forest.her.jp Open in urlscan Pro
118.27.125.185 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://forest.her.jp/BDO/sso/login.php
Submission: On October 25 via api (October 25th 2023, 6:46:01 am UTC) from US — Scanned from US

Summary HTTP 16 Redirects Links 34 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 16 HTTP transactions. The main IP is 118.27.125.185, located in Japan and belongs to INTERQ GMO Internet,Inc, JP. The main domain is forest.her.jp.

This is the only time forest.her.jp was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BDO Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
15	118.27.125.185 118.27.125.185	7506 (INTERQ GM...) (INTERQ GMO Internet)
1	104.127.74.218 104.127.74.218	16625 (AKAMAI-AS) (AKAMAI-AS)
16	2

15 118.27.125.185 (Japan)

ASN7506 (INTERQ GMO Internet,Inc, JP)
PTR: 118-27-125-185.virt.lolipop.jp

forest.her.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.127.74.218 (Piscataway, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-127-74-218.deploy.static.akamaitechnologies.com

online.bdo.com.ph	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	her.jp forest.her.jp	247 KB
1	bdo.com.ph online.bdo.com.ph — Cisco Umbrella Rank: 350834	32 KB
16	2

	Domain	Requested by
15	forest.her.jp	forest.her.jp
1	online.bdo.com.ph	forest.her.jp
16	2

This site contains links to these domains. Also see Links.

Domain
www.bdo.com.ph
www.mybdo.com.ph
mycashcard.com.ph
tbg.bdo.com.ph
business.bdo.com.ph

Subject Issuer	Validity	Valid
www.bdo.com.ph DigiCert SHA2 Extended Validation Server CA	`2023-02-05` - `2024-02-07`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://forest.her.jp/BDO/sso/login.php
Frame ID: D0C4962C1A696E32CD8A028DB5FBAF97
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Banco De Oro

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

Page Statistics

16
Requests

6 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

279 kB
Transfer

590 kB
Size

0
Cookies

34 Outgoing links

These are links going to different origins than the main page.

URL: https://www.bdo.com.ph/properties-for-sale
Title: Properties for Sale

Search URL Search Domain Scan URL

URL: https://www.bdo.com.ph/support-topics
Title: FAQs

Search URL Search Domain Scan URL

URL: https://www.bdo.com.ph/promo-list
Title: Promos

Search URL Search Domain Scan URL

URL: https://www.bdo.com.ph/personal/remittance-services/bdo-remit-status-inquiry
Title: Remit Status Inquiry

Search URL Search Domain Scan URL

URL: https://www.bdo.com.ph/subsidiaries
Title: Subsidiaries

Search URL Search Domain Scan URL

URL: https://www.bdo.com.ph/branches-atms-locator
Title: Branches / ATMs

Search URL Search Domain Scan URL

URL: https://www.bdo.com.ph/international-desks
Title: International Desks

Search URL Search Domain Scan URL

URL: https://www.mybdo.com.ph/fo/ribtermsandconditions
Title: Not Yet Enrolled? Enroll Now!

Search URL Search Domain Scan URL

URL: https://www.bdo.com.ph/faqs/otp-faqs
Title: What is a One-Time Password (OTP)

