www.duba.com
Open in
urlscan Pro
65.153.158.204
Malicious Activity!
Public Scan
Effective URL: https://www.duba.com/iedns2.html?q=http%3A%2F%2Fwww.bk.spbankjapan.jp%2F
Submission: On September 15 via manual from JP
Summary
TLS certificate: Issued by GlobalSign Organization Validation CA... on July 16th 2018. Valid for: 2 years.
This is the only time www.duba.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Japan Post (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
13 | 199.192.28.131 199.192.28.131 | 22612 (NAMECHEAP...) (NAMECHEAP-NET - Namecheap) | |
2 | 104.27.175.113 104.27.175.113 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 3 | 65.153.158.204 65.153.158.204 | 209 (CENTURYLI...) (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications) | |
1 | 103.235.46.39 103.235.46.39 | 55967 (CNNIC-BAI...) (CNNIC-BAIDU-AP Beijing Baidu Netcom Science and Technology Co.) | |
2 | 116.211.183.234 116.211.183.234 | 58563 (CHINATELE...) (CHINATELECOM-HUBEI-IDC CHINANET Hubei province network) | |
1 | 2401:b180:200... 2401:b180:2000:20::23 | 37963 (CNNIC-ALI...) (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.) | |
22 | 7 |
ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US)
bk.spbankjapan.jp |
ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US)
www.duba.com |
ASN55967 (CNNIC-BAIDU-AP Beijing Baidu Netcom Science and Technology Co., Ltd., CN)
www.baidu.com |
ASN58563 (CHINATELECOM-HUBEI-IDC CHINANET Hubei province network, CN)
w.cnzz.com | |
c.cnzz.com |
ASN37963 (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN)
q1.cnzz.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
spbankjapan.jp
bk.spbankjapan.jp |
226 KB |
3 |
cnzz.com
w.cnzz.com c.cnzz.com q1.cnzz.com |
5 KB |
3 |
duba.com
1 redirects
www.duba.com |
31 KB |
2 |
5uu8.com
sslcode.5uu8.com |
6 KB |
1 |
baidu.com
www.baidu.com |
|
0 |
ijinshan.com
Failed
js.stat.ijinshan.com Failed |
|
22 | 6 |
Domain | Requested by | |
---|---|---|
13 | bk.spbankjapan.jp |
bk.spbankjapan.jp
|
3 | www.duba.com |
1 redirects
bk.spbankjapan.jp
www.duba.com |
2 | sslcode.5uu8.com |
bk.spbankjapan.jp
sslcode.5uu8.com |
1 | q1.cnzz.com | |
1 | c.cnzz.com |
w.cnzz.com
|
1 | w.cnzz.com |
www.duba.com
|
1 | www.baidu.com |
www.duba.com
|
0 | js.stat.ijinshan.com Failed |
www.duba.com
|
22 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.bk.spbankjapan.jp |
quanjing.cnzz.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
bk.spbankjapan.jp Let's Encrypt Authority X3 |
2019-09-15 - 2019-12-14 |
3 months | crt.sh |
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2019-07-07 - 2020-07-06 |
a year | crt.sh |
*.duba.com GlobalSign Organization Validation CA - SHA256 - G2 |
2018-07-16 - 2020-07-16 |
2 years | crt.sh |
baidu.com GlobalSign Organization Validation CA - SHA256 - G2 |
2019-05-09 - 2020-06-25 |
a year | crt.sh |
*.cnzz.com GlobalSign Organization Validation CA - SHA256 - G2 |
2019-03-05 - 2020-03-05 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://www.duba.com/iedns2.html?q=http%3A%2F%2Fwww.bk.spbankjapan.jp%2F
Frame ID: A8C5DC8D724883BEFD88C13EDF3A8DCD
Requests: 21 HTTP requests in this frame
Frame:
https://www.baidu.com/s?word=bk.spbankjapan&tn=98012088_3_dg&ch=13
Frame ID: 0730B808088718C13291859186267A21
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://bk.spbankjapan.jp/ Page URL
-
http://www.duba.com/iedns2.html?q=http%3A%2F%2Fwww.bk.spbankjapan.jp%2F
HTTP 302
https://www.duba.com/iedns2.html?q=http%3A%2F%2Fwww.bk.spbankjapan.jp%2F Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: http://www.bk.spbankjapan.jp/
Search URL Search Domain Scan URL
Title: 全景统计
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://bk.spbankjapan.jp/ Page URL
-
http://www.duba.com/iedns2.html?q=http%3A%2F%2Fwww.bk.spbankjapan.jp%2F
HTTP 302
https://www.duba.com/iedns2.html?q=http%3A%2F%2Fwww.bk.spbankjapan.jp%2F Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
bk.spbankjapan.jp/ |
10 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dgCJbase.css
bk.spbankjapan.jp/static/yahulogin/ |
160 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
bk.spbankjapan.jp/static/yahulogin/ |
90 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mjl.js
bk.spbankjapan.jp/static/yahulogin/ |
37 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
heightLine.js
bk.spbankjapan.jp/static/yahulogin/ |
