api.saisoncard.co.jp.18youth.cn Open in urlscan Pro
192.161.59.197  Malicious Activity! Public Scan

7 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://api.saisoncard.co.jp.18youth.cn/ Page URL
2. https://api.saisoncard.co.jp.18youth.cn/login.php Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
5 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response api.saisoncard.co.jp.18youth.cn/	1015 B 1 KB	790ms 228ms	Document text/html	192.161.59.197 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL https://api.saisoncard.co.jp.18youth.cn/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.161.59.197 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS 192.161.59.197.static.quadranet.com Software nginx / Resource Hash 532f23e202cfa6617155bee2f11cff2c8989ab759c0616e8e15ed99fb0b7d3a9 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 accept-language jp-JP,jp;q=0.9 Response headers accept-ranges bytes content-length 1015 content-type text/html date Wed, 31 Aug 2022 05:53:05 GMT etag "6239f2b4-3f7" last-modified Tue, 22 Mar 2022 16:00:52 GMT server nginx strict-transport-security max-age=31536000
GET H2	200	axios.min.js Show response api.saisoncard.co.jp.18youth.cn/js/	17 KB 7 KB	230ms 229ms	Script application/javascript	192.161.59.197 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL https://api.saisoncard.co.jp.18youth.cn/js/axios.min.js Requested by Host: api.saisoncard.co.jp.18youth.cn URL: https://api.saisoncard.co.jp.18youth.cn/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.161.59.197 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS 192.161.59.197.static.quadranet.com Software nginx / Resource Hash aed6ac78b8249a9c7cff0030f3b921ee9f771cb1684164f3e679e1023a4d5c69 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language jp-JP,jp;q=0.9 Referer https://api.saisoncard.co.jp.18youth.cn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers date Wed, 31 Aug 2022 05:53:05 GMT content-encoding gzip last-modified Sun, 06 Mar 2022 23:56:02 GMT server nginx etag W/"62254a12-45b3" vary Accept-Encoding content-type application/javascript cache-control max-age=43200 strict-transport-security max-age=31536000 expires Wed, 31 Aug 2022 17:53:05 GMT
GET H2	200	jump.php www.aini1314.shop/api/	5 B 356 B	1258ms 1146ms	XHR text/html	34.92.175.0 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.aini1314.shop/api/jump.php Requested by Host: api.saisoncard.co.jp.18youth.cn URL: https://api.saisoncard.co.jp.18youth.cn/js/axios.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 34.92.175.0 Central, Hong Kong, ASN15169 (GOOGLE, US), Reverse DNS 0.175.92.34.bc.googleusercontent.com Software nginx / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept application/json, text/plain, */* Referer https://api.saisoncard.co.jp.18youth.cn/ accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers pragma no-cache date Wed, 31 Aug 2022 05:53:07 GMT content-encoding gzip server nginx vary Accept-Encoding access-control-allow-methods * content-type text/html;charset=utf-8 access-control-allow-origin * cache-control no-store, no-cache, must-revalidate access-control-allow-credentials true strict-transport-security max-age=31536000 expires Thu, 19 Nov 1981 08:52:00 GMT
GET H2	200	Primary Request login.php Show response api.saisoncard.co.jp.18youth.cn/	77 KB 41 KB	463ms 461ms	Document text/html	192.161.59.197 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL https://api.saisoncard.co.jp.18youth.cn/login.php Requested by Host: api.saisoncard.co.jp.18youth.cn URL: https://api.saisoncard.co.jp.18youth.cn/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.161.59.197 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS 192.161.59.197.static.quadranet.com Software nginx / Resource Hash 07fbe26a38268120fd039587285b62eebc4faaf367f9b38c8bb90aee5773feed Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://api.saisoncard.co.jp.18youth.cn/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 accept-language jp-JP,jp;q=0.9 Response headers content-encoding gzip content-type text/html; charset=UTF-8 date Wed, 31 Aug 2022 05:53:07 GMT server nginx strict-transport-security max-age=31536000 vary Accept-Encoding