Search URL Search Domain Scan URL

URL: https://mycashcard.com.ph/cashcard/login
Title: Cash Card

Search URL Search Domain Scan URL

URL: https://tbg.bdo.com.ph/ids/
Title: Integrated Disbursement Solutions

Search URL Search Domain Scan URL

URL: https://business.bdo.com.ph/fo/login
Title: Business Online Banking

Search URL Search Domain Scan URL

URL: http://www.bdo.com.ph/
Title: Banco De Oro

Search URL Search Domain Scan URL

URL: https://www.bdo.com.ph/personal
Title: PERSONAL

Search URL Search Domain Scan URL

URL: https://www.bdo.com.ph/business
Title: BUSINESS

Search URL Search Domain Scan URL

URL: https://www.bdo.com.ph/personal/ebanking
Title: eBanking

Search URL Search Domain Scan URL

URL: https://www.bdo.com.ph/personal/accounts
Title: Accounts

Search URL Search Domain Scan URL

URL: https://www.bdo.com.ph/trust-and-investments
Title: Trust and Investments

Search URL Search Domain Scan URL

URL: https://www.bdo.com.ph/personal/loans
Title: Loans

Search URL Search Domain Scan URL

URL: https://www.bdo.com.ph/personal/credit-debit-cards
Title: Credit Cards

Search URL Search Domain Scan URL

URL: https://www.bdo.com.ph/personal/remittance-services
Title: Remittance Services

Search URL Search Domain Scan URL

URL: https://www.bdo.com.ph/personal/insurance
Title: Insurance

Search URL Search Domain Scan URL

URL: https://www.bdo.com.ph/personal/rewards
Title: Rewards

Search URL Search Domain Scan URL

URL: https://www.bdo.com.ph/private-bank-home
Title: Private Bank

Search URL Search Domain Scan URL

URL: https://www.bdo.com.ph/about-bdo/business-operation
Title: About BDO

Search URL Search Domain Scan URL

URL: https://www.bdo.com.ph/corporate-governance
Title: Corporate Governance

Search URL Search Domain Scan URL

URL: https://www.bdo.com.ph/investor-relations/investment-credit-ratings-information
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://www.bdo.com.ph/company-disclosures
Title: Company Disclosures

Search URL Search Domain Scan URL

URL: https://www.bdo.com.ph/contact-us
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.bdo.com.ph/careers
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.bdo.com.ph/news-and-articles
Title: Press Room

Search URL Search Domain Scan URL

URL: https://www.bdo.com.ph/site-map
Title: Site Map

Search URL Search Domain Scan URL

URL: https://www.bdo.com.ph/privacy-policy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.bdo.com.ph/terms-and-conditions
Title: Terms and Conditions

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request login.php Show response
forest.her.jp/BDO/sso/ 28 KB
5 KB 2379ms
350ms Document
text/html 118.27.125.185
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: http://forest.her.jp/BDO/sso/login.php
Protocol: HTTP/1.1
Server: 118.27.125.185 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: 118-27-125-185.virt.lolipop.jp
Software: Apache / PHP/5.3.29
Resource Hash: a6515f2a33dcf88b63c2e708546227a2c05942d4d2ea140bafd20dc2a9d10c01

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Accept-Ranges: none
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 5356
Content-Type: text/html
Date: Wed, 25 Oct 2023 06:45:55 GMT
Server: Apache
Vary: Range,Accept-Encoding
X-Powered-By: PHP/5.3.29

GET
H/1.1 200
OK loginid.css
forest.her.jp/BDO/sso/assets/ 48 KB
10 KB 191ms
185ms Stylesheet
text/css 118.27.125.185
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: http://forest.her.jp/BDO/sso/assets/loginid.css
Requested by: Host: forest.her.jp
URL: http://forest.her.jp/BDO/sso/login.php
Protocol: HTTP/1.1
Server: 118.27.125.185 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: 118-27-125-185.virt.lolipop.jp
Software: Apache /
Resource Hash: 78aa7c76a3cfd0dc66d0bf8dbb3d9ec35aa60a6f7ec97403e0dd369377d42677

Request headers

accept-language: en-US,en;q=0.9
Referer: http://forest.her.jp/BDO/sso/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 06:45:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 06 Jan 2020 07:33:02 GMT
Server: Apache
Vary: Range,Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: none
Content-Length: 9952

