saison-cardpomd.com Open in urlscan Pro
202.78.173.91  Malicious Activity! Public Scan

Submitted URL: https://saison-cardpomd.com/
Effective URL: https://saison-cardpomd.com/WebPc/login.html
Submission: On October 10 via automatic, source openphish — Scanned from DE

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 26 HTTP transactions. The main IP is 202.78.173.91, located in Frankfurt am Main, Germany and belongs to GHOST, LU. The main domain is saison-cardpomd.com.
TLS certificate: Issued by R3 on October 8th 2022. Valid for: 3 months.
This is the only time saison-cardpomd.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: UC Card (Financial)

Domain & IP information

IP Address AS Autonomous System
1 24 202.78.173.91 202422 (GHOST)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 52.192.208.39 16509 (AMAZON-02)
26 3
Apex Domain
Subdomains
Transfer
24 saison-cardpomd.com
saison-cardpomd.com
376 KB
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 358
10 KB
1 securebrain.co.jp
spd-csna.securebrain.co.jp
265 KB
26 3
Domain Requested by
24 saison-cardpomd.com 1 redirects cdnjs.cloudflare.com
saison-cardpomd.com
2 cdnjs.cloudflare.com saison-cardpomd.com
1 spd-csna.securebrain.co.jp saison-cardpomd.com
26 3

This site contains links to these domains. Also see Links.

Domain
netanswerplus.saisoncard.co.jp
www.saisoncard.co.jp
api.saisoncard.co.jp
Subject Issuer Validity Valid
saison-cardpomd.com
R3
2022-10-08 -
2023-01-06
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-08-03 -
2023-08-02
a year crt.sh
*.securebrain.co.jp
Amazon
2022-03-16 -
2023-04-14
a year crt.sh

This page contains 1 frames:

Primary Page: https://saison-cardpomd.com/WebPc/login.html
Frame ID: A6083C7D1A21CAAB39F7650697456B4B
Requests: 26 HTTP requests in this frame

Screenshot

Page Title

SAISON CARD Netアンサー

Page URL History Show full URLs

  1. https://saison-cardpomd.com/ HTTP 302
    https://saison-cardpomd.com/WebPc/login.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • zepto.*\.js

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

26
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

651 kB
Transfer

659 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://saison-cardpomd.com/ HTTP 302
    https://saison-cardpomd.com/WebPc/login.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

26 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request login.html
saison-cardpomd.com/WebPc/
Redirect Chain
  • https://saison-cardpomd.com/
  • https://saison-cardpomd.com/WebPc/login.html
1 KB
2 KB
Document
General
Full URL
https://saison-cardpomd.com/WebPc/login.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.78.173.91 Frankfurt am Main, Germany, ASN202422 (GHOST, LU),
Reverse DNS
monguedeloras1.example.com
Software
nginx/1.22.0 / Express
Resource Hash
799dca5eb648be5b4e32186032be076689c9b47f6399f16c8fb8df475cf1f45f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
public, max-age=0
Connection
keep-alive
Content-Length
1350
Content-Type
text/html; charset=UTF-8
Date
Mon, 10 Oct 2022 14:16:29 GMT
ETag
W/"546-183b6e6350c"
Last-Modified
Sat, 08 Oct 2022 09:21:23 GMT
Server
nginx/1.22.0
X-Powered-By
Express

