xigua.mymallhk.com
Open in
urlscan Pro
154.39.158.16
Malicious Activity!
Public Scan
URL:
https://xigua.mymallhk.com/public/payview?payid=6
Submission: On August 08 via manual from JP — Scanned from JP
Submission: On August 08 via manual from JP — Scanned from JP
Summary
This website contacted 5 IPs
in 3 countries
across 4 domains to perform 23 HTTP transactions.
The main IP is 154.39.158.16, located in
United States and
belongs to HKMTC-AS-AP HONG KONG Megalayer Technology Co.,Limited, HK.
The main domain is xigua.mymallhk.com.
TLS certificate: Issued by R3 on August 7th 2022. Valid for: 3 months.
This is the only time xigua.mymallhk.com was scanned on urlscan.io!
TLS certificate: Issued by R3 on August 7th 2022. Valid for: 3 months.
This is the only time xigua.mymallhk.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Japan Post (Transportation)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 17 | 154.39.158.16 154.39.158.16 | 139646 (HKMTC-AS-...) (HKMTC-AS-AP HONG KONG Megalayer Technology Co.) | |
| 2 | 35.75.187.174 35.75.187.174 | 16509 (AMAZON-02) (AMAZON-02) | |
| 1 | 184.26.43.196 184.26.43.196 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 1 | 2404:6800:400... 2404:6800:4004:827::200a | 15169 (GOOGLE) (GOOGLE) | |
| 2 | 2404:6800:400... 2404:6800:4004:823::2003 | 15169 (GOOGLE) (GOOGLE) | |
| 23 | 5 |
17
154.39.158.16
(United States)
ASN139646 (HKMTC-AS-AP HONG KONG Megalayer Technology Co.,Limited, HK)
ASN139646 (HKMTC-AS-AP HONG KONG Megalayer Technology Co.,Limited, HK)
| xigua.mymallhk.com |
2
35.75.187.174
(Tokyo, Japan)
ASN16509 (AMAZON-02, US)
PTR: ec2-35-75-187-174.ap-northeast-1.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-35-75-187-174.ap-northeast-1.compute.amazonaws.com
| directss.jp-bank.japanpost.jp |
1
184.26.43.196
(Tokyo, Japan)
ASN20940 (AKAMAI-ASN1, NL)
PTR: a184-26-43-196.deploy.static.akamaitechnologies.com
ASN20940 (AKAMAI-ASN1, NL)
PTR: a184-26-43-196.deploy.static.akamaitechnologies.com
| direct.jp-bank.japanpost.jp |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 17 |
mymallhk.com
xigua.mymallhk.com |
553 KB |
| 3 |
japanpost.jp
directss.jp-bank.japanpost.jp direct.jp-bank.japanpost.jp |
65 KB |
| 2 |
gstatic.com
www.gstatic.com |
3 KB |
| 1 |
googleapis.com
translate.googleapis.com — Cisco Umbrella Rank: 1094 |
4 KB |
| 23 | 4 |
| Domain | Requested by | |
|---|---|---|
| 17 | xigua.mymallhk.com |
xigua.mymallhk.com
|
| 2 | www.gstatic.com |
xigua.mymallhk.com
translate.googleapis.com |
| 2 | directss.jp-bank.japanpost.jp |
xigua.mymallhk.com
|
| 1 | translate.googleapis.com |
xigua.mymallhk.com
|
| 1 | direct.jp-bank.japanpost.jp |
xigua.mymallhk.com
|
| 23 | 5 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| hlgshopping.com R3 |
2022-08-07 - 2022-11-05 |
3 months | crt.sh |
| directacct.jp-bank.japanpost.jp DigiCert SHA2 Extended Validation Server CA |
2022-03-16 - 2023-04-16 |
a year | crt.sh |
| direct.jp-bank.japanpost.jp DigiCert SHA2 Extended Validation Server CA |
2021-12-22 - 2022-12-22 |
a year | crt.sh |
| upload.video.google.com GTS CA 1C3 |
2022-07-18 - 2022-10-10 |
3 months | crt.sh |
| *.gstatic.com GTS CA 1C3 |
2022-07-18 - 2022-10-10 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://xigua.mymallhk.com/public/payview?payid=6
Frame ID: B51D9630AB593FE93A30186E063A157B
Requests: 23 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
payview
xigua.mymallhk.com/public/ |
16 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dgCJbase.css
xigua.mymallhk.com/bank/jp-bank/pages/sp/etc/css/ |
161 KB 162 KB |
Stylesheet
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.js
xigua.mymallhk.com/bank/jp-bank/pages/sp/etc/js/ |
90 KB 91 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
mjl.js
xigua.mymallhk.com/bank/jp-bank/pages/sp/etc/js/ |
37 KB 38 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
heightLine.js
xigua.mymallhk.com/bank/jp-bank/pages/sp/etc/js/ |
4 KB 4 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
run.js
xigua.mymallhk.com/bank/jp-bank/pages/sp/etc/js/ |
74 KB 74 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dgbjRequestControllerP01.js
xigua.mymallhk.com/bank/jp-bank/pages/sp/etc/js/ |
18 KB 18 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
rh.js
directss.jp-bank.japanpost.jp/js/ |
32 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
4fb56839
direct.jp-bank.japanpost.jp/akam/13/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
translateelement.css
translate.googleapis.com/translate_static/css/ |
18 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
DFCJheader_img_01.jpg
