uikui.com Open in urlscan Pro
43.163.199.37 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://fujiangupiaopingtai.cn/
Effective URL:
https://uikui.com/login.php
Submission Tags: phishing kuroneko Search All
Submission: On August 31 via api (August 31st 2023, 1:40:42 am UTC) from JP — Scanned from JP

Summary HTTP 17 Redirects Links 23 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 5 domains to perform 17 HTTP transactions. The main IP is 43.163.199.37, located in Tokyo, Japan and belongs to TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN. The main domain is uikui.com.
TLS certificate: Issued by R3 on August 30th 2023. Valid for: 3 months.

This is the only time uikui.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Yamato Transport (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 1	43.163.208.170 43.163.208.170	132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building)
1 7	43.163.199.37 43.163.199.37	132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building)
8	23.195.88.235 23.195.88.235	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	172.217.161.67 172.217.161.67	15169 (GOOGLE) (GOOGLE)
17	4

1 43.163.208.170 (Tokyo, Japan) 1 redirects

ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)

fujiangupiaopingtai.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 43.163.199.37 (Tokyo, Japan) 1 redirects

ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)

uikui.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 23.195.88.235 (Tokyo, Japan)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-195-88-235.deploy.static.akamaitechnologies.com

auth.kms.kuronekoyamato.co.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.161.67 (United States)

ASN15169 (GOOGLE, US)
PTR: nrt20s09-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	kuronekoyamato.co.jp auth.kms.kuronekoyamato.co.jp	35 KB
7	uikui.com 1 redirects uikui.com	129 KB
1	gstatic.com www.gstatic.com	5 KB
1	fujiangupiaopingtai.cn 1 redirects fujiangupiaopingtai.cn	86 B
0	bootcdn.net Failed cdn.bootcdn.net Failed
17	5

	Domain	Requested by
8	auth.kms.kuronekoyamato.co.jp	uikui.com auth.kms.kuronekoyamato.co.jp
7	uikui.com	1 redirects uikui.com
1	www.gstatic.com	uikui.com
1	fujiangupiaopingtai.cn	1 redirects
0	cdn.bootcdn.net Failed	uikui.com
17	5

This site contains links to these domains. Also see Links.

Domain
member.kms.kuronekoyamato.co.jp
sp-send.kuronekoyamato.co.jp
shuka.kuronekoyamato.co.jp
takuhai-locker.kuronekoyamato.co.jp
c2.kuronekoyamato.co.jp
www.kuronekoyamato.co.jp
jizen.kuronekoyamato.co.jp
market.kuronekoyamato.co.jp
ship-book.kuronekoyamato.co.jp
nekosapo-order2.kuronekoyamato.co.jp
tenkyo-tenso.kuronekoyamato.co.jp
locations.kuronekoyamato.co.jp
sneko2.kuronekoyamato.co.jp

Subject Issuer	Validity	Valid
uikui.com R3	`2023-08-30` - `2023-11-28`	3 months	crt.sh
*.kms.kuronekoyamato.co.jp DigiCert TLS RSA SHA256 2020 CA1	`2023-03-01` - `2024-03-03`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://uikui.com/login.php
Frame ID: D96B34DC7E1C20988D7C8501F534B7D0
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ログイン | クロネコメンバーズ

Page URL History Show full URLs

https://fujiangupiaopingtai.cn/ HTTP 302
https://uikui.com/ HTTP 302
https://uikui.com/login.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

88 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

4
IPs

2
Countries

168 kB
Transfer

664 kB
Size

1
Cookies

23 Outgoing links

These are links going to different origins than the main page.

