bk.sp-mufg.com Open in urlscan Pro
51.79.66.216 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://bk.sp-mufg.com/
Effective URL:
https://bk.sp-mufg.com/
Submission: On August 28 via manual (August 28th 2019, 6:33:53 pm UTC) from CA

Summary HTTP 21 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 21 HTTP transactions. The main IP is 51.79.66.216, located in Canada and belongs to OVH, FR. The main domain is bk.sp-mufg.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on August 28th 2019. Valid for: 3 months.

This is the only time bk.sp-mufg.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: MUFG (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 15	51.79.66.216 51.79.66.216	16276 (OVH) (OVH)
1	112.140.42.8 112.140.42.8	23637 (BI-CDN-IX...) (BI-CDN-IX Equinix Jpapan Enterprise K.K.)
21	3

15 51.79.66.216 (Canada) 1 redirects

ASN16276 (OVH, FR)
PTR: 216.ip-51-79-66.net

bk.sp-mufg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 112.140.42.8 (Japan)

ASN23637 (BI-CDN-IX Equinix Jpapan Enterprise K.K., JP)
PTR: code.analysis.shinobi.jp

code.analysis.shinobi.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	sp-mufg.com 1 redirects bk.sp-mufg.com	110 KB
1	shinobi.jp code.analysis.shinobi.jp	227 B
0	tracer.jp Failed www31.tracer.jp Failed
0	mufg.jp Failed directg.s.bk.mufg.jp Failed
21	4

	Domain	Requested by
15	bk.sp-mufg.com	1 redirects bk.sp-mufg.com
1	code.analysis.shinobi.jp	bk.sp-mufg.com
0	www31.tracer.jp Failed	bk.sp-mufg.com
0	directg.s.bk.mufg.jp Failed	bk.sp-mufg.com
21	4

This site contains links to these domains. Also see Links.

Domain
directg.s.bk.mufg.jp

Subject Issuer	Validity	Valid
bk.sp-mufg.com Let's Encrypt Authority X3	`2019-08-28` - `2019-11-26`	3 months	crt.sh
*.analysis.shinobi.jp Let's Encrypt Authority X3	`2019-07-16` - `2019-10-14`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://bk.sp-mufg.com/
Frame ID: C7C40DBC8F552753F64C86410FE673BE
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://bk.sp-mufg.com/ HTTP 301
https://bk.sp-mufg.com/ Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

21
Requests

71 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

110 kB
Transfer

488 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://directg.s.bk.mufg.jp/refresh/010064.html

