jswwmz.cn
Open in
urlscan Pro
23.94.211.52
Malicious Activity!
Public Scan
Effective URL: https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348.1634608452-19218736...
Submission: On November 07 via manual from JP — Scanned from JP
Summary
TLS certificate: Issued by R3 on November 7th 2021. Valid for: 3 months.
This is the only time jswwmz.cn was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: MUFG (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 20 | 23.94.211.52 23.94.211.52 | 36352 (AS-COLOCR...) (AS-COLOCROSSING) | |
19 | 1 |
ASN36352 (AS-COLOCROSSING, US)
PTR: 23-94-211-52-host.colocrossing.com
hefjj.cn | |
jswwmz.cn |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
jswwmz.cn
1 redirects
jswwmz.cn |
130 KB |
2 |
hefjj.cn
hefjj.cn |
577 B |
19 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
directg.s.bk.mufg.jp |
Subject Issuer | Validity | Valid | |
---|---|---|---|
kowwc.cn R3 |
2021-11-04 - 2022-02-02 |
3 months | crt.sh |
jswwmz.cn R3 |
2021-11-07 - 2022-02-05 |
3 months | crt.sh |
This page contains 3 frames:
Primary Page:
https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348.1634608452-1921873682.1634608451
Frame ID: 4E4F4E1C193FF7BF013CC043919D4CCC
Requests: 17 HTTP requests in this frame
Frame:
https://jswwmz.cn/ibg/dfw/APLIN/loginib/index_2.html
Frame ID: 80F2753A1FA1352FC611F1CF78B6F272
Requests: 1 HTTP requests in this frame
Frame:
https://jswwmz.cn/ibg/dfw/APLIN/loginib/index_1.html
Frame ID: 73A19ACF00003F2AD1D5EAE64A94A13C
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
ログイン - 三菱UFJ銀行Page URL History Show full URLs
- https://hefjj.cn/?ufj Page URL
-
https://jswwmz.cn/
HTTP 302
https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348... Page URL
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: 新規ウィンドウが開きます。ヘルプ
Search URL Search Domain Scan URL
Title: 新規ウィンドウが開きます。
Search URL Search Domain Scan URL
Title: 新規ウィンドウが開きます。店舗一覧
Search URL Search Domain Scan URL
Title: 新規ウィンドウが開きます。三菱UFJダイレクトについて
Search URL Search Domain Scan URL
Title: 新規ウィンドウが開きます。よくある質問・お問い合わせ
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://hefjj.cn/?ufj Page URL
-
https://jswwmz.cn/
HTTP 302
https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348.1634608452-1921873682.1634608451 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
hefjj.cn/ |
224 B 327 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1.js
hefjj.cn/ |
202 B 250 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
login_TRANID.php
jswwmz.cn/ibg/dfw/APLIN/loginib/ Redirect Chain
|
18 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login_p.css
jswwmz.cn/ibg/dfw/APLIN/loginib/ |
105 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
LiveEngage.css
jswwmz.cn/ibg/dfw/APLIN/loginib/ |
3 KB 747 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ex_banner_pc.png
jswwmz.cn/ibg/dfw/APLIN/loginib/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_help.svg
jswwmz.cn/ibg/dfw/APLIN/loginib/ |
1 KB 712 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_help_g.svg
jswwmz.cn/ibg/dfw/APLIN/loginib/ |
2 KB 794 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bnr_kojin_01.jpg
jswwmz.cn/ibg/dfw/APLIN/loginib/ |
39 KB 39 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_lostpw.svg
jswwmz.cn/ibg/dfw/APLIN/loginib/ |
1 KB 601 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_beginner.svg
jswwmz.cn/ibg/dfw/APLIN/loginib/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img_cashcard@2x.png
jswwmz.cn/ibg/dfw/APLIN/loginib/ |
54 KB 54 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index_2.html
jswwmz.cn/ibg/dfw/APLIN/loginib/ Frame 80F2 |
434 B 412 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index_1.html
jswwmz.cn/ibg/dfw/APLIN/loginib/ Frame 73A1 |
139 B 181 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_mufg.svg
jswwmz.cn/ibg/dfw/APLIN/loginib/ |
11 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_keyboard.svg
jswwmz.cn/ibg/dfw/APLIN/loginib/ |
2 KB 815 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_arrow_right_w.svg
jswwmz.cn/ibg/dfw/APLIN/loginib/ |
1 KB 652 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_arrow_right.svg
jswwmz.cn/ibg/dfw/APLIN/loginib/ |
1 KB 647 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_openwindow.svg
jswwmz.cn/ibg/dfw/APLIN/loginib/ |
1 KB 772 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: MUFG (Banking)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
jswwmz.cn/ | Name: PHPSESSID Value: bc5urkn58kp473r3ivqgfffnh2 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
hefjj.cn
jswwmz.cn
23.94.211.52
0d144bb63addf69a4ef2093cc806101953b3089be999e7d2aa341d98b74a2a83
22da5f57eaccf50dbcb72cf10829b858985afa764fe89068d70e1d8f28394f49
2c9f1d5a91fd2607d8e4d775775094f9fdf4d606525b14c78391c66d30813273
2f3ef9c9a71bb415fc8cce623334d21f48803bb2fdd71e98e55c8a18de3cc527
4be797a413cf6c6f1f95cf46b6c5753a01be295c9be4d2094ee55b8a4e4c5ff4
5b17e886634eeac1306d3d7cc68b2058656d12c6fa29dc75957f46ebd7c5eed4
5bf7b5cc00c1cbc054ad1c7633b6b1c62b26db2d2acdae582485f88d5c28b92c
623f365f9559e3fca6ed967d83fc659cb32ebb5e46df0ed5304a4e1beb970b17
62732fd2912ef05c96aa62595a0a096f7de43dfedbc290f85961957f5d197f82
6c8f66a919f1da6d076738dcde34121539543e994348201fb7ddee704f5b2746
6fbf66dfcfbe39f056c93b6be0fbab3509cb2f0ec7293673a0f0216ae19a7cae
7a019b7fb0132868588b9490933d9ef42ca744d084b4c558f2a61ce313f0b21f
9207caaf79f20da386783d5ba03e0e308f8eec0d31ebf6e81b6c26cf662c0c8e
9606dbf76fb7115cf31e435ec5e18a07459423554be08b801e721a20a95065ef
a632959f4a202bfc6f7a28e390cba4eb9f24da48f224cbea579a52605a7805a1
a919264cebae2cbdb5f61c13b58236908d9649103acb52410e39d0953287a547
f3239d37ae030986b035c18c581504173c8adfed98cd9f6202703d45051ec2ab
f3bba00533b11445cb0335b0b174550fb8e3182b4a8dd3df72eb7f35fb440cc8