vothisau.phuyen.edu.vn Open in urlscan Pro
42.117.7.113 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://vothisau.phuyen.edu.vn/usaa.com-inet_pages-security_centerwa_ref=pub_auth_nav_restore_ac/verify.php
Submission: On August 28 via automatic, source openphish (August 28th 2017, 9:32:12 pm UTC)

Summary HTTP 18 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 18 HTTP transactions. The main IP is 42.117.7.113, located in Hanoi, Viet Nam and belongs to FPT-AS-AP The Corporation for Financing & Promoting Technology, VN. The main domain is vothisau.phuyen.edu.vn.

This is the only time vothisau.phuyen.edu.vn was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: USAA (Banking)

Domain & IP information

	IP Address	AS Autonomous System
3	42.117.7.113 42.117.7.113	18403 (FPT-AS-AP...) (FPT-AS-AP The Corporation for Financing & Promoting Technology)
14	23.35.107.177 23.35.107.177	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a03:6f00:1::... 2a03:6f00:1::5c35:605e	9123 (TIMEWEB-AS) (TIMEWEB-AS)
18	3

3 42.117.7.113 (Hanoi, Viet Nam)

ASN18403 (FPT-AS-AP The Corporation for Financing & Promoting Technology, VN)

vothisau.phuyen.edu.vn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 23.35.107.177 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-35-107-177.deploy.static.akamaitechnologies.com

content.usaa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:6f00:1::5c35:605e (Russian Federation)

ASN9123 (TIMEWEB-AS, RU)

konyakov.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	usaa.com content.usaa.com	153 KB
3	phuyen.edu.vn vothisau.phuyen.edu.vn	9 KB
1	konyakov.ru konyakov.ru
18	3

	Domain	Requested by
14	content.usaa.com	vothisau.phuyen.edu.vn
3	vothisau.phuyen.edu.vn	vothisau.phuyen.edu.vn
1	konyakov.ru	vothisau.phuyen.edu.vn
18	3

This site contains links to these domains. Also see Links.

Domain
www.usaa.com

Subject Issuer	Validity	Valid
www.usaa.com Symantec Class 3 EV SSL CA - G3	`2017-01-31` - `2018-03-01`	a year	crt.sh
konyakov.ru Let's Encrypt Authority X3	`2017-07-23` - `2017-10-21`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://vothisau.phuyen.edu.vn/usaa.com-inet_pages-security_centerwa_ref=pub_auth_nav_restore_ac/verify.php
Frame ID: 30827.1
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

18
Requests

83 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

162 kB
Transfer

365 kB
Size

0
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://www.usaa.com/inet/ent_home/CpHome

Search URL Search Domain Scan URL

URL: https://www.usaa.com/inet/ent_utils/McStaticPages?key=security_guarantee

Search URL Search Domain Scan URL

URL: https://www.usaa.com/inet/ent_logon/Logon
Title: Log On

Search URL Search Domain Scan URL

URL: https://www.usaa.com/inet/ent_contactus/CpLevelZeroContactUs?ContactUsPageId=PublicContactUs
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.usaa.com/inet/ent_logon/Logon?action=INIT

Search URL Search Domain Scan URL

URL: https://www.usaa.com/inet/ent_utils/McStaticPages?key=become_member_main
Title:

Search URL Search Domain Scan URL

URL: https://www.usaa.com/inet/ent_utils/McStaticPages?key=products_services_main
Title:

Search URL Search Domain Scan URL

URL: https://www.usaa.com/inet/ent_utils/McStaticPages?key=advice_planning_main
Title:

Search URL Search Domain Scan URL

URL: https://www.usaa.com/inet/ent_utils/McStaticPages?key=privacy_promise
Title: USAA Privacy Promise

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request 3

http://konyakov.ru/pubs/js/javascript_form/gen_validatorv4.js
https://konyakov.ru/pubs/js/javascript_form/gen_validatorv4.js

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request verify.php Show response
vothisau.phuyen.edu.vn/usaa.com-inet_pages-security_centerwa_ref=pub_auth_nav_restore_ac/ 39 KB
9 KB 1089ms
275ms Document
text/html 42.117.7.113
FPT-AS-AP The Cor...

