ecbnhgn.cn Open in urlscan Pro
155.94.151.164 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://rebrand.ly/t72z75y
Effective URL:
https://ecbnhgn.cn/all/sign.php
Submission Tags: phishing viewcard jp financial Search All
Submission: On February 11 via api (February 11th 2023, 9:36:52 pm UTC) from JP — Scanned from JP

Summary HTTP 20 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 2 domains to perform 20 HTTP transactions. The main IP is 155.94.151.164, located in Los Angeles, United States and belongs to PACIFICRACK, US. The main domain is ecbnhgn.cn.
TLS certificate: Issued by R3 on February 11th 2023. Valid for: 3 months.

This is the only time ecbnhgn.cn was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: VIEW Card (JR East) (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1 1	54.210.244.184 54.210.244.184	14618 (AMAZON-AES) (AMAZON-AES)
2 22	155.94.151.164 155.94.151.164	64270 (PACIFICRACK) (PACIFICRACK)
20	1

1 54.210.244.184 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-210-244-184.compute-1.amazonaws.com

rebrand.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 155.94.151.164 (Los Angeles, United States) 2 redirects

ASN64270 (PACIFICRACK, US)
PTR: 155.94.151.164.static.quadranet.com

ecbnhgn.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	ecbnhgn.cn 2 redirects ecbnhgn.cn	31 KB
1	rebrand.ly 1 redirects rebrand.ly — Cisco Umbrella Rank: 80597	156 B
20	2

	Domain	Requested by
22	ecbnhgn.cn	2 redirects ecbnhgn.cn
1	rebrand.ly	1 redirects
20	2

This site contains links to these domains. Also see Links.

Domain
www.jreast.co.jp
viewsnet.jp

Subject Issuer	Validity	Valid
ecbnhgn.cn R3	`2023-02-11` - `2023-05-12`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://ecbnhgn.cn/all/sign.php
Frame ID: D6DE5749CB37921F04FDC6540519D034
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ビューカード：VIEW's NET＞VIEW's NETログイン

Page URL History Show full URLs

https://rebrand.ly/t72z75y HTTP 301
https://ecbnhgn.cn/ Page URL
https://ecbnhgn.cn/index.php?t=c809c7ff6574018d8d9f51bd8ce3cdf0ba7c882a737b47e137e0c485cf7cc440 HTTP 302
https://ecbnhgn.cn/index1.php HTTP 302
https://ecbnhgn.cn/all/sign.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

20
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

31 kB
Transfer

52 kB
Size

3
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.jreast.co.jp/card/index.html

Search URL Search Domain Scan URL

URL: https://viewsnet.jp/V0200/V0200_001.aspx
Title: サービスID・パスワードをお忘れの方へ

Search URL Search Domain Scan URL

URL: https://viewsnet.jp/V0100/V0100_024.aspx
Title: 「My JR-EAST ID」でログインされる場合はこちら

Search URL Search Domain Scan URL

URL: https://www.jreast.co.jp/card/sp/servicelist/viewsnet/login.html
Title: スマートフォンサイトにログインされる場合はこちら

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://rebrand.ly/t72z75y HTTP 301
https://ecbnhgn.cn/ Page URL
https://ecbnhgn.cn/index.php?t=c809c7ff6574018d8d9f51bd8ce3cdf0ba7c882a737b47e137e0c485cf7cc440 HTTP 302
https://ecbnhgn.cn/index1.php HTTP 302
https://ecbnhgn.cn/all/sign.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://rebrand.ly/t72z75y HTTP 301
https://ecbnhgn.cn/