Search URL Search Domain Scan URL

URL: https://directg.s.bk.mufg.jp/refresh/010089.html
Title: その他ログインでお困りの場合

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://bk.sp-mufg.com/ HTTP 301
https://bk.sp-mufg.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response bk.sp-mufg.com/ Redirect Chain http://bk.sp-mufg.com/ https://bk.sp-mufg.com/	78 KB 21 KB	409ms 196ms	Document text/html	51.79.66.216 OVH
General Check archive.org Show headers Download Go to Full URL https://bk.sp-mufg.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 51.79.66.216 , Canada, ASN16276 (OVH, FR), Reverse DNS 216.ip-51-79-66.net Software Apache / Resource Hash `657570c4f7e1e19ab3469a3d7c841cf282632d63c90d700a75b860847f3e0658` Request headers :method GET :authority bk.sp-mufg.com :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 sec-fetch-site none accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers status 200 date Wed, 28 Aug 2019 18:33:23 GMT server Apache expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate, no-cache, private pragma no-cache set-cookie PHPSESSID=lg4l84q7jjo27po0vd8e8rp7sc; path=/ XSRF-TOKEN=eyJpdiI6Ik1iU1NXRldBM2FSRDU2QXBPWWpGNnc9PSIsInZhbHVlIjoiUzl5TkZYRDRydkFKU3JFSE9sRVBjeWRYTVVqbFU4V0Z4TWdrdzFGNENrVEh3ZnJ4Q2NobGNqMG5vdzFFRG5yYyIsIm1hYyI6ImZjMjNjMjNjMmEwOGM4MmQzNjI1ZTQ0N2ViYTBhNDNjMjRhNzIxOGVjOTJjMWY1NzgzOGJlZDBiYjZiMTM4ZmUifQ%3D%3D; expires=Wed, 28-Aug-2019 20:33:23 GMT; Max-Age=7200; path=/ laravel_session=eyJpdiI6IlU4Z3hcL0Y1YVwvWVRUMlgrME1iRTREdz09IiwidmFsdWUiOiJnMW9PM0YzdkFnN1phcWdYaG5VNVo1Mk5FTG9Td3lVRFY1bEFhVzNQc1g2aTBOeURhd1lsSGVmWjU2NkRXRjZtIiwibWFjIjoiNTJlNDU2MWJmY2VkYzExZGU1ZmI3ZWI0YzgyOTNjMDZjZDc2NWNiY2QzNmI1MTM5N2I5ZTRlMTkzZmQ0NmVkYiJ9; expires=Wed, 28-Aug-2019 20:33:23 GMT; Max-Age=7200; path=/; httponly vary Accept-Encoding content-encoding gzip content-length 20922 content-type text/html; charset=UTF-8 Redirect headers Date Wed, 28 Aug 2019 18:33:22 GMT Server Apache Location https://bk.sp-mufg.com/ Content-Length 295 Connection close Content-Type text/html; charset=iso-8859-1
GET H2	200	CommonStyle_002.css bk.sp-mufg.com/static/yahulogin1/	154 KB 21 KB	232ms 231ms	Stylesheet text/css	51.79.66.216 OVH
General Check archive.org Show headers Download Go to Full URL https://bk.sp-mufg.com/static/yahulogin1/CommonStyle_002.css Requested by Host: bk.sp-mufg.com URL: https://bk.sp-mufg.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 51.79.66.216 , Canada, ASN16276 (OVH, FR), Reverse DNS 216.ip-51-79-66.net Software Apache / Resource Hash `036deea0b96eb0182f6c1fff15ee491250f7c993e9c8676de80e63cca5d4d72a` Request headers Sec-Fetch-Mode no-cors Referer https://bk.sp-mufg.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Wed, 28 Aug 2019 18:33:23 GMT content-encoding gzip last-modified Tue, 20 Aug 2019 10:41:54 GMT server Apache etag "26934-5908a1adb0080-gzip" vary Accept-Encoding content-type text/css status 200 accept-ranges bytes content-length 21214
GET H2	200	CommonStyle.css bk.sp-mufg.com/static/yahulogin1/	67 KB 10 KB	129ms 128ms	Stylesheet text/css	51.79.66.216 OVH
General Check archive.org Show headers Download Go to Full URL https://bk.sp-mufg.com/static/yahulogin1/CommonStyle.css Requested by Host: bk.sp-mufg.com URL: https://bk.sp-mufg.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 51.79.66.216 , Canada, ASN16276 (OVH, FR), Reverse DNS 216.ip-51-79-66.net Software Apache / Resource Hash `c88dadaa810a69ddcc20ca7ec9601782fa86c6f98ce1e410b9830d405902fccd` Request headers Sec-Fetch-Mode no-cors Referer https://bk.sp-mufg.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Wed, 28 Aug 2019 18:33:23 GMT content-encoding gzip last-modified Tue, 20 Aug 2019 10:41:54 GMT server Apache etag "10de8-5908a1adb0080-gzip" vary Accept-Encoding content-type text/css status 200 accept-ranges bytes content-length 9613
GET H2	200	sp_jscript.js Show response bk.sp-mufg.com/static/yahulogin1/	93 KB 33 KB	202ms 201ms	Script application/javascript	51.79.66.216 OVH
General Check archive.org Show headers Download Go to Full URL https://bk.sp-mufg.com/static/yahulogin1/sp_jscript.js Requested by Host: bk.sp-mufg.com URL: https://bk.sp-mufg.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 51.79.66.216 , Canada, ASN16276 (OVH, FR), Reverse DNS 216.ip-51-79-66.net Software Apache / Resource Hash `d72fcb8924d1e14dbd4b04aff994c1183ee86c620f0aaac034f75fc508548220` Request headers Sec-Fetch-Mode no-cors Referer https://bk.sp-mufg.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Wed, 28 Aug 2019 18:33:23 GMT content-encoding gzip last-modified Tue, 20 Aug 2019 10:41:54 GMT server Apache etag "1727b-5908a1adb0080-gzip" vary Accept-Encoding content-type application/javascript status 200 accept-ranges bytes content-length 33632
