hnl.com.tw
Open in
urlscan Pro
211.72.207.207
Malicious Activity!
Public Scan
Effective URL: https://hnl.com.tw/public/hg8886hgh/index.html
Submission: On October 08 via manual from TW — Scanned from DE
Summary
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on October 7th 2023. Valid for: 3 months.
This is the only time hnl.com.tw was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Email (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 5 | 211.72.207.207 211.72.207.207 | 3462 (HINET Dat...) (HINET Data Communication Business Group) | |
4 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
hnl.com.tw
1 redirects
hnl.com.tw |
456 KB |
4 | 1 |
Domain | Requested by | |
---|---|---|
5 | hnl.com.tw |
1 redirects
hnl.com.tw
|
4 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
hnl.com.tw ZeroSSL RSA Domain Secure Site CA |
2023-10-07 - 2024-01-05 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://hnl.com.tw/public/hg8886hgh/index.html
Frame ID: EC45F614F743E7B2A3149C318DCDB140
Requests: 7 HTTP requests in this frame
Screenshot
Page Title
Webmail Portal AccessPage URL History Show full URLs
-
http://hnl.com.tw/public/hg8886hgh/index.html
HTTP 302
https://hnl.com.tw/public/hg8886hgh/index.html Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://hnl.com.tw/public/hg8886hgh/index.html
HTTP 302
https://hnl.com.tw/public/hg8886hgh/index.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
4 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
hnl.com.tw/public/hg8886hgh/ Redirect Chain
|
32 KB 32 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
16 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
26-269507_arbys-logo-transparent-norton-secured-logo-png-png.png
hnl.com.tw/public/hg8886hgh/m/ |
55 KB 55 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.5.0.js
hnl.com.tw/public/hg8886hgh/m/ |
281 KB 281 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.6.0.min.js
hnl.com.tw/public/hg8886hgh/m/ |
87 KB 88 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
558 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
520 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Email (Online)18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| url string| hash string| hasherror string| email string| error number| count undefined| my_email undefined| ind undefined| my_slice undefined| mainPage undefined| sv undefined| image undefined| msg object| alertt function| showEl function| hideEl0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
hnl.com.tw
211.72.207.207
214a2ddf694898abd5d3130a51b6f9775ca7c3d2f3694cd30cadfc4f6318e229
2172033cc841f94e32ca4412cd380e43d873a9e74e54aee03f0d26ed72d20be5
2d1c6efc7ba8d7b7a3bd04a9e11a7761c112e4bbc23f74937749067acea91d70
42171d76548498998da88f032aba50a028b9481fd7004a9a3b5d3b8d98fe48a2
578254b8c8e53db6ffe80754d29a9db454d8818885ac826b11e9b95389618b5b
aff01a147aeccc9b70a5efad1f2362fd709f3316296ec460d94aa7d31decdb37
c031bcc5db02af936db7bdfd038cd3cbbe2c4aba01212bd3e0563e079af8e0f8