login.rnufg.jp.gpqthb.top
Open in
urlscan Pro
104.129.8.100
Malicious Activity!
Public Scan
Effective URL: https://login.rnufg.jp.gpqthb.top/
Submission: On September 13 via manual from JP — Scanned from JP
Summary
TLS certificate: Issued by R3 on September 10th 2022. Valid for: 3 months.
This is the only time login.rnufg.jp.gpqthb.top was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: MUFG (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:10:... 2606:4700:10::ac43:1e1 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 2 | 2404:6800:400... 2404:6800:4004:825::200e | 15169 (GOOGLE) (GOOGLE) | |
1 | 2404:6800:400... 2404:6800:4004:801::2001 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2404:6800:400... 2404:6800:4004:823::2003 | 15169 (GOOGLE) (GOOGLE) | |
7 | 104.129.8.100 104.129.8.100 | 8100 (ASN-QUADR...) (ASN-QUADRANET-GLOBAL) | |
1 | 2606:4700:303... 2606:4700:3032::ac43:b596 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
12 | 6 |
ASN15169 (GOOGLE, US)
www-login--cr--rnuf--jp-workers-dev.translate.goog |
ASN8100 (ASN-QUADRANET-GLOBAL, US)
PTR: 104.129.8.100.static.quadranet.com
login.rnufg.jp.gpqthb.top |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
gpqthb.top
login.rnufg.jp.gpqthb.top |
1 MB |
2 |
gstatic.com
www.gstatic.com |
96 KB |
2 |
google.com
1 redirects
translate.google.com — Cisco Umbrella Rank: 2180 |
27 KB |
1 |
fh-008.xyz
fh.fh-008.xyz |
532 B |
1 |
translate.goog
www-login--cr--rnuf--jp-workers-dev.translate.goog |
1 KB |
1 |
tinyurl.com
1 redirects
tinyurl.com — Cisco Umbrella Rank: 25277 |
407 B |
12 | 6 |
Domain | Requested by | |
---|---|---|
7 | login.rnufg.jp.gpqthb.top |
www-login--cr--rnuf--jp-workers-dev.translate.goog
login.rnufg.jp.gpqthb.top |
2 | www.gstatic.com |
www-login--cr--rnuf--jp-workers-dev.translate.goog
|
2 | translate.google.com |
1 redirects
www-login--cr--rnuf--jp-workers-dev.translate.goog
|
1 | fh.fh-008.xyz |
login.rnufg.jp.gpqthb.top
|
1 | www-login--cr--rnuf--jp-workers-dev.translate.goog | |
1 | tinyurl.com | 1 redirects |
12 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.googleusercontent.com GTS CA 1C3 |
2022-08-22 - 2022-11-14 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2022-08-22 - 2022-11-14 |
3 months | crt.sh |
*.google.com GTS CA 1C3 |
2022-08-22 - 2022-11-14 |
3 months | crt.sh |
login.rnufg.jp.htuygn.top R3 |
2022-09-10 - 2022-12-09 |
3 months | crt.sh |
*.fh-008.xyz E1 |
2022-08-21 - 2022-11-19 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://login.rnufg.jp.gpqthb.top/
Frame ID: BA94F5B7CE0FE68A1EDEF8C6FD299023
Requests: 22 HTTP requests in this frame
Screenshot
Page Title
お持ちのカードブランドをご選択ください(ログイン)|クレジットカードなら三菱UFJニコスPage URL History Show full URLs
-
https://tinyurl.com/42a6st2a
HTTP 301
https://translate.google.com/translate?sl=auto&tl=ja&hl=ja&u=https://www.login-cr-rnuf-jp.workers.dev/&cl... HTTP 302
https://www-login--cr--rnuf--jp-workers-dev.translate.goog/?_x_tr_sl=auto&_x_tr_tl=ja&_x_tr_hl=ja&_x_tr_pto=wapp Page URL
- https://login.rnufg.jp.gpqthb.top/ Page URL
Detected technologies
Vue.js (JavaScript Frameworks) ExpandDetected patterns
- <[^>]+\sdata-v(?:ue)?-
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://tinyurl.com/42a6st2a
HTTP 301
https://translate.google.com/translate?sl=auto&tl=ja&hl=ja&u=https://www.login-cr-rnuf-jp.workers.dev/&client=webapp HTTP 302
https://www-login--cr--rnuf--jp-workers-dev.translate.goog/?_x_tr_sl=auto&_x_tr_tl=ja&_x_tr_hl=ja&_x_tr_pto=wapp Page URL
- https://login.rnufg.jp.gpqthb.top/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://tinyurl.com/42a6st2a HTTP 301
- https://translate.google.com/translate?sl=auto&tl=ja&hl=ja&u=https://www.login-cr-rnuf-jp.workers.dev/&client=webapp HTTP 302
- https://www-login--cr--rnuf--jp-workers-dev.translate.goog/?_x_tr_sl=auto&_x_tr_tl=ja&_x_tr_hl=ja&_x_tr_pto=wapp
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
