my.ts3card.com.webapp.totp01020101action.do.lvlver.com Open in urlscan Pro
107.6.255.118 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://my.ts3card.com.webapp.totp01020101action.do.lvlver.com/
Effective URL:
https://my.ts3card.com.webapp.totp01020101action.do.lvlver.com/client/login.php
Submission: On July 04 via automatic, source openphish (July 4th 2022, 1:13:26 pm UTC) — Scanned from DE

Summary HTTP 13 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 13 HTTP transactions. The main IP is 107.6.255.118, located in United States and belongs to VPLS-GLOBAL, US. The main domain is my.ts3card.com.webapp.totp01020101action.do.lvlver.com.
TLS certificate: Issued by R3 on July 3rd 2022. Valid for: 3 months.

This is the only time my.ts3card.com.webapp.totp01020101action.do.lvlver.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: TS Cubic Card (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1 2	107.6.255.118 107.6.255.118	4213 (VPLS-GLOBAL) (VPLS-GLOBAL)
6 18	2a02:26f0:710... 2a02:26f0:7100:593::1c5d	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
13	2

2 107.6.255.118 (United States) 1 redirects

ASN4213 (VPLS-GLOBAL, US)

my.ts3card.com.webapp.totp01020101action.do.lvlver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a02:26f0:7100:593::1c5d (Frankfurt am Main, Germany) 6 redirects

ASN20940 (AKAMAI-ASN1, NL)

my.ts3card.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	ts3card.com 6 redirects my.ts3card.com	32 KB
2	lvlver.com 1 redirects my.ts3card.com.webapp.totp01020101action.do.lvlver.com	3 KB
13	2

	Domain	Requested by
18	my.ts3card.com	6 redirects my.ts3card.com.webapp.totp01020101action.do.lvlver.com my.ts3card.com
2	my.ts3card.com.webapp.totp01020101action.do.lvlver.com	1 redirects
13	2

This site contains links to these domains. Also see Links.

Domain
tscubic.com
faq.toyota-finance.co.jp
www8.ts3card.com

Subject Issuer	Validity	Valid
my.ts3card.com.webapp.totp01020101action.do.lvlver.com R3	`2022-07-03` - `2022-10-01`	3 months	crt.sh
my.ts3card.com DigiCert SHA2 Extended Validation Server CA	`2022-05-29` - `2023-06-29`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://my.ts3card.com.webapp.totp01020101action.do.lvlver.com/client/login.php
Frame ID: DA7E379BA165A0A236FB792EBCACC02C
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

MY TS3ログイン｜TS CUBIC カード

Page URL History Show full URLs

https://my.ts3card.com.webapp.totp01020101action.do.lvlver.com/ HTTP 302
https://my.ts3card.com.webapp.totp01020101action.do.lvlver.com/client/login.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

13
Requests

54 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

33 kB
Transfer

112 kB
Size

1
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://tscubic.com/
Title: TS CUBIC CARD|ティーエスキュービック

Search URL Search Domain Scan URL

URL: https://tscubic.com/support/guide-card/common/login-first/
Title: MYTS 3 とは

Search URL Search Domain Scan URL

URL: https://faq.toyota-finance.co.jp/category/show/59
Title: ログインに関するよくあるご質問

Search URL Search Domain Scan URL

URL: https://www8.ts3card.com/top/login_qa_sp.html
Title: Webでのお問い合わせ

Search URL Search Domain Scan URL

URL: https://tscubic.com/file/pdf/phishing_mail.pdf
Title: フィッシング(詐欺)メールが送られてくる場合があります

Search URL Search Domain Scan URL

URL: https://tscubic.com/support/guide-card/common/attention-trouble/
Title: クレジットカードの盗難が頻発しています

Search URL Search Domain Scan URL

URL: https://www8.ts3card.com/mem/authentication.html
Title: オンラインショッピング認証サービスとは

Search URL Search Domain Scan URL

URL: https://tscubic.com/lineup/
Title: カードをお持ちでない方

Search URL Search Domain Scan URL

URL: https://tscubic.com/support/guide-card/common/trouble-lost/
Title: カードの紛失・盗難

Search URL Search Domain Scan URL

URL: https://tscubic.com/support/
Title: お客さまサポート

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://my.ts3card.com.webapp.totp01020101action.do.lvlver.com/ HTTP 302
https://my.ts3card.com.webapp.totp01020101action.do.lvlver.com/client/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://my.ts3card.com/css/css_first/reset.css HTTP 302
https://my.ts3card.com/webapp/css/css_first/reset.css

