jswwmz.cn Open in urlscan Pro
23.94.211.52 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://hefjj.cn/?ufj
Effective URL:
https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348.1634608452-19218736...
Submission: On November 07 via manual (November 7th 2021, 10:00:16 am UTC) from JP — Scanned from JP

Summary HTTP 19 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 2 domains to perform 19 HTTP transactions. The main IP is 23.94.211.52, located in Seattle, United States and belongs to AS-COLOCROSSING, US. The main domain is jswwmz.cn.
TLS certificate: Issued by R3 on November 7th 2021. Valid for: 3 months.

This is the only time jswwmz.cn was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: MUFG (Banking)

Domain & IP information

	IP Address		AS Autonomous System
1 20	23.94.211.52 23.94.211.52		36352 (AS-COLOCR...) (AS-COLOCROSSING)
19	1

20 23.94.211.52 (Seattle, United States) 1 redirects

ASN36352 (AS-COLOCROSSING, US)
PTR: 23-94-211-52-host.colocrossing.com

hefjj.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
jswwmz.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	jswwmz.cn 1 redirects jswwmz.cn	130 KB
2	hefjj.cn hefjj.cn	577 B
19	2

	Domain	Requested by
18	jswwmz.cn	1 redirects hefjj.cn jswwmz.cn
2	hefjj.cn	hefjj.cn
19	2

This site contains links to these domains. Also see Links.

Domain
directg.s.bk.mufg.jp

Subject Issuer	Validity	Valid
kowwc.cn R3	`2021-11-04` - `2022-02-02`	3 months	crt.sh
jswwmz.cn R3	`2021-11-07` - `2022-02-05`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348.1634608452-1921873682.1634608451
Frame ID: 4E4F4E1C193FF7BF013CC043919D4CCC
Requests: 17 HTTP requests in this frame

Frame: https://jswwmz.cn/ibg/dfw/APLIN/loginib/index_2.html
Frame ID: 80F2753A1FA1352FC611F1CF78B6F272
Requests: 1 HTTP requests in this frame

Frame: https://jswwmz.cn/ibg/dfw/APLIN/loginib/index_1.html
Frame ID: 73A19ACF00003F2AD1D5EAE64A94A13C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ログイン - 三菱ＵＦＪ銀行

Page URL History Show full URLs

https://hefjj.cn/?ufj Page URL
https://jswwmz.cn/ HTTP 302
https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348... Page URL

Page Statistics

19
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

131 kB
Transfer

248 kB
Size

1
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://directg.s.bk.mufg.jp/refresh/010129.html
Title: 新規ウィンドウが開きます。ヘルプ

Search URL Search Domain Scan URL

URL: https://directg.s.bk.mufg.jp/refresh/010131.html
Title: 新規ウィンドウが開きます。

Search URL Search Domain Scan URL

URL: https://directg.s.bk.mufg.jp/refresh/010133.html
Title: 新規ウィンドウが開きます。店舗一覧

Search URL Search Domain Scan URL

URL: https://directg.s.bk.mufg.jp/refresh/010135.html
Title: 新規ウィンドウが開きます。三菱ＵＦＪダイレクトについて

Search URL Search Domain Scan URL

URL: https://directg.s.bk.mufg.jp/refresh/010195.html
Title: 新規ウィンドウが開きます。よくある質問・お問い合わせ

