xrnp.frisuba.online
Open in
urlscan Pro
188.114.96.3
Malicious Activity!
Public Scan
Submission: On May 09 via manual from JP — Scanned from NL
Summary
TLS certificate: Issued by GTS CA 1P5 on April 21st 2024. Valid for: 3 months.
This is the only time xrnp.frisuba.online was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Japan Post (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 188.114.96.3 188.114.96.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
19 | 2.17.147.123 2.17.147.123 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
3 | 54.168.155.230 54.168.155.230 | 16509 (AMAZON-02) (AMAZON-02) | |
3 | 13.114.192.229 13.114.192.229 | 16509 (AMAZON-02) (AMAZON-02) | |
7 | 18.182.196.200 18.182.196.200 | 16509 (AMAZON-02) (AMAZON-02) | |
34 | 5 |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-147-123.deploy.static.akamaitechnologies.com
cache.jp-bank.japanpost.jp |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-168-155-230.ap-northeast-1.compute.amazonaws.com
directcss.jp-bank.japanpost.jp |
ASN16509 (AMAZON-02, US)
PTR: ec2-13-114-192-229.ap-northeast-1.compute.amazonaws.com
directacct.jp-bank.japanpost.jp |
ASN16509 (AMAZON-02, US)
PTR: ec2-18-182-196-200.ap-northeast-1.compute.amazonaws.com
directss.jp-bank.japanpost.jp |
Apex Domain Subdomains |
Transfer | |
---|---|---|
32 |
japanpost.jp
cache.jp-bank.japanpost.jp directcss.jp-bank.japanpost.jp directacct.jp-bank.japanpost.jp directss.jp-bank.japanpost.jp |
354 KB |
2 |
frisuba.online
xrnp.frisuba.online |
7 KB |
34 | 2 |
Domain | Requested by | |
---|---|---|
19 | cache.jp-bank.japanpost.jp |
xrnp.frisuba.online
cache.jp-bank.japanpost.jp |
7 | directss.jp-bank.japanpost.jp |
xrnp.frisuba.online
|
3 | directacct.jp-bank.japanpost.jp |
xrnp.frisuba.online
|
3 | directcss.jp-bank.japanpost.jp |
xrnp.frisuba.online
|
2 | xrnp.frisuba.online | |
34 | 5 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
frisuba.online GTS CA 1P5 |
2024-04-21 - 2024-07-20 |
3 months | crt.sh |
direct.jp-bank.japanpost.jp DigiCert SHA2 Extended Validation Server CA |
2023-08-10 - 2024-08-08 |
a year | crt.sh |
directacct.jp-bank.japanpost.jp DigiCert EV RSA CA G2 |
2024-03-29 - 2025-04-29 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://xrnp.frisuba.online/tp1web/U010101WAK.do
Frame ID: 0BD4FCA4EBB5237310B0A954E5F3873F
Requests: 32 HTTP requests in this frame
15 Outgoing links
These are links going to different origins than the main page.
Title: https://vtkf.listamagazine.online
Search URL Search Domain Scan URL
Title: https://bnie.lexu.site
Search URL Search Domain Scan URL
Title: https://fghk.lexu.site
Search URL Search Domain Scan URL
Title: https://hmnx.listamagazine.online
Search URL Search Domain Scan URL
Title: https://grjj.ophimhd.site
Search URL Search Domain Scan URL
Title: https://pieg.rubberducky.site
Search URL Search Domain Scan URL
Title: https://nkis.ophimhd.site
Search URL Search Domain Scan URL
Title: https://kffd.frisuba.online
Search URL Search Domain Scan URL
Title: https://wgqr.frisuba.online
Search URL Search Domain Scan URL
Title: https://gbej.qipai.online
Search URL Search Domain Scan URL
Title: https://ferq.listamagazine.online
Search URL Search Domain Scan URL
Title: https://ttmy.haychill.site
Search URL Search Domain Scan URL
Title: https://qwgj.frisuba.online
Search URL Search Domain Scan URL
Title: https://tttt.ophimhd.site
Search URL Search Domain Scan URL
Title: https://hhwt.rubberducky.site
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
34 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
U010101WAK.do
xrnp.frisuba.online/tp1web/ |
20 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dgCAbase.css
cache.jp-bank.japanpost.jp/pages/pc/etc/css/ |
123 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
cache.jp-bank.japanpost.jp/pages/pc/etc/js/ |
90 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mjl.js
