jp-bank-japanpest-jp.cn
Open in
urlscan Pro
154.92.15.22
Malicious Activity!
Public Scan
URL:
https://jp-bank-japanpest-jp.cn/tp1web/step1
Submission: On March 12 via manual from JP
Submission: On March 12 via manual from JP
Summary
This website contacted 3 IPs
in 2 countries
across 2 domains to perform 20 HTTP transactions.
The main IP is 154.92.15.22, located in
United States and
belongs to HKKF-AS-AP hongkong kwaifong information service limited, HK.
The main domain is jp-bank-japanpest-jp.cn.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on March 11th 2019. Valid for: a year.
This is the only time jp-bank-japanpest-jp.cn was scanned on urlscan.io!
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on March 11th 2019. Valid for: a year.
This is the only time jp-bank-japanpest-jp.cn was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Japan Post (Transportation)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 4 | 154.92.15.22 154.92.15.22 | 133115 (HKKF-AS-A...) (HKKF-AS-AP hongkong kwaifong information service limited) | |
| 15 | 68.232.34.214 68.232.34.214 | 15133 (EDGECAST) (EDGECAST - MCI Communications Services) | |
| 1 | 54.248.216.50 54.248.216.50 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 20 | 3 |
4
154.92.15.22
(United States)
ASN133115 (HKKF-AS-AP hongkong kwaifong information service limited, HK)
ASN133115 (HKKF-AS-AP hongkong kwaifong information service limited, HK)
| jp-bank-japanpest-jp.cn |
15
68.232.34.214
(United States)
ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)
ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)
| cache.jp-bank.japanpost.jp |
1
54.248.216.50
(Tokyo, Japan)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-248-216-50.ap-northeast-1.compute.amazonaws.com
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-248-216-50.ap-northeast-1.compute.amazonaws.com
| directss.jp-bank.japanpost.jp |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 16 |
japanpost.jp
cache.jp-bank.japanpost.jp directss.jp-bank.japanpost.jp |
555 KB |
| 4 |
jp-bank-japanpest-jp.cn
jp-bank-japanpest-jp.cn |
10 KB |
| 20 | 2 |
| Domain | Requested by | |
|---|---|---|
| 15 | cache.jp-bank.japanpost.jp |
jp-bank-japanpest-jp.cn
|
| 4 | jp-bank-japanpest-jp.cn |
jp-bank-japanpest-jp.cn
|
| 1 | directss.jp-bank.japanpost.jp |
jp-bank-japanpest-jp.cn
|
| 20 | 3 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| jp-bank-japanpest-jp.cn Sectigo RSA Domain Validation Secure Server CA |
2019-03-11 - 2020-03-10 |
a year | crt.sh |
| cache.jp-bank.japanpost.jp Cybertrust Japan EV CA G2 |
2018-08-03 - 2019-08-03 |
a year | crt.sh |
| directss.jp-bank.japanpost.jp Cybertrust Japan Extended Validation Server CA |
2019-02-12 - 2020-02-12 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://jp-bank-japanpest-jp.cn/tp1web/step1
Frame ID: 810981A69F293BE7ADDD075616F35D5F
Requests: 20 HTTP requests in this frame
Screenshot
Detected technologies
Windows Server
(Operating Systems)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /IIS(?:\/([\d.]+))?/i
IIS
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /IIS(?:\/([\d.]+))?/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
step1
jp-bank-japanpest-jp.cn/tp1web/ |
12 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
dgCJbase.css
cache.jp-bank.japanpost.jp/pages/sp/etc/css/ |
160 KB 160 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.js
cache.jp-bank.japanpost.jp/pages/sp/etc/js/ |
90 KB 91 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
mjl.js
cache.jp-bank.japanpost.jp/pages/sp/etc/js/ |
37 KB 38 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
heightLine.js
cache.jp-bank.japanpost.jp/pages/sp/etc/js/ |
4 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
run.js
cache.jp-bank.japanpost.jp/pages/sp/etc/js/ |
61 KB 61 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
dgbjRequestControllerP01.js
cache.jp-bank.japanpost.jp/pages/sp/etc/js/ |
18 KB 18 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
rh.js
directss.jp-bank.japanpost.jp/js/ |
30 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
rsa.js
cache.jp-bank.japanpost.jp/pages/sp/etc/js/ |
36 KB 36 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
layer.js
jp-bank-japanpest-jp.cn/Static/js/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
base.js
jp-bank-japanpest-jp.cn/Scripts/ |
1 KB 863 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
DFCJheader_img_01.jpg
cache.jp-bank.japanpost.jp/pages/sp/etc/img/shared/ |
34 KB 34 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
DFCJdirect_img_01.jpg
cache.jp-bank.japanpost.jp/pages/sp/etc/img/shared/ |
25 KB 25 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
DFCJfooter_img_01.jpg
cache.jp-bank.japanpost.jp/pages/sp/etc/img/shared/ |
24 KB 25 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
