r-l.top
Open in
urlscan Pro
185.222.202.156
Malicious Activity!
Public Scan
Effective URL: https://r-l.top/jp/
Submission: On November 19 via manual from JP
Summary
TLS certificate: Issued by TrustAsia TLS RSA CA on November 15th 2019. Valid for: a year.
This is the only time r-l.top was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Yamato Transport (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 21 | 185.222.202.156 185.222.202.156 | 204725 (UVL2-ASN ...) (UVL2-ASN -- PL --) | |
1 | 220.242.182.12 220.242.182.12 | 54994 (QUANTILNE...) (QUANTILNETWORKS - QUANTIL NETWORKS INC) | |
22 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
21 |
r-l.top
1 redirects
r-l.top |
765 KB |
1 |
51.la
js.users.51.la ia.51.la Failed |
3 KB |
22 | 2 |
Domain | Requested by | |
---|---|---|
21 | r-l.top |
1 redirects
r-l.top
|
1 | js.users.51.la |
r-l.top
|
0 | ia.51.la Failed |
r-l.top
|
22 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.kuronekoyamato.co.jp |
Subject Issuer | Validity | Valid | |
---|---|---|---|
r-l.top TrustAsia TLS RSA CA |
2019-11-15 - 2020-11-14 |
a year | crt.sh |
*.users.51.la GlobalSign Domain Validation CA - SHA256 - G2 |
2018-01-15 - 2021-03-19 |
3 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://r-l.top/jp/
Frame ID: DCED86DEC13545E3569FC92054F8F174
Requests: 22 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://r-l.top/ Page URL
-
https://r-l.top/jp
HTTP 301
https://r-l.top/jp/ Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://r-l.top/ Page URL
-
https://r-l.top/jp
HTTP 301
https://r-l.top/jp/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
r-l.top/ |
427 B 544 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
20127435.js
js.users.51.la/ |
5 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
go1
ia.51.la/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
r-l.top/jp/ Redirect Chain
|
11 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
market.css
r-l.top/jp/assets/css/ |
81 B 251 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-2.0.3.min.js
r-l.top/jp/assets/js/ |
82 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login.js
r-l.top/jp/assets/js/ |
127 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
satelliteLib-a4445fd2af2e0c5b2734ffc8d58e4dcd9efa59a8.js
r-l.top/jp/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common.js
r-l.top/jp/common/js/shared/ |
16 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chk_submit.js
r-l.top/jp/common/js/shared/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nya24def.js
r-l.top/jp/common/js/shared/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img_site-logo_02.png
r-l.top/jp/assets/img/img/ |
9 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
base.css
r-l.top/jp/assets/css/ |
51 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
structure.css
r-l.top/jp/assets/css/ |
93 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
components-market.css
r-l.top/jp/assets/css/ |
283 KB 44 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
satelliteLib-a4445fd2af2e0c5b2734ffc8d58e4dcd9efa59a8.js
r-l.top/jp/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chk_submit.js
r-l.top/jp/common/js/shared/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nya24def.js
r-l.top/jp/common/js/shared/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
NotoSansCJKjp-Regular.woff
r-l.top/jp/assets/fonts/ |
546 KB 547 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
iconfont92d6.ttf
r-l.top/jp/assets/fonts/ |
3 KB 4 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg_hdg-level2-01_01.png
r-l.top/jp/assets/img/bg/ |
93 B 265 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_pagetop_01.png
r-l.top/jp/assets/img/icon/ |
67 KB 67 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- ia.51.la
- URL
- https://ia.51.la/go1?id=20127435&rt=1574132345482&rl=1600*1200&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1574132345482&tt=......&kw=&cu=https%253A%252F%252Fr-l.top%252F&pu=
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Yamato Transport (Transportation)34 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery function| UaObj function| modalWindow function| EventEmitter object| eventie function| imagesLoaded string| userAgent string| appVersion object| ua number| num boolean| heightFlag function| observe function| deleteObserve function| Btn object| _Btn function| dispH470 function| dispW1000 function| preload function| TextInput function| saveCookie function| loadCookie function| changeFont function| setCookieFont function| getCookieFont function| setFontInit boolean| opinionState function| clickOpinion object| adsearch_win function| openAdsearchDialog function| closeAdsearchDialog function| toVaild1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
r-l.top/ | Name: PHPSESSID Value: f2cmhfk11s3isj41qo5frub445 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ia.51.la
js.users.51.la
r-l.top
ia.51.la
185.222.202.156
220.242.182.12
5f0255c4bc532863aa1928f25e15a1564815711445f2060faba66efa584da6fc
64307cff91b7506e6e5e93cacf0da17a847127bf4790f4e82e06fa718647cff0
71156e3f4a9b95571713cf80c5a77b32b81347e3b68179edeaac62c027cf7357
86ede900489fe6b776dda8a56fa8b182c31c55b0548f45d4f28cd6ed462d903c
88a0116edae2d4d378844ba31a76f8bd8e9f84fff1463662baa1fa7b0b93a777
9edc5abc81de536194aa1986a03a219c5b581a050809f993987f99e1083f8511
aeeb87a20c1e3f2c0a67b6c8d6f1c61aced271b04b86435471249e463852524a
cd7fc61322d70224ff301fe914a3f2c07007a0ce11e54c12e56ca68e9e8854cb
db6ef7f4f15f8023b680553d20adb4be2f46fc9d99b0f50c91300c2893b51e84
dd5274a4867f8f2a8c52229894d0fe6493ffec45322977ffb5e07644c0ba6d65
e38336df41331087ef5f14fe290c4e735d9f64a40cbff4445e4b099c2bbc2c7a
eb0e00e917aaab148a4031aad2665ffb94defcf66513b483dc58aded3921907e
ebd3eec5854f25f0446c9e5f7a8adf11ade00f06183403d0c3fb0f38fb79003a
ec3675b1c19aab628da241dedb23e7408127ef19de900b2922a627e728424b9e
f3f0895f9742c76af7271d99872de0c22a1bc7a1a2a8d0aec80fa421a3d8c4da