Redirect headers

Connection
keep-alive
Content-Length
78
Content-Type
text/html; charset=utf-8
Date
Mon, 10 Oct 2022 14:16:29 GMT
Location
/WebPc/login.html
Server
nginx/1.22.0
Vary
Accept
X-Powered-By
Express
zepto.min.js
cdnjs.cloudflare.com/ajax/libs/zepto/1.2.0/
26 KB
9 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/zepto/1.2.0/zepto.min.js
Requested by
Host: saison-cardpomd.com
URL: https://saison-cardpomd.com/WebPc/login.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
beb9f5e32ed61fbce010497242a9b6b8219242b5ffc636038e7891510c773725
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://saison-cardpomd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 14:16:29 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
2799289
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
8798
last-modified
Mon, 04 May 2020 16:18:11 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb04043-6712"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VMo7lGNHLaOPwIdK7J9S7FiWUC%2FBtaWmiL%2BH%2FH3zrpLUxr54IXp5EYtvhXtOEi6%2BNXY4UUUp4nIHhEOh7wY4cnJmVexuehruC1A859UBXi%2BS6lwiwrgjyQ%2BpHm1GaOgUxaiGf3bHNjXvdgdtfQ3pojF2"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
757ff9602ed7915f-FRA
expires
Sat, 30 Sep 2023 14:16:29 GMT
base64.min.js
cdnjs.cloudflare.com/ajax/libs/Base64/1.1.0/
1 KB
886 B
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/Base64/1.1.0/base64.min.js
Requested by
Host: saison-cardpomd.com
URL: https://saison-cardpomd.com/WebPc/login.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2f94d7639ccd0a0e0aea9bc3b2b88ba1f3af4f15e2197ae7edceb731e0d5e62e
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://saison-cardpomd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 14:16:29 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
200230
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
549
last-modified
Mon, 04 May 2020 16:03:57 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ced-431"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=flH6Z4h58krROaCw9z%2B8lW9d8pAMVViTtMITS2KhEQMZ1bc8gne23DLCoEcRrIPaY%2BFOuoWaxLdjaKYq9BAyFbl48UTJHzsPcvoZ5BSMmhEJLqhhI10VT7HvKlY6Q%2BITpT16EizpeGDEjUPs1TIgrPPU"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
757ff9602ed9915f-FRA
expires
Sat, 30 Sep 2023 14:16:29 GMT
login
saison-cardpomd.com/source/WebPc/
25 KB
25 KB
XHR
General
Full URL
https://saison-cardpomd.com/source/WebPc/login?v=&_=1665411389491
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/zepto/1.2.0/zepto.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.78.173.91 Frankfurt am Main, Germany, ASN202422 (GHOST, LU),
Reverse DNS
monguedeloras1.example.com
Software
nginx/1.22.0 / Express
Resource Hash
b857ab2c80857c0c65ec7904ecefc9d8e9f0d8a0ddb6cf96eb277d1ed88ea2f9

Request headers

Accept
*/*
Referer
https://saison-cardpomd.com/WebPc/login.html
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 14:16:29 GMT
Server
nginx/1.22.0
Connection
keep-alive
X-Powered-By
Express
Content-Length
25236
ETag
W/"6294-a2RNWpAdxEip8fqOUk0vtkJbc04"
Content-Type
text/html; charset=utf-8
index.css
saison-cardpomd.com/auth/resources/css/
18 KB
18 KB
Stylesheet
General
Full URL
https://saison-cardpomd.com/auth/resources/css/index.css
Requested by
Host: saison-cardpomd.com
URL: https://saison-cardpomd.com/WebPc/login.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.78.173.91 Frankfurt am Main, Germany, ASN202422 (GHOST, LU),
Reverse DNS
monguedeloras1.example.com
Software
nginx/1.22.0 / Express
Resource Hash
f5d6d2278f1f50c975af5bd71372a861c61eca5a5254172205ad48bbb5a7c19c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://saison-cardpomd.com/WebPc/login.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 14:16:29 GMT
Last-Modified
Sat, 08 Oct 2022 09:21:23 GMT
Server
nginx/1.22.0
X-Powered-By
Express
ETag
W/"466e-183b6e63510"
Content-Type
text/css; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
18030
layout.css
saison-cardpomd.com/auth/resources/css/
3 KB
3 KB
Stylesheet
General
Full URL
https://saison-cardpomd.com/auth/resources/css/layout.css
Requested by
Host: saison-cardpomd.com
URL: https://saison-cardpomd.com/WebPc/login.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.78.173.91 Frankfurt am Main, Germany, ASN202422 (GHOST, LU),
Reverse DNS
monguedeloras1.example.com
Software
nginx/1.22.0 / Express
Resource Hash
766b9361bba45e02ec03d15b3e2ab80e70525570decb1473dfd6ab8ec49506fe