URL: https://member.kms.kuronekoyamato.co.jp/parcel/search
Title: 再配達依頼

Search URL Search Domain Scan URL

URL: https://member.kms.kuronekoyamato.co.jp/member/mycalendar
Title: Myカレンダーサービス

Search URL Search Domain Scan URL

URL: https://member.kms.kuronekoyamato.co.jp/member/notification
Title: お届け予定通知

Search URL Search Domain Scan URL

URL: https://member.kms.kuronekoyamato.co.jp/member/notification?MlAdrAdd=on
Title: ご不在連絡通知

Search URL Search Domain Scan URL

URL: https://sp-send.kuronekoyamato.co.jp/smpTaqWeb/Viwb1010Action_doInit.action?utm_source=NRCWBAU2310
Title: 宅急便をスマホで送る

Search URL Search Domain Scan URL

URL: https://shuka.kuronekoyamato.co.jp/?utm_source=NRCWBAU2310
Title: 集荷申し込み

Search URL Search Domain Scan URL

URL: https://takuhai-locker.kuronekoyamato.co.jp/takuhai-locker/TLMNSS0010?utm_source=NRCWBAU2310
Title: 宅配ロッカー発送サービス

Search URL Search Domain Scan URL

URL: https://c2.kuronekoyamato.co.jp/okurijo/servlet/DWU03010?utm_source=NRCWBAU2310
Title: 自宅で送り状発行

Search URL Search Domain Scan URL

URL: https://www.kuronekoyamato.co.jp/ytc/customer/send/members/rakuraku/?utm_source=NRCWBAU2310
Title: らくらく送り状発行サービス

Search URL Search Domain Scan URL

URL: https://jizen.kuronekoyamato.co.jp/haikan/Entrance?utm_source=NRCWBAU2310
Title: お届け完了通知

Search URL Search Domain Scan URL

URL: https://market.kuronekoyamato.co.jp/market/MarketTopAction_doInit.action?utm_source=NRCWBAU2310
Title: 梱包材の購入

Search URL Search Domain Scan URL

URL: https://ship-book.kuronekoyamato.co.jp/ship_book/index.jsp?_A=OTODOKE&_R=menu_personal_portal&utm_source=NRCWBAU2310
Title: お届け先アドレス帳

Search URL Search Domain Scan URL

URL: https://ship-book.kuronekoyamato.co.jp/ship_book/index.jsp?_A=GOIRAI&_R=menu_personal_portal&utm_source=NRCWBAU2310
Title: ご依頼主アドレス帳

Search URL Search Domain Scan URL

URL: https://www.kuronekoyamato.co.jp/ytc/campaign/insurance/smartphone/?utm_source=NRCWBAU2310
Title: 保険

Search URL Search Domain Scan URL

URL: https://nekosapo-order2.kuronekoyamato.co.jp/mimamori.html?utm_source=ytc_service&utm_medium=referral&utm_campaign=hallolight&utm_content=km_top
Title: 見守りサービス

Search URL Search Domain Scan URL

URL: https://www.kuronekoyamato.co.jp/ytc/customer/send/members/nyanpay/?utm_source=NRCWBAU2310
Title: にゃんPay

Search URL Search Domain Scan URL

URL: https://tenkyo-tenso.kuronekoyamato.co.jp/tenkyo/index.jsp?utm_source=NRCWBAU2310
Title: 転居転送サービス

Search URL Search Domain Scan URL

URL: https://www.kuronekoyamato.co.jp/ytc/customer/send/search/payment/?utm_source=NRCWBAU2310
Title: 料金・お届け予定日

Search URL Search Domain Scan URL

URL: https://locations.kuronekoyamato.co.jp/smt/yamato01/?utm_source=NRCWBAU2310
Title: 営業所・取扱店の情報

Search URL Search Domain Scan URL

URL: http://sneko2.kuronekoyamato.co.jp/sneko2/contents/jsp/sn2/ken.jsp?SHF=1&utm_source=NRCWBAU2310
Title: 担当店・担当ドライバー

