eki-netcg.com Open in urlscan Pro
92.38.128.148 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://eki-netcg.com/
Effective URL:
https://eki-netcg.com/Personal/member/wb/Login/Login
Submission Tags: phishing jr east Search All
Submission: On September 22 via api (September 22nd 2022, 10:15:57 am UTC) from JP — Scanned from JP

Summary HTTP 22 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 3 domains to perform 22 HTTP transactions. The main IP is 92.38.128.148, located in Khabarovsk, Russian Federation and belongs to GHOST, LU. The main domain is eki-netcg.com.
TLS certificate: Issued by R3 on September 22nd 2022. Valid for: 3 months.

This is the only time eki-netcg.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: JR East (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
5 20	92.38.128.148 92.38.128.148	202422 (GHOST) (GHOST)
4 5	13.225.165.50 13.225.165.50	16509 (AMAZON-02) (AMAZON-02)
4 8	199.232.210.128 199.232.210.128	54113 (FASTLY) (FASTLY)
1 1	3.113.212.249 3.113.212.249	16509 (AMAZON-02) (AMAZON-02)
1	143.204.86.128 143.204.86.128	16509 (AMAZON-02) (AMAZON-02)
22	5

20 92.38.128.148 (Khabarovsk, Russian Federation) 5 redirects

ASN202422 (GHOST, LU)
PTR: dgfdcxfb9.example.com

eki-netcg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 13.225.165.50 (United States) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-225-165-50.nrt12.r.cloudfront.net

mercari.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 199.232.210.128 (United States) 4 redirects

ASN54113 (FASTLY, US)

www.mercari.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
jp.mercari.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.113.212.249 (Tokyo, Japan) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-113-212-249.ap-northeast-1.compute.amazonaws.com

guest-agent.mobilus.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.86.128 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-86-128.nrt12.r.cloudfront.net

cdn.agent.mobilus.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	eki-netcg.com 5 redirects eki-netcg.com	623 KB
13	mercari.com 8 redirects mercari.com — Cisco Umbrella Rank: 55570 www.mercari.com — Cisco Umbrella Rank: 61357 jp.mercari.com — Cisco Umbrella Rank: 241056	2 KB
2	mobilus.me 1 redirects guest-agent.mobilus.me — Cisco Umbrella Rank: 749797 cdn.agent.mobilus.me — Cisco Umbrella Rank: 773843	88 KB
22	3

	Domain	Requested by
20	eki-netcg.com	5 redirects eki-netcg.com
5	mercari.com	4 redirects eki-netcg.com
4	jp.mercari.com	eki-netcg.com
4	www.mercari.com	4 redirects
1	cdn.agent.mobilus.me	eki-netcg.com
1	guest-agent.mobilus.me	1 redirects
22	6

This site contains links to these domains. Also see Links.

Domain
www.eki-net.com
secure.okbiz.okwave.jp
www.jreast.co.jp
my.jreast.co.jp

Subject Issuer	Validity	Valid
eki-netcg.com R3	`2022-09-22` - `2022-12-21`	3 months	crt.sh
mercari.com Amazon	`2021-12-27` - `2023-01-24`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://eki-netcg.com/Personal/member/wb/Login/Login
Frame ID: A9FCA12FF29D4FFDD0615678BA89F8D3
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

えきねっと（JR東日本）｜ログイン

Page URL History Show full URLs

https://eki-netcg.com/ HTTP 302
https://eki-netcg.com/Personal/member/wb/Login/Login Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

22
Requests

73 %
HTTPS

0 %
IPv6

3
Domains

6
Subdomains

5
IPs

3
Countries

709 kB
Transfer

894 kB
Size

2
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://www.eki-net.com/Personal/Top/Index

Search URL Search Domain Scan URL

URL: https://www.eki-net.com/top/ticketless_seat/index.html
Title: えきねっとチケットレス座席指定券

Search URL Search Domain Scan URL

URL: https://secure.okbiz.okwave.jp/eki-net/?site_domain=default
Title: よくあるご質問

Search URL Search Domain Scan URL

URL: https://www.jreast.co.jp/

Search URL Search Domain Scan URL

URL: https://my.jreast.co.jp/web/ir/RenewPasswordRequestForm.aspx
Title: My JR-EASTのID・パスワードをお忘れの場合（My JR-EASTサイトへ）

