bk.sp-mufg.com
Open in
urlscan Pro
51.79.66.216
Malicious Activity!
Public Scan
Effective URL: https://bk.sp-mufg.com/
Submission: On August 28 via manual from CA
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on August 28th 2019. Valid for: 3 months.
This is the only time bk.sp-mufg.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: MUFG (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 15 | 51.79.66.216 51.79.66.216 | 16276 (OVH) (OVH) | |
1 | 112.140.42.8 112.140.42.8 | 23637 (BI-CDN-IX...) (BI-CDN-IX Equinix Jpapan Enterprise K.K.) | |
21 | 3 |
ASN23637 (BI-CDN-IX Equinix Jpapan Enterprise K.K., JP)
PTR: code.analysis.shinobi.jp
code.analysis.shinobi.jp |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
sp-mufg.com
1 redirects
bk.sp-mufg.com |
110 KB |
1 |
shinobi.jp
code.analysis.shinobi.jp |
227 B |
0 |
tracer.jp
Failed
www31.tracer.jp Failed |
|
0 |
mufg.jp
Failed
directg.s.bk.mufg.jp Failed |
|
21 | 4 |
Domain | Requested by | |
---|---|---|
15 | bk.sp-mufg.com |
1 redirects
bk.sp-mufg.com
|
1 | code.analysis.shinobi.jp |
bk.sp-mufg.com
|
0 | www31.tracer.jp Failed |
bk.sp-mufg.com
|
0 | directg.s.bk.mufg.jp Failed |
bk.sp-mufg.com
|
21 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
directg.s.bk.mufg.jp |
Subject Issuer | Validity | Valid | |
---|---|---|---|
bk.sp-mufg.com Let's Encrypt Authority X3 |
2019-08-28 - 2019-11-26 |
3 months | crt.sh |
*.analysis.shinobi.jp Let's Encrypt Authority X3 |
2019-07-16 - 2019-10-14 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://bk.sp-mufg.com/
Frame ID: C7C40DBC8F552753F64C86410FE673BE
Requests: 21 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://bk.sp-mufg.com/
HTTP 301
https://bk.sp-mufg.com/ Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: その他ログインでお困りの場合
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://bk.sp-mufg.com/
HTTP 301
https://bk.sp-mufg.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
bk.sp-mufg.com/ Redirect Chain
|
78 KB 21 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
CommonStyle_002.css
bk.sp-mufg.com/static/yahulogin1/ |
154 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
CommonStyle.css
bk.sp-mufg.com/static/yahulogin1/ |
67 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sp_jscript.js
bk.sp-mufg.com/static/yahulogin1/ |
93 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
CommonScript.js
bk.sp-mufg.com/static/yahulogin1/ |
22 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main_logo.gif
bk.sp-mufg.com/static/yahulogin1/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_help.png
bk.sp-mufg.com/static/yahulogin1/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NewScript
code.analysis.shinobi.jp/ninja_ar/ |
71 B 227 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SP_notice_1.gif
bk.sp-mufg.com/static/yahulogin1/ |
43 B 89 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SP_notice_loginout1_1_1.gif
bk.sp-mufg.com/static/yahulogin1/ |
49 B 95 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
06a_drb.js
bk.sp-mufg.com/static/yahulogin1/ |
2 B 46 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ct13176.js
bk.sp-mufg.com/static/yahulogin1/ |
68 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Trace.gif
bk.sp-mufg.com/static/yahulogin1/ |
43 B 89 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
LineAccessAnalytics.js
bk.sp-mufg.com/static/yahulogin1/ |
1 B 45 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
middlegrade.js
bk.sp-mufg.com/static/yahulogin1/ |
1 B 45 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
slide_banners_login.jsonp
directg.s.bk.mufg.jp/refresh/imgs/_user/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
icon_login.gif
directg.s.bk.mufg.jp/refresh/imgs/_SP_IMAGE/LOGINOUT/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
icon_arrow_down.gif
directg.s.bk.mufg.jp/refresh/imgs/_SP_IMAGE/LOGINOUT/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
icon_fortop.gif