General

Check archive.org

Show headers Download Go to

Full URL: http://vothisau.phuyen.edu.vn/usaa.com-inet_pages-security_centerwa_ref=pub_auth_nav_restore_ac/verify.php
Protocol: HTTP/1.1
Server: 42.117.7.113 Hanoi, Viet Nam, ASN18403 (FPT-AS-AP The Corporation for Financing & Promoting Technology, VN),
Reverse DNS
Software: Microsoft-IIS/7.5 / PHP/5.2.6, ASP.NET
Resource Hash: fef2fe5a2d0562122696bcd00cd516669674a110cc36a7b6dc44284fc53d550f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date: Mon, 28 Aug 2017 21:32:00 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.2.6, ASP.NET
Vary: Accept-Encoding
Content-Type: text/html
Connection: close
Content-Length: 9314

GET
S 200 styles_member.css
content.usaa.com/mcontent/static_assets/Includes/ 229 KB
61 KB 158ms
120ms Stylesheet
text/css 23.35.107.177
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.usaa.com/mcontent/static_assets/Includes/styles_member.css?cacheid=3300966365

Requested by

Host: vothisau.phuyen.edu.vn
URL: http://vothisau.phuyen.edu.vn/usaa.com-inet_pages-security_centerwa_ref=pub_auth_nav_restore_ac/verify.php

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.35.107.177 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a23-35-107-177.deploy.static.akamaitechnologies.com

Software

USAA-Honesty /

Resource Hash

a8f0b0fe366fa6d5c705462edbe42305764095296f5bd0e86bc65e6b264cbacb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: http://vothisau.phuyen.edu.vn/usaa.com-inet_pages-security_centerwa_ref=pub_auth_nav_restore_ac/verify.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

date: Mon, 28 Aug 2017 21:32:01 GMT
content-encoding: gzip
last-modified: Thu, 02 Mar 2017 16:39:30 GMT
server: USAA-Honesty
etag: "394fc-549c212b6b480"
vary: Accept-Encoding
p3p: policyref="https://www.usaa.com/w3c/USAA_Full_P3P_Policy.xml", CP="IDC DSP COR CUR ADM DEV CUS DEV PSA IVA CON HIS TEL OPT OUR SAM IND PRE"
status: 200
cache-control: max-age=601903
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-type: text/css
content-length: 62237

GET
H/1.1 404
Not Found cp_help_popup.js
vothisau.phuyen.edu.vn/javascript/ 0
0 269ms
268ms Script
text/html 42.117.7.113
FPT-AS-AP The Cor...

General

Check archive.org

Show headers Download Go to

Full URL: http://vothisau.phuyen.edu.vn/javascript/cp_help_popup.js?cacheid=1480593172
Requested by: Host: vothisau.phuyen.edu.vn
URL: http://vothisau.phuyen.edu.vn/usaa.com-inet_pages-security_centerwa_ref=pub_auth_nav_restore_ac/verify.php
Protocol: HTTP/1.1
Server: 42.117.7.113 Hanoi, Viet Nam, ASN18403 (FPT-AS-AP The Corporation for Financing & Promoting Technology, VN),
Reverse DNS
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash

Request headers

Referer: http://vothisau.phuyen.edu.vn/usaa.com-inet_pages-security_centerwa_ref=pub_auth_nav_restore_ac/verify.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date: Mon, 28 Aug 2017 21:32:00 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 1245
Content-Type: text/html

GET
H/1.1 404
Not Found cp_std.js
vothisau.phuyen.edu.vn/javascript/ 0
0 532ms
266ms Script
text/html 42.117.7.113
FPT-AS-AP The Cor...