GET H2	200	CommonScript.js Show response bk.sp-mufg.com/static/yahulogin1/	22 KB 5 KB	129ms 128ms	Script application/javascript	51.79.66.216 OVH
General Check archive.org Show headers Download Go to Full URL https://bk.sp-mufg.com/static/yahulogin1/CommonScript.js Requested by Host: bk.sp-mufg.com URL: https://bk.sp-mufg.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 51.79.66.216 , Canada, ASN16276 (OVH, FR), Reverse DNS 216.ip-51-79-66.net Software Apache / Resource Hash `da6d05bd49b109c422810d47046a342229d0b3d859a11ea83573222be904d100` Request headers Sec-Fetch-Mode no-cors Referer https://bk.sp-mufg.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Wed, 28 Aug 2019 18:33:23 GMT content-encoding gzip last-modified Tue, 20 Aug 2019 10:41:54 GMT server Apache etag "5863-5908a1adb0080-gzip" vary Accept-Encoding content-type application/javascript status 200 accept-ranges bytes content-length 5319
GET H2	200	main_logo.gif bk.sp-mufg.com/static/yahulogin1/	4 KB 4 KB	129ms 129ms	Image image/gif	51.79.66.216 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://bk.sp-mufg.com/static/yahulogin1/main_logo.gif Requested by Host: bk.sp-mufg.com URL: https://bk.sp-mufg.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 51.79.66.216 , Canada, ASN16276 (OVH, FR), Reverse DNS 216.ip-51-79-66.net Software Apache / Resource Hash `648b5abf4be72500427681db606986a6f1a37c72f80dea1aa2adc1c06bc141eb` Request headers Sec-Fetch-Mode no-cors Referer https://bk.sp-mufg.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Wed, 28 Aug 2019 18:33:23 GMT last-modified Tue, 20 Aug 2019 10:41:54 GMT server Apache etag "f00-5908a1adb0080" content-type image/gif status 200 accept-ranges bytes content-length 3840
GET H2	200	icon_help.png bk.sp-mufg.com/static/yahulogin1/	1 KB 1 KB	129ms 129ms	Image image/png	51.79.66.216 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://bk.sp-mufg.com/static/yahulogin1/icon_help.png Requested by Host: bk.sp-mufg.com URL: https://bk.sp-mufg.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 51.79.66.216 , Canada, ASN16276 (OVH, FR), Reverse DNS 216.ip-51-79-66.net Software Apache / Resource Hash `8a8427d7105d51c3271e5b0be8490acdd33da5646144cbbe570e9b5bcb4b17b0` Request headers Sec-Fetch-Mode no-cors Referer https://bk.sp-mufg.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Wed, 28 Aug 2019 18:33:23 GMT last-modified Tue, 20 Aug 2019 10:41:54 GMT server Apache etag "566-5908a1adb0080" content-type image/png status 200 accept-ranges bytes content-length 1382
GET H/1.1	200 OK	NewScript Show response code.analysis.shinobi.jp/ninja_ar/	71 B 227 B	16542ms 255ms	Script text/javascript	112.140.42.8 BI-CDN-IX Equinix...
General Check archive.org Show headers Download Go to Full URL https://code.analysis.shinobi.jp/ninja_ar/NewScript?id=00437185&hash=94a265d9&zone=36 Requested by Host: bk.sp-mufg.com URL: https://bk.sp-mufg.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 112.140.42.8 , Japan, ASN23637 (BI-CDN-IX Equinix Jpapan Enterprise K.K., JP), Reverse DNS code.analysis.shinobi.jp Software nginx / Resource Hash `4dd9e8be735a076d0b278adb29378ba44befc9b4d92712e9d36ebc008c72724a` Request headers Sec-Fetch-Mode no-cors Referer https://bk.sp-mufg.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 28 Aug 2019 18:33:39 GMT Server nginx Connection close Content-Length 71 Content-Type text/javascript; charset=utf-8
GET H2	200	SP_notice_1.gif bk.sp-mufg.com/static/yahulogin1/	43 B 89 B	111ms 110ms	Image image/gif	51.79.66.216 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://bk.sp-mufg.com/static/yahulogin1/SP_notice_1.gif Requested by Host: bk.sp-mufg.com URL: https://bk.sp-mufg.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 51.79.66.216 , Canada, ASN16276 (OVH, FR), Reverse DNS 216.ip-51-79-66.net Software Apache / Resource Hash `548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87` Request headers Sec-Fetch-Mode no-cors Referer https://bk.sp-mufg.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Wed, 28 Aug 2019 18:33:23 GMT last-modified Tue, 20 Aug 2019 10:41:54 GMT server Apache etag "2b-5908a1adb0080" content-type image/gif status 200 accept-ranges bytes content-length 43
GET H2	200	SP_notice_loginout1_1_1.gif bk.sp-mufg.com/static/yahulogin1/	49 B 95 B	111ms 110ms	Image image/gif	51.79.66.216 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://bk.sp-mufg.com/static/yahulogin1/SP_notice_loginout1_1_1.gif Requested by Host: bk.sp-mufg.com URL: https://bk.sp-mufg.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 51.79.66.216 , Canada, ASN16276 (OVH, FR), Reverse DNS 216.ip-51-79-66.net Software Apache / Resource Hash `93db6ff0af01c1416a4cf5643fa970e6facf75aa2c38a66404085039c2314e33` Request headers Sec-Fetch-Mode no-cors Referer https://bk.sp-mufg.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Wed, 28 Aug 2019 18:33:23 GMT last-modified Tue, 20 Aug 2019 10:41:54 GMT server Apache etag "31-5908a1adb0080" content-type image/gif status 200 accept-ranges bytes content-length 49