GET
H/1.1 200
OK component.style.css
forest.her.jp/BDO/sso/assets/ 16 KB
3 KB 195ms
189ms Stylesheet
text/css 118.27.125.185
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: http://forest.her.jp/BDO/sso/assets/component.style.css
Requested by: Host: forest.her.jp
URL: http://forest.her.jp/BDO/sso/login.php
Protocol: HTTP/1.1
Server: 118.27.125.185 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: 118-27-125-185.virt.lolipop.jp
Software: Apache /
Resource Hash: 056aa250ff5b53b9ae40008aae01d665e1845a6469dc8b91868e0e12fad020da

Request headers

accept-language: en-US,en;q=0.9
Referer: http://forest.her.jp/BDO/sso/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 06:45:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 06 Jan 2020 07:33:02 GMT
Server: Apache
Vary: Range,Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: none
Content-Length: 2631

GET
H/1.1 200
OK jquery-ui-1.8.2.custom.css
forest.her.jp/BDO/sso/assets/ 31 KB
6 KB 375ms
191ms Stylesheet
text/css 118.27.125.185
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: http://forest.her.jp/BDO/sso/assets/jquery-ui-1.8.2.custom.css
Requested by: Host: forest.her.jp
URL: http://forest.her.jp/BDO/sso/login.php
Protocol: HTTP/1.1
Server: 118.27.125.185 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: 118-27-125-185.virt.lolipop.jp
Software: Apache /
Resource Hash: e17ae9c26c4f360fcaef638b4adae6303305b1d7293c1b074d0258c4e3c9db9a

Request headers

accept-language: en-US,en;q=0.9
Referer: http://forest.her.jp/BDO/sso/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 06:45:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 06 Jan 2020 07:33:02 GMT
Server: Apache
Vary: Range,Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: none
Content-Length: 6069

GET
H/1.1 200
OK jquery-1.4.2.min.js Show response
forest.her.jp/BDO/sso/assets/ 70 KB
24 KB 383ms
191ms Script
application/javascript 118.27.125.185
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: http://forest.her.jp/BDO/sso/assets/jquery-1.4.2.min.js
Requested by: Host: forest.her.jp
URL: http://forest.her.jp/BDO/sso/login.php
Protocol: HTTP/1.1
Server: 118.27.125.185 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: 118-27-125-185.virt.lolipop.jp
Software: Apache /
Resource Hash: 877a35ef37e3b8581c24f44fb4af98a7482926be7c77e887dbc7311544efbbae

Request headers

accept-language: en-US,en;q=0.9
Referer: http://forest.her.jp/BDO/sso/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 06:45:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 06 Jan 2020 07:33:02 GMT
Server: Apache
Vary: Range,Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: none
Content-Length: 24391

GET
H/1.1 200
OK ui.core.min.js Show response
forest.her.jp/BDO/sso/assets/ 8 KB
3 KB 383ms
191ms Script
application/javascript 118.27.125.185
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: http://forest.her.jp/BDO/sso/assets/ui.core.min.js
Requested by: Host: forest.her.jp
URL: http://forest.her.jp/BDO/sso/login.php
Protocol: HTTP/1.1
Server: 118.27.125.185 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: 118-27-125-185.virt.lolipop.jp
Software: Apache /
Resource Hash: ae4a14a8f46d78af8b4c94f2f41bcac73ca0499f6a0e46f403849c55eb6351b7

Request headers

accept-language: en-US,en;q=0.9
Referer: http://forest.her.jp/BDO/sso/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 06:45:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 06 Jan 2020 07:33:02 GMT
Server: Apache
Vary: Range,Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: none
Content-Length: 2894

GET
H/1.1 200
OK ccti.js Show response
forest.her.jp/BDO/sso/assets/ 13 KB
4 KB 388ms
194ms Script
application/javascript 118.27.125.185
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: http://forest.her.jp/BDO/sso/assets/ccti.js
Requested by: Host: forest.her.jp
URL: http://forest.her.jp/BDO/sso/login.php
Protocol: HTTP/1.1
Server: 118.27.125.185 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: 118-27-125-185.virt.lolipop.jp
Software: Apache /
Resource Hash: bc4b5cb744834a94ab5969d234f4449a6bef21a89dbaed9b687bea28f123c114

