login.epascord.jp.f1698421afa.top Open in urlscan Pro
155.94.135.182 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://translate.google.com/translate?sl=auto&tl=ja&hl=ja&u=https://www.login-eposcard-jp.workers.dev/&client=webapp
Effective URL:
https://login.epascord.jp.f1698421afa.top/jgjkdfjkgd
Submission: On November 14 via manual (November 14th 2022, 8:46:03 am UTC) from JP — Scanned from JP

Summary HTTP 16 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 16 HTTP transactions. The main IP is 155.94.135.182, located in Los Angeles, United States and belongs to ASN-QUADRANET-GLOBAL, US. The main domain is login.epascord.jp.f1698421afa.top.
TLS certificate: Issued by R3 on November 4th 2022. Valid for: 3 months.

This is the only time login.epascord.jp.f1698421afa.top was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Epos Card (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1 2	2404:6800:400... 2404:6800:4004:825::200e	15169 (GOOGLE) (GOOGLE)
1	2404:6800:400... 2404:6800:4004:80c::2001	15169 (GOOGLE) (GOOGLE)
2	2404:6800:400... 2404:6800:4004:823::2003	15169 (GOOGLE) (GOOGLE)
1 12	155.94.135.182 155.94.135.182	8100 (ASN-QUADR...) (ASN-QUADRANET-GLOBAL)
1	2606:4700:303... 2606:4700:3031::6815:1ff9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	6

2 2404:6800:4004:825::200e (Australia) 1 redirects

ASN15169 (GOOGLE, US)

translate.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4004:80c::2001 (Australia)

ASN15169 (GOOGLE, US)

www-login--eposcard--jp-workers-dev.translate.goog	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2404:6800:4004:823::2003 (Australia)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 155.94.135.182 (Los Angeles, United States) 1 redirects

ASN8100 (ASN-QUADRANET-GLOBAL, US)

login.epascord.jp.f1698421afa.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3031::6815:1ff9 (United States)

ASN13335 (CLOUDFLARENET, US)

fh.fh-008.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	f1698421afa.top 1 redirects login.epascord.jp.f1698421afa.top	184 KB
2	gstatic.com www.gstatic.com	34 KB
2	google.com 1 redirects translate.google.com — Cisco Umbrella Rank: 1251	27 KB
1	fh-008.xyz fh.fh-008.xyz	532 B
1	translate.goog www-login--eposcard--jp-workers-dev.translate.goog	1 KB
16	5

	Domain	Requested by
12	login.epascord.jp.f1698421afa.top	1 redirects www-login--eposcard--jp-workers-dev.translate.goog login.epascord.jp.f1698421afa.top
2	www.gstatic.com	www-login--eposcard--jp-workers-dev.translate.goog
2	translate.google.com	1 redirects www-login--eposcard--jp-workers-dev.translate.goog
1	fh.fh-008.xyz	login.epascord.jp.f1698421afa.top
1	www-login--eposcard--jp-workers-dev.translate.goog
16	5

This site contains links to these domains. Also see Links.

Domain
faq.eposcard.co.jp

Subject Issuer	Validity	Valid
*.googleusercontent.com GTS CA 1C3	`2022-10-25` - `2023-01-17`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-10-25` - `2023-01-17`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-10-25` - `2023-01-17`	3 months	crt.sh
login.epascord.jp.sakuraworld.top R3	`2022-11-04` - `2023-02-02`	3 months	crt.sh
*.fh-008.xyz E1	`2022-10-19` - `2023-01-17`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://login.epascord.jp.f1698421afa.top/jgjkdfjkgd
Frame ID: 771E7E89FC2969D9B02729E5DFEC917F
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

エポス Net会員ID 再登録｜エポスカード会員サイト EPOS Net

Page URL History Show full URLs

https://translate.google.com/translate?sl=auto&tl=ja&hl=ja&u=https://www.login-eposcard-jp.workers.dev/&c... HTTP 302
https://www-login--eposcard--jp-workers-dev.translate.goog/?_x_tr_sl=auto&_x_tr_tl=ja&_x_tr_hl=ja&_x_tr_pto=wapp Page URL
https://login.epascord.jp.f1698421afa.top/ HTTP 302
https://login.epascord.jp.f1698421afa.top/jgjkdfjkgd Page URL