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://eki-netcg.com/ HTTP 302
https://eki-netcg.com/Personal/member/wb/Login/Login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

https://eki-netcg.com/personal/common/img/icon_linkblank.png HTTP 302
https://mercari.com/jp/ HTTP 301
https://www.mercari.com/jp/ HTTP 301
https://jp.mercari.com/

Request Chain 15

https://eki-netcg.com/top/common/img/chatbot/btn_chatbot_l_pc.png HTTP 302
https://mercari.com/jp/ HTTP 301
https://www.mercari.com/jp/ HTTP 301
https://jp.mercari.com/

Request Chain 16

https://eki-netcg.com/top/common/img/chatbot/btn_chatbot_switch.svg HTTP 302
https://mercari.com/jp/ HTTP 301
https://www.mercari.com/jp/ HTTP 301
https://jp.mercari.com/

Request Chain 17

https://eki-netcg.com/Personal/member/wb/UserCommon/GetHeaderMenuJSON?status=0&_=1663841752890 HTTP 302
https://mercari.com/jp/

Request Chain 18

https://guest-agent.mobilus.me/web/mobi-agent-client-frame-loader.min.js?domainId=ekinet HTTP 301
https://cdn.agent.mobilus.me/assets/script/embed/current/mobi-agent-client-frame-loader.min.js?40.1.3d4d6aa4b_2022.09.21_09.19.01

Request Chain 20

https://eki-netcg.com/personal/common/css/load_font.css HTTP 302
https://mercari.com/jp/ HTTP 301
https://www.mercari.com/jp/ HTTP 301
https://jp.mercari.com/