GET H2	200	login.css api.saisoncard.co.jp.18youth.cn/css/	2 KB 973 B	229ms 228ms	Stylesheet text/css	192.161.59.197 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL https://api.saisoncard.co.jp.18youth.cn/css/login.css Requested by Host: api.saisoncard.co.jp.18youth.cn URL: https://api.saisoncard.co.jp.18youth.cn/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.161.59.197 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS 192.161.59.197.static.quadranet.com Software nginx / Resource Hash fc1b023aca450050e2d38f958c49e02865c77fa36d96416408018b452f5e6305 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language jp-JP,jp;q=0.9 Referer https://api.saisoncard.co.jp.18youth.cn/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers date Wed, 31 Aug 2022 05:53:07 GMT content-encoding gzip last-modified Tue, 22 Mar 2022 16:04:12 GMT server nginx etag W/"6239f37c-683" vary Accept-Encoding content-type text/css cache-control max-age=43200 strict-transport-security max-age=31536000 expires Wed, 31 Aug 2022 17:53:07 GMT
GET H2	200	jq.js Show response api.saisoncard.co.jp.18youth.cn/js/	87 KB 34 KB	231ms 230ms	Script application/javascript	192.161.59.197 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL https://api.saisoncard.co.jp.18youth.cn/js/jq.js Requested by Host: api.saisoncard.co.jp.18youth.cn URL: https://api.saisoncard.co.jp.18youth.cn/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.161.59.197 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS 192.161.59.197.static.quadranet.com Software nginx / Resource Hash ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language jp-JP,jp;q=0.9 Referer https://api.saisoncard.co.jp.18youth.cn/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers date Wed, 31 Aug 2022 05:53:07 GMT content-encoding gzip last-modified Mon, 07 Mar 2022 19:08:28 GMT server nginx etag W/"6226582c-15d9d" vary Accept-Encoding content-type application/javascript cache-control max-age=43200 strict-transport-security max-age=31536000 expires Wed, 31 Aug 2022 17:53:07 GMT
GET H2	200	2202_login_520_230.jpg netanswerplus.saisoncard.co.jp/WebPc/pages/images/person/login/images/	27 KB 27 KB	26ms 10ms	Image image/jpeg	45.60.48.171 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://netanswerplus.saisoncard.co.jp/WebPc/pages/images/person/login/images/2202_login_520_230.jpg Requested by Host: api.saisoncard.co.jp.18youth.cn URL: https://api.saisoncard.co.jp.18youth.cn/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.48.171 , United States, ASN19551 (INCAPSULA, US), Reverse DNS Software Apache / Resource Hash a485d61bbecaf28799bc489e555e816b61205600d282ac15f2eeb65ff6ee12f9 Request headers accept-language jp-JP,jp;q=0.9 Referer https://api.saisoncard.co.jp.18youth.cn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers date Wed, 31 Aug 2022 05:53:07 GMT last-modified Fri, 18 Feb 2022 07:20:50 GMT server Apache etag "6ada" content-type image/jpeg access-control-allow-origin https://api.saisoncard.co.jp x-iinfo 4-95513493-95510322 PNNN RT(1661925187739 15) q(0 0 0 0) r(0 0) U5 x-cnection close accept-ranges bytes content-length 27354 x-cdn Imperva
GET H2	200	CSSP_login_320-100_D.jpg netanswerplus.saisoncard.co.jp/WebPc/pages/images/person/login/images/	40 KB 40 KB	10ms 10ms	Image image/jpeg	45.60.48.171 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://netanswerplus.saisoncard.co.jp/WebPc/pages/images/person/login/images/CSSP_login_320-100_D.jpg Requested by Host: api.saisoncard.co.jp.18youth.cn URL: https://api.saisoncard.co.jp.18youth.cn/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.48.171 , United States, ASN19551 (INCAPSULA, US), Reverse DNS Software Apache / Resource Hash 98846dcf5586665fa010010a591622270741ad32dc3e692c61aa124fc001e4f7 Request headers accept-language jp-JP,jp;q=0.9 Referer https://api.saisoncard.co.jp.18youth.cn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers date Wed, 31 Aug 2022 05:53:07 GMT last-modified Tue, 10 Jul 2018 06:07:40 GMT server Apache etag "a05d" content-type image/jpeg access-control-allow-origin https://api.saisoncard.co.jp x-iinfo 4-95513493-95510322 PNNN RT(1661925187739 27) q(0 0 0 0) r(0 0) U5 x-cnection close accept-ranges bytes content-length 41053 x-cdn Imperva
