kanny.com.vn
Open in
urlscan Pro
103.141.144.86
Malicious Activity!
Public Scan
URL:
https://kanny.com.vn/wordpress/wp-content/particuliers/aces/particulier/loginform3ad6.php
Submission: On May 16 via api from LU — Scanned from DE
Submission: On May 16 via api from LU — Scanned from DE
Summary
This website contacted 2 IPs
in 1 countries
across 2 domains to perform 20 HTTP transactions.
The main IP is 103.141.144.86, located in
Viet Nam and
belongs to VNDIC-AS-VN D.I.C Viet Nam Technology Joint Stock Company, VN.
The main domain is kanny.com.vn.
TLS certificate: Issued by R3 on April 21st 2024. Valid for: 3 months.
This is the only time kanny.com.vn was scanned on urlscan.io!
TLS certificate: Issued by R3 on April 21st 2024. Valid for: 3 months.
This is the only time kanny.com.vn was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banque Postale (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 18 | 103.141.144.86 103.141.144.86 | 140818 (VNDIC-AS-...) (VNDIC-AS-VN D.I.C Viet Nam Technology Joint Stock Company) | |
| 20 | 2 |
18
103.141.144.86
(Viet Nam)
ASN140818 (VNDIC-AS-VN D.I.C Viet Nam Technology Joint Stock Company, VN)
PTR: vndic.vn
ASN140818 (VNDIC-AS-VN D.I.C Viet Nam Technology Joint Stock Company, VN)
PTR: vndic.vn
| kanny.com.vn |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 18 |
kanny.com.vn
kanny.com.vn |
56 KB |
| 0 |
labanquepostale.fr
Failed
transverse.labanquepostale.fr Failed |
|
| 20 | 2 |
| Domain | Requested by | |
|---|---|---|
| 18 | kanny.com.vn |
kanny.com.vn
|
| 0 | transverse.labanquepostale.fr Failed |
kanny.com.vn
|
| 20 | 2 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| kanny.com.vn R3 |
2024-04-21 - 2024-07-20 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://kanny.com.vn/wordpress/wp-content/particuliers/aces/particulier/loginform3ad6.php
Frame ID: 12BC117DAE6177CEE6291CD92133B8AC
Requests: 20 HTTP requests in this frame
Screenshot
Page Title
Identification - La Banque PostaleDetected technologies
WordPress
(CMS)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- /wp-(?:content|includes)/
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
loginform3ad6.php
kanny.com.vn/wordpress/wp-content/particuliers/aces/particulier/ |
8 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
cvs_all.css
kanny.com.vn/wordpress/wp-content/particuliers/aces/particulier/assets/xo_/09_08_01.000/cvvs/css/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
loader.css
kanny.com.vn/wordpress/wp-content/particuliers/aces/particulier/assets/xo_/09_08_01.000/cvvs/css/ |
810 B 426 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
cvs_portable.css
kanny.com.vn/wordpress/wp-content/particuliers/aces/particulier/assets/xo_/09_08_01.000/cvvs/css/ |
1 KB 459 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
rules.js
kanny.com.vn/wordpress/wp-content/particuliers/aces/particulier/ |
561 B 354 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
tranc.png
kanny.com.vn/wordpress/wp-content/particuliers/aces/particulier/assets/xo_/09_08_01.000/cvvs/img/ |
494 B 542 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
5.png
kanny.com.vn/wordpress/wp-content/particuliers/aces/particulier/assets/xo_/09_08_01.000/cvvs/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
7.png
kanny.com.vn/wordpress/wp-content/particuliers/aces/particulier/assets/xo_/09_08_01.000/cvvs/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
0.png
kanny.com.vn/wordpress/wp-content/particuliers/aces/particulier/assets/xo_/09_08_01.000/cvvs/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
2.png
kanny.com.vn/wordpress/wp-content/particuliers/aces/particulier/assets/xo_/09_08_01.000/cvvs/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