22 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Login Show response eki-netcg.com/Personal/member/wb/Login/ Redirect Chain https://eki-netcg.com/ https://eki-netcg.com/Personal/member/wb/Login/Login	20 KB 20 KB	428ms 423ms	Document text/html	92.38.128.148 GHOST
General Check archive.org Show headers Download Go to Full URL https://eki-netcg.com/Personal/member/wb/Login/Login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.38.128.148 Khabarovsk, Russian Federation, ASN202422 (GHOST, LU), Reverse DNS dgfdcxfb9.example.com Software nginx/1.22.0 / Express Resource Hash `f6d9c7ecf639a57d618678748df969cd24e150ba95c3611069edaa542ec95f98` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 accept-language jp-JP,jp;q=0.9 Response headers Connection keep-alive Content-Length 20446 Content-Type text/html; charset=utf-8 Date Thu, 22 Sep 2022 10:15:52 GMT ETag W/"4fde-nlc2yjPi2m8QTN2ThdOayOZudIo" Server nginx/1.22.0 X-Powered-By Express Redirect headers Connection keep-alive Content-Length 106 Content-Type text/html; charset=utf-8 Date Thu, 22 Sep 2022 10:15:51 GMT Location /Personal/member/wb/Login/Login Server nginx/1.22.0 Vary Accept X-Powered-By Express
GET H/1.1	200 OK	common.css eki-netcg.com/Personal/common/css/	124 KB 124 KB	230ms 229ms	Stylesheet text/css	92.38.128.148 GHOST
General Check archive.org Show headers Download Go to Full URL https://eki-netcg.com/Personal/common/css/common.css Requested by Host: eki-netcg.com URL: https://eki-netcg.com/Personal/member/wb/Login/Login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.38.128.148 Khabarovsk, Russian Federation, ASN202422 (GHOST, LU), Reverse DNS dgfdcxfb9.example.com Software nginx/1.22.0 / Express Resource Hash `8dedbd4baf911bb111f598cb63a8680d066ad3cf8f61898c34b3f7b90541fdb4` Request headers accept-language jp-JP,jp;q=0.9 Referer https://eki-netcg.com/Personal/member/wb/Login/Login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 22 Sep 2022 10:15:52 GMT Last-Modified Thu, 22 Sep 2022 08:02:08 GMT Server nginx/1.22.0 X-Powered-By Express ETag W/"1ee5a-1836437e68d" Content-Type text/css; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 126554
GET H/1.1	200 OK	module.css eki-netcg.com/Personal/member/wb/css/	75 KB 75 KB	482ms 268ms	Stylesheet text/css	92.38.128.148 GHOST
General Check archive.org Show headers Download Go to Full URL https://eki-netcg.com/Personal/member/wb/css/module.css Requested by Host: eki-netcg.com URL: https://eki-netcg.com/Personal/member/wb/Login/Login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.38.128.148 Khabarovsk, Russian Federation, ASN202422 (GHOST, LU), Reverse DNS dgfdcxfb9.example.com Software nginx/1.22.0 / Express Resource Hash `99d0ee5934ce5ffc753be2aca722db868b4698081b4b42ec9259f9dc4df65311` Request headers accept-language jp-JP,jp;q=0.9 Referer https://eki-netcg.com/Personal/member/wb/Login/Login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 22 Sep 2022 10:15:52 GMT Last-Modified Thu, 22 Sep 2022 08:02:08 GMT Server nginx/1.22.0 X-Powered-By Express ETag W/"12a85-1836437e68d" Content-Type text/css; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 76421
GET H/1.1	200 OK	member.css eki-netcg.com/Personal/member/wb/css/	20 KB 21 KB	483ms 269ms	Stylesheet text/css	92.38.128.148 GHOST
General Check archive.org Show headers Download Go to Full URL https://eki-netcg.com/Personal/member/wb/css/member.css Requested by Host: eki-netcg.com URL: https://eki-netcg.com/Personal/member/wb/Login/Login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.38.128.148 Khabarovsk, Russian Federation, ASN202422 (GHOST, LU), Reverse DNS dgfdcxfb9.example.com Software nginx/1.22.0 / Express Resource Hash `d00b36aa1a4ef7f6bc537230fbaf03cc752167312d6d27f5072b8a1606b77d0d` Request headers accept-language jp-JP,jp;q=0.9 Referer https://eki-netcg.com/Personal/member/wb/Login/Login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 22 Sep 2022 10:15:52 GMT Last-Modified Thu, 22 Sep 2022 08:02:08 GMT Server nginx/1.22.0 X-Powered-By Express ETag W/"5100-1836437e68d" Content-Type text/css; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 20736
GET H/1.1	200 OK	style.css eki-netcg.com/Personal/member/wb/css/	40 KB 40 KB	487ms 271ms	Stylesheet text/css	92.38.128.148 GHOST
General Check archive.org Show headers Download Go to Full URL https://eki-netcg.com/Personal/member/wb/css/style.css Requested by Host: eki-netcg.com URL: https://eki-netcg.com/Personal/member/wb/Login/Login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.38.128.148 Khabarovsk, Russian Federation, ASN202422 (GHOST, LU), Reverse DNS dgfdcxfb9.example.com Software nginx/1.22.0 / Express Resource Hash `7d6d9fa0ebf465571b9d138348db7b5e1c48d40d2af1ccd67c2e5ef54e1b805f` Request headers accept-language jp-JP,jp;q=0.9 Referer https://eki-netcg.com/Personal/member/wb/Login/Login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 22 Sep 2022 10:15:52 GMT Last-Modified Thu, 22 Sep 2022 08:02:08 GMT Server nginx/1.22.0 X-Powered-By Express ETag W/"9ff0-1836437e68d" Content-Type text/css; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 40944
