jp-aeon-login6.duckdns.org Open in urlscan Pro
155.94.128.177 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://rb.gy/pxyq48
Effective URL:
https://jp-aeon-login6.duckdns.org/
Submission: On November 20 via manual (November 20th 2023, 6:28:03 am UTC) from JP — Scanned from JP

Summary HTTP 43 Redirects Links 23 Behaviour Indicators

Summary

This website contacted 7 IPs in 4 countries across 9 domains to perform 43 HTTP transactions. The main IP is 155.94.128.177, located in Los Angeles, United States and belongs to ASN-QUADRANET-GLOBAL, US. The main domain is jp-aeon-login6.duckdns.org.
TLS certificate: Issued by R3 on November 18th 2023. Valid for: 3 months.

This is the only time jp-aeon-login6.duckdns.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: AEON Group (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1 1	107.23.27.175 107.23.27.175	14618 (AMAZON-AES) (AMAZON-AES)
2	107.148.8.88 107.148.8.88	398478 (PEG-HK) (PEG-HK)
1	58.218.215.159 58.218.215.159	4134 (CHINANET-...) (CHINANET-BACKBONE No.31)
1 2	2404:6800:400... 2404:6800:4004:828::200e	15169 (GOOGLE) (GOOGLE)
1	2404:6800:400... 2404:6800:4004:827::2001	15169 (GOOGLE) (GOOGLE)
3	2404:6800:400... 2404:6800:4004:81e::2003	15169 (GOOGLE) (GOOGLE)
34	155.94.128.177 155.94.128.177	8100 (ASN-QUADR...) (ASN-QUADRANET-GLOBAL)
1	2606:4700:303... 2606:4700:3032::ac43:ccfe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
43	7

1 107.23.27.175 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-23-27-175.compute-1.amazonaws.com

rb.gy	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 107.148.8.88 (Hong Kong, Hong Kong)

ASN398478 (PEG-HK, US)

z6b.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.putijianiang.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 58.218.215.159 (China)

ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN)

static.cncells.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2404:6800:4004:828::200e (Australia) 1 redirects

ASN15169 (GOOGLE, US)

translate.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4004:827::2001 (Australia)

ASN15169 (GOOGLE, US)

www-jp--aeon--login-workers-dev.translate.goog	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2404:6800:4004:81e::2003 (Australia)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

34 155.94.128.177 (Los Angeles, United States)

ASN8100 (ASN-QUADRANET-GLOBAL, US)
PTR: unassigned.quadranet.com

jp-aeon-login6.duckdns.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3032::ac43:ccfe (United States)

ASN13335 (CLOUDFLARENET, US)

fh_sy.gc-001.website	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
34	duckdns.org jp-aeon-login6.duckdns.org	546 KB
3	gstatic.com www.gstatic.com	52 KB
2	google.com 1 redirects translate.google.com — Cisco Umbrella Rank: 1323	32 KB
1	gc-001.website fh_sy.gc-001.website	524 B
1	translate.goog www-jp--aeon--login-workers-dev.translate.goog	1005 B
1	cncells.net static.cncells.net	12 KB
1	putijianiang.cn api.putijianiang.cn	853 B
1	z6b.cn z6b.cn	1013 B
1	rb.gy 1 redirects rb.gy — Cisco Umbrella Rank: 122589	157 B
43	9

	Domain	Requested by
34	jp-aeon-login6.duckdns.org	www-jp--aeon--login-workers-dev.translate.goog jp-aeon-login6.duckdns.org
3	www.gstatic.com	www-jp--aeon--login-workers-dev.translate.goog
2	translate.google.com	1 redirects www-jp--aeon--login-workers-dev.translate.goog
1	fh_sy.gc-001.website	jp-aeon-login6.duckdns.org
1	www-jp--aeon--login-workers-dev.translate.goog	static.cncells.net
1	static.cncells.net	api.putijianiang.cn
1	api.putijianiang.cn
1	z6b.cn
1	rb.gy	1 redirects
43	9

This site contains links to these domains. Also see Links.

