URL: https://bk.spmufg.com/
Submission: On August 29 via manual from JP

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 21 HTTP transactions. The main IP is 51.79.66.216, located in Canada and belongs to OVH, FR. The main domain is bk.spmufg.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on August 28th 2019. Valid for: 3 months.
This is the only time bk.spmufg.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: MUFG (Banking)

Domain & IP information

IP Address AS Autonomous System
14 51.79.66.216 16276 (OVH)
1 112.140.42.8 23637 (BI-CDN-IX...)
5 203.178.92.37 4680 (MIND Mits...)
1 18.179.68.37 16509 (AMAZON-02)
21 4
Domain Requested by
14 bk.spmufg.com bk.spmufg.com
5 directg.s.bk.mufg.jp bk.spmufg.com
1 www31.tracer.jp bk.spmufg.com
1 code.analysis.shinobi.jp bk.spmufg.com
21 4

This site contains links to these domains. Also see Links.

Domain
directg.s.bk.mufg.jp
Subject Issuer Validity Valid
bk.sp-mufg.com
Let's Encrypt Authority X3
2019-08-28 -
2019-11-26
3 months crt.sh
*.analysis.shinobi.jp
Let's Encrypt Authority X3
2019-07-16 -
2019-10-14
3 months crt.sh
directg.s.bk.mufg.jp
DigiCert SHA2 Extended Validation Server CA
2018-10-01 -
2019-11-30
a year crt.sh
www31.tracer.jp
DigiCert SHA2 Secure Server CA
2018-12-04 -
2019-12-25
a year crt.sh

This page contains 1 frames:

Primary Page: https://bk.spmufg.com/
Frame ID: 2796F5C7C8A9303AC948CAE34C31421A
Requests: 21 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

21
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

115 kB
Transfer

491 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
bk.spmufg.com/
78 KB
21 KB
Document
General
Full URL
https://bk.spmufg.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.79.66.216 , Canada, ASN16276 (OVH, FR),
Reverse DNS
216.ip-51-79-66.net
Software
Apache /
Resource Hash
a08632efdc0eee773670590cc7ce731cead0305e73ad6170d888c6cd18b223d4

Request headers

:method
GET
:authority
bk.spmufg.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
navigate
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1

Response headers

status
200
date
Thu, 29 Aug 2019 05:49:25 GMT
server
Apache
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, no-cache, private
pragma
no-cache
set-cookie
PHPSESSID=ai425g3933ol8uldssiketekrr; path=/ XSRF-TOKEN=eyJpdiI6IitzNk5VSFwvamZOdkRCNHNJVTA2M1pRPT0iLCJ2YWx1ZSI6IlJqbkYwUmh4ZXdZYjZXZzhlXC9LcEhNMm9qZ2V5Zmt1OURSNEtTSFBQdWdJSzRUVXZJMWladHhGSW1yeGl5VUNnIiwibWFjIjoiYjk0YTNmNjQyOWE1YmRjYjEyMGUzODhjMTQ2ZmE0YWUzNDQzMGE2YTY2YzZkZTUyZDBhNGM4MTU5MTY4MGRjMiJ9; expires=Thu, 29-Aug-2019 07:49:25 GMT; Max-Age=7200; path=/ laravel_session=eyJpdiI6IkM0OXczY25pY0hlbzlPWG9BMmJFK0E9PSIsInZhbHVlIjoiQ0wxUjRBaVZWOFRmMUxwS0x5Uko4c202ZTY5ZkdZM3ZRM2NXNjB0K3BSUVdnZG9rOEk3S2ZIbkErWkJ6dndkTyIsIm1hYyI6ImEwMTdjM2Y1OGFlNDczMjNjNmM0NjlhMWRhOWFiOTgzMGRkMjNkOGM3Y2QxMmQ1N2I3MjQwOGI2ZTNiYWFmODMifQ%3D%3D; expires=Thu, 29-Aug-2019 07:49:25 GMT; Max-Age=7200; path=/; httponly
vary
Accept-Encoding
content-encoding
gzip
content-length
20913
content-type
text/html; charset=UTF-8
CommonStyle_002.css
bk.spmufg.com/static/yahulogin1/
154 KB
21 KB
Stylesheet
General
Full URL
https://bk.spmufg.com/static/yahulogin1/CommonStyle_002.css
Requested by
Host: bk.spmufg.com
URL: https://bk.spmufg.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.79.66.216 , Canada, ASN16276 (OVH, FR),
Reverse DNS
216.ip-51-79-66.net
Software
Apache /
Resource Hash
036deea0b96eb0182f6c1fff15ee491250f7c993e9c8676de80e63cca5d4d72a

