www.mattress-hub.com.hk Open in urlscan Pro
58.82.193.216 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
Submission: On June 07 via automatic, source openphish (June 7th 2019, 11:03:53 pm UTC)

Summary HTTP 20 Redirects Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 20 HTTP transactions. The main IP is 58.82.193.216, located in Hong Kong and belongs to CLINK-AS-AP CommuniLink Internet Limited., HK. The main domain is www.mattress-hub.com.hk.

This is the only time www.mattress-hub.com.hk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online) USAA (Banking)

Domain & IP information

	IP Address		AS Autonomous System
14	58.82.193.216 58.82.193.216		38277 (CLINK-AS-...) (CLINK-AS-AP CommuniLink Internet Limited.)
1	54.148.84.95 54.148.84.95		16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
5	2606:4700::68... 2606:4700::6813:c597		13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
20	3

14 58.82.193.216 (Hong Kong)

ASN38277 (CLINK-AS-AP CommuniLink Internet Limited., HK)
PTR: serv193216c.communilink.com

www.mattress-hub.com.hk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.148.84.95 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-148-84-95.us-west-2.compute.amazonaws.com

www.sitepoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6813:c597 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	mattress-hub.com.hk www.mattress-hub.com.hk	136 KB
5	cloudflare.com cdnjs.cloudflare.com	101 KB
1	sitepoint.com www.sitepoint.com	6 KB
20	3

	Domain	Requested by
14	www.mattress-hub.com.hk	www.mattress-hub.com.hk
5	cdnjs.cloudflare.com	www.mattress-hub.com.hk
1	www.sitepoint.com	www.mattress-hub.com.hk
20	3

This site contains no links.

Subject Issuer	Validity	Valid
sitepoint.com SSL.com Premium EV CA	`2018-08-07` - `2019-09-23`	a year	crt.sh
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-03-02` - `2019-09-08`	6 months	crt.sh
	`1970-01-01` - `1970-01-01`	a few seconds	crt.sh

This page contains 1 frames:

Primary Page: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
Frame ID: D60853E5AAEEA5FB9DC6270328D41601
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

UNIX (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Unix/i

OpenSSL (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js/i
env /^jQuery$/i

Page Statistics

20
Requests

30 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

243 kB
Transfer

514 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request step4.php Show response
www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/ 10 KB
10 KB 971ms
202ms Document
text/html 58.82.193.216
CLINK-AS-AP Commu...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
Protocol: HTTP/1.1
Server: 58.82.193.216 , Hong Kong, ASN38277 (CLINK-AS-AP CommuniLink Internet Limited., HK),
Reverse DNS: serv193216c.communilink.com
Software: Apache/2.4.29 (Unix) OpenSSL/1.0.2n / PHP/5.6.32
Resource Hash: a70c9a17616ff9fee79ba37d756536a9e7fe469a5d5d789fea1af9b83d57e72c

Request headers

Host: www.mattress-hub.com.hk
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 07 Jun 2019 23:03:25 GMT
Server: Apache/2.4.29 (Unix) OpenSSL/1.0.2n
X-Powered-By: PHP/5.6.32
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK MaskedPassword.js Show response
www.sitepoint.com/examples/password/MaskedPassword/ 17 KB
6 KB 733ms
173ms Script
application/javascript 54.148.84.95
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sitepoint.com/examples/password/MaskedPassword/MaskedPassword.js

Requested by

Host: www.mattress-hub.com.hk
URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

54.148.84.95 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-84-95.us-west-2.compute.amazonaws.com

Software

Apache/2.2.22 (Debian) /

Resource Hash

2cfdb08c07395b0be65df154f068ade61c1bfad7e3e3e2d0e40b85319fa95825

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

Referer: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 07 Jun 2019 22:10:19 GMT
Content-Encoding: gzip
X-Cache-Lookup: HIT from ip-172-31-22-12.us-west-2.compute.internal:3128
Last-Modified: Fri, 15 Oct 2010 00:03:45 GMT
Server: Apache/2.2.22 (Debian)
Age: 3197
X-Frame-Options: sameorigin
ETag: "680936-4208-4929c8f629a40"
Vary: User-Agent,Accept-Encoding
X-Cache: HIT from ip-172-31-22-12.us-west-2.compute.internal
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 5767