20 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response ecbnhgn.cn/ Redirect Chain https://rebrand.ly/t72z75y https://ecbnhgn.cn/	1 KB 1002 B	1829ms 236ms	Document text/html	155.94.151.164 PACIFICRACK
General Check archive.org Show headers Download Go to Full URL https://ecbnhgn.cn/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 155.94.151.164 Los Angeles, United States, ASN64270 (PACIFICRACK, US), Reverse DNS 155.94.151.164.static.quadranet.com Software Apache / Resource Hash `7642867909df870c58596939f376821ca2cbf29e3131550882478ba513524633` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 accept-language jp-JP,jp;q=0.9 Response headers cache-control no-store, no-cache, must-revalidate content-encoding gzip content-length 597 content-type text/html; charset=UTF-8 date Sat, 11 Feb 2023 21:36:48 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server Apache vary Accept-Encoding Redirect headers cache-control no-cache, no-store content-length 0 date Sat, 11 Feb 2023 21:36:46 GMT engine Rebrandly.redirect, version 2.1 expires -1 location https://ecbnhgn.cn/ strict-transport-security max-age=15552000
GET H2	200	vendor.23238u92u82.js Show response ecbnhgn.cn/vendor/	5 KB 2 KB	235ms 234ms	Script application/javascript	155.94.151.164 PACIFICRACK
General Check archive.org Show headers Download Go to Full URL https://ecbnhgn.cn/vendor/vendor.23238u92u82.js Requested by Host: ecbnhgn.cn URL: https://ecbnhgn.cn/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 155.94.151.164 Los Angeles, United States, ASN64270 (PACIFICRACK, US), Reverse DNS 155.94.151.164.static.quadranet.com Software Apache / Resource Hash `ae9da3c9a568a7b3602dc54e10c324166db3abe1d3a6892770d6ce6a7cc8c1c6` Request headers accept-language jp-JP,jp;q=0.9 Referer https://ecbnhgn.cn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Sat, 11 Feb 2023 21:36:48 GMT content-encoding gzip last-modified Tue, 06 Apr 2021 02:24:54 GMT server Apache etag "1375-5bf4485060980-gzip" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 1907
GET H2	200	Primary Request sign.php Show response ecbnhgn.cn/all/ Redirect Chain https://ecbnhgn.cn/index.php?t=c809c7ff6574018d8d9f51bd8ce3cdf0ba7c882a737b47e137e0c485cf7cc440 https://ecbnhgn.cn/index1.php https://ecbnhgn.cn/all/sign.php	5 KB 2 KB	237ms 236ms	Document text/html	155.94.151.164 PACIFICRACK
General Check archive.org Show headers Download Go to Full URL https://ecbnhgn.cn/all/sign.php Requested by Host: ecbnhgn.cn URL: https://ecbnhgn.cn/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 155.94.151.164 Los Angeles, United States, ASN64270 (PACIFICRACK, US), Reverse DNS 155.94.151.164.static.quadranet.com Software Apache / Resource Hash `dc80c2a45665215d42cece1ede5987d8c00fb073c9f3e1c6a5d3f11e6225526f` Request headers Referer https://ecbnhgn.cn/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 accept-language jp-JP,jp;q=0.9 Response headers cache-control no-store, no-cache, must-revalidate content-encoding gzip content-length 1856 content-type text/html; charset=UTF-8 date Sat, 11 Feb 2023 21:36:49 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server Apache vary Accept-Encoding Redirect headers cache-control no-store, no-cache, must-revalidate content-encoding gzip content-length 21 content-type text/html; charset=UTF-8 date Sat, 11 Feb 2023 21:36:49 GMT expires Thu, 19 Nov 1981 08:52:00 GMT location ./all/sign.php pragma no-cache server Apache vary Accept-Encoding
GET H2	200	common.css ecbnhgn.cn/all/	16 KB 3 KB	239ms 236ms	Stylesheet text/css	155.94.151.164 PACIFICRACK
