eki-netp.com Open in urlscan Pro
89.43.107.206 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://eki-netp.com/
Effective URL:
https://eki-netp.com/Personal/member/wb/Login/Login
Submission Tags: #phishing @ap_zenmashi Search All
Submission: On September 22 via api (September 22nd 2022, 4:32:01 am UTC) from FI — Scanned from FI

Summary HTTP 22 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 3 domains to perform 22 HTTP transactions. The main IP is 89.43.107.206, located in Frankfurt am Main, Germany and belongs to GHOST, LU. The main domain is eki-netp.com.
TLS certificate: Issued by R3 on September 21st 2022. Valid for: 3 months.

This is the only time eki-netp.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: JR East (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
5 20	89.43.107.206 89.43.107.206	202422 (GHOST) (GHOST)
4 5	18.66.122.52 18.66.122.52	16509 (AMAZON-02) (AMAZON-02)
4 8	199.232.214.128 199.232.214.128	54113 (FASTLY) (FASTLY)
1 1	3.113.212.249 3.113.212.249	16509 (AMAZON-02) (AMAZON-02)
1	18.66.147.46 18.66.147.46	16509 (AMAZON-02) (AMAZON-02)
22	5

20 89.43.107.206 (Frankfurt am Main, Germany) 5 redirects

ASN202422 (GHOST, LU)
PTR: dgfdcxfb7.example.com

eki-netp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.66.122.52 (United States) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-52.fra60.r.cloudfront.net

mercari.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 199.232.214.128 (United States) 4 redirects

ASN54113 (FASTLY, US)

www.mercari.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
jp.mercari.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.113.212.249 (Tokyo, Japan) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-113-212-249.ap-northeast-1.compute.amazonaws.com

guest-agent.mobilus.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.147.46 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-46.fra60.r.cloudfront.net

cdn.agent.mobilus.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	eki-netp.com 5 redirects eki-netp.com	623 KB
13	mercari.com 8 redirects mercari.com — Cisco Umbrella Rank: 55570 www.mercari.com — Cisco Umbrella Rank: 61357 jp.mercari.com — Cisco Umbrella Rank: 241056	2 KB
2	mobilus.me 1 redirects guest-agent.mobilus.me — Cisco Umbrella Rank: 749797 cdn.agent.mobilus.me — Cisco Umbrella Rank: 773843	88 KB
22	3

	Domain	Requested by
20	eki-netp.com	5 redirects eki-netp.com
5	mercari.com	4 redirects eki-netp.com
4	jp.mercari.com	eki-netp.com
4	www.mercari.com	4 redirects
1	cdn.agent.mobilus.me	eki-netp.com
1	guest-agent.mobilus.me	1 redirects
22	6

This site contains links to these domains. Also see Links.

Domain
www.eki-net.com
secure.okbiz.okwave.jp
www.jreast.co.jp
my.jreast.co.jp

Subject Issuer	Validity	Valid
eki-netp.com R3	`2022-09-21` - `2022-12-20`	3 months	crt.sh
mercari.com Amazon	`2021-12-27` - `2023-01-24`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://eki-netp.com/Personal/member/wb/Login/Login
Frame ID: 79E0A2FCFADDD76F416E8D1DB5B339F6
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

えきねっと（JR東日本）｜ログイン

Page URL History Show full URLs

https://eki-netp.com/ HTTP 302
https://eki-netp.com/Personal/member/wb/Login/Login Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

22
Requests

73 %
HTTPS

0 %
IPv6

3
Domains

6
Subdomains

5
IPs

3
Countries

709 kB
Transfer

894 kB
Size

2
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://www.eki-net.com/Personal/Top/Index

Search URL Search Domain Scan URL

URL: https://www.eki-net.com/top/ticketless_seat/index.html
Title: えきねっとチケットレス座席指定券

Search URL Search Domain Scan URL

URL: https://secure.okbiz.okwave.jp/eki-net/?site_domain=default
Title: よくあるご質問

Search URL Search Domain Scan URL

URL: https://www.jreast.co.jp/

Search URL Search Domain Scan URL

URL: https://my.jreast.co.jp/web/ir/RenewPasswordRequestForm.aspx
Title: My JR-EASTのID・パスワードをお忘れの場合（My JR-EASTサイトへ）