GET
H2 200 jquery.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0-beta1/ 256 KB
73 KB 19ms
18ms Script
application/javascript 2606:4700::6813:c597
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0-beta1/jquery.js

Requested by

Host: www.mattress-hub.com.hk
URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:c597 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

78f27c3d7cb5d766466703adc7f7ad7706b7fb05514eec39be0aa253449bd0f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 07 Jun 2019 23:03:35 GMT
content-encoding: br
cf-cache-status: HIT
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
timing-allow-origin: *
last-modified: Thu, 17 May 2018 09:21:00 GMT
server: cloudflare
etag: W/"5afd497c-40023"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Wed, 27 May 2020 23:03:35 GMT
cache-control: public, max-age=30672000
cf-ray: 4e3642a15aedc286-FRA
served-in-seconds: 0.006

GET
H2 200 jquery.validate.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/ 45 KB
12 KB 18ms
17ms Script
application/javascript 2606:4700::6813:c597
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/jquery.validate.js

Requested by

Host: www.mattress-hub.com.hk
URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:c597 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2aecc3e7494318d2398eafe2a6de21c03a52264ddf86c7934758ddbda06864bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 07 Jun 2019 23:03:35 GMT
content-encoding: br
cf-cache-status: HIT
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
timing-allow-origin: *
last-modified: Thu, 17 May 2018 09:20:58 GMT
server: cloudflare
etag: W/"5afd497a-b4b9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Wed, 27 May 2020 23:03:35 GMT
cache-control: public, max-age=30672000
cf-ray: 4e3642a15aeec286-FRA
served-in-seconds: 0.001

GET
H2 200 additional-methods.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/ 38 KB
10 KB 14ms
13ms Script
application/javascript 2606:4700::6813:c597
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/additional-methods.js

Requested by

Host: www.mattress-hub.com.hk
URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:c597 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1d95e0e21c160558eb3d2bacd76779048cb600cc04e15264e0835f4f86b4b375

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 07 Jun 2019 23:03:35 GMT
content-encoding: br
cf-cache-status: HIT
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
timing-allow-origin: *
last-modified: Thu, 17 May 2018 09:20:13 GMT
server: cloudflare
etag: W/"5afd494d-985d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Wed, 27 May 2020 23:03:35 GMT
cache-control: public, max-age=30672000
cf-ray: 4e3642a15aefc286-FRA
served-in-seconds: 0.073

GET
H2 200 jquery.maskedinput.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery.maskedinput/1.4.1/ 10 KB
3 KB 12ms
11ms Script
application/javascript 2606:4700::6813:c597
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery.maskedinput/1.4.1/jquery.maskedinput.js

Requested by

Host: www.mattress-hub.com.hk
URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:c597 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7ef14a1e070a6a2ec9ff44ccf5e923cb2a460c5861a3db8a9ae1e21557d27020

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 07 Jun 2019 23:03:35 GMT
content-encoding: br
cf-cache-status: HIT
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
timing-allow-origin: *
last-modified: Thu, 17 May 2018 09:20:13 GMT
server: cloudflare
etag: W/"5afd494d-284d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Wed, 27 May 2020 23:03:35 GMT
cache-control: public, max-age=30672000
cf-ray: 4e3642a15af1c286-FRA
served-in-seconds: 0.049

GET
H2 200 jquery.payment.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery.payment/1.3.2/ 17 KB
3 KB 13ms
12ms Script
application/javascript 2606:4700::6813:c597
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery.payment/1.3.2/jquery.payment.js

Requested by

Host: www.mattress-hub.com.hk
URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:c597 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

