hsbc.web-system.com
Open in
urlscan Pro
146.12.194.163
Malicious Activity!
Public Scan
Submission: On August 19 via api from US — Scanned from US
Summary
TLS certificate: Issued by Starfield Secure Certificate Authorit... on September 28th 2022. Valid for: a year.
This is the only time hsbc.web-system.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: HSBC (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 12 | 146.12.194.163 146.12.194.163 | 15245 (HARTE-HAN...) (HARTE-HANKS-AS15245) | |
11 | 1 |
ASN15245 (HARTE-HANKS-AS15245, US)
PTR: harte-hanks.com
hsbc.web-system.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
web-system.com
1 redirects
hsbc.web-system.com |
98 KB |
11 | 1 |
Domain | Requested by | |
---|---|---|
12 | hsbc.web-system.com |
1 redirects
hsbc.web-system.com
|
11 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.web-system.com Starfield Secure Certificate Authority - G2 |
2022-09-28 - 2023-09-28 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://hsbc.web-system.com/Index
Frame ID: 99DB785886BD778EE8AC60D97FC3C91B
Requests: 11 HTTP requests in this frame
Screenshot
Page Title
HSBCPage URL History Show full URLs
-
https://hsbc.web-system.com/Index
HTTP 302
https://hsbc.web-system.com/Index Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://hsbc.web-system.com/Index
HTTP 302
https://hsbc.web-system.com/Index Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Index
hsbc.web-system.com/ Redirect Chain
|
5 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
stylesheet.css
hsbc.web-system.com/security/css/ |
44 KB 44 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
stylesheet.css
hsbc.web-system.com/security/css/en/ |
0 207 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.js
hsbc.web-system.com/security/js/ |
22 KB 22 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jsrsClient.js
hsbc.web-system.com/security/js/ |
13 KB 13 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.js
hsbc.web-system.com/security/js/ |
4 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Logo.gif
hsbc.web-system.com/security/images/ |
1 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Blank.gif
hsbc.web-system.com/security/images/ |
49 B 259 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
HarteHanksLogo.png
hsbc.web-system.com/security/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
smallGrid.gif
hsbc.web-system.com/security/images/ |
71 B 281 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
BorderBottomBackground.jpg
hsbc.web-system.com/security/images/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: HSBC (Banking)136 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture string| ACTION string| PAIR_DELIMITER string| ITEM_DELIMITER string| FIREFOX string| INTERNET_EXPLORER string| CHROME string| OMNI_WEB string| SAFARI string| OPERA string| I_CAB string| KONQUEROR string| CAMINO string| NETSCAPE string| MOZILLA object| browserDetect function| hideFooterFrame function| showFooterFrame function| processRequest function| doneProcessingRequest function| canProcess function| setButtonsToProcess function| changeAction function| addJavaScript function| resetActions function| addAction function| runActions function| containsStatus function| disableButton function| disableAfterTimeout number| terminateActionStatus number| cancelSubmitActionStatus function| closeWindows function| getLocalTimezone function| handleTimezone function| show function| hide function| disableAllButtons function| enableAllButtons function| manipulateButtons function| resetButtons function| bodyOnLoad function| setFocus function| handleOnSubmit function| resetOnLoadActions function| addOnLoadAction function| runOnLoadActions function| refreshFooter function| value function| get function| getParameterDelimiter function| goToPage function| getSibling function| getSib function| getPrevSib function| setSelect function| findElement function| confirmClick function| populateForm function| getControl function| getName function| getId function| addOnLoadEvent function| handleEnter function| listenToEnter function| submitAction function| insertAfter function| getPath function| getRowsOfTable function| getChildren function| busy function| submitForm function| getPairs function| getItems function| getElementPosition function| moveElement function| getElementHeight function| getElementWidth function| repositionOnScreen function| readOnlyCheckBox function| getWindowWidth function| getWindowHeight function| getScrollLeft function| getScrollTop function| changeHiddenCheckBox function| getUnique function| showMessage function| getDocHeight number| jsrsContextPoolSize number| jsrsContextMaxPool object| jsrsContextPool string| jsrsBrowser boolean| jsrsPOST undefined| containerName string| pairDelimiter string| itemDelimiter function| jsrsContextObj function| contextCreateContainer function| contextPOST function| contextGET function| contextGetPayload function| contextSetVisibility function| jsrsGetContextID function| jsrsExecute function| jsrsLoaded function| jsrsError function| jsrsEscapeQQ function| jsrsUnescape function| jsrsBrowserSniff function| jsrsArrayFromString function| jsrsDebugInfo function| clearDropDown function| populateSelect string| MAIN string| LOGOUT string| USER_NAME string| PASSWORD string| EMPLOYEE_ID string| LOGIN_EXTENSION string| REMEMBER_ME string| REMOTE_SCRIPTING string| INTERNAL_LOGIN_DIV_LABEL string| INTERNAL_LOGIN_DIV_FIELD string| SWITCH_LOGIN string| TEXT_HH string| TEXT_HSBC function| autoSubmit function| checkLoginFrame function| getMainWindow function| setLoginFocus function| onEmployeeIdChange function| onUserNameChange function| login function| logout function| loginSubmit function| flipInternalDiv1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
hsbc.web-system.com/ | Name: JSESSIONID Value: 02E7A91566380580713EACA3A8F12440 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
hsbc.web-system.com
146.12.194.163
07b2f1b4db442a161813b38ebd5d713166cbbf0b8b3a95460667c831711b2dc0
10a6656a72fb4e60405f81a31b064cd1d78d4f64afd05eba0f7f1002268700fe
2a2b7cd3ffce65adcc34d48bbd088cecc48ac23af8e130cdd760fb4bd5ea84a0
51dfddcaf32513204082dcfbd7dc28fdf3e11aa77543ebdb5a7cb1199a1fc191
7addd2dc2c3c557169e1f75b5efceb757c71ab1c780ed1262a4fc0697336d0fc
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
c6e72582d0cbc8d0309da5d7bdbc45d07bdaed92131043ea11400551dd0920e4
d7eeb6c79c2c4c77747a64d489ce800f3d25ff5dfb805eb8758d078b75c723d6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef583d0d455443abe4faa1a81acc4d1132ecb2c0552987eafc30e8a67d243f7e
faa0981f9e8786c32342611cd78a714f9d1dda8ba8aedc283789dc716bfdfbdd