Domain
www.aeon.co.jp
faq.aeon.co.jp

Subject Issuer	Validity	Valid
*.googleusercontent.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
jp-aeon-login66.duckdns.org R3	`2023-11-18` - `2024-02-16`	3 months	crt.sh
gc-001.website GTS CA 1P5	`2023-10-20` - `2024-01-18`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://jp-aeon-login6.duckdns.org/
Frame ID: FE10F33BAF4C6C00FF90D716078189EA
Requests: 43 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ログイン | イオンカード　暮らしのマネーサイト

Page URL History Show full URLs

http://api.putijianiang.cn/to.php?U3VDdDFpRUtOc21nNG1VZStBWTBMbUF1dGVpUmsvb0xMTVducE5ybmx1T2o5dWxIeFU4c... Page URL
https://translate.google.com/translate?sl=auto&tl=ja&hl=ja&u=https://www.jp-aeon-login.workers.dev/&clien... HTTP 302
https://www-jp--aeon--login-workers-dev.translate.goog/?_x_tr_sl=auto&_x_tr_tl=ja&_x_tr_hl=ja&_x_tr_pto=wapp Page URL
https://jp-aeon-login6.duckdns.org/ Page URL

Detected technologies

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

Page Statistics

43
Requests

93 %
HTTPS

50 %
IPv6

9
Domains

9
Subdomains

7
IPs

4
Countries

644 kB
Transfer

2469 kB
Size

5
Cookies

23 Outgoing links

These are links going to different origins than the main page.

URL: https://www.aeon.co.jp/app/search_id_pw_reissue/
Title: ID・パスワードをお忘れの方

Search URL Search Domain Scan URL

URL: http://faq.aeon.co.jp/faq/show/2476?site_domain=default
Title: ログインできない方

Search URL Search Domain Scan URL

URL: https://www.aeon.co.jp/service/wallet/
Title: アプリで見る

Search URL Search Domain Scan URL

URL: https://www.aeon.co.jp/inquiry/chat/
Title: チャットで質問するログイン・新規登録についてのご質問があれば、オペレーターがお答えします

Search URL Search Domain Scan URL

URL: https://www.aeon.co.jp/information?type=important
Title: 一覧へ

Search URL Search Domain Scan URL

URL: https://www.aeon.co.jp/information/2020/01_otp/
Title: 2020年1月23日セキュリティ【重要】イオンウォレットのセキュリティ強化対応について

