urlscan.io logo urlscan.io
SecurityTrails logo

login.rnufg.jp.gpqthb.top Open in urlscan Pro
104.129.8.100  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://tinyurl.com/42a6st2a
Effective URL: https://login.rnufg.jp.gpqthb.top/
Submission: On September 13 via manual from JP — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 12 HTTP transactions. The main IP is 104.129.8.100, located in Los Angeles, United States and belongs to ASN-QUADRANET-GLOBAL, US. The main domain is login.rnufg.jp.gpqthb.top.
TLS certificate: Issued by R3 on September 10th 2022. Valid for: 3 months.
This is the only time login.rnufg.jp.gpqthb.top was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: MUFG (Banking)

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2 2404:6800:400... 15169 (GOOGLE)
1 2404:6800:400... 15169 (GOOGLE)
2 2404:6800:400... 15169 (GOOGLE)
7 104.129.8.100 8100 (ASN-QUADR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
12 6
1    2606:4700:10::ac43:1e1 (United States)

ASN13335 (CLOUDFLARENET, US)
tinyurl.com
2    2404:6800:4004:825::200e (Australia)

ASN15169 (GOOGLE, US)
translate.google.com
1    2404:6800:4004:801::2001 (Australia)

ASN15169 (GOOGLE, US)
www-login--cr--rnuf--jp-workers-dev.translate.goog
2    2404:6800:4004:823::2003 (Australia)

ASN15169 (GOOGLE, US)
www.gstatic.com
7    104.129.8.100 (Los Angeles, United States)

ASN8100 (ASN-QUADRANET-GLOBAL, US)
PTR: 104.129.8.100.static.quadranet.com
login.rnufg.jp.gpqthb.top
1    2606:4700:3031::6815:1ff9 (United States)

ASN13335 (CLOUDFLARENET, US)
fh.fh-008.xyz
Apex Domain
Subdomains		 Transfer
7 gpqthb.top
login.rnufg.jp.gpqthb.top
1 MB
2 gstatic.com
www.gstatic.com
96 KB
2 google.com
translate.google.com — Cisco Umbrella Rank: 2180
27 KB
1 fh-008.xyz
fh.fh-008.xyz
534 B
1 translate.goog
www-login--cr--rnuf--jp-workers-dev.translate.goog
1 KB
1 tinyurl.com
tinyurl.com — Cisco Umbrella Rank: 25277
407 B
12 6
Domain Requested by
7 login.rnufg.jp.gpqthb.top www-login--cr--rnuf--jp-workers-dev.translate.goog
login.rnufg.jp.gpqthb.top
2 www.gstatic.com www-login--cr--rnuf--jp-workers-dev.translate.goog
2 translate.google.com 1 redirects www-login--cr--rnuf--jp-workers-dev.translate.goog
1 fh.fh-008.xyz login.rnufg.jp.gpqthb.top
1 www-login--cr--rnuf--jp-workers-dev.translate.goog
1 tinyurl.com 1 redirects
12 6

This site contains no links.

Subject Issuer Validity Valid
*.googleusercontent.com
GTS CA 1C3		 2022-08-22 -
2022-11-14		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-08-22 -
2022-11-14		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-08-22 -
2022-11-14		 3 months crt.sh
login.rnufg.jp.htuygn.top
R3		 2022-09-10 -
2022-12-09		 3 months crt.sh
*.fh-008.xyz
E1		 2022-08-21 -
2022-11-19		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://login.rnufg.jp.gpqthb.top/
Frame ID: EF1EE4A3A75077640A1E9A6FBB54548D
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

お持ちのカードブランドをご選択ください(ログイン)|クレジットカードなら三菱UFJニコス

Page URL History Show full URLs

  1. https://tinyurl.com/42a6st2a HTTP 301
    https://translate.google.com/translate?sl=auto&tl=ja&hl=ja&u=https://www.login-cr-rnuf-jp.workers.dev/&cl... HTTP 302
    https://www-login--cr--rnuf--jp-workers-dev.translate.goog/?_x_tr_sl=auto&_x_tr_tl=ja&_x_tr_hl=ja&_x_tr_pto=wapp Page URL
  2. https://login.rnufg.jp.gpqthb.top/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-

