urlscan.io logo urlscan.io
SecurityTrails logo

www.duba.com Open in urlscan Pro
65.153.158.204  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://bk.spbankjapan.jp/
Effective URL: https://www.duba.com/iedns2.html?q=http%3A%2F%2Fwww.bk.spbankjapan.jp%2F
Submission: On September 15 via manual from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 3 countries across 6 domains to perform 22 HTTP transactions. The main IP is 65.153.158.204, located in Colorado Springs, United States and belongs to CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US. The main domain is www.duba.com.
TLS certificate: Issued by GlobalSign Organization Validation CA... on July 16th 2018. Valid for: 2 years.
This is the only time www.duba.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Japan Post (Transportation)

Domain & IP information

IP Address AS Autonomous System
13 199.192.28.131 22612 (NAMECHEAP...)
2 104.27.175.113 13335 (CLOUDFLAR...)
1 3 65.153.158.204 209 (CENTURYLI...)
1 103.235.46.39 55967 (CNNIC-BAI...)
2 116.211.183.234 58563 (CHINATELE...)
1 2401:b180:200... 37963 (CNNIC-ALI...)
22 7
13    199.192.28.131 (Los Angeles, United States)

ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US)
bk.spbankjapan.jp
2    104.27.175.113 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
sslcode.5uu8.com
3    65.153.158.204 (Colorado Springs, United States)

ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US)
www.duba.com
1    103.235.46.39 (Hong Kong)

ASN55967 (CNNIC-BAIDU-AP Beijing Baidu Netcom Science and Technology Co., Ltd., CN)
www.baidu.com
2    116.211.183.234 (China)

ASN58563 (CHINATELECOM-HUBEI-IDC CHINANET Hubei province network, CN)
w.cnzz.com
c.cnzz.com
1    2401:b180:2000:20::23 (China)

ASN37963 (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN)
q1.cnzz.com
Domain Requested by
13 bk.spbankjapan.jp bk.spbankjapan.jp
3 www.duba.com 1 redirects bk.spbankjapan.jp
www.duba.com
2 sslcode.5uu8.com bk.spbankjapan.jp
sslcode.5uu8.com
1 q1.cnzz.com
1 c.cnzz.com w.cnzz.com
1 w.cnzz.com www.duba.com
1 www.baidu.com www.duba.com
0 js.stat.ijinshan.com Failed www.duba.com
22 8

This site contains links to these domains. Also see Links.

Domain
www.bk.spbankjapan.jp
quanjing.cnzz.com
Subject Issuer Validity Valid
bk.spbankjapan.jp
Let's Encrypt Authority X3		 2019-09-15 -
2019-12-14		 3 months crt.sh
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2019-07-07 -
2020-07-06		 a year crt.sh
*.duba.com
GlobalSign Organization Validation CA - SHA256 - G2		 2018-07-16 -
2020-07-16		 2 years crt.sh
baidu.com
GlobalSign Organization Validation CA - SHA256 - G2		 2019-05-09 -
2020-06-25		 a year crt.sh
*.cnzz.com
GlobalSign Organization Validation CA - SHA256 - G2		 2019-03-05 -
2020-03-05		 a year crt.sh

This page contains 2 frames:

Primary Page: https://www.duba.com/iedns2.html?q=http%3A%2F%2Fwww.bk.spbankjapan.jp%2F
Frame ID: A8C5DC8D724883BEFD88C13EDF3A8DCD
Requests: 21 HTTP requests in this frame

Frame: https://www.baidu.com/s?word=bk.spbankjapan&tn=98012088_3_dg&ch=13
Frame ID: 0730B808088718C13291859186267A21
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://bk.spbankjapan.jp/ Page URL
  2. http://www.duba.com/iedns2.html?q=http%3A%2F%2Fwww.bk.spbankjapan.jp%2F HTTP 302
    https://www.duba.com/iedns2.html?q=http%3A%2F%2Fwww.bk.spbankjapan.jp%2F Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