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spmufg.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 29 Aug 2019 05:49:25 GMT
content-encoding
gzip
last-modified
Tue, 20 Aug 2019 10:41:54 GMT
server
Apache
etag
"26934-5908a1adb0080-gzip"
vary
Accept-Encoding
content-type
text/css
status
200
accept-ranges
bytes
content-length
21214
CommonStyle.css
bk.spmufg.com/static/yahulogin1/
67 KB
10 KB
Stylesheet
General
Full URL
https://bk.spmufg.com/static/yahulogin1/CommonStyle.css
Requested by
Host: bk.spmufg.com
URL: https://bk.spmufg.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.79.66.216 , Canada, ASN16276 (OVH, FR),
Reverse DNS
216.ip-51-79-66.net
Software
Apache /
Resource Hash
c88dadaa810a69ddcc20ca7ec9601782fa86c6f98ce1e410b9830d405902fccd

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spmufg.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 29 Aug 2019 05:49:25 GMT
content-encoding
gzip
last-modified
Tue, 20 Aug 2019 10:41:54 GMT
server
Apache
etag
"10de8-5908a1adb0080-gzip"
vary
Accept-Encoding
content-type
text/css
status
200
accept-ranges
bytes
content-length
9613
sp_jscript.js
bk.spmufg.com/static/yahulogin1/
93 KB
33 KB
Script
General
Full URL
https://bk.spmufg.com/static/yahulogin1/sp_jscript.js
Requested by
Host: bk.spmufg.com
URL: https://bk.spmufg.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.79.66.216 , Canada, ASN16276 (OVH, FR),
Reverse DNS
216.ip-51-79-66.net
Software
Apache /
Resource Hash
d72fcb8924d1e14dbd4b04aff994c1183ee86c620f0aaac034f75fc508548220

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spmufg.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 29 Aug 2019 05:49:25 GMT
content-encoding
gzip
last-modified
Tue, 20 Aug 2019 10:41:54 GMT
server
Apache
etag
"1727b-5908a1adb0080-gzip"
vary
Accept-Encoding
content-type
application/javascript
status
200
accept-ranges
bytes
content-length
33632
CommonScript.js
bk.spmufg.com/static/yahulogin1/
22 KB
5 KB
Script
General
Full URL
https://bk.spmufg.com/static/yahulogin1/CommonScript.js
Requested by
Host: bk.spmufg.com
URL: https://bk.spmufg.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.79.66.216 , Canada, ASN16276 (OVH, FR),
Reverse DNS
216.ip-51-79-66.net
Software
Apache /
Resource Hash
da6d05bd49b109c422810d47046a342229d0b3d859a11ea83573222be904d100

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spmufg.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 29 Aug 2019 05:49:25 GMT
content-encoding
gzip
last-modified
Tue, 20 Aug 2019 10:41:54 GMT
server
Apache
etag
"5863-5908a1adb0080-gzip"
vary
Accept-Encoding
content-type
application/javascript
status
200
accept-ranges
bytes
content-length
5319
main_logo.gif
bk.spmufg.com/static/yahulogin1/
4 KB
4 KB
Image
General
Full URL
https://bk.spmufg.com/static/yahulogin1/main_logo.gif
Requested by
Host: bk.spmufg.com
URL: https://bk.spmufg.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.79.66.216 , Canada, ASN16276 (OVH, FR),
Reverse DNS
216.ip-51-79-66.net
Software
Apache /
Resource Hash
648b5abf4be72500427681db606986a6f1a37c72f80dea1aa2adc1c06bc141eb