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://eki-netp.com/ HTTP 302
https://eki-netp.com/Personal/member/wb/Login/Login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

https://eki-netp.com/personal/common/img/icon_linkblank.png HTTP 302
https://mercari.com/jp/ HTTP 301
https://www.mercari.com/jp/ HTTP 301
https://jp.mercari.com/

Request Chain 15

https://eki-netp.com/Personal/member/wb/UserCommon/GetHeaderMenuJSON?status=0&_=1663821114591 HTTP 302
https://mercari.com/jp/

Request Chain 16

https://eki-netp.com/top/common/img/chatbot/btn_chatbot_l_pc.png HTTP 302
https://mercari.com/jp/ HTTP 301
https://www.mercari.com/jp/ HTTP 301
https://jp.mercari.com/

Request Chain 17

https://eki-netp.com/top/common/img/chatbot/btn_chatbot_switch.svg HTTP 302
https://mercari.com/jp/ HTTP 301
https://www.mercari.com/jp/ HTTP 301
https://jp.mercari.com/

Request Chain 18

https://guest-agent.mobilus.me/web/mobi-agent-client-frame-loader.min.js?domainId=ekinet HTTP 301
https://cdn.agent.mobilus.me/assets/script/embed/current/mobi-agent-client-frame-loader.min.js?40.1.3d4d6aa4b_2022.09.21_09.19.01

Request Chain 20

https://eki-netp.com/personal/common/css/load_font.css HTTP 302
https://mercari.com/jp/ HTTP 301
https://www.mercari.com/jp/ HTTP 301
https://jp.mercari.com/