cache.jp-bank.japanpost.jp/pages/pc/etc/js/ |
37 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
run.js
cache.jp-bank.japanpost.jp/pages/pc/etc/js/ |
71 KB 71 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dgbaRequestControllerP02.js
cache.jp-bank.japanpost.jp/pages/pc/etc/js/ |
38 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
HcFwEhqexk.js
directcss.jp-bank.japanpost.jp/js/ |
18 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DFCAheaderLogo01.gif
cache.jp-bank.japanpost.jp/pages/pc/etc/img/structure/ |
3 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DFCAheaderLogo02.gif
cache.jp-bank.japanpost.jp/pages/pc/etc/img/structure/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
phishingmail.png
cache.jp-bank.japanpost.jp/pages/cmsimage/4/files/Image/ |
49 KB 49 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
btn_menu_direct.gif
cache.jp-bank.japanpost.jp/pages/cmsimage/4/files/Image/ |
12 KB 12 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FAQlink.png
cache.jp-bank.japanpost.jp/pages/cmsimage/4/files/Image/ |
15 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DFCAimgTel01.gif
cache.jp-bank.japanpost.jp/pages/pc/etc/img/modules/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aes.js
directacct.jp-bank.japanpost.jp/js/ |
13 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
load.js
directacct.jp-bank.japanpost.jp/js/ |
18 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dl.js
directacct.jp-bank.japanpost.jp/js/ |
603 B 877 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DFCAfooterLogo01.gif
cache.jp-bank.japanpost.jp/pages/pc/etc/img/structure/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dgCApwc.js
directcss.jp-bank.japanpost.jp/js/ |
554 B 828 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ig.json
directss.jp-bank.japanpost.jp/ |
79 B 189 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DFCAiconArrow07.gif
cache.jp-bank.japanpost.jp/pages/pc/etc/img/modules/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DFCAiconArrow02.gif
cache.jp-bank.japanpost.jp/pages/pc/etc/img/modules/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DFCAiconArrow04.gif
cache.jp-bank.japanpost.jp/pages/pc/etc/img/modules/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DFCAiconArrow04L.gif
cache.jp-bank.japanpost.jp/pages/pc/etc/img/modules/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DFCAiconBullet01.gif
cache.jp-bank.japanpost.jp/pages/pc/etc/img/modules/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DFCAiconArrow03T.gif
cache.jp-bank.japanpost.jp/pages/pc/etc/img/modules/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chrome.png
directcss.jp-bank.japanpost.jp/js/ |
3 B 275 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DFCAiconBlank01.gif
cache.jp-bank.japanpost.jp/pages/pc/etc/img/modules/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
r.js
directss.jp-bank.japanpost.jp/js/ |
32 KB 32 KB |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
xrnp.frisuba.online/ |
4 KB 2 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
r.js
directss.jp-bank.japanpost.jp/js/ |
31 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
d
directss.jp-bank.japanpost.jp/ |
0 0 |
Preflight
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
d
directss.jp-bank.japanpost.jp/ |
512 B 786 B |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
u
directss.jp-bank.japanpost.jp/ |
0 254 B |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
u
directss.jp-bank.japanpost.jp/ |
0 0 |
Preflight
