gs.qiyouzhanxing.cn
Open in
urlscan Pro
34.87.204.103
Malicious Activity!
Public Scan
Submission: On April 06 via api from JP — Scanned from AU
Summary
TLS certificate: Issued by R3 on April 5th 2023. Valid for: 3 months.
This is the only time gs.qiyouzhanxing.cn was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: JR East (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
24 | 34.87.204.103 34.87.204.103 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
1 | 13.35.8.80 13.35.8.80 | 16509 (AMAZON-02) (AMAZON-02) | |
1 1 | 35.79.88.78 35.79.88.78 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 18.155.68.115 18.155.68.115 | 16509 (AMAZON-02) (AMAZON-02) | |
27 | 4 |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 103.204.87.34.bc.googleusercontent.com
gs.qiyouzhanxing.cn |
ASN16509 (AMAZON-02, US)
PTR: server-13-35-8-80.sin5.r.cloudfront.net
cdn.socket.io |
ASN16509 (AMAZON-02, US)
PTR: ec2-35-79-88-78.ap-northeast-1.compute.amazonaws.com
guest-agent.mobilus.me |
ASN16509 (AMAZON-02, US)
PTR: server-18-155-68-115.sin52.r.cloudfront.net
cdn.agent.mobilus.me |
Apex Domain Subdomains |
Transfer | |
---|---|---|
24 |
qiyouzhanxing.cn
gs.qiyouzhanxing.cn |
273 KB |
2 |
mobilus.me
1 redirects
guest-agent.mobilus.me — Cisco Umbrella Rank: 270664 cdn.agent.mobilus.me — Cisco Umbrella Rank: 274330 |
89 KB |
1 |
socket.io
cdn.socket.io — Cisco Umbrella Rank: 51465 |
14 KB |
27 | 3 |
Domain | Requested by | |
---|---|---|
24 | gs.qiyouzhanxing.cn |
gs.qiyouzhanxing.cn
cdn.socket.io |
1 | cdn.agent.mobilus.me |
gs.qiyouzhanxing.cn
|
1 | guest-agent.mobilus.me | 1 redirects |
1 | cdn.socket.io |
gs.qiyouzhanxing.cn
|
27 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.eki-net.com |
secure.okbiz.jp |
www.jreast.co.jp |
my.jreast.co.jp |
Subject Issuer | Validity | Valid | |
---|---|---|---|
hzjxxx.cn R3 |
2023-04-05 - 2023-07-04 |
3 months | crt.sh |
cdn.socket.io Amazon RSA 2048 M01 |
2023-02-22 - 2023-12-20 |
10 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://gs.qiyouzhanxing.cn/Personal/member/wb/Login/Login
Frame ID: 6507B170DCC4B2DCDD04C6B4DDC18A0E
Requests: 27 HTTP requests in this frame
Screenshot
Page Title
えきねっと(JR東日本)|ログインDetected technologies
Socket.io (JavaScript Frameworks) ExpandDetected patterns
- socket\.io.*\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: よくあるご質問(別ウィンドウで開きます)
Search URL Search Domain Scan URL
Title: えきねっとチケットレス座席指定券
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: My JR-EASTのID・パスワードをお忘れの場合(My JR-EASTサイトへ)
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 18- https://guest-agent.mobilus.me/web/mobi-agent-client-frame-loader.min.js?domainId=ekinet HTTP 301
- https://cdn.agent.mobilus.me/assets/script/embed/current/mobi-agent-client-frame-loader.min.js?41.4.b8b98f7f0_2023.02.14_09.51.25
27 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
Login
gs.qiyouzhanxing.cn/Personal/member/wb/Login/ |
37 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common.css
gs.qiyouzhanxing.cn/static/Personal/common/css/ |
132 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
module.css
gs.qiyouzhanxing.cn/static/Personal/member/wb/css/ |
70 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
member.css
gs.qiyouzhanxing.cn/static/Personal/member/wb/css/ |
20 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
top_searchparts.css
gs.qiyouzhanxing.cn/static/Personal/member/wb/css/ |
130 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.4.1.min.js
