urlscan.io logo urlscan.io
SecurityTrails logo

xn--80aahfdd1bjj0dvc7e.xn--p1ai Open in urlscan Pro Puny
гуляемнадаче.рф IDN
2a03:6f00:1::5c35:6076  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://truongnoivu-phqn.edu.vn/administrator/components/com_admin/4353opeyin34434/
Effective URL: https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/----=+++.php?ip=2a03:1b20:6:f01...
Submission: On March 18 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 4 HTTP transactions. The main IP is 2a03:6f00:1::5c35:6076, located in Russian Federation and belongs to TIMEWEB-AS, RU. The main domain is xn--80aahfdd1bjj0dvc7e.xn--p1ai.
TLS certificate: Issued by R3 on January 18th 2023. Valid for: 3 months.
This is the only time xn--80aahfdd1bjj0dvc7e.xn--p1ai was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: US Bank (Banking)

Domain & IP information

IP Address AS Autonomous System
1 222.255.167.83 45899 (VNPT-AS-V...)
4 6 2a03:6f00:1::... 9123 (TIMEWEB-AS)
4 3
Apex Domain
Subdomains		 Transfer
6
function sub() { [native code] }.
42 KB
1 truongnoivu-phqn.edu.vn
truongnoivu-phqn.edu.vn
588 B
4 2
Domain Requested by
6 xn--80aahfdd1bjj0dvc7e.xn--p1ai 4 redirects xn--80aahfdd1bjj0dvc7e.xn--p1ai
1 truongnoivu-phqn.edu.vn
4 2

This site contains no links.

Subject Issuer Validity Valid
xn--80aahfdd1bjj0dvc7e.xn--p1ai
R3		 2023-01-18 -
2023-04-18		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/----=+++.php?ip=2a03:1b20:6:f011::b5e
Frame ID: D52EA3AFA694D63E92B01607F1BF3E20
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Verify

Page URL History Show full URLs

  1. http://truongnoivu-phqn.edu.vn/administrator/components/com_admin/4353opeyin34434/ Page URL
  2. https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/ HTTP 302
    https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7 HTTP 301
    http://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/ HTTP 301
    https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/ HTTP 302
    https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/----=+++.ph... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

4
Requests

50 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

42 kB
Transfer

42 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://truongnoivu-phqn.edu.vn/administrator/components/com_admin/4353opeyin34434/ Page URL
  2. https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/ HTTP 302
    https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7 HTTP 301
    http://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/ HTTP 301
    https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/ HTTP 302
    https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/----=+++.php?ip=2a03:1b20:6:f011::b5e Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/login.png HTTP 302
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/6d9e74119901e3ddecafdf1fa90158f4 HTTP 302
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/23d2b981fcbd776b87e2bf2530622ad3 HTTP 302
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/9dc47ca0841a0702b8d6b52e8dbb6fa0 HTTP 302
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/260396dc1c39de63c4b8aa14b14b2325 HTTP 302
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/4bb2ac03c9142d43577c3c8f6b6348cf HTTP 302
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/ee387555ee51da7e9c8a4e9093196f34 HTTP 302
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/fc31269ad4e726b3c5cd5151d8de1df8 HTTP 302
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/9c862252a74019fa9417ed804f457404 HTTP 302
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/9828ad698a14b9f0c81063d5d35255dc HTTP 302
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/c7f3d787b33e61978fb49507b6977ceb HTTP 302
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/27993cd9f669897accf192dc1dcdcd36 HTTP 302
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/6b5db5e29929984fd2252a4333925806 HTTP 302
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/da670b53d160507c9ea42109824be32b HTTP 302
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/71986514566df47fc72fbb13d269e4df HTTP 302
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/cbfbdfdae8f8a4c45acbbfa930d75b67 HTTP 302
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/55c32d26103c221eb5230bca3eb1fe04 HTTP 302
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/0065542de40d8eb3d15b9c75988208df HTTP 302
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/ed8f51ec4de64c6d6d3c96db397fc66e HTTP 302
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/323c776a577c851ab7eca6c31811fa62 HTTP 302
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/f1110fa73fe798283d5eb810a45496cd

