![](/screenshots/df05a26b-f9f3-4315-80ae-7441969485cc.png)
www.custom-ts3.bpasdw.top
Open in
urlscan Pro
43.243.111.48
Malicious Activity!
Public Scan
Submission: On March 13 via api from JP — Scanned from JP
Summary
TLS certificate: Issued by R3 on March 13th 2023. Valid for: 3 months.
This is the only time www.custom-ts3.bpasdw.top was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: TS Cubic Card (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 43.243.111.48 43.243.111.48 | 64050 (BCPL-SG B...) (BCPL-SG BGPNET Global ASN) | |
1 | 104.26.9.249 104.26.9.249 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 172.67.75.38 172.67.75.38 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 142.250.196.110 142.250.196.110 | 15169 (GOOGLE) (GOOGLE) | |
1 | 47.99.113.64 47.99.113.64 | 37963 (ALIBABA-C...) (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.) | |
8 | 6 |
ASN15169 (GOOGLE, US)
PTR: nrt12s35-in-f14.1e100.net
m.youtube.com |
ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN)
cdn.dcloud.net.cn |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
bpasdw.top
www.custom-ts3.bpasdw.top |
203 KB |
2 |
ytlogs.ru
tl.ytlogs.ru — Cisco Umbrella Rank: 73405 |
819 B |
1 |
dcloud.net.cn
cdn.dcloud.net.cn — Cisco Umbrella Rank: 83268 |
579 B |
1 |
youtube.com
m.youtube.com — Cisco Umbrella Rank: 2298 |
3 KB |
1 |
global-cache.online
cdnmc.global-cache.online — Cisco Umbrella Rank: 70283 |
796 B |
8 | 5 |
Domain | Requested by | |
---|---|---|
3 | www.custom-ts3.bpasdw.top |
www.custom-ts3.bpasdw.top
|
2 | tl.ytlogs.ru |
www.custom-ts3.bpasdw.top
|
1 | cdn.dcloud.net.cn |
www.custom-ts3.bpasdw.top
|
1 | m.youtube.com |
www.custom-ts3.bpasdw.top
|
1 | cdnmc.global-cache.online |
www.custom-ts3.bpasdw.top
|
8 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
tscubic.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.custom-ts3.bpasdw.top R3 |
2023-03-13 - 2023-06-11 |
3 months | crt.sh |
*.global-cache.online E1 |
2023-01-26 - 2023-04-26 |
3 months | crt.sh |
*.ytlogs.ru GTS CA 1P5 |
2023-02-08 - 2023-05-09 |
3 months | crt.sh |
*.google.com GTS CA 1C3 |
2023-02-20 - 2023-05-15 |
3 months | crt.sh |
*.dcloud.net.cn Certum Domain Validation CA SHA2 |
2022-07-21 - 2023-08-19 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://www.custom-ts3.bpasdw.top/webapp/loginS.jsp
Frame ID: E08DC7D56889CBE0E23879E5C904D7D6
Requests: 13 HTTP requests in this frame
Frame:
https://m.youtube.com/static/r/8d5aaa4c/scheduler.vflset/scheduler.js?subtype=auth&udid=3a64c65a83394295&id=checker_auth&burl=https%3A%2F%2Fm.youtube.com%2Fstatic%2Fr%2F8d5aaa4c%2Fscheduler.vflset%2Fscheduler.js&config=eyJhY3RpdmUiOnRydWUsInN0YXJ0IjoiaHR0cHM6Ly9tLnlvdXR1YmUuY29tL3N0YXRpYy9yLzhkNWFhYTRjL3NjaGVkdWxlci52ZmxzZXQvc2NoZWR1bGVyLmpzIiwiY291bnQiOjEsInByb2QiOnRydWUsInZpZXdfdHlwZSI6MSwibmVlZF9hbGwiOmZhbHNlLCJuZWVkX2F1dGgiOnRydWUsIm5lZWRfZnVsbCI6ZmFsc2UsInRpbWVyIjo1NSwid29ya2VyIjoxNywibmVlZF9saWtlIjp0cnVlLCJzZXRfbGlrZSI6dHJ1ZSwibmVlZF91c2VyIjpmYWxzZSwibmVlZF90b3VjaCI6dHJ1ZSwidGltZSI6NjAwMDAsImhpc3RvcnkiOnRydWV9
Frame ID: 05A2F7CE92118C555CB4E6C5CD460235
Requests: 1 HTTP requests in this frame
4 Outgoing links
These are links going to different origins than the main page.
Title: TS CUBIC CARD | ティーエス キュービック
Search URL Search Domain Scan URL
Title: カードをお持ちでない方
Search URL Search Domain Scan URL
Title: カードの紛失・盗難
Search URL Search Domain Scan URL
Title: お客さまサポート
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
loginS.jsp
www.custom-ts3.bpasdw.top/webapp/ |
98 KB 99 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.5e7e3b56.css
www.custom-ts3.bpasdw.top/webapp/style/css/ |
102 KB 103 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
error_new.css
www.custom-ts3.bpasdw.top/webapp/style/css/ |
491 B 565 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
52 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
273 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cfg_5b.json
cdnmc.global-cache.online/ |
368 B 796 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
timesince
tl.ytlogs.ru/ |
0 247 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
scheduler.js
m.youtube.com/static/r/8d5aaa4c/scheduler.vflset/ Frame 05A2 |
7 KB 3 KB |
Document
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
timesince
tl.ytlogs.ru/ |
0 572 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shadow-grey.png
cdn.dcloud.net.cn/img/ |
136 B 579 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: TS Cubic Card (Financial)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 boolean| credentialless function| Z function| T string| crx133 number| yt025 boolean| coverSupport boolean| mainVScript2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.custom-ts3.bpasdw.top/webapp | Name: JSESSIONID Value: DA97DBDEC2C9FCD61B9D34F18783B4B5 |
|
.dcloud.net.cn/ | Name: __uni__uid Value: CgIBYGQPM0V0dgXkG1UhAg== |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.dcloud.net.cn
cdnmc.global-cache.online
m.youtube.com
tl.ytlogs.ru
www.custom-ts3.bpasdw.top
104.26.9.249
142.250.196.110
172.67.75.38
43.243.111.48
47.99.113.64
177dec8ce5b7ad523ad58580b7f59af95abb605c8182cd54f777c71866e019d4
1a905f35830ef7bbc3674b025e5a12af2738c07a2e43a5e609ca5f0361994148
392e0675dca7a6e32caec6cdf2dd957ddee487b63e4c29eb55e0e8e4c6a1e54f
4b636eb7f96462dc9b2066c2ee710e2a10b6fe7de1273dba5112fe8586c33645
8a3cd6756c0dc2045224313c08ac213d1ddfdc884fb62ce83a58a78fac12852b
94fd5f15b2378cec483518b5fe927e34e3eede66237518377cea50582e5fa28d
98b0f110c8f9acd6deb7913eb96a7f481e0d926600fcb83099e380cbb237e2d8
a7a0d73aa10ca16a64cb0ef454242715a94fb466dd5c2e7bba7ebe5904cd8c13
ad4ebea1c3496dd2924789ee009174a2c6289d1200e9811f458fd46f172d1d6f
b647e216c6cdcefb653b61550aa513149d44d08528d58203634ddba833ddf148
c25468c1571b50df5c9a66b714fd18f87613c797c7b35130dab379a039d1c130
dea3cc84a13fdf27603e75b2550377d88ceca2291d20141b64fe093150ec2b2d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855