hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn Open in urlscan Pro
108.166.212.4 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php
Submission Tags: krdprod
Submission: On September 17 via api (September 17th 2021, 1:00:39 am UTC) from JP — Scanned from DE

Summary HTTP 15 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 15 HTTP transactions. The main IP is 108.166.212.4, located in United States and belongs to MULTA-ASN1, US. The main domain is hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn.
TLS certificate: Issued by R3 on September 16th 2021. Valid for: 3 months.

This is the only time hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: JCB (Financial)

Domain & IP information

	IP Address		AS Autonomous System
15	108.166.212.4 108.166.212.4		35916 (MULTA-ASN1) (MULTA-ASN1)
15	1

15 108.166.212.4 (United States)

ASN35916 (MULTA-ASN1, US)
PTR: host-108-166-212-4-by.multacom.com

hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	qskfza.cn hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn	111 KB
15	1

	Domain	Requested by
15	hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn	hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn
15	1

This site contains links to these domains. Also see Links.

Domain
www.jcb.co.jp

Subject Issuer	Validity	Valid
hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn R3	`2021-09-16` - `2021-12-15`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php
Frame ID: A663FDFA971F4126CE5255998E568BEA
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

JCBの会員専用WEBサービス「MyJCB（マイジェーシービー）」

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

111 kB
Transfer

349 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.jcb.co.jp/security/pop/secret_qa.html
Title: 詳しくはこちら