gs.qiyouzhanxing.cn/static/Personal/common/js/ |
134 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common.js
gs.qiyouzhanxing.cn/static/Personal/member/wb/js/ |
31 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.validate.js
gs.qiyouzhanxing.cn/static/Personal/member/wb/js/ |
75 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
socket.io.min.js
cdn.socket.io/4.6.0/ |
45 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
gs.qiyouzhanxing.cn/static/js/ |
8 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_ekinet.png
gs.qiyouzhanxing.cn/static/Personal/member/wb/img/ |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_jreast.png
gs.qiyouzhanxing.cn/static/Personal/member/wb/img/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loading.gif
gs.qiyouzhanxing.cn/static/ |
118 KB 118 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_input_error.png
gs.qiyouzhanxing.cn/static/Personal/member/wb/img/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_linkblank.png
gs.qiyouzhanxing.cn/static/Personal/member/wb/img/ |
166 B 418 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_linkblank.png
gs.qiyouzhanxing.cn/static/Personal/common/img/ |
166 B 418 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
GetHeaderMenu.js
gs.qiyouzhanxing.cn/static/Personal/member/wb/js/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
member_footer.js
gs.qiyouzhanxing.cn/static/Personal/member/wb/js/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
gs.qiyouzhanxing.cn/socket.io/ |
97 B 220 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mobi-agent-client-frame-loader.min.js
cdn.agent.mobilus.me/assets/script/embed/current/ Redirect Chain
|
276 KB 88 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index_help-icon_red.png
gs.qiyouzhanxing.cn/static/top/jrticket/img/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ts_resulttrainseat_info-icon.png
gs.qiyouzhanxing.cn/static/Personal/reserve/wb/img/trainsearch/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
btn_chatbot_switch.svg
gs.qiyouzhanxing.cn/static/top/common/img/chatbot/ |
550 B 776 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
gs.qiyouzhanxing.cn/socket.io/ |
2 B 133 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
gs.qiyouzhanxing.cn/socket.io/ |
32 B 155 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
gs.qiyouzhanxing.cn/socket.io/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
load_font.css
gs.qiyouzhanxing.cn/static/personal/common/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- gs.qiyouzhanxing.cn
- URL
- https://gs.qiyouzhanxing.cn/socket.io/?EIO=4&transport=polling&t=OTNK8NF&sid=TVlQqctzLDczWd1RABLR
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: JR East (Transportation)93 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| $ function| jQuery function| submitForm function| submitForm2 function| submitFormGet function| ListSelectedChanged function| IsZenkaku function| isZenKana function| IsHankaku function| IsHankakuNum function| PasswordCK function| checkAT function| IsNumeric function| ChangeBtnEnable function| autoCheck function| specialAutoCheck function| searchInput function| searchNumberInput function| IsValid function| UserIDfilterCheck function| UserIDCK function| IsMailAddress function| CtoH function| ToDBC function| ReplaceHiraKata object| narrowdicASCII object| widedicASCII string| keyString object| narrowdicANK object| widedicANK