bk.idmufg.jp
Open in
urlscan Pro
199.192.31.35
Malicious Activity!
Public Scan
Submission: On September 02 via automatic, source phishtank
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on September 2nd 2019. Valid for: 3 months.
This is the only time bk.idmufg.jp was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: MUFG (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
16 | 199.192.31.35 199.192.31.35 | 22612 (NAMECHEAP...) (NAMECHEAP-NET - Namecheap) | |
5 | 203.178.92.37 203.178.92.37 | 4680 (MIND Mits...) (MIND Mitsubishi Electric Information Network Corporation) | |
1 | 52.198.94.131 52.198.94.131 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
2 | 112.140.42.8 112.140.42.8 | 23637 (BI-CDN-IX...) (BI-CDN-IX Equinix Jpapan Enterprise K.K.) | |
24 | 4 |
ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US)
bk.idmufg.jp |
ASN4680 (MIND Mitsubishi Electric Information Network Corporation, JP)
directg.s.bk.mufg.jp |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-198-94-131.ap-northeast-1.compute.amazonaws.com
www31.tracer.jp |
ASN23637 (BI-CDN-IX Equinix Jpapan Enterprise K.K., JP)
PTR: code.analysis.shinobi.jp
code.analysis.shinobi.jp |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
idmufg.jp
bk.idmufg.jp |
128 KB |
5 |
mufg.jp
directg.s.bk.mufg.jp |
5 KB |
2 |
shinobi.jp
code.analysis.shinobi.jp |
2 KB |
1 |
tracer.jp
www31.tracer.jp |
639 B |
24 | 4 |
Domain | Requested by | |
---|---|---|
16 | bk.idmufg.jp |
bk.idmufg.jp
|
5 | directg.s.bk.mufg.jp |
bk.idmufg.jp
|
2 | code.analysis.shinobi.jp |
bk.idmufg.jp
code.analysis.shinobi.jp |
1 | www31.tracer.jp |
bk.idmufg.jp
|
24 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
directg.s.bk.mufg.jp |
Subject Issuer | Validity | Valid | |
---|---|---|---|
bk.idmufg.com Let's Encrypt Authority X3 |
2019-09-02 - 2019-12-01 |
3 months | crt.sh |
directg.s.bk.mufg.jp DigiCert SHA2 Extended Validation Server CA |
2018-10-01 - 2019-11-30 |
a year | crt.sh |
www31.tracer.jp DigiCert SHA2 Secure Server CA |
2018-12-04 - 2019-12-25 |
a year | crt.sh |
*.analysis.shinobi.jp Let's Encrypt Authority X3 |
2019-07-16 - 2019-10-14 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://bk.idmufg.jp/
Frame ID: C4BC9FB62B13F25B46844535068A4240
Requests: 24 HTTP requests in this frame
Screenshot
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: その他ログインでお困りの場合
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
bk.idmufg.jp/ |
16 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.min.js
bk.idmufg.jp/static/common/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
CommonStyle_002.css
bk.idmufg.jp/static/yahulogin1/ |
154 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
CommonStyle.css
bk.idmufg.jp/static/yahulogin1/ |
67 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sp_jscript.js
bk.idmufg.jp/static/yahulogin1/ |
93 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
CommonScript.js
bk.idmufg.jp/static/yahulogin1/ |
22 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loading.gif
bk.idmufg.jp/static/common/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main_logo.gif
bk.idmufg.jp/static/yahulogin1/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_help.png
bk.idmufg.jp/static/yahulogin1/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SP_notice_1.gif
bk.idmufg.jp/static/yahulogin1/ |
43 B 89 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SP_notice_loginout1_1_1.gif
bk.idmufg.jp/static/yahulogin1/ |
49 B 95 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
06a_drb.js
bk.idmufg.jp/static/yahulogin1/ |
2 B 46 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ct13176.js
bk.idmufg.jp/static/yahulogin1/ |
68 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Trace.gif
bk.idmufg.jp/static/yahulogin1/ |
43 B 89 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
LineAccessAnalytics.js
bk.idmufg.jp/static/yahulogin1/ |
1 B 45 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
middlegrade.js
bk.idmufg.jp/static/yahulogin1/ |
1 B 45 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
slide_banners_login.jsonp
directg.s.bk.mufg.jp/refresh/imgs/_user/ |
434 B 746 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon_login.gif
directg.s.bk.mufg.jp/refresh/imgs/_SP_IMAGE/LOGINOUT/ |
776 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon_arrow_down.gif
directg.s.bk.mufg.jp/refresh/imgs/_SP_IMAGE/LOGINOUT/ |
563 B 900 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon_fortop.gif
directg.s.bk.mufg.jp/refresh/imgs/_SP_IMAGE/LOGINOUT/ |
407 B 744 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon_tel.gif
directg.s.bk.mufg.jp/refresh/imgs/_SP_IMAGE/LOGINOUT/ |