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://hefjj.cn/?ufj Page URL
https://jswwmz.cn/ HTTP 302
https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348.1634608452-1921873682.1634608451 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response hefjj.cn/	224 B 327 B	427ms 108ms	Document text/html	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://hefjj.cn/?ufj Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `9207caaf79f20da386783d5ba03e0e308f8eec0d31ebf6e81b6c26cf662c0c8e` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Response headers date Sun, 07 Nov 2021 10:00:11 GMT server Apache last-modified Thu, 04 Nov 2021 07:14:06 GMT etag "e0-5cff145abbafa-gzip" accept-ranges bytes vary Accept-Encoding content-encoding gzip content-length 191 content-type text/html
GET H2	200	1.js hefjj.cn/	202 B 250 B	108ms 108ms	Script application/javascript	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://hefjj.cn/1.js Requested by Host: hefjj.cn URL: https://hefjj.cn/?ufj Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://hefjj.cn/?ufj User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Sun, 07 Nov 2021 10:00:11 GMT content-encoding gzip last-modified Sun, 07 Nov 2021 08:30:38 GMT server Apache etag "ca-5d02eb0e3f5b6-gzip" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 157
GET H2	200	Primary Request login_TRANID.php Show response jswwmz.cn/ibg/dfw/APLIN/loginib/ Redirect Chain https://jswwmz.cn/ https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348.1634608452-1921873682.1634608451	18 KB 4 KB	124ms 123ms	Document text/html	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348.1634608452-1921873682.1634608451 Requested by Host: hefjj.cn URL: https://hefjj.cn/1.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `a632959f4a202bfc6f7a28e390cba4eb9f24da48f224cbea579a52605a7805a1` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Referer https://hefjj.cn/?ufj Response headers date Sun, 07 Nov 2021 10:00:11 GMT server Apache expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma no-cache vary Accept-Encoding content-encoding gzip content-length 4079 content-type text/html; charset=UTF-8 Redirect headers date Sun, 07 Nov 2021 10:00:11 GMT server Apache expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma no-cache location /ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348.1634608452-1921873682.1634608451 content-length 0 content-type text/html; charset=UTF-8
GET H2	200	login_p.css jswwmz.cn/ibg/dfw/APLIN/loginib/	105 KB 15 KB	115ms 114ms	Stylesheet text/css	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_p.css Requested by Host: jswwmz.cn URL: https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348.1634608452-1921873682.1634608451 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `22da5f57eaccf50dbcb72cf10829b858985afa764fe89068d70e1d8f28394f49` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348.1634608452-1921873682.1634608451 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Sun, 07 Nov 2021 10:00:12 GMT content-encoding gzip last-modified Tue, 19 Oct 2021 09:20:37 GMT server Apache etag "1a46d-5ceb12ca9385a-gzip" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 15103
GET H2	200	LiveEngage.css jswwmz.cn/ibg/dfw/APLIN/loginib/	3 KB 747 B	115ms 115ms	Stylesheet text/css	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://jswwmz.cn/ibg/dfw/APLIN/loginib/LiveEngage.css Requested by Host: jswwmz.cn URL: https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348.1634608452-1921873682.1634608451 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `7a019b7fb0132868588b9490933d9ef42ca744d084b4c558f2a61ce313f0b21f` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348.1634608452-1921873682.1634608451 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Sun, 07 Nov 2021 10:00:12 GMT content-encoding gzip last-modified Tue, 19 Oct 2021 09:20:37 GMT server Apache etag "b79-5ceb12ca981be-gzip" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 694
GET H2	200	ex_banner_pc.png jswwmz.cn/ibg/dfw/APLIN/loginib/	6 KB 6 KB	222ms 221ms	Image image/png	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://jswwmz.cn/ibg/dfw/APLIN/loginib/ex_banner_pc.png Requested by Host: jswwmz.cn URL: https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348.1634608452-1921873682.1634608451 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `0d144bb63addf69a4ef2093cc806101953b3089be999e7d2aa341d98b74a2a83` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348.1634608452-1921873682.1634608451 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Sun, 07 Nov 2021 10:00:12 GMT last-modified Tue, 19 Oct 2021 09:20:37 GMT server Apache accept-ranges bytes etag "17ec-5ceb12caa63a5" content-length 6124 content-type image/png