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spmufg.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 29 Aug 2019 05:49:25 GMT
last-modified
Tue, 20 Aug 2019 10:41:54 GMT
server
Apache
etag
"f00-5908a1adb0080"
content-type
image/gif
status
200
accept-ranges
bytes
content-length
3840
icon_help.png
bk.spmufg.com/static/yahulogin1/
1 KB
1 KB
Image
General
Full URL
https://bk.spmufg.com/static/yahulogin1/icon_help.png
Requested by
Host: bk.spmufg.com
URL: https://bk.spmufg.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.79.66.216 , Canada, ASN16276 (OVH, FR),
Reverse DNS
216.ip-51-79-66.net
Software
Apache /
Resource Hash
8a8427d7105d51c3271e5b0be8490acdd33da5646144cbbe570e9b5bcb4b17b0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spmufg.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 29 Aug 2019 05:49:25 GMT
last-modified
Tue, 20 Aug 2019 10:41:54 GMT
server
Apache
etag
"566-5908a1adb0080"
content-type
image/png
status
200
accept-ranges
bytes
content-length
1382
NewScript
code.analysis.shinobi.jp/ninja_ar/
71 B
227 B
Script
General
Full URL
https://code.analysis.shinobi.jp/ninja_ar/NewScript?id=00437185&hash=94a265d9&zone=36
Requested by
Host: bk.spmufg.com
URL: https://bk.spmufg.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
112.140.42.8 , Japan, ASN23637 (BI-CDN-IX Equinix Jpapan Enterprise K.K., JP),
Reverse DNS
code.analysis.shinobi.jp
Software
nginx /
Resource Hash
4dd9e8be735a076d0b278adb29378ba44befc9b4d92712e9d36ebc008c72724a

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spmufg.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 29 Aug 2019 05:49:26 GMT
Server
nginx
Connection
close
Content-Length
71
Content-Type
text/javascript; charset=utf-8
SP_notice_1.gif
bk.spmufg.com/static/yahulogin1/
43 B
89 B
Image
General
Full URL
https://bk.spmufg.com/static/yahulogin1/SP_notice_1.gif
Requested by
Host: bk.spmufg.com
URL: https://bk.spmufg.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.79.66.216 , Canada, ASN16276 (OVH, FR),
Reverse DNS
216.ip-51-79-66.net
Software
Apache /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spmufg.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 29 Aug 2019 05:49:25 GMT
last-modified
Tue, 20 Aug 2019 10:41:54 GMT
server
Apache
etag
"2b-5908a1adb0080"
content-type
image/gif
status
200
accept-ranges
bytes
content-length
43
SP_notice_loginout1_1_1.gif
bk.spmufg.com/static/yahulogin1/
49 B
95 B
Image
General
Full URL
https://bk.spmufg.com/static/yahulogin1/SP_notice_loginout1_1_1.gif
Requested by
Host: bk.spmufg.com
URL: https://bk.spmufg.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.79.66.216 , Canada, ASN16276 (OVH, FR),
Reverse DNS
216.ip-51-79-66.net
Software
Apache /
Resource Hash
93db6ff0af01c1416a4cf5643fa970e6facf75aa2c38a66404085039c2314e33