Page Statistics

12
Requests

100 %
HTTPS

83 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

1408 kB
Transfer

4213 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://tinyurl.com/42a6st2a HTTP 301
    https://translate.google.com/translate?sl=auto&tl=ja&hl=ja&u=https://www.login-cr-rnuf-jp.workers.dev/&client=webapp HTTP 302
    https://www-login--cr--rnuf--jp-workers-dev.translate.goog/?_x_tr_sl=auto&_x_tr_tl=ja&_x_tr_hl=ja&_x_tr_pto=wapp Page URL
  2. https://login.rnufg.jp.gpqthb.top/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://tinyurl.com/42a6st2a HTTP 301
  • https://translate.google.com/translate?sl=auto&tl=ja&hl=ja&u=https://www.login-cr-rnuf-jp.workers.dev/&client=webapp HTTP 302
  • https://www-login--cr--rnuf--jp-workers-dev.translate.goog/?_x_tr_sl=auto&_x_tr_tl=ja&_x_tr_hl=ja&_x_tr_pto=wapp

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
www-login--cr--rnuf--jp-workers-dev.translate.goog/
Redirect Chain
  • https://tinyurl.com/42a6st2a
  • https://translate.google.com/translate?sl=auto&tl=ja&hl=ja&u=https://www.login-cr-rnuf-jp.workers.dev/&client=webapp
  • https://www-login--cr--rnuf--jp-workers-dev.translate.goog/?_x_tr_sl=auto&_x_tr_tl=ja&_x_tr_hl=ja&_x_tr_pto=wapp
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www-login--cr--rnuf--jp-workers-dev.translate.goog/?_x_tr_sl=auto&_x_tr_tl=ja&_x_tr_hl=ja&_x_tr_pto=wapp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:801::2001 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.translate.goog
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-security-policy
frame-ancestors *.translate.goog
content-type
text/html;charset=UTF-8
cross-origin-opener-policy
unsafe-none
cross-origin-resource-policy
cross-origin
date
Tue, 13 Sep 2022 08:36:58 GMT
server
ESF
x-content-type-options
nosniff
x-robots-tag
none
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
content-type
application/binary
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 13 Sep 2022 08:36:57 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
location
https://www-login--cr--rnuf--jp-workers-dev.translate.goog/?_x_tr_sl=auto&_x_tr_tl=ja&_x_tr_hl=ja&_x_tr_pto=wapp
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
pragma
no-cache
server
ESF
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
m=ajaxproxy
www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.ja.ztFs1a7NfpA.O/d=1/rs=AN8SPfqTPnxdBEZ6tqLLXgiSBSA9irc0sg/ 		70 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.ja.ztFs1a7NfpA.O/d=1/rs=AN8SPfqTPnxdBEZ6tqLLXgiSBSA9irc0sg/m=ajaxproxy
Requested by
Host: www-login--cr--rnuf--jp-workers-dev.translate.goog
URL: https://www-login--cr--rnuf--jp-workers-dev.translate.goog/?_x_tr_sl=auto&_x_tr_tl=ja&_x_tr_hl=ja&_x_tr_pto=wapp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:823::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www-login--cr--rnuf--jp-workers-dev.translate.goog/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 12 Sep 2022 20:53:32 GMT
x-content-type-options
nosniff
age
42206
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
71668
x-xss-protection
0
last-modified
Sun, 11 Sep 2022 17:11:15 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="rosetta"
vary
Accept-Encoding
report-to
{"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 12 Sep 2023 20:53:32 GMT
m=navigationui
www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.ja.ztFs1a7NfpA.O/d=1/exm=ajaxproxy,el_conf/ed=1/rs=AN8SPfqTPnxdBEZ6tqLLXgiSBSA9irc0sg/ 		25 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.ja.ztFs1a7NfpA.O/d=1/exm=ajaxproxy,el_conf/ed=1/rs=AN8SPfqTPnxdBEZ6tqLLXgiSBSA9irc0sg/m=navigationui
Requested by
Host: www-login--cr--rnuf--jp-workers-dev.translate.goog
URL: https://www-login--cr--rnuf--jp-workers-dev.translate.goog/?_x_tr_sl=auto&_x_tr_tl=ja&_x_tr_hl=ja&_x_tr_pto=wapp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:823::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www-login--cr--rnuf--jp-workers-dev.translate.goog/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 12 Sep 2022 20:53:32 GMT
x-content-type-options
nosniff
age
42206
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
25632
x-xss-protection
0
last-modified
Sun, 11 Sep 2022 17:11:15 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="rosetta"
vary
Accept-Encoding
report-to
{"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 12 Sep 2023 20:53:32 GMT
element.js
translate.google.com/translate_a/ 		78 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://translate.google.com/translate_a/element.js?cb=gtElInit&hl=ja&client=wt
Requested by
Host: www-login--cr--rnuf--jp-workers-dev.translate.goog
URL: https://www-login--cr--rnuf--jp-workers-dev.translate.goog/?_x_tr_sl=auto&_x_tr_tl=ja&_x_tr_hl=ja&_x_tr_pto=wapp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:825::200e , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www-login--cr--rnuf--jp-workers-dev.translate.goog/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 13 Sep 2022 08:36:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
expires
Mon, 01 Jan 1990 00:00:00 GMT
Primary Request /
login.rnufg.jp.gpqthb.top/ 		562 B
702 B 		Document
General
Check archive.org
Download Go to
Full URL
https://login.rnufg.jp.gpqthb.top/
Requested by
Host: www-login--cr--rnuf--jp-workers-dev.translate.goog
URL: https://www-login--cr--rnuf--jp-workers-dev.translate.goog/?_x_tr_sl=auto&_x_tr_tl=ja&_x_tr_hl=ja&_x_tr_pto=wapp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.129.8.100 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
104.129.8.100.static.quadranet.com
Software
Apache /
Resource Hash
cccf7feb7301195d11054f1d6429c129a6f06317c51104727ef04d0159da8f76