Request headers

accept-language: en-US,en;q=0.9
Referer: http://forest.her.jp/BDO/sso/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 06:45:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 06 Jan 2020 07:33:02 GMT
Server: Apache
Vary: Range,Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: none
Content-Length: 3354

GET
H/1.1 200
OK base.css
forest.her.jp/BDO/sso/assets/ 6 KB
2 KB 369ms
185ms Stylesheet
text/css 118.27.125.185
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: http://forest.her.jp/BDO/sso/assets/base.css
Requested by: Host: forest.her.jp
URL: http://forest.her.jp/BDO/sso/login.php
Protocol: HTTP/1.1
Server: 118.27.125.185 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: 118-27-125-185.virt.lolipop.jp
Software: Apache /
Resource Hash: 401c2fcfcf9fb260a7c6f94da2b665847a4c6951d6b22f5f85977cff1d7111e9

Request headers

accept-language: en-US,en;q=0.9
Referer: http://forest.her.jp/BDO/sso/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 06:45:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 06 Jan 2020 07:33:02 GMT
Server: Apache
Vary: Range,Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: none
Content-Length: 1715

GET
H/1.1 200
OK jquery.rc4.js Show response
forest.her.jp/BDO/sso/assets/ 5 KB
2 KB 387ms
193ms Script
application/javascript 118.27.125.185
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: http://forest.her.jp/BDO/sso/assets/jquery.rc4.js
Requested by: Host: forest.her.jp
URL: http://forest.her.jp/BDO/sso/login.php
Protocol: HTTP/1.1
Server: 118.27.125.185 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: 118-27-125-185.virt.lolipop.jp
Software: Apache /
Resource Hash: 328d300e2048d2554bee8bd5a6e157eef91c5b24bc518fd67546c1cbd6e0efe4

Request headers

accept-language: en-US,en;q=0.9
Referer: http://forest.her.jp/BDO/sso/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 06:45:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 06 Jan 2020 07:33:02 GMT
Server: Apache
Vary: Range,Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: none
Content-Length: 1463

GET
H/1.1 200
OK images
online.bdo.com.ph/sso/ 30 KB
32 KB 510ms
275ms Image
image/png 104.127.74.218
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.bdo.com.ph/sso/images?cd=loginAdvisoryImage

Requested by

Host: forest.her.jp
URL: http://forest.her.jp/BDO/sso/login.php

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.127.74.218 Piscataway, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-127-74-218.deploy.static.akamaitechnologies.com

Software

GlassFish Server Open Source Edition 4.1.1 / Servlet/3.1 JSP/2.3 (GlassFish Server Open Source Edition 4.1.1 Java/Oracle Corporation/1.8)

Resource Hash

7e1c6adfe5fa97eeea080fae800e3b04a74b2f16702ff097a3bf6c8245190c70

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-US,en;q=0.9
Referer: http://forest.her.jp/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 06:45:56 GMT
Server: GlassFish Server Open Source Edition 4.1.1
X-Powered-By: Servlet/3.1 JSP/2.3 (GlassFish Server Open Source Edition 4.1.1 Java/Oracle Corporation/1.8)
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
X-OneAgent-JS-Injection: true
Cache-Control: max-age=3600
Connection: keep-alive
Server-Timing: cdn-cache; desc=MISS, edge; dur=208, origin; dur=29, dtRpid;desc="77600296", dtSInfo;desc="0", ak_p; desc="1698216356136_389431438_896790714_23723_6417_27_68_-";dur=1
Content-Length: 30439
Expires: Wed, 25 Oct 2023 07:45:56 GMT

