api-saisoncard.co.jp.uhbu.top Open in urlscan Pro
172.86.124.5 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://api-saisoncard.co.jp.uhbu.top/
Effective URL:
https://api-saisoncard.co.jp.uhbu.top/exec_auth/
Submission: On October 21 via api (October 21st 2022, 8:12:54 am UTC) from JP — Scanned from JP

Summary HTTP 3 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 3 HTTP transactions. The main IP is 172.86.124.5, located in Los Angeles, United States and belongs to ASN-QUADRANET-GLOBAL, US. The main domain is api-saisoncard.co.jp.uhbu.top.
TLS certificate: Issued by R3 on October 20th 2022. Valid for: 3 months.

This is the only time api-saisoncard.co.jp.uhbu.top was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Saison Card (Financial)

Domain & IP information

	IP Address		AS Autonomous System
2 3	172.86.124.5 172.86.124.5		8100 (ASN-QUADR...) (ASN-QUADRANET-GLOBAL)
3	2

3 172.86.124.5 (Los Angeles, United States) 2 redirects

ASN8100 (ASN-QUADRANET-GLOBAL, US)

api-saisoncard.co.jp.uhbu.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	uhbu.top 2 redirects api-saisoncard.co.jp.uhbu.top	70 KB
3	1

	Domain	Requested by
3	api-saisoncard.co.jp.uhbu.top	2 redirects
3	1

This site contains links to these domains. Also see Links.

Domain
atunet.uccard.co.jp
www2.uccard.co.jp

Subject Issuer	Validity	Valid
api-saisoncard.co.jp.uhbu.top R3	`2022-10-20` - `2023-01-18`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://api-saisoncard.co.jp.uhbu.top/exec_auth/
Frame ID: 4BB76991AF55DD59171386C3826EDAD7
Requests: 7 HTTP requests in this frame

Frame: data://truncated
Frame ID: A61920F34339A7387ECF45839F86CAB4
Requests: 3 HTTP requests in this frame

Frame: data://truncated
Frame ID: A24A9244743C10B1B824193416659A53
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

UC CARD アットユーネット！

Page URL History Show full URLs

https://api-saisoncard.co.jp.uhbu.top/ HTTP 302
https://api-saisoncard.co.jp.uhbu.top/exec_auth HTTP 301
https://api-saisoncard.co.jp.uhbu.top/exec_auth/ Page URL

Page Statistics

3
Requests

33 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

147 kB
Transfer

254 kB
Size

1
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://atunet.uccard.co.jp/UCPc/USA0201UIP01SCR.do
Title: アットユーネット新規登録（無料）

Search URL Search Domain Scan URL

URL: https://www2.uccard.co.jp/cs/atu/id_pw.html
Title: ID・パスワードをお忘れの方

Search URL Search Domain Scan URL

URL: https://atunet.uccard.co.jp/UCPc/pages/images/person/faq/index.html
Title: よくあるお問い合わせ