General

Check archive.org

Show headers Download Go to

Full URL: http://vothisau.phuyen.edu.vn/javascript/cp_std.js?cacheid=1367496106
Requested by: Host: vothisau.phuyen.edu.vn
URL: http://vothisau.phuyen.edu.vn/usaa.com-inet_pages-security_centerwa_ref=pub_auth_nav_restore_ac/verify.php
Protocol: HTTP/1.1
Server: 42.117.7.113 Hanoi, Viet Nam, ASN18403 (FPT-AS-AP The Corporation for Financing & Promoting Technology, VN),
Reverse DNS
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash

Request headers

Referer: http://vothisau.phuyen.edu.vn/usaa.com-inet_pages-security_centerwa_ref=pub_auth_nav_restore_ac/verify.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date: Mon, 28 Aug 2017 21:32:00 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 1245
Content-Type: text/html

GET
H/1.1

404
Not Found

gen_validatorv4.js
konyakov.ru/pubs/js/javascript_form/
Redirect Chain

http://konyakov.ru/pubs/js/javascript_form/gen_validatorv4.js
https://konyakov.ru/pubs/js/javascript_form/gen_validatorv4.js

0
0

586ms
479ms

Script
text/html

2a03:6f00:1::5c35:605e
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://konyakov.ru/pubs/js/javascript_form/gen_validatorv4.js
Requested by: Host: vothisau.phuyen.edu.vn
URL: http://vothisau.phuyen.edu.vn/usaa.com-inet_pages-security_centerwa_ref=pub_auth_nav_restore_ac/verify.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a03:6f00:1::5c35:605e , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software: nginx/1.12.1 / PHP/5.6.30
Resource Hash

Request headers

Referer: http://vothisau.phuyen.edu.vn/usaa.com-inet_pages-security_centerwa_ref=pub_auth_nav_restore_ac/verify.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 28 Aug 2017 21:32:02 GMT
Content-Encoding: gzip
Server: nginx/1.12.1
X-Powered-By: PHP/5.6.30
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
Connection: keep-alive
Link: <https://konyakov.ru/wp-json/>; rel="https://api.w.org/"
Expires: Wed, 11 Jan 1984 05:00:00 GMT

Redirect headers

Location: https://konyakov.ru/pubs/js/javascript_form/gen_validatorv4.js
Date: Mon, 28 Aug 2017 21:32:01 GMT
Server: nginx/1.12.1
Connection: keep-alive
Content-Length: 161
Content-Type: text/html

GET
S 200 styles_member_print.css
content.usaa.com/mcontent/static_assets/Includes/ 7 KB
2 KB 135ms
134ms Stylesheet
text/css 23.35.107.177
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.usaa.com/mcontent/static_assets/Includes/styles_member_print.css?cacheid=2197796005

Requested by

Host: vothisau.phuyen.edu.vn
URL: http://vothisau.phuyen.edu.vn/usaa.com-inet_pages-security_centerwa_ref=pub_auth_nav_restore_ac/verify.php

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.35.107.177 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a23-35-107-177.deploy.static.akamaitechnologies.com

Software

USAA-Integrity /

Resource Hash

ce83e2946576f73af8c783ee5b17b2a7019dda1d98bae6979a4545f340612a09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: http://vothisau.phuyen.edu.vn/usaa.com-inet_pages-security_centerwa_ref=pub_auth_nav_restore_ac/verify.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

date: Mon, 28 Aug 2017 21:32:02 GMT
content-encoding: gzip
last-modified: Wed, 27 Aug 2014 14:11:15 GMT
server: USAA-Integrity
etag: "1da3-5019cfe3586c0"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=602016
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 2415

GET
S 200 logo.gif
content.usaa.com/mcontent/static_assets/Media/ 939 B
966 B 118ms
118ms Image
image/gif 23.35.107.177
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.usaa.com/mcontent/static_assets/Media/logo.gif?cacheid=2017356039

Requested by

Host: vothisau.phuyen.edu.vn
URL: http://vothisau.phuyen.edu.vn/usaa.com-inet_pages-security_centerwa_ref=pub_auth_nav_restore_ac/verify.php

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.35.107.177 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a23-35-107-177.deploy.static.akamaitechnologies.com