GET
H/1.1 200
OK profile-white.png
forest.her.jp/BDO/sso/assets/ 20 KB
15 KB 184ms
184ms Image
image/png 118.27.125.185
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://forest.her.jp/BDO/sso/assets/profile-white.png
Requested by: Host: forest.her.jp
URL: http://forest.her.jp/BDO/sso/assets/loginid.css
Protocol: HTTP/1.1
Server: 118.27.125.185 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: 118-27-125-185.virt.lolipop.jp
Software: Apache /
Resource Hash: 77c0bd6969615670ebfa974cf73555ba238c28cfc88709213aa4f38aac51ca40

Request headers

accept-language: en-US,en;q=0.9
Referer: http://forest.her.jp/BDO/sso/assets/loginid.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 06:45:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 06 Jan 2020 07:33:02 GMT
Server: Apache
Vary: Range,Accept-Encoding
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: none
Content-Length: 15510

GET
H/1.1 200
OK bdo-logo.jpg
forest.her.jp/BDO/sso/assets/ 35 KB
23 KB 186ms
186ms Image
image/jpeg 118.27.125.185
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://forest.her.jp/BDO/sso/assets/bdo-logo.jpg
Requested by: Host: forest.her.jp
URL: http://forest.her.jp/BDO/sso/assets/loginid.css
Protocol: HTTP/1.1
Server: 118.27.125.185 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: 118-27-125-185.virt.lolipop.jp
Software: Apache /
Resource Hash: 5225eebca373ae103c2e83513cb277b4eecd319df532a4bb41868a20341e71fe

Request headers

accept-language: en-US,en;q=0.9
Referer: http://forest.her.jp/BDO/sso/assets/loginid.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 06:45:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 06 Jan 2020 07:33:02 GMT
Server: Apache
Vary: Range,Accept-Encoding
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: none
Content-Length: 23329

GET
H/1.1 200
OK arrow-white.png
forest.her.jp/BDO/sso/assets/ 7 KB
2 KB 193ms
193ms Image
image/png 118.27.125.185
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://forest.her.jp/BDO/sso/assets/arrow-white.png
Requested by: Host: forest.her.jp
URL: http://forest.her.jp/BDO/sso/assets/loginid.css
Protocol: HTTP/1.1
Server: 118.27.125.185 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: 118-27-125-185.virt.lolipop.jp
Software: Apache /
Resource Hash: 3e72af5babd1f7f1077a4091d1ced174710e72a7bd5047a8826bd5dac5412cce

Request headers

accept-language: en-US,en;q=0.9
Referer: http://forest.her.jp/BDO/sso/assets/loginid.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 06:45:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 06 Jan 2020 07:33:02 GMT
Server: Apache
Vary: Range,Accept-Encoding
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: none
Content-Length: 2007

GET
H/1.1 200
OK arrow_right.png
forest.her.jp/BDO/sso/assets/ 141 B
414 B 191ms
191ms Image
image/png 118.27.125.185
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://forest.her.jp/BDO/sso/assets/arrow_right.png
Requested by: Host: forest.her.jp
URL: http://forest.her.jp/BDO/sso/assets/loginid.css
Protocol: HTTP/1.1
Server: 118.27.125.185 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: 118-27-125-185.virt.lolipop.jp
Software: Apache /
Resource Hash: e36e7573aa4f407a93704b899df4baa00c632328e56eaa951e8339b0b09d39a8

Request headers

accept-language: en-US,en;q=0.9
Referer: http://forest.her.jp/BDO/sso/assets/loginid.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 06:45:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 06 Jan 2020 07:33:02 GMT
Server: Apache
Vary: Range,Accept-Encoding
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: none
Content-Length: 152

GET
H/1.1 200
OK Roboto-Regular.ttf
forest.her.jp/BDO/sso/assets/ 142 KB
76 KB 189ms
189ms Font
application/font-sfnt 118.27.125.185
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: http://forest.her.jp/BDO/sso/assets/Roboto-Regular.ttf
Requested by: Host: forest.her.jp
URL: http://forest.her.jp/BDO/sso/assets/loginid.css
Protocol: HTTP/1.1
Server: 118.27.125.185 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: 118-27-125-185.virt.lolipop.jp
Software: Apache /
Resource Hash: b2efabca5ea4bc56eea829713706b5cd0788b82aca153bd4adde9b1573933b4f