directg.s.bk.mufg.jp/refresh/imgs/_SP_IMAGE/LOGINOUT/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
icon_tel.gif
directg.s.bk.mufg.jp/refresh/imgs/_SP_IMAGE/LOGINOUT/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
Trace
www31.tracer.jp/VL/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- directg.s.bk.mufg.jp
- URL
- https://directg.s.bk.mufg.jp/refresh/imgs/_user/slide_banners_login.jsonp?callback=mufgJS_bannerJsonp&_=1567017203577
- Domain
- directg.s.bk.mufg.jp
- URL
- https://directg.s.bk.mufg.jp/refresh/imgs/_SP_IMAGE/LOGINOUT/icon_login.gif
- Domain
- directg.s.bk.mufg.jp
- URL
- https://directg.s.bk.mufg.jp/refresh/imgs/_SP_IMAGE/LOGINOUT/icon_arrow_down.gif
- Domain
- directg.s.bk.mufg.jp
- URL
- https://directg.s.bk.mufg.jp/refresh/imgs/_SP_IMAGE/LOGINOUT/icon_fortop.gif
- Domain
- directg.s.bk.mufg.jp
- URL
- https://directg.s.bk.mufg.jp/refresh/imgs/_SP_IMAGE/LOGINOUT/icon_tel.gif
- Domain
- www31.tracer.jp
- URL
- https://www31.tracer.jp/VL/Trace?g=/1&c=13176&p=AA011_SP&l=https%3A//bk.sp-mufg.com/&t=%u30ED%u30B0%u30A4%u30F3%20-%20%u4E09%u83F1UFJ%u30C0%u30A4%u30EC%u30AF%u30C8&k=true&sf=false&j=false&w=1600&h=1200&d=24&o=https%3A&tp=1&lng=en&jt=1567017203635&jd=1567017203636_1
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: MUFG (Banking)207 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| BtmuScriptAsset function| getCustomfactInfo function| mufgJS_bannerJsonp string| msg function| doTransaction function| doTransaction2 function| doTransaction3 function| setParameter function| doTransactionForWin function| doTransactionForWin2 function| doTransactionForWin3 function| doSubTransaction number| isTrx number| delayTime function| check function| resetTrx function| openHelp function| openHelpNonSSL function| goAnother function| openAnother function| openPopupWindowSizeFree function| openFullScreenWindow function| openFAQWindow function| setSpFlag function| submitOnEnter function| trim function| trimL function| trimR function| isNumeric function| toHalfChar function| toFullChar function| isEmpty function| replaceByHyphen function| checkNumberingItem function| isHankaku function| checkAlphaItem function| checkAlphaItem2 function| checkTinItem function| toUpper function| checkSerialNoItem function| checkAlphaSwiftItem function| checkAmountCommon function| checkAmountItem function| checkFitAmount function| deleteComma function| isZero function| trimZeroL function| isValidCommaPosition function| replaceYenMark function| deleteHyphen function| checkKanaItem function| checkDotMarkWord function| isHalfSymbol function| excludeCharKindCheck function| checkKeiyakuNo function| checkKeiyakuTenbanKouzaNo function| checkKeiyakuTenbanKouzaNoForOpenApi function| checkIBLoginPassword function| checkFinalBalance function| checkCCPw function| checkNameKn function| checkDirectPw function| checkKakuninNo function| checkOtp function| checkTotp function| checkTeotp function| checkOtp1 function| checkOtp2 function| checkSetteiNo function| checkSerialNo function| isCookie function| setCookie function| getCookie function| topLayoutSet function| setFontSize function| initFontSize number| _timer function| Hashtable function| startsWith function| DomDataCollection function| IE_FingerPrint function| Mozilla_FingerPrint function| Opera_FingerPrint function| Timer function| getRandomPort object| ProxyCollector function| BlackberryLocationCollector function| detectFields string| SEP string| PAIR string| DEV function| FingerPrint function| urlEncode function| encode_deviceprint function| decode_deviceprint function| post_deviceprint function| post_fingerprints function| add_deviceprint function| form_add_data function| form_add_deviceprint string| HTML5 string| BLACKBERRY string| UNDEFINED string| GEO_LOCATION_DEFAULT_STRUCT object| geoLocator boolean| geoLocatorStatus function| detectDeviceCollectionAPIMode function| init function| startCollection function| stopCollection