xn--80aahfdd1bjj0dvc7e.xn--p1ai
Open in
urlscan Pro
Puny
гуляемнадаче.рф IDN
2a03:6f00:1::5c35:6076
Malicious Activity!
Public Scan
Effective URL: https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/----=+++.php?ip=2a03:1b20:6:f01...
Submission: On March 18 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on January 18th 2023. Valid for: 3 months.
This is the only time xn--80aahfdd1bjj0dvc7e.xn--p1ai was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: US Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 222.255.167.83 222.255.167.83 | 45899 (VNPT-AS-V...) (VNPT-AS-VN VNPT Corp) | |
4 6 | 2a03:6f00:1::... 2a03:6f00:1::5c35:6076 | 9123 (TIMEWEB-AS) (TIMEWEB-AS) | |
4 | 3 |
ASN45899 (VNPT-AS-VN VNPT Corp, VN)
PTR: static.vnpt.vn
truongnoivu-phqn.edu.vn |
ASN9123 (TIMEWEB-AS, RU)
xn--80aahfdd1bjj0dvc7e.xn--p1ai |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
4 redirects
function sub() { [native code] }. |
42 KB |
1 |
truongnoivu-phqn.edu.vn
truongnoivu-phqn.edu.vn |
588 B |
4 | 2 |
Domain | Requested by | |
---|---|---|
6 | xn--80aahfdd1bjj0dvc7e.xn--p1ai |
4 redirects
xn--80aahfdd1bjj0dvc7e.xn--p1ai
|
1 | truongnoivu-phqn.edu.vn | |
4 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
xn--80aahfdd1bjj0dvc7e.xn--p1ai R3 |
2023-01-18 - 2023-04-18 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/----=+++.php?ip=2a03:1b20:6:f011::b5e
Frame ID: D52EA3AFA694D63E92B01607F1BF3E20
Requests: 4 HTTP requests in this frame
Screenshot
Page Title
VerifyPage URL History Show full URLs
- http://truongnoivu-phqn.edu.vn/administrator/components/com_admin/4353opeyin34434/ Page URL
-
https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/
HTTP 302
https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7 HTTP 301
http://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/ HTTP 301
https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/ HTTP 302
https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/----=+++.ph... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://truongnoivu-phqn.edu.vn/administrator/components/com_admin/4353opeyin34434/ Page URL
-
https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/
HTTP 302
https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7 HTTP 301
http://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/ HTTP 301
https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/ HTTP 302
https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/----=+++.php?ip=2a03:1b20:6:f011::b5e Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 2- https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/login.png HTTP 302
- https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/6d9e74119901e3ddecafdf1fa90158f4 HTTP 302
- https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/23d2b981fcbd776b87e2bf2530622ad3 HTTP 302
- https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/9dc47ca0841a0702b8d6b52e8dbb6fa0 HTTP 302
- https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/260396dc1c39de63c4b8aa14b14b2325 HTTP 302
- https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/4bb2ac03c9142d43577c3c8f6b6348cf HTTP 302
- https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/ee387555ee51da7e9c8a4e9093196f34 HTTP 302
- https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/fc31269ad4e726b3c5cd5151d8de1df8 HTTP 302
- https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/9c862252a74019fa9417ed804f457404 HTTP 302
- https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/9828ad698a14b9f0c81063d5d35255dc HTTP 302
- https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/c7f3d787b33e61978fb49507b6977ceb HTTP 302
- https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/27993cd9f669897accf192dc1dcdcd36 HTTP 302
- https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/6b5db5e29929984fd2252a4333925806 HTTP 302
- https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/da670b53d160507c9ea42109824be32b HTTP 302
- https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/71986514566df47fc72fbb13d269e4df HTTP 302
- https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/cbfbdfdae8f8a4c45acbbfa930d75b67 HTTP 302
- https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/55c32d26103c221eb5230bca3eb1fe04 HTTP 302
- https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/0065542de40d8eb3d15b9c75988208df HTTP 302
- https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/ed8f51ec4de64c6d6d3c96db397fc66e HTTP 302
- https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/323c776a577c851ab7eca6c31811fa62 HTTP 302
- https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/f1110fa73fe798283d5eb810a45496cd
4 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
truongnoivu-phqn.edu.vn/administrator/components/com_admin/4353opeyin34434/ |
395 B 588 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
----=+++.php
xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/ Redirect Chain
|
788 B 594 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1.png
xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/img/ |
41 KB 41 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
f1110fa73fe798283d5eb810a45496cd
xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- xn--80aahfdd1bjj0dvc7e.xn--p1ai
- URL
- https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/f1110fa73fe798283d5eb810a45496cd
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: US Bank (Banking)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
xn--80aahfdd1bjj0dvc7e.xn--p1ai/ | Name: PHPSESSID Value: c7042e15d1683d73b22ca0e55cf82dbd |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
truongnoivu-phqn.edu.vn
xn--80aahfdd1bjj0dvc7e.xn--p1ai
xn--80aahfdd1bjj0dvc7e.xn--p1ai
222.255.167.83
2a03:6f00:1::5c35:6076
34303b793b7baf6412fc9f88a44afa3b151761f6f9f0a39a5cb54fae19456605
635642acf8c92a198a91ffc694099c53f09f01bbcfd7a78e6d0c3574b350e201