api-saisoncard.co.jp.uhbu.top
Open in
urlscan Pro
172.86.124.5
Malicious Activity!
Public Scan
Effective URL: https://api-saisoncard.co.jp.uhbu.top/exec_auth/
Submission: On October 21 via api from JP — Scanned from JP
Summary
TLS certificate: Issued by R3 on October 20th 2022. Valid for: 3 months.
This is the only time api-saisoncard.co.jp.uhbu.top was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Saison Card (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 3 | 172.86.124.5 172.86.124.5 | 8100 (ASN-QUADR...) (ASN-QUADRANET-GLOBAL) | |
3 | 2 |
ASN8100 (ASN-QUADRANET-GLOBAL, US)
api-saisoncard.co.jp.uhbu.top |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
uhbu.top
2 redirects
api-saisoncard.co.jp.uhbu.top |
70 KB |
3 | 1 |
Domain | Requested by | |
---|---|---|
3 | api-saisoncard.co.jp.uhbu.top | 2 redirects |
3 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
atunet.uccard.co.jp |
www2.uccard.co.jp |
Subject Issuer | Validity | Valid | |
---|---|---|---|
api-saisoncard.co.jp.uhbu.top R3 |
2022-10-20 - 2023-01-18 |
3 months | crt.sh |
This page contains 3 frames:
Primary Page:
https://api-saisoncard.co.jp.uhbu.top/exec_auth/
Frame ID: 4BB76991AF55DD59171386C3826EDAD7
Requests: 7 HTTP requests in this frame
Frame:
data://truncated
Frame ID: A61920F34339A7387ECF45839F86CAB4
Requests: 3 HTTP requests in this frame
Frame:
data://truncated
Frame ID: A24A9244743C10B1B824193416659A53
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
UC CARD アットユーネット!Page URL History Show full URLs
-
https://api-saisoncard.co.jp.uhbu.top/
HTTP 302
https://api-saisoncard.co.jp.uhbu.top/exec_auth HTTP 301
https://api-saisoncard.co.jp.uhbu.top/exec_auth/ Page URL
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Title: アットユーネット新規登録(無料)
Search URL Search Domain Scan URL
Title: ID・パスワードをお忘れの方
Search URL Search Domain Scan URL
Title: よくあるお問い合わせ
Search URL Search Domain Scan URL
Title: メンテナンス情報
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://api-saisoncard.co.jp.uhbu.top/
HTTP 302
https://api-saisoncard.co.jp.uhbu.top/exec_auth HTTP 301
https://api-saisoncard.co.jp.uhbu.top/exec_auth/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
3 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
api-saisoncard.co.jp.uhbu.top/exec_auth/ Redirect Chain
|
119 KB 70 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
7 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
705 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
14 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame A619 |
86 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame A619 |
120 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame A619 |
197 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame A24A |
27 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Saison Card (Financial)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| onuserchange function| clearuser function| passtoggle1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
api-saisoncard.co.jp.uhbu.top/ | Name: PHPSESSID Value: pi2clc77gcr0mh61eeng6htmev |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api-saisoncard.co.jp.uhbu.top
172.86.124.5
01c58e9fde4e043d29deb9b9f5a09930f7c8300de8fa91f1f08dbcdc56eb8682
1ed19ea7ee0a908c19890a25bf56f01efe45d145f87e8f7f6964a79b8bbcec0b
46b1e9712828ae8ad0dd0b7a6eb8b93aaaf6e014c97a5bf5b194749229f460c0
5a00073e687930bbf619282eb6f4f8e30d3086c86525dc6caf5abdb657e5c27d
5fa448153ec72fd5c8e3202d27428cfe32377c4e5df4a9815aa6a823c1520289
6dbfe2e8a966ff6518e842a34478a784dec9c08f2062692ae2e68ad9683c8631
7319d78e943fd8a80d3c77e5291aa9749fbc01c3a2dd312996e310f3a928eaa6
79c0eff96d83dee4df9cbddf21cf9b100500ccf217bebb945fed68d4dfe65d0a
a348c7a8a94430562064f02f77308e3e8bbaf912420b8cd77ad3956bdfbf7df5
a485d61bbecaf28799bc489e555e816b61205600d282ac15f2eeb65ff6ee12f9
b0f628c4204263d06e5a028c3f2df7a264df11d2766f7dfc50fe786bebda6df8
b5396b96d122928321773117aad160b5c7e0806334fc1477479123cd4a66683e
da0e225d66db0a3ebf1aa9d3ba389955f3f220836f577830c6d9f12e0f9f2a4c