hnl.com.tw - urlscan.io

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 4 HTTP transactions. The main IP is 211.72.207.207, located in Taipei, Taiwan and belongs to HINET Data Communication Business Group, TW. The main domain is hnl.com.tw.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on October 7th 2023. Valid for: 3 months.

This is the only time hnl.com.tw was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

	IP Address		AS Autonomous System
1 5	211.72.207.207 211.72.207.207		3462 (HINET Dat...) (HINET Data Communication Business Group)
4	2

5 211.72.207.207 (Taipei, Taiwan) 1 redirects

ASN3462 (HINET Data Communication Business Group, TW)

hnl.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	hnl.com.tw 1 redirects hnl.com.tw	456 KB
4	1

	Domain	Requested by
5	hnl.com.tw	1 redirects hnl.com.tw
4	1

This site contains no links.

Subject Issuer	Validity	Valid
hnl.com.tw ZeroSSL RSA Domain Secure Site CA	`2023-10-07` - `2024-01-05`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://hnl.com.tw/public/hg8886hgh/index.html
Frame ID: EC45F614F743E7B2A3149C318DCDB140
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Webmail Portal Access

Page URL History Show full URLs

http://hnl.com.tw/public/hg8886hgh/index.html HTTP 302
https://hnl.com.tw/public/hg8886hgh/index.html Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

4
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

456 kB
Transfer

472 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://hnl.com.tw/public/hg8886hgh/index.html HTTP 302
https://hnl.com.tw/public/hg8886hgh/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request index.html Show response hnl.com.tw/public/hg8886hgh/ Redirect Chain http://hnl.com.tw/public/hg8886hgh/index.html https://hnl.com.tw/public/hg8886hgh/index.html	32 KB 32 KB	847ms 208ms	Document text/html	211.72.207.207 HINET Data Commun...
General Check archive.org Show headers Download Go to Full URL https://hnl.com.tw/public/hg8886hgh/index.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 211.72.207.207 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW), Reverse DNS Software Apache / Resource Hash `214a2ddf694898abd5d3130a51b6f9775ca7c3d2f3694cd30cadfc4f6318e229` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Accept-Ranges bytes Connection close Content-Length 32648 Content-Type text/html Date Sun, 08 Oct 2023 06:50:37 GMT ETag "3da12c7-7f88-606ed23cd4cee" Last-Modified Thu, 05 Oct 2023 00:23:57 GMT Server Apache Redirect headers Connection close Content-Length 230 Content-Type text/html; charset=iso-8859-1 Date Sun, 08 Oct 2023 06:50:36 GMT Location https://hnl.com.tw/public/hg8886hgh/index.html Server Apache
GET DATA	200 OK	truncated /	16 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `2d1c6efc7ba8d7b7a3bd04a9e11a7761c112e4bbc23f74937749067acea91d70` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Content-Type image/png
GET H/1.1	200 OK	26-269507_arbys-logo-transparent-norton-secured-logo-png-png.png hnl.com.tw/public/hg8886hgh/m/	55 KB 55 KB	670ms 229ms	Image image/png	211.72.207.207 HINET Data Commun...
General Check archive.org Show headers Download Go to Show image Full URL https://hnl.com.tw/public/hg8886hgh/m/26-269507_arbys-logo-transparent-norton-secured-logo-png-png.png Requested by Host: hnl.com.tw URL: https://hnl.com.tw/public/hg8886hgh/index.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 211.72.207.207 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW), Reverse DNS Software Apache / Resource Hash `42171d76548498998da88f032aba50a028b9481fd7004a9a3b5d3b8d98fe48a2` Request headers accept-language de-DE,de;q=0.9 Referer https://hnl.com.tw/public/hg8886hgh/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Date Sun, 08 Oct 2023 06:50:38 GMT Last-Modified Thu, 05 Oct 2023 00:23:57 GMT Server Apache ETag "3da12c8-db2d-606ed23cd50d6" Content-Type image/png Connection close Accept-Ranges bytes Content-Length 56109
GET H/1.1	200 OK	jquery-3.5.0.js Show response hnl.com.tw/public/hg8886hgh/m/	281 KB 281 KB	633ms 218ms	Script application/javascript	211.72.207.207 HINET Data Commun...
General Check archive.org Show headers Download Go to Full URL https://hnl.com.tw/public/hg8886hgh/m/jquery-3.5.0.js Requested by Host: hnl.com.tw URL: https://hnl.com.tw/public/hg8886hgh/index.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 211.72.207.207 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW), Reverse DNS Software Apache / Resource Hash `aff01a147aeccc9b70a5efad1f2362fd709f3316296ec460d94aa7d31decdb37` Request headers accept-language de-DE,de;q=0.9 Referer https://hnl.com.tw/public/hg8886hgh/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Date Sun, 08 Oct 2023 06:50:38 GMT X-Pad avoid browser bug Last-Modified Thu, 05 Oct 2023 00:23:57 GMT Server Apache ETag "3da12c9-463a1-606ed23cd58a6" Content-Type application/javascript Connection close Accept-Ranges bytes Content-Length 287649
GET H/1.1	200 OK	jquery-3.6.0.min.js Show response hnl.com.tw/public/hg8886hgh/m/	87 KB 88 KB	659ms 224ms	Script application/javascript	211.72.207.207 HINET Data Commun...
General Check archive.org Show headers Download Go to Full URL https://hnl.com.tw/public/hg8886hgh/m/jquery-3.6.0.min.js Requested by Host: hnl.com.tw URL: https://hnl.com.tw/public/hg8886hgh/index.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 211.72.207.207 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW), Reverse DNS Software Apache / Resource Hash `c031bcc5db02af936db7bdfd038cd3cbbe2c4aba01212bd3e0563e079af8e0f8` Request headers accept-language de-DE,de;q=0.9 Referer https://hnl.com.tw/public/hg8886hgh/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Date Sun, 08 Oct 2023 06:50:38 GMT X-Pad avoid browser bug Last-Modified Thu, 05 Oct 2023 00:23:57 GMT Server Apache ETag "3da12ca-15de1-606ed23cd58a6" Content-Type application/javascript Connection close Accept-Ranges bytes Content-Length 89569
GET DATA	200 OK	truncated /	558 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `578254b8c8e53db6ffe80754d29a9db454d8818885ac826b11e9b95389618b5b` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	520 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `2172033cc841f94e32ca4412cd380e43d873a9e74e54aee03f0d26ed72d20be5` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Content-Type image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

hnl.com.tw
211.72.207.207
214a2ddf694898abd5d3130a51b6f9775ca7c3d2f3694cd30cadfc4f6318e229
2172033cc841f94e32ca4412cd380e43d873a9e74e54aee03f0d26ed72d20be5
2d1c6efc7ba8d7b7a3bd04a9e11a7761c112e4bbc23f74937749067acea91d70
42171d76548498998da88f032aba50a028b9481fd7004a9a3b5d3b8d98fe48a2
578254b8c8e53db6ffe80754d29a9db454d8818885ac826b11e9b95389618b5b
aff01a147aeccc9b70a5efad1f2362fd709f3316296ec460d94aa7d31decdb37
c031bcc5db02af936db7bdfd038cd3cbbe2c4aba01212bd3e0563e079af8e0f8

hnl.com.tw Open in urlscan Pro 211.72.207.207 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

4 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

456 kBTransfer

472 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

18 JavaScript Global Variables

0 Cookies

Indicators

hnl.com.tw Open in urlscan Pro
211.72.207.207 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

456 kB
Transfer

472 kB
Size

0
Cookies

4 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!