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spmufg.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 29 Aug 2019 05:49:25 GMT
last-modified
Tue, 20 Aug 2019 10:41:54 GMT
server
Apache
etag
"31-5908a1adb0080"
content-type
image/gif
status
200
accept-ranges
bytes
content-length
49
06a_drb.js
bk.spmufg.com/static/yahulogin1/
2 B
46 B
Script
General
Full URL
https://bk.spmufg.com/static/yahulogin1/06a_drb.js
Requested by
Host: bk.spmufg.com
URL: https://bk.spmufg.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.79.66.216 , Canada, ASN16276 (OVH, FR),
Reverse DNS
216.ip-51-79-66.net
Software
Apache /
Resource Hash
7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spmufg.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 29 Aug 2019 05:49:25 GMT
last-modified
Tue, 20 Aug 2019 10:41:54 GMT
server
Apache
etag
"2-5908a1adb0080"
content-type
application/javascript
status
200
accept-ranges
bytes
content-length
2
ct13176.js
bk.spmufg.com/static/yahulogin1/
68 KB
14 KB
Script
General
Full URL
https://bk.spmufg.com/static/yahulogin1/ct13176.js
Requested by
Host: bk.spmufg.com
URL: https://bk.spmufg.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.79.66.216 , Canada, ASN16276 (OVH, FR),
Reverse DNS
216.ip-51-79-66.net
Software
Apache /
Resource Hash
1470d232a2ad3cc727d26623e9863de2334b5da7de83b539dd05cb9f3e1997ab

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spmufg.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 29 Aug 2019 05:49:25 GMT
content-encoding
gzip
last-modified
Tue, 20 Aug 2019 10:41:54 GMT
server
Apache
etag
"111b9-5908a1adb0080-gzip"
vary
Accept-Encoding
content-type
application/javascript
status
200
accept-ranges
bytes
content-length
14469
Trace.gif
bk.spmufg.com/static/yahulogin1/
43 B
89 B
Image
General
Full URL
https://bk.spmufg.com/static/yahulogin1/Trace.gif
Requested by
Host: bk.spmufg.com
URL: https://bk.spmufg.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.79.66.216 , Canada, ASN16276 (OVH, FR),
Reverse DNS
216.ip-51-79-66.net
Software
Apache /
Resource Hash
693d949d8c3fdc7fd4ace7c340b5f177a9f0c5be7bafee8bc93a7d88b7523d75

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spmufg.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 29 Aug 2019 05:49:25 GMT
last-modified
Tue, 20 Aug 2019 10:41:54 GMT
server
Apache
etag
"2b-5908a1adb0080"
content-type
image/gif
status
200
accept-ranges
bytes
content-length
43
LineAccessAnalytics.js
bk.spmufg.com/static/yahulogin1/
1 B
45 B
Script
General
Full URL
https://bk.spmufg.com/static/yahulogin1/LineAccessAnalytics.js
Requested by
Host: bk.spmufg.com
URL: https://bk.spmufg.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.79.66.216 , Canada, ASN16276 (OVH, FR),
Reverse DNS
216.ip-51-79-66.net
Software
Apache /
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spmufg.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 29 Aug 2019 05:49:25 GMT
last-modified
Tue, 20 Aug 2019 10:41:54 GMT
server
Apache
etag
"1-5908a1adb0080"
content-type
application/javascript
status
200
accept-ranges
bytes
content-length
1
middlegrade.js
bk.spmufg.com/static/yahulogin1/
1 B
45 B
Script
General
Full URL
https://bk.spmufg.com/static/yahulogin1/middlegrade.js
Requested by
Host: bk.spmufg.com
URL: https://bk.spmufg.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.79.66.216 , Canada, ASN16276 (OVH, FR),
Reverse DNS
216.ip-51-79-66.net
Software
Apache /
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spmufg.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 29 Aug 2019 05:49:25 GMT
last-modified
Tue, 20 Aug 2019 10:41:54 GMT
server
Apache
etag
"1-5908a1adb0080"
content-type
application/javascript
status
200
accept-ranges
bytes
content-length
1
slide_banners_login.jsonp
directg.s.bk.mufg.jp/refresh/imgs/_user/
434 B
746 B
Script
General
Full URL
https://directg.s.bk.mufg.jp/refresh/imgs/_user/slide_banners_login.jsonp?callback=mufgJS_bannerJsonp&_=1567057765418
Requested by
Host: bk.spmufg.com
URL: https://bk.spmufg.com/static/yahulogin1/sp_jscript.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.178.92.37 , Japan, ASN4680 (MIND Mitsubishi Electric Information Network Corporation, JP),
Reverse DNS
Software
Apache /
Resource Hash
c650935474bb7e79bfea259e16be760993b1c480336f3c218171f29b911f262b

