www.drivesafeamerica.us Open in urlscan Pro
64.91.230.111 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/SSLAuthUI.html
Submission: On March 04 via api (March 4th 2023, 2:22:44 am UTC) from US — Scanned from US

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 11 HTTP transactions. The main IP is 64.91.230.111, located in United States and belongs to LIQUIDWEB, US. The main domain is www.drivesafeamerica.us.

This is the only time www.drivesafeamerica.us was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Chunghwa Post (Transportation)

Domain & IP information

	IP Address		AS Autonomous System
11	64.91.230.111 64.91.230.111		32244 (LIQUIDWEB) (LIQUIDWEB)
11	1

11 64.91.230.111 (United States)

ASN32244 (LIQUIDWEB, US)
PTR: host.sussmanagency.com

www.drivesafeamerica.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	drivesafeamerica.us www.drivesafeamerica.us	206 KB
11	1

	Domain	Requested by
11	www.drivesafeamerica.us	www.drivesafeamerica.us
11	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/SSLAuthUI.html
Frame ID: 61F3D14FDAF2F17F3B1D45EF2BB902BF
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

信用卡付款頁面

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Page Statistics

11
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

206 kB
Transfer

204 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request SSLAuthUI.html Show response www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/	10 KB 10 KB	532ms 310ms	Document text/html	64.91.230.111 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/SSLAuthUI.html Protocol HTTP/1.1 Server 64.91.230.111 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS host.sussmanagency.com Software Apache / Resource Hash `4f57e5545cb33fb41fddf6e360ed560db28c92970dce2e793955c9804ff6b7ae` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 accept-language en-US,en;q=0.9 Response headers Accept-Ranges bytes Connection close Content-Length 9958 Content-Type text/html Date Sat, 04 Mar 2023 02:22:39 GMT Last-Modified Thu, 02 Mar 2023 05:57:58 GMT Server Apache
GET H/1.1	200 OK	bootstrap.css www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/SSLAuthUI_fichiers/	118 KB 119 KB	90ms 56ms	Stylesheet text/css	64.91.230.111 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/SSLAuthUI_fichiers/bootstrap.css Requested by Host: www.drivesafeamerica.us URL: http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/SSLAuthUI.html Protocol HTTP/1.1 Server 64.91.230.111 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS host.sussmanagency.com Software Apache / Resource Hash `f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c` Request headers accept-language en-US,en;q=0.9 Referer http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Sat, 04 Mar 2023 02:22:40 GMT Last-Modified Thu, 02 Mar 2023 05:57:58 GMT Server Apache Connection close Accept-Ranges bytes Content-Length 121200 Content-Type text/css
GET H/1.1	200 OK	style.css www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/SSLAuthUI_fichiers/	9 KB 9 KB	93ms 60ms	Stylesheet text/css	64.91.230.111 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/SSLAuthUI_fichiers/style.css Requested by Host: www.drivesafeamerica.us URL: http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/SSLAuthUI.html Protocol HTTP/1.1 Server 64.91.230.111 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS host.sussmanagency.com Software Apache / Resource Hash `a21e37f28e0471522fcbb0e6860b66a60a582246c4be912dc912b339c35f2ce0` Request headers accept-language en-US,en;q=0.9 Referer http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Sat, 04 Mar 2023 02:22:40 GMT Last-Modified Thu, 02 Mar 2023 05:57:58 GMT Server Apache Connection close Accept-Ranges bytes Content-Length 9412 Content-Type text/css
GET H/1.1	200 OK	CTBC_W.jpg www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/img/	42 KB 43 KB	114ms 74ms	Image image/jpeg	64.91.230.111 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/img/CTBC_W.jpg Requested by Host: www.drivesafeamerica.us URL: http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/SSLAuthUI.html Protocol HTTP/1.1 Server 64.91.230.111 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS host.sussmanagency.com Software Apache / Resource Hash `14832827e45f20f385f3584cb5c84441eb00df1be5aeb33882a5b4ab510ae2ed` Request headers accept-language en-US,en;q=0.9 Referer http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Sat, 04 Mar 2023 02:22:40 GMT Last-Modified Thu, 02 Mar 2023 05:57:58 GMT Server Apache Connection close Accept-Ranges bytes Content-Length 43378 Content-Type image/jpeg
GET H/1.1	200 OK	cardtype_ss.png www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/img/	7 KB 8 KB	114ms 73ms	Image image/png	64.91.230.111 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/img/cardtype_ss.png Requested by Host: www.drivesafeamerica.us URL: http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/SSLAuthUI.html Protocol HTTP/1.1 Server 64.91.230.111 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS host.sussmanagency.com Software Apache / Resource Hash `a5ca115514cbfc52924374b62761d7f0d1f8e510d08b32905f75b66b3a37b1e1` Request headers accept-language en-US,en;q=0.9 Referer http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Sat, 04 Mar 2023 02:22:40 GMT Last-Modified Thu, 02 Mar 2023 05:57:58 GMT Server Apache Connection close Accept-Ranges bytes Content-Length 7613 Content-Type image/png
GET H/1.1	200 OK	card.png www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/img/	399 B 604 B	105ms 65ms	Image image/png	64.91.230.111 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/img/card.png Requested by Host: www.drivesafeamerica.us URL: http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/SSLAuthUI.html Protocol HTTP/1.1 Server 64.91.230.111 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS host.sussmanagency.com Software Apache / Resource Hash `39459e2db25db3f30b853a7b510629f766994c88eb2af780e77d4ffa71287ee0` Request headers accept-language en-US,en;q=0.9 Referer http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Sat, 04 Mar 2023 02:22:40 GMT Last-Modified Thu, 02 Mar 2023 05:57:58 GMT Server Apache Connection close Accept-Ranges bytes Content-Length 399 Content-Type image/png