www-login--cr--rnuf--jp-workers-dev.translate.goog/ Redirect Chain
|
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m=ajaxproxy
www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.ja.ztFs1a7NfpA.O/d=1/rs=AN8SPfqTPnxdBEZ6tqLLXgiSBSA9irc0sg/ |
70 KB 70 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m=navigationui
www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.ja.ztFs1a7NfpA.O/d=1/exm=ajaxproxy,el_conf/ed=1/rs=AN8SPfqTPnxdBEZ6tqLLXgiSBSA9irc0sg/ |
25 KB 26 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
element.js
translate.google.com/translate_a/ |
78 KB 26 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
login.rnufg.jp.gpqthb.top/ |
562 B 702 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.0.24606573696720481662965181952.css
login.rnufg.jp.gpqthb.top/static/css/ |
4 MB 1 MB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1662965181952.0.83415036922210061662965181952.js
login.rnufg.jp.gpqthb.top/static/js/ |
235 KB 83 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.0.83415036922210061662965181952.js
login.rnufg.jp.gpqthb.top/static/js/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5.0.91034791714023271662965181952.js
login.rnufg.jp.gpqthb.top/static/js/ |
1 KB 616 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mufg-sy-v1.php
fh.fh-008.xyz/ |
1 B 532 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jump.php
login.rnufg.jp.gpqthb.top/ |
2 B 128 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2.0.91034791714023271662965181952.js
login.rnufg.jp.gpqthb.top/static/js/ |
71 KB 45 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
8 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
7 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
6 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
6 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: MUFG (Banking)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| webpackJsonp object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.google.com/ | Name: NID Value: 511=fYvGZbsLumHbutyLHRDwYDx5qlzG0yJu9V0-6MOvajdSLIp3z24wmrcocl-yl5xX3AM05FeCTtT--NB9ThXyYsleAY8vqU7R72XivGnqsz4mxIQvtn2ZywvFIqsHufJw1gs3vmFCU6kiJQxEIZpzb9DzzbopK0-TEzK04vt82Kc |
|
login.rnufg.jp.gpqthb.top/ | Name: PHPSESSID Value: s10v8dldtjfj2qceajah042pl9 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | frame-ancestors *.translate.goog |
X-Content-Type-Options | nosniff |
X-Xss-Protection | 0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fh.fh-008.xyz
login.rnufg.jp.gpqthb.top
tinyurl.com
translate.google.com
www-login--cr--rnuf--jp-workers-dev.translate.goog
www.gstatic.com
104.129.8.100
2404:6800:4004:801::2001
2404:6800:4004:823::2003
2404:6800:4004:825::200e
2606:4700:10::ac43:1e1
2606:4700:3032::ac43:b596
159b4da7e1be69f72f4801a1287af455735447c28810185429bc0c76aba5d315
2cabbccc3abc56ba8fcea48e3cf4b167617de9647cb4d28ace844fc4ebfebbff
312b9fa9a58397fe88dd293b3287c3ef83b91c3233ca941aa9d0e2d600fb6a33
32f130f5fa6c1621ff325fbddb92709681cb0f96237cf078360c8d2a906e092a
39528e1be8c50f74c353e5779b1f466ee58d1c5ce7443077630355e1578e1764
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7cdfb3c9638d76088f839359838c8e866fd157949b39966fa8843c8fe0b09a9d
8fbe7f781ca130b05f7b27bd0c4563c9976739a1541aa0e453207e8ec764afec
9a577180d63af91b2384c9209e114325399e7877159eb06cfaeb8e3ac16d87f9
a4e82caf4d31b9b4d3fed34ae9a278a9364e15883de3cdc85be1ae2e92e8e4fd
afbfaa8ab37758f4db3ff7b69e20726d69bae40e33205ff33ce668294e743b67
b768935f52cf68fde3ed1e5c9d497c747e6425deb4035a697f8ce276753b3962
cccf7feb7301195d11054f1d6429c129a6f06317c51104727ef04d0159da8f76
d8463bd3ba4b10e5916f65fa7b0c1f9f91f67ca40cc25b48810fb2f5a3340488
e35a2ef4a53b81daf35cd980bd377ca19ce87b2afe14870c3ce9ff6e0d6c0ea0
e49fa26ee4876e79e8c467cd465ea52c16976a5b5d48eb0debd21f9ca0e20f4f
ea243326108fd5cdcd37925a983f846ed6b7c03fd950c153969385685ee7112d
ef94a8184f5816467e87e672165191e9e06624fed264c9381056811ef795f2b6