secure-sakura-ad.jp.tonghongad.com
Open in
urlscan Pro
155.94.201.5
Malicious Activity!
Public Scan
URL:
https://secure-sakura-ad.jp.tonghongad.com/login.php
Submission: On March 17 via automatic, source phishtank — Scanned from JP
Submission: On March 17 via automatic, source phishtank — Scanned from JP
Summary
This website contacted 3 IPs
in 2 countries
across 2 domains to perform 17 HTTP transactions.
The main IP is 155.94.201.5, located in
Los Angeles, United States and
belongs to ASN-QUADRANET-GLOBAL, US.
The main domain is secure-sakura-ad.jp.tonghongad.com.
TLS certificate: Issued by R3 on March 12th 2023. Valid for: 3 months.
This is the only time secure-sakura-ad.jp.tonghongad.com was scanned on urlscan.io!
TLS certificate: Issued by R3 on March 12th 2023. Valid for: 3 months.
This is the only time secure-sakura-ad.jp.tonghongad.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: SAKURA Internet (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 15 | 155.94.201.5 155.94.201.5 | 8100 (ASN-QUADR...) (ASN-QUADRANET-GLOBAL) | |
| 1 | 103.143.19.103 103.143.19.103 | 134760 (CHINANET-...) (CHINANET-HEBEI-SHIJIAZHUANG-IDC Shijiazhuang IDC network) | |
| 1 | 183.240.166.132 183.240.166.132 | 56040 (CMNET-GUA...) (CMNET-GUANGDONG-AP China Mobile communications corporation) | |
| 17 | 3 |
15
155.94.201.5
(Los Angeles, United States)
ASN8100 (ASN-QUADRANET-GLOBAL, US)
PTR: unassigned.quadranet.com
ASN8100 (ASN-QUADRANET-GLOBAL, US)
PTR: unassigned.quadranet.com
| secure-sakura-ad.jp.tonghongad.com |
1
103.143.19.103
(China)
ASN134760 (CHINANET-HEBEI-SHIJIAZHUANG-IDC Shijiazhuang IDC network, CHINANET Hebei province, CN)
ASN134760 (CHINANET-HEBEI-SHIJIAZHUANG-IDC Shijiazhuang IDC network, CHINANET Hebei province, CN)
| js.users.51.la |
1
183.240.166.132
(China)
ASN56040 (CMNET-GUANGDONG-AP China Mobile communications corporation, CN)
ASN56040 (CMNET-GUANGDONG-AP China Mobile communications corporation, CN)
| ia.51.la |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 15 |
tonghongad.com
secure-sakura-ad.jp.tonghongad.com |
45 KB |
| 2 |
51.la
js.users.51.la — Cisco Umbrella Rank: 78773 ia.51.la — Cisco Umbrella Rank: 67140 |
3 KB |
| 17 | 2 |
| Domain | Requested by | |
|---|---|---|
| 15 | secure-sakura-ad.jp.tonghongad.com |
secure-sakura-ad.jp.tonghongad.com
|
| 1 | ia.51.la |
secure-sakura-ad.jp.tonghongad.com
|
| 1 | js.users.51.la |
secure-sakura-ad.jp.tonghongad.com
|
| 17 | 3 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| secure.sakura.ad.jp |
| www.sakura.ad.jp |
| help.sakura.ad.jp |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| secure-sakura-ad.jp.tonghongad.com R3 |
2023-03-12 - 2023-06-10 |
3 months | crt.sh |
| *.users.51.la GlobalSign GCC R3 DV TLS CA 2020 |
2022-03-29 - 2023-04-30 |
a year | crt.sh |
| *.51.la GlobalSign GCC R3 DV TLS CA 2020 |
2022-04-19 - 2023-05-21 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://secure-sakura-ad.jp.tonghongad.com/login.php
Frame ID: 0B4181A948244185B9A231BC141D951E
Requests: 17 HTTP requests in this frame
Screenshot
Page Title
会員メニュー|さくらインターネットDetected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
Flat UI
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]+flat-ui(?:\.min)?\.css
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
URL: https://secure.sakura.ad.jp/member/searches
Title: 会員IDをお忘れの方
Title: 会員IDをお忘れの方
Search URL Search Domain Scan URL
URL: https://secure.sakura.ad.jp/member/password/resets/acceptance
Title: パスワード発行・再発行
Title: パスワード発行・再発行
Search URL Search Domain Scan URL
URL: https://secure.sakura.ad.jp/signup3/member-register/input.html
Title: 新規会員登録
Title: 新規会員登録
Search URL Search Domain Scan URL