22
Requests

95 %
HTTPS

17 %
IPv6

6
Domains

8
Subdomains

7
IPs

3
Countries

268 kB
Transfer

667 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://bk.spbankjapan.jp/ Page URL
  2. http://www.duba.com/iedns2.html?q=http%3A%2F%2Fwww.bk.spbankjapan.jp%2F HTTP 302
    https://www.duba.com/iedns2.html?q=http%3A%2F%2Fwww.bk.spbankjapan.jp%2F Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
bk.spbankjapan.jp/ 		10 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bk.spbankjapan.jp/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.192.28.131 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
b69b85b67228b0b0906f6646a2e6d40cb498182f050a2fb3ec81befffd28207a

Request headers

:method
GET
:authority
bk.spbankjapan.jp
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
navigate
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1

Response headers

status
200
date
Sun, 15 Sep 2019 08:45:46 GMT
server
Apache
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, no-cache, private
pragma
no-cache
set-cookie
PHPSESSID=fkni1kcmm8t0nb1bnkfa0jn28k; path=/ XSRF-TOKEN=eyJpdiI6Ik1HMlNUeDl3b25LQ1lIbzdEMzlGbEE9PSIsInZhbHVlIjoiWUo3ejlXYjRkMXhcL2N3ZmZWXC9kRkZLajM5RU94dW03U0hBNHp4NUtadWtXdkRkcFBzRk1lMnZiZUp5RzZIaTdFIiwibWFjIjoiZDY1OGI5YjRjYzc5NWM2ZmJjZWFlZGM3NzU3OTk2MzkyYWEzYmUxYjJmZWRjMGM0MzU5NTRhZWEwNzdhNzg2ZCJ9; expires=Sun, 15-Sep-2019 10:45:46 GMT; Max-Age=7200; path=/ laravel_session=eyJpdiI6InVGbzQyVWxiZVVMNnhaU3FDQmJnckE9PSIsInZhbHVlIjoiYTdRenJiem1BZHFNU0tHdlY3eEZHelVrRUlMRzdqWkJIOTFNaTVKejJKeSs2cDB5djNRVnZ6cjRYRGZ3NXZzbyIsIm1hYyI6ImI4YWJiMThhNjRkM2FlMTRjZTRhZDdmNjYzZTNlOTQ5OTY1MTE5YWI4OGE2ZGY1ZTBmZGJiMjBkNDE1M2JmZmUifQ%3D%3D; expires=Sun, 15-Sep-2019 10:45:46 GMT; Max-Age=7200; path=/; httponly
vary
Accept-Encoding
content-encoding
gzip
content-length
3578
content-type
text/html; charset=UTF-8
dgCJbase.css
bk.spbankjapan.jp/static/yahulogin/ 		160 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bk.spbankjapan.jp/static/yahulogin/dgCJbase.css
Requested by
Host: bk.spbankjapan.jp
URL: https://bk.spbankjapan.jp/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.192.28.131 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
42cc3f08a5352b84820590bf61c7a29f6c82f4154813f1b656029e8c7e5162b9

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spbankjapan.jp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 15 Sep 2019 08:45:46 GMT
content-encoding
gzip
last-modified
Thu, 05 Sep 2019 18:17:20 GMT
server
Apache
etag
"27f38-591d25512ac00-gzip"
vary
Accept-Encoding
content-type
text/css
status
200
accept-ranges
bytes
content-length
25486
jquery.js
bk.spbankjapan.jp/static/yahulogin/ 		90 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bk.spbankjapan.jp/static/yahulogin/jquery.js
Requested by
Host: bk.spbankjapan.jp
URL: https://bk.spbankjapan.jp/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.192.28.131 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
20638e363fcc5152155f24b281303e17da62da62d24ef5dcf863b184d9a25734

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spbankjapan.jp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 15 Sep 2019 08:45:46 GMT
content-encoding
gzip
last-modified
Thu, 05 Sep 2019 18:17:20 GMT
server
Apache
etag
"169d9-591d25512ac00-gzip"
vary
Accept-Encoding
content-type
application/javascript
status
200
accept-ranges
bytes
content-length
32784
mjl.js
bk.spbankjapan.jp/static/yahulogin/ 		37 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bk.spbankjapan.jp/static/yahulogin/mjl.js
Requested by
Host: bk.spbankjapan.jp
URL: https://bk.spbankjapan.jp/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.192.28.131 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
0e911544d53d576c00e5722b33665d352c1d3b29fbee71e2d59b2875a8b638a7