22 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Login Show response eki-netp.com/Personal/member/wb/Login/ Redirect Chain https://eki-netp.com/ https://eki-netp.com/Personal/member/wb/Login/Login	20 KB 20 KB	303ms 303ms	Document text/html	89.43.107.206 GHOST
General Check archive.org Show headers Download Go to Full URL https://eki-netp.com/Personal/member/wb/Login/Login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 89.43.107.206 Frankfurt am Main, Germany, ASN202422 (GHOST, LU), Reverse DNS dgfdcxfb7.example.com Software nginx/1.22.0 / Express Resource Hash `f6d9c7ecf639a57d618678748df969cd24e150ba95c3611069edaa542ec95f98` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers Connection keep-alive Content-Length 20446 Content-Type text/html; charset=utf-8 Date Thu, 22 Sep 2022 04:31:53 GMT ETag W/"4fde-nlc2yjPi2m8QTN2ThdOayOZudIo" Server nginx/1.22.0 X-Powered-By Express Redirect headers Connection keep-alive Content-Length 106 Content-Type text/html; charset=utf-8 Date Thu, 22 Sep 2022 04:31:53 GMT Location /Personal/member/wb/Login/Login Server nginx/1.22.0 Vary Accept X-Powered-By Express
GET H/1.1	200 OK	common.css eki-netp.com/Personal/common/css/	124 KB 124 KB	79ms 78ms	Stylesheet text/css	89.43.107.206 GHOST
General Check archive.org Show headers Download Go to Full URL https://eki-netp.com/Personal/common/css/common.css Requested by Host: eki-netp.com URL: https://eki-netp.com/Personal/member/wb/Login/Login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 89.43.107.206 Frankfurt am Main, Germany, ASN202422 (GHOST, LU), Reverse DNS dgfdcxfb7.example.com Software nginx/1.22.0 / Express Resource Hash `8dedbd4baf911bb111f598cb63a8680d066ad3cf8f61898c34b3f7b90541fdb4` Request headers accept-language fi-FI,fi;q=0.9 Referer https://eki-netp.com/Personal/member/wb/Login/Login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 22 Sep 2022 04:31:54 GMT Last-Modified Wed, 21 Sep 2022 11:06:13 GMT Server nginx/1.22.0 X-Powered-By Express ETag W/"1ee5a-1835fba11b1" Content-Type text/css; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 126554
GET H/1.1	200 OK	module.css eki-netp.com/Personal/member/wb/css/	75 KB 75 KB	392ms 248ms	Stylesheet text/css	89.43.107.206 GHOST
General Check archive.org Show headers Download Go to Full URL https://eki-netp.com/Personal/member/wb/css/module.css Requested by Host: eki-netp.com URL: https://eki-netp.com/Personal/member/wb/Login/Login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 89.43.107.206 Frankfurt am Main, Germany, ASN202422 (GHOST, LU), Reverse DNS dgfdcxfb7.example.com Software nginx/1.22.0 / Express Resource Hash `99d0ee5934ce5ffc753be2aca722db868b4698081b4b42ec9259f9dc4df65311` Request headers accept-language fi-FI,fi;q=0.9 Referer https://eki-netp.com/Personal/member/wb/Login/Login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 22 Sep 2022 04:31:54 GMT Last-Modified Wed, 21 Sep 2022 11:06:13 GMT Server nginx/1.22.0 X-Powered-By Express ETag W/"12a85-1835fba11b1" Content-Type text/css; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 76421
GET H/1.1	200 OK	member.css eki-netp.com/Personal/member/wb/css/	20 KB 21 KB	294ms 149ms	Stylesheet text/css	89.43.107.206 GHOST
General Check archive.org Show headers Download Go to Full URL https://eki-netp.com/Personal/member/wb/css/member.css Requested by Host: eki-netp.com URL: https://eki-netp.com/Personal/member/wb/Login/Login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 89.43.107.206 Frankfurt am Main, Germany, ASN202422 (GHOST, LU), Reverse DNS dgfdcxfb7.example.com Software nginx/1.22.0 / Express Resource Hash `d00b36aa1a4ef7f6bc537230fbaf03cc752167312d6d27f5072b8a1606b77d0d` Request headers accept-language fi-FI,fi;q=0.9 Referer https://eki-netp.com/Personal/member/wb/Login/Login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 22 Sep 2022 04:31:54 GMT Last-Modified Wed, 21 Sep 2022 11:06:13 GMT Server nginx/1.22.0 X-Powered-By Express ETag W/"5100-1835fba11b1" Content-Type text/css; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 20736