Search URL Search Domain Scan URL

URL: https://member.kms.kuronekoyamato.co.jp/member/profile
Title: プロフィール

Search URL Search Domain Scan URL

URL: https://member.kms.kuronekoyamato.co.jp/member/federation
Title: 他社ID連携

Search URL Search Domain Scan URL

URL: https://member.kms.kuronekoyamato.co.jp/member/
Title: ホーム

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://fujiangupiaopingtai.cn/ HTTP 302
https://uikui.com/ HTTP 302
https://uikui.com/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request login.php Show response
uikui.com/
Redirect Chain

https://fujiangupiaopingtai.cn/
https://uikui.com/
https://uikui.com/login.php

27 KB
5 KB

952ms
951ms

Document
text/html

43.163.199.37
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to

Full URL: https://uikui.com/login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 43.163.199.37 Tokyo, Japan, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: Apache /
Resource Hash: 8b63cf1fe86c4d0d0d76cc40f73ef441d331044cc8956a7428893710d381d4f4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: jp-jp,jp;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 5121
content-type: text/html; charset=utf-8
date: Thu, 31 Aug 2023 01:40:11 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: Apache
vary: Accept-Encoding

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=utf-8
date: Thu, 31 Aug 2023 01:40:10 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: login.php
pragma: no-cache
server: Apache

GET
H2 200 index.d9ce12f3.chunk.css
auth.kms.kuronekoyamato.co.jp/auth/static/css/ 227 KB
28 KB 1423ms
376ms Stylesheet
text/css 23.195.88.235
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.kms.kuronekoyamato.co.jp/auth/static/css/index.d9ce12f3.chunk.css

Requested by

Host: uikui.com
URL: https://uikui.com/login.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.195.88.235 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-195-88-235.deploy.static.akamaitechnologies.com

Software

Resource Hash

a531913b92863a94f364f68cc584f764038e85094b5ce67939eb1bdeed80bea0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' member.kms.kuronekoyamato.co.jp
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://member.kms.kuronekoyamato.co.jp/

Request headers

accept-language: jp-jp,jp;q=0.9
Referer: https://uikui.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' member.kms.kuronekoyamato.co.jp
strict-transport-security: max-age=15768000
x-content-type-options: nosniff
date: Thu, 31 Aug 2023 01:40:13 GMT
content-encoding: gzip
content-md5: fAEA9ErY9UoJt1id/wiCbQ==
content-length: 28774
last-modified: Fri, 25 Aug 2023 01:14:40 GMT
etag: "0x8DBA508A8162F13"
x-frame-options: ALLOW-FROM https://member.kms.kuronekoyamato.co.jp/
vary: Accept-Encoding
content-type: text/css
x-ms-request-id: 31b4fb4c-801e-0020-0816-d94920000000
cache-control: max-age=1940
x-ms-version: 2018-03-28
accept-ranges: bytes

GET
H2 200 13.02d0eae0.chunk.css
auth.kms.kuronekoyamato.co.jp/auth/static/css/ 3 KB
1 KB 1322ms
276ms Stylesheet
text/css 23.195.88.235
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.kms.kuronekoyamato.co.jp/auth/static/css/13.02d0eae0.chunk.css

Requested by

Host: uikui.com
URL: https://uikui.com/login.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.195.88.235 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-195-88-235.deploy.static.akamaitechnologies.com

Software

Resource Hash

f62b06e7eb5a5bcf2b488e84ddbdf094463348f17d971f7606838864000eee5b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' member.kms.kuronekoyamato.co.jp
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://member.kms.kuronekoyamato.co.jp/

Request headers

accept-language: jp-jp,jp;q=0.9
Referer: https://uikui.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' member.kms.kuronekoyamato.co.jp
strict-transport-security: max-age=15768000
x-content-type-options: nosniff
date: Thu, 31 Aug 2023 01:40:13 GMT
content-encoding: gzip
content-md5: HPsrb8Y3V6pezmdTmAacXg==
content-length: 881
last-modified: Fri, 25 Aug 2023 01:14:39 GMT
etag: "0x8DBA508A7F2F4E2"
x-frame-options: ALLOW-FROM https://member.kms.kuronekoyamato.co.jp/
vary: Accept-Encoding
content-type: text/css
x-ms-request-id: c9963aaa-401e-002c-7716-d9bd39000000
cache-control: max-age=2236
x-ms-version: 2018-03-28
accept-ranges: bytes