GET H2	200	06a_drb.js Show response bk.sp-mufg.com/static/yahulogin1/	2 B 46 B	103ms 103ms	Script application/javascript	51.79.66.216 OVH
General Check archive.org Show headers Download Go to Full URL https://bk.sp-mufg.com/static/yahulogin1/06a_drb.js Requested by Host: bk.sp-mufg.com URL: https://bk.sp-mufg.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 51.79.66.216 , Canada, ASN16276 (OVH, FR), Reverse DNS 216.ip-51-79-66.net Software Apache / Resource Hash `7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6` Request headers Sec-Fetch-Mode no-cors Referer https://bk.sp-mufg.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Wed, 28 Aug 2019 18:33:23 GMT last-modified Tue, 20 Aug 2019 10:41:54 GMT server Apache etag "2-5908a1adb0080" content-type application/javascript status 200 accept-ranges bytes content-length 2
GET H2	200	ct13176.js Show response bk.sp-mufg.com/static/yahulogin1/	68 KB 14 KB	107ms 107ms	Script application/javascript	51.79.66.216 OVH
General Check archive.org Show headers Download Go to Full URL https://bk.sp-mufg.com/static/yahulogin1/ct13176.js Requested by Host: bk.sp-mufg.com URL: https://bk.sp-mufg.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 51.79.66.216 , Canada, ASN16276 (OVH, FR), Reverse DNS 216.ip-51-79-66.net Software Apache / Resource Hash `1470d232a2ad3cc727d26623e9863de2334b5da7de83b539dd05cb9f3e1997ab` Request headers Sec-Fetch-Mode no-cors Referer https://bk.sp-mufg.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Wed, 28 Aug 2019 18:33:23 GMT content-encoding gzip last-modified Tue, 20 Aug 2019 10:41:54 GMT server Apache etag "111b9-5908a1adb0080-gzip" vary Accept-Encoding content-type application/javascript status 200 accept-ranges bytes content-length 14469
GET H2	200	Trace.gif bk.sp-mufg.com/static/yahulogin1/	43 B 89 B	111ms 110ms	Image image/gif	51.79.66.216 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://bk.sp-mufg.com/static/yahulogin1/Trace.gif Requested by Host: bk.sp-mufg.com URL: https://bk.sp-mufg.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 51.79.66.216 , Canada, ASN16276 (OVH, FR), Reverse DNS 216.ip-51-79-66.net Software Apache / Resource Hash `693d949d8c3fdc7fd4ace7c340b5f177a9f0c5be7bafee8bc93a7d88b7523d75` Request headers Sec-Fetch-Mode no-cors Referer https://bk.sp-mufg.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Wed, 28 Aug 2019 18:33:23 GMT last-modified Tue, 20 Aug 2019 10:41:54 GMT server Apache etag "2b-5908a1adb0080" content-type image/gif status 200 accept-ranges bytes content-length 43
GET H2	200	LineAccessAnalytics.js Show response bk.sp-mufg.com/static/yahulogin1/	1 B 45 B	111ms 110ms	Script application/javascript	51.79.66.216 OVH
General Check archive.org Show headers Download Go to Full URL https://bk.sp-mufg.com/static/yahulogin1/LineAccessAnalytics.js Requested by Host: bk.sp-mufg.com URL: https://bk.sp-mufg.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 51.79.66.216 , Canada, ASN16276 (OVH, FR), Reverse DNS 216.ip-51-79-66.net Software Apache / Resource Hash `36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068` Request headers Sec-Fetch-Mode no-cors Referer https://bk.sp-mufg.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Wed, 28 Aug 2019 18:33:23 GMT last-modified Tue, 20 Aug 2019 10:41:54 GMT server Apache etag "1-5908a1adb0080" content-type application/javascript status 200 accept-ranges bytes content-length 1
GET H2	200	middlegrade.js Show response bk.sp-mufg.com/static/yahulogin1/	1 B 45 B	111ms 110ms	Script application/javascript	51.79.66.216 OVH
General Check archive.org Show headers Download Go to Full URL https://bk.sp-mufg.com/static/yahulogin1/middlegrade.js Requested by Host: bk.sp-mufg.com URL: https://bk.sp-mufg.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 51.79.66.216 , Canada, ASN16276 (OVH, FR), Reverse DNS 216.ip-51-79-66.net Software Apache / Resource Hash `36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068` Request headers Sec-Fetch-Mode no-cors Referer https://bk.sp-mufg.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Wed, 28 Aug 2019 18:33:23 GMT last-modified Tue, 20 Aug 2019 10:41:54 GMT server Apache etag "1-5908a1adb0080" content-type application/javascript status 200 accept-ranges bytes content-length 1
GET		slide_banners_login.jsonp directg.s.bk.mufg.jp/refresh/imgs/_user/	0 0