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request login.php Show response hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/	13 KB 4 KB	1368ms 187ms	Document text/html	108.166.212.4 MULTA-ASN1
General Check archive.org Show headers Download Go to Full URL https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 108.166.212.4 , United States, ASN35916 (MULTA-ASN1, US), Reverse DNS host-108-166-212-4-by.multacom.com Software Apache / Resource Hash `b9ccc3e001b97d79262c5d5a5270bba88676f2ffb6549f902a6d4077b5345a6f` Request headers :method GET :authority hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn :scheme https :path /login.php pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers date Fri, 17 Sep 2021 01:00:34 GMT server Apache expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma no-cache set-cookie PHPSESSID=mt5a7vvkd1hud5kn84qf7ntl53; path=/ vary Accept-Encoding content-encoding gzip content-length 3418 content-type text/html; charset=UTF-8
GET H2	200	login.css hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login_files/	11 KB 2 KB	165ms 164ms	Stylesheet text/css	108.166.212.4 MULTA-ASN1
General Check archive.org Show headers Download Go to Full URL https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login_files/login.css Requested by Host: hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn URL: https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 108.166.212.4 , United States, ASN35916 (MULTA-ASN1, US), Reverse DNS host-108-166-212-4-by.multacom.com Software Apache / Resource Hash `c9201d468dddf3a23a57bb912500032ee22b6bdc69c5d59eb8cee9ff46083c6b` Request headers :path /login_files/login.css pragma no-cache cookie PHPSESSID=mt5a7vvkd1hud5kn84qf7ntl53 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept text/css,/;q=0.1 cache-control no-cache sec-fetch-dest style :authority hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn referer https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 17 Sep 2021 01:00:34 GMT content-encoding gzip last-modified Mon, 01 Mar 2021 00:49:34 GMT server Apache etag "2d24-5bc6efdcc4380-gzip" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 2309
GET H2	200	frame.css hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login_files/	31 KB 4 KB	176ms 175ms	Stylesheet text/css	108.166.212.4 MULTA-ASN1
General Check archive.org Show headers Download Go to Full URL https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login_files/frame.css Requested by Host: hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn URL: https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 108.166.212.4 , United States, ASN35916 (MULTA-ASN1, US), Reverse DNS host-108-166-212-4-by.multacom.com Software Apache / Resource Hash `db1562dddef637d43719ea11584ca6a43dc9502551a8308e5c0c32b8fbf4eeac` Request headers :path /login_files/frame.css pragma no-cache cookie PHPSESSID=mt5a7vvkd1hud5kn84qf7ntl53 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept text/css,/;q=0.1 cache-control no-cache sec-fetch-dest style :authority hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn referer https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 17 Sep 2021 01:00:34 GMT content-encoding gzip last-modified Mon, 01 Mar 2021 00:49:34 GMT server Apache etag "7c90-5bc6efdcc4380-gzip" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 4370
GET H2	200	global.js Show response hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login_files/	7 KB 3 KB	176ms 175ms	Script application/javascript	108.166.212.4 MULTA-ASN1
General Check archive.org Show headers Download Go to Full URL https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login_files/global.js Requested by Host: hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn URL: https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 108.166.212.4 , United States, ASN35916 (MULTA-ASN1, US), Reverse DNS host-108-166-212-4-by.multacom.com Software Apache / Resource Hash `27a96a60418030e62d3b6ff174e3559b0aa47f99357334affdba7d9a684360ec` Request headers :path /login_files/global.js pragma no-cache cookie PHPSESSID=mt5a7vvkd1hud5kn84qf7ntl53 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept / cache-control no-cache sec-fetch-dest script :authority hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn referer https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 17 Sep 2021 01:00:34 GMT content-encoding gzip last-modified Mon, 01 Mar 2021 00:49:33 GMT server Apache etag "1bfb-5bc6efdbd0140-gzip" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 2888
GET H2	200	jquery-1.js Show response hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login_files/	56 KB 19 KB	176ms 175ms	Script application/javascript	108.166.212.4 MULTA-ASN1
General Check archive.org Show headers Download Go to Full URL https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login_files/jquery-1.js Requested by Host: hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn URL: https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 108.166.212.4 , United States, ASN35916 (MULTA-ASN1, US), Reverse DNS host-108-166-212-4-by.multacom.com Software Apache / Resource Hash `c8370a2d050359e9d505acc411e6f457a49b21360a21e6cbc9229bad3a767899` Request headers :path /login_files/jquery-1.js pragma no-cache cookie PHPSESSID=mt5a7vvkd1hud5kn84qf7ntl53 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept / cache-control no-cache sec-fetch-dest script :authority hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn referer https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 17 Sep 2021 01:00:34 GMT content-encoding gzip last-modified Mon, 01 Mar 2021 00:49:33 GMT server Apache etag "dfa6-5bc6efdbd0140-gzip" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 19740
GET H2	200	master.js Show response hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login_files/	828 B 526 B	176ms 175ms	Script application/javascript	108.166.212.4 MULTA-ASN1
General Check archive.org Show headers Download Go to Full URL https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login_files/master.js Requested by Host: hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn URL: https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 108.166.212.4 , United States, ASN35916 (MULTA-ASN1, US), Reverse DNS host-108-166-212-4-by.multacom.com Software Apache / Resource Hash `e7c36067725c1dc813cf4700514300c05f9752ac982a39900efc12f21bbe3b53` Request headers :path /login_files/master.js pragma no-cache cookie PHPSESSID=mt5a7vvkd1hud5kn84qf7ntl53 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept / cache-control no-cache sec-fetch-dest script :authority hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn referer https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 17 Sep 2021 01:00:34 GMT content-encoding gzip last-modified Mon, 01 Mar 2021 00:49:33 GMT server Apache etag "33c-5bc6efdbd0140-gzip" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 472
GET H2	200	jquery_002.js Show response hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login_files/	69 KB 24 KB	176ms 175ms	Script application/javascript	108.166.212.4 MULTA-ASN1
General Check archive.org Show headers Download Go to Full URL https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login_files/jquery_002.js Requested by Host: hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn URL: https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 108.166.212.4 , United States, ASN35916 (MULTA-ASN1, US), Reverse DNS host-108-166-212-4-by.multacom.com Software Apache / Resource Hash `41c9a7bc7a33f8b367ee44cc6422521c3b221b906ee1cb559060b6f28f4e095c` Request headers :path /login_files/jquery_002.js pragma no-cache cookie PHPSESSID=mt5a7vvkd1hud5kn84qf7ntl53 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept / cache-control no-cache sec-fetch-dest script :authority hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn referer https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 17 Sep 2021 01:00:34 GMT content-encoding gzip last-modified Mon, 01 Mar 2021 00:49:34 GMT server Apache etag "114ca-5bc6efdcc4380-gzip" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 24058
GET H2	200	rsa.js Show response hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login_files/	36 KB 11 KB	176ms 176ms	Script application/javascript	108.166.212.4 MULTA-ASN1
