ecbnhgn.cn
Open in
urlscan Pro
155.94.151.164
Malicious Activity!
Public Scan
Effective URL: https://ecbnhgn.cn/all/sign.php
Submission Tags: phishing viewcard jp financial Search All
Submission: On February 11 via api from JP — Scanned from JP
Summary
TLS certificate: Issued by R3 on February 11th 2023. Valid for: 3 months.
This is the only time ecbnhgn.cn was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: VIEW Card (JR East) (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 54.210.244.184 54.210.244.184 | 14618 (AMAZON-AES) (AMAZON-AES) | |
2 22 | 155.94.151.164 155.94.151.164 | 64270 (PACIFICRACK) (PACIFICRACK) | |
20 | 1 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-210-244-184.compute-1.amazonaws.com
rebrand.ly |
ASN64270 (PACIFICRACK, US)
PTR: 155.94.151.164.static.quadranet.com
ecbnhgn.cn |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
ecbnhgn.cn
2 redirects
ecbnhgn.cn |
31 KB |
1 |
rebrand.ly
1 redirects
rebrand.ly — Cisco Umbrella Rank: 80597 |
156 B |
20 | 2 |
Domain | Requested by | |
---|---|---|
22 | ecbnhgn.cn |
2 redirects
ecbnhgn.cn
|
1 | rebrand.ly | 1 redirects |
20 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.jreast.co.jp |
viewsnet.jp |
Subject Issuer | Validity | Valid | |
---|---|---|---|
ecbnhgn.cn R3 |
2023-02-11 - 2023-05-12 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://ecbnhgn.cn/all/sign.php
Frame ID: D6DE5749CB37921F04FDC6540519D034
Requests: 20 HTTP requests in this frame
Screenshot
Page Title
ビューカード:VIEW's NET>VIEW's NETログインPage URL History Show full URLs
-
https://rebrand.ly/t72z75y
HTTP 301
https://ecbnhgn.cn/ Page URL
-
https://ecbnhgn.cn/index.php?t=c809c7ff6574018d8d9f51bd8ce3cdf0ba7c882a737b47e137e0c485cf7cc440
HTTP 302
https://ecbnhgn.cn/index1.php HTTP 302
https://ecbnhgn.cn/all/sign.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: サービスID・パスワードをお忘れの方へ
Search URL Search Domain Scan URL
Title: 「My JR-EAST ID」でログインされる場合はこちら
Search URL Search Domain Scan URL
Title: スマートフォンサイトにログインされる場合はこちら
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://rebrand.ly/t72z75y
HTTP 301
https://ecbnhgn.cn/ Page URL
-
https://ecbnhgn.cn/index.php?t=c809c7ff6574018d8d9f51bd8ce3cdf0ba7c882a737b47e137e0c485cf7cc440
HTTP 302
https://ecbnhgn.cn/index1.php HTTP 302
https://ecbnhgn.cn/all/sign.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://rebrand.ly/t72z75y HTTP 301
- https://ecbnhgn.cn/
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
ecbnhgn.cn/ Redirect Chain
|
1 KB 1002 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor.23238u92u82.js
ecbnhgn.cn/vendor/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
sign.php
ecbnhgn.cn/all/ Redirect Chain
|
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common.css
ecbnhgn.cn/all/ |
16 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
default.css
ecbnhgn.cn/all/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
viewsnet.tooltip.css
ecbnhgn.cn/all/ |
552 B 370 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
viewcard_logo.gif
ecbnhgn.cn/all/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
indispensable.gif
ecbnhgn.cn/all/ |
344 B 415 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
btn_gotop_s_off.gif
ecbnhgn.cn/all/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
btn_login_off.gif
ecbnhgn.cn/all/ |
5 KB 5 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pagetop.gif
ecbnhgn.cn/all/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
foot_copy.gif
ecbnhgn.cn/all/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
body_bg.gif
ecbnhgn.cn/all/ |
383 B 454 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wrap_bg.gif
ecbnhgn.cn/all/ |
766 B 837 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
top_bg.gif
ecbnhgn.cn/all/ |
54 B 123 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
line.gif
ecbnhgn.cn/all/ |
46 B 92 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
details_back.gif
ecbnhgn.cn/all/ |
829 B 877 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_arrow.gif
ecbnhgn.cn/all/ |
188 B 258 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_error.gif
ecbnhgn.cn/all/ |
355 B 426 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
btn_login_off.gif
ecbnhgn.cn/all/ |
5 KB 5 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: VIEW Card (JR East) (Financial)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| oncontentvisibilityautostatechange3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ecbnhgn.cn/ | Name: PHPSESSID Value: jgl22ps23m1dgeri7c32pi6gjl |
|
.ecbnhgn.cn/ | Name: 62345ba76168db0033ce8ae6a90ce5a762956614 Value: nwcMGFHjQc7nDOZDxhWlbg%3D%3D |
|
.ecbnhgn.cn/ | Name: _amkc Value: b05afc02-0a0c-46e3-944f-8778987df749 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ecbnhgn.cn
rebrand.ly
155.94.151.164
54.210.244.184
006e2973afc98584c5a38d54eca3e36f35e2a4ef9c7522052bee047e6f9938e7
20c975b821e948ee2385d208294ebba0d340dbdfeb69829fddc09f858dcfbdda
2c2ede1f4fd71bcec513bbf54db86a6d790953661bd9adf15b5a068cdaf1679a
49c357852bdb7445482cbb4050c48487c4724de2f353636e8b302fa583be4b41
4caf1f98078c267c548858771715cb37aacaf7d402b13e28a5dbeb976f0f6c72
6012bcee957d75993d0b2fb8e2c1f98121e41c209b35ab41b4fb14f33b0a310b
64400db216a298ff65e896421a6e445b84cc3eb011e79c37bab72e313d4feabb
6b88f67bb1c54d5e8c587d5fb29cda62ea3b9aa43a4f41c9037cda08170e72ed
742484d668911b245ad82a02ff68f10820dae77e86f46eb5a5625cef89b2dc42
7642867909df870c58596939f376821ca2cbf29e3131550882478ba513524633
8c7d95aaab7b582658a796f8e433caa7082a6a793d39102413219ab5becdb03d
abff2518f5d4fa8c2cfce275918656b9e0810498d78f2907cd9292de9d756a14
ae9da3c9a568a7b3602dc54e10c324166db3abe1d3a6892770d6ce6a7cc8c1c6
b759203200679bba2724de72a664bd19d0a38d5ba261ae8dff46e3a381902bc1
da3e8eed5451980c397bef6f64ff7cc0d5629c1d2814075db3bea92c4f4195e4
dc80c2a45665215d42cece1ede5987d8c00fb073c9f3e1c6a5d3f11e6225526f
ea944e962779efddf987f85c82d9e6d2db49f937f89b088742cba8251eab6e28
f277e49cb080641d0880c1279e863cda0d74fd6dbc293100ab8be5e31abb8ff8
f73bee2418229209f496298751bfe891c7a5afdac68862d7e46fc327bbe00ff8