Search URL Search Domain Scan URL

URL: https://www.aeon.co.jp/docs/browser/
Title: 当サイトの推奨環境について

Search URL Search Domain Scan URL

URL: https://www.aeon.co.jp/docs/truste/

Search URL Search Domain Scan URL

URL: https://www.aeon.co.jp/
Title: ホーム

Search URL Search Domain Scan URL

URL: https://www.aeon.co.jp/card/
Title: カードを選ぶ

Search URL Search Domain Scan URL

URL: https://www.aeon.co.jp/flow/
Title: お申込みの流れ

Search URL Search Domain Scan URL

URL: https://www.aeon.co.jp/merit/
Title: イオンカードの魅力

Search URL Search Domain Scan URL

URL: https://www.aeon.co.jp/app/campaign/
Title: キャンペーン

Search URL Search Domain Scan URL

URL: https://www.aeon.co.jp/service/
Title: 機能・サービス

Search URL Search Domain Scan URL

URL: https://www.aeon.co.jp/point/
Title: ポイント

Search URL Search Domain Scan URL

URL: https://www.aeon.co.jp/security/
Title: セキュリティ

Search URL Search Domain Scan URL

URL: https://www.aeon.co.jp/special/
Title: 特集

Search URL Search Domain Scan URL

URL: https://www.aeon.co.jp/inquiry/
Title: お客さまサポート

Search URL Search Domain Scan URL

URL: https://www.aeon.co.jp/inquiry/lost/
Title: カード紛失・盗難について

Search URL Search Domain Scan URL

URL: https://www.aeon.co.jp/docs/ad/
Title: TVCM

Search URL Search Domain Scan URL

URL: https://www.aeon.co.jp/docs/tie_up/
Title: 提携サイト一覧

Search URL Search Domain Scan URL

URL: https://www.aeon.co.jp/terms/
Title: 規定集

Search URL Search Domain Scan URL

URL: https://www.aeon.co.jp/business/
Title: 加盟店向けサービス新規お申込み・WEB明細のご確認

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://api.putijianiang.cn/to.php?U3VDdDFpRUtOc21nNG1VZStBWTBMbUF1dGVpUmsvb0xMTVducE5ybmx1T2o5dWxIeFU4cU5OZzUzWkdhakdsMTJTUU80SElRREV6bXBmR3A5N0x3cjJ3UnJKZzJYYVdONFpuQnY0OG5qeUhiNHBGZ3JiVlFQRzJUKzlNZjNLMjNMK2FsWmYrVFB2RzlPcmhHQkcwZTNIdVZ4MXFMWEIvTXYxY2wrR3hBeEFac29oK1ZIR3M1ZDM0VUJvZ0hLeTJFalU1dnlIWENCVU1jT3podGxjUnc2Y2xNQW1GY2ovYUdsWERJMmE0aG8rNWltZlIzcGFXZkswN2FtK1puZDlyZm8rUkVXMDNCdUlBRDdBNmpQaWpuQVRZY1UralNtMWF4WjQvNTEwM2NKY1E9 Page URL
https://translate.google.com/translate?sl=auto&tl=ja&hl=ja&u=https://www.jp-aeon-login.workers.dev/&client=webapp HTTP 302
https://www-jp--aeon--login-workers-dev.translate.goog/?_x_tr_sl=auto&_x_tr_tl=ja&_x_tr_hl=ja&_x_tr_pto=wapp Page URL
https://jp-aeon-login6.duckdns.org/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://rb.gy/pxyq48 HTTP 301
http://z6b.cn/M7Kvp

Request Chain 3

https://translate.google.com/translate?sl=auto&tl=ja&hl=ja&u=https://www.jp-aeon-login.workers.dev/&client=webapp HTTP 302
https://www-jp--aeon--login-workers-dev.translate.goog/?_x_tr_sl=auto&_x_tr_tl=ja&_x_tr_hl=ja&_x_tr_pto=wapp

43 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

M7Kvp Show response
z6b.cn/
Redirect Chain

https://rb.gy/pxyq48
http://z6b.cn/M7Kvp

0
1013 B

563ms
88ms

Document
text/html

107.148.8.88
PEG-HK

General

Domain/Path	Expires	Name / Value
z6b.cn/	1969-12-31 23:59:59	Name: PHPSESSID Value: pp2510lnse82shem099hfpbhsr
z6b.cn/	1970-01-20 16:21:03	Name: short_M7Kvp Value: 1
z6b.cn/	1970-01-20 16:21:36	Name: uv_M7Kvp Value: 1
.google.com/	1970-01-20 20:44:32	Name: NID Value: 511=jTTJVZOol3v7Av2OblJup9ag-Ct2Z3UCM6i60o--VPNSOQQXnm4FVNkRk88BoL0AGIqBYz08l6NexpIrkYbc7HeqP0NyDxcADmIdjZhSwmWLJmJhmSveGRVTr-lbG3E3I3fWvEAkYPNAsLz4NRuduvuKQYaqrGgHgLq4ZdyIvVo
jp-aeon-login6.duckdns.org/	1969-12-31 23:59:59	Name: PHPSESSID Value: c4sqpr4u4ci8unbb4ba2dkd46t

jp-aeon-login6.duckdns.org Open in urlscan Pro 155.94.128.177 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

43 Requests

93 %HTTPS

50 %IPv6

9 Domains

9 Subdomains

7 IPs

4 Countries

644 kBTransfer

2469 kBSize

5 Cookies

23 Outgoing links

Page URL History

Redirected requests

43 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

jp-aeon-login6.duckdns.org Open in urlscan Pro
155.94.128.177 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

43
Requests

93 %
HTTPS

50 %
IPv6

9
Domains

9
Subdomains

7
IPs

4
Countries

644 kB
Transfer

2469 kB
Size

5
Cookies

43 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!