function| getGeolocationStruct function| HTML5LocationCollector object| UIEventCollector function| UIEvent function| InteractionElement function| UIElementList function| activeXDetect function| stripIllegalChars function| stripFullPath object| BrowserDetect function| convertTimestampToGMT function| getTimestampInMillis function| debug function| gotoPageFromAA011 function| gotoShokaitouroku function| gotoSaitouroku function| gotoDirectPswSaitouroku function| gotoSaihakkou string| FULL_KANA_TABLE string| HALF_KANA_TABLE string| FULL_ALPHA_TABLE string| HALF_ALPHA_TABLE string| UPPER_TABLE string| LOWER_TABLE string| ALPHA_ITEM_PATTERN string| ALPHA_ITEM_PATTERN2 string| TIN_ITEM_PATTERN string| ALPHA_ITEM_SWIFT_PATTERN string| HOST_PERMISSIBLE_SIGN_1 string| ALL_KANA_SIGN1_PATTERN string| ALL_KANA_SIGN4_PATTERN string| ALL_KANA_SIGN6_PATTERN string| ALL_KANA_SIGN8_PATTERN string| KANA_ANK_PATTERN string| HALF_SYMBOLE string| DOT_MARKS_PATTERN function| forceIE89Synchronicity string| VLTrace_custom_getparam function| VLTrace_mufg_getpostid function| VLTrace_Default_DMD function| VLTrace_ClassObj_GlobalValues_DMD function| VLTrace_ClassObj_GlobalValues function| VLTrace_Dump_DMD object| Obj_VLTrace_DMD object| Obj_VLTrace_ClassObj_GlobalValuesDMD object| Obj_VLTrace_ClassObj_GlobalValues string| VLTrace_Global_Var_Plugin object| OBJ_VLTrace_ClassObj_FirstPartyCookie function| VLTrace_ClassObj_FirstPartyCookie function| VLTrace_Function_FP_Rpt2 object| OBJ_VLTrace_ClassObj_GlobalValues_Flash function| VLTrace_Function_sError function| VL_Send object| OBJ_VLTrace_ClassObj_GlobalValues_ExtLink object| V5_Trace function| VL_FileDL function| VL_ExtLink function| V5getJsCodeClick function| V5jsSleep function| V5reqImg function| V5getTraceUrlFileDLExtLink string| VLTrace_Global_customer_time boolean| VLTrace_Global_Var_VB_temp undefined| VLTrace_Global_Var_EXTid string| VL_fp_cookval function| VLTrace_Function_Phase2ImageParameter function| VLTrace_Function_Get_Ext_Browser_Info function| VLTrace_Function_Phase2Collection function| VLTrace_Function_CopyObjectProperties function| VLTrace_Function_fError function| VLTrace_Function_Main number| VLTrace_Global_Var_Image_Counter object| OBJ_VLTrace_ClassObj_GlobalValues_Base number| CTD_MAX_URL_LENGTH number| CTD_MAX_REQ_QUE number| CTD_MAX_OBJ_CNCT number| CTD_CNCT_TIMEOUT number| CTD_VLIMG_TIMEOUT number| CTD_TIMER_INTERVAL number| CTD_PARAM_TOTAL number| CTD_PARAM_MAX_LEN string| trace_jt string| vl_fp_cval function| VLTrace_RequestQue object| OBJ_VLTrace_RequestQue function| VLTrace_Function_LoadImageAndCheckComplete function| VLTrace_ActionParam function| VLTrace_Action number| hash_val object| Array_VLTrace_ClassObj_GlobalValues_Bases object| Array_VLTrace_ClassObj_GlobalValues_Bases_EC function| EscapeUTF8 string| dopname object| jQuery17206177993570398632 function| ninja_analyze0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bk.sp-mufg.com
code.analysis.shinobi.jp
directg.s.bk.mufg.jp
www31.tracer.jp
directg.s.bk.mufg.jp
www31.tracer.jp
112.140.42.8
51.79.66.216
036deea0b96eb0182f6c1fff15ee491250f7c993e9c8676de80e63cca5d4d72a
1470d232a2ad3cc727d26623e9863de2334b5da7de83b539dd05cb9f3e1997ab
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
4dd9e8be735a076d0b278adb29378ba44befc9b4d92712e9d36ebc008c72724a
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
648b5abf4be72500427681db606986a6f1a37c72f80dea1aa2adc1c06bc141eb
657570c4f7e1e19ab3469a3d7c841cf282632d63c90d700a75b860847f3e0658
693d949d8c3fdc7fd4ace7c340b5f177a9f0c5be7bafee8bc93a7d88b7523d75
7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6
8a8427d7105d51c3271e5b0be8490acdd33da5646144cbbe570e9b5bcb4b17b0
93db6ff0af01c1416a4cf5643fa970e6facf75aa2c38a66404085039c2314e33
c88dadaa810a69ddcc20ca7ec9601782fa86c6f98ce1e410b9830d405902fccd
d72fcb8924d1e14dbd4b04aff994c1183ee86c620f0aaac034f75fc508548220
da6d05bd49b109c422810d47046a342229d0b3d859a11ea83573222be904d100