urlscan.io logo urlscan.io
SecurityTrails logo

api.saisoncard.co.jp.beidouhulian.com Open in urlscan Pro
34.150.86.179  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://api.saisoncard.co.jp.beidouhulian.com/
Effective URL: https://api.saisoncard.co.jp.beidouhulian.com/login.php
Submission Tags: #phishing @kesagatame0 Search All
Submission: On August 09 via api from FI — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 9 HTTP transactions. The main IP is 34.150.86.179, located in Central, Hong Kong and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is api.saisoncard.co.jp.beidouhulian.com.
TLS certificate: Issued by R3 on August 8th 2022. Valid for: 3 months.
This is the only time api.saisoncard.co.jp.beidouhulian.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Saison Card (Financial)

Domain & IP information

IP Address AS Autonomous System
6 34.150.86.179 396982 (GOOGLE-CL...)
1 34.92.175.0 396982 (GOOGLE-CL...)
2 45.60.48.171 19551 (INCAPSULA)
9 4
Domain Requested by
6 api.saisoncard.co.jp.beidouhulian.com api.saisoncard.co.jp.beidouhulian.com
2 netanswerplus.saisoncard.co.jp api.saisoncard.co.jp.beidouhulian.com
1 www.aini1314.shop api.saisoncard.co.jp.beidouhulian.com
9 3

This site contains links to these domains. Also see Links.

Domain
netanswerplus.saisoncard.co.jp
www.saisoncard.co.jp
api.saisoncard.co.jp
Subject Issuer Validity Valid
api.saisoncard.co.jp.beidouhulian.com
R3		 2022-08-08 -
2022-11-06		 3 months crt.sh
www.aini1314.shop
R3		 2022-08-08 -
2022-11-06		 3 months crt.sh
netanswerplus.saisoncard.co.jp
Cybertrust Japan SureServer EV CA G3		 2021-12-02 -
2022-12-31		 a year crt.sh

This page contains 1 frames:

Primary Page: https://api.saisoncard.co.jp.beidouhulian.com/login.php
Frame ID: D0A734BDFA185E103F270B8C2758992D
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

SAISON CARD Netアンサー

Page URL History Show full URLs

  1. https://api.saisoncard.co.jp.beidouhulian.com/ Page URL
  2. https://api.saisoncard.co.jp.beidouhulian.com/login.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

152 kB
Transfer

280 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://api.saisoncard.co.jp.beidouhulian.com/ Page URL
  2. https://api.saisoncard.co.jp.beidouhulian.com/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
api.saisoncard.co.jp.beidouhulian.com/ 		1015 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://api.saisoncard.co.jp.beidouhulian.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.150.86.179 Central, Hong Kong, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
179.86.150.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
532f23e202cfa6617155bee2f11cff2c8989ab759c0616e8e15ed99fb0b7d3a9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

accept-ranges
bytes
content-length
1015
content-type
text/html
date
Tue, 09 Aug 2022 00:53:03 GMT
etag
"6239f2b4-3f7"
last-modified
Tue, 22 Mar 2022 16:00:52 GMT
server
nginx
strict-transport-security
max-age=31536000
axios.min.js
api.saisoncard.co.jp.beidouhulian.com/js/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.saisoncard.co.jp.beidouhulian.com/js/axios.min.js
Requested by
Host: api.saisoncard.co.jp.beidouhulian.com
URL: https://api.saisoncard.co.jp.beidouhulian.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.150.86.179 Central, Hong Kong, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
179.86.150.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
aed6ac78b8249a9c7cff0030f3b921ee9f771cb1684164f3e679e1023a4d5c69
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://api.saisoncard.co.jp.beidouhulian.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Tue, 09 Aug 2022 00:53:03 GMT
content-encoding
gzip
last-modified
Sun, 06 Mar 2022 23:56:02 GMT
server
nginx
etag
W/"62254a12-45b3"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=43200
strict-transport-security
max-age=31536000
expires
Tue, 09 Aug 2022 12:53:03 GMT
jump.php
www.aini1314.shop/api/ 		5 B
356 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.aini1314.shop/api/jump.php
Requested by
Host: api.saisoncard.co.jp.beidouhulian.com
URL: https://api.saisoncard.co.jp.beidouhulian.com/js/axios.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.92.175.0 Central, Hong Kong, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
0.175.92.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
application/json, text/plain, */*
Referer
https://api.saisoncard.co.jp.beidouhulian.com/
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 09 Aug 2022 00:53:04 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
access-control-allow-methods
*
content-type
text/html;charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate
access-control-allow-credentials
true
strict-transport-security
max-age=31536000
expires
Thu, 19 Nov 1981 08:52:00 GMT
Primary Request login.php
api.saisoncard.co.jp.beidouhulian.com/ 		77 KB
41 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://api.saisoncard.co.jp.beidouhulian.com/login.php
Requested by
Host: api.saisoncard.co.jp.beidouhulian.com
URL: https://api.saisoncard.co.jp.beidouhulian.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.150.86.179 Central, Hong Kong, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
179.86.150.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
07fbe26a38268120fd039587285b62eebc4faaf367f9b38c8bb90aee5773feed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://api.saisoncard.co.jp.beidouhulian.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Tue, 09 Aug 2022 00:53:04 GMT
server
nginx
strict-transport-security
max-age=31536000
vary
Accept-Encoding
login.css
api.saisoncard.co.jp.beidouhulian.com/css/ 		2 KB
973 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://api.saisoncard.co.jp.beidouhulian.com/css/login.css
Requested by
Host: api.saisoncard.co.jp.beidouhulian.com
URL: https://api.saisoncard.co.jp.beidouhulian.com/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.150.86.179 Central, Hong Kong, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
179.86.150.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
fc1b023aca450050e2d38f958c49e02865c77fa36d96416408018b452f5e6305
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://api.saisoncard.co.jp.beidouhulian.com/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Tue, 09 Aug 2022 00:53:05 GMT
content-encoding
gzip
last-modified
Tue, 22 Mar 2022 16:04:12 GMT
server
nginx
etag
W/"6239f37c-683"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=43200
strict-transport-security
max-age=31536000
expires
Tue, 09 Aug 2022 12:53:05 GMT
jq.js
api.saisoncard.co.jp.beidouhulian.com/js/ 		87 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.saisoncard.co.jp.beidouhulian.com/js/jq.js
Requested by
Host: api.saisoncard.co.jp.beidouhulian.com
URL: https://api.saisoncard.co.jp.beidouhulian.com/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.150.86.179 Central, Hong Kong, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
179.86.150.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://api.saisoncard.co.jp.beidouhulian.com/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Tue, 09 Aug 2022 00:53:05 GMT
content-encoding
gzip
last-modified
Mon, 07 Mar 2022 19:08:28 GMT
server
nginx
etag
W/"6226582c-15d9d"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=43200
strict-transport-security
max-age=31536000
expires
Tue, 09 Aug 2022 12:53:05 GMT
2202_login_520_230.jpg
netanswerplus.saisoncard.co.jp/WebPc/pages/images/person/login/images/ 		27 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://netanswerplus.saisoncard.co.jp/WebPc/pages/images/person/login/images/2202_login_520_230.jpg
Requested by
Host: api.saisoncard.co.jp.beidouhulian.com
URL: https://api.saisoncard.co.jp.beidouhulian.com/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.48.171 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Apache /
Resource Hash
a485d61bbecaf28799bc489e555e816b61205600d282ac15f2eeb65ff6ee12f9