xigua.mymallhk.com/bank/jp-bank/pages/sp/etc/img/shared/ |
34 KB 34 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
DFCJdirect_img_01.jpg
xigua.mymallhk.com/bank/jp-bank/pages/sp/etc/img/shared/ |
25 KB 25 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
phissingmail.png
xigua.mymallhk.com/bank/jp-bank/pages/cmsimage/42/files/Image/ |
49 KB 49 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
DFCJfooter_img_01.jpg
xigua.mymallhk.com/bank/jp-bank/pages/sp/etc/img/shared/ |
24 KB 25 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
DFCJfooter_img_02.jpg
xigua.mymallhk.com/bank/jp-bank/pages/sp/etc/img/shared/ |
28 KB 28 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jS0dzano
xigua.mymallhk.com/UZQ-yzEwmTDL5A9Azw/iitOpLk4/WHN7XGwC/Bgh/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
translate_24dp.png
www.gstatic.com/images/branding/product/1x/ |
846 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
rh.js
directss.jp-bank.japanpost.jp/js/ |
32 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
DFCJicon_05.gif
xigua.mymallhk.com/bank/jp-bank/pages/sp/etc/img/icon/ |
0 61 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
DFCJicon_04.gif
xigua.mymallhk.com/bank/jp-bank/pages/sp/etc/img/icon/ |
0 61 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
DFCJicon_01.gif
xigua.mymallhk.com/bank/jp-bank/pages/sp/etc/img/icon/ |
0 61 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
DFCJicon_window01.gif
xigua.mymallhk.com/bank/jp-bank/pages/sp/etc/img/icon/ |
0 61 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
translate_24dp.png
www.gstatic.com/images/branding/product/2x/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Japan Post (Transportation)86 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery object| MJL function| pathReplace function| jsLaunchFidoApp function| jsLaunchFidoAppLogin function| jsLaunchFidoAppInactive function| jsLaunchFidoAppInactiveOverdraft function| launchFidoApp object| jQuery19108588242605292735 number| g3qRLb41_sh function| nd_shtml function| Ah3_sh object| z_sh object| wo_sh boolean| ije_sh boolean| ije9_sh boolean| ije10_sh string| zM_sh function| uw_sh function| ep_sh string| yM_sh function| ct44_shtml object| scpt_sh function| dec_shtml function| Ct44_shtml string| m_shtml function| rr_sh function| nd_sh object| nk_sh string| ua_sh number| pa_sh boolean| mac_sh function| at1_sh function| as_sh boolean| lge_sh undefined| lxE_sh boolean| kon_sh function| fJ_sh boolean| fas_sh boolean| goog_sh boolean| alreadyClicked boolean| isCanceled function| dcRequest string| wid string| hei string| men string| too string| loc string| sta string| res string| scr string| opt function| dcPrintRequest function| dcAbort function| cgfLoadHomepage string| gPwcHost function| dnre function| lgin object| _ieCie1aeti_ string| gPWDone function| uuid string| bazadebezolkohpepadr object| $tableDiv object| $SelectSelect number| $SelectChecked object| $checkCondition object| $checkMail object| $radio01_01 object| $radio01_02 object| $radio01_03 object| $radio02_03 object| $radio02_01 object| $hiddenbtn string| className string| parentClassName object| reg object| objCN0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
6 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
direct.jp-bank.japanpost.jp
directss.jp-bank.japanpost.jp
translate.googleapis.com
www.gstatic.com
xigua.mymallhk.com
154.39.158.16
184.26.43.196
2404:6800:4004:823::2003
2404:6800:4004:827::200a
35.75.187.174
217f54c50b9a1420f613a11a8b69af9917cb2a46850c7aa8f4ee61e58c53a5b8
22deb3c288aa42cc50140d782d5f4f7d1619857a9df25db9cf925b6fdb30f8db
4587eec8d58127936d597afb167c9a38a889389b4c58a3d64e16e9f18a95d83e
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82
4ed664b26296b3e8262c745402778ef4723a9584ea05af1f6466c8253c18efd6
5475e1da7a34565a6fd843a098a04e798f0294af6b9a32d5c4873f28a75e8949
5a861509b658aa24fc3aed2867ac3c061e7d818d90b9990959afc6d1b5d4ff99
5d0a6e3bc914db376bf187c380750b197c317e1bf40fab9ad959ad5facd8f9ed
687a7cfdd4e43597c21ef511d6c819835c6dc8c96f7e5f95697d07749b766e82
6a3a7e7dacffe678071af680dacaa04449dcfadfb7c885010f1631c80cffe61f
949aa792fb750d68fb3f22d1d5da01cbb279b120c0fbfa0d73bdd023f3ee82dd
b4ff878c5eb95950a30cbb613830ff9bb4842bdd7762b822a9f4591cb2dc64eb
bdd8000d37fa4698590e721db10f65f8a2d435cded92f56323fd9e354bf17619
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c22cc6ac9b1c3975b4a0a40d5176fb4e7f76d27530834366711e122a8ac351af
c47dd87c37f1a7bbaa65e263df95c797ed700a402420e15481e1fedc21a93b9f
d81e2d60f465cb0f6c5c0580ae1ddec4462536b0df5292a42297a0813a1a3eb1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855