General Check archive.org Show headers Download Go to Full URL https://ecbnhgn.cn/all/common.css Requested by Host: ecbnhgn.cn URL: https://ecbnhgn.cn/all/sign.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 155.94.151.164 Los Angeles, United States, ASN64270 (PACIFICRACK, US), Reverse DNS 155.94.151.164.static.quadranet.com Software Apache / Resource Hash `8c7d95aaab7b582658a796f8e433caa7082a6a793d39102413219ab5becdb03d` Request headers accept-language jp-JP,jp;q=0.9 Referer https://ecbnhgn.cn/all/sign.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Sat, 11 Feb 2023 21:36:49 GMT content-encoding gzip last-modified Mon, 02 Jan 2023 20:18:47 GMT server Apache etag "3ef8-5f14da89a17c0-gzip" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 2769
GET H2	200	default.css ecbnhgn.cn/all/	4 KB 1 KB	237ms 235ms	Stylesheet text/css	155.94.151.164 PACIFICRACK
General Check archive.org Show headers Download Go to Full URL https://ecbnhgn.cn/all/default.css Requested by Host: ecbnhgn.cn URL: https://ecbnhgn.cn/all/sign.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 155.94.151.164 Los Angeles, United States, ASN64270 (PACIFICRACK, US), Reverse DNS 155.94.151.164.static.quadranet.com Software Apache / Resource Hash `2c2ede1f4fd71bcec513bbf54db86a6d790953661bd9adf15b5a068cdaf1679a` Request headers accept-language jp-JP,jp;q=0.9 Referer https://ecbnhgn.cn/all/sign.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Sat, 11 Feb 2023 21:36:49 GMT content-encoding gzip last-modified Mon, 02 Jan 2023 20:15:50 GMT server Apache etag "10a9-5f14d9e0d4980-gzip" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 1125
GET H2	200	viewsnet.tooltip.css ecbnhgn.cn/all/	552 B 370 B	240ms 239ms	Stylesheet text/css	155.94.151.164 PACIFICRACK
General Check archive.org Show headers Download Go to Full URL https://ecbnhgn.cn/all/viewsnet.tooltip.css Requested by Host: ecbnhgn.cn URL: https://ecbnhgn.cn/all/sign.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 155.94.151.164 Los Angeles, United States, ASN64270 (PACIFICRACK, US), Reverse DNS 155.94.151.164.static.quadranet.com Software Apache / Resource Hash `742484d668911b245ad82a02ff68f10820dae77e86f46eb5a5625cef89b2dc42` Request headers accept-language jp-JP,jp;q=0.9 Referer https://ecbnhgn.cn/all/sign.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Sat, 11 Feb 2023 21:36:49 GMT content-encoding gzip last-modified Mon, 02 Jan 2023 20:18:42 GMT server Apache etag "228-5f14da84dcc80-gzip" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 293
GET H2	200	viewcard_logo.gif ecbnhgn.cn/all/	2 KB 2 KB	237ms 235ms	Image image/gif	155.94.151.164 PACIFICRACK
General Check archive.org Show headers Download Go to Show image Full URL https://ecbnhgn.cn/all/viewcard_logo.gif Requested by Host: ecbnhgn.cn URL: https://ecbnhgn.cn/all/sign.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 155.94.151.164 Los Angeles, United States, ASN64270 (PACIFICRACK, US), Reverse DNS 155.94.151.164.static.quadranet.com Software Apache / Resource Hash `64400db216a298ff65e896421a6e445b84cc3eb011e79c37bab72e313d4feabb` Request headers accept-language jp-JP,jp;q=0.9 Referer https://ecbnhgn.cn/all/sign.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Sat, 11 Feb 2023 21:36:49 GMT last-modified Mon, 02 Jan 2023 20:18:42 GMT server Apache accept-ranges bytes etag "9ae-5f14da84dcc80" content-length 2478 content-type image/gif
GET H2	200	indispensable.gif ecbnhgn.cn/all/	344 B 415 B	238ms 236ms	Image image/gif	155.94.151.164 PACIFICRACK