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://api.saisoncard.co.jp.beidouhulian.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Tue, 09 Aug 2022 00:53:05 GMT
last-modified
Fri, 18 Feb 2022 07:20:50 GMT
server
Apache
etag
"6ada"
content-type
image/jpeg
access-control-allow-origin
https://api.saisoncard.co.jp
x-iinfo
13-5372647-5369106 PNNN RT(1660006384282 12) q(0 0 0 -1) r(0 0) U5
x-cnection
close
accept-ranges
bytes
content-length
27354
x-cdn
Imperva
CSSP_login_320-100_D.jpg
netanswerplus.saisoncard.co.jp/WebPc/pages/images/person/login/images/ 		40 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://netanswerplus.saisoncard.co.jp/WebPc/pages/images/person/login/images/CSSP_login_320-100_D.jpg
Requested by
Host: api.saisoncard.co.jp.beidouhulian.com
URL: https://api.saisoncard.co.jp.beidouhulian.com/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.48.171 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Apache /
Resource Hash
98846dcf5586665fa010010a591622270741ad32dc3e692c61aa124fc001e4f7

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://api.saisoncard.co.jp.beidouhulian.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Tue, 09 Aug 2022 00:53:05 GMT
last-modified
Tue, 10 Jul 2018 06:07:40 GMT
server
Apache
etag
"a05d"
content-type
image/jpeg
access-control-allow-origin
https://api.saisoncard.co.jp
x-iinfo
13-5372647-5369106 PNNN RT(1660006384282 24) q(0 0 0 -1) r(0 0) U5
x-cnection
close
accept-ranges
bytes
content-length
41053
x-cdn
Imperva
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7829cd82e5b348bd82b5917ab6b4df98a0ca39a30a21d70735cf791e5e8b7bcf

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		14 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
da0e225d66db0a3ebf1aa9d3ba389955f3f220836f577830c6d9f12e0f9f2a4c

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1ed19ea7ee0a908c19890a25bf56f01efe45d145f87e8f7f6964a79b8bbcec0b

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b0f628c4204263d06e5a028c3f2df7a264df11d2766f7dfc50fe786bebda6df8

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type
image/png
h3.gif
api.saisoncard.co.jp.beidouhulian.com/images/ 		120 B
325 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.saisoncard.co.jp.beidouhulian.com/images/h3.gif
Requested by
Host: api.saisoncard.co.jp.beidouhulian.com
URL: https://api.saisoncard.co.jp.beidouhulian.com/css/login.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.150.86.179 Central, Hong Kong, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
179.86.150.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
6dbfe2e8a966ff6518e842a34478a784dec9c08f2062692ae2e68ad9683c8631
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://api.saisoncard.co.jp.beidouhulian.com/css/login.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Tue, 09 Aug 2022 00:53:05 GMT
last-modified
Tue, 22 Mar 2022 15:36:32 GMT
server
nginx
etag
"6239ed00-78"
strict-transport-security
max-age=31536000
content-type
image/gif
cache-control
max-age=2592000
accept-ranges
bytes
content-length
120
expires
Thu, 08 Sep 2022 00:53:05 GMT
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
046dae1710bdf2c2a11b49acadad79bafc11b086ed2d79e3c1647f129a8b8ddd

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Saison Card (Financial)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| savepage_ShadowLoader

1 Cookies

Domain/Path Name / Value
api.saisoncard.co.jp.beidouhulian.com/ Name: isuser
Value: true

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000