GET DATA	200 OK	truncated /	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 7829cd82e5b348bd82b5917ab6b4df98a0ca39a30a21d70735cf791e5e8b7bcf Request headers accept-language jp-JP,jp;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	14 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash da0e225d66db0a3ebf1aa9d3ba389955f3f220836f577830c6d9f12e0f9f2a4c Request headers accept-language jp-JP,jp;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 1ed19ea7ee0a908c19890a25bf56f01efe45d145f87e8f7f6964a79b8bbcec0b Request headers accept-language jp-JP,jp;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash b0f628c4204263d06e5a028c3f2df7a264df11d2766f7dfc50fe786bebda6df8 Request headers accept-language jp-JP,jp;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers Content-Type image/png
GET H2	200	h3.gif api.saisoncard.co.jp.18youth.cn/images/	120 B 325 B	228ms 228ms	Image image/gif	192.161.59.197 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Show image Full URL https://api.saisoncard.co.jp.18youth.cn/images/h3.gif Requested by Host: api.saisoncard.co.jp.18youth.cn URL: https://api.saisoncard.co.jp.18youth.cn/css/login.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.161.59.197 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS 192.161.59.197.static.quadranet.com Software nginx / Resource Hash 6dbfe2e8a966ff6518e842a34478a784dec9c08f2062692ae2e68ad9683c8631 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language jp-JP,jp;q=0.9 Referer https://api.saisoncard.co.jp.18youth.cn/css/login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers date Wed, 31 Aug 2022 05:53:08 GMT last-modified Tue, 22 Mar 2022 15:36:32 GMT server nginx etag "6239ed00-78" strict-transport-security max-age=31536000 content-type image/gif cache-control max-age=2592000 accept-ranges bytes content-length 120 expires Fri, 30 Sep 2022 05:53:08 GMT
GET DATA	200 OK	truncated /	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 046dae1710bdf2c2a11b49acadad79bafc11b086ed2d79e3c1647f129a8b8ddd Request headers accept-language jp-JP,jp;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers Content-Type image/png

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Saison Card (Financial)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| savepage_ShadowLoader

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			api.saisoncard.co.jp.18youth.cn/	1969-12-31 23:59:59	Name: isuser Value: true

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.saisoncard.co.jp.18youth.cn
netanswerplus.saisoncard.co.jp
www.aini1314.shop
192.161.59.197
34.92.175.0
45.60.48.171
046dae1710bdf2c2a11b49acadad79bafc11b086ed2d79e3c1647f129a8b8ddd
07fbe26a38268120fd039587285b62eebc4faaf367f9b38c8bb90aee5773feed
1ed19ea7ee0a908c19890a25bf56f01efe45d145f87e8f7f6964a79b8bbcec0b
532f23e202cfa6617155bee2f11cff2c8989ab759c0616e8e15ed99fb0b7d3a9
6dbfe2e8a966ff6518e842a34478a784dec9c08f2062692ae2e68ad9683c8631
7829cd82e5b348bd82b5917ab6b4df98a0ca39a30a21d70735cf791e5e8b7bcf
98846dcf5586665fa010010a591622270741ad32dc3e692c61aa124fc001e4f7
a485d61bbecaf28799bc489e555e816b61205600d282ac15f2eeb65ff6ee12f9
aed6ac78b8249a9c7cff0030f3b921ee9f771cb1684164f3e679e1023a4d5c69
b0f628c4204263d06e5a028c3f2df7a264df11d2766f7dfc50fe786bebda6df8
da0e225d66db0a3ebf1aa9d3ba389955f3f220836f577830c6d9f12e0f9f2a4c
ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127
fc1b023aca450050e2d38f958c49e02865c77fa36d96416408018b452f5e6305