Request headers

Referer: http://forest.her.jp/BDO/sso/assets/loginid.css
Origin: http://forest.her.jp
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 06:45:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 06 Jan 2020 07:33:02 GMT
Server: Apache
Transfer-Encoding: chunked
Vary: Range,Accept-Encoding
Content-Type: application/font-sfnt
Connection: keep-alive
Accept-Ranges: none

GET
H/1.1 200
OK Roboto-Bold.ttf
forest.her.jp/BDO/sso/assets/ 133 KB
71 KB 188ms
188ms Font
application/font-sfnt 118.27.125.185
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: http://forest.her.jp/BDO/sso/assets/Roboto-Bold.ttf
Requested by: Host: forest.her.jp
URL: http://forest.her.jp/BDO/sso/assets/loginid.css
Protocol: HTTP/1.1
Server: 118.27.125.185 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: 118-27-125-185.virt.lolipop.jp
Software: Apache /
Resource Hash: 9287925cae90ac480804094ff0876832065e2db116470da1f524d79ed9c18b70

Request headers

Referer: http://forest.her.jp/BDO/sso/assets/loginid.css
Origin: http://forest.her.jp
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 06:45:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 06 Jan 2020 07:33:02 GMT
Server: Apache
Transfer-Encoding: chunked
Vary: Range,Accept-Encoding
Content-Type: application/font-sfnt
Connection: keep-alive
Accept-Ranges: none

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BDO Bank (Banking)

37 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

forest.her.jp
online.bdo.com.ph
104.127.74.218
118.27.125.185
056aa250ff5b53b9ae40008aae01d665e1845a6469dc8b91868e0e12fad020da
328d300e2048d2554bee8bd5a6e157eef91c5b24bc518fd67546c1cbd6e0efe4
3e72af5babd1f7f1077a4091d1ced174710e72a7bd5047a8826bd5dac5412cce
401c2fcfcf9fb260a7c6f94da2b665847a4c6951d6b22f5f85977cff1d7111e9
5225eebca373ae103c2e83513cb277b4eecd319df532a4bb41868a20341e71fe
77c0bd6969615670ebfa974cf73555ba238c28cfc88709213aa4f38aac51ca40
78aa7c76a3cfd0dc66d0bf8dbb3d9ec35aa60a6f7ec97403e0dd369377d42677
7e1c6adfe5fa97eeea080fae800e3b04a74b2f16702ff097a3bf6c8245190c70
877a35ef37e3b8581c24f44fb4af98a7482926be7c77e887dbc7311544efbbae
9287925cae90ac480804094ff0876832065e2db116470da1f524d79ed9c18b70
a6515f2a33dcf88b63c2e708546227a2c05942d4d2ea140bafd20dc2a9d10c01
ae4a14a8f46d78af8b4c94f2f41bcac73ca0499f6a0e46f403849c55eb6351b7
b2efabca5ea4bc56eea829713706b5cd0788b82aca153bd4adde9b1573933b4f
bc4b5cb744834a94ab5969d234f4449a6bef21a89dbaed9b687bea28f123c114
e17ae9c26c4f360fcaef638b4adae6303305b1d7293c1b074d0258c4e3c9db9a
e36e7573aa4f407a93704b899df4baa00c632328e56eaa951e8339b0b09d39a8

forest.her.jp Open in urlscan Pro 118.27.125.185 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

16 Requests

6 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

279 kBTransfer

590 kBSize

0 Cookies

34 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

37 JavaScript Global Variables

0 Cookies

Indicators

forest.her.jp Open in urlscan Pro
118.27.125.185 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

6 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

279 kB
Transfer

590 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!