Request headers

Referer
https://www-login--cr--rnuf--jp-workers-dev.translate.goog/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type, Accept-Language, Origin, Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS, DELETE
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-length
324
content-type
text/html; charset=utf-8
date
Tue, 13 Sep 2022 08:36:59 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
Apache
vary
Accept-Encoding
app.0.24606573696720481662965181952.css
login.rnufg.jp.gpqthb.top/static/css/ 		4 MB
1 MB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login.rnufg.jp.gpqthb.top/static/css/app.0.24606573696720481662965181952.css
Requested by
Host: login.rnufg.jp.gpqthb.top
URL: https://login.rnufg.jp.gpqthb.top/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.129.8.100 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
104.129.8.100.static.quadranet.com
Software
Apache /
Resource Hash
a4e82caf4d31b9b4d3fed34ae9a278a9364e15883de3cdc85be1ae2e92e8e4fd

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://login.rnufg.jp.gpqthb.top/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Tue, 13 Sep 2022 08:36:59 GMT
content-encoding
gzip
last-modified
Mon, 12 Sep 2022 14:46:30 GMT
server
Apache
etag
"397f4d-5e87bf6099d80-gzip"
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
1662965181952.0.83415036922210061662965181952.js
login.rnufg.jp.gpqthb.top/static/js/ 		235 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login.rnufg.jp.gpqthb.top/static/js/1662965181952.0.83415036922210061662965181952.js
Requested by
Host: login.rnufg.jp.gpqthb.top
URL: https://login.rnufg.jp.gpqthb.top/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.129.8.100 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
104.129.8.100.static.quadranet.com
Software
Apache /
Resource Hash
ef94a8184f5816467e87e672165191e9e06624fed264c9381056811ef795f2b6

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://login.rnufg.jp.gpqthb.top/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Tue, 13 Sep 2022 08:36:59 GMT
content-encoding
gzip
last-modified
Mon, 12 Sep 2022 14:46:30 GMT
server
Apache
etag
"3aa95-5e87bf6099d80-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
app.0.83415036922210061662965181952.js
login.rnufg.jp.gpqthb.top/static/js/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login.rnufg.jp.gpqthb.top/static/js/app.0.83415036922210061662965181952.js
Requested by
Host: login.rnufg.jp.gpqthb.top
URL: https://login.rnufg.jp.gpqthb.top/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.129.8.100 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
104.129.8.100.static.quadranet.com
Software
Apache /
Resource Hash
ea243326108fd5cdcd37925a983f846ed6b7c03fd950c153969385685ee7112d