GET H/1.1	200 OK	style.css eki-netp.com/Personal/member/wb/css/	40 KB 40 KB	295ms 150ms	Stylesheet text/css	89.43.107.206 GHOST
General Check archive.org Show headers Download Go to Full URL https://eki-netp.com/Personal/member/wb/css/style.css Requested by Host: eki-netp.com URL: https://eki-netp.com/Personal/member/wb/Login/Login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 89.43.107.206 Frankfurt am Main, Germany, ASN202422 (GHOST, LU), Reverse DNS dgfdcxfb7.example.com Software nginx/1.22.0 / Express Resource Hash `7d6d9fa0ebf465571b9d138348db7b5e1c48d40d2af1ccd67c2e5ef54e1b805f` Request headers accept-language fi-FI,fi;q=0.9 Referer https://eki-netp.com/Personal/member/wb/Login/Login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 22 Sep 2022 04:31:54 GMT Last-Modified Wed, 21 Sep 2022 11:06:13 GMT Server nginx/1.22.0 X-Powered-By Express ETag W/"9ff0-1835fba11b1" Content-Type text/css; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 40944
GET H/1.1	200 OK	top_searchparts.css eki-netp.com/Personal/member/wb/css/	121 KB 121 KB	410ms 258ms	Stylesheet text/css	89.43.107.206 GHOST
General Check archive.org Show headers Download Go to Full URL https://eki-netp.com/Personal/member/wb/css/top_searchparts.css Requested by Host: eki-netp.com URL: https://eki-netp.com/Personal/member/wb/Login/Login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 89.43.107.206 Frankfurt am Main, Germany, ASN202422 (GHOST, LU), Reverse DNS dgfdcxfb7.example.com Software nginx/1.22.0 / Express Resource Hash `d5a24a94f56adf1b34053b4171f10218578fe1cab57de5e135e2bf18f268b49c` Request headers accept-language fi-FI,fi;q=0.9 Referer https://eki-netp.com/Personal/member/wb/Login/Login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 22 Sep 2022 04:31:54 GMT Last-Modified Wed, 21 Sep 2022 11:06:13 GMT Server nginx/1.22.0 X-Powered-By Express ETag W/"1e33d-1835fba11b1" Content-Type text/css; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 123709
GET H/1.1	200 OK	jquery-3.4.1.min.js Show response eki-netp.com/Personal/common/js/	86 KB 86 KB	312ms 160ms	Script application/javascript	89.43.107.206 GHOST
General Check archive.org Show headers Download Go to Full URL https://eki-netp.com/Personal/common/js/jquery-3.4.1.min.js Requested by Host: eki-netp.com URL: https://eki-netp.com/Personal/member/wb/Login/Login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 89.43.107.206 Frankfurt am Main, Germany, ASN202422 (GHOST, LU), Reverse DNS dgfdcxfb7.example.com Software nginx/1.22.0 / Express Resource Hash `0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a` Request headers accept-language fi-FI,fi;q=0.9 Referer https://eki-netp.com/Personal/member/wb/Login/Login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 22 Sep 2022 04:31:54 GMT Last-Modified Wed, 21 Sep 2022 11:06:13 GMT Server nginx/1.22.0 X-Powered-By Express ETag W/"15851-1835fba11b1" Content-Type application/javascript; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 88145
GET H/1.1	200 OK	jquery.validate.js Show response eki-netp.com/Personal/member/wb/js/	75 KB 76 KB	313ms 78ms	Script application/javascript	89.43.107.206 GHOST
General Check archive.org Show headers Download Go to Full URL https://eki-netp.com/Personal/member/wb/js/jquery.validate.js Requested by Host: eki-netp.com URL: https://eki-netp.com/Personal/member/wb/Login/Login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 89.43.107.206 Frankfurt am Main, Germany, ASN202422 (GHOST, LU), Reverse DNS dgfdcxfb7.example.com Software nginx/1.22.0 / Express Resource Hash `09a397fded7fc6a85364dc5f6f687754d3864d3ac072331e830fc1a84ba549d4` Request headers accept-language fi-FI,fi;q=0.9 Referer https://eki-netp.com/Personal/member/wb/Login/Login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 22 Sep 2022 04:31:54 GMT Last-Modified Wed, 21 Sep 2022 11:06:13 GMT Server nginx/1.22.0 X-Powered-By Express ETag W/"12d31-1835fba11b5" Content-Type application/javascript; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 77105
GET H/1.1	200 OK	common.js Show response eki-netp.com/Personal/member/wb/js/	31 KB 32 KB	367ms 72ms	Script application/javascript	89.43.107.206 GHOST