Detected technologies

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

Page Statistics

16
Requests

100 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

6
IPs

2
Countries

246 kB
Transfer

867 kB
Size

2
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://faq.eposcard.co.jp/faq/show/198
Title: ログインできない方はこちら

Search URL Search Domain Scan URL

URL: https://faq.eposcard.co.jp/faq/show/202?webview=false
Title: エポスカードの締め日・支払日はいつですか？

Search URL Search Domain Scan URL

URL: https://faq.eposcard.co.jp/faq/show/365?webview=false
Title: 支払日に引落しできなかったので再度引き落としたい。

Search URL Search Domain Scan URL

URL: https://faq.eposcard.co.jp/faq/show/294?webview=false
Title: エポスカードの限度額を変更することは可能ですか？

Search URL Search Domain Scan URL

URL: https://faq.eposcard.co.jp/faq/show/379?webview=false
Title: 名前が変わりました。

Search URL Search Domain Scan URL

URL: https://faq.eposcard.co.jp/faq/show/370?webview=false
Title: 支払日を過ぎてしまい、お支払いについて相談したい。

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://translate.google.com/translate?sl=auto&tl=ja&hl=ja&u=https://www.login-eposcard-jp.workers.dev/&client=webapp HTTP 302
https://www-login--eposcard--jp-workers-dev.translate.goog/?_x_tr_sl=auto&_x_tr_tl=ja&_x_tr_hl=ja&_x_tr_pto=wapp Page URL
https://login.epascord.jp.f1698421afa.top/ HTTP 302
https://login.epascord.jp.f1698421afa.top/jgjkdfjkgd Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://translate.google.com/translate?sl=auto&tl=ja&hl=ja&u=https://www.login-eposcard-jp.workers.dev/&client=webapp HTTP 302
https://www-login--eposcard--jp-workers-dev.translate.goog/?_x_tr_sl=auto&_x_tr_tl=ja&_x_tr_hl=ja&_x_tr_pto=wapp

16 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/
www-login--eposcard--jp-workers-dev.translate.goog/
Redirect Chain

https://translate.google.com/translate?sl=auto&tl=ja&hl=ja&u=https://www.login-eposcard-jp.workers.dev/&client=webapp
https://www-login--eposcard--jp-workers-dev.translate.goog/?_x_tr_sl=auto&_x_tr_tl=ja&_x_tr_hl=ja&_x_tr_pto=wapp

2 KB
1 KB

742ms
653ms

Document
text/html

2404:6800:4004:80c::2001
GOOGLE

General

			Domain/Path	Expires	Name / Value
			.google.com/	1970-01-20 11:50:26	Name: NID Value: 511=tZbDBRwsLt8UUTbL3NfIAsNElRu40qsqR2g5ZS5SVYkMhWNKlVd_twIqMExuru-EgL6UPRXnT7mcqtePE0EQweZAjMyI9r5G4NsW9JaZNeRdVz1ETpxItq6S6v1TLgtBbrBtiOMxCsTgB7c-6rN3ckDW8O7j6W8dXRod-jWVgUY
			login.epascord.jp.f1698421afa.top/	1969-12-31 23:59:59	Name: PHPSESSID Value: mncji753m3d2t59qlp547ktdpo

Header	Value
Content-Security-Policy	frame-ancestors *.translate.goog
X-Content-Type-Options	nosniff
X-Xss-Protection	0

login.epascord.jp.f1698421afa.top Open in urlscan Pro 155.94.135.182 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

80 %IPv6

5 Domains

5 Subdomains

6 IPs

2 Countries

246 kBTransfer

867 kBSize

2 Cookies

6 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

2 Cookies

Security Headers

Indicators

login.epascord.jp.f1698421afa.top Open in urlscan Pro
155.94.135.182 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

6
IPs

2
Countries

246 kB
Transfer

867 kB
Size

2
Cookies

16 HTTP transactions
5 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!