DFCJfooter_img_02.jpg
cache.jp-bank.japanpost.jp/pages/sp/etc/img/shared/ |
28 KB 28 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
layer.css
jp-bank-japanpest-jp.cn/Static/js/need/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
DFCJicon_05.gif
cache.jp-bank.japanpost.jp/pages/sp/etc/img/icon/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
DFCJicon_04.gif
cache.jp-bank.japanpost.jp/pages/sp/etc/img/icon/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
DFCJicon_01.gif
cache.jp-bank.japanpost.jp/pages/sp/etc/img/icon/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
DFCJicon_window01.gif
cache.jp-bank.japanpost.jp/pages/sp/etc/img/icon/ |
336 B 577 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Japan Post (Transportation)129 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery object| MJL function| pathReplace object| jQuery191003204679802677246 number| N3H69241_sh function| nd_shtml function| Ah3_sh object| z_sh object| wo_sh boolean| ije_sh boolean| ije9_sh boolean| ije10_sh string| zM_sh function| uw_sh function| ep_sh string| yM_sh function| ct44_shtml object| scpt_sh function| dec_shtml function| Ct44_shtml string| m_shtml function| rr_sh function| nd_sh object| nk_sh string| ua_sh number| pa_sh boolean| mac_sh function| at1_sh function| as_sh boolean| lge_sh undefined| lxE_sh boolean| kon_sh function| fJ_sh boolean| fas_sh boolean| goog_sh boolean| alreadyClicked boolean| isCanceled function| dcRequest string| wid string| hei string| men string| too string| loc string| sta string| res string| scr string| opt function| dcPrintRequest function| dcAbort function| cgfLoadHomepage string| gPwcHost function| dnre function| lgin string| gPWDone function| uuid object| buttons function| Hashtable function| startsWith function| DomDataCollection function| IE_FingerPrint function| Mozilla_FingerPrint function| Opera_FingerPrint function| Timer function| getRandomPort object| ProxyCollector function| BlackberryLocationCollector function| detectFields string| SEP string| PAIR string| DEV function| FingerPrint function| urlEncode function| encode_deviceprint function| decode_deviceprint function| post_deviceprint function| post_fingerprints function| add_deviceprint function| form_add_data function| form_add_deviceprint string| HTML5 string| BLACKBERRY string| UNDEFINED string| GEO_LOCATION_DEFAULT_STRUCT object| geoLocator boolean| geoLocatorStatus function| detectDeviceCollectionAPIMode function| init function| startCollection function| stopCollection function| getGeolocationStruct function| HTML5LocationCollector object| UIEventCollector function| UIEvent function| InteractionElement function| UIElementList function| activeXDetect function| stripIllegalChars function| stripFullPath object| BrowserDetect function| convertTimestampToGMT function| getTimestampInMillis function| debug function| forceIE89Synchronicity object| layer object| clientJS number| callId function| reloadPage function| _ajaxWating function| gostep1 object| $SelectSelect number| $SelectChecked object| $checkCondition object| $checkMail object| $radio01_01 object| $radio01_02 object| $radio01_03 object| $radio02_03 object| $radio02_01 object| $hiddenbtn string| className string| parentClassName object| reg object| objCN function| changeBoxSize function| checkBoxSize0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cache.jp-bank.japanpost.jp
directss.jp-bank.japanpost.jp
jp-bank-japanpest-jp.cn
154.92.15.22
54.248.216.50
68.232.34.214
0e911544d53d576c00e5722b33665d352c1d3b29fbee71e2d59b2875a8b638a7
1ad6b8a39233e2a4e95482aeb604632832c5b9bde9e766fe08f4159071a10582
20638e363fcc5152155f24b281303e17da62da62d24ef5dcf863b184d9a25734
22deb3c288aa42cc50140d782d5f4f7d1619857a9df25db9cf925b6fdb30f8db
4955aa2395d8e41159c629e2d3499ab7ac79a8145d227dd26ff3af27edd0c8bb
52ae81cbc6c5d4b1b4ca0cdf26428c04b8b50685ea18f3bacee6fa14f39a1f69
5bebfb103b0cc0d2b8dd0ac518d533e6b94a9b40438084e85044adeaf732c907
5cf91dca7435b946a8507e291e748627fb3387ce4263ee8aa89e679825d777c5
5e0016456a5d9e672e8e28743acb4bf1cf8c96fb5d929258b911eb8b2eb65c32
687a7cfdd4e43597c21ef511d6c819835c6dc8c96f7e5f95697d07749b766e82
6a3a7e7dacffe678071af680dacaa04449dcfadfb7c885010f1631c80cffe61f
793c2f3d02d0bc3ad8a2cdc901b2134159b66245e951ac258fee1ac8b2709f44
8a61a9ed7cea7928e3879e36640c5a96c887433a274c3317841637739968153e
b4ff878c5eb95950a30cbb613830ff9bb4842bdd7762b822a9f4591cb2dc64eb
c22cc6ac9b1c3975b4a0a40d5176fb4e7f76d27530834366711e122a8ac351af
c771ef4e24cb545cd2bb0ab7aba2265ad2a67d5fa703c45061906b44c3767841
cdf726c77b80867ab5634c25ea66d3d709cdd60c67b615a06e7fd0953f8197c8
e1cd88260dfea794ab0f7377db9de6cf5e2ea70cf255aa46557883eb94926059
e23c1c6a155ed200cf9e674d81d3f2830ce77b45cc96640728d3ee8c0e31d937
e6d36a0ee66e195d1de998f527d04d339923f46934b65a24e1bf24479e6188c1