Request Chain 1

https://my.ts3card.com/css/css_first/common.css HTTP 302
https://my.ts3card.com/webapp/css/css_first/common.css

Request Chain 2

https://my.ts3card.com/css/css_first/common_sp.css HTTP 302
https://my.ts3card.com/webapp/css/css_first/common_sp.css

Request Chain 3

https://my.ts3card.com/css/login/login_mem.css HTTP 302
https://my.ts3card.com/webapp/css/login/login_mem.css

Request Chain 4

https://my.ts3card.com/css/login-id.css HTTP 302
https://my.ts3card.com/webapp/css/login-id.css

Request Chain 6

https://my.ts3card.com/imgpartsmy/common/logo_myts3.gif HTTP 302
https://my.ts3card.com/webapp/imgpartsmy/common/logo_myts3.gif

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request login.php Show response
my.ts3card.com.webapp.totp01020101action.do.lvlver.com/client/
Redirect Chain

https://my.ts3card.com.webapp.totp01020101action.do.lvlver.com/
https://my.ts3card.com.webapp.totp01020101action.do.lvlver.com/client/login.php

10 KB
3 KB

482ms
482ms

Document
text/html

107.6.255.118
VPLS-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL: https://my.ts3card.com.webapp.totp01020101action.do.lvlver.com/client/login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 107.6.255.118 , United States, ASN4213 (VPLS-GLOBAL, US),
Reverse DNS
Software: Apache /
Resource Hash: e83c1b1a197d7e80893ea7bb44e95e9a59d198df00a108dc51a1d70c958db77b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding: gzip
content-length: 2698
content-type: text/html;charset=utf-8
date: Mon, 04 Jul 2022 13:13:16 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: Apache
vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding: gzip
content-length: 23
content-type: text/html;charset=utf-8
date: Mon, 04 Jul 2022 13:13:16 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: ./client/login.php
pragma: no-cache
server: Apache
vary: Accept-Encoding

GET
H/1.1

200
OK

reset.css
my.ts3card.com/webapp/css/css_first/
Redirect Chain

https://my.ts3card.com/css/css_first/reset.css
https://my.ts3card.com/webapp/css/css_first/reset.css

1 KB
919 B

790ms
790ms

Stylesheet
text/css

2a02:26f0:7100:593::1c5d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://my.ts3card.com/webapp/css/css_first/reset.css

Requested by

Host: my.ts3card.com.webapp.totp01020101action.do.lvlver.com
URL: https://my.ts3card.com.webapp.totp01020101action.do.lvlver.com/client/login.php

Protocol

HTTP/1.1

Server

2a02:26f0:7100:593::1c5d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b5dcc5dda19322f9449ad345ae1cac67be3ac0d66d51f38d4d71105494949b1e

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://my.ts3card.com.webapp.totp01020101action.do.lvlver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Mon, 04 Jul 2022 13:13:19 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Fri, 14 Apr 2017 00:07:22 GMT
X-Frame-Options: SAMEORIGIN
Content-Language: ja
Connection: keep-alive
Content-Type: text/css;charset=Shift_JIS
Content-Length: 632

Redirect headers

Location: https://my.ts3card.com/webapp/css/css_first/reset.css
Date: Mon, 04 Jul 2022 13:13:19 GMT
Connection: keep-alive
Content-Length: 237
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1

200
OK

common.css
my.ts3card.com/webapp/css/css_first/
Redirect Chain

https://my.ts3card.com/css/css_first/common.css
https://my.ts3card.com/webapp/css/css_first/common.css

30 KB
5 KB

1590ms
1590ms

Stylesheet
text/css

2a02:26f0:7100:593::1c5d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://my.ts3card.com/webapp/css/css_first/common.css

Requested by

Host: my.ts3card.com.webapp.totp01020101action.do.lvlver.com
URL: https://my.ts3card.com.webapp.totp01020101action.do.lvlver.com/client/login.php

Protocol

HTTP/1.1

Server

2a02:26f0:7100:593::1c5d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

89d832e359c1492e29707832ac058a2de59c185c13342820a2ce4a54d396d579

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://my.ts3card.com.webapp.totp01020101action.do.lvlver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Mon, 04 Jul 2022 13:13:20 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Fri, 12 Jun 2020 01:00:56 GMT
X-Frame-Options: SAMEORIGIN
Content-Language: ja
Connection: keep-alive
Content-Type: text/css;charset=Shift_JIS
Content-Length: 4757