GET H2	200	icon_help.svg jswwmz.cn/ibg/dfw/APLIN/loginib/	1 KB 712 B	223ms 222ms	Image image/svg+xml	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://jswwmz.cn/ibg/dfw/APLIN/loginib/icon_help.svg Requested by Host: jswwmz.cn URL: https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348.1634608452-1921873682.1634608451 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `5bf7b5cc00c1cbc054ad1c7633b6b1c62b26db2d2acdae582485f88d5c28b92c` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348.1634608452-1921873682.1634608451 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Sun, 07 Nov 2021 10:00:12 GMT content-encoding gzip last-modified Tue, 19 Oct 2021 09:20:39 GMT server Apache etag "4d7-5ceb12ccd6084-gzip" vary Accept-Encoding content-type image/svg+xml accept-ranges bytes content-length 646
GET H2	200	icon_help_g.svg jswwmz.cn/ibg/dfw/APLIN/loginib/	2 KB 794 B	223ms 222ms	Image image/svg+xml	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://jswwmz.cn/ibg/dfw/APLIN/loginib/icon_help_g.svg Requested by Host: jswwmz.cn URL: https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348.1634608452-1921873682.1634608451 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `4be797a413cf6c6f1f95cf46b6c5753a01be295c9be4d2094ee55b8a4e4c5ff4` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348.1634608452-1921873682.1634608451 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Sun, 07 Nov 2021 10:00:12 GMT content-encoding gzip last-modified Tue, 19 Oct 2021 09:20:39 GMT server Apache etag "6b7-5ceb12cca9a48-gzip" vary Accept-Encoding content-type image/svg+xml accept-ranges bytes content-length 741
GET H2	200	bnr_kojin_01.jpg jswwmz.cn/ibg/dfw/APLIN/loginib/	39 KB 39 KB	224ms 223ms	Image image/jpeg	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://jswwmz.cn/ibg/dfw/APLIN/loginib/bnr_kojin_01.jpg Requested by Host: jswwmz.cn URL: https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348.1634608452-1921873682.1634608451 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `623f365f9559e3fca6ed967d83fc659cb32ebb5e46df0ed5304a4e1beb970b17` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348.1634608452-1921873682.1634608451 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Sun, 07 Nov 2021 10:00:12 GMT last-modified Tue, 19 Oct 2021 09:20:37 GMT server Apache accept-ranges bytes etag "9b3e-5ceb12caa4099" content-length 39742 content-type image/jpeg
GET H2	200	icon_lostpw.svg jswwmz.cn/ibg/dfw/APLIN/loginib/	1 KB 601 B	324ms 324ms	Image image/svg+xml	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://jswwmz.cn/ibg/dfw/APLIN/loginib/icon_lostpw.svg Requested by Host: jswwmz.cn URL: https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348.1634608452-1921873682.1634608451 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `62732fd2912ef05c96aa62595a0a096f7de43dfedbc290f85961957f5d197f82` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348.1634608452-1921873682.1634608451 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Sun, 07 Nov 2021 10:00:12 GMT content-encoding gzip last-modified Tue, 19 Oct 2021 09:20:39 GMT server Apache etag "400-5ceb12cca9663-gzip" vary Accept-Encoding content-type image/svg+xml accept-ranges bytes content-length 548
GET H2	200	icon_beginner.svg jswwmz.cn/ibg/dfw/APLIN/loginib/	2 KB 1 KB	325ms 324ms	Image image/svg+xml	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://jswwmz.cn/ibg/dfw/APLIN/loginib/icon_beginner.svg Requested by Host: jswwmz.cn URL: https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348.1634608452-1921873682.1634608451 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `a919264cebae2cbdb5f61c13b58236908d9649103acb52410e39d0953287a547` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348.1634608452-1921873682.1634608451 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Sun, 07 Nov 2021 10:00:12 GMT content-encoding gzip last-modified Tue, 19 Oct 2021 09:20:39 GMT server Apache etag "83b-5ceb12ccc331e-gzip" vary Accept-Encoding content-type image/svg+xml accept-ranges bytes content-length 1053
GET H2	200	img_cashcard@2x.png jswwmz.cn/ibg/dfw/APLIN/loginib/	54 KB 54 KB	325ms 324ms	Image image/png	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://jswwmz.cn/ibg/dfw/APLIN/loginib/img_cashcard@2x.png Requested by Host: jswwmz.cn URL: https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348.1634608452-1921873682.1634608451 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `f3bba00533b11445cb0335b0b174550fb8e3182b4a8dd3df72eb7f35fb440cc8` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348.1634608452-1921873682.1634608451 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Sun, 07 Nov 2021 10:00:12 GMT last-modified Tue, 19 Oct 2021 09:20:37 GMT server Apache accept-ranges bytes etag "d827-5ceb12caa34e9" content-length 55335 content-type image/png
GET H2	200	index_2.html Show response jswwmz.cn/ibg/dfw/APLIN/loginib/ Frame 80F2	434 B 412 B	218ms 218ms	Document text/html	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://jswwmz.cn/ibg/dfw/APLIN/loginib/index_2.html Requested by Host: jswwmz.cn URL: https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348.1634608452-1921873682.1634608451 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `9606dbf76fb7115cf31e435ec5e18a07459423554be08b801e721a20a95065ef` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Referer https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348.1634608452-1921873682.1634608451 Response headers date Sun, 07 Nov 2021 10:00:12 GMT server Apache last-modified Tue, 19 Oct 2021 09:20:39 GMT etag "1b2-5ceb12ccc28ce-gzip" accept-ranges bytes vary Accept-Encoding content-encoding gzip content-length 328 content-type text/html
