URL: http://cafebar-topgun.jp/css/v1/index.html
Submission: On November 03 via manual from GB — Scanned from JP

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 10 HTTP transactions. The main IP is 157.7.44.211, located in Japan and belongs to INTERQ GMO Internet,Inc, JP. The main domain is cafebar-topgun.jp.
This is the only time cafebar-topgun.jp was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Metro Bank (Banking)

Domain & IP information

IP Address AS Autonomous System
4 157.7.44.211 7506 (INTERQ GM...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
4 45.60.49.183 19551 (INCAPSULA)
10 4
Apex Domain
Subdomains
Transfer
4 metrobankonline.co.uk
personal.metrobankonline.co.uk — Cisco Umbrella Rank: 925862
410 KB
4 cafebar-topgun.jp
cafebar-topgun.jp
93 KB
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 361
56 KB
10 3
Domain Requested by
4 personal.metrobankonline.co.uk cafebar-topgun.jp
4 cafebar-topgun.jp cdnjs.cloudflare.com
cafebar-topgun.jp
2 cdnjs.cloudflare.com cafebar-topgun.jp
10 3

This site contains links to these domains. Also see Links.

Domain
www.metrobankonline.co.uk
personal.metrobankonline.co.uk
www.fscs.org.uk
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-08-03 -
2023-08-02
a year crt.sh
personal.metrobankonline.co.uk
Entrust Certification Authority - L1M
2022-10-11 -
2023-11-11
a year crt.sh

This page contains 1 frames:

Primary Page: http://cafebar-topgun.jp/css/v1/index.html
Frame ID: A8F5E55C6548EEA557548EDCE7D2ECCA
Requests: 11 HTTP requests in this frame

Screenshot

Page Title

Metro Bank Online Banking9D562905-A1DA-4641-A7BA-0288B052CF5C54FA5502-D8A5-4BCB-A27A-8E235381928B05B008F0-888B-4709-BB44-ADD63BF6A87D05B008F0-888B-4709-BB44-ADD63BF6A87D05B008F0-888B-4709-BB44-ADD63BF6A87D05B008F0-888B-4709-BB44-ADD63BF6A87D05B008F0-888B-4709-BB44-ADD63BF6A87D05B008F0-888B-4709-BB44-ADD63BF6A87D05B008F0-888B-4709-BB44-ADD63BF6A87D05B008F0-888B-4709-BB44-ADD63BF6A87D

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

60 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

726 kB
Transfer

1761 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request index.html
cafebar-topgun.jp/css/v1/
2 KB
1 KB
Document
General
Full URL
http://cafebar-topgun.jp/css/v1/index.html
Protocol
HTTP/1.1
Server
157.7.44.211 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS
users308.vip.heteml.jp
Software
Apache /
Resource Hash
6d8e769af4fd4318108c6023912e6bddca4238fa9596642a627fe1de45c27620

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

Accept-Ranges
none
Connection
keep-alive
Content-Encoding
gzip
Content-Length
843
Content-Type
text/html
Date
Thu, 03 Nov 2022 17:02:25 GMT
Last-Modified
Thu, 03 Nov 2022 12:18:46 GMT
Server
Apache
Vary
Range,Accept-Encoding
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/
85 KB
27 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js
Requested by
Host: cafebar-topgun.jp
URL: http://cafebar-topgun.jp/css/v1/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
http://cafebar-topgun.jp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 17:02:25 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
157119
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
27277
last-modified
Mon, 04 May 2020 16:11:48 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec4-15283"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A1WFf%2BsXBbQJKZbuelfIIOLlYf%2F8BA0GdWh4D%2BfWNdp%2BvlZwYVfo%2BHTGDCRdE%2FVBQscLctGc7vyM8hwlBUOFQCGeO%2FNYHe1vK6J0dfcEj06FW3NX%2BVJfJJMQPksD6O6EAoy7rnPSKVORNtKMda46YpCj"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7646ad720869af48-NRT
expires
Tue, 24 Oct 2023 17:02:25 GMT
___.php
cafebar-topgun.jp/css/v1/
237 KB
33 KB
XHR
General
Full URL
http://cafebar-topgun.jp/css/v1/___.php?_do=layout
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js
Protocol
HTTP/1.1
Server
157.7.44.211 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS
users308.vip.heteml.jp
Software
Apache / PHP/5.6.31
Resource Hash
7ab5a1a81285bec52e964549dc1c9ec9c08eda7aa68d515c991d2407221d5655