GET		icon_login.gif directg.s.bk.mufg.jp/refresh/imgs/_SP_IMAGE/LOGINOUT/	0 0

GET		icon_arrow_down.gif directg.s.bk.mufg.jp/refresh/imgs/_SP_IMAGE/LOGINOUT/	0 0

GET		icon_fortop.gif directg.s.bk.mufg.jp/refresh/imgs/_SP_IMAGE/LOGINOUT/	0 0

GET		icon_tel.gif directg.s.bk.mufg.jp/refresh/imgs/_SP_IMAGE/LOGINOUT/	0 0

GET		Trace www31.tracer.jp/VL/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: directg.s.bk.mufg.jp
URL: https://directg.s.bk.mufg.jp/refresh/imgs/_user/slide_banners_login.jsonp?callback=mufgJS_bannerJsonp&_=1567017203577

Domain: directg.s.bk.mufg.jp
URL: https://directg.s.bk.mufg.jp/refresh/imgs/_SP_IMAGE/LOGINOUT/icon_login.gif

Domain: directg.s.bk.mufg.jp
URL: https://directg.s.bk.mufg.jp/refresh/imgs/_SP_IMAGE/LOGINOUT/icon_arrow_down.gif

Domain: directg.s.bk.mufg.jp
URL: https://directg.s.bk.mufg.jp/refresh/imgs/_SP_IMAGE/LOGINOUT/icon_fortop.gif

Domain: directg.s.bk.mufg.jp
URL: https://directg.s.bk.mufg.jp/refresh/imgs/_SP_IMAGE/LOGINOUT/icon_tel.gif

Domain: www31.tracer.jp
URL: https://www31.tracer.jp/VL/Trace?g=/1&c=13176&p=AA011_SP&l=https%3A//bk.sp-mufg.com/&t=%u30ED%u30B0%u30A4%u30F3%20-%20%u4E09%u83F1UFJ%u30C0%u30A4%u30EC%u30AF%u30C8&k=true&sf=false&j=false&w=1600&h=1200&d=24&o=https%3A&tp=1&lng=en&jt=1567017203635&jd=1567017203636_1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: MUFG (Banking)

207 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bk.sp-mufg.com
code.analysis.shinobi.jp
directg.s.bk.mufg.jp
www31.tracer.jp
directg.s.bk.mufg.jp
www31.tracer.jp
112.140.42.8
51.79.66.216
036deea0b96eb0182f6c1fff15ee491250f7c993e9c8676de80e63cca5d4d72a
1470d232a2ad3cc727d26623e9863de2334b5da7de83b539dd05cb9f3e1997ab
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
4dd9e8be735a076d0b278adb29378ba44befc9b4d92712e9d36ebc008c72724a
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
648b5abf4be72500427681db606986a6f1a37c72f80dea1aa2adc1c06bc141eb
657570c4f7e1e19ab3469a3d7c841cf282632d63c90d700a75b860847f3e0658
693d949d8c3fdc7fd4ace7c340b5f177a9f0c5be7bafee8bc93a7d88b7523d75
7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6
8a8427d7105d51c3271e5b0be8490acdd33da5646144cbbe570e9b5bcb4b17b0
93db6ff0af01c1416a4cf5643fa970e6facf75aa2c38a66404085039c2314e33
c88dadaa810a69ddcc20ca7ec9601782fa86c6f98ce1e410b9830d405902fccd
d72fcb8924d1e14dbd4b04aff994c1183ee86c620f0aaac034f75fc508548220
da6d05bd49b109c422810d47046a342229d0b3d859a11ea83573222be904d100

bk.sp-mufg.com Open in urlscan Pro 51.79.66.216 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

21 Requests

71 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

3 IPs

2 Countries

110 kBTransfer

488 kBSize

0 Cookies

2 Outgoing links

Page URL History

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

207 JavaScript Global Variables

0 Cookies

Indicators

bk.sp-mufg.com Open in urlscan Pro
51.79.66.216 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

71 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

110 kB
Transfer

488 kB
Size

0
Cookies

21 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!