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://saison-cardpomd.com/WebPc/login.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 14:16:29 GMT
Last-Modified
Sat, 08 Oct 2022 09:21:23 GMT
Server
nginx/1.22.0
X-Powered-By
Express
ETag
W/"a47-183b6e63510"
Content-Type
text/css; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2631
jquery.js
saison-cardpomd.com/auth/resources/js/
87 KB
88 KB
Script
General
Full URL
https://saison-cardpomd.com/auth/resources/js/jquery.js
Requested by
Host: saison-cardpomd.com
URL: https://saison-cardpomd.com/WebPc/login.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.78.173.91 Frankfurt am Main, Germany, ASN202422 (GHOST, LU),
Reverse DNS
monguedeloras1.example.com
Software
nginx/1.22.0 / Express
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://saison-cardpomd.com/WebPc/login.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 14:16:29 GMT
Last-Modified
Sat, 08 Oct 2022 09:21:23 GMT
Server
nginx/1.22.0
X-Powered-By
Express
ETag
W/"15d9d-183b6e63514"
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
89501
util.js
saison-cardpomd.com/auth/resources/js/
10 KB
10 KB
Script
General
Full URL
https://saison-cardpomd.com/auth/resources/js/util.js
Requested by
Host: saison-cardpomd.com
URL: https://saison-cardpomd.com/WebPc/login.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.78.173.91 Frankfurt am Main, Germany, ASN202422 (GHOST, LU),
Reverse DNS
monguedeloras1.example.com
Software
nginx/1.22.0 / Express
Resource Hash
16c72cfeb6471cca4fe9bd270035edc31b9bd06c8bfe847e92162dc79ed06971

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://saison-cardpomd.com/WebPc/login.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 14:16:30 GMT
Last-Modified
Sat, 08 Oct 2022 09:21:23 GMT
Server
nginx/1.22.0
X-Powered-By
Express
ETag
W/"2680-183b6e63514"
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
9856
main.js
saison-cardpomd.com/auth/resources/js/
3 KB
3 KB
Script
General
Full URL
https://saison-cardpomd.com/auth/resources/js/main.js
Requested by
Host: saison-cardpomd.com
URL: https://saison-cardpomd.com/WebPc/login.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.78.173.91 Frankfurt am Main, Germany, ASN202422 (GHOST, LU),
Reverse DNS
monguedeloras1.example.com
Software
nginx/1.22.0 / Express
Resource Hash
50eaa1f9f4aab467f620a6ac31a3d2b8e534747f3fc1ceb53efd361f55ddc190

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://saison-cardpomd.com/WebPc/login.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 14:16:30 GMT
Last-Modified
Sat, 08 Oct 2022 09:21:23 GMT
Server
nginx/1.22.0
X-Powered-By
Express
ETag
W/"c96-183b6e63514"
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3222
scopeDispSwitch.js
saison-cardpomd.com/auth/resources/js/
695 B
1023 B
Script
General
Full URL
https://saison-cardpomd.com/auth/resources/js/scopeDispSwitch.js
Requested by
Host: saison-cardpomd.com
URL: https://saison-cardpomd.com/WebPc/login.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.78.173.91 Frankfurt am Main, Germany, ASN202422 (GHOST, LU),
Reverse DNS
monguedeloras1.example.com
Software
nginx/1.22.0 / Express
Resource Hash
e155ba0226f162d0182589e43b857a0439b7179587a27a17369db47ee8daa0f6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://saison-cardpomd.com/WebPc/login.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 14:16:30 GMT
Last-Modified
Sat, 08 Oct 2022 09:21:23 GMT
Server
nginx/1.22.0
X-Powered-By
Express
ETag
W/"2b7-183b6e63514"
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
695
createIframe.js
saison-cardpomd.com/auth/resources/js/
2 KB
2 KB
Script
General
Full URL
https://saison-cardpomd.com/auth/resources/js/createIframe.js
Requested by
Host: saison-cardpomd.com
URL: https://saison-cardpomd.com/WebPc/login.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.78.173.91 Frankfurt am Main, Germany, ASN202422 (GHOST, LU),
Reverse DNS
monguedeloras1.example.com
Software
nginx/1.22.0 / Express
Resource Hash
45967261719a12a56e2b520c3886881823b416bfbce7f78f292f940d868ed269