GET H/1.1	200 OK	top_searchparts.css eki-netcg.com/Personal/member/wb/css/	121 KB 121 KB	508ms 284ms	Stylesheet text/css	92.38.128.148 GHOST
General Check archive.org Show headers Download Go to Full URL https://eki-netcg.com/Personal/member/wb/css/top_searchparts.css Requested by Host: eki-netcg.com URL: https://eki-netcg.com/Personal/member/wb/Login/Login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.38.128.148 Khabarovsk, Russian Federation, ASN202422 (GHOST, LU), Reverse DNS dgfdcxfb9.example.com Software nginx/1.22.0 / Express Resource Hash `d5a24a94f56adf1b34053b4171f10218578fe1cab57de5e135e2bf18f268b49c` Request headers accept-language jp-JP,jp;q=0.9 Referer https://eki-netcg.com/Personal/member/wb/Login/Login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 22 Sep 2022 10:15:52 GMT Last-Modified Thu, 22 Sep 2022 08:02:08 GMT Server nginx/1.22.0 X-Powered-By Express ETag W/"1e33d-1836437e691" Content-Type text/css; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 123709
GET H/1.1	200 OK	jquery-3.4.1.min.js Show response eki-netcg.com/Personal/common/js/	86 KB 86 KB	501ms 276ms	Script application/javascript	92.38.128.148 GHOST
General Check archive.org Show headers Download Go to Full URL https://eki-netcg.com/Personal/common/js/jquery-3.4.1.min.js Requested by Host: eki-netcg.com URL: https://eki-netcg.com/Personal/member/wb/Login/Login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.38.128.148 Khabarovsk, Russian Federation, ASN202422 (GHOST, LU), Reverse DNS dgfdcxfb9.example.com Software nginx/1.22.0 / Express Resource Hash `0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a` Request headers accept-language jp-JP,jp;q=0.9 Referer https://eki-netcg.com/Personal/member/wb/Login/Login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 22 Sep 2022 10:15:52 GMT Last-Modified Thu, 22 Sep 2022 08:02:08 GMT Server nginx/1.22.0 X-Powered-By Express ETag W/"15851-1836437e68d" Content-Type application/javascript; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 88145
GET H/1.1	200 OK	jquery.validate.js Show response eki-netcg.com/Personal/member/wb/js/	75 KB 76 KB	633ms 150ms	Script application/javascript	92.38.128.148 GHOST
General Check archive.org Show headers Download Go to Full URL https://eki-netcg.com/Personal/member/wb/js/jquery.validate.js Requested by Host: eki-netcg.com URL: https://eki-netcg.com/Personal/member/wb/Login/Login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.38.128.148 Khabarovsk, Russian Federation, ASN202422 (GHOST, LU), Reverse DNS dgfdcxfb9.example.com Software nginx/1.22.0 / Express Resource Hash `09a397fded7fc6a85364dc5f6f687754d3864d3ac072331e830fc1a84ba549d4` Request headers accept-language jp-JP,jp;q=0.9 Referer https://eki-netcg.com/Personal/member/wb/Login/Login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 22 Sep 2022 10:15:52 GMT Last-Modified Thu, 22 Sep 2022 08:02:08 GMT Server nginx/1.22.0 X-Powered-By Express ETag W/"12d31-1836437e691" Content-Type application/javascript; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 77105
GET H/1.1	200 OK	common.js Show response eki-netcg.com/Personal/member/wb/js/	31 KB 32 KB	681ms 95ms	Script application/javascript	92.38.128.148 GHOST
General Check archive.org Show headers Download Go to Full URL https://eki-netcg.com/Personal/member/wb/js/common.js Requested by Host: eki-netcg.com URL: https://eki-netcg.com/Personal/member/wb/Login/Login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.38.128.148 Khabarovsk, Russian Federation, ASN202422 (GHOST, LU), Reverse DNS dgfdcxfb9.example.com Software nginx/1.22.0 / Express Resource Hash `8535b1d400162b861c773eed1e70788c19c8f6a7700a1d2a909fb59ff464d178` Request headers accept-language jp-JP,jp;q=0.9 Referer https://eki-netcg.com/Personal/member/wb/Login/Login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 22 Sep 2022 10:15:52 GMT Last-Modified Thu, 22 Sep 2022 08:02:08 GMT Server nginx/1.22.0 X-Powered-By Express ETag W/"7d76-1836437e691" Content-Type application/javascript; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 32118
GET H/1.1	200 OK	logo_ekinet.png eki-netcg.com/Personal/member/wb/img/	7 KB 8 KB	77ms 76ms	Image image/png	92.38.128.148 GHOST