GET
H2 200 3.12cb700a.chunk.css
auth.kms.kuronekoyamato.co.jp/auth/static/css/ 507 B
654 B 1318ms
271ms Stylesheet
text/css 23.195.88.235
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.kms.kuronekoyamato.co.jp/auth/static/css/3.12cb700a.chunk.css

Requested by

Host: uikui.com
URL: https://uikui.com/login.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.195.88.235 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-195-88-235.deploy.static.akamaitechnologies.com

Software

Resource Hash

f552a445e6d3f9180c8f648e9287c74d2d24a9e865dd5e7385d5c1d5ae700814

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' member.kms.kuronekoyamato.co.jp
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://member.kms.kuronekoyamato.co.jp/

Request headers

accept-language: jp-jp,jp;q=0.9
Referer: https://uikui.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' member.kms.kuronekoyamato.co.jp
strict-transport-security: max-age=15768000
x-content-type-options: nosniff
date: Thu, 31 Aug 2023 01:40:13 GMT
content-encoding: gzip
content-md5: +3wkEM01nokiFH0J039RGQ==
content-length: 269
last-modified: Fri, 25 Aug 2023 01:14:40 GMT
etag: "0x8DBA508A80DF2EC"
x-frame-options: ALLOW-FROM https://member.kms.kuronekoyamato.co.jp/
vary: Accept-Encoding
content-type: text/css
x-ms-request-id: 7bcf06aa-301e-001f-5d17-d9e12e000000
cache-control: max-age=1773
x-ms-version: 2018-03-28
accept-ranges: bytes

GET
H2 404 14.8e59e16a.chunk.css
auth.kms.kuronekoyamato.co.jp/auth/static/css/ 0
0 1421ms
375ms Stylesheet
text/html 23.195.88.235
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://auth.kms.kuronekoyamato.co.jp/auth/static/css/14.8e59e16a.chunk.css
Requested by: Host: uikui.com
URL: https://uikui.com/login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.195.88.235 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-195-88-235.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

accept-language: jp-jp,jp;q=0.9
Referer: https://uikui.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

GET
H2 200 22.92265196.chunk.css
auth.kms.kuronekoyamato.co.jp/auth/static/css/ 58 B
444 B 1318ms
272ms Stylesheet
text/css 23.195.88.235
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.kms.kuronekoyamato.co.jp/auth/static/css/22.92265196.chunk.css

Requested by

Host: uikui.com
URL: https://uikui.com/login.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.195.88.235 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-195-88-235.deploy.static.akamaitechnologies.com

Software

Resource Hash

1ebd8c829000cedeb406fed7213e8891ca0358ef5258fb1c5d0475d4603a895e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' member.kms.kuronekoyamato.co.jp
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://member.kms.kuronekoyamato.co.jp/

Request headers

accept-language: jp-jp,jp;q=0.9
Referer: https://uikui.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' member.kms.kuronekoyamato.co.jp
strict-transport-security: max-age=15768000
x-content-type-options: nosniff
date: Thu, 31 Aug 2023 01:40:13 GMT
content-encoding: gzip
content-md5: TsEoobLVp6fAWcmJpYuozA==
content-length: 61
last-modified: Fri, 25 Aug 2023 01:14:40 GMT
etag: "0x8DBA508A806EF16"
x-frame-options: ALLOW-FROM https://member.kms.kuronekoyamato.co.jp/
vary: Accept-Encoding
content-type: text/css
x-ms-request-id: b9a9bc95-d01e-002d-0d17-d9963b000000
cache-control: max-age=2597
x-ms-version: 2018-03-28
accept-ranges: bytes

GET
H2 200 12.95bfae83.chunk.css
auth.kms.kuronekoyamato.co.jp/auth/static/css/ 2 KB
1 KB 1319ms
273ms Stylesheet
text/css 23.195.88.235
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.kms.kuronekoyamato.co.jp/auth/static/css/12.95bfae83.chunk.css

