www.japanpast.huishoukc.com
Open in
urlscan Pro
87.121.112.42
Malicious Activity!
Public Scan
URL:
https://www.japanpast.huishoukc.com/client/index_sp.php
Submission: On February 07 via manual from JP — Scanned from JP
Submission: On February 07 via manual from JP — Scanned from JP
Summary
This website contacted 2 IPs
in 2 countries
across 2 domains to perform 15 HTTP transactions.
The main IP is 87.121.112.42, located in
Bulgaria and
belongs to NETERRA-AS, BG.
The main domain is www.japanpast.huishoukc.com.
TLS certificate: Issued by R3 on February 6th 2024. Valid for: 3 months.
This is the only time www.japanpast.huishoukc.com was scanned on urlscan.io!
TLS certificate: Issued by R3 on February 6th 2024. Valid for: 3 months.
This is the only time www.japanpast.huishoukc.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Japan Post (Transportation)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 5 | 87.121.112.42 87.121.112.42 | 34224 (NETERRA-AS) (NETERRA-AS) | |
| 10 | 23.204.139.78 23.204.139.78 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 15 | 2 |
5
87.121.112.42
(Bulgaria)
ASN34224 (NETERRA-AS, BG)
PTR: 87-121-112-42.cloudware.bg
ASN34224 (NETERRA-AS, BG)
PTR: 87-121-112-42.cloudware.bg
| www.japanpast.huishoukc.com |
10
23.204.139.78
(Tokyo, Japan)
ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-204-139-78.deploy.static.akamaitechnologies.com
ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-204-139-78.deploy.static.akamaitechnologies.com
| cache.jp-bank.japanpost.jp |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 10 |
japanpost.jp
cache.jp-bank.japanpost.jp |
192 KB |
| 5 |
huishoukc.com
www.japanpast.huishoukc.com |
206 KB |
| 15 | 2 |
| Domain | Requested by | |
|---|---|---|
| 10 | cache.jp-bank.japanpost.jp |
www.japanpast.huishoukc.com
cache.jp-bank.japanpost.jp |
| 5 | www.japanpast.huishoukc.com |
www.japanpast.huishoukc.com
|
| 15 | 2 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| www.japanpast.huishoukc.com R3 |
2024-02-06 - 2024-05-06 |
3 months | crt.sh |
| direct.jp-bank.japanpost.jp DigiCert SHA2 Extended Validation Server CA |
2023-08-10 - 2024-08-08 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.japanpast.huishoukc.com/client/index_sp.php
Frame ID: D9FC783FFD72F78F322BF33A3247B34F
Requests: 15 HTTP requests in this frame
Screenshot
Page Title
ゆうちょダイレクト | ログインDetected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
Vue.js
(JavaScript Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- (?:/([\d.]+))?/vue(?:\.min)?\.js
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
index_sp.php
www.japanpast.huishoukc.com/client/ |
13 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dgCJbase.css
cache.jp-bank.japanpost.jp/pages/sp/etc/css/ |
169 KB 26 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
DFCJheader_img_01.jpg
cache.jp-bank.japanpost.jp/pages/sp/etc/img/shared/ |
34 KB 34 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
DFCJdirect_img_01.jpg
cache.jp-bank.japanpost.jp/pages/sp/etc/img/shared/ |
25 KB 25 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
phissingmail.png
cache.jp-bank.japanpost.jp/pages/cmsimage/42/files/Image/ |
49 KB 49 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
DFCJfooter_img_01.jpg
cache.jp-bank.japanpost.jp/pages/sp/etc/img/shared/ |
24 KB 25 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
DFCJfooter_img_02.jpg
cache.jp-bank.japanpost.jp/pages/sp/etc/img/shared/ |
28 KB 28 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
RJ2Ygc
www.japanpast.huishoukc.com/hk1vMFLYzgGONsT8rlAHEVMj/f3Y9V8pQOp5X/RHlsbHcVUgI/EghzT/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
vue.js
www.japanpast.huishoukc.com/js/ |
334 KB 104 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-3.5.1.js
www.japanpast.huishoukc.com/js/ |
281 KB 97 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
index_sp.js
www.japanpast.huishoukc.com/js/ |
822 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
DFCJicon_05.gif
cache.jp-bank.japanpost.jp/pages/sp/etc/img/icon/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
DFCJicon_04.gif
cache.jp-bank.japanpost.jp/pages/sp/etc/img/icon/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
DFCJicon_01.gif
cache.jp-bank.japanpost.jp/pages/sp/etc/img/icon/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
DFCJicon_window01.gif
cache.jp-bank.japanpost.jp/pages/sp/etc/img/icon/ |
336 B 468 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Japan Post (Transportation)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| Vue function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Strict-Transport-Security | max-age=31536000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cache.jp-bank.japanpost.jp
www.japanpast.huishoukc.com
23.204.139.78
87.121.112.42
22deb3c288aa42cc50140d782d5f4f7d1619857a9df25db9cf925b6fdb30f8db
352baa818da109925437a8433057ddc6f91ec48efe88bc5741b2f9e34450fdce
416a3b2c3bf16d64f6b5b6d0f7b079df2267614dd6847fc2f3271b4409233c37
4955aa2395d8e41159c629e2d3499ab7ac79a8145d227dd26ff3af27edd0c8bb
5cf91dca7435b946a8507e291e748627fb3387ce4263ee8aa89e679825d777c5
5e0016456a5d9e672e8e28743acb4bf1cf8c96fb5d929258b911eb8b2eb65c32
6a3a7e7dacffe678071af680dacaa04449dcfadfb7c885010f1631c80cffe61f
9130e0e3645c92054200977231308f4a0542c9800e0b25d1ab564eca5d5baffb
ade0894b61baee4c8b212d36aedb45660c0918a832368f87d6b739694db963da
b4ff878c5eb95950a30cbb613830ff9bb4842bdd7762b822a9f4591cb2dc64eb
bdd8000d37fa4698590e721db10f65f8a2d435cded92f56323fd9e354bf17619
c22cc6ac9b1c3975b4a0a40d5176fb4e7f76d27530834366711e122a8ac351af
c2a5526e7eee1b408fd38e7feba80f88374628bbf1dc9122ad8f09ddb8ff0619
e6d36a0ee66e195d1de998f527d04d339923f46934b65a24e1bf24479e6188c1