General Check archive.org Show headers Download Go to Show image Full URL https://eki-netcg.com/Personal/member/wb/img/logo_ekinet.png Requested by Host: eki-netcg.com URL: https://eki-netcg.com/Personal/member/wb/Login/Login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.38.128.148 Khabarovsk, Russian Federation, ASN202422 (GHOST, LU), Reverse DNS dgfdcxfb9.example.com Software nginx/1.22.0 / Express Resource Hash `3f7c549cfacde11c4129c09b1908d106126d823682cc758f70fc046638d7746b` Request headers accept-language jp-JP,jp;q=0.9 Referer https://eki-netcg.com/Personal/member/wb/Login/Login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 22 Sep 2022 10:15:52 GMT Last-Modified Thu, 22 Sep 2022 08:02:08 GMT Server nginx/1.22.0 X-Powered-By Express ETag W/"1d38-1836437e691" Content-Type image/png Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 7480
GET H/1.1	200 OK	logo_jreast.png eki-netcg.com/Personal/member/wb/img/	3 KB 3 KB	80ms 79ms	Image image/png	92.38.128.148 GHOST
General Check archive.org Show headers Download Go to Show image Full URL https://eki-netcg.com/Personal/member/wb/img/logo_jreast.png Requested by Host: eki-netcg.com URL: https://eki-netcg.com/Personal/member/wb/Login/Login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.38.128.148 Khabarovsk, Russian Federation, ASN202422 (GHOST, LU), Reverse DNS dgfdcxfb9.example.com Software nginx/1.22.0 / Express Resource Hash `ba4924716ed0580ae30f974eebb97421a2c10c1e2cf61e8ad60fcd39d8fbca30` Request headers accept-language jp-JP,jp;q=0.9 Referer https://eki-netcg.com/Personal/member/wb/Login/Login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 22 Sep 2022 10:15:52 GMT Last-Modified Thu, 22 Sep 2022 08:02:08 GMT Server nginx/1.22.0 X-Powered-By Express ETag W/"b5d-1836437e691" Content-Type image/png Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 2909
GET H/1.1	200 OK	icon_input_error.png eki-netcg.com/Personal/member/wb/img/	3 KB 4 KB	84ms 83ms	Image image/png	92.38.128.148 GHOST
General Check archive.org Show headers Download Go to Show image Full URL https://eki-netcg.com/Personal/member/wb/img/icon_input_error.png Requested by Host: eki-netcg.com URL: https://eki-netcg.com/Personal/member/wb/Login/Login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.38.128.148 Khabarovsk, Russian Federation, ASN202422 (GHOST, LU), Reverse DNS dgfdcxfb9.example.com Software nginx/1.22.0 / Express Resource Hash `7989d4923e6686ba2adac55246f5752b308a8ea97e0a7e56c23493a2622370a4` Request headers accept-language jp-JP,jp;q=0.9 Referer https://eki-netcg.com/Personal/member/wb/Login/Login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 22 Sep 2022 10:15:52 GMT Last-Modified Thu, 22 Sep 2022 08:02:08 GMT Server nginx/1.22.0 X-Powered-By Express ETag W/"dfd-1836437e691" Content-Type image/png Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 3581
GET H/1.1	200 OK	icon_linkblank.png eki-netcg.com/Personal/member/wb/img/	166 B 465 B	79ms 78ms	Image image/png	92.38.128.148 GHOST
General Check archive.org Show headers Download Go to Show image Full URL https://eki-netcg.com/Personal/member/wb/img/icon_linkblank.png Requested by Host: eki-netcg.com URL: https://eki-netcg.com/Personal/member/wb/Login/Login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.38.128.148 Khabarovsk, Russian Federation, ASN202422 (GHOST, LU), Reverse DNS dgfdcxfb9.example.com Software nginx/1.22.0 / Express Resource Hash `e918e110b6e7e8c5ada678baab1d10bcf4f24d149943804b0b31363ccd976b7a` Request headers accept-language jp-JP,jp;q=0.9 Referer https://eki-netcg.com/Personal/member/wb/Login/Login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 22 Sep 2022 10:15:52 GMT Last-Modified Thu, 22 Sep 2022 08:02:08 GMT Server nginx/1.22.0 X-Powered-By Express ETag W/"a6-1836437e691" Content-Type image/png Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 166
GET H2	200	/ jp.mercari.com/ Redirect Chain https://eki-netcg.com/personal/common/img/icon_linkblank.png https://mercari.com/jp/ https://www.mercari.com/jp/ https://jp.mercari.com/	0 0	145ms 145ms	Image text/html	199.232.210.128 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://jp.mercari.com/ Requested by Host: eki-netcg.com URL: https://eki-netcg.com/Personal/member/wb/Login/Login Protocol H2 Server 199.232.210.128 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language jp-JP,jp;q=0.9 Referer https://eki-netcg.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Redirect headers date Thu, 22 Sep 2022 10:15:53 GMT content-encoding gzip x-content-type-options nosniff via 1.1 varnish x-cache MISS vary Accept x-xss-protection 1; mode=block x-served-by cache-nrt-rjtf7700040-NRT pragma no-cache x-timer S1663841753.437418,VS0,VE32 strict-transport-security max-age=31536000 content-type text/plain; charset=utf-8 location https://jp.mercari.com/ x-cloud-trace-context 1e11376fcc37f17dfb5d3274c0156cf9 cache-control private, no-cache, no-store, must-revalidate function-execution-id m5diqs4ttd1h accept-ranges bytes x-cache-hits 0