Requested by

Host: uikui.com
URL: https://uikui.com/login.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.195.88.235 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-195-88-235.deploy.static.akamaitechnologies.com

Software

Resource Hash

26dde8e017d2839076f26e77aee53c91f526ea3ebe4f6b9daa17d8d7b1288351

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' member.kms.kuronekoyamato.co.jp
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://member.kms.kuronekoyamato.co.jp/

Request headers

accept-language: jp-jp,jp;q=0.9
Referer: https://uikui.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' member.kms.kuronekoyamato.co.jp
strict-transport-security: max-age=15768000
x-content-type-options: nosniff
date: Thu, 31 Aug 2023 01:40:13 GMT
content-encoding: gzip
content-md5: zOzpschPuzfUzYiitHUfIQ==
content-length: 730
last-modified: Fri, 25 Aug 2023 01:14:39 GMT
etag: "0x8DBA508A7F03623"
x-frame-options: ALLOW-FROM https://member.kms.kuronekoyamato.co.jp/
vary: Accept-Encoding
content-type: text/css
x-ms-request-id: c3877f36-001e-0090-0f17-d93f64000000
cache-control: max-age=1832
x-ms-version: 2018-03-28
accept-ranges: bytes

GET
H2 200 site-jquery.min.js Show response
uikui.com/admin/im/ 91 KB
32 KB 377ms
377ms Script
application/javascript 43.163.199.37
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to

Full URL: https://uikui.com/admin/im/site-jquery.min.js
Requested by: Host: uikui.com
URL: https://uikui.com/login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 43.163.199.37 Tokyo, Japan, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: Apache /
Resource Hash: 5994332aadd364a7350ad226ef61c1c75dc97372f739e01682e190be3abaf672

Request headers

accept-language: jp-jp,jp;q=0.9
Referer: https://uikui.com/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 01:40:12 GMT
content-encoding: gzip
last-modified: Sun, 03 Apr 2022 09:44:22 GMT
server: Apache
etag: "16b60-5dbbcdb3b8980-gzip"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 32817

GET
H2 200 layui.js Show response
uikui.com/admin/im/ 284 KB
92 KB 525ms
524ms Script
application/javascript 43.163.199.37
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to

Full URL: https://uikui.com/admin/im/layui.js
Requested by: Host: uikui.com
URL: https://uikui.com/login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 43.163.199.37 Tokyo, Japan, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: Apache /
Resource Hash: bbfe1536a99000acceb61f549aa59354cc596efc9f10d3843aab6b273f5adb1e

Request headers

accept-language: jp-jp,jp;q=0.9
Referer: https://uikui.com/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 01:40:12 GMT
content-encoding: gzip
last-modified: Sun, 03 Apr 2022 09:44:22 GMT
server: Apache
etag: "471da-5dbbcdb3b8980-gzip"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes

GET layer.min.css
cdn.bootcdn.net/ajax/libs/layer/3.5.1/theme/default/ 0
0

GET
H2 200 m=el_main_css
www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.69JJaQ5G5xA.L.W.O/d=0/rs=AN8SPfpC36MIoWPngdVwZ4RUzeJYZaC7rg/ 25 KB
5 KB 1464ms
253ms Stylesheet
text/css 172.217.161.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.69JJaQ5G5xA.L.W.O/d=0/rs=AN8SPfpC36MIoWPngdVwZ4RUzeJYZaC7rg/m=el_main_css

Requested by

Host: uikui.com
URL: https://uikui.com/login.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.161.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt20s09-in-f3.1e100.net

Software

sffe /

Resource Hash

7db470720bc87269e9bf81c2da2649d4f59d54eb54ca5ed4547855758d6688a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: jp-jp,jp;q=0.9
Referer: https://uikui.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 25 Aug 2023 12:34:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 479117
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4396
x-xss-protection: 0
last-modified: Sun, 12 Mar 2023 00:11:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="rosetta"
vary: Accept-Encoding
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 24 Aug 2024 12:34:56 GMT