Software

USAA-Integrity /

Resource Hash

fffd476414b0ee0dbed2113d4bd85a2139316998339b9bcfb2017273670e068b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: http://vothisau.phuyen.edu.vn/usaa.com-inet_pages-security_centerwa_ref=pub_auth_nav_restore_ac/verify.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

date: Mon, 28 Aug 2017 21:32:02 GMT
last-modified: Wed, 18 Sep 2013 18:36:35 GMT
server: USAA-Integrity
etag: "3ab-4e6acb78bd2c0"
strict-transport-security: max-age=31536000
p3p: policyref="https://www.usaa.com/w3c/USAA_Full_P3P_Policy.xml", CP="IDC DSP COR CUR ADM DEV CUS DEV PSA IVA CON HIS TEL OPT OUR SAM IND PRE"
status: 200
cache-control: max-age=591523
accept-ranges: bytes
content-type: image/gif
content-length: 939

GET
S 200 navHomeActive.gif
content.usaa.com/mcontent/static_assets/Media/ 2 KB
2 KB 112ms
112ms Image
image/gif 23.35.107.177
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.usaa.com/mcontent/static_assets/Media/navHomeActive.gif?cacheid=2545320478

Requested by

Host: vothisau.phuyen.edu.vn
URL: http://vothisau.phuyen.edu.vn/usaa.com-inet_pages-security_centerwa_ref=pub_auth_nav_restore_ac/verify.php

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.35.107.177 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a23-35-107-177.deploy.static.akamaitechnologies.com

Software

USAA-Integrity /

Resource Hash

4b84ff7250d75fb3e9340e2427c05dfd91c7c570755d5db1c9ce4029656373c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: http://vothisau.phuyen.edu.vn/usaa.com-inet_pages-security_centerwa_ref=pub_auth_nav_restore_ac/verify.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

date: Mon, 28 Aug 2017 21:32:02 GMT
last-modified: Wed, 18 Sep 2013 18:36:36 GMT
server: USAA-Integrity
etag: "740-4e6acb79b1500"
strict-transport-security: max-age=31536000
content-type: image/gif
status: 200
cache-control: max-age=602001
accept-ranges: bytes
content-length: 1856

GET
S 200 navBecomeAMember.gif
content.usaa.com/mcontent/static_assets/Media/ 3 KB
3 KB 116ms
116ms Image
image/gif 23.35.107.177
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.usaa.com/mcontent/static_assets/Media/navBecomeAMember.gif?cacheid=3489125172

Requested by

Host: vothisau.phuyen.edu.vn
URL: http://vothisau.phuyen.edu.vn/usaa.com-inet_pages-security_centerwa_ref=pub_auth_nav_restore_ac/verify.php

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.35.107.177 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a23-35-107-177.deploy.static.akamaitechnologies.com

Software

USAA-Integrity /

Resource Hash

605a9493ce7d174eec486de8febf29f2c9c4d532ee60928becfbfc3d43f5a75d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: http://vothisau.phuyen.edu.vn/usaa.com-inet_pages-security_centerwa_ref=pub_auth_nav_restore_ac/verify.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

date: Mon, 28 Aug 2017 21:32:02 GMT
last-modified: Wed, 18 Sep 2013 18:36:36 GMT
server: USAA-Integrity
etag: "d1e-4e6acb79b1500"
strict-transport-security: max-age=31536000
content-type: image/gif
status: 200
cache-control: max-age=602009
accept-ranges: bytes
content-length: 3358

GET
S 200 navProducts.gif
content.usaa.com/mcontent/static_assets/Media/ 3 KB
3 KB 113ms
112ms Image
image/gif 23.35.107.177
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.usaa.com/mcontent/static_assets/Media/navProducts.gif?cacheid=1297678753

Requested by

Host: vothisau.phuyen.edu.vn
URL: http://vothisau.phuyen.edu.vn/usaa.com-inet_pages-security_centerwa_ref=pub_auth_nav_restore_ac/verify.php

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.35.107.177 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a23-35-107-177.deploy.static.akamaitechnologies.com

Software

USAA-Integrity /

Resource Hash

154406c4b4526e7c37b144bd7252e740779ecdbd243dfb90847f7b8ab76bcb1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: http://vothisau.phuyen.edu.vn/usaa.com-inet_pages-security_centerwa_ref=pub_auth_nav_restore_ac/verify.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

date: Mon, 28 Aug 2017 21:32:02 GMT
last-modified: Wed, 18 Sep 2013 18:32:28 GMT
server: USAA-Integrity
etag: "dc0-4e6aca8d2e700"
strict-transport-security: max-age=31536000
content-type: image/gif
status: 200
cache-control: max-age=603710
accept-ranges: bytes
content-length: 3520