Redirect headers

Location: https://my.ts3card.com/webapp/css/css_first/common.css
Date: Mon, 04 Jul 2022 13:13:19 GMT
Connection: keep-alive
Content-Length: 238
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1

200
OK

common_sp.css
my.ts3card.com/webapp/css/css_first/
Redirect Chain

https://my.ts3card.com/css/css_first/common_sp.css
https://my.ts3card.com/webapp/css/css_first/common_sp.css

37 KB
7 KB

1597ms
1597ms

Stylesheet
text/css

2a02:26f0:7100:593::1c5d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://my.ts3card.com/webapp/css/css_first/common_sp.css

Requested by

Host: my.ts3card.com.webapp.totp01020101action.do.lvlver.com
URL: https://my.ts3card.com.webapp.totp01020101action.do.lvlver.com/client/login.php

Protocol

HTTP/1.1

Server

2a02:26f0:7100:593::1c5d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

bef94a62e9886f30e3cee71fd13ea34b922560973607209560800e3be26eabbd

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://my.ts3card.com.webapp.totp01020101action.do.lvlver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Mon, 04 Jul 2022 13:13:20 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Fri, 13 Nov 2020 01:14:28 GMT
X-Frame-Options: SAMEORIGIN
Content-Language: ja
Connection: keep-alive
Content-Type: text/css;charset=Shift_JIS
Content-Length: 7144

Redirect headers

Location: https://my.ts3card.com/webapp/css/css_first/common_sp.css
Date: Mon, 04 Jul 2022 13:13:19 GMT
X-N: S
Connection: keep-alive
Content-Length: 241
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1

200
OK

login_mem.css
my.ts3card.com/webapp/css/login/
Redirect Chain

https://my.ts3card.com/css/login/login_mem.css
https://my.ts3card.com/webapp/css/login/login_mem.css

6 KB
2 KB

1042ms
1042ms

Stylesheet
text/css

2a02:26f0:7100:593::1c5d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://my.ts3card.com/webapp/css/login/login_mem.css

Requested by

Host: my.ts3card.com.webapp.totp01020101action.do.lvlver.com
URL: https://my.ts3card.com.webapp.totp01020101action.do.lvlver.com/client/login.php

Protocol

HTTP/1.1

Server

2a02:26f0:7100:593::1c5d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

358eb55e8d2f39f43a84b30a9ca8c91aeb44de74e08186a9d7f1ab81a5d115c8

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://my.ts3card.com.webapp.totp01020101action.do.lvlver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Mon, 04 Jul 2022 13:13:20 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Thu, 21 Apr 2022 00:44:46 GMT
X-Frame-Options: SAMEORIGIN
Content-Language: de-DE
Connection: keep-alive
Content-Type: text/css;charset=ISO-8859-1
Content-Length: 1481

Redirect headers

Location: https://my.ts3card.com/webapp/css/login/login_mem.css
Date: Mon, 04 Jul 2022 13:13:19 GMT
Connection: keep-alive
Content-Length: 237
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1

200
OK

https://my.ts3card.com/css/login-id.css
https://my.ts3card.com/webapp/css/login-id.css

17 KB
4 KB

1304ms
1303ms

Stylesheet
text/css

2a02:26f0:7100:593::1c5d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://my.ts3card.com/webapp/css/login-id.css

Requested by

Host: my.ts3card.com.webapp.totp01020101action.do.lvlver.com
URL: https://my.ts3card.com.webapp.totp01020101action.do.lvlver.com/client/login.php

Protocol

HTTP/1.1

Server

2a02:26f0:7100:593::1c5d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f26725948014505bb059268748d439b11ad456ddafae361ae8040e114d3d0335

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://my.ts3card.com.webapp.totp01020101action.do.lvlver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Mon, 04 Jul 2022 13:13:20 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Thu, 28 Jul 2016 00:13:28 GMT
X-Frame-Options: SAMEORIGIN
Content-Language: ja-JP
Connection: keep-alive
Content-Type: text/css;charset=Shift_JIS
Content-Length: 3336

Redirect headers

Location: https://my.ts3card.com/webapp/css/login-id.css
Date: Mon, 04 Jul 2022 13:13:19 GMT
Connection: keep-alive
Content-Length: 230
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK ei.css
my.ts3card.com/webapp/styles/ 0
238 B 1815ms
1238ms Stylesheet
text/css 2a02:26f0:7100:593::1c5d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://my.ts3card.com/webapp/styles/ei.css