60499c4335239d51fa6ef40bd909ba8e62a2a468b16b74f0fd9fadac1eee4bbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 07 Jun 2019 23:03:35 GMT
content-encoding: br
cf-cache-status: HIT
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
timing-allow-origin: *
last-modified: Thu, 17 May 2018 09:20:59 GMT
server: cloudflare
etag: W/"5afd497b-421b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Wed, 27 May 2020 23:03:35 GMT
cache-control: public, max-age=30672000
cf-ray: 4e3642a15af2c286-FRA
served-in-seconds: 0.001

GET
H/1.1 200
OK fss8.png
www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/images/ 13 KB
14 KB 619ms
420ms Image
image/png 58.82.193.216
CLINK-AS-AP Commu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/images/fss8.png
Requested by: Host: www.mattress-hub.com.hk
URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
Protocol: HTTP/1.1
Security: , ,
Server: 58.82.193.216 , Hong Kong, ASN38277 (CLINK-AS-AP CommuniLink Internet Limited., HK),
Reverse DNS: serv193216c.communilink.com
Software: Apache/2.4.29 (Unix) OpenSSL/1.0.2n /
Resource Hash: 57fc74197fe873e1e3fa5aecd7e012f96763a00dcbd845578cf35673f7802199

Request headers

Referer: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 07 Jun 2019 23:03:26 GMT
Last-Modified: Fri, 07 Jun 2019 21:01:27 GMT
Server: Apache/2.4.29 (Unix) OpenSSL/1.0.2n
ETag: "3550-58ac22256a9f6"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 13648

GET
H/1.1 200
OK fss11.png
www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/images/ 21 KB
21 KB 1384ms
210ms Image
image/png 58.82.193.216
CLINK-AS-AP Commu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/images/fss11.png
Requested by: Host: www.mattress-hub.com.hk
URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
Protocol: HTTP/1.1
Security: , ,
Server: 58.82.193.216 , Hong Kong, ASN38277 (CLINK-AS-AP CommuniLink Internet Limited., HK),
Reverse DNS: serv193216c.communilink.com
Software: Apache/2.4.29 (Unix) OpenSSL/1.0.2n /
Resource Hash: baec324958f3fc960b351aca2c3531d2c8dffbb89977044d08be120aa7d18285

Request headers

Referer: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 07 Jun 2019 23:03:27 GMT
Last-Modified: Fri, 07 Jun 2019 21:01:27 GMT
Server: Apache/2.4.29 (Unix) OpenSSL/1.0.2n
ETag: "52dd-58ac22256978d"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 21213

GET
H/1.1 200
OK fss9.png
www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/images/ 8 KB
8 KB 858ms
205ms Image
image/png 58.82.193.216
CLINK-AS-AP Commu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/images/fss9.png
Requested by: Host: www.mattress-hub.com.hk
URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
Protocol: HTTP/1.1
Security: , ,
Server: 58.82.193.216 , Hong Kong, ASN38277 (CLINK-AS-AP CommuniLink Internet Limited., HK),
Reverse DNS: serv193216c.communilink.com
Software: Apache/2.4.29 (Unix) OpenSSL/1.0.2n /
Resource Hash: 744f454bcaba7f32eb279bdbcb53467ab227a82ff9d426dcbc4c1ab17d15bf69

Request headers

Referer: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 07 Jun 2019 23:03:27 GMT
Last-Modified: Fri, 07 Jun 2019 21:01:27 GMT
Server: Apache/2.4.29 (Unix) OpenSSL/1.0.2n
ETag: "20ce-58ac22256989f"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 8398

GET
H/1.1 200
OK fss13.png
www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/images/ 44 KB
44 KB 889ms
207ms Image
image/png 58.82.193.216
CLINK-AS-AP Commu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/images/fss13.png
Requested by: Host: www.mattress-hub.com.hk
URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
Protocol: HTTP/1.1
Security: , ,
Server: 58.82.193.216 , Hong Kong, ASN38277 (CLINK-AS-AP CommuniLink Internet Limited., HK),
Reverse DNS: serv193216c.communilink.com
Software: Apache/2.4.29 (Unix) OpenSSL/1.0.2n /
Resource Hash: 9c07281b3549bbabe697a1be131f0860302b9073416f2a6a87edb86a094b410a