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spmufg.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 29 Aug 2019 05:49:27 GMT
Last-Modified
Tue, 11 Aug 2015 14:58:52 GMT
Server
Apache
ETag
"1b2-51d0a571dc300"
Cache-Control
max-age=300
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=1, max=100
Content-Length
434
Expires
Thu, 29 Aug 2019 05:54:27 GMT
icon_login.gif
directg.s.bk.mufg.jp/refresh/imgs/_SP_IMAGE/LOGINOUT/
776 B
1 KB
Image
General
Full URL
https://directg.s.bk.mufg.jp/refresh/imgs/_SP_IMAGE/LOGINOUT/icon_login.gif
Requested by
Host: bk.spmufg.com
URL: https://bk.spmufg.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.178.92.37 , Japan, ASN4680 (MIND Mitsubishi Electric Information Network Corporation, JP),
Reverse DNS
Software
Apache /
Resource Hash
86e40df7313ada62d071baf8df5865a36a68ff666368fbb5fae3a475b744ef71

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spmufg.com/static/yahulogin1/CommonStyle.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 29 Aug 2019 05:49:27 GMT
Last-Modified
Sat, 10 May 2014 12:06:55 GMT
Server
Apache
ETag
"308-4f90a8cdb15c0"
Content-Type
image/gif
Cache-Control
max-age=300
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=1, max=100
Content-Length
776
Expires
Thu, 29 Aug 2019 05:54:27 GMT
icon_arrow_down.gif
directg.s.bk.mufg.jp/refresh/imgs/_SP_IMAGE/LOGINOUT/
563 B
899 B
Image
General
Full URL
https://directg.s.bk.mufg.jp/refresh/imgs/_SP_IMAGE/LOGINOUT/icon_arrow_down.gif
Requested by
Host: bk.spmufg.com
URL: https://bk.spmufg.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.178.92.37 , Japan, ASN4680 (MIND Mitsubishi Electric Information Network Corporation, JP),
Reverse DNS
Software
Apache /
Resource Hash
3f42593543b911d97eba60eadc6b36f946e00814bca36ae7f64615e6ab935931

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spmufg.com/static/yahulogin1/CommonStyle.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 29 Aug 2019 05:49:27 GMT
Last-Modified
Sat, 10 May 2014 12:06:55 GMT
Server
Apache
ETag
"233-4f90a8cdb15c0"
Content-Type
image/gif
Cache-Control
max-age=300
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=1, max=99
Content-Length
563
Expires
Thu, 29 Aug 2019 05:54:27 GMT
icon_fortop.gif
directg.s.bk.mufg.jp/refresh/imgs/_SP_IMAGE/LOGINOUT/
407 B
743 B
Image
General
Full URL
https://directg.s.bk.mufg.jp/refresh/imgs/_SP_IMAGE/LOGINOUT/icon_fortop.gif
Requested by
Host: bk.spmufg.com
URL: https://bk.spmufg.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.178.92.37 , Japan, ASN4680 (MIND Mitsubishi Electric Information Network Corporation, JP),
Reverse DNS
Software
Apache /
Resource Hash
a9314d18847b07d2a3116f661a2f15477455beedfd90dcfc78a5a0094bd948e5