GET H/1.1	200 OK	Exclamation.png www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/img/	481 B 686 B	103ms 64ms	Image image/png	64.91.230.111 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/img/Exclamation.png Requested by Host: www.drivesafeamerica.us URL: http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/SSLAuthUI.html Protocol HTTP/1.1 Server 64.91.230.111 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS host.sussmanagency.com Software Apache / Resource Hash `f35b4d8168065dde839d4ebb2bb3747b2734acdf3c85e0c28a163daa97c76d39` Request headers accept-language en-US,en;q=0.9 Referer http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Sat, 04 Mar 2023 02:22:40 GMT Last-Modified Thu, 02 Mar 2023 05:57:58 GMT Server Apache Connection close Accept-Ranges bytes Content-Length 481 Content-Type image/png
GET H/1.1	200 OK	3D_VISA.png www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/img/	4 KB 4 KB	93ms 60ms	Image image/png	64.91.230.111 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/img/3D_VISA.png Requested by Host: www.drivesafeamerica.us URL: http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/SSLAuthUI.html Protocol HTTP/1.1 Server 64.91.230.111 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS host.sussmanagency.com Software Apache / Resource Hash `1818f0c2ef6a363e915bd4c6c2c2cbeef0fcf60ff2da3e79cfe0d1c3bc9ff86b` Request headers accept-language en-US,en;q=0.9 Referer http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Sat, 04 Mar 2023 02:22:40 GMT Last-Modified Thu, 02 Mar 2023 05:57:58 GMT Server Apache Connection close Accept-Ranges bytes Content-Length 4101 Content-Type image/png
GET H/1.1	200 OK	3D_MASTER.png www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/img/	3 KB 3 KB	88ms 56ms	Image image/png	64.91.230.111 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/img/3D_MASTER.png Requested by Host: www.drivesafeamerica.us URL: http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/SSLAuthUI.html Protocol HTTP/1.1 Server 64.91.230.111 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS host.sussmanagency.com Software Apache / Resource Hash `203dffbf9fb647ad3576ebc57c4005c1a0cb07cc740a911585b6ba70c8d20892` Request headers accept-language en-US,en;q=0.9 Referer http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Sat, 04 Mar 2023 02:22:40 GMT Last-Modified Thu, 02 Mar 2023 05:57:58 GMT Server Apache Connection close Accept-Ranges bytes Content-Length 3098 Content-Type image/png
GET H/1.1	200 OK	3D_JCB.png www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/img/	3 KB 3 KB	88ms 57ms	Image image/png	64.91.230.111 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/img/3D_JCB.png Requested by Host: www.drivesafeamerica.us URL: http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/SSLAuthUI.html Protocol HTTP/1.1 Server 64.91.230.111 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS host.sussmanagency.com Software Apache / Resource Hash `eacf2b196015c40a02cf7849c614daaca5205159d7ac234ad90ea47fbb714041` Request headers accept-language en-US,en;q=0.9 Referer http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Sat, 04 Mar 2023 02:22:40 GMT Last-Modified Thu, 02 Mar 2023 05:57:58 GMT Server Apache Connection close Accept-Ranges bytes Content-Length 3042 Content-Type image/png
GET H/1.1	200 OK	twca_ssl.png www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/img/	6 KB 6 KB	89ms 58ms	Image image/png	64.91.230.111 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/img/twca_ssl.png Requested by Host: www.drivesafeamerica.us URL: http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/SSLAuthUI.html Protocol HTTP/1.1 Server 64.91.230.111 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS host.sussmanagency.com Software Apache / Resource Hash `4a1d51361e6bfabde052f3b64166d7ab532241e0c634162ccd6220c76759642a` Request headers accept-language en-US,en;q=0.9 Referer http://www.drivesafeamerica.us/wp-admin/dev/A32Q0S%202/A32Q0S/post/internet/Group/3d43a/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Sat, 04 Mar 2023 02:22:40 GMT Last-Modified Thu, 02 Mar 2023 05:57:58 GMT Server Apache Connection close Accept-Ranges bytes Content-Length 5949 Content-Type image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Chunghwa Post (Transportation)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.drivesafeamerica.us
64.91.230.111
14832827e45f20f385f3584cb5c84441eb00df1be5aeb33882a5b4ab510ae2ed
1818f0c2ef6a363e915bd4c6c2c2cbeef0fcf60ff2da3e79cfe0d1c3bc9ff86b
203dffbf9fb647ad3576ebc57c4005c1a0cb07cc740a911585b6ba70c8d20892
39459e2db25db3f30b853a7b510629f766994c88eb2af780e77d4ffa71287ee0
4a1d51361e6bfabde052f3b64166d7ab532241e0c634162ccd6220c76759642a
4f57e5545cb33fb41fddf6e360ed560db28c92970dce2e793955c9804ff6b7ae
a21e37f28e0471522fcbb0e6860b66a60a582246c4be912dc912b339c35f2ce0
a5ca115514cbfc52924374b62761d7f0d1f8e510d08b32905f75b66b3a37b1e1
eacf2b196015c40a02cf7849c614daaca5205159d7ac234ad90ea47fbb714041
f35b4d8168065dde839d4ebb2bb3747b2734acdf3c85e0c28a163daa97c76d39
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

www.drivesafeamerica.us Open in urlscan Pro 64.91.230.111 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

11 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

206 kBTransfer

204 kBSize

0 Cookies

0 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Indicators

www.drivesafeamerica.us Open in urlscan Pro
64.91.230.111 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

206 kB
Transfer

204 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!