etc.hfwccs.cn Open in urlscan Pro
198.144.183.81  Malicious Activity! Public Scan

11 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response etc.hfwccs.cn/	599 B 752 B	955ms 143ms	Document text/html	198.144.183.81 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://etc.hfwccs.cn/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.144.183.81 , United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-144-183-81-host.colocrossing.com Software nginx / Resource Hash e63d1c4446ee4a354a1425d4fb7106d5d6111a39cf0b91c9204067b4f4be5b86 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Response headers server nginx date Tue, 01 Mar 2022 09:06:22 GMT content-type text/html content-length 599 last-modified Sun, 27 Feb 2022 15:51:11 GMT etag "621b9def-257" strict-transport-security max-age=31536000 accept-ranges bytes
GET H2	200	app.1644733683253.css etc.hfwccs.cn/static/css/	288 KB 98 KB	291ms 290ms	Stylesheet text/css	198.144.183.81 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://etc.hfwccs.cn/static/css/app.1644733683253.css Requested by Host: etc.hfwccs.cn URL: https://etc.hfwccs.cn/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.144.183.81 , United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-144-183-81-host.colocrossing.com Software nginx / Resource Hash 5032de16a43942f785d0f1b6873324720cec151dcdde0f320d25e12955f1ee25 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://etc.hfwccs.cn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 01 Mar 2022 09:06:22 GMT content-encoding gzip last-modified Sun, 13 Feb 2022 06:28:08 GMT server nginx etag W/"6208a4f8-47f28" vary Accept-Encoding content-type text/css cache-control max-age=43200 strict-transport-security max-age=31536000 expires Tue, 01 Mar 2022 21:06:22 GMT
GET H2	200	manifest.1644733683253.js Show response etc.hfwccs.cn/static/js/	1 KB 997 B	435ms 434ms	Script application/javascript	198.144.183.81 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://etc.hfwccs.cn/static/js/manifest.1644733683253.js Requested by Host: etc.hfwccs.cn URL: https://etc.hfwccs.cn/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.144.183.81 , United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-144-183-81-host.colocrossing.com Software nginx / Resource Hash ca602c260696ebee7ba49237eeb794e5d83732bf1b1667d6943db7e08b6086cd Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://etc.hfwccs.cn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 01 Mar 2022 09:06:22 GMT content-encoding gzip last-modified Sun, 13 Feb 2022 06:28:08 GMT server nginx etag W/"6208a4f8-567" vary Accept-Encoding content-type application/javascript cache-control max-age=43200 strict-transport-security max-age=31536000 expires Tue, 01 Mar 2022 21:06:22 GMT
GET H2	200	vendor.1644733683253.js Show response etc.hfwccs.cn/static/js/	233 KB 92 KB	435ms 435ms	Script application/javascript	198.144.183.81 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://etc.hfwccs.cn/static/js/vendor.1644733683253.js Requested by Host: etc.hfwccs.cn URL: https://etc.hfwccs.cn/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.144.183.81 , United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-144-183-81-host.colocrossing.com Software nginx / Resource Hash cf1b34293b353a20ad8069b2d682dca81d148b6acd23274081f242fdee889f01 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://etc.hfwccs.cn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 01 Mar 2022 09:06:22 GMT content-encoding gzip last-modified Sun, 13 Feb 2022 06:28:08 GMT server nginx etag W/"6208a4f8-3a532" vary Accept-Encoding content-type application/javascript cache-control max-age=43200 strict-transport-security max-age=31536000 expires Tue, 01 Mar 2022 21:06:22 GMT
GET H2	200	app.1644733683253.js Show response etc.hfwccs.cn/static/js/	3 KB 2 KB	436ms 436ms	Script application/javascript	198.144.183.81 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://etc.hfwccs.cn/static/js/app.1644733683253.js Requested by Host: etc.hfwccs.cn URL: https://etc.hfwccs.cn/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.144.183.81 , United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-144-183-81-host.colocrossing.com Software nginx / Resource Hash 80a441a8074c3d0ae4a536903f9bee798188a64ee58f4d823974ed863824e545 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://etc.hfwccs.cn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 01 Mar 2022 09:06:22 GMT content-encoding gzip last-modified Sun, 13 Feb 2022 06:28:08 GMT server nginx etag W/"6208a4f8-db5" vary Accept-Encoding content-type application/javascript cache-control max-age=43200 strict-transport-security max-age=31536000 expires Tue, 01 Mar 2022 21:06:22 GMT