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spmufg.com/static/yahulogin1/CommonStyle.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 29 Aug 2019 05:49:27 GMT
Last-Modified
Sat, 10 May 2014 12:06:55 GMT
Server
Apache
ETag
"197-4f90a8cdb15c0"
Content-Type
image/gif
Cache-Control
max-age=300
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=1, max=99
Content-Length
407
Expires
Thu, 29 Aug 2019 05:54:27 GMT
icon_tel.gif
directg.s.bk.mufg.jp/refresh/imgs/_SP_IMAGE/LOGINOUT/
769 B
1 KB
Image
General
Full URL
https://directg.s.bk.mufg.jp/refresh/imgs/_SP_IMAGE/LOGINOUT/icon_tel.gif
Requested by
Host: bk.spmufg.com
URL: https://bk.spmufg.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.178.92.37 , Japan, ASN4680 (MIND Mitsubishi Electric Information Network Corporation, JP),
Reverse DNS
Software
Apache /
Resource Hash
f792d3bcbb8abc02f360a38535725d10767a2add977c25a407c948993328a1b7

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spmufg.com/static/yahulogin1/CommonStyle.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 29 Aug 2019 05:49:27 GMT
Last-Modified
Sat, 10 May 2014 12:06:55 GMT
Server
Apache
ETag
"301-4f90a8cdb15c0"
Content-Type
image/gif
Cache-Control
max-age=300
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=1, max=98
Content-Length
769
Expires
Thu, 29 Aug 2019 05:54:27 GMT
Trace
www31.tracer.jp/VL/
43 B
639 B
Image
General
Full URL
https://www31.tracer.jp/VL/Trace?g=/1&c=13176&p=AA011_SP&l=https%3A//bk.spmufg.com/&t=%u30ED%u30B0%u30A4%u30F3%20-%20%u4E09%u83F1UFJ%u30C0%u30A4%u30EC%u30AF%u30C8&k=true&sf=false&j=false&w=1600&h=1200&d=24&o=https%3A&tp=1&lng=en&jt=1567057765454&jd=1567057765456_1
Requested by
Host: bk.spmufg.com
URL: https://bk.spmufg.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.179.68.37 Tokyo, Japan, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-179-68-37.ap-northeast-1.compute.amazonaws.com
Software
Apache /
Resource Hash
693d949d8c3fdc7fd4ace7c340b5f177a9f0c5be7bafee8bc93a7d88b7523d75

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bk.spmufg.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 29 Aug 2019 05:49:27 GMT
Server
Apache
P3P
policyref="/w3c/p3p.xml",CP="NOI DSP COR ADM DEV PSA OUR IND UNI COM NAV INT STA"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 29 Aug 2019 05:49:27 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: MUFG (Banking)