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spbankjapan.jp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 15 Sep 2019 08:45:46 GMT
content-encoding
gzip
last-modified
Thu, 05 Sep 2019 18:17:20 GMT
server
Apache
etag
"95da-591d25512ac00-gzip"
vary
Accept-Encoding
content-type
application/javascript
status
200
accept-ranges
bytes
content-length
11996
heightLine.js
bk.spbankjapan.jp/static/yahulogin/ 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bk.spbankjapan.jp/static/yahulogin/heightLine.js
Requested by
Host: bk.spbankjapan.jp
URL: https://bk.spbankjapan.jp/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.192.28.131 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
687a7cfdd4e43597c21ef511d6c819835c6dc8c96f7e5f95697d07749b766e82

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spbankjapan.jp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 15 Sep 2019 08:45:46 GMT
content-encoding
gzip
last-modified
Thu, 05 Sep 2019 18:17:20 GMT
server
Apache
etag
"fd8-591d25512ac00-gzip"
vary
Accept-Encoding
content-type
application/javascript
status
200
accept-ranges
bytes
content-length
1172
run.js
bk.spbankjapan.jp/static/yahulogin/ 		65 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bk.spbankjapan.jp/static/yahulogin/run.js
Requested by
Host: bk.spbankjapan.jp
URL: https://bk.spbankjapan.jp/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.192.28.131 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
c3d3b737d923d09f376c899f78f860ee079aa7924cf9224c921fb0f15d8cdcee

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spbankjapan.jp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 15 Sep 2019 08:45:46 GMT
content-encoding
gzip
last-modified
Thu, 05 Sep 2019 18:17:20 GMT
server
Apache
etag
"10347-591d25512ac00-gzip"
vary
Accept-Encoding
content-type
application/javascript
status
200
accept-ranges
bytes
content-length
11938
dgbjRequestControllerP01.js
bk.spbankjapan.jp/static/yahulogin/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bk.spbankjapan.jp/static/yahulogin/dgbjRequestControllerP01.js
Requested by
Host: bk.spbankjapan.jp
URL: https://bk.spbankjapan.jp/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.192.28.131 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
e23c1c6a155ed200cf9e674d81d3f2830ce77b45cc96640728d3ee8c0e31d937

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spbankjapan.jp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 15 Sep 2019 08:45:46 GMT
content-encoding
gzip
last-modified
Thu, 05 Sep 2019 18:17:20 GMT
server
Apache
etag
"461c-591d25512ac00-gzip"
vary
Accept-Encoding
content-type
application/javascript
status
200
accept-ranges
bytes
content-length
4869
rh.js
bk.spbankjapan.jp/static/yahulogin/ 		30 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bk.spbankjapan.jp/static/yahulogin/rh.js
Requested by
Host: bk.spbankjapan.jp
URL: https://bk.spbankjapan.jp/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.192.28.131 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
191928d7797918661d5d6b7a07e07c42eb6ecf7dd1f8142013e06b2fad001c61

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spbankjapan.jp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 15 Sep 2019 08:45:46 GMT
content-encoding
gzip
last-modified
Thu, 05 Sep 2019 18:17:20 GMT
server
Apache
etag
"7616-591d25512ac00-gzip"
vary
Accept-Encoding
content-type
application/javascript
status
200
accept-ranges
bytes
content-length
12696
rsa.js
bk.spbankjapan.jp/static/yahulogin/ 		36 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bk.spbankjapan.jp/static/yahulogin/rsa.js
Requested by
Host: bk.spbankjapan.jp
URL: https://bk.spbankjapan.jp/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.192.28.131 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
793c2f3d02d0bc3ad8a2cdc901b2134159b66245e951ac258fee1ac8b2709f44

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spbankjapan.jp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 15 Sep 2019 08:45:46 GMT
content-encoding
gzip
last-modified
Thu, 05 Sep 2019 18:17:20 GMT
server
Apache
etag
"8ffb-591d25512ac00-gzip"
vary
Accept-Encoding
content-type
application/javascript
status
200
accept-ranges
bytes
content-length
10641
DFCJheader_img_01.jpg
bk.spbankjapan.jp/static/yahulogin/ 		34 KB
34 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bk.spbankjapan.jp/static/yahulogin/DFCJheader_img_01.jpg
Requested by
Host: bk.spbankjapan.jp
URL: https://bk.spbankjapan.jp/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.192.28.131 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
22deb3c288aa42cc50140d782d5f4f7d1619857a9df25db9cf925b6fdb30f8db