General Check archive.org Show headers Download Go to Full URL https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login_files/rsa.js Requested by Host: hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn URL: https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 108.166.212.4 , United States, ASN35916 (MULTA-ASN1, US), Reverse DNS host-108-166-212-4-by.multacom.com Software Apache / Resource Hash `793c2f3d02d0bc3ad8a2cdc901b2134159b66245e951ac258fee1ac8b2709f44` Request headers :path /login_files/rsa.js pragma no-cache cookie PHPSESSID=mt5a7vvkd1hud5kn84qf7ntl53 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept / cache-control no-cache sec-fetch-dest script :authority hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn referer https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 17 Sep 2021 01:00:34 GMT content-encoding gzip last-modified Mon, 01 Mar 2021 00:49:34 GMT server Apache etag "8ffb-5bc6efdcc4380-gzip" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 10641
GET H2	200	logo.png hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login_files/	3 KB 3 KB	166ms 166ms	Image image/png	108.166.212.4 MULTA-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login_files/logo.png Requested by Host: hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn URL: https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 108.166.212.4 , United States, ASN35916 (MULTA-ASN1, US), Reverse DNS host-108-166-212-4-by.multacom.com Software Apache / Resource Hash `e31442527b933ae1b5c67fea7b4e2f71ad41c7872707ee2c399fadf8f2c8997d` Request headers :path /login_files/logo.png pragma no-cache cookie PHPSESSID=mt5a7vvkd1hud5kn84qf7ntl53 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn referer https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 17 Sep 2021 01:00:35 GMT last-modified Mon, 01 Mar 2021 00:49:34 GMT server Apache accept-ranges bytes etag "c00-5bc6efdcc4380" content-length 3072 content-type image/png
GET H2	200	icon_blank.png hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login_files/	1 KB 1 KB	166ms 166ms	Image image/png	108.166.212.4 MULTA-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login_files/icon_blank.png Requested by Host: hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn URL: https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 108.166.212.4 , United States, ASN35916 (MULTA-ASN1, US), Reverse DNS host-108-166-212-4-by.multacom.com Software Apache / Resource Hash `6034aa1a5202485c861be5b8b5664b920a6ba8e02f65bea1ba7419ad736145c1` Request headers :path /login_files/icon_blank.png pragma no-cache cookie PHPSESSID=mt5a7vvkd1hud5kn84qf7ntl53 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn referer https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 17 Sep 2021 01:00:35 GMT last-modified Mon, 01 Mar 2021 00:49:34 GMT server Apache accept-ranges bytes etag "429-5bc6efdcc4380" content-length 1065 content-type image/png
GET H2	200	error-icon.png hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login_files/	350 B 398 B	166ms 166ms	Image image/png	108.166.212.4 MULTA-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login_files/error-icon.png Requested by Host: hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn URL: https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 108.166.212.4 , United States, ASN35916 (MULTA-ASN1, US), Reverse DNS host-108-166-212-4-by.multacom.com Software Apache / Resource Hash `80adebc84b57ccb10f21a41231e22b5b051bbe66a81385536650b42e1fd2b50a` Request headers :path /login_files/error-icon.png pragma no-cache cookie PHPSESSID=mt5a7vvkd1hud5kn84qf7ntl53 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn referer https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 17 Sep 2021 01:00:35 GMT last-modified Mon, 01 Mar 2021 00:49:33 GMT server Apache accept-ranges bytes etag "15e-5bc6efdbd0140" content-length 350 content-type image/png
GET H2	200	logo_footer.png hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login_files/	2 KB 2 KB	166ms 166ms	Image image/png	108.166.212.4 MULTA-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login_files/logo_footer.png Requested by Host: hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn URL: https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 108.166.212.4 , United States, ASN35916 (MULTA-ASN1, US), Reverse DNS host-108-166-212-4-by.multacom.com Software Apache / Resource Hash `93b334e1a1d3b1f7ad60a247c93d72e8d3c03db8b81bc4c4184ad3a3d7ce5b62` Request headers :path /login_files/logo_footer.png pragma no-cache cookie PHPSESSID=mt5a7vvkd1hud5kn84qf7ntl53 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn referer https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 17 Sep 2021 01:00:35 GMT last-modified Mon, 01 Mar 2021 00:49:33 GMT server Apache accept-ranges bytes etag "6e5-5bc6efdbd0140" content-length 1765 content-type image/png
GET H2	200	jquery-3.js Show response hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login_files/	85 KB 30 KB	170ms 170ms	Script application/javascript	108.166.212.4 MULTA-ASN1
General Check archive.org Show headers Download Go to Full URL https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login_files/jquery-3.js Requested by Host: hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn URL: https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 108.166.212.4 , United States, ASN35916 (MULTA-ASN1, US), Reverse DNS host-108-166-212-4-by.multacom.com Software Apache / Resource Hash `87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de` Request headers :path /login_files/jquery-3.js pragma no-cache cookie PHPSESSID=mt5a7vvkd1hud5kn84qf7ntl53 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept / cache-control no-cache sec-fetch-dest script :authority hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn referer https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 17 Sep 2021 01:00:35 GMT content-encoding gzip last-modified Mon, 01 Mar 2021 00:49:34 GMT server Apache etag "15283-5bc6efdcc4380-gzip" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 30138
GET H2	200	jquery.js Show response hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login_files/	3 KB 1 KB	163ms 163ms	Script application/javascript	108.166.212.4 MULTA-ASN1
General Check archive.org Show headers Download Go to Full URL https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login_files/jquery.js Requested by Host: hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn URL: https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 108.166.212.4 , United States, ASN35916 (MULTA-ASN1, US), Reverse DNS host-108-166-212-4-by.multacom.com Software Apache / Resource Hash `8c0301b3dba5061632d7321cd8bb7bd527f48288d5cb15ff614ea0c1dcc1ad69` Request headers :path /login_files/jquery.js pragma no-cache cookie PHPSESSID=mt5a7vvkd1hud5kn84qf7ntl53 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept / cache-control no-cache sec-fetch-dest script :authority hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn referer https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 17 Sep 2021 01:00:35 GMT content-encoding gzip last-modified Mon, 01 Mar 2021 00:49:33 GMT server Apache etag "c44-5bc6efdbd0140-gzip" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 1395
GET H2	200	frame.js Show response hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login_files/	31 KB 6 KB	165ms 164ms	Script application/javascript	108.166.212.4 MULTA-ASN1
General Check archive.org Show headers Download Go to Full URL https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login_files/frame.js Requested by Host: hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn URL: https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 108.166.212.4 , United States, ASN35916 (MULTA-ASN1, US), Reverse DNS host-108-166-212-4-by.multacom.com Software Apache / Resource Hash `079ad8bcc01fc08b38e783b12d89d4629508d1e3ba8cafb9962030650f1a9b89` Request headers :path /login_files/frame.js pragma no-cache cookie PHPSESSID=mt5a7vvkd1hud5kn84qf7ntl53 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept / cache-control no-cache sec-fetch-dest script :authority hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn referer https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 17 Sep 2021 01:00:35 GMT content-encoding gzip last-modified Mon, 01 Mar 2021 00:49:33 GMT server Apache etag "7afe-5bc6efdbd0140-gzip" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 6374

