singin.cr.rnufg.jp.xzoyvzl3b.cn Open in urlscan Pro
204.44.68.164  Malicious Activity! Public Scan

URL: https://singin.cr.rnufg.jp.xzoyvzl3b.cn/newsplus/cardBrand0013/lid/news_ja/index?mode=sp
Submission: On May 25 via manual from JP — Scanned from JP

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 5 HTTP transactions. The main IP is 204.44.68.164, located in Los Angeles, United States and belongs to ASN-QUADRANET-GLOBAL, US. The main domain is singin.cr.rnufg.jp.xzoyvzl3b.cn.
TLS certificate: Issued by R3 on May 24th 2022. Valid for: 3 months.
This is the only time singin.cr.rnufg.jp.xzoyvzl3b.cn was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: MUFG (Banking)

Domain & IP information

IP Address AS Autonomous System
5 204.44.68.164 8100 (ASN-QUADR...)
5 2
Apex Domain
Subdomains
Transfer
5 xzoyvzl3b.cn
singin.cr.rnufg.jp.xzoyvzl3b.cn
508 KB
5 1
Domain Requested by
5 singin.cr.rnufg.jp.xzoyvzl3b.cn singin.cr.rnufg.jp.xzoyvzl3b.cn
5 1

This site contains no links.

Subject Issuer Validity Valid
singin.cr.rnufg.jp.wti0qt1kh.cn
R3
2022-05-24 -
2022-08-22
3 months crt.sh

This page contains 1 frames:

Primary Page: https://singin.cr.rnufg.jp.xzoyvzl3b.cn/newsplus/cardBrand0013/lid/news_ja/index?mode=sp
Frame ID: 615761ADA46203B94BBD7E11687E7AD9
Requests: 15 HTTP requests in this frame

Screenshot

Page Title

お持ちのカードブランドをご選択ください(ログイン)|クレジットカードなら三菱UFJニコス

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

508 kB
Transfer

2191 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request index
singin.cr.rnufg.jp.xzoyvzl3b.cn/newsplus/cardBrand0013/lid/news_ja/
564 B
462 B
Document
General
Full URL
https://singin.cr.rnufg.jp.xzoyvzl3b.cn/newsplus/cardBrand0013/lid/news_ja/index?mode=sp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.44.68.164 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
204.44.68.164.static.quadranet.com
Software
Apache /
Resource Hash
d98ae7399e0928efa6cdf55572104362747c3a71a84ef62a594999a7241c2359

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
324
content-type
text/html
date
Wed, 25 May 2022 03:08:12 GMT
etag
"234-5dfcb68d99b80-gzip"
last-modified
Wed, 25 May 2022 00:46:54 GMT
server
Apache
vary
Accept-Encoding
app.0.65508701022767221653410800215.css
singin.cr.rnufg.jp.xzoyvzl3b.cn/static/css/
2 MB
378 KB
Stylesheet
General
Full URL
https://singin.cr.rnufg.jp.xzoyvzl3b.cn/static/css/app.0.65508701022767221653410800215.css
Requested by
Host: singin.cr.rnufg.jp.xzoyvzl3b.cn
URL: https://singin.cr.rnufg.jp.xzoyvzl3b.cn/newsplus/cardBrand0013/lid/news_ja/index?mode=sp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.44.68.164 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
204.44.68.164.static.quadranet.com
Software
Apache /
Resource Hash
71762a828a162bf8f9dbd227b9522161b4c083f9d2bd193c1013104440d80661

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://singin.cr.rnufg.jp.xzoyvzl3b.cn/newsplus/cardBrand0013/lid/news_ja/index?mode=sp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 25 May 2022 03:08:12 GMT
content-encoding
gzip
last-modified
Wed, 25 May 2022 00:46:54 GMT
server
Apache
etag
"1c96f3-5dfcb68d99b80-gzip"
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
1653410800215.0.098329443184525631653410800215.js
singin.cr.rnufg.jp.xzoyvzl3b.cn/static/js/
238 KB
84 KB
Script
General
Full URL
https://singin.cr.rnufg.jp.xzoyvzl3b.cn/static/js/1653410800215.0.098329443184525631653410800215.js
Requested by
Host: singin.cr.rnufg.jp.xzoyvzl3b.cn
URL: https://singin.cr.rnufg.jp.xzoyvzl3b.cn/newsplus/cardBrand0013/lid/news_ja/index?mode=sp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.44.68.164 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
204.44.68.164.static.quadranet.com
Software
Apache /
Resource Hash
38eba71c37e843e74fff964854c4238f80d0fb9298420d2a6d8bad7dbcd34f72