GET
H2 200 logo-group.1072426d.svg
auth.kms.kuronekoyamato.co.jp/auth/static/media/ 4 KB
2 KB 262ms
262ms Image
image/svg+xml 23.195.88.235
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://auth.kms.kuronekoyamato.co.jp/auth/static/media/logo-group.1072426d.svg

Requested by

Host: uikui.com
URL: https://uikui.com/login.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.195.88.235 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-195-88-235.deploy.static.akamaitechnologies.com

Software

Resource Hash

bb5ef8b752297cdfb9d693164697a0b40c001213f188512582a39e3f4183e30c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' member.kms.kuronekoyamato.co.jp
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://member.kms.kuronekoyamato.co.jp/

Request headers

accept-language: jp-jp,jp;q=0.9
Referer: https://uikui.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' member.kms.kuronekoyamato.co.jp
strict-transport-security: max-age=15768000
x-content-type-options: nosniff
date: Thu, 31 Aug 2023 01:40:13 GMT
content-encoding: gzip
content-md5: EHJCbeM7ChILxe5kDnuIyQ==
content-length: 1724
last-modified: Fri, 25 Aug 2023 01:14:41 GMT
etag: "0x8DBA508A9065ED7"
x-frame-options: ALLOW-FROM https://member.kms.kuronekoyamato.co.jp/
vary: Accept-Encoding
content-type: image/svg+xml
x-ms-request-id: b457c2a2-601e-0096-2f16-d9c568000000
cache-control: max-age=1513
x-ms-version: 2018-03-28
accept-ranges: bytes

GET
H2 404 laydate.css
uikui.com/admin/im/css/modules/laydate/default/ 0
0 250ms
250ms Stylesheet
text/html 43.163.199.37
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to

Full URL: https://uikui.com/admin/im/css/modules/laydate/default/laydate.css?v=5.3.1
Requested by: Host: uikui.com
URL: https://uikui.com/admin/im/layui.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 43.163.199.37 Tokyo, Japan, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

accept-language: jp-jp,jp;q=0.9
Referer: https://uikui.com/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 01:40:13 GMT
server: Apache
content-length: 256
content-type: text/html; charset=iso-8859-1

GET
H2 404 layer.css
uikui.com/admin/im/css/modules/layer/default/ 0
0 252ms
251ms Stylesheet
text/html 43.163.199.37
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to

Full URL: https://uikui.com/admin/im/css/modules/layer/default/layer.css?v=3.5.1
Requested by: Host: uikui.com
URL: https://uikui.com/admin/im/layui.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 43.163.199.37 Tokyo, Japan, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

accept-language: jp-jp,jp;q=0.9
Referer: https://uikui.com/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 01:40:13 GMT
server: Apache
content-length: 256
content-type: text/html; charset=iso-8859-1

GET
H2 404 code.css
uikui.com/admin/im/css/modules/ 0
0 253ms
253ms Stylesheet
text/html 43.163.199.37
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to

Full URL: https://uikui.com/admin/im/css/modules/code.css?v=2
Requested by: Host: uikui.com
URL: https://uikui.com/admin/im/layui.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 43.163.199.37 Tokyo, Japan, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

accept-language: jp-jp,jp;q=0.9
Referer: https://uikui.com/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 01:40:13 GMT
server: Apache
content-length: 256
content-type: text/html; charset=iso-8859-1

GET
H2 200 icon-checkbox.10bb486a.svg
auth.kms.kuronekoyamato.co.jp/auth/static/media/ 235 B
574 B 262ms
262ms Image
image/svg+xml 23.195.88.235
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://auth.kms.kuronekoyamato.co.jp/auth/static/media/icon-checkbox.10bb486a.svg

Requested by

Host: auth.kms.kuronekoyamato.co.jp
URL: https://auth.kms.kuronekoyamato.co.jp/auth/static/css/index.d9ce12f3.chunk.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.195.88.235 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-195-88-235.deploy.static.akamaitechnologies.com