Requested by

Host: my.ts3card.com.webapp.totp01020101action.do.lvlver.com
URL: https://my.ts3card.com.webapp.totp01020101action.do.lvlver.com/client/login.php

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_CBC

Server

2a02:26f0:7100:593::1c5d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://my.ts3card.com.webapp.totp01020101action.do.lvlver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Mon, 04 Jul 2022 13:13:19 GMT
Last-Modified: Fri, 14 Apr 2017 00:07:24 GMT
Connection: keep-alive
Content-Type: text/css;charset=Shift_JIS
Content-Length: 0
X-Frame-Options: SAMEORIGIN
Content-Language: ja

GET
H/1.1

200
OK

logo_myts3.gif
my.ts3card.com/webapp/imgpartsmy/common/
Redirect Chain

https://my.ts3card.com/imgpartsmy/common/logo_myts3.gif
https://my.ts3card.com/webapp/imgpartsmy/common/logo_myts3.gif

1 KB
2 KB

271ms
271ms

Image
image/gif

2a02:26f0:7100:593::1c5d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://my.ts3card.com/webapp/imgpartsmy/common/logo_myts3.gif

Requested by

Host: my.ts3card.com.webapp.totp01020101action.do.lvlver.com
URL: https://my.ts3card.com.webapp.totp01020101action.do.lvlver.com/client/login.php

Protocol

HTTP/1.1

Server

2a02:26f0:7100:593::1c5d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

4b636eb7f96462dc9b2066c2ee710e2a10b6fe7de1273dba5112fe8586c33645

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://my.ts3card.com.webapp.totp01020101action.do.lvlver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Mon, 04 Jul 2022 13:13:20 GMT
Last-Modified: Thu, 03 Dec 2015 01:04:52 GMT
Connection: keep-alive
Content-Type: image/gif;charset=Shift_JIS
Content-Length: 1330
X-Frame-Options: SAMEORIGIN
Content-Language: ja

Redirect headers

Location: https://my.ts3card.com/webapp/imgpartsmy/common/logo_myts3.gif
Date: Mon, 04 Jul 2022 13:13:19 GMT
Connection: keep-alive
Content-Length: 246
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK bg_body.png
my.ts3card.com/webapp/login/img_first/ 3 KB
3 KB 277ms
276ms Image
image/png 2a02:26f0:7100:593::1c5d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://my.ts3card.com/webapp/login/img_first/bg_body.png

Requested by

Host: my.ts3card.com
URL: https://my.ts3card.com/webapp/css/css_first/common_sp.css

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_CBC

Server

2a02:26f0:7100:593::1c5d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

177dec8ce5b7ad523ad58580b7f59af95abb605c8182cd54f777c71866e019d4

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://my.ts3card.com/webapp/css/css_first/common_sp.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Mon, 04 Jul 2022 13:13:20 GMT
Last-Modified: Fri, 14 Apr 2017 00:07:24 GMT
Connection: keep-alive
Content-Type: image/png;charset=Shift_JIS
Content-Length: 2797
X-Frame-Options: SAMEORIGIN
Content-Language: ja

GET
H/1.1 200
OK bg_header.gif
my.ts3card.com/webapp/login/img_first/ 3 KB
3 KB 277ms
276ms Image
image/gif 2a02:26f0:7100:593::1c5d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://my.ts3card.com/webapp/login/img_first/bg_header.gif

Requested by

Host: my.ts3card.com
URL: https://my.ts3card.com/webapp/css/css_first/common.css

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_CBC

Server

2a02:26f0:7100:593::1c5d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

a7a0d73aa10ca16a64cb0ef454242715a94fb466dd5c2e7bba7ebe5904cd8c13

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://my.ts3card.com/webapp/css/css_first/common.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Mon, 04 Jul 2022 13:13:20 GMT
Last-Modified: Tue, 05 Apr 2022 09:37:28 GMT
Connection: keep-alive
Content-Type: image/gif;charset=Shift_JIS
Content-Length: 2909
X-Frame-Options: SAMEORIGIN
Content-Language: ja

GET
H/1.1 200
OK arrow01.gif
my.ts3card.com/webapp/img/common/ 52 B
292 B 274ms
274ms Image
image/gif 2a02:26f0:7100:593::1c5d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://my.ts3card.com/webapp/img/common/arrow01.gif

