dichvugiupviecnha.com.vn
Open in
urlscan Pro
2606:4700:30::6818:610d
Malicious Activity!
Public Scan
Effective URL: https://dichvugiupviecnha.com.vn/control/umail.html
Submission: On November 07 via manual from US
Summary
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on October 11th 2019. Valid for: a year.
This is the only time dichvugiupviecnha.com.vn was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: US Universities (Education)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 107.189.162.104 107.189.162.104 | 53755 (IOFLOOD) (IOFLOOD - Input Output Flood LLC) | |
11 | 2606:4700:30:... 2606:4700:30::6818:610d | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
4 | 155.97.137.30 155.97.137.30 | 17055 (UTAH) (UTAH - University of Utah) | |
15 | 2 |
ASN53755 (IOFLOOD - Input Output Flood LLC, US)
PTR: we.love.servers.at.ioflood.net
estereolavozdelalfarero.org |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
dichvugiupviecnha.com.vn |
ASN17055 (UTAH - University of Utah, US)
PTR: autodiscover.ad.utah.edu
www.umail.utah.edu |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
dichvugiupviecnha.com.vn
dichvugiupviecnha.com.vn |
62 KB |
4 |
utah.edu
www.umail.utah.edu |
2 KB |
1 |
estereolavozdelalfarero.org
1 redirects
estereolavozdelalfarero.org |
310 B |
15 | 3 |
Domain | Requested by | |
---|---|---|
11 | dichvugiupviecnha.com.vn |
dichvugiupviecnha.com.vn
|
4 | www.umail.utah.edu |
dichvugiupviecnha.com.vn
|
1 | estereolavozdelalfarero.org | 1 redirects |
15 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
uofu.service-now.com |
webtools.umail.utah.edu |
office.com |
www.it.utah.edu |
www.utah.edu |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2019-10-11 - 2020-10-09 |
a year | crt.sh |
www.umail.utah.edu InCommon RSA Server CA |
2018-11-16 - 2020-11-15 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://dichvugiupviecnha.com.vn/control/umail.html
Frame ID: ABC74B94D6A98890F02E00068B8D92E1
Requests: 15 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://estereolavozdelalfarero.org/orio/?ac=on&ea=YWxleGlzLnVscmljaEB1dGFoLmVkdQ==
HTTP 302
https://dichvugiupviecnha.com.vn/control/umail.html Page URL
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
Page Statistics
7 Outgoing links
These are links going to different origins than the main page.
Title: UMail Help
Search URL Search Domain Scan URL
Title: WebTools
Search URL Search Domain Scan URL
Title: click here.
Search URL Search Domain Scan URL
Title: University Information Technology
Search URL Search Domain Scan URL
Title: The University of Utah
Search URL Search Domain Scan URL
Title: Disclaimer
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://estereolavozdelalfarero.org/orio/?ac=on&ea=YWxleGlzLnVscmljaEB1dGFoLmVkdQ==
HTTP 302
https://dichvugiupviecnha.com.vn/control/umail.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
umail.html
dichvugiupviecnha.com.vn/control/ Redirect Chain
|
68 KB 27 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logon.css
dichvugiupviecnha.com.vn/control/Outlook_files/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
owafont.css
dichvugiupviecnha.com.vn/control/Outlook_files/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
flogon.js
dichvugiupviecnha.com.vn/control/Outlook_files/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lgntopl.gif
dichvugiupviecnha.com.vn/control/Outlook_files/ |
9 KB 9 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lgntopr.gif
dichvugiupviecnha.com.vn/control/Outlook_files/ |
738 B 889 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lgnexlogo.gif
dichvugiupviecnha.com.vn/control/Outlook_files/ |
6 KB 6 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lgnbotl.gif
dichvugiupviecnha.com.vn/control/Outlook_files/ |
180 B 241 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lgnbotr.gif
dichvugiupviecnha.com.vn/control/Outlook_files/ |
76 B 137 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
email-decode.min.js
dichvugiupviecnha.com.vn/cdn-cgi/scripts/5c5dd728/cloudflare-static/ |
1 KB 816 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
page-bg.gif
www.umail.utah.edu/owa/auth/2010resources/ |
47 B 532 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lgntopm.gif
www.umail.utah.edu/owa/auth/2010resources/ |
106 B 592 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lgnleft.gif
www.umail.utah.edu/owa/auth/2010resources/ |
98 B 583 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lgnbotm.gif
www.umail.utah.edu/owa/auth/2010resources/ |
47 B 532 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
clm10
dichvugiupviecnha.com.vn/ |
54 KB 13 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: US Universities (Education)36 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| initLogon function| redir function| shw function| hd function| clkExp function| clkSec function| clkBsc function| clkLgn function| clkRtry function| clkReLgn function| gbid function| IsOwaPremiumBrowser function| hres function| LogoffMime function| addPerfMarker function| secureCookie function| isHttps function| clkSecExp function| kdSecExp function| checkSubmit number| a_fRC number| g_fFcs number| a_fLOff number| a_fCAC number| a_fEnbSMm function| IsMimeCtlInst function| RndMimeCtl function| RndMimeCtlHlpr number| NS_CSM_td number| NS_CSM_pd string| NS_CSM_u string| NS_CSM_an function| sendTimingInfoInit function| sendTimingInfo2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.dichvugiupviecnha.com.vn/ | Name: __cfduid Value: d4862506b30af0fde413c37ffa8d92a351573169514 |
|
dichvugiupviecnha.com.vn/control | Name: cookieTest Value: 1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
dichvugiupviecnha.com.vn
estereolavozdelalfarero.org
www.umail.utah.edu
107.189.162.104
155.97.137.30
2606:4700:30::6818:610d
082ec41ad08138ac984a5b04a99595c8b08b727d5c5582cdf8dd8409bac9f4a1
215d250a6028db2afb14ba5028f23493f042cee6fdd59f59e4deb10fd63b1060
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
274b77b93608275e8123b31b8a550a954d0dd1cce35449fc0c5bb4293d95d951
3c11c3147a6748095b23c5c6919d43670137a99b36a2832d5a26ce3ffd02742e
5a8a50bbfec3340a13879de71a5dbe889eca252ac9cfb523c6cea94f05b7b673
68735edb4b81bf80b20746699995d801b7d98941ed3a6e9eebe931fea734a6a3
a1dab94cdd8a03235c8a0f3ec4b2d2bac3180dcfb6507abc49f12055779441e8
bab4372565d9faf99e6aec22c54a095d5ced7d47e7a946692e9ae3b5e6d83ce2
c70c99a71a2e86e6ed28d893bf3df3ef9b0ce9d7a6164d8f5d0e144f3aa5a200
d43b54099a9b1b387857da97e98ec0e3fb06c1476e17cd1839f1e87da5da7f9f
d9a847e157c07d64faa94862f40d5800f57f20addd3cf0d9fbf28fb06ea285d1
ed23f689ffcf93ebfe3923e832ae3106fca4d7583a98ea365f4f7cc6d01efc4c
eeaf2e3321194dea1716f0e11e4417f2f52922427dcdb1e0b6731cf4c07207d6
f8ad9656b5c7176d247384fb3138ce1455e0b66255656c4d6d08b2f36723f1da