URL: https://www.sakura.ad.jp/corporate/corp/
Title: 企業情報
Title: 企業情報
Search URL Search Domain Scan URL
URL: https://help.sakura.ad.jp/115000161182/
Title: ご不明点・お問合せ先
Title: ご不明点・お問合せ先
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
login.php
secure-sakura-ad.jp.tonghongad.com/ |
8 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
flat-ui.min.css
secure-sakura-ad.jp.tonghongad.com/css/ |
128 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
validationEngine.jquery.css
secure-sakura-ad.jp.tonghongad.com/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
common.css
secure-sakura-ad.jp.tonghongad.com/css/ |
12 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
short.css
secure-sakura-ad.jp.tonghongad.com/css/ |
9 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
header.css
secure-sakura-ad.jp.tonghongad.com/css/ |
2 KB 818 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
footer.css
secure-sakura-ad.jp.tonghongad.com/css/ |
808 B 1012 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
modal.css
secure-sakura-ad.jp.tonghongad.com/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
loding.css
secure-sakura-ad.jp.tonghongad.com/css/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
loginCommon.css
secure-sakura-ad.jp.tonghongad.com/css/ |
8 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
loginFirstStep.css
secure-sakura-ad.jp.tonghongad.com/css/ |
1 KB 786 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-1.3.1.min.js
secure-sakura-ad.jp.tonghongad.com/public/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
21567507.js
js.users.51.la/ |
5 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.validationEngine.js
secure-sakura-ad.jp.tonghongad.com/public/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
osu-logo.png
secure-sakura-ad.jp.tonghongad.com/img/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
go1
ia.51.la/ |
0 73 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-1.3.1.min.js
secure-sakura-ad.jp.tonghongad.com/public/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: SAKURA Internet (Online)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| secure-sakura-ad.jp.tonghongad.com/ | Name: PHPSESSID Value: 4vg85la1dori6119cq4qdq08k0 |
|
| secure-sakura-ad.jp.tonghongad.com/ | Name: __tins__21567507 Value: %7B%22sid%22%3A%201679043157751%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679044957751%7D |
|
| secure-sakura-ad.jp.tonghongad.com/ | Name: __51cke__ Value: |
|
| secure-sakura-ad.jp.tonghongad.com/ | Name: __51laig__ Value: 1 |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Strict-Transport-Security | max-age=31536000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ia.51.la
js.users.51.la
secure-sakura-ad.jp.tonghongad.com
103.143.19.103
155.94.201.5
183.240.166.132
19125f7d4bdc5277e66f92fe4e979618d4fd9f36749a199f3eb0b5b01d037093
1a4f7dc4200fe81a8d92276247c77e27b4ff91f286f6d887c2abf0ee94d38d04
236ef773ada586788328670c1350733ced6c50310e488e207b9ec575bc3c5a2b
27af383d38d8ba328c441bd653e7d5f1c0430737dda4c2c3193108f1cc9a0c19
2846c5272911208c5a6c1870cf26446ee45e51ccb7a0c62970bf5747afa04019
36cd065bfb7d5b67f4bd3f1ce0a0e125ad6790078b01734c44679ad7b6b60157
456f4d127f4cc0cb1c9df398f7cf5e0f481098c644f00d9e4b459531f68174b4
5571b125c687ff533cdca43764d03cc5f22ceea1be76ea5ad8f374361a006138
8dae0d4fa4a8e24c4ce334eaa7662e01f4579a155a4e933bd137acff10f52c36
a4c9701e2a239493beb245ab925e22ddc533e6c6f92cd60f26e6b7e55d0d66dc
a8d54db3ab6d41a2c55ac2a9adca8e02d955d480f84d3eb92367840ec24c95ef
ba45b967503ceb6af8922e6d809f1345e1fb3c1d213d6fb06b7abe7f5cf9497b
d1293448cfd6ca56dc36546c9065dc1b05d2b3e197c5ef8d0e9debcdd14fcda6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855