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
truongnoivu-phqn.edu.vn/administrator/components/com_admin/4353opeyin34434/ 		395 B
588 B 		Document
General
Check archive.org
Download Go to
Full URL
http://truongnoivu-phqn.edu.vn/administrator/components/com_admin/4353opeyin34434/
Protocol
HTTP/1.1
Server
222.255.167.83 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
static.vnpt.vn
Software
Microsoft-IIS/7.0 / PHP/5.6.30 ASP.NET
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Content-Length
395
Content-Type
text/html; charset=UTF-8
Date
Sat, 18 Mar 2023 00:25:15 GMT
Server
Microsoft-IIS/7.0
X-Powered-By
PHP/5.6.30 ASP.NET
Primary Request ----=+++.php
xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/
Redirect Chain
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7
  • http://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/----=+++.php?ip=2a03:1b20:6:f011::b5e
788 B
594 B 		Document
General
Check archive.org
Download Go to
Full URL
https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/----=+++.php?ip=2a03:1b20:6:f011::b5e
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:6f00:1::5c35:6076 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software
nginx/1.22.1 /
Resource Hash
34303b793b7baf6412fc9f88a44afa3b151761f6f9f0a39a5cb54fae19456605
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://truongnoivu-phqn.edu.vn/administrator/components/com_admin/4353opeyin34434/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-length
456
content-type
text/html; charset=utf-8
date
Sat, 18 Mar 2023 00:25:17 GMT
server
nginx/1.22.1
vary
Accept-Encoding
x-content-type-options
nosniff

Redirect headers

cache-control
no-store, no-cache, must-revalidate
content-length
0
content-type
text/html; charset=utf-8
date
Sat, 18 Mar 2023 00:25:17 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
----=+++.php?ip=2a03:1b20:6:f011::b5e
pragma
no-cache
server
nginx/1.22.1
x-content-type-options
nosniff
1.png
xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/img/ 		41 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/img/1.png
Requested by
Host: xn--80aahfdd1bjj0dvc7e.xn--p1ai
URL: https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/----=+++.php?ip=2a03:1b20:6:f011::b5e
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:6f00:1::5c35:6076 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software
nginx/1.22.1 /
Resource Hash
635642acf8c92a198a91ffc694099c53f09f01bbcfd7a78e6d0c3574b350e201

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/----=+++.php?ip=2a03:1b20:6:f011::b5e
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 18 Mar 2023 00:25:17 GMT
last-modified
Sat, 18 Mar 2023 00:25:17 GMT
server
nginx/1.22.1
etag
"641504ed-a32f"
content-type
image/png
cache-control
max-age=2678400
accept-ranges
bytes
content-length
41775
expires
Tue, 18 Apr 2023 00:25:17 GMT
f1110fa73fe798283d5eb810a45496cd
xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/
Redirect Chain
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/login.png
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/6d9e74119901e3ddecafdf1fa90158f4
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/23d2b981fcbd776b87e2bf2530622ad3
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/9dc47ca0841a0702b8d6b52e8dbb6fa0
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/260396dc1c39de63c4b8aa14b14b2325
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/4bb2ac03c9142d43577c3c8f6b6348cf
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/ee387555ee51da7e9c8a4e9093196f34
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/fc31269ad4e726b3c5cd5151d8de1df8
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/9c862252a74019fa9417ed804f457404
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/9828ad698a14b9f0c81063d5d35255dc
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/c7f3d787b33e61978fb49507b6977ceb
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/27993cd9f669897accf192dc1dcdcd36
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/6b5db5e29929984fd2252a4333925806
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/da670b53d160507c9ea42109824be32b
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/71986514566df47fc72fbb13d269e4df
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/cbfbdfdae8f8a4c45acbbfa930d75b67
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/55c32d26103c221eb5230bca3eb1fe04
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/0065542de40d8eb3d15b9c75988208df
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/ed8f51ec4de64c6d6d3c96db397fc66e
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/323c776a577c851ab7eca6c31811fa62
  • https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/f1110fa73fe798283d5eb810a45496cd
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
xn--80aahfdd1bjj0dvc7e.xn--p1ai
URL
https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/f1110fa73fe798283d5eb810a45496cd

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: US Bank (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

1 Cookies

Domain/Path Name / Value
xn--80aahfdd1bjj0dvc7e.xn--p1ai/ Name: PHPSESSID
Value: c7042e15d1683d73b22ca0e55cf82dbd

1 Console Messages

Source Level URL
Text
network error URL: https://xn--80aahfdd1bjj0dvc7e.xn--p1ai/personal/order/make/MYusbankssl/5f7f653573ea68f53d2d7e4add78ada7/f1110fa73fe798283d5eb810a45496cd
Message:
Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

truongnoivu-phqn.edu.vn
xn--80aahfdd1bjj0dvc7e.xn--p1ai
xn--80aahfdd1bjj0dvc7e.xn--p1ai
222.255.167.83
2a03:6f00:1::5c35:6076
34303b793b7baf6412fc9f88a44afa3b151761f6f9f0a39a5cb54fae19456605
635642acf8c92a198a91ffc694099c53f09f01bbcfd7a78e6d0c3574b350e201