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://saison-cardpomd.com/WebPc/login.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 14:16:30 GMT
Last-Modified
Sat, 08 Oct 2022 09:21:23 GMT
Server
nginx/1.22.0
X-Powered-By
Express
ETag
W/"67a-183b6e63514"
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1658
jquery.autoheight.js
saison-cardpomd.com/auth/resources/js/
785 B
1 KB
Script
General
Full URL
https://saison-cardpomd.com/auth/resources/js/jquery.autoheight.js
Requested by
Host: saison-cardpomd.com
URL: https://saison-cardpomd.com/WebPc/login.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.78.173.91 Frankfurt am Main, Germany, ASN202422 (GHOST, LU),
Reverse DNS
monguedeloras1.example.com
Software
nginx/1.22.0 / Express
Resource Hash
7b3535353f80916bf23ff60a3943400df50a51521b5b02c62a1bee3b88af8468

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://saison-cardpomd.com/WebPc/login.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 14:16:30 GMT
Last-Modified
Sat, 08 Oct 2022 09:21:23 GMT
Server
nginx/1.22.0
X-Powered-By
Express
ETag
W/"311-183b6e63514"
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
785
index.js
saison-cardpomd.com/auth/resources/js/
4 KB
4 KB
Script
General
Full URL
https://saison-cardpomd.com/auth/resources/js/index.js
Requested by
Host: saison-cardpomd.com
URL: https://saison-cardpomd.com/WebPc/login.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.78.173.91 Frankfurt am Main, Germany, ASN202422 (GHOST, LU),
Reverse DNS
monguedeloras1.example.com
Software
nginx/1.22.0 / Express
Resource Hash
5b8bcd4cf766ecc35793da7d709d6c6c50b4c7f39b3d5c21be40b8e8a4e3e099

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://saison-cardpomd.com/WebPc/login.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 14:16:30 GMT
Last-Modified
Sat, 08 Oct 2022 09:21:23 GMT
Server
nginx/1.22.0
X-Powered-By
Express
ETag
W/"f7e-183b6e63514"
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3966
basic.js
saison-cardpomd.com/auth/resources/js/
719 B
1 KB
Script
General
Full URL
https://saison-cardpomd.com/auth/resources/js/basic.js
Requested by
Host: saison-cardpomd.com
URL: https://saison-cardpomd.com/WebPc/login.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.78.173.91 Frankfurt am Main, Germany, ASN202422 (GHOST, LU),
Reverse DNS
monguedeloras1.example.com
Software
nginx/1.22.0 / Express
Resource Hash
51f036c4216fece62909954daae4dceaf188ab706e2ec07ae5cd1f36ea3324e8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://saison-cardpomd.com/WebPc/login.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 14:16:30 GMT
Last-Modified
Sat, 08 Oct 2022 09:21:23 GMT
Server
nginx/1.22.0
X-Powered-By
Express
ETag
W/"2cf-183b6e63514"
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
719
puzzleIsOn.js
saison-cardpomd.com/auth/resources/js/
1 KB
1 KB
Script
General
Full URL
https://saison-cardpomd.com/auth/resources/js/puzzleIsOn.js
Requested by
Host: saison-cardpomd.com
URL: https://saison-cardpomd.com/WebPc/login.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.78.173.91 Frankfurt am Main, Germany, ASN202422 (GHOST, LU),
Reverse DNS
monguedeloras1.example.com
Software
nginx/1.22.0 / Express
Resource Hash
e567781dc75b2dc51baa2beff1c1eb5dc6436921dfaa91e4cfb9aebd4219eaae