GET H2	200	6.1644733683253.js Show response etc.hfwccs.cn/static/js/	976 B 1 KB	143ms 143ms	Script application/javascript	198.144.183.81 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://etc.hfwccs.cn/static/js/6.1644733683253.js Requested by Host: etc.hfwccs.cn URL: https://etc.hfwccs.cn/static/js/manifest.1644733683253.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.144.183.81 , United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-144-183-81-host.colocrossing.com Software nginx / Resource Hash ab311db20ee26818661eeebab8b09739c6fe9276f74dc1d4406bf5a9585774c0 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://etc.hfwccs.cn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 01 Mar 2022 09:06:23 GMT last-modified Sun, 13 Feb 2022 06:28:08 GMT server nginx etag "6208a4f8-3d0" strict-transport-security max-age=31536000 content-type application/javascript cache-control max-age=43200 accept-ranges bytes content-length 976 expires Tue, 01 Mar 2022 21:06:23 GMT
GET H2	200	jcb2.php Show response www.test-qi-1.buzz/	1 B 616 B	853ms 781ms	XHR text/html	2606:4700:3032::6815:4cc5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.test-qi-1.buzz/jcb2.php Requested by Host: etc.hfwccs.cn URL: https://etc.hfwccs.cn/static/js/vendor.1644733683253.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::6815:4cc5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b Request headers Accept application/json, text/plain, */* Referer https://etc.hfwccs.cn/ Accept-Language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 01 Mar 2022 09:06:23 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding access-control-allow-methods POST content-type text/html;charset=utf-8 access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cbJqCaDKcl%2BVQ8DDkf2gAet%2BHbb9ndR9CvNg8o3AZyLqs%2F5Kv2bBb0LmyBoBlQkJ88ImWuVZFjloFyMjHcb6QJ1bK3IHfKblTBy%2B25lFEw3MXvBZvDRH807%2F2Kv7DxzCFiQxDbnDwNcQU%2BpPIpSCKKU%3D"}],"group":"cf-nel","max_age":604800} access-control-allow-credentials true cf-ray 6e50bc7f1cba204a-NRT alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	jump.php Show response etc.hfwccs.cn/api/	2 B 352 B	381ms 380ms	XHR text/html	198.144.183.81 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://etc.hfwccs.cn/api/jump.php Requested by Host: etc.hfwccs.cn URL: https://etc.hfwccs.cn/static/js/vendor.1644733683253.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.144.183.81 , United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-144-183-81-host.colocrossing.com Software nginx / Resource Hash d8463bd3ba4b10e5916f65fa7b0c1f9f91f67ca40cc25b48810fb2f5a3340488 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept application/json, text/plain, */* Referer https://etc.hfwccs.cn/ Accept-Language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers pragma no-cache date Tue, 01 Mar 2022 09:06:24 GMT content-encoding gzip server nginx vary Accept-Encoding access-control-allow-methods * content-type text/html;charset=utf-8 access-control-allow-origin * cache-control no-store, no-cache, must-revalidate access-control-allow-credentials true strict-transport-security max-age=31536000 expires Thu, 19 Nov 1981 08:52:00 GMT
GET H2	200	1.1644733683253.js Show response etc.hfwccs.cn/static/js/	22 KB 10 KB	145ms 144ms	Script application/javascript	198.144.183.81 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://etc.hfwccs.cn/static/js/1.1644733683253.js Requested by Host: etc.hfwccs.cn URL: https://etc.hfwccs.cn/static/js/manifest.1644733683253.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.144.183.81 , United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-144-183-81-host.colocrossing.com Software nginx / Resource Hash 2ae5a9edd9e61ee471baca3ecc2771a67eab3339a794d65e37f52cecef97e95e Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://etc.hfwccs.cn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 01 Mar 2022 09:06:24 GMT content-encoding gzip last-modified Sun, 13 Feb 2022 06:28:08 GMT server nginx etag W/"6208a4f8-56a8" vary Accept-Encoding content-type application/javascript cache-control max-age=43200 strict-transport-security max-age=31536000 expires Tue, 01 Mar 2022 21:06:24 GMT