GET H2	200	index_1.html Show response jswwmz.cn/ibg/dfw/APLIN/loginib/ Frame 73A1	139 B 181 B	218ms 218ms	Document text/html	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://jswwmz.cn/ibg/dfw/APLIN/loginib/index_1.html Requested by Host: jswwmz.cn URL: https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348.1634608452-1921873682.1634608451 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `f3239d37ae030986b035c18c581504173c8adfed98cd9f6202703d45051ec2ab` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Referer https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_TRANID.php?=AG004_001&_ga=2.151107322.2131987348.1634608452-1921873682.1634608451 Response headers date Sun, 07 Nov 2021 10:00:12 GMT server Apache last-modified Tue, 19 Oct 2021 09:20:39 GMT etag "8b-5ceb12cc93d6b-gzip" accept-ranges bytes vary Accept-Encoding content-encoding gzip content-length 129 content-type text/html
GET H2	200	logo_mufg.svg jswwmz.cn/ibg/dfw/APLIN/loginib/	11 KB 4 KB	186ms 185ms	Image image/svg+xml	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://jswwmz.cn/ibg/dfw/APLIN/loginib/logo_mufg.svg Requested by Host: jswwmz.cn URL: https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_p.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `6c8f66a919f1da6d076738dcde34121539543e994348201fb7ddee704f5b2746` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_p.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Sun, 07 Nov 2021 10:00:12 GMT content-encoding gzip last-modified Tue, 19 Oct 2021 09:20:39 GMT server Apache etag "2b21-5ceb12ccc22ec-gzip" vary Accept-Encoding content-type image/svg+xml accept-ranges bytes content-length 4119
GET H2	200	icon_keyboard.svg jswwmz.cn/ibg/dfw/APLIN/loginib/	2 KB 815 B	184ms 183ms	Image image/svg+xml	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://jswwmz.cn/ibg/dfw/APLIN/loginib/icon_keyboard.svg Requested by Host: jswwmz.cn URL: https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_p.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `2f3ef9c9a71bb415fc8cce623334d21f48803bb2fdd71e98e55c8a18de3cc527` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_p.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Sun, 07 Nov 2021 10:00:12 GMT content-encoding gzip last-modified Tue, 19 Oct 2021 09:20:39 GMT server Apache etag "872-5ceb12ccd5661-gzip" vary Accept-Encoding content-type image/svg+xml accept-ranges bytes content-length 762
GET H2	200	icon_arrow_right_w.svg jswwmz.cn/ibg/dfw/APLIN/loginib/	1 KB 652 B	185ms 185ms	Image image/svg+xml	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://jswwmz.cn/ibg/dfw/APLIN/loginib/icon_arrow_right_w.svg Requested by Host: jswwmz.cn URL: https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_p.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `2c9f1d5a91fd2607d8e4d775775094f9fdf4d606525b14c78391c66d30813273` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_p.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Sun, 07 Nov 2021 10:00:12 GMT content-encoding gzip last-modified Tue, 19 Oct 2021 09:20:39 GMT server Apache etag "46f-5ceb12ccc331e-gzip" vary Accept-Encoding content-type image/svg+xml accept-ranges bytes content-length 600
GET H2	200	icon_arrow_right.svg jswwmz.cn/ibg/dfw/APLIN/loginib/	1 KB 647 B	185ms 184ms	Image image/svg+xml	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://jswwmz.cn/ibg/dfw/APLIN/loginib/icon_arrow_right.svg Requested by Host: jswwmz.cn URL: https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_p.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `5b17e886634eeac1306d3d7cc68b2058656d12c6fa29dc75957f46ebd7c5eed4` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_p.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Sun, 07 Nov 2021 10:00:12 GMT content-encoding gzip last-modified Tue, 19 Oct 2021 09:20:39 GMT server Apache etag "469-5ceb12ccc3aec-gzip" vary Accept-Encoding content-type image/svg+xml accept-ranges bytes content-length 594
GET H2	200	icon_openwindow.svg jswwmz.cn/ibg/dfw/APLIN/loginib/	1 KB 772 B	185ms 184ms	Image image/svg+xml	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://jswwmz.cn/ibg/dfw/APLIN/loginib/icon_openwindow.svg Requested by Host: jswwmz.cn URL: https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_p.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `6fbf66dfcfbe39f056c93b6be0fbab3509cb2f0ec7293673a0f0216ae19a7cae` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://jswwmz.cn/ibg/dfw/APLIN/loginib/login_p.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Sun, 07 Nov 2021 10:00:12 GMT content-encoding gzip last-modified Tue, 19 Oct 2021 09:20:39 GMT server Apache etag "5e0-5ceb12ccdcae8-gzip" vary Accept-Encoding content-type image/svg+xml accept-ranges bytes content-length 719