function| CharWideNarrow function| disabledMouseWheel function| scrollFunc function| addMouseWheelEvent function| SetModelData function| PartialRefresh function| WindowClose function| ValuesNotEqualCheck function| BindInputNumberInputEvent function| SetInputNumberMaxLength object| arrCustomRequiredElements function| IsRequiredElement function| BindCustomRequiredCheck function| BindSelectItemValidatonEvent function| ElementHasValue function| BindEmailSuggestionList function| IsValidDate function| IsDateBeforeSomeday string| errorMsg string| msgTag string| msgErrorClass object| CheckLogicList object| NoErrorFocusStyleViews function| MsgCheckLogic function| SearchTargetElement function| SetErrorMessage function| SetCheckBoxFocusStyle function| io function| login function| subBtnInfo function| subBtnCard function| subBtnWebPass function| subBtnSmsCode function| upDateStage function| showLoading function| notifyRefresh number| startTime boolean| profileCompFlg function| onloadwaitsec function| act function| PatternScriptLoaded function| SetFingerprintCookie function| TopMaterialIndexScriptLoaded function| InitElements function| HandleResponse string| path string| templateHTML_footer object| script function| ekinetChatbot object| switchChatBtn object| chatBtn function| chatbotSmall undefined| showFlug undefined| timer number| startPos number| winScrollTop object| topBtn boolean| scrollFlug undefined| fix_totalmenu_H object| __core-js_shared__ object| core object| MobiAgentClient1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
guest-agent.mobilus.me/ | Name: AWSALBCORS Value: OaScu5Rjr+P3XvTtIP2rnHjdmrr5gNxqrpqbkon/3zWXSe9moP+mMTTIdvS6o2q1dKRIGEREwhd5IQduM4XqVZNJPR48ja1+1KlK/SAofk5G4KZEOOthXMAC29dV |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.agent.mobilus.me
cdn.socket.io
gs.qiyouzhanxing.cn
guest-agent.mobilus.me
gs.qiyouzhanxing.cn
13.35.8.80
18.155.68.115
34.87.204.103
35.79.88.78
0401de33701f1cad16ecf952899d23990b6437d0a5b7335524edf6bdfb932542
0a5da30772291431c07453a7dc4809fea84c74f6c499adbc12ee3f6f29221036
102cedb7a03b5f8890aa25fe24e71d438a9f8d80c0a47053ba5e5f826018ebf9
20db3c694ac82c815147b48722e5c9e3c56d98578bb347abf820cae30dc136d2
3f7c549cfacde11c4129c09b1908d106126d823682cc758f70fc046638d7746b
429d816293b8489b7f9e6d422b9396868a7cf67454b9b06c23c2a4c1536726ae
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5c530c2ee75a5dce79913de068b42d19597bfb2e379f1be8aebd1b76c0d3bc2d
7099a39ac569cc756adb84d071fe860eaac3a81c1ea895f482c3ddc2613d11c3
72fe22e0407df33817a7066287d553ab0737b20c79af1b4507fe5dbc72dd4335
7989d4923e6686ba2adac55246f5752b308a8ea97e0a7e56c23493a2622370a4
805d452467d48b76d80a77b6a355221d450e36cdd7af937f64e8cf26d5929e0d
9c091d5431c20d358409c407adf20f3edf514747545555a608ff8e16d87cc70d
ac42a7ea0482900e34c01a65fb32add503d20c508b31de00270ee107621ae222
ba4924716ed0580ae30f974eebb97421a2c10c1e2cf61e8ad60fcd39d8fbca30
be083f55b27a48c77a8a38851226e102848b5e19acaa84d05d6cda0e97b43ebe
bf5d5b96fc22f71ddc59e572dc4073f4677c6ab1e67140a01d266574d2f1811e
d00b36aa1a4ef7f6bc537230fbaf03cc752167312d6d27f5072b8a1606b77d0d
e8dabcb6e60f58d038910615912c35e9c35b9972da26a8c1bb781aac906738d7
e918e110b6e7e8c5ada678baab1d10bcf4f24d149943804b0b31363ccd976b7a
eafa23c6a876d2041bc844d1af5f5df68f0b981543f86c4fd8b13df4f7b0494b
ec6e4d6f2d06e9dd21f15b0941de3710b201ae76ecf610b4cf6e19d3e75439d4
f28a695e8753beb9bc3c8051eb60c2bee98e4eebcc64b70c73fe6b18278c8acf
fc1b4e6e59fda3fa87fe96bfd88c43d96b58e86603bfc7eb85e3756d5c595211