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spbankjapan.jp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 15 Sep 2019 08:45:46 GMT
last-modified
Thu, 05 Sep 2019 18:17:20 GMT
server
Apache
etag
"87ae-591d25512ac00"
content-type
image/jpeg
status
200
accept-ranges
bytes
content-length
34734
DFCJdirect_img_01.jpg
bk.spbankjapan.jp/static/yahulogin/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bk.spbankjapan.jp/static/yahulogin/DFCJdirect_img_01.jpg
Requested by
Host: bk.spbankjapan.jp
URL: https://bk.spbankjapan.jp/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.192.28.131 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
b4ff878c5eb95950a30cbb613830ff9bb4842bdd7762b822a9f4591cb2dc64eb

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spbankjapan.jp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 15 Sep 2019 08:45:46 GMT
last-modified
Thu, 05 Sep 2019 18:17:20 GMT
server
Apache
etag
"625f-591d25512ac00"
content-type
image/jpeg
status
200
accept-ranges
bytes
content-length
25183
DFCJfooter_img_01.jpg
bk.spbankjapan.jp/static/yahulogin/ 		24 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bk.spbankjapan.jp/static/yahulogin/DFCJfooter_img_01.jpg
Requested by
Host: bk.spbankjapan.jp
URL: https://bk.spbankjapan.jp/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.192.28.131 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
6a3a7e7dacffe678071af680dacaa04449dcfadfb7c885010f1631c80cffe61f

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spbankjapan.jp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 15 Sep 2019 08:45:46 GMT
last-modified
Thu, 05 Sep 2019 18:17:20 GMT
server
Apache
etag
"618b-591d25512ac00"
content-type
image/jpeg
status
200
accept-ranges
bytes
content-length
24971
DFCJfooter_img_02.jpg
bk.spbankjapan.jp/static/yahulogin/ 		28 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bk.spbankjapan.jp/static/yahulogin/DFCJfooter_img_02.jpg
Requested by
Host: bk.spbankjapan.jp
URL: https://bk.spbankjapan.jp/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.192.28.131 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
c22cc6ac9b1c3975b4a0a40d5176fb4e7f76d27530834366711e122a8ac351af

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spbankjapan.jp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 15 Sep 2019 08:45:46 GMT
last-modified
Thu, 05 Sep 2019 18:17:20 GMT
server
Apache
etag
"6e5c-591d25512ac00"
content-type
image/jpeg
status
200
accept-ranges
bytes
content-length
28252
ip_7117.js
sslcode.5uu8.com/ip/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sslcode.5uu8.com/ip/ip_7117.js
Requested by
Host: bk.spbankjapan.jp
URL: https://bk.spbankjapan.jp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.27.175.113 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
bba6bb5574079ddb3ac6429c42f528af399b5f9e129a10cf52625d4c2a3ddc1b

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spbankjapan.jp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

pragma
public
date
Sun, 15 Sep 2019 08:45:46 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sun, 15 Sep 2019 08:45:46 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
status
200
cache-control
public, max-age=31536000
cf-ray
5169538d9f74c277-FRA
expires
Mon, 14 Sep 2020 08:45:46 GMT
ipchk_7117_68747470733A2F2F626B2E737062616E6B6A6170616E2E6A702F_null_z2i00_2824.js
sslcode.5uu8.com/ip/ 		9 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sslcode.5uu8.com/ip/ipchk_7117_68747470733A2F2F626B2E737062616E6B6A6170616E2E6A702F_null_z2i00_2824.js
Requested by
Host: sslcode.5uu8.com
URL: https://sslcode.5uu8.com/ip/ip_7117.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.27.175.113 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spbankjapan.jp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

pragma
no-cache
date
Sun, 15 Sep 2019 08:45:47 GMT
content-encoding
br
cf-cache-status
MISS
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
status
200
cache-control
no-store, no-cache, must-revalidate
cf-ray
516953907a2dc277-FRA
expires
Thu, 19 Nov 1981 08:52:00 GMT
Primary Request iedns2.html
www.duba.com/
Redirect Chain
  • http://www.duba.com/iedns2.html?q=http%3A%2F%2Fwww.bk.spbankjapan.jp%2F
  • https://www.duba.com/iedns2.html?q=http%3A%2F%2Fwww.bk.spbankjapan.jp%2F
5 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.duba.com/iedns2.html?q=http%3A%2F%2Fwww.bk.spbankjapan.jp%2F
Requested by
Host: bk.spbankjapan.jp
URL: https://bk.spbankjapan.jp/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
65.153.158.204 Colorado Springs, United States, ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US),
Reverse DNS
Software
nginx/1.8.0 /
Resource Hash
dd3ae908c5cb79587bf5dcf052996cfd472ae4c0e52c743095ec23b441a96e54