General Check archive.org Show headers Download Go to Show image Full URL https://ecbnhgn.cn/all/indispensable.gif Requested by Host: ecbnhgn.cn URL: https://ecbnhgn.cn/all/sign.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 155.94.151.164 Los Angeles, United States, ASN64270 (PACIFICRACK, US), Reverse DNS 155.94.151.164.static.quadranet.com Software Apache / Resource Hash `4caf1f98078c267c548858771715cb37aacaf7d402b13e28a5dbeb976f0f6c72` Request headers accept-language jp-JP,jp;q=0.9 Referer https://ecbnhgn.cn/all/sign.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Sat, 11 Feb 2023 21:36:49 GMT last-modified Mon, 02 Jan 2023 20:18:51 GMT server Apache accept-ranges bytes etag "158-5f14da8d720c0" content-length 344 content-type image/gif
GET H2	200	btn_gotop_s_off.gif ecbnhgn.cn/all/	3 KB 3 KB	428ms 427ms	Image image/gif	155.94.151.164 PACIFICRACK
General Check archive.org Show headers Download Go to Show image Full URL https://ecbnhgn.cn/all/btn_gotop_s_off.gif Requested by Host: ecbnhgn.cn URL: https://ecbnhgn.cn/all/sign.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 155.94.151.164 Los Angeles, United States, ASN64270 (PACIFICRACK, US), Reverse DNS 155.94.151.164.static.quadranet.com Software Apache / Resource Hash `f277e49cb080641d0880c1279e863cda0d74fd6dbc293100ab8be5e31abb8ff8` Request headers accept-language jp-JP,jp;q=0.9 Referer https://ecbnhgn.cn/all/sign.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Sat, 11 Feb 2023 21:36:49 GMT last-modified Mon, 02 Jan 2023 20:15:46 GMT server Apache accept-ranges bytes etag "b0c-5f14d9dd04080" content-length 2828 content-type image/gif
GET H2	200	btn_login_off.gif ecbnhgn.cn/all/	5 KB 5 KB	430ms 429ms	Image image/gif	155.94.151.164 PACIFICRACK
General Check archive.org Show headers Download Go to Show image Full URL https://ecbnhgn.cn/all/btn_login_off.gif Requested by Host: ecbnhgn.cn URL: https://ecbnhgn.cn/all/sign.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 155.94.151.164 Los Angeles, United States, ASN64270 (PACIFICRACK, US), Reverse DNS 155.94.151.164.static.quadranet.com Software Apache / Resource Hash `f73bee2418229209f496298751bfe891c7a5afdac68862d7e46fc327bbe00ff8` Request headers accept-language jp-JP,jp;q=0.9 Referer https://ecbnhgn.cn/all/sign.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Sat, 11 Feb 2023 21:36:49 GMT last-modified Mon, 02 Jan 2023 20:15:47 GMT server Apache accept-ranges bytes etag "14a6-5f14d9ddf82c0" content-length 5286 content-type image/gif
GET H2	200	pagetop.gif ecbnhgn.cn/all/	1 KB 1 KB	432ms 431ms	Image image/gif	155.94.151.164 PACIFICRACK
General Check archive.org Show headers Download Go to Show image Full URL https://ecbnhgn.cn/all/pagetop.gif Requested by Host: ecbnhgn.cn URL: https://ecbnhgn.cn/all/sign.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 155.94.151.164 Los Angeles, United States, ASN64270 (PACIFICRACK, US), Reverse DNS 155.94.151.164.static.quadranet.com Software Apache / Resource Hash `49c357852bdb7445482cbb4050c48487c4724de2f353636e8b302fa583be4b41` Request headers accept-language jp-JP,jp;q=0.9 Referer https://ecbnhgn.cn/all/sign.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Sat, 11 Feb 2023 21:36:49 GMT last-modified Mon, 02 Jan 2023 20:18:52 GMT server Apache accept-ranges bytes etag "406-5f14da8e66300" content-length 1030 content-type image/gif
GET H2	200	foot_copy.gif ecbnhgn.cn/all/	1 KB 1 KB	433ms 433ms	Image image/gif	155.94.151.164 PACIFICRACK
General Check archive.org Show headers Download Go to Show image Full URL https://ecbnhgn.cn/all/foot_copy.gif Requested by Host: ecbnhgn.cn URL: https://ecbnhgn.cn/all/sign.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 155.94.151.164 Los Angeles, United States, ASN64270 (PACIFICRACK, US), Reverse DNS 155.94.151.164.static.quadranet.com Software Apache / Resource Hash `006e2973afc98584c5a38d54eca3e36f35e2a4ef9c7522052bee047e6f9938e7` Request headers accept-language jp-JP,jp;q=0.9 Referer https://ecbnhgn.cn/all/sign.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Sat, 11 Feb 2023 21:36:49 GMT last-modified Mon, 02 Jan 2023 20:18:48 GMT server Apache accept-ranges bytes etag "42d-5f14da8a95a00" content-length 1069 content-type image/gif
