0539gangchang.com Open in urlscan Pro
31.13.224.117 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://0539gangchang.com/abc/
Submission: On December 30 via automatic, source openphish (December 30th 2024, 1:19:31 am UTC) — Scanned from FI

Summary HTTP 6 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 6 HTTP transactions. The main IP is 31.13.224.117, located in Sarnitsa, Bulgaria and belongs to NYBULA, US. The main domain is 0539gangchang.com.
TLS certificate: Issued by E5 on December 28th 2024. Valid for: 3 months.

This is the only time 0539gangchang.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: JCB (Financial)

Domain & IP information

	IP Address		AS Autonomous System
1 7	31.13.224.117 31.13.224.117		401116 (NYBULA) (NYBULA)
6	2

7 31.13.224.117 (Sarnitsa, Bulgaria) 1 redirects

ASN401116 (NYBULA, US)

0539gangchang.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	0539gangchang.com 1 redirects 0539gangchang.com	113 KB
6	1

	Domain	Requested by
7	0539gangchang.com	1 redirects 0539gangchang.com
6	1

This site contains no links.

Subject Issuer	Validity	Valid
0539gangchang.com E5	`2024-12-28` - `2025-03-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://0539gangchang.com/abc/
Frame ID: E7C0B86D02D8F1DF2DFB6FDED9486FFD
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