Request headers

Referer: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 07 Jun 2019 23:03:27 GMT
Last-Modified: Fri, 07 Jun 2019 21:01:27 GMT
Server: Apache/2.4.29 (Unix) OpenSSL/1.0.2n
ETag: "af59-58ac2225641dd"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 44889

GET
H/1.1 200
OK fss.png
www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/images/ 20 KB
21 KB 1005ms
202ms Image
image/png 58.82.193.216
CLINK-AS-AP Commu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/images/fss.png
Requested by: Host: www.mattress-hub.com.hk
URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
Protocol: HTTP/1.1
Security: , ,
Server: 58.82.193.216 , Hong Kong, ASN38277 (CLINK-AS-AP CommuniLink Internet Limited., HK),
Reverse DNS: serv193216c.communilink.com
Software: Apache/2.4.29 (Unix) OpenSSL/1.0.2n /
Resource Hash: 1bd2510d4e39e5faf16a19f98e06d306ca67699030c147f9b6254c512b7bff20

Request headers

Referer: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 07 Jun 2019 23:03:27 GMT
Last-Modified: Fri, 07 Jun 2019 21:01:27 GMT
Server: Apache/2.4.29 (Unix) OpenSSL/1.0.2n
ETag: "51d6-58ac22256458b"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 20950

GET
H/1.1 200
OK fss24.png
www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/images/ 1 KB
1 KB 1261ms
205ms Image
image/png 58.82.193.216
CLINK-AS-AP Commu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/images/fss24.png
Requested by: Host: www.mattress-hub.com.hk
URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
Protocol: HTTP/1.1
Security: , ,
Server: 58.82.193.216 , Hong Kong, ASN38277 (CLINK-AS-AP CommuniLink Internet Limited., HK),
Reverse DNS: serv193216c.communilink.com
Software: Apache/2.4.29 (Unix) OpenSSL/1.0.2n /
Resource Hash: 9c6c579b1adb08e03cafe1ba9eae8e40443ff7a39c8d61fc4c4d7ad66696657d

Request headers

Referer: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 07 Jun 2019 23:03:27 GMT
Last-Modified: Fri, 07 Jun 2019 21:01:27 GMT
Server: Apache/2.4.29 (Unix) OpenSSL/1.0.2n
ETag: "43d-58ac222569a92"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 1085

GET
H/1.1 200
OK fss2.png
www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/images/ 8 KB
8 KB 394ms
206ms Image
image/png 58.82.193.216
CLINK-AS-AP Commu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/images/fss2.png
Requested by: Host: www.mattress-hub.com.hk
URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
Protocol: HTTP/1.1
Security: , ,
Server: 58.82.193.216 , Hong Kong, ASN38277 (CLINK-AS-AP CommuniLink Internet Limited., HK),
Reverse DNS: serv193216c.communilink.com
Software: Apache/2.4.29 (Unix) OpenSSL/1.0.2n /
Resource Hash: fb466eee9c8e8dad2f3db302292209c7ea7ff928ebb6855d132ca748182259df

Request headers

Referer: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 07 Jun 2019 23:03:26 GMT
Last-Modified: Fri, 07 Jun 2019 21:01:27 GMT
Server: Apache/2.4.29 (Unix) OpenSSL/1.0.2n
ETag: "1eb5-58ac22256400a"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 7861

GET
H/1.1 200
OK fss17.png
www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/images/ 1 KB
1 KB 416ms
205ms Image
image/png 58.82.193.216
CLINK-AS-AP Commu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/images/fss17.png
Requested by: Host: www.mattress-hub.com.hk
URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
Protocol: HTTP/1.1
Security: , ,
Server: 58.82.193.216 , Hong Kong, ASN38277 (CLINK-AS-AP CommuniLink Internet Limited., HK),
Reverse DNS: serv193216c.communilink.com
Software: Apache/2.4.29 (Unix) OpenSSL/1.0.2n /
Resource Hash: b6fcf6b1f70847a6128e681ccb16fb723e3d25288ae6abcf971b609a5add7b0d