GET H2	200	body_bg.gif ecbnhgn.cn/all/	383 B 454 B	237ms 233ms	Image image/gif	155.94.151.164 PACIFICRACK
General Check archive.org Show headers Download Go to Show image Full URL https://ecbnhgn.cn/all/body_bg.gif Requested by Host: ecbnhgn.cn URL: https://ecbnhgn.cn/all/common.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 155.94.151.164 Los Angeles, United States, ASN64270 (PACIFICRACK, US), Reverse DNS 155.94.151.164.static.quadranet.com Software Apache / Resource Hash `ea944e962779efddf987f85c82d9e6d2db49f937f89b088742cba8251eab6e28` Request headers accept-language jp-JP,jp;q=0.9 Referer https://ecbnhgn.cn/all/common.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Sat, 11 Feb 2023 21:36:49 GMT last-modified Mon, 02 Jan 2023 20:18:44 GMT server Apache accept-ranges bytes etag "17f-5f14da86c5100" content-length 383 content-type image/gif
GET H2	200	wrap_bg.gif ecbnhgn.cn/all/	766 B 837 B	239ms 234ms	Image image/gif	155.94.151.164 PACIFICRACK
General Check archive.org Show headers Download Go to Show image Full URL https://ecbnhgn.cn/all/wrap_bg.gif Requested by Host: ecbnhgn.cn URL: https://ecbnhgn.cn/all/common.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 155.94.151.164 Los Angeles, United States, ASN64270 (PACIFICRACK, US), Reverse DNS 155.94.151.164.static.quadranet.com Software Apache / Resource Hash `20c975b821e948ee2385d208294ebba0d340dbdfeb69829fddc09f858dcfbdda` Request headers accept-language jp-JP,jp;q=0.9 Referer https://ecbnhgn.cn/all/common.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Sat, 11 Feb 2023 21:36:49 GMT last-modified Mon, 02 Jan 2023 20:18:43 GMT server Apache accept-ranges bytes etag "2fe-5f14da85d0ec0" content-length 766 content-type image/gif
GET H2	200	top_bg.gif ecbnhgn.cn/all/	54 B 123 B	239ms 235ms	Image image/gif	155.94.151.164 PACIFICRACK
General Check archive.org Show headers Download Go to Show image Full URL https://ecbnhgn.cn/all/top_bg.gif Requested by Host: ecbnhgn.cn URL: https://ecbnhgn.cn/all/common.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 155.94.151.164 Los Angeles, United States, ASN64270 (PACIFICRACK, US), Reverse DNS 155.94.151.164.static.quadranet.com Software Apache / Resource Hash `6012bcee957d75993d0b2fb8e2c1f98121e41c209b35ab41b4fb14f33b0a310b` Request headers accept-language jp-JP,jp;q=0.9 Referer https://ecbnhgn.cn/all/common.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Sat, 11 Feb 2023 21:36:49 GMT last-modified Mon, 02 Jan 2023 20:18:54 GMT server Apache accept-ranges bytes etag "36-5f14da904e780" content-length 54 content-type image/gif
GET H2	200	line.gif ecbnhgn.cn/all/	46 B 92 B	261ms 258ms	Image image/gif	155.94.151.164 PACIFICRACK
General Check archive.org Show headers Download Go to Show image Full URL https://ecbnhgn.cn/all/line.gif Requested by Host: ecbnhgn.cn URL: https://ecbnhgn.cn/all/default.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 155.94.151.164 Los Angeles, United States, ASN64270 (PACIFICRACK, US), Reverse DNS 155.94.151.164.static.quadranet.com Software Apache / Resource Hash `da3e8eed5451980c397bef6f64ff7cc0d5629c1d2814075db3bea92c4f4195e4` Request headers accept-language jp-JP,jp;q=0.9 Referer https://ecbnhgn.cn/all/default.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Sat, 11 Feb 2023 21:36:49 GMT last-modified Mon, 02 Jan 2023 20:18:51 GMT server Apache accept-ranges bytes etag "2e-5f14da8d720c0" content-length 46 content-type image/gif