Request headers

Accept
*/*
Referer
http://cafebar-topgun.jp/css/v1/index.html
X-Requested-With
XMLHttpRequest
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date
Thu, 03 Nov 2022 17:02:25 GMT
Content-Encoding
gzip
Server
Apache
X-Powered-By
PHP/5.6.31
Vary
Range,Accept-Encoding
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
none
Content-Length
33986
xmui.css
personal.metrobankonline.co.uk/login/assets/transmitsdk-4.3.0/css/
795 KB
344 KB
Stylesheet
General
Full URL
https://personal.metrobankonline.co.uk/login/assets/transmitsdk-4.3.0/css/xmui.css
Requested by
Host: cafebar-topgun.jp
URL: http://cafebar-topgun.jp/css/v1/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.49.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
5e4a7b6e5268cf4b9021b3cdc7469392369b1f9a7f8eac6cdb860bfd72e17a2f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
http://cafebar-topgun.jp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 17:02:26 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
last-modified
Wed, 27 Apr 2022 18:39:51 GMT
x-cdn
Imperva
etag
"b170e5e009f7d8b9d87d1d7601f66077"
content-type
text/css
x-iinfo
5-33311052-33274566 2VNN RT(1667494945448 19) q(0 0 0 0) r(9 9)
cache-control
max-age=3600, public
content-length
350974
expires
Thu, 03 Nov 2022 18:02:26 GMT
styles.8009a81d95372ee609df.css
personal.metrobankonline.co.uk/login/
248 KB
58 KB
Stylesheet
General
Full URL
https://personal.metrobankonline.co.uk/login/styles.8009a81d95372ee609df.css
Requested by
Host: cafebar-topgun.jp
URL: http://cafebar-topgun.jp/css/v1/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.49.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
769906a9b13222e456519b1f59bec90ece8180d547a020a1b084b3a40d84cb1a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
http://cafebar-topgun.jp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 17:02:26 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
last-modified
Wed, 27 Apr 2022 18:39:51 GMT
x-cdn
Imperva
etag
"be213aebd931234bdf362d773c296070"
content-type
text/css
x-iinfo
5-33311052-33304323 2VNN RT(1667494945448 20) q(0 0 0 3) r(9 9) U18
cache-control
max-age=604800
content-length
58724
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/
90 KB
29 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.min.js
Requested by
Host: cafebar-topgun.jp
URL: http://cafebar-topgun.jp/css/v1/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
http://cafebar-topgun.jp/
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Thu, 03 Nov 2022 17:02:25 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
5051815
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
29363
last-modified
Mon, 04 May 2020 16:11:48 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec4-169d5"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RRyjMS3PTGEOVhF7wP1MefqU9h1TTuKAh%2F0xf1PlijaD0AdF8Uo%2FlKZ%2F199B0MfecxpFid4yvNHxGWOx5zQb4rvLF%2Bj26OYpipmzMLp6NdmeYmqS4tKOW%2Bzo5hbsX94A8qaTol9ra8isFMKfq8EbCeKh"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7646ad72f920af48-NRT
expires
Tue, 24 Oct 2023 17:02:25 GMT
metrobank-logo.png
personal.metrobankonline.co.uk/login/assets/images/
1 KB
2 KB
Image
General
Full URL
https://personal.metrobankonline.co.uk/login/assets/images/metrobank-logo.png
Requested by
Host: cafebar-topgun.jp
URL: http://cafebar-topgun.jp/css/v1/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.49.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
575eb57981acc30b5ab0c6ae34e7e7190084c808cdd4f0b25278aeb5756eb760
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
http://cafebar-topgun.jp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 17:02:26 GMT
strict-transport-security
max-age=31536000
last-modified
Wed, 27 Apr 2022 18:39:51 GMT
x-cdn
Imperva
etag
"2ac9861881d00dda7860392fe9d0b22e"
content-type
image/png
x-iinfo
5-33311052-33304320 2VNN RT(1667494945448 23) q(0 0 0 3) r(9 9) U18
cache-control
max-age=604800
content-length
1338
FSCS_logo.svg
personal.metrobankonline.co.uk/login/assets/images/
13 KB
7 KB
Image
General
Full URL
https://personal.metrobankonline.co.uk/login/assets/images/FSCS_logo.svg
Requested by
Host: cafebar-topgun.jp
URL: http://cafebar-topgun.jp/css/v1/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.49.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
29ec6e457ccacec4c948ba58e05c076e5526348d230d309d85e35b7140959266
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options DENY