Software

Resource Hash

09c8ae6b88b285be2b79182868239ee5cbe2bcb81db04085980d0c93710f71bb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' member.kms.kuronekoyamato.co.jp
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://member.kms.kuronekoyamato.co.jp/

Request headers

accept-language: jp-jp,jp;q=0.9
Referer: https://auth.kms.kuronekoyamato.co.jp/auth/static/css/index.d9ce12f3.chunk.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' member.kms.kuronekoyamato.co.jp
strict-transport-security: max-age=15768000
x-content-type-options: nosniff
date: Thu, 31 Aug 2023 01:40:42 GMT
content-encoding: gzip
content-md5: ELtIaiD0mgyUlLa8iXpZpQ==
content-length: 185
last-modified: Fri, 25 Aug 2023 01:14:41 GMT
etag: "0x8DBA508A8ABA22A"
x-frame-options: ALLOW-FROM https://member.kms.kuronekoyamato.co.jp/
vary: Accept-Encoding
content-type: image/svg+xml
x-ms-request-id: 82501b2c-101e-0049-7416-d97811000000
cache-control: max-age=1834
x-ms-version: 2018-03-28
accept-ranges: bytes

GET api.php
uikui.com/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cdn.bootcdn.net
URL: https://cdn.bootcdn.net/ajax/libs/layer/3.5.1/theme/default/layer.min.css

Domain: uikui.com
URL: https://uikui.com/api.php?act=ip_save&_r=0.8325556577317748

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Yamato Transport (Transportation)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			uikui.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 171vnu3292gmr5fphi45mcd7cs

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://auth.kms.kuronekoyamato.co.jp/auth/static/css/14.8e59e16a.chunk.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://uikui.com/admin/im/css/modules/laydate/default/laydate.css?v=5.3.1 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://uikui.com/admin/im/css/modules/layer/default/layer.css?v=3.5.1 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://uikui.com/admin/im/css/modules/code.css?v=2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://cdn.bootcdn.net/ajax/libs/layer/3.5.1/theme/default/layer.min.css Message: Failed to load resource: net::ERR_TIMED_OUT

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

auth.kms.kuronekoyamato.co.jp
cdn.bootcdn.net
fujiangupiaopingtai.cn
uikui.com
www.gstatic.com
cdn.bootcdn.net
uikui.com
172.217.161.67
23.195.88.235
43.163.199.37
43.163.208.170
09c8ae6b88b285be2b79182868239ee5cbe2bcb81db04085980d0c93710f71bb
1ebd8c829000cedeb406fed7213e8891ca0358ef5258fb1c5d0475d4603a895e
26dde8e017d2839076f26e77aee53c91f526ea3ebe4f6b9daa17d8d7b1288351
5994332aadd364a7350ad226ef61c1c75dc97372f739e01682e190be3abaf672
7db470720bc87269e9bf81c2da2649d4f59d54eb54ca5ed4547855758d6688a0
8b63cf1fe86c4d0d0d76cc40f73ef441d331044cc8956a7428893710d381d4f4
a531913b92863a94f364f68cc584f764038e85094b5ce67939eb1bdeed80bea0
bb5ef8b752297cdfb9d693164697a0b40c001213f188512582a39e3f4183e30c
bbfe1536a99000acceb61f549aa59354cc596efc9f10d3843aab6b273f5adb1e
f552a445e6d3f9180c8f648e9287c74d2d24a9e865dd5e7385d5c1d5ae700814
f62b06e7eb5a5bcf2b488e84ddbdf094463348f17d971f7606838864000eee5b

uikui.com Open in urlscan Pro 43.163.199.37 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

88 %HTTPS

0 %IPv6

5 Domains

5 Subdomains

4 IPs

2 Countries

168 kBTransfer

664 kBSize

1 Cookies

23 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

1 Cookies

5 Console Messages

Indicators

uikui.com Open in urlscan Pro
43.163.199.37 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

88 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

4
IPs

2
Countries

168 kB
Transfer

664 kB
Size

1
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!