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://saison-cardpomd.com/WebPc/login.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 14:16:30 GMT
Last-Modified
Sat, 08 Oct 2022 09:21:23 GMT
Server
nginx/1.22.0
X-Powered-By
Express
ETag
W/"43d-183b6e63514"
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1085
addclear.js
saison-cardpomd.com/auth/resources/js/
4 KB
5 KB
Script
General
Full URL
https://saison-cardpomd.com/auth/resources/js/addclear.js
Requested by
Host: saison-cardpomd.com
URL: https://saison-cardpomd.com/WebPc/login.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.78.173.91 Frankfurt am Main, Germany, ASN202422 (GHOST, LU),
Reverse DNS
monguedeloras1.example.com
Software
nginx/1.22.0 / Express
Resource Hash
69ddb7ec05c6f4f3705888eb20acda2629d12e17ffbf7a9059f482437994afc9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://saison-cardpomd.com/WebPc/login.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 14:16:30 GMT
Last-Modified
Sat, 08 Oct 2022 09:21:23 GMT
Server
nginx/1.22.0
X-Powered-By
Express
ETag
W/"11b0-183b6e63514"
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4528
location.js
saison-cardpomd.com/auth/resources/js/
1 KB
2 KB
Script
General
Full URL
https://saison-cardpomd.com/auth/resources/js/location.js
Requested by
Host: saison-cardpomd.com
URL: https://saison-cardpomd.com/WebPc/login.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.78.173.91 Frankfurt am Main, Germany, ASN202422 (GHOST, LU),
Reverse DNS
monguedeloras1.example.com
Software
nginx/1.22.0 / Express
Resource Hash
dde34f801ba21cf1dbd58ef426063d88ad4fc7d3726f95ad7ebf002706eac40d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://saison-cardpomd.com/WebPc/login.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 14:16:30 GMT
Last-Modified
Sat, 08 Oct 2022 09:21:23 GMT
Server
nginx/1.22.0
X-Powered-By
Express
ETag
W/"5e2-183b6e63514"
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1506
togglePassword.js
saison-cardpomd.com/auth/resources/js/
360 B
688 B
Script
General
Full URL
https://saison-cardpomd.com/auth/resources/js/togglePassword.js
Requested by
Host: saison-cardpomd.com
URL: https://saison-cardpomd.com/WebPc/login.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.78.173.91 Frankfurt am Main, Germany, ASN202422 (GHOST, LU),
Reverse DNS
monguedeloras1.example.com
Software
nginx/1.22.0 / Express
Resource Hash
2775a40189c590e4506fa53547af5f10da1d104cd090cf6948bd65d79597363f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://saison-cardpomd.com/WebPc/login.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 14:16:30 GMT
Last-Modified
Sat, 08 Oct 2022 09:21:23 GMT
Server
nginx/1.22.0
X-Powered-By
Express
ETag
W/"168-183b6e63514"
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
360
t.js
spd-csna.securebrain.co.jp/js/
264 KB
265 KB
Script
General
Full URL
https://spd-csna.securebrain.co.jp/js/t.js?ccode=saison
Requested by
Host: saison-cardpomd.com
URL: https://saison-cardpomd.com/WebPc/login.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.192.208.39 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-192-208-39.ap-northeast-1.compute.amazonaws.com
Software
/
Resource Hash
29637c95c0090108057929e4126be5a9e63dda42876ce4fcb4f2318d2ab756cb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://saison-cardpomd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 14:16:30 GMT
x-content-type-options
nosniff
etag
W/"bb88a37983f5f5b5eb8490d9a19ebe01"
x-frame-options
ALLOWALL
access-control-allow-methods
GET, POST
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=3600
access-control-allow-headers
X-Requested-With, Content-Type, x-phishwall-guid, x-phishwall-client, x-phishwall-version
content-length
270711
icon_saison_01.png
saison-cardpomd.com/auth/resources/img/logo/
4 KB
4 KB
Image
General
Full URL
https://saison-cardpomd.com/auth/resources/img/logo/icon_saison_01.png
Requested by
Host: saison-cardpomd.com
URL: https://saison-cardpomd.com/WebPc/login.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.78.173.91 Frankfurt am Main, Germany, ASN202422 (GHOST, LU),
Reverse DNS
monguedeloras1.example.com
Software
nginx/1.22.0 / Express
Resource Hash
7829cd82e5b348bd82b5917ab6b4df98a0ca39a30a21d70735cf791e5e8b7bcf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://saison-cardpomd.com/WebPc/login.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 14:16:30 GMT
Last-Modified
Sat, 08 Oct 2022 09:21:23 GMT
Server
nginx/1.22.0
X-Powered-By
Express
ETag
W/"f53-183b6e63514"
Content-Type
image/png
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3923
key_ani.gif
saison-cardpomd.com/auth/resources/img/
177 KB
178 KB
Image
General
Full URL
https://saison-cardpomd.com/auth/resources/img/key_ani.gif
Requested by
Host: saison-cardpomd.com
URL: https://saison-cardpomd.com/WebPc/login.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.78.173.91 Frankfurt am Main, Germany, ASN202422 (GHOST, LU),
Reverse DNS
monguedeloras1.example.com
Software
nginx/1.22.0 / Express
Resource Hash
8fca1ac0be84adf4e4c152bd6db10305f9af5f7761a41a90cd1d55a18b892221

