nhatngusakura.com
Open in
urlscan Pro
103.130.216.100
Malicious Activity!
Public Scan
Submission: On October 22 via automatic, source openphish — Scanned from DE
Summary
This is the only time nhatngusakura.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
10 | 103.130.216.100 103.130.216.100 | 135951 (WEBICO-AS...) (WEBICO-AS-VN Webico Company Limited) | |
1 | 2a00:1450:400... 2a00:1450:4001:831::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 194.1.147.82 194.1.147.82 | 210250 (WPX) (WPX) | |
12 | 3 |
ASN135951 (WEBICO-AS-VN Webico Company Limited, VN)
PTR: h216100.tino.org
nhatngusakura.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
nhatngusakura.com
nhatngusakura.com |
2 MB |
1 |
smallenvelop.com
smallenvelop.com |
|
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 306 |
30 KB |
12 | 3 |
Domain | Requested by | |
---|---|---|
10 | nhatngusakura.com |
nhatngusakura.com
|
1 | smallenvelop.com |
nhatngusakura.com
|
1 | ajax.googleapis.com |
nhatngusakura.com
|
12 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
upload.video.google.com GTS CA 1C3 |
2022-09-26 - 2022-12-19 |
3 months | crt.sh |
nhatngusakura.com R3 |
2022-09-14 - 2022-12-13 |
3 months | crt.sh |
smallenvelop.com R3 |
2022-09-01 - 2022-11-30 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://nhatngusakura.com/wehhsfargoo/login.php?cmd=login_submit&id=f89139b8cdbbcb50e1f56925990a1966f89139b8cdbbcb50e1f56925990a1966&session=f89139b8cdbbcb50e1f56925990a1966f89139b8cdbbcb50e1f56925990a1966
Frame ID: 7E2E1443D4CC56E5E952DB35D22AE8C0
Requests: 12 HTTP requests in this frame
Screenshot
Page Title
Sign InDetected technologies
WordPress (CMS) ExpandDetected patterns
- /wp-(?:content|includes)/
PHP (Programming Languages) Expand
Detected patterns
- \.php(?:$|\?)
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login.php
nhatngusakura.com/wehhsfargoo/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
w1.png
nhatngusakura.com/wehhsfargoo/images/ |
14 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
w2.png
nhatngusakura.com/wehhsfargoo/images/ |
466 KB 466 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
w3.png
nhatngusakura.com/wehhsfargoo/images/ |
371 KB 371 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
w4.png
nhatngusakura.com/wehhsfargoo/images/ |
652 KB 652 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
w5.png
nhatngusakura.com/wehhsfargoo/images/ |
305 KB 305 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
w6.png
nhatngusakura.com/wehhsfargoo/images/ |
78 KB 78 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
w7.png
nhatngusakura.com/wehhsfargoo/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
w8.png
nhatngusakura.com/wehhsfargoo/images/ |
78 KB 79 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Preloader_11.gif
smallenvelop.com/wp-content/uploads/2014/08/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wgh.png
nhatngusakura.com/wehhsfargoo/images/ |
798 B 830 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
nhatngusakura.com
smallenvelop.com
103.130.216.100
194.1.147.82
2a00:1450:4001:831::200a
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
132aee365fd34939b9f166f3d496c106c8b88164f15a660ed447c56be369ab34
2e93757f631c5f59cefe5e2e539b259cc71b971ff9e18c8d3bdb29dc956ea89c
2f52444b6661a762ececef9913d14b18d3a12a33284fc8d3d059ebec7b717a18
302bcd9813da778d0b8318432b453f44a10cf9a2be5ea372258b2e5f83a1adc9
3f2a22676798087ea4f7092aaa1ada0ea1a9a7811d150db644cfaf987f9d842a
64701075a3cdc35fcff4383b98a6a42d827b62ec99c2ab6f41595fdee80d9f99
65e54c437b7e5b607b1532d08a91e7d1f332a39e2036047728ee183c75d64eff
69007d0509bdbb2e53417d9e6dc5e24fae3abd22fa6f97c36a754f1c86bffb6a
9483c45d8cbbd94ccc687a5088b8ba35d8ff8b2b3855198c05179514985e317f
c825218949fd1e01b648571a1aac2422f382e713ca07d75a9fa028c27c54e2e7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855