Requested by

Host: my.ts3card.com
URL: https://my.ts3card.com/webapp/css/login/login_mem.css

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_CBC

Server

2a02:26f0:7100:593::1c5d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

dea3cc84a13fdf27603e75b2550377d88ceca2291d20141b64fe093150ec2b2d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://my.ts3card.com/webapp/css/login/login_mem.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Mon, 04 Jul 2022 13:13:20 GMT
Last-Modified: Thu, 02 Aug 2012 09:11:04 GMT
Connection: keep-alive
Content-Type: image/gif;charset=Shift_JIS
Content-Length: 52
X-Frame-Options: SAMEORIGIN
Content-Language: ja

GET
H/1.1 200
OK ico_blank_login.png
my.ts3card.com/webapp/imgpartsmy/ 273 B
514 B 280ms
279ms Image
image/png 2a02:26f0:7100:593::1c5d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://my.ts3card.com/webapp/imgpartsmy/ico_blank_login.png

Requested by

Host: my.ts3card.com
URL: https://my.ts3card.com/webapp/css/login/login_mem.css

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_CBC

Server

2a02:26f0:7100:593::1c5d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

94fd5f15b2378cec483518b5fe927e34e3eede66237518377cea50582e5fa28d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://my.ts3card.com/webapp/css/login/login_mem.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Mon, 04 Jul 2022 13:13:20 GMT
Last-Modified: Tue, 05 Apr 2022 09:37:28 GMT
Connection: keep-alive
Content-Type: image/png;charset=Shift_JIS
Content-Length: 273
X-Frame-Options: SAMEORIGIN
Content-Language: ja

GET
H/1.1 200
OK sp_btn_totop.png
my.ts3card.com/webapp/login/img_first/ 3 KB
3 KB 273ms
273ms Image
image/png 2a02:26f0:7100:593::1c5d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://my.ts3card.com/webapp/login/img_first/sp_btn_totop.png

Requested by

Host: my.ts3card.com
URL: https://my.ts3card.com/webapp/css/css_first/common_sp.css

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_CBC

Server

2a02:26f0:7100:593::1c5d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

104b34148a87db4fe2d07a8700632fa2eb7427405e7d324ae16d2af9d002c257

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://my.ts3card.com/webapp/css/css_first/common_sp.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Mon, 04 Jul 2022 13:13:20 GMT
Last-Modified: Fri, 14 Apr 2017 00:07:24 GMT
Connection: keep-alive
Content-Type: image/png;charset=Shift_JIS
Content-Length: 2939
X-Frame-Options: SAMEORIGIN
Content-Language: ja

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: TS Cubic Card (Financial)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			my.ts3card.com.webapp.totp01020101action.do.lvlver.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: np04gfjc5pdu5m95rgv8khg5e0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

my.ts3card.com
my.ts3card.com.webapp.totp01020101action.do.lvlver.com
107.6.255.118
2a02:26f0:7100:593::1c5d
104b34148a87db4fe2d07a8700632fa2eb7427405e7d324ae16d2af9d002c257
177dec8ce5b7ad523ad58580b7f59af95abb605c8182cd54f777c71866e019d4
358eb55e8d2f39f43a84b30a9ca8c91aeb44de74e08186a9d7f1ab81a5d115c8
4b636eb7f96462dc9b2066c2ee710e2a10b6fe7de1273dba5112fe8586c33645
89d832e359c1492e29707832ac058a2de59c185c13342820a2ce4a54d396d579
94fd5f15b2378cec483518b5fe927e34e3eede66237518377cea50582e5fa28d
a7a0d73aa10ca16a64cb0ef454242715a94fb466dd5c2e7bba7ebe5904cd8c13
b5dcc5dda19322f9449ad345ae1cac67be3ac0d66d51f38d4d71105494949b1e
bef94a62e9886f30e3cee71fd13ea34b922560973607209560800e3be26eabbd
dea3cc84a13fdf27603e75b2550377d88ceca2291d20141b64fe093150ec2b2d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e83c1b1a197d7e80893ea7bb44e95e9a59d198df00a108dc51a1d70c958db77b
f26725948014505bb059268748d439b11ad456ddafae361ae8040e114d3d0335

my.ts3card.com.webapp.totp01020101action.do.lvlver.com Open in urlscan Pro 107.6.255.118 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

54 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

33 kBTransfer

112 kBSize

1 Cookies

10 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

1 Cookies

Indicators

my.ts3card.com.webapp.totp01020101action.do.lvlver.com Open in urlscan Pro
107.6.255.118 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

54 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

33 kB
Transfer

112 kB
Size

1
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!