GET
S 200 navAdvice.gif
content.usaa.com/mcontent/static_assets/Media/ 3 KB
3 KB 114ms
114ms Image
image/gif 23.35.107.177
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.usaa.com/mcontent/static_assets/Media/navAdvice.gif?cacheid=3226499640

Requested by

Host: vothisau.phuyen.edu.vn
URL: http://vothisau.phuyen.edu.vn/usaa.com-inet_pages-security_centerwa_ref=pub_auth_nav_restore_ac/verify.php

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.35.107.177 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a23-35-107-177.deploy.static.akamaitechnologies.com

Software

USAA-Integrity /

Resource Hash

458e9ad7e6fb54020f8b8a8a12b60a1bd39fb0b1a3589e5a9de17a4b4acef577

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: http://vothisau.phuyen.edu.vn/usaa.com-inet_pages-security_centerwa_ref=pub_auth_nav_restore_ac/verify.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

date: Mon, 28 Aug 2017 21:32:02 GMT
last-modified: Wed, 18 Sep 2013 18:32:28 GMT
server: USAA-Integrity
etag: "ac2-4e6aca8d2e700"
strict-transport-security: max-age=31536000
content-type: image/gif
status: 200
cache-control: max-age=530975
accept-ranges: bytes
content-length: 2754

GET
S 200 g_transparent.gif
content.usaa.com/mcontent/static_assets/Media/ 43 B
61 B 134ms
134ms Image
image/gif 23.35.107.177
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.usaa.com/mcontent/static_assets/Media/g_transparent.gif?cacheid=3007383100

Requested by

Host: vothisau.phuyen.edu.vn
URL: http://vothisau.phuyen.edu.vn/usaa.com-inet_pages-security_centerwa_ref=pub_auth_nav_restore_ac/verify.php

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.35.107.177 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a23-35-107-177.deploy.static.akamaitechnologies.com

Software

USAA-Integrity /

Resource Hash

24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: http://vothisau.phuyen.edu.vn/usaa.com-inet_pages-security_centerwa_ref=pub_auth_nav_restore_ac/verify.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

date: Mon, 28 Aug 2017 21:32:02 GMT
last-modified: Sun, 15 Sep 2013 17:27:35 GMT
server: USAA-Integrity
etag: "2b-4e66f67424fc0"
strict-transport-security: max-age=31536000
content-type: image/gif
status: 200
cache-control: max-age=602006
accept-ranges: bytes
content-length: 43

GET
S 200 background_general_fb.png
content.usaa.com/mcontent/static_assets/Media/ 3 KB
3 KB 28ms
28ms Image
image/png 23.35.107.177
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.usaa.com/mcontent/static_assets/Media/background_general_fb.png

Requested by

Host: vothisau.phuyen.edu.vn
URL: http://vothisau.phuyen.edu.vn/usaa.com-inet_pages-security_centerwa_ref=pub_auth_nav_restore_ac/verify.php

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.35.107.177 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a23-35-107-177.deploy.static.akamaitechnologies.com

Software

USAA-Integrity /

Resource Hash

e2e04a8e937f5b74a4c50cb7592a8e0bba54b40818d44e43ffd5c40c6b4fe72a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://content.usaa.com/mcontent/static_assets/Includes/styles_member.css?cacheid=3300966365
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

date: Mon, 28 Aug 2017 21:32:02 GMT
last-modified: Mon, 16 Sep 2013 11:24:14 GMT
server: USAA-Integrity
etag: "b13-4e67e71a8d380"
strict-transport-security: max-age=31536000
content-type: image/png
status: 200
cache-control: max-age=556856
accept-ranges: bytes
content-length: 2835

GET
S 200 usaa-sprite-globalNav_v2.png
content.usaa.com/mcontent/static_assets/Media/ 56 KB
56 KB 29ms
29ms Image
image/png 23.35.107.177
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.usaa.com/mcontent/static_assets/Media/usaa-sprite-globalNav_v2.png?cacheid=201011301710