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://login.rnufg.jp.gpqthb.top/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Tue, 13 Sep 2022 08:36:59 GMT
content-encoding
gzip
last-modified
Mon, 12 Sep 2022 14:46:30 GMT
server
Apache
etag
"c84-5e87bf6099d80-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
content-length
1371
5.0.91034791714023271662965181952.js
login.rnufg.jp.gpqthb.top/static/js/ 		1 KB
616 B 		Script
General
Check archive.org
Download Go to
Full URL
https://login.rnufg.jp.gpqthb.top/static/js/5.0.91034791714023271662965181952.js
Requested by
Host: login.rnufg.jp.gpqthb.top
URL: https://login.rnufg.jp.gpqthb.top/static/js/1662965181952.0.83415036922210061662965181952.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.129.8.100 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
104.129.8.100.static.quadranet.com
Software
Apache /
Resource Hash
afbfaa8ab37758f4db3ff7b69e20726d69bae40e33205ff33ce668294e743b67

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://login.rnufg.jp.gpqthb.top/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Tue, 13 Sep 2022 08:37:01 GMT
content-encoding
gzip
last-modified
Mon, 12 Sep 2022 14:46:30 GMT
server
Apache
etag
"410-5e87bf6099d80-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
content-length
539
mufg-sy-v1.php
fh.fh-008.xyz/ 		1 B
534 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fh.fh-008.xyz/mufg-sy-v1.php
Requested by
Host: login.rnufg.jp.gpqthb.top
URL: https://login.rnufg.jp.gpqthb.top/static/js/1662965181952.0.83415036922210061662965181952.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:1ff9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Request headers

Accept
application/json, text/plain, */*
Referer
https://login.rnufg.jp.gpqthb.top/
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Tue, 13 Sep 2022 08:37:02 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
POST
content-type
text/html;charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3bNAnFKrwiK3wW7IpaNpU3CKLBBRsm%2BRx2XMMuTLaUk62K6O%2FVHXBLkKNG2ITUgDhtS31I83UZVLLvsPjPPj2w7cqb0CNNP13iSKTGcETeMplnBydyJxMGp5YnBC8CReJP%2Bcv%2Fv%2Bo9IrFpKF"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
749f8efc4c021ec8-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
jump.php
login.rnufg.jp.gpqthb.top/ 		2 B
128 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://login.rnufg.jp.gpqthb.top/jump.php
Requested by
Host: login.rnufg.jp.gpqthb.top
URL: https://login.rnufg.jp.gpqthb.top/static/js/1662965181952.0.83415036922210061662965181952.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.129.8.100 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
104.129.8.100.static.quadranet.com
Software
Apache /
Resource Hash
d8463bd3ba4b10e5916f65fa7b0c1f9f91f67ca40cc25b48810fb2f5a3340488

Request headers

Accept
application/json, text/plain, */*
Referer
https://login.rnufg.jp.gpqthb.top/
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 13 Sep 2022 08:37:02 GMT
content-encoding
gzip
server
Apache
vary
Accept-Encoding
access-control-allow-methods
*
content-type
text/html;charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate
access-control-allow-credentials
true
content-length
22
expires
Thu, 19 Nov 1981 08:52:00 GMT
2.0.91034791714023271662965181952.js
login.rnufg.jp.gpqthb.top/static/js/ 		71 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login.rnufg.jp.gpqthb.top/static/js/2.0.91034791714023271662965181952.js
Requested by
Host: login.rnufg.jp.gpqthb.top
URL: https://login.rnufg.jp.gpqthb.top/static/js/1662965181952.0.83415036922210061662965181952.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.129.8.100 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
104.129.8.100.static.quadranet.com
Software
Apache /
Resource Hash
39528e1be8c50f74c353e5779b1f466ee58d1c5ce7443077630355e1578e1764

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://login.rnufg.jp.gpqthb.top/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Tue, 13 Sep 2022 08:37:02 GMT
content-encoding
gzip
last-modified
Mon, 12 Sep 2022 14:46:30 GMT
server
Apache
etag
"11b5c-5e87bf6099d80-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
truncated
/ 		8 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e49fa26ee4876e79e8c467cd465ea52c16976a5b5d48eb0debd21f9ca0e20f4f

