haken.ca-ss.jp Open in urlscan Pro
183.90.235.40  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request login.php Show response haken.ca-ss.jp//pbsoffshore/SharePoint/	3 KB 2 KB	2470ms 187ms	Document text/html	183.90.235.40 XSERVER Xserver Inc.
General Check archive.org Show headers Download Go to Full URL https://haken.ca-ss.jp//pbsoffshore/SharePoint/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 183.90.235.40 , Japan, ASN131965 (XSERVER Xserver Inc., JP), Reverse DNS sv179.xbiz.ne.jp Software nginx / Resource Hash cd879905ba7870596958ca4b0dc36255f9d5eb14b8dd14f3a3abc40cdc06ceb9 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Accept-Language en-CA,en;q=0.9 Response headers server nginx date Thu, 24 Feb 2022 15:06:21 GMT content-type text/html; charset=UTF-8 vary Accept-Encoding content-encoding gzip
GET H2	200	style.css haken.ca-ss.jp//pbsoffshore/SharePoint/css/	7 KB 2 KB	186ms 186ms	Stylesheet text/css	183.90.235.40 XSERVER Xserver Inc.
General Check archive.org Show headers Download Go to Full URL https://haken.ca-ss.jp//pbsoffshore/SharePoint/css/style.css Requested by Host: haken.ca-ss.jp URL: https://haken.ca-ss.jp//pbsoffshore/SharePoint/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 183.90.235.40 , Japan, ASN131965 (XSERVER Xserver Inc., JP), Reverse DNS sv179.xbiz.ne.jp Software nginx / Resource Hash 0c3903c3fe3749bb8040d278dc47a7ac9bd10caafcda272f0c1d671e0d2e7347 Request headers Accept-Language en-CA,en;q=0.9 Referer https://haken.ca-ss.jp//pbsoffshore/SharePoint/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 24 Feb 2022 15:06:21 GMT content-encoding gzip last-modified Thu, 24 Feb 2022 13:49:48 GMT server nginx etag W/"1b8f-5d8c3db031369" vary Accept-Encoding content-type text/css cache-control max-age=604800 expires Thu, 03 Mar 2022 15:06:21 GMT
GET H2	200	tcc_l.combined.1.0.6.min.js Show response img1.wsimg.com/tcc/	12 KB 5 KB	80ms 24ms	Script application/x-javascript	23.33.40.73 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js Requested by Host: haken.ca-ss.jp URL: https://haken.ca-ss.jp//pbsoffshore/SharePoint/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.33.40.73 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-33-40-73.deploy.static.akamaitechnologies.com Software / Resource Hash aa5c1ec4d2ea00eb517eadeb3b65e55b577b7a5ed42d7c2611d15d9050c18350 Request headers Accept-Language en-CA,en;q=0.9 Referer https://haken.ca-ss.jp/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 24 Feb 2022 15:06:21 GMT content-encoding gzip last-modified Fri, 31 Mar 2017 16:26:41 GMT etag "52ef5c943baad21:0" vary Accept-Encoding content-type application/x-javascript access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes timing-allow-origin * content-length 4564 expires Fri, 24 Feb 2023 15:06:21 GMT
GET H2	200	1.png haken.ca-ss.jp//pbsoffshore/SharePoint/css/	640 KB 641 KB	371ms 371ms	Image image/png	183.90.235.40 XSERVER Xserver Inc.
General Check archive.org Show headers Download Go to Show image Full URL https://haken.ca-ss.jp//pbsoffshore/SharePoint/css/1.png Requested by Host: haken.ca-ss.jp URL: https://haken.ca-ss.jp//pbsoffshore/SharePoint/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 183.90.235.40 , Japan, ASN131965 (XSERVER Xserver Inc., JP), Reverse DNS sv179.xbiz.ne.jp Software nginx / Resource Hash 483f35c9612616f2082ae918c5171c9a39d2a6f5fc63cec7c6685fa61ef2f3dd Request headers Accept-Language en-CA,en;q=0.9 Referer https://haken.ca-ss.jp//pbsoffshore/SharePoint/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 24 Feb 2022 15:06:22 GMT last-modified Thu, 24 Feb 2022 13:49:48 GMT server nginx etag "a01fc-5d8c3db0303c8" content-type image/png cache-control max-age=604800 accept-ranges bytes content-length 655868 expires Thu, 03 Mar 2022 15:06:22 GMT
GET H2	200	one.png haken.ca-ss.jp//pbsoffshore/SharePoint/assets/	13 KB 13 KB	552ms 552ms	Image image/png	183.90.235.40 XSERVER Xserver Inc.
General Check archive.org Show headers Download Go to Show image Full URL https://haken.ca-ss.jp//pbsoffshore/SharePoint/assets/one.png Requested by Host: haken.ca-ss.jp URL: https://haken.ca-ss.jp//pbsoffshore/SharePoint/css/style.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 183.90.235.40 , Japan, ASN131965 (XSERVER Xserver Inc., JP), Reverse DNS sv179.xbiz.ne.jp Software nginx / Resource Hash 7f672d39017602a1ef5b484477bb7743904515691c3a0242993934d1dd833ece Request headers Accept-Language en-CA,en;q=0.9 Referer https://haken.ca-ss.jp//pbsoffshore/SharePoint/css/style.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 24 Feb 2022 15:06:22 GMT last-modified Thu, 24 Feb 2022 13:49:48 GMT server nginx etag "335d-5d8c3db02e488" content-type image/png cache-control max-age=604800 accept-ranges bytes content-length 13149 expires Thu, 03 Mar 2022 15:06:22 GMT
GET H2	200	office.png haken.ca-ss.jp//pbsoffshore/SharePoint/img/	17 KB 17 KB	553ms 552ms	Image image/png	183.90.235.40 XSERVER Xserver Inc.
General Check archive.org Show headers Download Go to Show image Full URL https://haken.ca-ss.jp//pbsoffshore/SharePoint/img/office.png Requested by Host: haken.ca-ss.jp URL: https://haken.ca-ss.jp//pbsoffshore/SharePoint/css/style.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 183.90.235.40 , Japan, ASN131965 (XSERVER Xserver Inc., JP), Reverse DNS sv179.xbiz.ne.jp Software nginx / Resource Hash 7fdbc14d6508de7a3bc4aa64da8d28fa0429333220dc611513a718fc26287069 Request headers Accept-Language en-CA,en;q=0.9 Referer https://haken.ca-ss.jp//pbsoffshore/SharePoint/css/style.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 24 Feb 2022 15:06:22 GMT last-modified Thu, 24 Feb 2022 13:49:48 GMT server nginx etag "42fb-5d8c3db0351e9" content-type image/png cache-control max-age=604800 accept-ranges bytes content-length 17147 expires Thu, 03 Mar 2022 15:06:22 GMT
GET H2	200	mail.png haken.ca-ss.jp//pbsoffshore/SharePoint/img/	31 KB 31 KB	553ms 552ms	Image image/png	183.90.235.40 XSERVER Xserver Inc.
General Check archive.org Show headers Download Go to Show image Full URL https://haken.ca-ss.jp//pbsoffshore/SharePoint/img/mail.png Requested by Host: haken.ca-ss.jp URL: https://haken.ca-ss.jp//pbsoffshore/SharePoint/css/style.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 183.90.235.40 , Japan, ASN131965 (XSERVER Xserver Inc., JP), Reverse DNS sv179.xbiz.ne.jp Software nginx / Resource Hash 698c5bd6703e9ebeb2d9942fe1a29fd4f1ad5991c53089f1962f828c0b8dfd4d Request headers Accept-Language en-CA,en;q=0.9 Referer https://haken.ca-ss.jp//pbsoffshore/SharePoint/css/style.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 24 Feb 2022 15:06:22 GMT last-modified Thu, 24 Feb 2022 13:49:48 GMT server nginx etag "7b11-5d8c3db0351e9" content-type image/png cache-control max-age=604800 accept-ranges bytes content-length 31505 expires Thu, 03 Mar 2022 15:06:22 GMT
GET H/1.1	200 OK	event img.secureserver.net/t/1/tl/	43 B 379 B	103ms 47ms	Image image/gif	23.73.238.191 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://img.secureserver.net/t/1/tl/event?cts=1645715183364&tce=1645715181646&tcs=1645715181275&tdc=1645715183163&tdclee=1645715182049&tdcles=1645715182049&tdi=1645715182049&tdl=1645715181837&tdle=1645715181275&tdls=1645715179364&tfs=1645715179363&tns=1645715179363&trqs=1645715181646&tre=1645715181834&trps=1645715181833&tles=1645715183163&tlee=1645715183163&ht=perf&dh=haken.ca-ss.jp&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F98.0.4758.80%20Safari%2F537.36&vci=1193620474&cv=1.0.6&z=1438472739&vg=267cd4ef-3365-430d-8640-013e22b1c84c&vtg=267cd4ef-3365-430d-8640-013e22b1c84c&ap=cpsh&trfd=%7B%22cts%22%3A1645715182048%2C%22tccl.baseHost%22%3A%22secureserver.net%22%2C%22ap%22%3A%22cpsh%22%2C%22server%22%3A%22p3plcpnl0778%22%7D&dp=%2F%2Fpbsoffshore%2FSharePoint%2Flogin.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.73.238.191 Edison, United States, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-73-238-191.deploy.static.akamaitechnologies.com Software / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Security Headers Name Value Strict-Transport-Security max-age=31536000 ; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Accept-Language en-CA,en;q=0.9 Referer https://haken.ca-ss.jp/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Strict-Transport-Security max-age=31536000 ; includeSubDomains X-Content-Type-Options nosniff Date Thu, 24 Feb 2022 15:06:23 GMT X-Frame-Options DENY Content-Type image/gif Cache-Control private Connection keep-alive X-Robots-Tag noindex, nofollow Content-Length 43 X-XSS-Protection 1; mode=block

