2a302ed72ec7f24576109003d5e0830e95b87eef24caefd4bc5
4d6977b656747915c078f520c4a0f47203c2e9a46e533d692b52e9b724b41ebb
6ef60fa441724f5c4831e1cd936e20c48b4fb570dd039b65ddc1de3799af00ca
728a90fba7f33ae2dd10ed158b90a97dd5b1e07441162a9f0e5a058610577547
8ec76b72305a81ca44a61b43f98ee7c02cb3e419cfa01e2e2d5c05b2f21a1843
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d
baafd74a4cb4dc594b614eeb45c7267bb1af729d9271752460348ece16532d04
be61d0c20e0a922537661908d8d0ccb2177d3d70da420601d20b4477621aca62
c32303ef7ad0a14c7c2b4f4af7211c93ab5b1f17b7804027861c1829e727e1ad