mujerjffnr.click Open in urlscan Pro
193.143.1.205 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://mujerjffnr.click/
Effective URL:
https://mujerjffnr.click/sigin/mujerjffnr.php?582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab...
Submission: On June 28 via manual (June 28th 2024, 3:31:01 am UTC) from JP — Scanned from JP

Summary HTTP 8 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 193.143.1.205, located in Moscow, Russian Federation and belongs to PROTON66, RU. The main domain is mujerjffnr.click.
TLS certificate: Issued by R10 on June 28th 2024. Valid for: 3 months.

This is the only time mujerjffnr.click was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Mizuho Bank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
1 9	193.143.1.205 193.143.1.205		198953 (PROTON66) (PROTON66)
8	1

9 193.143.1.205 (Moscow, Russian Federation) 1 redirects

ASN198953 (PROTON66, RU)

mujerjffnr.click	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	mujerjffnr.click 1 redirects mujerjffnr.click	24 KB
8	1

	Domain	Requested by
9	mujerjffnr.click	1 redirects mujerjffnr.click
8	1

This site contains links to these domains. Also see Links.

Domain
login.striouo.icu

Subject Issuer	Validity	Valid
mujerjffnr.click R10	`2024-06-28` - `2024-09-26`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://mujerjffnr.click/sigin/mujerjffnr.php?582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53
Frame ID: A10906FDB97A84AE6C866A66C5E1D846
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

みずほダイレクト

Page URL History Show full URLs

http://mujerjffnr.click/ HTTP 307
https://mujerjffnr.click/ HTTP 302
https://mujerjffnr.click/sigin/mujerjffnr.php?582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

24 kB
Transfer

95 kB
Size

1
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://login.striouo.icu/login
Title: みずほ銀行WEBサイト