Request headers

Host
www.duba.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 15 Sep 2019 08:45:48 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Server
nginx/1.8.0
Last-Modified
Wed, 07 Nov 2018 06:55:03 GMT
Vary
Accept-Encoding
ETag
W/"5be28c47-142f"
ksid
bj78
Content-Encoding
gzip
Access-Control-Allow-Origin
*
X-Ser
BC32_dx-lt-yd-fujian-xiamen-8-cache-3, BC199_US-DistColumbia-washingtonDC-1-cache-1, BC204_US-DistColumbia-washingtonDC-1-cache-2
X-Cache
HIT from BC204_US-DistColumbia-washingtonDC-1-cache-2(baishan)

Redirect headers

Date
Sun, 15 Sep 2019 08:45:48 GMT
Content-Length
0
Connection
keep-alive
Server
web cache
Location
https://www.duba.com/iedns2.html?q=http%3A%2F%2Fwww.bk.spbankjapan.jp%2F
Access-Control-Allow-Origin
*
visit3.js
www.duba.com/static/images/lb404/ 		79 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.duba.com/static/images/lb404/visit3.js?v=3
Requested by
Host: www.duba.com
URL: https://www.duba.com/iedns2.html?q=http%3A%2F%2Fwww.bk.spbankjapan.jp%2F
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
65.153.158.204 Colorado Springs, United States, ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US),
Reverse DNS
Software
nginx/1.8.0 /
Resource Hash
df37b50a146f18a4114ae19e7455a9d7be88142fb19fbcaf4c6c1a83c14e9a03

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.duba.com/iedns2.html?q=http%3A%2F%2Fwww.bk.spbankjapan.jp%2F
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 15 Sep 2019 08:45:48 GMT
Content-Encoding
gzip
Last-Modified
Wed, 07 Nov 2018 06:55:36 GMT
Server
nginx/1.8.0
ksid
bj78
ETag
W/"5be28c68-13c3a"
Vary
Accept-Encoding
X-Cache
HIT from BC203_US-DistColumbia-washingtonDC-1-cache-2(baishan)
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Transfer-Encoding
chunked
Connection
keep-alive
X-Ser
BC74_dx-lt-yd-zhejiang-huzhou-3-cache-3, BC231_US-Colorado-Denver-1-cache-2, BC203_US-DistColumbia-washingtonDC-1-cache-2
Cookie set s
www.baidu.com/ Frame 0730 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.baidu.com/s?word=bk.spbankjapan&tn=98012088_3_dg&ch=13
Requested by
Host: www.duba.com
URL: https://www.duba.com/iedns2.html?q=http%3A%2F%2Fwww.bk.spbankjapan.jp%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.39 , Hong Kong, ASN55967 (CNNIC-BAIDU-AP Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
BWS/1.1 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=172800

Request headers

Host
www.baidu.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Referer
https://www.duba.com/iedns2.html?q=http%3A%2F%2Fwww.bk.spbankjapan.jp%2F
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Referer
https://www.duba.com/iedns2.html?q=http%3A%2F%2Fwww.bk.spbankjapan.jp%2F