GET H2	200	api_session.php Show response etc.hfwccs.cn/api/	74 B 376 B	164ms 164ms	XHR text/html	198.144.183.81 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://etc.hfwccs.cn/api/api_session.php Requested by Host: etc.hfwccs.cn URL: https://etc.hfwccs.cn/static/js/vendor.1644733683253.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.144.183.81 , United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-144-183-81-host.colocrossing.com Software nginx / Resource Hash de7dc89cc1b4eeb29b2d77056efc83d2225366f6a521087e1b0e7f743b4e6965 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept application/json, text/plain, */* Referer https://etc.hfwccs.cn/corporate/contact/?link_id=cojp_footer_corporate/m_three/one Accept-Language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers pragma no-cache date Tue, 01 Mar 2022 09:06:24 GMT content-encoding gzip server nginx vary Accept-Encoding access-control-allow-methods POST content-type text/html;charset=utf-8 access-control-allow-origin * cache-control no-store, no-cache, must-revalidate access-control-allow-credentials true strict-transport-security max-age=31536000 expires Thu, 19 Nov 1981 08:52:00 GMT
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash dd8e7c6375bd6ccc23582eec91b4f1417b6f582dfc48e40b7ae3a63d7b0ae949 Request headers Accept-Language jp-JP,jp;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	1 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 6034aa1a5202485c861be5b8b5664b920a6ba8e02f65bea1ba7419ad736145c1 Request headers Accept-Language jp-JP,jp;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Content-Type image/png
GET H2	404	error-icon.png etc.hfwccs.cn/apl/renew/login/images/	548 B 548 B	145ms 145ms	Image text/html	198.144.183.81 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://etc.hfwccs.cn/apl/renew/login/images/error-icon.png Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.144.183.81 , United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-144-183-81-host.colocrossing.com Software nginx / Resource Hash d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://etc.hfwccs.cn/corporate/contact/?link_id=cojp_footer_corporate/m_three/one User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 01 Mar 2022 09:06:24 GMT server nginx content-length 548 content-type text/html
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 93b334e1a1d3b1f7ad60a247c93d72e8d3c03db8b81bc4c4184ad3a3d7ce5b62 Request headers Accept-Language jp-JP,jp;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Content-Type image/png

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: JCB (Financial)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone function| webpackJsonp object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			etc.hfwccs.cn/	1969-12-31 23:59:59	Name: PHPSESSID Value: jbjr230uojtv8d3qs9gvfr610o

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://etc.hfwccs.cn/apl/renew/login/images/error-icon.png Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

etc.hfwccs.cn
www.test-qi-1.buzz
198.144.183.81
2606:4700:3032::6815:4cc5
2ae5a9edd9e61ee471baca3ecc2771a67eab3339a794d65e37f52cecef97e95e
5032de16a43942f785d0f1b6873324720cec151dcdde0f320d25e12955f1ee25
6034aa1a5202485c861be5b8b5664b920a6ba8e02f65bea1ba7419ad736145c1
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
80a441a8074c3d0ae4a536903f9bee798188a64ee58f4d823974ed863824e545
93b334e1a1d3b1f7ad60a247c93d72e8d3c03db8b81bc4c4184ad3a3d7ce5b62
ab311db20ee26818661eeebab8b09739c6fe9276f74dc1d4406bf5a9585774c0
ca602c260696ebee7ba49237eeb794e5d83732bf1b1667d6943db7e08b6086cd
cf1b34293b353a20ad8069b2d682dca81d148b6acd23274081f242fdee889f01
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
d8463bd3ba4b10e5916f65fa7b0c1f9f91f67ca40cc25b48810fb2f5a3340488
dd8e7c6375bd6ccc23582eec91b4f1417b6f582dfc48e40b7ae3a63d7b0ae949
de7dc89cc1b4eeb29b2d77056efc83d2225366f6a521087e1b0e7f743b4e6965
e63d1c4446ee4a354a1425d4fb7106d5d6111a39cf0b91c9204067b4f4be5b86