Requested by

Host: vothisau.phuyen.edu.vn
URL: http://vothisau.phuyen.edu.vn/usaa.com-inet_pages-security_centerwa_ref=pub_auth_nav_restore_ac/verify.php

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.35.107.177 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a23-35-107-177.deploy.static.akamaitechnologies.com

Software

USAA-Integrity /

Resource Hash

522a5fe0b1921acbaa0925b2a50fa141b0719797d5c552ffc150415c7c44d23b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://content.usaa.com/mcontent/static_assets/Includes/styles_member.css?cacheid=3300966365
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

date: Mon, 28 Aug 2017 21:32:02 GMT
last-modified: Fri, 13 Feb 2015 21:43:34 GMT
server: USAA-Integrity
etag: "e14a-50eff20d78d80"
strict-transport-security: max-age=31536000
content-type: image/png
status: 200
cache-control: max-age=556699
accept-ranges: bytes
content-length: 57674

GET
S 200 vh_navBG.gif
content.usaa.com/mcontent/static_assets/Media/ 547 B
565 B 305ms
305ms Image
image/gif 23.35.107.177
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.usaa.com/mcontent/static_assets/Media/vh_navBG.gif

Requested by

Host: vothisau.phuyen.edu.vn
URL: http://vothisau.phuyen.edu.vn/usaa.com-inet_pages-security_centerwa_ref=pub_auth_nav_restore_ac/verify.php

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.35.107.177 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a23-35-107-177.deploy.static.akamaitechnologies.com

Software

USAA-Integrity /

Resource Hash

1d8dd235b4f8111a5735ac6ba96b29a3dfb2850ce00fb202a88a8fd5174f8215

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://content.usaa.com/mcontent/static_assets/Includes/styles_member.css?cacheid=3300966365
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

date: Mon, 28 Aug 2017 21:32:02 GMT
last-modified: Sun, 15 Sep 2013 20:02:40 GMT
server: USAA-Integrity
etag: "223-4e67191e15800"
strict-transport-security: max-age=31536000
content-type: image/gif
status: 200
cache-control: max-age=497636
accept-ranges: bytes
content-length: 547

GET
S 200 bgRightColWrapper.gif
content.usaa.com/mcontent/static_assets/Media/ 89 B
107 B 25ms
24ms Image
image/gif 23.35.107.177
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.usaa.com/mcontent/static_assets/Media/bgRightColWrapper.gif

Requested by

Host: vothisau.phuyen.edu.vn
URL: http://vothisau.phuyen.edu.vn/usaa.com-inet_pages-security_centerwa_ref=pub_auth_nav_restore_ac/verify.php

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.35.107.177 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a23-35-107-177.deploy.static.akamaitechnologies.com

Software

USAA-Integrity /

Resource Hash

a1ad84a27b9eb878f2f2c0507b98592d9bb849014c7b989d78e4d04599b65516

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://content.usaa.com/mcontent/static_assets/Includes/styles_member.css?cacheid=3300966365
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

date: Mon, 28 Aug 2017 21:32:02 GMT
last-modified: Sun, 15 Sep 2013 18:25:39 GMT
server: USAA-Integrity
etag: "59-4e67036ebeec0"
strict-transport-security: max-age=31536000
content-type: image/gif
status: 200
cache-control: max-age=557348
accept-ranges: bytes
content-length: 89

GET
S 200 misc_nav_ctaButtonSpriteV1.png
content.usaa.com/mcontent/static_assets/Media/ 11 KB
11 KB 9ms
9ms Image
image/png 23.35.107.177
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.usaa.com/mcontent/static_assets/Media/misc_nav_ctaButtonSpriteV1.png

Requested by

Host: vothisau.phuyen.edu.vn
URL: http://vothisau.phuyen.edu.vn/usaa.com-inet_pages-security_centerwa_ref=pub_auth_nav_restore_ac/verify.php

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.35.107.177 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a23-35-107-177.deploy.static.akamaitechnologies.com