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://saison-cardpomd.com/WebPc/login.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 14:16:30 GMT
Last-Modified
Sat, 08 Oct 2022 09:21:23 GMT
Server
nginx/1.22.0
X-Powered-By
Express
ETag
W/"2c4e6-183b6e63514"
Content-Type
image/gif
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
181478
footer_img.png
saison-cardpomd.com/auth/resources/img/netanswer/
4 KB
4 KB
Image
General
Full URL
https://saison-cardpomd.com/auth/resources/img/netanswer/footer_img.png
Requested by
Host: saison-cardpomd.com
URL: https://saison-cardpomd.com/WebPc/login.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.78.173.91 Frankfurt am Main, Germany, ASN202422 (GHOST, LU),
Reverse DNS
monguedeloras1.example.com
Software
nginx/1.22.0 / Express
Resource Hash
046dae1710bdf2c2a11b49acadad79bafc11b086ed2d79e3c1647f129a8b8ddd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://saison-cardpomd.com/WebPc/login.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 14:16:30 GMT
Last-Modified
Sat, 08 Oct 2022 09:21:23 GMT
Server
nginx/1.22.0
X-Powered-By
Express
ETag
W/"e01-183b6e63514"
Content-Type
image/png
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3585
eye.png
saison-cardpomd.com/auth/resources/img/
14 KB
14 KB
Image
General
Full URL
https://saison-cardpomd.com/auth/resources/img/eye.png
Requested by
Host: saison-cardpomd.com
URL: https://saison-cardpomd.com/auth/resources/css/index.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.78.173.91 Frankfurt am Main, Germany, ASN202422 (GHOST, LU),
Reverse DNS
monguedeloras1.example.com
Software
nginx/1.22.0 / Express
Resource Hash
da0e225d66db0a3ebf1aa9d3ba389955f3f220836f577830c6d9f12e0f9f2a4c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://saison-cardpomd.com/auth/resources/css/index.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 14:16:30 GMT
Last-Modified
Sat, 08 Oct 2022 09:21:23 GMT
Server
nginx/1.22.0
X-Powered-By
Express
ETag
W/"37d4-183b6e63510"
Content-Type
image/png
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
14292
icon01.gif
saison-cardpomd.com/auth/resources/img/
2 KB
2 KB
Image
General
Full URL
https://saison-cardpomd.com/auth/resources/img/icon01.gif
Requested by
Host: saison-cardpomd.com
URL: https://saison-cardpomd.com/auth/resources/css/index.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.78.173.91 Frankfurt am Main, Germany, ASN202422 (GHOST, LU),
Reverse DNS
monguedeloras1.example.com
Software
nginx/1.22.0 / Express
Resource Hash
b5396b96d122928321773117aad160b5c7e0806334fc1477479123cd4a66683e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://saison-cardpomd.com/auth/resources/css/index.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 14:16:30 GMT
Last-Modified
Sat, 08 Oct 2022 09:21:23 GMT
Server
nginx/1.22.0
X-Powered-By
Express
ETag
W/"6ae-183b6e63510"
Content-Type
image/gif
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1710
ie8_btnBG2.png
saison-cardpomd.com/auth/resources/img/
3 KB
3 KB
Image
General
Full URL
https://saison-cardpomd.com/auth/resources/img/ie8_btnBG2.png
Requested by
Host: saison-cardpomd.com
URL: https://saison-cardpomd.com/auth/resources/css/index.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.78.173.91 Frankfurt am Main, Germany, ASN202422 (GHOST, LU),
Reverse DNS
monguedeloras1.example.com
Software
nginx/1.22.0 / Express
Resource Hash
1ed19ea7ee0a908c19890a25bf56f01efe45d145f87e8f7f6964a79b8bbcec0b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://saison-cardpomd.com/auth/resources/css/index.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 14:16:30 GMT
Last-Modified
Sat, 08 Oct 2022 09:21:23 GMT
Server
nginx/1.22.0
X-Powered-By
Express
ETag
W/"a2f-183b6e63510"
Content-Type
image/png
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2607
ie8_btnBG.png
saison-cardpomd.com/auth/resources/img/
4 KB
5 KB
Image
General
Full URL
https://saison-cardpomd.com/auth/resources/img/ie8_btnBG.png
Requested by
Host: saison-cardpomd.com
URL: https://saison-cardpomd.com/auth/resources/css/index.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.78.173.91 Frankfurt am Main, Germany, ASN202422 (GHOST, LU),
Reverse DNS
monguedeloras1.example.com
Software
nginx/1.22.0 / Express
Resource Hash
b0f628c4204263d06e5a028c3f2df7a264df11d2766f7dfc50fe786bebda6df8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://saison-cardpomd.com/auth/resources/css/index.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 14:16:30 GMT
Last-Modified
Sat, 08 Oct 2022 09:21:23 GMT
Server
nginx/1.22.0
X-Powered-By
Express
ETag
W/"114d-183b6e63510"
Content-Type
image/png
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4429