Request headers

Referer: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 07 Jun 2019 23:03:26 GMT
Last-Modified: Fri, 07 Jun 2019 21:01:27 GMT
Server: Apache/2.4.29 (Unix) OpenSSL/1.0.2n
ETag: "421-58ac22256aaf0"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1057

GET
H/1.1 200
OK fss15.png
www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/images/ 1 KB
2 KB 607ms
211ms Image
image/png 58.82.193.216
CLINK-AS-AP Commu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/images/fss15.png
Requested by: Host: www.mattress-hub.com.hk
URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
Protocol: HTTP/1.1
Security: , ,
Server: 58.82.193.216 , Hong Kong, ASN38277 (CLINK-AS-AP CommuniLink Internet Limited., HK),
Reverse DNS: serv193216c.communilink.com
Software: Apache/2.4.29 (Unix) OpenSSL/1.0.2n /
Resource Hash: c12f47cbc45ca2f45efc1700f4fecd15e6f53a86839fdbf4555d70040f539ca0

Request headers

Referer: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 07 Jun 2019 23:03:26 GMT
Last-Modified: Fri, 07 Jun 2019 21:01:27 GMT
Server: Apache/2.4.29 (Unix) OpenSSL/1.0.2n
ETag: "4f3-58ac2225648c2"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1267

GET
H/1.1 200
OK fss18.png
www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/images/ 1 KB
2 KB 462ms
209ms Image
image/png 58.82.193.216
CLINK-AS-AP Commu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/images/fss18.png
Requested by: Host: www.mattress-hub.com.hk
URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
Protocol: HTTP/1.1
Security: , ,
Server: 58.82.193.216 , Hong Kong, ASN38277 (CLINK-AS-AP CommuniLink Internet Limited., HK),
Reverse DNS: serv193216c.communilink.com
Software: Apache/2.4.29 (Unix) OpenSSL/1.0.2n /
Resource Hash: 81f5c5a60c17000e05232d6217f92f89c2fa7e6947d79c3b0c9155208c041f9b

Request headers

Referer: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 07 Jun 2019 23:03:26 GMT
Last-Modified: Fri, 07 Jun 2019 21:01:27 GMT
Server: Apache/2.4.29 (Unix) OpenSSL/1.0.2n
ETag: "5bb-58ac22256998e"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 1467

GET
H/1.1 200
OK fsshape252411421.gif
www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/images/ 856 B
1 KB 395ms
204ms Image
image/gif 58.82.193.216
CLINK-AS-AP Commu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/images/fsshape252411421.gif
Requested by: Host: www.mattress-hub.com.hk
URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
Protocol: HTTP/1.1
Security: , ,
Server: 58.82.193.216 , Hong Kong, ASN38277 (CLINK-AS-AP CommuniLink Internet Limited., HK),
Reverse DNS: serv193216c.communilink.com
Software: Apache/2.4.29 (Unix) OpenSSL/1.0.2n /
Resource Hash: f871036c9ffa4398fe4c2c592855621751989483bd7d9302ff7be4b96b4d54b3

Request headers

Referer: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 07 Jun 2019 23:03:26 GMT
Last-Modified: Fri, 07 Jun 2019 21:01:27 GMT
Server: Apache/2.4.29 (Unix) OpenSSL/1.0.2n
ETag: "358-58ac2225693ff"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 856

GET
H/1.1 200
OK fsshape252440546.gif
www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/images/ 856 B
1 KB 670ms
207ms Image
image/gif 58.82.193.216
CLINK-AS-AP Commu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/images/fsshape252440546.gif
Requested by: Host: www.mattress-hub.com.hk
URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
Protocol: HTTP/1.1
Security: , ,
Server: 58.82.193.216 , Hong Kong, ASN38277 (CLINK-AS-AP CommuniLink Internet Limited., HK),
Reverse DNS: serv193216c.communilink.com
Software: Apache/2.4.29 (Unix) OpenSSL/1.0.2n /
Resource Hash: 4717cc3df287e69728007c5afb6ba19f1ea74bc643d541bfa83f74ba84b0d58a