GET H2	200	details_back.gif ecbnhgn.cn/all/	829 B 877 B	262ms 260ms	Image image/gif	155.94.151.164 PACIFICRACK
General Check archive.org Show headers Download Go to Show image Full URL https://ecbnhgn.cn/all/details_back.gif Requested by Host: ecbnhgn.cn URL: https://ecbnhgn.cn/all/default.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 155.94.151.164 Los Angeles, United States, ASN64270 (PACIFICRACK, US), Reverse DNS 155.94.151.164.static.quadranet.com Software Apache / Resource Hash `abff2518f5d4fa8c2cfce275918656b9e0810498d78f2907cd9292de9d756a14` Request headers accept-language jp-JP,jp;q=0.9 Referer https://ecbnhgn.cn/all/default.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Sat, 11 Feb 2023 21:36:49 GMT last-modified Mon, 02 Jan 2023 20:18:47 GMT server Apache accept-ranges bytes etag "33d-5f14da89a17c0" content-length 829 content-type image/gif
GET H2	200	icon_arrow.gif ecbnhgn.cn/all/	188 B 258 B	263ms 261ms	Image image/gif	155.94.151.164 PACIFICRACK
General Check archive.org Show headers Download Go to Show image Full URL https://ecbnhgn.cn/all/icon_arrow.gif Requested by Host: ecbnhgn.cn URL: https://ecbnhgn.cn/all/default.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 155.94.151.164 Los Angeles, United States, ASN64270 (PACIFICRACK, US), Reverse DNS 155.94.151.164.static.quadranet.com Software Apache / Resource Hash `6b88f67bb1c54d5e8c587d5fb29cda62ea3b9aa43a4f41c9037cda08170e72ed` Request headers accept-language jp-JP,jp;q=0.9 Referer https://ecbnhgn.cn/all/default.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Sat, 11 Feb 2023 21:36:49 GMT last-modified Mon, 02 Jan 2023 20:15:52 GMT server Apache accept-ranges bytes etag "bc-5f14d9e2bce00" content-length 188 content-type image/gif
GET H2	200	icon_error.gif ecbnhgn.cn/all/	355 B 426 B	260ms 260ms	Image image/gif	155.94.151.164 PACIFICRACK
General Check archive.org Show headers Download Go to Show image Full URL https://ecbnhgn.cn/all/icon_error.gif Requested by Host: ecbnhgn.cn URL: https://ecbnhgn.cn/all/common.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 155.94.151.164 Los Angeles, United States, ASN64270 (PACIFICRACK, US), Reverse DNS 155.94.151.164.static.quadranet.com Software Apache / Resource Hash `b759203200679bba2724de72a664bd19d0a38d5ba261ae8dff46e3a381902bc1` Request headers accept-language jp-JP,jp;q=0.9 Referer https://ecbnhgn.cn/all/common.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Sat, 11 Feb 2023 21:36:49 GMT last-modified Mon, 02 Jan 2023 20:18:49 GMT server Apache accept-ranges bytes etag "163-5f14da8b89c40" content-length 355 content-type image/gif
GET H2	200	btn_login_off.gif ecbnhgn.cn/all/	5 KB 5 KB	234ms 234ms	Image image/gif	155.94.151.164 PACIFICRACK
General Check archive.org Show headers Download Go to Show image Full URL https://ecbnhgn.cn/all/btn_login_off.gif Requested by Host: ecbnhgn.cn URL: https://ecbnhgn.cn/all/sign.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 155.94.151.164 Los Angeles, United States, ASN64270 (PACIFICRACK, US), Reverse DNS 155.94.151.164.static.quadranet.com Software Apache / Resource Hash `f73bee2418229209f496298751bfe891c7a5afdac68862d7e46fc327bbe00ff8` Request headers accept-language jp-JP,jp;q=0.9 Referer https://ecbnhgn.cn/all/sign.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Sat, 11 Feb 2023 21:36:49 GMT last-modified Mon, 02 Jan 2023 20:15:47 GMT server Apache accept-ranges bytes etag "14a6-5f14d9ddf82c0" content-length 5286 content-type image/gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: VIEW Card (JR East) (Financial)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| oncontentvisibilityautostatechange