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://singin.cr.rnufg.jp.xzoyvzl3b.cn/newsplus/cardBrand0013/lid/news_ja/index?mode=sp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 25 May 2022 03:08:12 GMT
content-encoding
gzip
last-modified
Wed, 25 May 2022 00:46:54 GMT
server
Apache
etag
"3b8f2-5dfcb68d99b80-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
app.0.098329443184525631653410800215.js
singin.cr.rnufg.jp.xzoyvzl3b.cn/static/js/
3 KB
2 KB
Script
General
Full URL
https://singin.cr.rnufg.jp.xzoyvzl3b.cn/static/js/app.0.098329443184525631653410800215.js
Requested by
Host: singin.cr.rnufg.jp.xzoyvzl3b.cn
URL: https://singin.cr.rnufg.jp.xzoyvzl3b.cn/newsplus/cardBrand0013/lid/news_ja/index?mode=sp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.44.68.164 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
204.44.68.164.static.quadranet.com
Software
Apache /
Resource Hash
4b7b355ee3b6bf3009342b7219968c23a164f01e10eb3d7f02e57360a09679ac

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://singin.cr.rnufg.jp.xzoyvzl3b.cn/newsplus/cardBrand0013/lid/news_ja/index?mode=sp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 25 May 2022 03:08:12 GMT
content-encoding
gzip
last-modified
Wed, 25 May 2022 00:46:54 GMT
server
Apache
etag
"d8b-5dfcb68d99b80-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
content-length
1493
2.0.61286541169754231653410800215.js
singin.cr.rnufg.jp.xzoyvzl3b.cn/static/js/
71 KB
45 KB
Script
General
Full URL
https://singin.cr.rnufg.jp.xzoyvzl3b.cn/static/js/2.0.61286541169754231653410800215.js
Requested by
Host: singin.cr.rnufg.jp.xzoyvzl3b.cn
URL: https://singin.cr.rnufg.jp.xzoyvzl3b.cn/static/js/1653410800215.0.098329443184525631653410800215.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.44.68.164 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
204.44.68.164.static.quadranet.com
Software
Apache /
Resource Hash
39528e1be8c50f74c353e5779b1f466ee58d1c5ce7443077630355e1578e1764

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://singin.cr.rnufg.jp.xzoyvzl3b.cn/newsplus/cardBrand0013/lid/news_ja/index?mode=sp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 25 May 2022 03:08:14 GMT
content-encoding
gzip
last-modified
Wed, 25 May 2022 00:46:54 GMT
server
Apache
etag
"11b5c-5dfcb68d99b80-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
truncated
/
8 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e49fa26ee4876e79e8c467cd465ea52c16976a5b5d48eb0debd21f9ca0e20f4f

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
5 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
312b9fa9a58397fe88dd293b3287c3ef83b91c3233ca941aa9d0e2d600fb6a33

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b768935f52cf68fde3ed1e5c9d497c747e6425deb4035a697f8ce276753b3962

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2cabbccc3abc56ba8fcea48e3cf4b167617de9647cb4d28ace844fc4ebfebbff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
4 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7cdfb3c9638d76088f839359838c8e866fd157949b39966fa8843c8fe0b09a9d

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
4 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9a577180d63af91b2384c9209e114325399e7877159eb06cfaeb8e3ac16d87f9

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
7 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e35a2ef4a53b81daf35cd980bd377ca19ce87b2afe14870c3ce9ff6e0d6c0ea0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
6 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
32f130f5fa6c1621ff325fbddb92709681cb0f96237cf078360c8d2a906e092a

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
6 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
159b4da7e1be69f72f4801a1287af455735447c28810185429bc0c76aba5d315

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
4 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8fbe7f781ca130b05f7b27bd0c4563c9976739a1541aa0e453207e8ec764afec

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: MUFG (Banking)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails function| webpackJsonp object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill

0 Cookies