General Check archive.org Show headers Download Go to Full URL https://eki-netp.com/Personal/member/wb/js/common.js Requested by Host: eki-netp.com URL: https://eki-netp.com/Personal/member/wb/Login/Login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 89.43.107.206 Frankfurt am Main, Germany, ASN202422 (GHOST, LU), Reverse DNS dgfdcxfb7.example.com Software nginx/1.22.0 / Express Resource Hash `8535b1d400162b861c773eed1e70788c19c8f6a7700a1d2a909fb59ff464d178` Request headers accept-language fi-FI,fi;q=0.9 Referer https://eki-netp.com/Personal/member/wb/Login/Login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 22 Sep 2022 04:31:54 GMT Last-Modified Wed, 21 Sep 2022 11:06:13 GMT Server nginx/1.22.0 X-Powered-By Express ETag W/"7d76-1835fba11b5" Content-Type application/javascript; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 32118
GET H/1.1	200 OK	logo_ekinet.png eki-netp.com/Personal/member/wb/img/	7 KB 8 KB	381ms 381ms	Image image/png	89.43.107.206 GHOST
General Check archive.org Show headers Download Go to Show image Full URL https://eki-netp.com/Personal/member/wb/img/logo_ekinet.png Requested by Host: eki-netp.com URL: https://eki-netp.com/Personal/member/wb/Login/Login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 89.43.107.206 Frankfurt am Main, Germany, ASN202422 (GHOST, LU), Reverse DNS dgfdcxfb7.example.com Software nginx/1.22.0 / Express Resource Hash `3f7c549cfacde11c4129c09b1908d106126d823682cc758f70fc046638d7746b` Request headers accept-language fi-FI,fi;q=0.9 Referer https://eki-netp.com/Personal/member/wb/Login/Login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 22 Sep 2022 04:31:54 GMT Last-Modified Wed, 21 Sep 2022 11:06:13 GMT Server nginx/1.22.0 X-Powered-By Express ETag W/"1d38-1835fba11b1" Content-Type image/png Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 7480
GET H/1.1	200 OK	logo_jreast.png eki-netp.com/Personal/member/wb/img/	3 KB 3 KB	87ms 86ms	Image image/png	89.43.107.206 GHOST
General Check archive.org Show headers Download Go to Show image Full URL https://eki-netp.com/Personal/member/wb/img/logo_jreast.png Requested by Host: eki-netp.com URL: https://eki-netp.com/Personal/member/wb/Login/Login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 89.43.107.206 Frankfurt am Main, Germany, ASN202422 (GHOST, LU), Reverse DNS dgfdcxfb7.example.com Software nginx/1.22.0 / Express Resource Hash `ba4924716ed0580ae30f974eebb97421a2c10c1e2cf61e8ad60fcd39d8fbca30` Request headers accept-language fi-FI,fi;q=0.9 Referer https://eki-netp.com/Personal/member/wb/Login/Login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 22 Sep 2022 04:31:54 GMT Last-Modified Wed, 21 Sep 2022 11:06:13 GMT Server nginx/1.22.0 X-Powered-By Express ETag W/"b5d-1835fba11b5" Content-Type image/png Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 2909
GET H/1.1	200 OK	icon_input_error.png eki-netp.com/Personal/member/wb/img/	3 KB 4 KB	81ms 79ms	Image image/png	89.43.107.206 GHOST
General Check archive.org Show headers Download Go to Show image Full URL https://eki-netp.com/Personal/member/wb/img/icon_input_error.png Requested by Host: eki-netp.com URL: https://eki-netp.com/Personal/member/wb/Login/Login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 89.43.107.206 Frankfurt am Main, Germany, ASN202422 (GHOST, LU), Reverse DNS dgfdcxfb7.example.com Software nginx/1.22.0 / Express Resource Hash `7989d4923e6686ba2adac55246f5752b308a8ea97e0a7e56c23493a2622370a4` Request headers accept-language fi-FI,fi;q=0.9 Referer https://eki-netp.com/Personal/member/wb/Login/Login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 22 Sep 2022 04:31:54 GMT Last-Modified Wed, 21 Sep 2022 11:06:13 GMT Server nginx/1.22.0 X-Powered-By Express ETag W/"dfd-1835fba11b1" Content-Type image/png Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 3581
GET H/1.1	200 OK	icon_linkblank.png eki-netp.com/Personal/member/wb/img/	166 B 465 B	81ms 80ms	Image image/png	89.43.107.206 GHOST