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
ecbnhgn.cn/	1969-12-31 23:59:59	Name: PHPSESSID Value: jgl22ps23m1dgeri7c32pi6gjl
.ecbnhgn.cn/	1970-01-20 09:35:52	Name: 62345ba76168db0033ce8ae6a90ce5a762956614 Value: nwcMGFHjQc7nDOZDxhWlbg%3D%3D
.ecbnhgn.cn/	1970-01-20 09:35:52	Name: _amkc Value: b05afc02-0a0c-46e3-944f-8778987df749

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ecbnhgn.cn
rebrand.ly
155.94.151.164
54.210.244.184
006e2973afc98584c5a38d54eca3e36f35e2a4ef9c7522052bee047e6f9938e7
20c975b821e948ee2385d208294ebba0d340dbdfeb69829fddc09f858dcfbdda
2c2ede1f4fd71bcec513bbf54db86a6d790953661bd9adf15b5a068cdaf1679a
49c357852bdb7445482cbb4050c48487c4724de2f353636e8b302fa583be4b41
4caf1f98078c267c548858771715cb37aacaf7d402b13e28a5dbeb976f0f6c72
6012bcee957d75993d0b2fb8e2c1f98121e41c209b35ab41b4fb14f33b0a310b
64400db216a298ff65e896421a6e445b84cc3eb011e79c37bab72e313d4feabb
6b88f67bb1c54d5e8c587d5fb29cda62ea3b9aa43a4f41c9037cda08170e72ed
742484d668911b245ad82a02ff68f10820dae77e86f46eb5a5625cef89b2dc42
7642867909df870c58596939f376821ca2cbf29e3131550882478ba513524633
8c7d95aaab7b582658a796f8e433caa7082a6a793d39102413219ab5becdb03d
abff2518f5d4fa8c2cfce275918656b9e0810498d78f2907cd9292de9d756a14
ae9da3c9a568a7b3602dc54e10c324166db3abe1d3a6892770d6ce6a7cc8c1c6
b759203200679bba2724de72a664bd19d0a38d5ba261ae8dff46e3a381902bc1
da3e8eed5451980c397bef6f64ff7cc0d5629c1d2814075db3bea92c4f4195e4
dc80c2a45665215d42cece1ede5987d8c00fb073c9f3e1c6a5d3f11e6225526f
ea944e962779efddf987f85c82d9e6d2db49f937f89b088742cba8251eab6e28
f277e49cb080641d0880c1279e863cda0d74fd6dbc293100ab8be5e31abb8ff8
f73bee2418229209f496298751bfe891c7a5afdac68862d7e46fc327bbe00ff8

ecbnhgn.cn Open in urlscan Pro 155.94.151.164 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

20 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

1 IPs

1 Countries

31 kBTransfer

52 kBSize

3 Cookies

4 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

3 Cookies

Indicators

ecbnhgn.cn Open in urlscan Pro
155.94.151.164 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

31 kB
Transfer

52 kB
Size

3
Cookies

20 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!