Search URL Search Domain Scan URL

URL: https://www2.uccard.co.jp/maintenance
Title: メンテナンス情報

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://api-saisoncard.co.jp.uhbu.top/ HTTP 302
https://api-saisoncard.co.jp.uhbu.top/exec_auth HTTP 301
https://api-saisoncard.co.jp.uhbu.top/exec_auth/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions
8 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response api-saisoncard.co.jp.uhbu.top/exec_auth/ Redirect Chain https://api-saisoncard.co.jp.uhbu.top/ https://api-saisoncard.co.jp.uhbu.top/exec_auth https://api-saisoncard.co.jp.uhbu.top/exec_auth/	119 KB 70 KB	284ms 283ms	Document text/html	172.86.124.5 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL https://api-saisoncard.co.jp.uhbu.top/exec_auth/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 172.86.124.5 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS Software Apache / Resource Hash `7319d78e943fd8a80d3c77e5291aa9749fbc01c3a2dd312996e310f3a928eaa6` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language jp-JP,jp;q=0.9 Response headers cache-control no-store, no-cache, must-revalidate content-encoding gzip content-type text/html; charset=UTF-8 date Fri, 21 Oct 2022 08:12:39 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server Apache vary Accept-Encoding Redirect headers content-length 336 content-type text/html; charset=iso-8859-1 date Fri, 21 Oct 2022 08:12:39 GMT location https://api-saisoncard.co.jp.uhbu.top/exec_auth/ server Apache
GET DATA	200 OK	truncated /	7 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `79c0eff96d83dee4df9cbddf21cf9b100500ccf217bebb945fed68d4dfe65d0a` Request headers accept-language jp-JP,jp;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	705 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `01c58e9fde4e043d29deb9b9f5a09930f7c8300de8fa91f1f08dbcdc56eb8682` Request headers accept-language jp-JP,jp;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	14 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `da0e225d66db0a3ebf1aa9d3ba389955f3f220836f577830c6d9f12e0f9f2a4c` Request headers accept-language jp-JP,jp;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	2 KB 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `b5396b96d122928321773117aad160b5c7e0806334fc1477479123cd4a66683e` Request headers accept-language jp-JP,jp;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `1ed19ea7ee0a908c19890a25bf56f01efe45d145f87e8f7f6964a79b8bbcec0b` Request headers accept-language jp-JP,jp;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `b0f628c4204263d06e5a028c3f2df7a264df11d2766f7dfc50fe786bebda6df8` Request headers accept-language jp-JP,jp;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated / Frame A619	86 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a348c7a8a94430562064f02f77308e3e8bbaf912420b8cd77ad3956bdfbf7df5` Request headers accept-language jp-JP,jp;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated / Frame A619	120 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6dbfe2e8a966ff6518e842a34478a784dec9c08f2062692ae2e68ad9683c8631` Request headers accept-language jp-JP,jp;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated / Frame A619	197 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `46b1e9712828ae8ad0dd0b7a6eb8b93aaaf6e014c97a5bf5b194749229f460c0` Request headers accept-language jp-JP,jp;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated / Frame A24A	27 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a485d61bbecaf28799bc489e555e816b61205600d282ac15f2eeb65ff6ee12f9` Request headers accept-language jp-JP,jp;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Content-Type image/jpeg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Saison Card (Financial)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			api-saisoncard.co.jp.uhbu.top/	1969-12-31 23:59:59	Name: PHPSESSID Value: pi2clc77gcr0mh61eeng6htmev

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-saisoncard.co.jp.uhbu.top
172.86.124.5
01c58e9fde4e043d29deb9b9f5a09930f7c8300de8fa91f1f08dbcdc56eb8682
1ed19ea7ee0a908c19890a25bf56f01efe45d145f87e8f7f6964a79b8bbcec0b
46b1e9712828ae8ad0dd0b7a6eb8b93aaaf6e014c97a5bf5b194749229f460c0
5a00073e687930bbf619282eb6f4f8e30d3086c86525dc6caf5abdb657e5c27d
5fa448153ec72fd5c8e3202d27428cfe32377c4e5df4a9815aa6a823c1520289
6dbfe2e8a966ff6518e842a34478a784dec9c08f2062692ae2e68ad9683c8631
7319d78e943fd8a80d3c77e5291aa9749fbc01c3a2dd312996e310f3a928eaa6
79c0eff96d83dee4df9cbddf21cf9b100500ccf217bebb945fed68d4dfe65d0a
a348c7a8a94430562064f02f77308e3e8bbaf912420b8cd77ad3956bdfbf7df5
a485d61bbecaf28799bc489e555e816b61205600d282ac15f2eeb65ff6ee12f9
b0f628c4204263d06e5a028c3f2df7a264df11d2766f7dfc50fe786bebda6df8
b5396b96d122928321773117aad160b5c7e0806334fc1477479123cd4a66683e
da0e225d66db0a3ebf1aa9d3ba389955f3f220836f577830c6d9f12e0f9f2a4c

api-saisoncard.co.jp.uhbu.top Open in urlscan Pro 172.86.124.5 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

3 Requests

33 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

147 kBTransfer

254 kBSize

1 Cookies

4 Outgoing links

Page URL History

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

13 JavaScript Global Variables

1 Cookies

Indicators

api-saisoncard.co.jp.uhbu.top Open in urlscan Pro
172.86.124.5 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

33 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

147 kB
Transfer

254 kB
Size

1
Cookies

3 HTTP transactions
8 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!