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: JCB (Financial)

76 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn/	1969-12-31 23:59:59	Name: PHPSESSID Value: mt5a7vvkd1hud5kn84qf7ntl53

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn
108.166.212.4
079ad8bcc01fc08b38e783b12d89d4629508d1e3ba8cafb9962030650f1a9b89
27a96a60418030e62d3b6ff174e3559b0aa47f99357334affdba7d9a684360ec
41c9a7bc7a33f8b367ee44cc6422521c3b221b906ee1cb559060b6f28f4e095c
6034aa1a5202485c861be5b8b5664b920a6ba8e02f65bea1ba7419ad736145c1
793c2f3d02d0bc3ad8a2cdc901b2134159b66245e951ac258fee1ac8b2709f44
80adebc84b57ccb10f21a41231e22b5b051bbe66a81385536650b42e1fd2b50a
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8c0301b3dba5061632d7321cd8bb7bd527f48288d5cb15ff614ea0c1dcc1ad69
93b334e1a1d3b1f7ad60a247c93d72e8d3c03db8b81bc4c4184ad3a3d7ce5b62
b9ccc3e001b97d79262c5d5a5270bba88676f2ffb6549f902a6d4077b5345a6f
c8370a2d050359e9d505acc411e6f457a49b21360a21e6cbc9229bad3a767899
c9201d468dddf3a23a57bb912500032ee22b6bdc69c5d59eb8cee9ff46083c6b
db1562dddef637d43719ea11584ca6a43dc9502551a8308e5c0c32b8fbf4eeac
e31442527b933ae1b5c67fea7b4e2f71ad41c7872707ee2c399fadf8f2c8997d
e7c36067725c1dc813cf4700514300c05f9752ac982a39900efc12f21bbe3b53

hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn Open in urlscan Pro 108.166.212.4 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

111 kBTransfer

349 kBSize

1 Cookies

1 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

76 JavaScript Global Variables

1 Cookies

Indicators

hcjnxeybehqfvngsdtcymaaezzqbaftvgefmwdpc.qskfza.cn Open in urlscan Pro
108.166.212.4 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

111 kB
Transfer

349 kB
Size

1
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!