![](/screenshots/658cc26c-011d-426b-828a-2e95189dfc78.png)
mujerjffnr.click
Open in
urlscan Pro
193.143.1.205
Malicious Activity!
Public Scan
Effective URL: https://mujerjffnr.click/sigin/mujerjffnr.php?582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab...
Submission: On June 28 via manual from JP — Scanned from JP
Summary
TLS certificate: Issued by R10 on June 28th 2024. Valid for: 3 months.
This is the only time mujerjffnr.click was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Mizuho Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 9 | 193.143.1.205 193.143.1.205 | 198953 (PROTON66) (PROTON66) | |
8 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
mujerjffnr.click
1 redirects
mujerjffnr.click |
24 KB |
8 | 1 |
Domain | Requested by | |
---|---|---|
9 | mujerjffnr.click |
1 redirects
mujerjffnr.click
|
8 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
login.striouo.icu |
Subject Issuer | Validity | Valid | |
---|---|---|---|
mujerjffnr.click R10 |
2024-06-28 - 2024-09-26 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://mujerjffnr.click/sigin/mujerjffnr.php?582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53
Frame ID: A10906FDB97A84AE6C866A66C5E1D846
Requests: 8 HTTP requests in this frame
Screenshot
![](/screenshots/658cc26c-011d-426b-828a-2e95189dfc78.png)
Page Title
みずほダイレクトPage URL History Show full URLs
-
http://mujerjffnr.click/
HTTP 307
https://mujerjffnr.click/ HTTP 302
https://mujerjffnr.click/sigin/mujerjffnr.php?582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e... Page URL
Detected technologies
Detected patterns
- \.php(?:$|\?)
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: みずほ銀行WEBサイト
Search URL Search Domain Scan URL
Title: PCサイト
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://mujerjffnr.click/
HTTP 307
https://mujerjffnr.click/ HTTP 302
https://mujerjffnr.click/sigin/mujerjffnr.php?582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
mujerjffnr.php
mujerjffnr.click/sigin/ Redirect Chain
|
45 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
spreset.css
mujerjffnr.click/sigin/1_files/ |
746 B 489 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
spcommon.css
mujerjffnr.click/sigin/1_files/ |
40 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
i00000.css
mujerjffnr.click/sigin/1_files/ |
1 KB 522 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loginBannerSp.gif
mujerjffnr.click/sigin/1_files/ |
6 KB 6 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pc_ipn01.gif
mujerjffnr.click/sigin/images/ |
263 B 263 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
help.gif
mujerjffnr.click/sigin/images/ |
263 B 263 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
mujerjffnr.click/ |
864 B 920 B |
Other
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Mizuho Bank (Banking)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
undefined| event object| fence object| sharedStorage1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
mujerjffnr.click/ | Name: PHPSESSID Value: h3cfbtj2tcvug7vtmeefomre2b |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
mujerjffnr.click
193.143.1.205
06040156cd20865621e6715ea5011581242b85a1109c3d4b82264f144fdb9726
2fead80f99c09429bc0379e06d117fad24dc7c7052b1e6f223147bfb3dd2d8a5
4382452c5ac1caa17c7d759f0478f40ddf3d1d040fc041e7ccc33285de0542b1
467ced84e1cc9309b6542b7d0b912f66e018b07032e245fdcea5591f5ac43af8
5a8ea77a3b1e5bd1e144d8e4bbdabe1f0e70779691251fae18d551476988b5d8
e077e318c22e3aef42a08e74933f8e3fe39f143eb9ff97adf1fc321108d1b901
ee01d14e00ada3492d97c9c3a933c242a3bbf7663772af9454c9e55359fbdcb3