GET H/1.1	200 OK	GetHeaderMenu.js Show response eki-netcg.com/Personal/member/wb/js/	5 KB 5 KB	87ms 87ms	Script application/javascript	92.38.128.148 GHOST
General Check archive.org Show headers Download Go to Full URL https://eki-netcg.com/Personal/member/wb/js/GetHeaderMenu.js Requested by Host: eki-netcg.com URL: https://eki-netcg.com/Personal/member/wb/Login/Login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.38.128.148 Khabarovsk, Russian Federation, ASN202422 (GHOST, LU), Reverse DNS dgfdcxfb9.example.com Software nginx/1.22.0 / Express Resource Hash `8ec8422069685c2b2ef85012308ba2e19552dac459e7f059027bb0479e45ee59` Request headers accept-language jp-JP,jp;q=0.9 Referer https://eki-netcg.com/Personal/member/wb/Login/Login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 22 Sep 2022 10:15:52 GMT Last-Modified Thu, 22 Sep 2022 08:02:08 GMT Server nginx/1.22.0 X-Powered-By Express ETag W/"13c5-1836437e691" Content-Type application/javascript; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 5061
GET H/1.1	200 OK	member_footer.js Show response eki-netcg.com/Personal/member/wb/js/	7 KB 7 KB	73ms 73ms	Script application/javascript	92.38.128.148 GHOST
General Check archive.org Show headers Download Go to Full URL https://eki-netcg.com/Personal/member/wb/js/member_footer.js Requested by Host: eki-netcg.com URL: https://eki-netcg.com/Personal/member/wb/Login/Login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.38.128.148 Khabarovsk, Russian Federation, ASN202422 (GHOST, LU), Reverse DNS dgfdcxfb9.example.com Software nginx/1.22.0 / Express Resource Hash `4b214c995de8e6d7c3067c57c5a380b3f51c5c53d8623f34a6e142566c8e1046` Request headers accept-language jp-JP,jp;q=0.9 Referer https://eki-netcg.com/Personal/member/wb/Login/Login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 22 Sep 2022 10:15:52 GMT Last-Modified Thu, 22 Sep 2022 08:02:08 GMT Server nginx/1.22.0 X-Powered-By Express ETag W/"1a2a-1836437e691" Content-Type application/javascript; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 6698
GET H2	200	/ jp.mercari.com/ Redirect Chain https://eki-netcg.com/top/common/img/chatbot/btn_chatbot_l_pc.png https://mercari.com/jp/ https://www.mercari.com/jp/ https://jp.mercari.com/	0 0	140ms 138ms	Image text/html	199.232.210.128 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://jp.mercari.com/ Requested by Host: eki-netcg.com URL: https://eki-netcg.com/Personal/common/css/common.css Protocol H2 Server 199.232.210.128 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language jp-JP,jp;q=0.9 Referer https://eki-netcg.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Redirect headers date Thu, 22 Sep 2022 10:15:53 GMT content-encoding gzip x-content-type-options nosniff via 1.1 varnish x-cache MISS vary Accept x-xss-protection 1; mode=block x-served-by cache-nrt-rjtf7700040-NRT pragma no-cache x-timer S1663841753.437339,VS0,VE19 strict-transport-security max-age=31536000 content-type text/plain; charset=utf-8 location https://jp.mercari.com/ x-cloud-trace-context 9f195f58ba8a721b4ce7999af0168821 cache-control private, no-cache, no-store, must-revalidate function-execution-id m5dibb0vxw21 accept-ranges bytes x-cache-hits 0
GET H2	200	/ jp.mercari.com/ Redirect Chain https://eki-netcg.com/top/common/img/chatbot/btn_chatbot_switch.svg https://mercari.com/jp/ https://www.mercari.com/jp/ https://jp.mercari.com/	0 0	148ms 148ms	Image text/html	199.232.210.128 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://jp.mercari.com/ Requested by Host: eki-netcg.com URL: https://eki-netcg.com/Personal/common/css/common.css Protocol H2 Server 199.232.210.128 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language jp-JP,jp;q=0.9 Referer https://eki-netcg.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Redirect headers date Thu, 22 Sep 2022 10:15:53 GMT content-encoding gzip x-content-type-options nosniff via 1.1 varnish x-cache MISS vary Accept x-xss-protection 1; mode=block x-served-by cache-nrt-rjtf7700040-NRT pragma no-cache x-timer S1663841753.437236,VS0,VE33 strict-transport-security max-age=31536000 content-type text/plain; charset=utf-8 location https://jp.mercari.com/ x-cloud-trace-context e42249e2d5822d321200de2bc6c4b31b cache-control private, no-cache, no-store, must-revalidate function-execution-id rk6oqxz4t8u6 accept-ranges bytes x-cache-hits 0
GET		/ mercari.com/jp/ Redirect Chain https://eki-netcg.com/Personal/member/wb/UserCommon/GetHeaderMenuJSON?status=0&_=1663841752890 https://mercari.com/jp/	0 0