4 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
run.js
bk.spbankjapan.jp/static/yahulogin/ |
65 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dgbjRequestControllerP01.js
bk.spbankjapan.jp/static/yahulogin/ |
18 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rh.js
bk.spbankjapan.jp/static/yahulogin/ |
30 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rsa.js
bk.spbankjapan.jp/static/yahulogin/ |
36 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DFCJheader_img_01.jpg
bk.spbankjapan.jp/static/yahulogin/ |
34 KB 34 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DFCJdirect_img_01.jpg
bk.spbankjapan.jp/static/yahulogin/ |
25 KB 25 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DFCJfooter_img_01.jpg
bk.spbankjapan.jp/static/yahulogin/ |
24 KB 25 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DFCJfooter_img_02.jpg
bk.spbankjapan.jp/static/yahulogin/ |
28 KB 28 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ip_7117.js
sslcode.5uu8.com/ip/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ipchk_7117_68747470733A2F2F626B2E737062616E6B6A6170616E2E6A702F_null_z2i00_2824.js
sslcode.5uu8.com/ip/ |
9 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
iedns2.html
www.duba.com/ Redirect Chain
|
5 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
visit3.js
www.duba.com/static/images/lb404/ |
79 KB 28 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
s
www.baidu.com/ Frame 0730 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
s
js.stat.ijinshan.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
c.php
w.cnzz.com/ |
11 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
core.php
c.cnzz.com/ |
968 B 878 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
stat.htm
q1.cnzz.com/ |
2 B 113 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- js.stat.ijinshan.com
- URL
- http://js.stat.ijinshan.com/s?st=__dh&site=dh123/proxy/tj/s?st=__proxy&site=dh123&type=https
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Japan Post (Transportation)24 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| isIE boolean| isIE6 function| loadJS string| freshUrl function| query function| createIframe object| DUBA function| loadImg function| visitContent function| trace function| __trace function| __tj object| Stat string| httpsStr string| cnzzUrl function| $ function| jQuery string| type number| MyTime object| _cz_loaded string| _cz_account object| _czc object| _CNZZDbridge_30086238 object| cnzz_image_19024863584 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.baidu.com/ | Name: BAIDUID Value: 6E1F9E762174A1A040DBB9347ED9090B:FG=1 |
|
www.baidu.com/ | Name: H_PS_645EC Value: 06a2KoSI%2BuH9TnXCPnxQuJtC%2FICJrMkWdIaLM%2FP15FRkI6FqFQoKeWkwBEBl0Ll5pqobvA |
|
.baidu.com/ | Name: BDORZ Value: FFFB88E999055A3F8A630C64834BD6D0 |
|
www.baidu.com/ | Name: BD_UPN Value: 123353 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bk.spbankjapan.jp
c.cnzz.com
js.stat.ijinshan.com
q1.cnzz.com
sslcode.5uu8.com
w.cnzz.com
www.baidu.com
www.duba.com
js.stat.ijinshan.com
103.235.46.39
104.27.175.113
116.211.183.234
199.192.28.131
2401:b180:2000:20::23
65.153.158.204
0e911544d53d576c00e5722b33665d352c1d3b29fbee71e2d59b2875a8b638a7
191928d7797918661d5d6b7a07e07c42eb6ecf7dd1f8142013e06b2fad001c61
20638e363fcc5152155f24b281303e17da62da62d24ef5dcf863b184d9a25734
22deb3c288aa42cc50140d782d5f4f7d1619857a9df25db9cf925b6fdb30f8db
42cc3f08a5352b84820590bf61c7a29f6c82f4154813f1b656029e8c7e5162b9
431871579bb1ebe8ec1fd0a4376b266310796d8c67dc065de4df7cf07ff6cf1b
687a7cfdd4e43597c21ef511d6c819835c6dc8c96f7e5f95697d07749b766e82
6a3a7e7dacffe678071af680dacaa04449dcfadfb7c885010f1631c80cffe61f
793c2f3d02d0bc3ad8a2cdc901b2134159b66245e951ac258fee1ac8b2709f44
b4ff878c5eb95950a30cbb613830ff9bb4842bdd7762b822a9f4591cb2dc64eb
b69b85b67228b0b0906f6646a2e6d40cb498182f050a2fb3ec81befffd28207a
bba6bb5574079ddb3ac6429c42f528af399b5f9e129a10cf52625d4c2a3ddc1b
c22cc6ac9b1c3975b4a0a40d5176fb4e7f76d27530834366711e122a8ac351af
c3d3b737d923d09f376c899f78f860ee079aa7924cf9224c921fb0f15d8cdcee
dd3ae908c5cb79587bf5dcf052996cfd472ae4c0e52c743095ec23b441a96e54
df37b50a146f18a4114ae19e7455a9d7be88142fb19fbcaf4c6c1a83c14e9a03
e23c1c6a155ed200cf9e674d81d3f2830ce77b45cc96640728d3ee8c0e31d937
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e80f13597462e80d0da05f4f881dbd904ada4e0cda477e47121825a0ce8c72b9