Software

USAA-Integrity /

Resource Hash

5db7cec2666ed4b479df4c975a28bf84716c09f4a2bcfdafd3c628f49d3f5790

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://content.usaa.com/mcontent/static_assets/Includes/styles_member.css?cacheid=3300966365
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

date: Mon, 28 Aug 2017 21:32:02 GMT
last-modified: Fri, 18 Apr 2014 13:44:10 GMT
server: USAA-Integrity
etag: "2a1c-4f7515823de80"
strict-transport-security: max-age=31536000
p3p: policyref="https://www.usaa.com/w3c/USAA_Full_P3P_Policy.xml", CP="IDC DSP COR CUR ADM DEV CUS DEV PSA IVA CON HIS TEL OPT OUR SAM IND PRE"
status: 200
cache-control: max-age=556763
accept-ranges: bytes
content-type: image/png
content-length: 10780

GET
S 200 iconMemberMd_sprite_06142008.png
content.usaa.com/mcontent/static_assets/Media/ 7 KB
7 KB 16ms
15ms Image
image/png 23.35.107.177
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.usaa.com/mcontent/static_assets/Media/iconMemberMd_sprite_06142008.png

Requested by

Host: vothisau.phuyen.edu.vn
URL: http://vothisau.phuyen.edu.vn/usaa.com-inet_pages-security_centerwa_ref=pub_auth_nav_restore_ac/verify.php

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.35.107.177 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a23-35-107-177.deploy.static.akamaitechnologies.com

Software

USAA-Integrity /

Resource Hash

296dbc9d6e1ce1324e9decaca34a29285ee1c273daf46170ad23225121b5c4ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://content.usaa.com/mcontent/static_assets/Includes/styles_member.css?cacheid=3300966365
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

date: Mon, 28 Aug 2017 21:32:02 GMT
last-modified: Mon, 16 Sep 2013 07:53:52 GMT
server: USAA-Integrity
etag: "1b0b-4e67b81546400"
strict-transport-security: max-age=31536000
content-type: image/png
status: 200
cache-control: max-age=562252
accept-ranges: bytes
content-length: 6923

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: USAA (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

content.usaa.com
konyakov.ru
vothisau.phuyen.edu.vn
23.35.107.177
2a03:6f00:1::5c35:605e
42.117.7.113
154406c4b4526e7c37b144bd7252e740779ecdbd243dfb90847f7b8ab76bcb1a
1d8dd235b4f8111a5735ac6ba96b29a3dfb2850ce00fb202a88a8fd5174f8215
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
296dbc9d6e1ce1324e9decaca34a29285ee1c273daf46170ad23225121b5c4ec
458e9ad7e6fb54020f8b8a8a12b60a1bd39fb0b1a3589e5a9de17a4b4acef577
4b84ff7250d75fb3e9340e2427c05dfd91c7c570755d5db1c9ce4029656373c8
522a5fe0b1921acbaa0925b2a50fa141b0719797d5c552ffc150415c7c44d23b
5db7cec2666ed4b479df4c975a28bf84716c09f4a2bcfdafd3c628f49d3f5790
605a9493ce7d174eec486de8febf29f2c9c4d532ee60928becfbfc3d43f5a75d
a1ad84a27b9eb878f2f2c0507b98592d9bb849014c7b989d78e4d04599b65516
a8f0b0fe366fa6d5c705462edbe42305764095296f5bd0e86bc65e6b264cbacb
ce83e2946576f73af8c783ee5b17b2a7019dda1d98bae6979a4545f340612a09
e2e04a8e937f5b74a4c50cb7592a8e0bba54b40818d44e43ffd5c40c6b4fe72a
fef2fe5a2d0562122696bcd00cd516669674a110cc36a7b6dc44284fc53d550f
fffd476414b0ee0dbed2113d4bd85a2139316998339b9bcfb2017273670e068b

vothisau.phuyen.edu.vn Open in urlscan Pro 42.117.7.113 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

18 Requests

83 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

162 kBTransfer

365 kBSize

0 Cookies

9 Outgoing links

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

vothisau.phuyen.edu.vn Open in urlscan Pro
42.117.7.113 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

83 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

162 kB
Transfer

365 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!