General Check archive.org Show headers Download Go to Show image Full URL https://eki-netp.com/Personal/member/wb/img/icon_linkblank.png Requested by Host: eki-netp.com URL: https://eki-netp.com/Personal/member/wb/Login/Login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 89.43.107.206 Frankfurt am Main, Germany, ASN202422 (GHOST, LU), Reverse DNS dgfdcxfb7.example.com Software nginx/1.22.0 / Express Resource Hash `e918e110b6e7e8c5ada678baab1d10bcf4f24d149943804b0b31363ccd976b7a` Request headers accept-language fi-FI,fi;q=0.9 Referer https://eki-netp.com/Personal/member/wb/Login/Login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 22 Sep 2022 04:31:54 GMT Last-Modified Wed, 21 Sep 2022 11:06:13 GMT Server nginx/1.22.0 X-Powered-By Express ETag W/"a6-1835fba11b1" Content-Type image/png Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 166
GET H2	200	/ jp.mercari.com/ Redirect Chain https://eki-netp.com/personal/common/img/icon_linkblank.png https://mercari.com/jp/ https://www.mercari.com/jp/ https://jp.mercari.com/	0 0	1091ms 1063ms	Image text/html	199.232.214.128 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://jp.mercari.com/ Requested by Host: eki-netp.com URL: https://eki-netp.com/Personal/member/wb/Login/Login Protocol H2 Server 199.232.214.128 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language fi-FI,fi;q=0.9 Referer https://eki-netp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Redirect headers date Thu, 22 Sep 2022 04:31:56 GMT content-encoding gzip x-content-type-options nosniff via 1.1 varnish x-cache MISS vary Accept x-xss-protection 1; mode=block x-served-by cache-hhn4029-HHN pragma no-cache x-timer S1663821115.153056,VS0,VE946 strict-transport-security max-age=31536000 content-type text/plain; charset=utf-8 location https://jp.mercari.com/ x-cloud-trace-context b627cfc5bf22d97410d7438d05a14a61 cache-control private, no-cache, no-store, must-revalidate function-execution-id 5zkakml42d22 accept-ranges bytes x-cache-hits 0
GET H/1.1	200 OK	GetHeaderMenu.js Show response eki-netp.com/Personal/member/wb/js/	5 KB 5 KB	73ms 72ms	Script application/javascript	89.43.107.206 GHOST
General Check archive.org Show headers Download Go to Full URL https://eki-netp.com/Personal/member/wb/js/GetHeaderMenu.js Requested by Host: eki-netp.com URL: https://eki-netp.com/Personal/member/wb/Login/Login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 89.43.107.206 Frankfurt am Main, Germany, ASN202422 (GHOST, LU), Reverse DNS dgfdcxfb7.example.com Software nginx/1.22.0 / Express Resource Hash `8ec8422069685c2b2ef85012308ba2e19552dac459e7f059027bb0479e45ee59` Request headers accept-language fi-FI,fi;q=0.9 Referer https://eki-netp.com/Personal/member/wb/Login/Login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 22 Sep 2022 04:31:54 GMT Last-Modified Wed, 21 Sep 2022 11:06:13 GMT Server nginx/1.22.0 X-Powered-By Express ETag W/"13c5-1835fba11b5" Content-Type application/javascript; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 5061
GET H/1.1	200 OK	member_footer.js Show response eki-netp.com/Personal/member/wb/js/	7 KB 7 KB	74ms 74ms	Script application/javascript	89.43.107.206 GHOST
General Check archive.org Show headers Download Go to Full URL https://eki-netp.com/Personal/member/wb/js/member_footer.js Requested by Host: eki-netp.com URL: https://eki-netp.com/Personal/member/wb/Login/Login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 89.43.107.206 Frankfurt am Main, Germany, ASN202422 (GHOST, LU), Reverse DNS dgfdcxfb7.example.com Software nginx/1.22.0 / Express Resource Hash `4b214c995de8e6d7c3067c57c5a380b3f51c5c53d8623f34a6e142566c8e1046` Request headers accept-language fi-FI,fi;q=0.9 Referer https://eki-netp.com/Personal/member/wb/Login/Login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 22 Sep 2022 04:31:54 GMT Last-Modified Wed, 21 Sep 2022 11:06:13 GMT Server nginx/1.22.0 X-Powered-By Express ETag W/"1a2a-1835fba11b5" Content-Type application/javascript; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 6698
GET		/ mercari.com/jp/ Redirect Chain https://eki-netp.com/Personal/member/wb/UserCommon/GetHeaderMenuJSON?status=0&_=1663821114591 https://mercari.com/jp/	0 0