9.png
kanny.com.vn/wordpress/wp-content/particuliers/aces/particulier/assets/xo_/09_08_01.000/cvvs/img/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
1.png
kanny.com.vn/wordpress/wp-content/particuliers/aces/particulier/assets/xo_/09_08_01.000/cvvs/img/ |
790 B 838 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
3.png
kanny.com.vn/wordpress/wp-content/particuliers/aces/particulier/assets/xo_/09_08_01.000/cvvs/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
6.png
kanny.com.vn/wordpress/wp-content/particuliers/aces/particulier/assets/xo_/09_08_01.000/cvvs/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
4.png
kanny.com.vn/wordpress/wp-content/particuliers/aces/particulier/assets/xo_/09_08_01.000/cvvs/img/ |
995 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
8.png
kanny.com.vn/wordpress/wp-content/particuliers/aces/particulier/assets/xo_/09_08_01.000/cvvs/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-1.11.1.min.js
kanny.com.vn/wordpress/wp-content/particuliers/aces/particulier/assets/cdn/js/ |
108 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
cvs_ie.js
transverse.labanquepostale.fr/xo_/09_08_01.000/cvvs/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
message.html
transverse.labanquepostale.fr/xo_/messages/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
favicon.ico
kanny.com.vn/ |
0 79 B |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- transverse.labanquepostale.fr
- URL
- https://transverse.labanquepostale.fr/xo_/09_08_01.000/cvvs/js/cvs_ie.js
- Domain
- transverse.labanquepostale.fr
- URL
- https://transverse.labanquepostale.fr/xo_/messages/message.html?param=0x13212070&v=2&origin=undefined&url_retour=http%3A%2F%2Fvoscomptesenligne.labanquepostale.fr%2Fwsost%2FOstBrokerWeb%2Floginform%3FTAM_OP%3Dlogin%26ERROR_CODE%3D0x00000000%26URL%3D%2Fvoscomptes%2FcanalXHTML%2Fidentif.ea%3Forigin%3Dparticuliers
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banque Postale (Banking)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| vide1 function| addCode string| OST_origin string| OST_flash string| OST_audio5 string| OST_audioOgg string| OST_action string| PATH_STATIQUE string| IMG_ALL function| $ function| jQuery1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .labanquepostale.fr/ | Name: lbp_csid Value: 7bzq7mnPYjyLdd2cHTgaehNNXKkpajP8J5ibnTd+4tA= |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
kanny.com.vn
transverse.labanquepostale.fr
transverse.labanquepostale.fr
103.141.144.86
02883dd10cd1709d5773c4effc89848a2d29426bee60c365c8baa9a9657bc27e
057064a54ac1ed336ed8f843abcff4ca46f029a66e672a84de60ef05f474ac80
14e385767e24fd46944b524844d81ef51ee5f158c39f30ce328650576fef909b
25644920b3b2c4939b6526500429c055622e7e1de66ba3c94564f4087266b389
3091e6f5b9c5ee69083c5a8ba66c2fedad3486999fe9453c27935210febf90a6
31ee6139cb80e639cbdd0a9a348a50378d724b9f9eeb88b7aa765fc52cec6d74
3429cde5d5bb36841853012564be5c95d0a43bd011c7be2de2a3e46c47e35512
628b85ea38adb4029144de607437f3ae81792594d408a0864312def765198e78
6b0ca7c31f26738bca7a92cbe07d337f4983f6a622e9282dc099189554f86ae8
74988285d000f33dad0757df8e3bbf4d31db7da2408368b8e908c04252f6ca3a
a3290264f1b3d6900a218ccee4022e13f99c7924e85848b14b1f589a90640eeb
aa91dcc4401777babcb006bb0fe2251fc9bbef4da196e1b55dd7874109c0ec75
c9e9f10534273e765961461834fb1282944c2a254691254642bd3fe124fb390d
caf97e8b9d3e9d958538bf52868c1639c2dd70f52ed9f32d9dc9f9bb87f96b30
d311a2001ac60f378bb930c00513147f072f1db94d0701e3298d82ee6486f7e2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3ebf05fee61aec7ad4bcc656d1b40e37b6d4a5388ee63cf078d96199af7138c
e7b45a69007e01a040ab454d322323af7451cb90c33cb1dffa3895e41c04c274