207 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| BtmuScriptAsset function| getCustomfactInfo undefined| mufgJS_bannerJsonp string| msg function| doTransaction function| doTransaction2 function| doTransaction3 function| setParameter function| doTransactionForWin function| doTransactionForWin2 function| doTransactionForWin3 function| doSubTransaction number| isTrx number| delayTime function| check function| resetTrx function| openHelp function| openHelpNonSSL function| goAnother function| openAnother function| openPopupWindowSizeFree function| openFullScreenWindow function| openFAQWindow function| setSpFlag function| submitOnEnter function| trim function| trimL function| trimR function| isNumeric function| toHalfChar function| toFullChar function| isEmpty function| replaceByHyphen function| checkNumberingItem function| isHankaku function| checkAlphaItem function| checkAlphaItem2 function| checkTinItem function| toUpper function| checkSerialNoItem function| checkAlphaSwiftItem function| checkAmountCommon function| checkAmountItem function| checkFitAmount function| deleteComma function| isZero function| trimZeroL function| isValidCommaPosition function| replaceYenMark function| deleteHyphen function| checkKanaItem function| checkDotMarkWord function| isHalfSymbol function| excludeCharKindCheck function| checkKeiyakuNo function| checkKeiyakuTenbanKouzaNo function| checkKeiyakuTenbanKouzaNoForOpenApi function| checkIBLoginPassword function| checkFinalBalance function| checkCCPw function| checkNameKn function| checkDirectPw function| checkKakuninNo function| checkOtp function| checkTotp function| checkTeotp function| checkOtp1 function| checkOtp2 function| checkSetteiNo function| checkSerialNo function| isCookie function| setCookie function| getCookie function| topLayoutSet function| setFontSize function| initFontSize number| _timer function| Hashtable function| startsWith function| DomDataCollection function| IE_FingerPrint function| Mozilla_FingerPrint function| Opera_FingerPrint function| Timer function| getRandomPort object| ProxyCollector function| BlackberryLocationCollector function| detectFields string| SEP string| PAIR string| DEV function| FingerPrint function| urlEncode function| encode_deviceprint function| decode_deviceprint function| post_deviceprint function| post_fingerprints function| add_deviceprint function| form_add_data function| form_add_deviceprint string| HTML5 string| BLACKBERRY string| UNDEFINED string| GEO_LOCATION_DEFAULT_STRUCT object| geoLocator boolean| geoLocatorStatus function| detectDeviceCollectionAPIMode function| init function| startCollection function| stopCollection function| getGeolocationStruct function| HTML5LocationCollector object| UIEventCollector function| UIEvent function| InteractionElement function| UIElementList function| activeXDetect function| stripIllegalChars function| stripFullPath object| BrowserDetect function| convertTimestampToGMT function| getTimestampInMillis function| debug function| gotoPageFromAA011 function| gotoShokaitouroku function| gotoSaitouroku function| gotoDirectPswSaitouroku function| gotoSaihakkou string| FULL_KANA_TABLE string| HALF_KANA_TABLE string| FULL_ALPHA_TABLE string| HALF_ALPHA_TABLE string| UPPER_TABLE string| LOWER_TABLE string| ALPHA_ITEM_PATTERN string| ALPHA_ITEM_PATTERN2 string| TIN_ITEM_PATTERN string| ALPHA_ITEM_SWIFT_PATTERN string| HOST_PERMISSIBLE_SIGN_1 string| ALL_KANA_SIGN1_PATTERN string| ALL_KANA_SIGN4_PATTERN string| ALL_KANA_SIGN6_PATTERN string| ALL_KANA_SIGN8_PATTERN string| KANA_ANK_PATTERN string| HALF_SYMBOLE string| DOT_MARKS_PATTERN function| forceIE89Synchronicity string| VLTrace_custom_getparam function| VLTrace_mufg_getpostid function| VLTrace_Default_DMD function| VLTrace_ClassObj_GlobalValues_DMD function| VLTrace_ClassObj_GlobalValues function| VLTrace_Dump_DMD object| Obj_VLTrace_DMD object| Obj_VLTrace_ClassObj_GlobalValuesDMD object| Obj_VLTrace_ClassObj_GlobalValues string| VLTrace_Global_Var_Plugin object| OBJ_VLTrace_ClassObj_FirstPartyCookie function| VLTrace_ClassObj_FirstPartyCookie function| VLTrace_Function_FP_Rpt2 object| OBJ_VLTrace_ClassObj_GlobalValues_Flash function| VLTrace_Function_sError function| VL_Send object| OBJ_VLTrace_ClassObj_GlobalValues_ExtLink object| V5_Trace function| VL_FileDL function| VL_ExtLink function| V5getJsCodeClick function| V5jsSleep function| V5reqImg function| V5getTraceUrlFileDLExtLink string| VLTrace_Global_customer_time boolean| VLTrace_Global_Var_VB_temp undefined| VLTrace_Global_Var_EXTid string| VL_fp_cookval function| VLTrace_Function_Phase2ImageParameter function| VLTrace_Function_Get_Ext_Browser_Info function| VLTrace_Function_Phase2Collection function| VLTrace_Function_CopyObjectProperties function| VLTrace_Function_fError function| VLTrace_Function_Main number| VLTrace_Global_Var_Image_Counter object| OBJ_VLTrace_ClassObj_GlobalValues_Base number| CTD_MAX_URL_LENGTH number| CTD_MAX_REQ_QUE number| CTD_MAX_OBJ_CNCT number| CTD_CNCT_TIMEOUT number| CTD_VLIMG_TIMEOUT number| CTD_TIMER_INTERVAL number| CTD_PARAM_TOTAL number| CTD_PARAM_MAX_LEN string| trace_jt string| vl_fp_cval function| VLTrace_RequestQue object| OBJ_VLTrace_RequestQue function| VLTrace_Function_LoadImageAndCheckComplete function| VLTrace_ActionParam function| VLTrace_Action number| hash_val object| Array_VLTrace_ClassObj_GlobalValues_Bases object| Array_VLTrace_ClassObj_GlobalValues_Bases_EC function| EscapeUTF8 string| dopname object| jQuery17205709492208218974 function| ninja_analyze