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UC Card (Financial)

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| Zepto function| $ function| getQueryString function| jQuery object| Fourdigit function| form_submit function| isEnter function| isEnter_shop object| AuthInfo object| createIframe function| doIframe function| setHeight function| addEvent object| INDEX function| addTechnology function| deleteAutoComplete function| reload function| transition object| BASIC function| clickInit function| alreadyClicked function| alreadyClickedEx function| isRevokeAuthz function| invalidEnterKey function| locations

1 Cookies

Domain/Path Name / Value
saison-cardpomd.com/ Name: mercar:sid
Value: s%3Ab914f944-5bee-43d6-aaa0-6a7b582f666d.twO%2BAM9YRM16F3O6iFExasW%2BLqnUX2oCZnEZe4x6Ndc

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
saison-cardpomd.com
spd-csna.securebrain.co.jp
202.78.173.91
2606:4700::6811:190e
52.192.208.39
046dae1710bdf2c2a11b49acadad79bafc11b086ed2d79e3c1647f129a8b8ddd
16c72cfeb6471cca4fe9bd270035edc31b9bd06c8bfe847e92162dc79ed06971
1ed19ea7ee0a908c19890a25bf56f01efe45d145f87e8f7f6964a79b8bbcec0b
2775a40189c590e4506fa53547af5f10da1d104cd090cf6948bd65d79597363f
29637c95c0090108057929e4126be5a9e63dda42876ce4fcb4f2318d2ab756cb
2f94d7639ccd0a0e0aea9bc3b2b88ba1f3af4f15e2197ae7edceb731e0d5e62e
45967261719a12a56e2b520c3886881823b416bfbce7f78f292f940d868ed269
50eaa1f9f4aab467f620a6ac31a3d2b8e534747f3fc1ceb53efd361f55ddc190
51f036c4216fece62909954daae4dceaf188ab706e2ec07ae5cd1f36ea3324e8
5b8bcd4cf766ecc35793da7d709d6c6c50b4c7f39b3d5c21be40b8e8a4e3e099
69ddb7ec05c6f4f3705888eb20acda2629d12e17ffbf7a9059f482437994afc9
766b9361bba45e02ec03d15b3e2ab80e70525570decb1473dfd6ab8ec49506fe
7829cd82e5b348bd82b5917ab6b4df98a0ca39a30a21d70735cf791e5e8b7bcf
799dca5eb648be5b4e32186032be076689c9b47f6399f16c8fb8df475cf1f45f
7b3535353f80916bf23ff60a3943400df50a51521b5b02c62a1bee3b88af8468
8fca1ac0be84adf4e4c152bd6db10305f9af5f7761a41a90cd1d55a18b892221
b0f628c4204263d06e5a028c3f2df7a264df11d2766f7dfc50fe786bebda6df8
b5396b96d122928321773117aad160b5c7e0806334fc1477479123cd4a66683e
b857ab2c80857c0c65ec7904ecefc9d8e9f0d8a0ddb6cf96eb277d1ed88ea2f9
beb9f5e32ed61fbce010497242a9b6b8219242b5ffc636038e7891510c773725
da0e225d66db0a3ebf1aa9d3ba389955f3f220836f577830c6d9f12e0f9f2a4c
dde34f801ba21cf1dbd58ef426063d88ad4fc7d3726f95ad7ebf002706eac40d
e155ba0226f162d0182589e43b857a0439b7179587a27a17369db47ee8daa0f6
e567781dc75b2dc51baa2beff1c1eb5dc6436921dfaa91e4cfb9aebd4219eaae
f5d6d2278f1f50c975af5bd71372a861c61eca5a5254172205ad48bbb5a7c19c
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e