Search URL Search Domain Scan URL

URL: https://login.striouo.icu/index.html
Title: ＰＣサイト

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://mujerjffnr.click/ HTTP 307
https://mujerjffnr.click/ HTTP 302
https://mujerjffnr.click/sigin/mujerjffnr.php?582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request mujerjffnr.php Show response mujerjffnr.click/sigin/ Redirect Chain http://mujerjffnr.click/ https://mujerjffnr.click/ https://mujerjffnr.click/sigin/mujerjffnr.php?582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873...	45 KB 7 KB	289ms 289ms	Document text/html	193.143.1.205 PROTON66
General Check archive.org Show headers Download Go to Full URL https://mujerjffnr.click/sigin/mujerjffnr.php?582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 193.143.1.205 Moscow, Russian Federation, ASN198953 (PROTON66, RU), Reverse DNS Software Apache / Resource Hash `5a8ea77a3b1e5bd1e144d8e4bbdabe1f0e70779691251fae18d551476988b5d8` Request headers Accept-Language ja-JP,ja;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers cache-control no-store, no-cache, must-revalidate content-encoding gzip content-length 7537 content-type text/html; charset=UTF-8 date Fri, 28 Jun 2024 03:30:56 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server Apache vary Accept-Encoding Redirect headers cache-control no-store, no-cache, must-revalidate content-encoding gzip content-length 25 content-type text/html; charset=UTF-8 date Fri, 28 Jun 2024 03:30:56 GMT expires Thu, 19 Nov 1981 08:52:00 GMT location ./sigin/mujerjffnr.php?582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53 pragma no-cache server Apache vary Accept-Encoding
GET H2	200	spreset.css mujerjffnr.click/sigin/1_files/	746 B 489 B	282ms 281ms	Stylesheet text/css	193.143.1.205 PROTON66
General Check archive.org Show headers Download Go to Full URL https://mujerjffnr.click/sigin/1_files/spreset.css Requested by Host: mujerjffnr.click URL: https://mujerjffnr.click/sigin/mujerjffnr.php?582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 193.143.1.205 Moscow, Russian Federation, ASN198953 (PROTON66, RU), Reverse DNS Software Apache / Resource Hash `467ced84e1cc9309b6542b7d0b912f66e018b07032e245fdcea5591f5ac43af8` Request headers Accept-Language ja-JP,ja;q=0.9;q=0.9 Referer https://mujerjffnr.click/sigin/mujerjffnr.php?582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Fri, 28 Jun 2024 03:30:56 GMT content-encoding gzip last-modified Sun, 16 Jul 2023 07:03:33 GMT server Apache etag "2ea-6009547ae5b40-gzip" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 436
GET H2	200	spcommon.css mujerjffnr.click/sigin/1_files/	40 KB 8 KB	284ms 284ms	Stylesheet text/css	193.143.1.205 PROTON66
General Check archive.org Show headers Download Go to Full URL https://mujerjffnr.click/sigin/1_files/spcommon.css Requested by Host: mujerjffnr.click URL: https://mujerjffnr.click/sigin/mujerjffnr.php?582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 193.143.1.205 Moscow, Russian Federation, ASN198953 (PROTON66, RU), Reverse DNS Software Apache / Resource Hash `ee01d14e00ada3492d97c9c3a933c242a3bbf7663772af9454c9e55359fbdcb3` Request headers Accept-Language ja-JP,ja;q=0.9;q=0.9 Referer https://mujerjffnr.click/sigin/mujerjffnr.php?582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Fri, 28 Jun 2024 03:30:56 GMT content-encoding gzip last-modified Sun, 16 Jul 2023 07:03:33 GMT server Apache etag "a1ec-6009547ae5b40-gzip" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 8144
GET H2	200	i00000.css mujerjffnr.click/sigin/1_files/	1 KB 522 B	281ms 281ms	Stylesheet text/css	193.143.1.205 PROTON66
General Check archive.org Show headers Download Go to Full URL https://mujerjffnr.click/sigin/1_files/i00000.css Requested by Host: mujerjffnr.click URL: https://mujerjffnr.click/sigin/mujerjffnr.php?582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 193.143.1.205 Moscow, Russian Federation, ASN198953 (PROTON66, RU), Reverse DNS Software Apache / Resource Hash `2fead80f99c09429bc0379e06d117fad24dc7c7052b1e6f223147bfb3dd2d8a5` Request headers Accept-Language ja-JP,ja;q=0.9;q=0.9 Referer https://mujerjffnr.click/sigin/mujerjffnr.php?582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Fri, 28 Jun 2024 03:30:56 GMT content-encoding gzip last-modified Sun, 16 Jul 2023 07:03:33 GMT server Apache etag "520-6009547ae5b40-gzip" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 432
GET H2	200	loginBannerSp.gif mujerjffnr.click/sigin/1_files/	6 KB 6 KB	282ms 281ms	Image image/gif	193.143.1.205 PROTON66
General Check archive.org Show headers Download Go to Show image Full URL https://mujerjffnr.click/sigin/1_files/loginBannerSp.gif Requested by Host: mujerjffnr.click URL: https://mujerjffnr.click/sigin/mujerjffnr.php?582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 193.143.1.205 Moscow, Russian Federation, ASN198953 (PROTON66, RU), Reverse DNS Software Apache / Resource Hash `e077e318c22e3aef42a08e74933f8e3fe39f143eb9ff97adf1fc321108d1b901` Request headers Accept-Language ja-JP,ja;q=0.9;q=0.9 Referer https://mujerjffnr.click/sigin/mujerjffnr.php?582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Fri, 28 Jun 2024 03:30:56 GMT last-modified Sun, 16 Jul 2023 07:03:33 GMT server Apache accept-ranges bytes etag "17bc-6009547ae5b40" content-length 6076 content-type image/gif
GET H2	404	pc_ipn01.gif mujerjffnr.click/sigin/images/	263 B 263 B	283ms 282ms	Image text/html	193.143.1.205 PROTON66
General Check archive.org Show headers Download Go to Show image Full URL https://mujerjffnr.click/sigin/images/pc_ipn01.gif Requested by Host: mujerjffnr.click URL: https://mujerjffnr.click/sigin/1_files/spcommon.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 193.143.1.205 Moscow, Russian Federation, ASN198953 (PROTON66, RU), Reverse DNS Software Apache / Resource Hash `4382452c5ac1caa17c7d759f0478f40ddf3d1d040fc041e7ccc33285de0542b1` Request headers Accept-Language ja-JP,ja;q=0.9;q=0.9 Referer https://mujerjffnr.click/sigin/1_files/spcommon.css User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Fri, 28 Jun 2024 03:30:57 GMT server Apache content-length 263 content-type text/html; charset=iso-8859-1
GET H2	404	help.gif mujerjffnr.click/sigin/images/	263 B 263 B	280ms 280ms	Image text/html	193.143.1.205 PROTON66
General Check archive.org Show headers Download Go to Show image Full URL https://mujerjffnr.click/sigin/images/help.gif Requested by Host: mujerjffnr.click URL: https://mujerjffnr.click/sigin/1_files/spcommon.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 193.143.1.205 Moscow, Russian Federation, ASN198953 (PROTON66, RU), Reverse DNS Software Apache / Resource Hash `4382452c5ac1caa17c7d759f0478f40ddf3d1d040fc041e7ccc33285de0542b1` Request headers Accept-Language ja-JP,ja;q=0.9;q=0.9 Referer https://mujerjffnr.click/sigin/1_files/spcommon.css User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Fri, 28 Jun 2024 03:30:57 GMT server Apache content-length 263 content-type text/html; charset=iso-8859-1
GET H2	200	favicon.ico mujerjffnr.click/	864 B 920 B	298ms 297ms	Other image/gif	193.143.1.205 PROTON66
General Check archive.org Show headers Download Go to Full URL https://mujerjffnr.click/favicon.ico Protocol H2 Security TLS 1.3, , AES_256_GCM Server 193.143.1.205 Moscow, Russian Federation, ASN198953 (PROTON66, RU), Reverse DNS Software Apache / Resource Hash `06040156cd20865621e6715ea5011581242b85a1109c3d4b82264f144fdb9726` Request headers Accept-Language ja-JP,ja;q=0.9;q=0.9 Referer https://mujerjffnr.click/sigin/mujerjffnr.php?582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers pragma no-cache date Fri, 28 Jun 2024 03:30:57 GMT content-encoding gzip server Apache vary Accept-Encoding content-type image/gif cache-control no-store, no-cache, must-revalidate content-length 887 expires Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Mizuho Bank (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			mujerjffnr.click/	1969-12-31 23:59:59	Name: PHPSESSID Value: h3cfbtj2tcvug7vtmeefomre2b