GET H2	200	/ jp.mercari.com/ Redirect Chain https://eki-netp.com/top/common/img/chatbot/btn_chatbot_l_pc.png https://mercari.com/jp/ https://www.mercari.com/jp/ https://jp.mercari.com/	0 0	1059ms 1059ms	Image text/html	199.232.214.128 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://jp.mercari.com/ Requested by Host: eki-netp.com URL: https://eki-netp.com/Personal/common/css/common.css Protocol H2 Server 199.232.214.128 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language fi-FI,fi;q=0.9 Referer https://eki-netp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Redirect headers date Thu, 22 Sep 2022 04:31:56 GMT content-encoding gzip x-content-type-options nosniff via 1.1 varnish x-cache MISS vary Accept x-xss-protection 1; mode=block x-served-by cache-hhn4029-HHN pragma no-cache x-timer S1663821115.153185,VS0,VE1007 strict-transport-security max-age=31536000 content-type text/plain; charset=utf-8 location https://jp.mercari.com/ x-cloud-trace-context 2e984fc23931e6ee86898bacc5084562 cache-control private, no-cache, no-store, must-revalidate function-execution-id 4g39s091yexy accept-ranges bytes x-cache-hits 0
GET H2	200	/ jp.mercari.com/ Redirect Chain https://eki-netp.com/top/common/img/chatbot/btn_chatbot_switch.svg https://mercari.com/jp/ https://www.mercari.com/jp/ https://jp.mercari.com/	0 0	1119ms 1084ms	Image text/html	199.232.214.128 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://jp.mercari.com/ Requested by Host: eki-netp.com URL: https://eki-netp.com/Personal/common/css/common.css Protocol H2 Server 199.232.214.128 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language fi-FI,fi;q=0.9 Referer https://eki-netp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Redirect headers date Thu, 22 Sep 2022 04:31:56 GMT content-encoding gzip x-content-type-options nosniff via 1.1 varnish x-cache MISS vary Accept x-xss-protection 1; mode=block x-served-by cache-hhn4029-HHN pragma no-cache x-timer S1663821115.153192,VS0,VE936 strict-transport-security max-age=31536000 content-type text/plain; charset=utf-8 location https://jp.mercari.com/ x-cloud-trace-context d634737b294cfaa318be2535c9d141e0 cache-control private, no-cache, no-store, must-revalidate function-execution-id 1n3gwn9cs0a4 accept-ranges bytes x-cache-hits 0
GET H2	200	mobi-agent-client-frame-loader.min.js Show response cdn.agent.mobilus.me/assets/script/embed/current/ Redirect Chain https://guest-agent.mobilus.me/web/mobi-agent-client-frame-loader.min.js?domainId=ekinet https://cdn.agent.mobilus.me/assets/script/embed/current/mobi-agent-client-frame-loader.min.js?40.1.3d4d6aa4b_2022.09.21_09.19.01	276 KB 87 KB	250ms 78ms	Script application/javascript	18.66.147.46 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.agent.mobilus.me/assets/script/embed/current/mobi-agent-client-frame-loader.min.js?40.1.3d4d6aa4b_2022.09.21_09.19.01 Requested by Host: eki-netp.com URL: https://eki-netp.com/Personal/member/wb/Login/Login Protocol H2 Server 18.66.147.46 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-147-46.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash `0aa01f9264576111ed73c4ec601b89f52e497a849e079ffc236d90728bfe5bef` Request headers accept-language fi-FI,fi;q=0.9 Referer https://eki-netp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers x-amz-version-id YP.k4B4GbM3l7q6dsOXLRQ99I3ozAyCB content-encoding gzip etag W/"882b14230982aa46572ebaac0ae01459" last-modified Wed, 21 Sep 2022 09:29:38 GMT server AmazonS3 age 37 x-amz-server-side-encryption AES256 vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront) cache-control max-age=0,s-maxage=86400 date Thu, 22 Sep 2022 04:31:19 GMT x-amz-cf-pop FRA60-P4 x-amz-cf-id 3zzC5h4VIlAV4EBxBlMA_ZwQRO47IFZ7p1stXLoLVZvdqhwfCMBygg== Redirect headers Date Thu, 22 Sep 2022 04:31:55 GMT X-Content-Type-Options nosniff Server nginx X-Frame-Options SAMEORIGIN Strict-Transport-Security max-age=31536000; includeSubDomains access-control-allow-methods OPTIONS, GET, HEAD location https://cdn.agent.mobilus.me/assets/script/embed/current/mobi-agent-client-frame-loader.min.js?40.1.3d4d6aa4b_2022.09.21_09.19.01 cache-control no-store, no-cache, must-revalidate, max-age=0 access-control-allow-credentials true Connection keep-alive Content-Length 0 X-XSS-Protection 1; mode=block
OPTIONS H2	403	/ mercari.com/jp/	0 0	230ms 70ms	Preflight text/html	18.66.122.52 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://mercari.com/jp/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.122.52 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-122-52.fra60.r.cloudfront.net Software CloudFront / Resource Hash Request headers Accept / Access-Control-Request-Headers x-requested-with Access-Control-Request-Method GET Origin https://eki-netp.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers content-length 1053 content-type text/html date Thu, 22 Sep 2022 04:31:54 GMT server CloudFront via 1.1 2f72de1f504b6784c7adb04e7fe314f2.cloudfront.net (CloudFront) x-amz-cf-id XHTIfiMxV8cZCU7HJc9H_8wAx56Wm5QlDzixUHD9nsUd5bpBBE5L3w== x-amz-cf-pop FRA60-P2 x-cache Error from cloudfront
GET H2	200	/ jp.mercari.com/ Redirect Chain https://eki-netp.com/personal/common/css/load_font.css https://mercari.com/jp/ https://www.mercari.com/jp/ https://jp.mercari.com/	0 0	1050ms 1050ms	Stylesheet text/html	199.232.214.128 FASTLY
General Check archive.org Show headers Download Go to Full URL https://jp.mercari.com/ Protocol H2 Server 199.232.214.128 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language fi-FI,fi;q=0.9 Referer https://eki-netp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Redirect headers date Thu, 22 Sep 2022 04:31:57 GMT content-encoding gzip x-content-type-options nosniff via 1.1 varnish x-cache MISS vary Accept x-xss-protection 1; mode=block x-served-by cache-hhn4029-HHN pragma no-cache x-timer S1663821117.479519,VS0,VE269 strict-transport-security max-age=31536000 content-type text/plain; charset=utf-8 location https://jp.mercari.com/ x-cloud-trace-context dfd05633ded956a1113d36b35c2b6294 cache-control private, no-cache, no-store, must-revalidate function-execution-id 4g392gry0wsj accept-ranges bytes x-cache-hits 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: mercari.com
URL: https://mercari.com/jp/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: JR East (Transportation)