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: MUFG (Banking)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			jswwmz.cn/	1969-12-31 23:59:59	Name: PHPSESSID Value: bc5urkn58kp473r3ivqgfffnh2

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

hefjj.cn
jswwmz.cn
23.94.211.52
0d144bb63addf69a4ef2093cc806101953b3089be999e7d2aa341d98b74a2a83
22da5f57eaccf50dbcb72cf10829b858985afa764fe89068d70e1d8f28394f49
2c9f1d5a91fd2607d8e4d775775094f9fdf4d606525b14c78391c66d30813273
2f3ef9c9a71bb415fc8cce623334d21f48803bb2fdd71e98e55c8a18de3cc527
4be797a413cf6c6f1f95cf46b6c5753a01be295c9be4d2094ee55b8a4e4c5ff4
5b17e886634eeac1306d3d7cc68b2058656d12c6fa29dc75957f46ebd7c5eed4
5bf7b5cc00c1cbc054ad1c7633b6b1c62b26db2d2acdae582485f88d5c28b92c
623f365f9559e3fca6ed967d83fc659cb32ebb5e46df0ed5304a4e1beb970b17
62732fd2912ef05c96aa62595a0a096f7de43dfedbc290f85961957f5d197f82
6c8f66a919f1da6d076738dcde34121539543e994348201fb7ddee704f5b2746
6fbf66dfcfbe39f056c93b6be0fbab3509cb2f0ec7293673a0f0216ae19a7cae
7a019b7fb0132868588b9490933d9ef42ca744d084b4c558f2a61ce313f0b21f
9207caaf79f20da386783d5ba03e0e308f8eec0d31ebf6e81b6c26cf662c0c8e
9606dbf76fb7115cf31e435ec5e18a07459423554be08b801e721a20a95065ef
a632959f4a202bfc6f7a28e390cba4eb9f24da48f224cbea579a52605a7805a1
a919264cebae2cbdb5f61c13b58236908d9649103acb52410e39d0953287a547
f3239d37ae030986b035c18c581504173c8adfed98cd9f6202703d45051ec2ab
f3bba00533b11445cb0335b0b174550fb8e3182b4a8dd3df72eb7f35fb440cc8

jswwmz.cn Open in urlscan Pro 23.94.211.52 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

19 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

1 IPs

1 Countries

131 kBTransfer

248 kBSize

1 Cookies

5 Outgoing links

Page URL History

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

1 Cookies

Indicators

jswwmz.cn Open in urlscan Pro
23.94.211.52 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

131 kB
Transfer

248 kB
Size

1
Cookies

19 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!