JCBの会員専用WEBサービス「MyJCB（マイジェーシービー）」

Page URL History Show full URLs

https://0539gangchang.com/abc HTTP 301
https://0539gangchang.com/abc/ Page URL

Detected technologies

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

112 kB
Transfer

294 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://0539gangchang.com/abc HTTP 301
https://0539gangchang.com/abc/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response 0539gangchang.com/abc/ Redirect Chain https://0539gangchang.com/abc https://0539gangchang.com/abc/	480 B 591 B	60ms 59ms	Document text/html	31.13.224.117 NYBULA
General Check archive.org Show headers Download Go to Full URL https://0539gangchang.com/abc/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 31.13.224.117 Sarnitsa, Bulgaria, ASN401116 (NYBULA, US), Reverse DNS Software nginx/1.26.2 / Resource Hash `2d0d2ba5aa209cc37749a214e9b5ac4ac146a932465e342b0529746e7c2492bc` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html Date Mon, 30 Dec 2024 01:19:27 GMT ETag W/"67616a8e-1e0" Last-Modified Tue, 17 Dec 2024 12:11:58 GMT Server nginx/1.26.2 Transfer-Encoding chunked Vary Accept-Encoding Redirect headers Connection keep-alive Content-Length 169 Content-Type text/html Date Mon, 30 Dec 2024 01:19:27 GMT Location https://0539gangchang.com/abc/ Server nginx/1.26.2
GET H/1.1	200 OK	index-BUliIyPL.js Show response 0539gangchang.com/abc/assets/	264 KB 105 KB	120ms 120ms	Script application/javascript	31.13.224.117 NYBULA
General Check archive.org Show headers Download Go to Full URL https://0539gangchang.com/abc/assets/index-BUliIyPL.js Requested by Host: 0539gangchang.com URL: https://0539gangchang.com/abc/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 31.13.224.117 Sarnitsa, Bulgaria, ASN401116 (NYBULA, US), Reverse DNS Software nginx/1.26.2 / Resource Hash `252c3f026c1e7a6804d27f4b76a7ae25daa704b1a4fb2ae21221e2e43b5443a4` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://0539gangchang.com Referer https://0539gangchang.com/abc/ Response headers Transfer-Encoding chunked Cache-Control max-age=2592000, public, max-age=2592000 Content-Encoding gzip ETag W/"67616a8e-41fbe" Connection keep-alive Expires Wed, 29 Jan 2025 01:19:27 GMT Date Mon, 30 Dec 2024 01:19:27 GMT Content-Type application/javascript Last-Modified Tue, 17 Dec 2024 12:11:58 GMT Server nginx/1.26.2 Vary Accept-Encoding
GET H/1.1	200 OK	index-Dxsxeb7p.css 0539gangchang.com/abc/assets/	17 KB 5 KB	179ms 61ms	Stylesheet text/css	31.13.224.117 NYBULA
General Check archive.org Show headers Download Go to Full URL https://0539gangchang.com/abc/assets/index-Dxsxeb7p.css Requested by Host: 0539gangchang.com URL: https://0539gangchang.com/abc/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 31.13.224.117 Sarnitsa, Bulgaria, ASN401116 (NYBULA, US), Reverse DNS Software nginx/1.26.2 / Resource Hash `d9a0c25c8d0b3a915495fd5fc0b58c7918b17381a4c5ed97d50969ca4c4ce43d` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://0539gangchang.com Referer https://0539gangchang.com/abc/ Response headers Transfer-Encoding chunked Cache-Control max-age=2592000, public, max-age=2592000 Content-Encoding gzip ETag W/"67616a8e-447a" Connection keep-alive Expires Wed, 29 Jan 2025 01:19:27 GMT Date Mon, 30 Dec 2024 01:19:27 GMT Content-Type text/css Last-Modified Tue, 17 Dec 2024 12:11:58 GMT Server nginx/1.26.2 Vary Accept-Encoding
POST H/1.1	200 OK	createOrGetUserInfo Show response 0539gangchang.com/open/visitors/info/	247 B 598 B	151ms 150ms	XHR application/json	31.13.224.117 NYBULA
General Check archive.org Show headers Download Go to Full URL https://0539gangchang.com/open/visitors/info/createOrGetUserInfo Requested by Host: 0539gangchang.com URL: https://0539gangchang.com/abc/assets/index-BUliIyPL.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 31.13.224.117 Sarnitsa, Bulgaria, ASN401116 (NYBULA, US), Reverse DNS Software nginx/1.26.2 / Resource Hash `0da536998f21b88d773d7d42ef1c38e11fbe99be9f0a713f18ee6d79f522d535` Request headers Referer https://0539gangchang.com/abc/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept application/json, text/plain, / Content-Type application/json Response headers Transfer-Encoding chunked Content-Encoding gzip Connection keep-alive Access-Control-Allow-Origin https://0539gangchang.com Date Mon, 30 Dec 2024 01:19:28 GMT Content-Type application/json; charset=utf-8 Vary Accept-Encoding, Origin Server nginx/1.26.2
GET H/1.1	200 OK	faviconV2.png 0539gangchang.com/abc/	446 B 796 B	59ms 59ms	Other image/png	31.13.224.117 NYBULA
General Check archive.org Show headers Download Go to Full URL https://0539gangchang.com/abc/faviconV2.png Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 31.13.224.117 Sarnitsa, Bulgaria, ASN401116 (NYBULA, US), Reverse DNS Software nginx/1.26.2 / Resource Hash `9f6fa6897818f00906382dd8fba0fcdd11a681ce44cf1bf4570d8739f63ec689` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://0539gangchang.com/abc/ Response headers Cache-Control max-age=2592000, public, max-age=2592000 ETag "6706f590-1be" Connection keep-alive Expires Wed, 29 Jan 2025 01:19:28 GMT Accept-Ranges bytes Content-Length 446 Date Mon, 30 Dec 2024 01:19:28 GMT Content-Type image/png Last-Modified Wed, 09 Oct 2024 21:28:48 GMT Server nginx/1.26.2
GET H/1.1	200 OK	getState Show response 0539gangchang.com/open/visitors/info/	59 B 414 B	72ms 72ms	XHR application/json	31.13.224.117 NYBULA
General Check archive.org Show headers Download Go to Full URL https://0539gangchang.com/open/visitors/info/getState?uuid=2b5dc3d7-f2f2-4328-81bc-4db7b7bf5c41 Requested by Host: 0539gangchang.com URL: https://0539gangchang.com/abc/assets/index-BUliIyPL.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 31.13.224.117 Sarnitsa, Bulgaria, ASN401116 (NYBULA, US), Reverse DNS Software nginx/1.26.2 / Resource Hash `59c6cb8863714dd12574b2e5ba7611f24fa9c993e116e3e02b7c1a39db9ff172` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept application/json, text/plain, / Referer https://0539gangchang.com/abc/ Response headers Transfer-Encoding chunked Content-Encoding gzip Date Mon, 30 Dec 2024 01:19:28 GMT Content-Type application/json; charset=utf-8 Vary Accept-Encoding, Origin Server nginx/1.26.2 Connection keep-alive
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `dd8e7c6375bd6ccc23582eec91b4f1417b6f582dfc48e40b7ae3a63d7b0ae949` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers Content-Type image/png
GET DATA	200 OK	truncated /	6 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `ded913d8bb8cd42a34881a7fc5169f3faf295cfb7b582c9293c5b223d3568be1` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers Content-Type image/png
GET DATA	200 OK	truncated /	1 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6034aa1a5202485c861be5b8b5664b920a6ba8e02f65bea1ba7419ad736145c1` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers Content-Type image/png
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `93b334e1a1d3b1f7ad60a247c93d72e8d3c03db8b81bc4c4184ad3a3d7ce5b62` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers Content-Type image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: JCB (Financial)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| __VUE_INSTANCE_SETTERS__ object| __VUE_SSR_SETTERS__ boolean| __VUE__

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			0539gangchang.com/	1970-01-21 10:51:19	Name: locale Value: en-us

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0539gangchang.com
31.13.224.117
0da536998f21b88d773d7d42ef1c38e11fbe99be9f0a713f18ee6d79f522d535
252c3f026c1e7a6804d27f4b76a7ae25daa704b1a4fb2ae21221e2e43b5443a4
2d0d2ba5aa209cc37749a214e9b5ac4ac146a932465e342b0529746e7c2492bc
59c6cb8863714dd12574b2e5ba7611f24fa9c993e116e3e02b7c1a39db9ff172
6034aa1a5202485c861be5b8b5664b920a6ba8e02f65bea1ba7419ad736145c1
93b334e1a1d3b1f7ad60a247c93d72e8d3c03db8b81bc4c4184ad3a3d7ce5b62
9f6fa6897818f00906382dd8fba0fcdd11a681ce44cf1bf4570d8739f63ec689
d9a0c25c8d0b3a915495fd5fc0b58c7918b17381a4c5ed97d50969ca4c4ce43d
dd8e7c6375bd6ccc23582eec91b4f1417b6f582dfc48e40b7ae3a63d7b0ae949
ded913d8bb8cd42a34881a7fc5169f3faf295cfb7b582c9293c5b223d3568be1

0539gangchang.com Open in urlscan Pro 31.13.224.117 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

6 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

112 kBTransfer

294 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

Indicators

0539gangchang.com Open in urlscan Pro
31.13.224.117 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

112 kB
Transfer

294 kB
Size

1
Cookies

6 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!