88 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			eki-netp.com/	1969-12-31 23:59:59	Name: mercar:sid Value: s%3Ab5795995-2e4d-4ba1-b256-8f7b84c76957.civcJjUM9Yhmh07rPkRyldEewBTIlHxB3zZ9hm%2B5NUo
			guest-agent.mobilus.me/	1970-01-20 06:20:25	Name: AWSALBCORS Value: 02OwN5ke67yn6QSyqT2Q7JxGXj/vmxb7NymQUnM15N37obj4evcCufV3VUwDcBrlJ0qhgktPS3yizi4sqxm8hfpiQg+ffZqS3RW0qXG2ljRgnAtMzPfQpMPfFHaN

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://eki-netp.com/Personal/member/wb/Login/Login Message: Access to XMLHttpRequest at 'https://mercari.com/jp/' (redirected from 'https://eki-netp.com/Personal/member/wb/UserCommon/GetHeaderMenuJSON?status=0&_=1663821114591') from origin 'https://eki-netp.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://mercari.com/jp/ Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.agent.mobilus.me
eki-netp.com
guest-agent.mobilus.me
jp.mercari.com
mercari.com
www.mercari.com
mercari.com
18.66.122.52
18.66.147.46
199.232.214.128
3.113.212.249
89.43.107.206
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
09a397fded7fc6a85364dc5f6f687754d3864d3ac072331e830fc1a84ba549d4
0aa01f9264576111ed73c4ec601b89f52e497a849e079ffc236d90728bfe5bef
3f7c549cfacde11c4129c09b1908d106126d823682cc758f70fc046638d7746b
4b214c995de8e6d7c3067c57c5a380b3f51c5c53d8623f34a6e142566c8e1046
7989d4923e6686ba2adac55246f5752b308a8ea97e0a7e56c23493a2622370a4
7d6d9fa0ebf465571b9d138348db7b5e1c48d40d2af1ccd67c2e5ef54e1b805f
8535b1d400162b861c773eed1e70788c19c8f6a7700a1d2a909fb59ff464d178
8dedbd4baf911bb111f598cb63a8680d066ad3cf8f61898c34b3f7b90541fdb4
8ec8422069685c2b2ef85012308ba2e19552dac459e7f059027bb0479e45ee59
99d0ee5934ce5ffc753be2aca722db868b4698081b4b42ec9259f9dc4df65311
ba4924716ed0580ae30f974eebb97421a2c10c1e2cf61e8ad60fcd39d8fbca30
d00b36aa1a4ef7f6bc537230fbaf03cc752167312d6d27f5072b8a1606b77d0d
d5a24a94f56adf1b34053b4171f10218578fe1cab57de5e135e2bf18f268b49c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e918e110b6e7e8c5ada678baab1d10bcf4f24d149943804b0b31363ccd976b7a
f6d9c7ecf639a57d618678748df969cd24e150ba95c3611069edaa542ec95f98

eki-netp.com Open in urlscan Pro 89.43.107.206 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

22 Requests

73 %HTTPS

0 %IPv6

3 Domains

6 Subdomains

5 IPs

3 Countries

709 kBTransfer

894 kBSize

2 Cookies

5 Outgoing links

Page URL History

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

88 JavaScript Global Variables

2 Cookies

2 Console Messages

Indicators

eki-netp.com Open in urlscan Pro
89.43.107.206 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

73 %
HTTPS

0 %
IPv6

3
Domains

6
Subdomains

5
IPs

3
Countries

709 kB
Transfer

894 kB
Size

2
Cookies

22 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!