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
http://cafebar-topgun.jp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-amz-version-id
JUzUSgTIlLpO5XgQIbdVFosONcEBbzIN
date
Thu, 03 Nov 2022 17:02:27 GMT
via
1.1 43af3f074d724dd135e986688bed033e.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000
content-encoding
gzip
x-cdn
Imperva
x-amz-request-id
3D2GRDYCDMTPTBKM
x-amz-cf-pop
SEA73-P3
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-iinfo
5-33311052-33274755 2NYN RT(1667494945448 25) q(0 0 0 2) r(9 10) U18
x-amz-id-2
RksyLf9n46DMZDvEI5SqvFZ3PlmBZB+VfgeJuRHRzOihX8luiZ79mIX5BAZVfIBl6fP50Dy+guY=
last-modified
Wed, 27 Apr 2022 18:39:51 GMT
server
AmazonS3
etag
"764bb5644cd09c7ea0791e89580c3148"
x-frame-options
DENY
content-type
image/svg+xml
cache-control
max-age=604800
accept-ranges
bytes
x-amz-cf-id
38k1QYe4xyDnkVMyna5ISPW5MJQwEXH2liVC0kqpxlE7jnQ2aH6jvQ==
museo-sans-300.bdb59b808cfc4fb88f39.otf
cafebar-topgun.jp/css/v1/
61 KB
29 KB
Font
General
Full URL
http://cafebar-topgun.jp/css/v1/museo-sans-300.bdb59b808cfc4fb88f39.otf
Requested by
Host: cafebar-topgun.jp
URL: http://cafebar-topgun.jp/css/v1/index.html
Protocol
HTTP/1.1
Server
157.7.44.211 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS
users308.vip.heteml.jp
Software
Apache /
Resource Hash
ecc24f40f565ce3d863f4ab0fe3258c6d92ca796776a4cae7d68fb52fdddeb7d

Request headers

Referer
http://cafebar-topgun.jp/css/v1/index.html
Origin
http://cafebar-topgun.jp
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date
Thu, 03 Nov 2022 17:02:25 GMT
Content-Encoding
gzip
Last-Modified
Thu, 03 Nov 2022 12:18:46 GMT
Server
Apache
Vary
Range,Accept-Encoding
Content-Type
application/x-font-otf
Connection
keep-alive
Accept-Ranges
none
Content-Length
29676
MuseoSans_700.10aaa353d22c131091d2.otf
cafebar-topgun.jp/css/v1/
62 KB
29 KB
Font
General
Full URL
http://cafebar-topgun.jp/css/v1/MuseoSans_700.10aaa353d22c131091d2.otf
Requested by
Host: cafebar-topgun.jp
URL: http://cafebar-topgun.jp/css/v1/index.html
Protocol
HTTP/1.1
Server
157.7.44.211 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS
users308.vip.heteml.jp
Software
Apache /
Resource Hash
c36ca8cd5566c156e23f38dde55efa9767270c732ddcb7ed915ea44b2295601e

Request headers

Referer
http://cafebar-topgun.jp/css/v1/index.html
Origin
http://cafebar-topgun.jp
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date
Thu, 03 Nov 2022 17:02:25 GMT
Content-Encoding
gzip
Last-Modified
Thu, 03 Nov 2022 12:18:46 GMT
Server
Apache
Vary
Range,Accept-Encoding
Content-Type
application/x-font-otf
Connection
keep-alive
Accept-Ranges
none
Content-Length
29276
truncated
/
167 KB
167 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
017c0be9aaa6d0359737e1fa762ad304c0e0107927faff5a6c1f415c7f5244ed

Request headers

Referer
Origin
http://cafebar-topgun.jp
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type
font/ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Metro Bank (Banking)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation function| $ function| jQuery function| _0x4c62 function| _0x47587e function| _0x4db5 function| _0x7c2aad function| _0x1694 function| _0x465c string| hstUrl

3 Cookies

Domain/Path Name / Value
.metrobankonline.co.uk/ Name: visid_incap_104718
Value: 3AKpVbeXRHGU9VLoYGGQFSH0Y2MAAAAAQUIPAAAAAAD7p4V1cjCznj5N/W5lE3ZJ
.metrobankonline.co.uk/ Name: nlbi_104718_2207957
Value: b4UdQ9mHQg2xdvDqcO5PvAAAAAA5RFqmu1bW4LLXi8kNUyT9
.metrobankonline.co.uk/ Name: incap_ses_432_104718
Value: I3woC0/dTwSf6fVYacb+BSL0Y2MAAAAA0QUdawxuGI7ci9DAk+jAzQ==

2 Console Messages

Source Level URL
Text
javascript warning URL: http://cafebar-topgun.jp/css/v1/index.html(Line 4)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: http://cafebar-topgun.jp/css/v1/index.html(Line 4)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.