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sharepoint (Online)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone function| popupwnd object| _trfd function| tcg function| tcp object| perfhandler object| TCCTracker object| _trfq object| true

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			haken.ca-ss.jp/	1970-01-20 09:54:11	Name: _tccl_visitor Value: 267cd4ef-3365-430d-8640-013e22b1c84c
			haken.ca-ss.jp/	1970-01-20 01:08:36	Name: _tccl_visit Value: 267cd4ef-3365-430d-8640-013e22b1c84c

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

haken.ca-ss.jp
img.secureserver.net
img1.wsimg.com
183.90.235.40
23.33.40.73
23.73.238.191
0c3903c3fe3749bb8040d278dc47a7ac9bd10caafcda272f0c1d671e0d2e7347
483f35c9612616f2082ae918c5171c9a39d2a6f5fc63cec7c6685fa61ef2f3dd
698c5bd6703e9ebeb2d9942fe1a29fd4f1ad5991c53089f1962f828c0b8dfd4d
7f672d39017602a1ef5b484477bb7743904515691c3a0242993934d1dd833ece
7fdbc14d6508de7a3bc4aa64da8d28fa0429333220dc611513a718fc26287069
aa5c1ec4d2ea00eb517eadeb3b65e55b577b7a5ed42d7c2611d15d9050c18350
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
cd879905ba7870596958ca4b0dc36255f9d5eb14b8dd14f3a3abc40cdc06ceb9