GET H2	200	mobi-agent-client-frame-loader.min.js Show response cdn.agent.mobilus.me/assets/script/embed/current/ Redirect Chain https://guest-agent.mobilus.me/web/mobi-agent-client-frame-loader.min.js?domainId=ekinet https://cdn.agent.mobilus.me/assets/script/embed/current/mobi-agent-client-frame-loader.min.js?40.1.3d4d6aa4b_2022.09.21_09.19.01	276 KB 88 KB	227ms 80ms	Script application/javascript	143.204.86.128 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.agent.mobilus.me/assets/script/embed/current/mobi-agent-client-frame-loader.min.js?40.1.3d4d6aa4b_2022.09.21_09.19.01 Requested by Host: eki-netcg.com URL: https://eki-netcg.com/Personal/member/wb/Login/Login Protocol H2 Server 143.204.86.128 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-143-204-86-128.nrt12.r.cloudfront.net Software AmazonS3 / Resource Hash `0aa01f9264576111ed73c4ec601b89f52e497a849e079ffc236d90728bfe5bef` Request headers accept-language jp-JP,jp;q=0.9 Referer https://eki-netcg.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers x-amz-version-id YP.k4B4GbM3l7q6dsOXLRQ99I3ozAyCB content-encoding gzip etag W/"882b14230982aa46572ebaac0ae01459" last-modified Wed, 21 Sep 2022 09:29:38 GMT server AmazonS3 age 31 x-amz-server-side-encryption AES256 vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 726e0015aca168ac32be9337e2a06ddc.cloudfront.net (CloudFront) cache-control max-age=0,s-maxage=86400 date Thu, 22 Sep 2022 10:15:22 GMT x-amz-cf-pop NRT12-C2 x-amz-cf-id 3f5d2zjY1Lpp3qPvEFySG8ERMuwjJ30Tw8dEdNc11p5RVTrljQOhvg== Redirect headers Date Thu, 22 Sep 2022 10:15:53 GMT X-Content-Type-Options nosniff Server nginx X-Frame-Options SAMEORIGIN Strict-Transport-Security max-age=31536000; includeSubDomains access-control-allow-methods OPTIONS, GET, HEAD location https://cdn.agent.mobilus.me/assets/script/embed/current/mobi-agent-client-frame-loader.min.js?40.1.3d4d6aa4b_2022.09.21_09.19.01 cache-control no-store, no-cache, must-revalidate, max-age=0 access-control-allow-credentials true Connection keep-alive Content-Length 0 X-XSS-Protection 1; mode=block
OPTIONS H2	403	/ mercari.com/jp/	0 0	188ms 67ms	Preflight text/html	13.225.165.50 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://mercari.com/jp/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.165.50 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-165-50.nrt12.r.cloudfront.net Software CloudFront / Resource Hash Request headers Accept / Access-Control-Request-Headers x-requested-with Access-Control-Request-Method GET Origin https://eki-netcg.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers content-length 1053 content-type text/html date Thu, 22 Sep 2022 10:15:53 GMT server CloudFront via 1.1 cba2cf43b0607878c205b07218216cfc.cloudfront.net (CloudFront) x-amz-cf-id rvEewKXKXPtLM0SHHAdL4_uG1PKQIZA4rJ2coLivUOn4lkzDBlQNog== x-amz-cf-pop NRT12-C4 x-cache Error from cloudfront
GET H2	200	/ jp.mercari.com/ Redirect Chain https://eki-netcg.com/personal/common/css/load_font.css https://mercari.com/jp/ https://www.mercari.com/jp/ https://jp.mercari.com/	0 0	110ms 109ms	Stylesheet text/html	199.232.210.128 FASTLY
General Check archive.org Show headers Download Go to Full URL https://jp.mercari.com/ Protocol H2 Server 199.232.210.128 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language jp-JP,jp;q=0.9 Referer https://eki-netcg.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Redirect headers date Thu, 22 Sep 2022 10:15:53 GMT content-encoding gzip x-content-type-options nosniff via 1.1 varnish x-cache MISS vary Accept x-xss-protection 1; mode=block x-served-by cache-nrt-rjtf7700040-NRT pragma no-cache x-timer S1663841754.863771,VS0,VE15 strict-transport-security max-age=31536000 content-type text/plain; charset=utf-8 location https://jp.mercari.com/ x-cloud-trace-context ddb338112f79e17231c451ce924c09a0 cache-control private, no-cache, no-store, must-revalidate function-execution-id m5diz3i37750 accept-ranges bytes x-cache-hits 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: mercari.com
URL: https://mercari.com/jp/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: JR East (Transportation)

