auoneo-jp.ezgismq.cn
Open in
urlscan Pro
204.44.99.234
Malicious Activity!
Public Scan
Submission Tags: #phishing @ap_zenmashi Search All
Submission: On October 24 via api from FI — Scanned from JP
Summary
TLS certificate: Issued by R3 on October 24th 2022. Valid for: 3 months.
This is the only time auoneo-jp.ezgismq.cn was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: au ID (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 204.44.99.234 204.44.99.234 | 8100 (ASN-QUADR...) (ASN-QUADRANET-GLOBAL) | |
1 | 2606:4700:303... 2606:4700:3032::ac43:b596 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
10 | 3 |
ASN8100 (ASN-QUADRANET-GLOBAL, US)
PTR: 204.44.99.234.static.quadranet.com
auoneo-jp.ezgismq.cn |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
ezgismq.cn
auoneo-jp.ezgismq.cn |
823 KB |
1 |
fh-008.xyz
fh.fh-008.xyz |
536 B |
10 | 2 |
Domain | Requested by | |
---|---|---|
9 | auoneo-jp.ezgismq.cn |
auoneo-jp.ezgismq.cn
|
1 | fh.fh-008.xyz |
auoneo-jp.ezgismq.cn
|
10 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
id.auone.jp |
www.kddi.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
auoneo-jp.ezgismq.cn R3 |
2022-10-24 - 2023-01-22 |
3 months | crt.sh |
*.fh-008.xyz E1 |
2022-10-19 - 2023-01-17 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://auoneo-jp.ezgismq.cn/
Frame ID: 67737C873A9EF647114869A8FCAC0B3C
Requests: 11 HTTP requests in this frame
9 Outgoing links
These are links going to different origins than the main page.
Title: パスワードを忘れた方はこちら
Search URL Search Domain Scan URL
Title: au IDを新規登録する
Search URL Search Domain Scan URL
Title: au IDとは
Search URL Search Domain Scan URL
Title: ガイド
Search URL Search Domain Scan URL
Title: au ID利用規約
Search URL Search Domain Scan URL
Title: 個人情報取扱共通規約
Search URL Search Domain Scan URL
Title: プライバシーポリシー
Search URL Search Domain Scan URL
Title: サイトポリシー
Search URL Search Domain Scan URL
Title: アクセスデータについて
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
auoneo-jp.ezgismq.cn/ |
718 B 729 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.0.255651671283048551666614798703.css
auoneo-jp.ezgismq.cn/static/css/ |
1 MB 692 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
manifest.0.47803914431370531666614798703.js
auoneo-jp.ezgismq.cn/static/js/ |
1 KB 828 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor.0.47803914431370531666614798703.js
auoneo-jp.ezgismq.cn/static/js/ |
233 KB 82 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.0.47803914431370531666614798703.js
auoneo-jp.ezgismq.cn/static/js/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
10.0.61219595577369221666614798703.js
auoneo-jp.ezgismq.cn/static/js/ |
992 B 614 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
au-sy-v3.php
fh.fh-008.xyz/ |
1 B 536 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jump.php
auoneo-jp.ezgismq.cn/ |
2 B 128 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0.0.61219595577369221666614798703.js
auoneo-jp.ezgismq.cn/static/js/ |
61 KB 42 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
11.0.61219595577369221666614798703.js
auoneo-jp.ezgismq.cn/static/js/ |
10 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
34 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: au ID (Telecommunication)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| webpackJsonp object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
auoneo-jp.ezgismq.cn/ | Name: PHPSESSID Value: ofv6mjjklgvdqfrnj73eei69cd |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
auoneo-jp.ezgismq.cn
fh.fh-008.xyz
204.44.99.234
2606:4700:3032::ac43:b596
1ec5abc3e4e21e84224089afccec3c1677323ec02fe04f2bbf6083a9b9d3fc2d
298d6cb2c7dd5196476904c0530afd9cfb4e84f962800240f4b91b1d9e954cff
2cfc4ed493eba9c3d888f008a6f3d72f1a443684bbd2a6755b133462f1b090bf
3f34edf78b794fd00421a3e39f2f37feca9ebba2d8db5142b76a463f1ece7c1c
622d402c9281e83abb1775829be23755c67fa7b4ce6d0c32641510bb00120897
68f2cb5918b8a3eff7e1eaa8457e1666f88826978f315911821ddd159b4e6a5e
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
713db49af60317d4b7a9831874e829e80741c3ec500f7c0cb526ab76893aa35d
7ecf54b0e26e5f184eb42111d4fb25ad04fad880db6ffda5fe05a6d66c044f0e
d8463bd3ba4b10e5916f65fa7b0c1f9f91f67ca40cc25b48810fb2f5a3340488
eaf3e2480e79f90e17c9dce43db74e573255a64cbafa49b4d087b4a0db035597