3 Cookies

Domain/Path Name / Value
bk.spmufg.com/ Name: laravel_session
Value: eyJpdiI6IkM0OXczY25pY0hlbzlPWG9BMmJFK0E9PSIsInZhbHVlIjoiQ0wxUjRBaVZWOFRmMUxwS0x5Uko4c202ZTY5ZkdZM3ZRM2NXNjB0K3BSUVdnZG9rOEk3S2ZIbkErWkJ6dndkTyIsIm1hYyI6ImEwMTdjM2Y1OGFlNDczMjNjNmM0NjlhMWRhOWFiOTgzMGRkMjNkOGM3Y2QxMmQ1N2I3MjQwOGI2ZTNiYWFmODMifQ%3D%3D
bk.spmufg.com/ Name: XSRF-TOKEN
Value: eyJpdiI6IitzNk5VSFwvamZOdkRCNHNJVTA2M1pRPT0iLCJ2YWx1ZSI6IlJqbkYwUmh4ZXdZYjZXZzhlXC9LcEhNMm9qZ2V5Zmt1OURSNEtTSFBQdWdJSzRUVXZJMWladHhGSW1yeGl5VUNnIiwibWFjIjoiYjk0YTNmNjQyOWE1YmRjYjEyMGUzODhjMTQ2ZmE0YWUzNDQzMGE2YTY2YzZkZTUyZDBhNGM4MTU5MTY4MGRjMiJ9
bk.spmufg.com/ Name: PHPSESSID
Value: ai425g3933ol8uldssiketekrr

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bk.spmufg.com
code.analysis.shinobi.jp
directg.s.bk.mufg.jp
www31.tracer.jp
112.140.42.8
18.179.68.37
203.178.92.37
51.79.66.216
036deea0b96eb0182f6c1fff15ee491250f7c993e9c8676de80e63cca5d4d72a
1470d232a2ad3cc727d26623e9863de2334b5da7de83b539dd05cb9f3e1997ab
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
3f42593543b911d97eba60eadc6b36f946e00814bca36ae7f64615e6ab935931
4dd9e8be735a076d0b278adb29378ba44befc9b4d92712e9d36ebc008c72724a
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
648b5abf4be72500427681db606986a6f1a37c72f80dea1aa2adc1c06bc141eb
693d949d8c3fdc7fd4ace7c340b5f177a9f0c5be7bafee8bc93a7d88b7523d75
7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6
86e40df7313ada62d071baf8df5865a36a68ff666368fbb5fae3a475b744ef71
8a8427d7105d51c3271e5b0be8490acdd33da5646144cbbe570e9b5bcb4b17b0
93db6ff0af01c1416a4cf5643fa970e6facf75aa2c38a66404085039c2314e33
a08632efdc0eee773670590cc7ce731cead0305e73ad6170d888c6cd18b223d4
a9314d18847b07d2a3116f661a2f15477455beedfd90dcfc78a5a0094bd948e5
c650935474bb7e79bfea259e16be760993b1c480336f3c218171f29b911f262b
c88dadaa810a69ddcc20ca7ec9601782fa86c6f98ce1e410b9830d405902fccd
d72fcb8924d1e14dbd4b04aff994c1183ee86c620f0aaac034f75fc508548220
da6d05bd49b109c422810d47046a342229d0b3d859a11ea83573222be904d100
f792d3bcbb8abc02f360a38535725d10767a2add977c25a407c948993328a1b7