769 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Trace
www31.tracer.jp/VL/ |
43 B 639 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NewScript
code.analysis.shinobi.jp/ninja_ar/ |
4 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NewReceive
code.analysis.shinobi.jp/ninja_ar/ |
95 B 251 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: MUFG (Banking)89 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| BtmuScriptAsset function| getCustomfactInfo undefined| mufgJS_bannerJsonp string| msg function| doTransaction function| doTransaction2 function| doTransaction3 function| setParameter function| doTransactionForWin function| doTransactionForWin2 function| doTransactionForWin3 function| doSubTransaction number| isTrx number| delayTime function| check function| resetTrx function| openHelp function| openHelpNonSSL function| goAnother function| openAnother function| openPopupWindowSizeFree function| openFullScreenWindow function| openFAQWindow function| setSpFlag function| submitOnEnter undefined| auto function| reg function| checkStatus string| VLTrace_custom_getparam function| VLTrace_mufg_getpostid function| VLTrace_Default_DMD function| VLTrace_ClassObj_GlobalValues_DMD function| VLTrace_ClassObj_GlobalValues function| VLTrace_Dump_DMD object| Obj_VLTrace_DMD object| Obj_VLTrace_ClassObj_GlobalValuesDMD object| Obj_VLTrace_ClassObj_GlobalValues string| VLTrace_Global_Var_Plugin object| OBJ_VLTrace_ClassObj_FirstPartyCookie function| VLTrace_ClassObj_FirstPartyCookie function| VLTrace_Function_FP_Rpt2 object| OBJ_VLTrace_ClassObj_GlobalValues_Flash function| VLTrace_Function_sError function| VL_Send object| OBJ_VLTrace_ClassObj_GlobalValues_ExtLink object| V5_Trace function| VL_FileDL function| VL_ExtLink function| V5getJsCodeClick function| V5jsSleep function| V5reqImg function| V5getTraceUrlFileDLExtLink string| VLTrace_Global_customer_time boolean| VLTrace_Global_Var_VB_temp undefined| VLTrace_Global_Var_EXTid string| VL_fp_cookval function| VLTrace_Function_Phase2ImageParameter function| VLTrace_Function_Get_Ext_Browser_Info function| VLTrace_Function_Phase2Collection function| VLTrace_Function_CopyObjectProperties function| VLTrace_Function_fError function| VLTrace_Function_Main number| VLTrace_Global_Var_Image_Counter object| OBJ_VLTrace_ClassObj_GlobalValues_Base number| CTD_MAX_URL_LENGTH number| CTD_MAX_REQ_QUE number| CTD_MAX_OBJ_CNCT number| CTD_CNCT_TIMEOUT number| CTD_VLIMG_TIMEOUT number| CTD_TIMER_INTERVAL number| CTD_PARAM_TOTAL number| CTD_PARAM_MAX_LEN string| trace_jt string| vl_fp_cval function| VLTrace_RequestQue object| OBJ_VLTrace_RequestQue function| VLTrace_Function_LoadImageAndCheckComplete function| VLTrace_ActionParam function| VLTrace_Action number| hash_val object| Array_VLTrace_ClassObj_GlobalValues_Bases object| Array_VLTrace_ClassObj_GlobalValues_Bases_EC function| EscapeUTF8 string| dopname object| jQuery17205537711649619179 function| ninja_analyze object| analyze004373491 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
bk.idmufg.jp/ | Name: NinjaAccessUser00437349 Value: 1567435463855%201567435463855%201567435463855%201%201 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bk.idmufg.jp
code.analysis.shinobi.jp
directg.s.bk.mufg.jp
www31.tracer.jp
112.140.42.8
199.192.31.35
203.178.92.37
52.198.94.131
036deea0b96eb0182f6c1fff15ee491250f7c993e9c8676de80e63cca5d4d72a
0466caa76bae451ce1e2f1e921e16ac5edc5c8d4bfde99f0a3bff59bb2bbc98d
1470d232a2ad3cc727d26623e9863de2334b5da7de83b539dd05cb9f3e1997ab
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
2c1e49db9f68c9c9cdec6388951871b0b9e1f5f60ad66d1eae013d9d2e6f1cd9
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
3c5cacbdad8f88e2639de87f92ffc832e6e60a2d77631f55350fd5f109237ced
3f42593543b911d97eba60eadc6b36f946e00814bca36ae7f64615e6ab935931
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
648b5abf4be72500427681db606986a6f1a37c72f80dea1aa2adc1c06bc141eb
693d949d8c3fdc7fd4ace7c340b5f177a9f0c5be7bafee8bc93a7d88b7523d75
7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6
86e40df7313ada62d071baf8df5865a36a68ff666368fbb5fae3a475b744ef71
8a8427d7105d51c3271e5b0be8490acdd33da5646144cbbe570e9b5bcb4b17b0
93db6ff0af01c1416a4cf5643fa970e6facf75aa2c38a66404085039c2314e33
a9314d18847b07d2a3116f661a2f15477455beedfd90dcfc78a5a0094bd948e5
c650935474bb7e79bfea259e16be760993b1c480336f3c218171f29b911f262b
c88dadaa810a69ddcc20ca7ec9601782fa86c6f98ce1e410b9830d405902fccd
d72fcb8924d1e14dbd4b04aff994c1183ee86c620f0aaac034f75fc508548220
da6d05bd49b109c422810d47046a342229d0b3d859a11ea83573222be904d100
eb8529e767f46d32e8e56ae3723672d210617ef19ab7c052be112b16ae25420d
f792d3bcbb8abc02f360a38535725d10767a2add977c25a407c948993328a1b7