Request headers

Referer: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 07 Jun 2019 23:03:26 GMT
Last-Modified: Fri, 07 Jun 2019 21:01:27 GMT
Server: Apache/2.4.29 (Unix) OpenSSL/1.0.2n
ETag: "358-58ac2225642d7"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 856

GET
H/1.1 200
OK fssubmit.png
www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/images/ 1 KB
1 KB 642ms
224ms Image
image/png 58.82.193.216
CLINK-AS-AP Commu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/images/fssubmit.png
Requested by: Host: www.mattress-hub.com.hk
URL: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
Protocol: HTTP/1.1
Security: , ,
Server: 58.82.193.216 , Hong Kong, ASN38277 (CLINK-AS-AP CommuniLink Internet Limited., HK),
Reverse DNS: serv193216c.communilink.com
Software: Apache/2.4.29 (Unix) OpenSSL/1.0.2n /
Resource Hash: d437afe93784a183b8c358daa92c38c8ef42d4ec085fd18a08bbeec10ffc43dd

Request headers

Referer: http://www.mattress-hub.com.hk/.well-known/-/USAA/e69aaccd468ce6e1419b38c47d93b846/step4.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 07 Jun 2019 23:03:26 GMT
Last-Modified: Fri, 07 Jun 2019 21:01:27 GMT
Server: Apache/2.4.29 (Unix) OpenSSL/1.0.2n
ETag: "4ac-58ac222569646"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1196

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online) USAA (Banking)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| MaskedPassword function| $ function| jQuery function| unhideBody

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
www.mattress-hub.com.hk
www.sitepoint.com
2606:4700::6813:c597
54.148.84.95
58.82.193.216
1bd2510d4e39e5faf16a19f98e06d306ca67699030c147f9b6254c512b7bff20
1d95e0e21c160558eb3d2bacd76779048cb600cc04e15264e0835f4f86b4b375
2aecc3e7494318d2398eafe2a6de21c03a52264ddf86c7934758ddbda06864bb
2cfdb08c07395b0be65df154f068ade61c1bfad7e3e3e2d0e40b85319fa95825
4717cc3df287e69728007c5afb6ba19f1ea74bc643d541bfa83f74ba84b0d58a
57fc74197fe873e1e3fa5aecd7e012f96763a00dcbd845578cf35673f7802199
60499c4335239d51fa6ef40bd909ba8e62a2a468b16b74f0fd9fadac1eee4bbf
744f454bcaba7f32eb279bdbcb53467ab227a82ff9d426dcbc4c1ab17d15bf69
78f27c3d7cb5d766466703adc7f7ad7706b7fb05514eec39be0aa253449bd0f8
7ef14a1e070a6a2ec9ff44ccf5e923cb2a460c5861a3db8a9ae1e21557d27020
81f5c5a60c17000e05232d6217f92f89c2fa7e6947d79c3b0c9155208c041f9b
9c07281b3549bbabe697a1be131f0860302b9073416f2a6a87edb86a094b410a
9c6c579b1adb08e03cafe1ba9eae8e40443ff7a39c8d61fc4c4d7ad66696657d
a70c9a17616ff9fee79ba37d756536a9e7fe469a5d5d789fea1af9b83d57e72c
b6fcf6b1f70847a6128e681ccb16fb723e3d25288ae6abcf971b609a5add7b0d
baec324958f3fc960b351aca2c3531d2c8dffbb89977044d08be120aa7d18285
c12f47cbc45ca2f45efc1700f4fecd15e6f53a86839fdbf4555d70040f539ca0
d437afe93784a183b8c358daa92c38c8ef42d4ec085fd18a08bbeec10ffc43dd
f871036c9ffa4398fe4c2c592855621751989483bd7d9302ff7be4b96b4d54b3
fb466eee9c8e8dad2f3db302292209c7ea7ff928ebb6855d132ca748182259df