cafebar-topgun.jp
Open in
urlscan Pro
157.7.44.211
Malicious Activity!
Public Scan
Submission: On November 04 via api from GB — Scanned from JP
Summary
This is the only time cafebar-topgun.jp was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Metro Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 157.7.44.211 157.7.44.211 | 7506 (INTERQ GM...) (INTERQ GMO Internet) | |
2 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 45.60.49.183 45.60.49.183 | 19551 (INCAPSULA) (INCAPSULA) | |
10 | 4 |
ASN7506 (INTERQ GMO Internet,Inc, JP)
PTR: users308.vip.heteml.jp
cafebar-topgun.jp |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
metrobankonline.co.uk
personal.metrobankonline.co.uk — Cisco Umbrella Rank: 925862 |
409 KB |
4 |
cafebar-topgun.jp
cafebar-topgun.jp |
93 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 361 |
56 KB |
10 | 3 |
Domain | Requested by | |
---|---|---|
4 | personal.metrobankonline.co.uk |
cafebar-topgun.jp
|
4 | cafebar-topgun.jp |
cdnjs.cloudflare.com
cafebar-topgun.jp |
2 | cdnjs.cloudflare.com |
cafebar-topgun.jp
|
10 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.metrobankonline.co.uk |
personal.metrobankonline.co.uk |
www.fscs.org.uk |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-03 - 2023-08-02 |
a year | crt.sh |
personal.metrobankonline.co.uk Entrust Certification Authority - L1M |
2022-10-11 - 2023-11-11 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://cafebar-topgun.jp/css/v1/index.html
Frame ID: 0820CE77D884612483B729AE75200D00
Requests: 11 HTTP requests in this frame
Screenshot
Page Title
Metro Bank Online Banking9D562905-A1DA-4641-A7BA-0288B052CF5C54FA5502-D8A5-4BCB-A27A-8E235381928B05B008F0-888B-4709-BB44-ADD63BF6A87D05B008F0-888B-4709-BB44-ADD63BF6A87D05B008F0-888B-4709-BB44-ADD63BF6A87D05B008F0-888B-4709-BB44-ADD63BF6A87D05B008F0-888B-4709-BB44-ADD63BF6A87D05B008F0-888B-4709-BB44-ADD63BF6A87D05B008F0-888B-4709-BB44-ADD63BF6A87D05B008F0-888B-4709-BB44-ADD63BF6A87DDetected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
10 Outgoing links
These are links going to different origins than the main page.
Title: Home
Search URL Search Domain Scan URL
Title: Stay Safe Online
Search URL Search Domain Scan URL
Title: Service Quality Metrics
Search URL Search Domain Scan URL
Title: Forgotten your customer number or username?
Search URL Search Domain Scan URL
Title: Forgotten your password or security number?
Search URL Search Domain Scan URL
Title: Accessibility
Search URL Search Domain Scan URL
Title: Legal Information
Search URL Search Domain Scan URL
Title: Privacy and Security
Search URL Search Domain Scan URL
Title: SiteMap
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
cafebar-topgun.jp/css/v1/ |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/ |
85 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
___.php
cafebar-topgun.jp/css/v1/ |
237 KB 33 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xmui.css
personal.metrobankonline.co.uk/login/assets/transmitsdk-4.3.0/css/ |
795 KB 344 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.8009a81d95372ee609df.css
personal.metrobankonline.co.uk/login/ |
248 KB 58 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/ |
90 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
metrobank-logo.png
personal.metrobankonline.co.uk/login/assets/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FSCS_logo.svg
personal.metrobankonline.co.uk/login/assets/images/ |
13 KB 6 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
museo-sans-300.bdb59b808cfc4fb88f39.otf
cafebar-topgun.jp/css/v1/ |
61 KB 29 KB |
Font
application/x-font-otf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
MuseoSans_700.10aaa353d22c131091d2.otf
cafebar-topgun.jp/css/v1/ |
62 KB 29 KB |
Font
application/x-font-otf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
167 KB 167 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Metro Bank (Banking)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation function| $ function| jQuery function| _0x4c62 function| _0x47587e function| _0x4db5 function| _0x7c2aad function| _0x1694 function| _0x465c string| hstUrl3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.metrobankonline.co.uk/ | Name: visid_incap_104718 Value: 8Ci3sQvRTz6K2QTK6ioMJv/7ZGMAAAAAQUIPAAAAAAAju2f6fQhRTFGuKh4lQWil |
|
.metrobankonline.co.uk/ | Name: nlbi_104718_2207957 Value: Q5fFY/fKZGewDP1lcO5PvAAAAADjeRAbuJdb/QpGYusIjpij |
|
.metrobankonline.co.uk/ | Name: incap_ses_432_104718 Value: FaP6DPS52neJ+SBaacb+BQD8ZGMAAAAASh795JKCZ8NCf/ZhU7nA/w== |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cafebar-topgun.jp
cdnjs.cloudflare.com
personal.metrobankonline.co.uk
157.7.44.211
2606:4700::6811:180e
45.60.49.183
017c0be9aaa6d0359737e1fa762ad304c0e0107927faff5a6c1f415c7f5244ed
29ec6e457ccacec4c948ba58e05c076e5526348d230d309d85e35b7140959266
575eb57981acc30b5ab0c6ae34e7e7190084c808cdd4f0b25278aeb5756eb760
5e4a7b6e5268cf4b9021b3cdc7469392369b1f9a7f8eac6cdb860bfd72e17a2f
6d8e769af4fd4318108c6023912e6bddca4238fa9596642a627fe1de45c27620
769906a9b13222e456519b1f59bec90ece8180d547a020a1b084b3a40d84cb1a
7ab5a1a81285bec52e964549dc1c9ec9c08eda7aa68d515c991d2407221d5655
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c36ca8cd5566c156e23f38dde55efa9767270c732ddcb7ed915ea44b2295601e
ecc24f40f565ce3d863f4ab0fe3258c6d92ca796776a4cae7d68fb52fdddeb7d