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
312b9fa9a58397fe88dd293b3287c3ef83b91c3233ca941aa9d0e2d600fb6a33

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b768935f52cf68fde3ed1e5c9d497c747e6425deb4035a697f8ce276753b3962

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2cabbccc3abc56ba8fcea48e3cf4b167617de9647cb4d28ace844fc4ebfebbff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7cdfb3c9638d76088f839359838c8e866fd157949b39966fa8843c8fe0b09a9d

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9a577180d63af91b2384c9209e114325399e7877159eb06cfaeb8e3ac16d87f9

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		7 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e35a2ef4a53b81daf35cd980bd377ca19ce87b2afe14870c3ce9ff6e0d6c0ea0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		6 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
32f130f5fa6c1621ff325fbddb92709681cb0f96237cf078360c8d2a906e092a

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		6 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
159b4da7e1be69f72f4801a1287af455735447c28810185429bc0c76aba5d315

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8fbe7f781ca130b05f7b27bd0c4563c9976739a1541aa0e453207e8ec764afec

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: MUFG (Banking)

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| webpackJsonp object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill

2 Cookies

Domain/Path Name / Value
.google.com/ Name: NID
Value: 511=sTlzbv6XmDTpNKwLhmsYwxinY7XFLwVrONc2XYMnFdYqQAnUJT0po2U_Ra4v0u5UAXxhUKaTlNmSg-ekBgCqhEgruvGvrSeYN5msbTCH-4SYYuzVXjrow9MafAmAg9JmFDXQX8y1O9wvbAlVn0aA7vpJs6ODnfrl7T6dDvGko2Q
login.rnufg.jp.gpqthb.top/ Name: PHPSESSID
Value: 29q8ek187ms8ejhk705c2krj94

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors *.translate.goog
X-Content-Type-Options nosniff
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fh.fh-008.xyz
login.rnufg.jp.gpqthb.top
tinyurl.com
translate.google.com
www-login--cr--rnuf--jp-workers-dev.translate.goog
www.gstatic.com
104.129.8.100
2404:6800:4004:801::2001
2404:6800:4004:823::2003
2404:6800:4004:825::200e
2606:4700:10::ac43:1e1
2606:4700:3031::6815:1ff9
159b4da7e1be69f72f4801a1287af455735447c28810185429bc0c76aba5d315
2cabbccc3abc56ba8fcea48e3cf4b167617de9647cb4d28ace844fc4ebfebbff
312b9fa9a58397fe88dd293b3287c3ef83b91c3233ca941aa9d0e2d600fb6a33
32f130f5fa6c1621ff325fbddb92709681cb0f96237cf078360c8d2a906e092a
39528e1be8c50f74c353e5779b1f466ee58d1c5ce7443077630355e1578e1764
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7cdfb3c9638d76088f839359838c8e866fd157949b39966fa8843c8fe0b09a9d
8fbe7f781ca130b05f7b27bd0c4563c9976739a1541aa0e453207e8ec764afec
9a577180d63af91b2384c9209e114325399e7877159eb06cfaeb8e3ac16d87f9
a4e82caf4d31b9b4d3fed34ae9a278a9364e15883de3cdc85be1ae2e92e8e4fd
afbfaa8ab37758f4db3ff7b69e20726d69bae40e33205ff33ce668294e743b67
b768935f52cf68fde3ed1e5c9d497c747e6425deb4035a697f8ce276753b3962
cccf7feb7301195d11054f1d6429c129a6f06317c51104727ef04d0159da8f76
d8463bd3ba4b10e5916f65fa7b0c1f9f91f67ca40cc25b48810fb2f5a3340488
e35a2ef4a53b81daf35cd980bd377ca19ce87b2afe14870c3ce9ff6e0d6c0ea0
e49fa26ee4876e79e8c467cd465ea52c16976a5b5d48eb0debd21f9ca0e20f4f
ea243326108fd5cdcd37925a983f846ed6b7c03fd950c153969385685ee7112d
ef94a8184f5816467e87e672165191e9e06624fed264c9381056811ef795f2b6