Response headers

Bdpagetype
3
Bdqid
0xadf176c500076c3e
Cache-Control
private
Ckpacknum
2
Ckrndstr
500076c3e
Connection
Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=utf-8
Date
Sun, 15 Sep 2019 08:45:49 GMT
P3p
CP=" OTI DSP COR IVA OUR IND COM " CP=" OTI DSP COR IVA OUR IND COM "
Server
BWS/1.1
Set-Cookie
BAIDUID=BBD8E7B5B1D2088B538B8452AF288252:FG=1; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com BIDUPSID=BBD8E7B5B1D2088B538B8452AF288252; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com PSTM=1568537149; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com BDRCVFR[4Zjqyl1bxbt]=-tUPB7bzJE6uZNBmi4WUvY; path=/; domain=.baidu.com delPer=0; path=/; domain=.baidu.com BD_CK_SAM=1;path=/ PSINO=7; domain=.baidu.com; path=/ BDSVRTM=14; path=/ H_PS_PSSID=1426_21113_29074_29523_29521_29567_29221; path=/; domain=.baidu.com
Strict-Transport-Security
max-age=172800
Vary
Accept-Encoding
X-Ua-Compatible
IE=Edge,chrome=1
Transfer-Encoding
chunked
s
js.stat.ijinshan.com/ 		0
0
c.php
w.cnzz.com/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://w.cnzz.com/c.php?id=30086238&l=3
Requested by
Host: www.duba.com
URL: https://www.duba.com/iedns2.html?q=http%3A%2F%2Fwww.bk.spbankjapan.jp%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
116.211.183.234 , China, ASN58563 (CHINATELECOM-HUBEI-IDC CHINANET Hubei province network, CN),
Reverse DNS
Software
Tengine / PHP/5.5.25
Resource Hash
431871579bb1ebe8ec1fd0a4376b266310796d8c67dc065de4df7cf07ff6cf1b

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.duba.com/iedns2.html?q=http%3A%2F%2Fwww.bk.spbankjapan.jp%2F
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 15 Sep 2019 08:44:06 GMT
content-encoding
gzip
age
105
x-powered-by
PHP/5.5.25
x-cache
HIT TCP_MEM_HIT dirn:-2:-2
status
200
x-swift-cachetime
5400
x-swift-savetime
Sun, 15 Sep 2019 08:44:06 GMT
content-length
4053
last-modified
Sun, 15 Sep 2019 08:44:06 GMT
server
Tengine
vary
Accept-Encoding
ali-swift-global-savetime
1568537046
content-type
application/javascript
via
cache15.l2cn628[31,200-0,M], cache22.l2cn628[32,0], cache15.cn533[0,200-0,H], cache15.cn533[0,0]
cache-control
max-age=5400,s-maxage=5400
timing-allow-origin
*
eagleid
74d3b72315685371519372802e
core.php
c.cnzz.com/ 		968 B
878 B 		Script
General
Check archive.org
Download Go to
Full URL
https://c.cnzz.com/core.php?web_id=30086238&l=3&t=q
Requested by
Host: w.cnzz.com
URL: https://w.cnzz.com/c.php?id=30086238&l=3
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
116.211.183.234 , China, ASN58563 (CHINATELECOM-HUBEI-IDC CHINANET Hubei province network, CN),
Reverse DNS
Software
Tengine / PHP/5.5.25
Resource Hash
e80f13597462e80d0da05f4f881dbd904ada4e0cda477e47121825a0ce8c72b9

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.duba.com/iedns2.html?q=http%3A%2F%2Fwww.bk.spbankjapan.jp%2F
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 15 Sep 2019 08:33:07 GMT
content-encoding
gzip
age
765
x-powered-by
PHP/5.5.25
x-cache
HIT TCP_MEM_HIT dirn:-2:-2
status
200
x-swift-cachetime
892
x-swift-savetime
Sun, 15 Sep 2019 08:33:15 GMT
content-length
620
last-modified
Sun, 15 Sep 2019 08:33:07 GMT
server
Tengine
vary
Accept-Encoding
ali-swift-global-savetime
1555920049
content-type
application/javascript
via
cache11.l2cn628[0,200-0,H], cache45.l2cn628[0,0], cache20.cn533[0,200-0,H], cache15.cn533[1,0]
timing-allow-origin
*
eagleid
74d3b72315685371522063934e
expires
Sun, 15 Sep 2019 08:48:07 GMT
stat.htm
q1.cnzz.com/ 		2 B
113 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://q1.cnzz.com/stat.htm?id=30086238&r=&lg=en-us&ntime=none&cnzz_eid=721968753-1568537046-&showp=1600x1200&p=https%3A%2F%2Fwww.duba.com%2Fiedns2.html%3Fq%3Dhttp%253A%252F%252Fwww.bk.spbankjapan.jp%252F&t=%E6%AF%92%E9%9C%B8%E7%BD%91%E5%9D%80%E5%A4%A7%E5%85%A8%20-%20%E5%AE%89%E5%85%A8%E5%AE%9E%E7%94%A8%E7%9A%84%E7%BD%91%E5%9D%80%E5%AF%BC%E8%88%AA&umuuid=16d34198a3955d-0e2df684972b42-37647e03-1d4c00-16d34198a3a38a&h=1&rnd=779270888
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2401:b180:2000:20::23 , China, ASN37963 (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.duba.com/iedns2.html?q=http%3A%2F%2Fwww.bk.spbankjapan.jp%2F
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Sun, 15 Sep 2019 08:45:53 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
content-type
text/html; charset=utf-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
js.stat.ijinshan.com
URL
http://js.stat.ijinshan.com/s?st=__dh&site=dh123/proxy/tj/s?st=__proxy&site=dh123&type=https