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://mujerjffnr.click/sigin/mujerjffnr.php?582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53582f1677ab4dd4daea873e56c45d4a53=582f1677ab4dd4daea873e56c45d4a53(Line 9) Message: The value "320px" for key "width" was truncated to its numeric prefix.
network	error	URL: https://mujerjffnr.click/sigin/images/help.gif Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://mujerjffnr.click/sigin/images/pc_ipn01.gif Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

mujerjffnr.click
193.143.1.205
06040156cd20865621e6715ea5011581242b85a1109c3d4b82264f144fdb9726
2fead80f99c09429bc0379e06d117fad24dc7c7052b1e6f223147bfb3dd2d8a5
4382452c5ac1caa17c7d759f0478f40ddf3d1d040fc041e7ccc33285de0542b1
467ced84e1cc9309b6542b7d0b912f66e018b07032e245fdcea5591f5ac43af8
5a8ea77a3b1e5bd1e144d8e4bbdabe1f0e70779691251fae18d551476988b5d8
e077e318c22e3aef42a08e74933f8e3fe39f143eb9ff97adf1fc321108d1b901
ee01d14e00ada3492d97c9c3a933c242a3bbf7663772af9454c9e55359fbdcb3

mujerjffnr.click Open in urlscan Pro 193.143.1.205 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

24 kBTransfer

95 kBSize

1 Cookies

2 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

3 Console Messages

Indicators

mujerjffnr.click Open in urlscan Pro
193.143.1.205 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

24 kB
Transfer

95 kB
Size

1
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!