88 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			eki-netcg.com/	1969-12-31 23:59:59	Name: mercar:sid Value: s%3A69af396f-6991-41e8-a207-bb5101e65449.nuNQo5daScUxu0HdEWUnnJbIQKdtPsFsb4TUhF4Emb4
			guest-agent.mobilus.me/	1970-01-20 06:20:46	Name: AWSALBCORS Value: QK+ptwDpAH/OPPu1uIfm+Lt/LF/AoLDvDpNWtcrfrvf95m5WcpNzG9UhLiQvFDAi53WL8ncwQvXFMaD0++KZjOsoCVOgBbfLt4g9da67R1VaeGesVCiA58Ngllz5

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://eki-netcg.com/Personal/member/wb/Login/Login Message: Access to XMLHttpRequest at 'https://mercari.com/jp/' (redirected from 'https://eki-netcg.com/Personal/member/wb/UserCommon/GetHeaderMenuJSON?status=0&_=1663841752890') from origin 'https://eki-netcg.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://mercari.com/jp/ Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.agent.mobilus.me
eki-netcg.com
guest-agent.mobilus.me
jp.mercari.com
mercari.com
www.mercari.com
mercari.com
13.225.165.50
143.204.86.128
199.232.210.128
3.113.212.249
92.38.128.148
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
09a397fded7fc6a85364dc5f6f687754d3864d3ac072331e830fc1a84ba549d4
0aa01f9264576111ed73c4ec601b89f52e497a849e079ffc236d90728bfe5bef
3f7c549cfacde11c4129c09b1908d106126d823682cc758f70fc046638d7746b
4b214c995de8e6d7c3067c57c5a380b3f51c5c53d8623f34a6e142566c8e1046
7989d4923e6686ba2adac55246f5752b308a8ea97e0a7e56c23493a2622370a4
7d6d9fa0ebf465571b9d138348db7b5e1c48d40d2af1ccd67c2e5ef54e1b805f
8535b1d400162b861c773eed1e70788c19c8f6a7700a1d2a909fb59ff464d178
8dedbd4baf911bb111f598cb63a8680d066ad3cf8f61898c34b3f7b90541fdb4
8ec8422069685c2b2ef85012308ba2e19552dac459e7f059027bb0479e45ee59
99d0ee5934ce5ffc753be2aca722db868b4698081b4b42ec9259f9dc4df65311
ba4924716ed0580ae30f974eebb97421a2c10c1e2cf61e8ad60fcd39d8fbca30
d00b36aa1a4ef7f6bc537230fbaf03cc752167312d6d27f5072b8a1606b77d0d
d5a24a94f56adf1b34053b4171f10218578fe1cab57de5e135e2bf18f268b49c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e918e110b6e7e8c5ada678baab1d10bcf4f24d149943804b0b31363ccd976b7a
f6d9c7ecf639a57d618678748df969cd24e150ba95c3611069edaa542ec95f98

eki-netcg.com Open in urlscan Pro 92.38.128.148 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

22 Requests

73 %HTTPS

0 %IPv6

3 Domains

6 Subdomains

5 IPs

3 Countries

709 kBTransfer

894 kBSize

2 Cookies

5 Outgoing links

Page URL History

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

88 JavaScript Global Variables

2 Cookies

2 Console Messages

Indicators

eki-netcg.com Open in urlscan Pro
92.38.128.148 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

73 %
HTTPS

0 %
IPv6

3
Domains

6
Subdomains

5
IPs

3
Countries

709 kB
Transfer

894 kB
Size

2
Cookies

22 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!