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Japan Post (Transportation)

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| isIE boolean| isIE6 function| loadJS string| freshUrl function| query function| createIframe object| DUBA function| loadImg function| visitContent function| trace function| __trace function| __tj object| Stat string| httpsStr string| cnzzUrl function| $ function| jQuery string| type number| MyTime object| _cz_loaded string| _cz_account object| _czc object| _CNZZDbridge_30086238 object| cnzz_image_1902486358

4 Cookies

Domain/Path Name / Value
.baidu.com/ Name: BAIDUID
Value: 6E1F9E762174A1A040DBB9347ED9090B:FG=1
www.baidu.com/ Name: H_PS_645EC
Value: 06a2KoSI%2BuH9TnXCPnxQuJtC%2FICJrMkWdIaLM%2FP15FRkI6FqFQoKeWkwBEBl0Ll5pqobvA
.baidu.com/ Name: BDORZ
Value: FFFB88E999055A3F8A630C64834BD6D0
www.baidu.com/ Name: BD_UPN
Value: 123353

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bk.spbankjapan.jp
c.cnzz.com
js.stat.ijinshan.com
q1.cnzz.com
sslcode.5uu8.com
w.cnzz.com
www.baidu.com
www.duba.com
js.stat.ijinshan.com
103.235.46.39
104.27.175.113
116.211.183.234
199.192.28.131
2401:b180:2000:20::23
65.153.158.204
0e911544d53d576c00e5722b33665d352c1d3b29fbee71e2d59b2875a8b638a7
191928d7797918661d5d6b7a07e07c42eb6ecf7dd1f8142013e06b2fad001c61
20638e363fcc5152155f24b281303e17da62da62d24ef5dcf863b184d9a25734
22deb3c288aa42cc50140d782d5f4f7d1619857a9df25db9cf925b6fdb30f8db
42cc3f08a5352b84820590bf61c7a29f6c82f4154813f1b656029e8c7e5162b9
431871579bb1ebe8ec1fd0a4376b266310796d8c67dc065de4df7cf07ff6cf1b
687a7cfdd4e43597c21ef511d6c819835c6dc8c96f7e5f95697d07749b766e82
6a3a7e7dacffe678071af680dacaa04449dcfadfb7c885010f1631c80cffe61f
793c2f3d02d0bc3ad8a2cdc901b2134159b66245e951ac258fee1ac8b2709f44
b4ff878c5eb95950a30cbb613830ff9bb4842bdd7762b822a9f4591cb2dc64eb
b69b85b67228b0b0906f6646a2e6d40cb498182f050a2fb3ec81befffd28207a
bba6bb5574079ddb3ac6429c42f528af399b5f9e129a10cf52625d4c2a3ddc1b
c22cc6ac9b1c3975b4a0a40d5176fb4e7f76d27530834366711e122a8ac351af
c3d3b737d923d09f376c899f78f860ee079aa7924cf9224c921fb0f15d8cdcee
dd3ae908c5cb79587bf5dcf052996cfd472ae4c0e52c743095ec23b441a96e54
df37b50a146f18a4114ae19e7455a9d7be88142fb19fbcaf4c6c1a83c14e9a03
e23c1c6a155ed200cf9e674d81d3f2830ce77b45cc96640728d3ee8c0e31d937
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e80f13597462e80d0da05f4f881dbd904ada4e0cda477e47121825a0ce8c72b9