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Japan Post (Transportation)96 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| MJL function| jsLaunchFidoApp function| jsLaunchFidoAppLogin function| jsLaunchFidoAppInactive function| jsLaunchFidoAppInactiveOverdraft function| launchFidoApp number| Cmc0gV41_sh function| nd_shtml function| Ah3_sh object| z_sh object| wo_sh boolean| ije_sh boolean| ije9_sh boolean| ije10_sh string| zM_sh function| uw_sh function| ep_sh string| yM_sh function| ct44_shtml object| scpt_sh function| dec_shtml function| Ct44_shtml string| m_shtml function| rr_sh function| nd_sh object| nk_sh string| ua_sh number| pa_sh boolean| mac_sh function| at1_sh function| as_sh boolean| lge_sh undefined| lxE_sh boolean| kon_sh function| fJ_sh boolean| fas_sh boolean| goog_sh boolean| alreadyClicked boolean| isCanceled function| dcRequest string| wid string| hei string| men string| too string| loc string| sta string| res string| scr string| opt function| dcPrintRequest function| dcPrintRequestClose function| dcAbort function| cgfLoadHomepage function| pwc_loadpljs function| pwc_create_loadpljs string| pwc_plugin_jsurl string| gPwcHost function| pwcCall object| spf object| target_paths function| PWCOBJ string| key string| iv object| contents_info function| DC function| LDS function| EXS function| includePageIds object| gPwc_spf_ object| CryptoJS function| sb_loader function| load_accesslog_image object| jQuery191091088723755652 object| $tableDiv object| $SelectSelect number| $SelectChecked object| uri object| plugin string| code number| gPRSeed function| dnre function| lgin object| _ieCie1aeti_ string| gPWDone number| gPRSeed2 function| uuid string| func_str undefined| desc number| bB string| out string| url object| x object| buttons object| button2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.frisuba.online/tp1web/ | Name: JP_GID Value: 5d3042dc-80a9-4c2a-ba89-faa251cb8f5c |
|
xrnp.frisuba.online/ | Name: PHPSESSID Value: crdf9dse0jtv3hsk5arj553f8e |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cache.jp-bank.japanpost.jp
directacct.jp-bank.japanpost.jp
directcss.jp-bank.japanpost.jp
directss.jp-bank.japanpost.jp
xrnp.frisuba.online
13.114.192.229
18.182.196.200
188.114.96.3
2.17.147.123
54.168.155.230
21be32e3ebd437693ade8147db49917d4b94b3584f00f85a829a477cc81325cb
3b1b8ae5fb7088f0304761abcd882cc48647c1d2b68c0b14c122eea3f26de20d
3ff7d4cc230bbdd9c3937309a74716d1fcbd6e932e6b8c25ac767e7944686828
473fdd6dc5410d86bb29d2d5b778544d743019f8566ac2d0aede41af2c0e41c6
49a955deefb073a61a2256ba50ee27aa60ecc531bf7dd94bffce6d077b264175
4d889649c218bde85ab1af95f9779b5cad73578d0033b85027018f4b41c4d647
4f14fe1d7b13e8e050f89bbb18338c2dd575943cd0f254e52c6fe09401c7ae6f
51e09c2945ce28c9496fd505ea5c1464854cd8d706c425806b23f35d986fb595
5ff47765449c3719b1523f2e2a4c289b14fbb50a3a26fd161ba2e2190991abb6
6060e7b5a404985db41646a116c8a28af727efc49ca93a9044bd710de5eb9e90
6633a0dfe38f8b851462327a3a5084be43ef3aa7d091e8fa365b1a6ac0083d12
6b001e4065ea23b49f6612349ddb98e15af867ef6a7d257dc7e8e93e738971e4
732c4e9711639ed1436dd90d3951ca347d737084fc0cea250eed823bef07d0f1
85fa3146e5b7d274791cdb45992abb155b92ec78e2449360ef665c02acfdd029
8aaee76b24b99d4b8ba81846b8533f773dd43f357bb18aeeb50aac43eb58aa0f
8c79231392942d162c1775ea71a394530897d95607770c6f80c5c2544b7d66d1
8df829b70c38ead2863f846ea4b3cf8c0664a91a0bd23b8eb03fee3a021d26d5
92b1ee7ccd603b3521f475711fe36a6326b86dddbdda73a907239b7fc815bc9b
a2ef74aa8f30b83294857131aaa7be38c76902cb6a553315ffeb11b26399f0b1
a477076461d61c5b2c561d6affbea42b4e7554a255b847c9e44d4ff34b4f62fd
a9e239aeb6fc17c47a1006f9d5a656228714c3f2fa98e98a13314d13ad1ac385
bdd8000d37fa4698590e721db10f65f8a2d435cded92f56323fd9e354bf17619
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c1968701cdc45bfd81fafee99e9123fa2a5a00ef2e2427fc8b0a034aaf14c198
c5c6e9f818e29d735c4baac7f34fc0721985638da58981f89a0763871a2bab75
cdef2d509ecd24a286429284674a175d1cf4d4d76ea0256b899a5359dc68bcb3
d15f46a0d7e9532ce64f54d9eb7688e7c0ae6be961d57d4cbe3394c90fc5ed94
d8710c6feedd499a1e3967ee66dcde515486c538856e7a00d26481a918769e70
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f2685585dd8c05dea3cf28ebaeb6e66eab278e8bb1456079c2a929aa270ff471
f7f8bf95182da264496d0ae691a6ffc2dd0d18d6f8ef941aaec0768dd3a5c7c0
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a