nhatngusakura.com
Open in
urlscan Pro
103.130.216.100
Malicious Activity!
Public Scan
Effective URL: https://nhatngusakura.com/mwenehellfar/login.php?cmd=login_submit&id=9865833903da1cf9208bffe2d10d82159865833903da1cf9208bf...
Submission: On October 15 via api from CA — Scanned from CA
Summary
TLS certificate: Issued by R3 on September 14th 2022. Valid for: 3 months.
This is the only time nhatngusakura.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 11 | 103.130.216.100 103.130.216.100 | 135951 (WEBICO-AS...) (WEBICO-AS-VN Webico Company Limited) | |
1 | 2607:f8b0:400... 2607:f8b0:4006:821::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 194.1.147.82 194.1.147.82 | 210250 (WPX) (WPX) | |
12 | 3 |
ASN135951 (WEBICO-AS-VN Webico Company Limited, VN)
PTR: h216100.tino.org
nhatngusakura.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
nhatngusakura.com
1 redirects
nhatngusakura.com |
2 MB |
1 |
smallenvelop.com
smallenvelop.com |
|
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 306 |
30 KB |
12 | 3 |
Domain | Requested by | |
---|---|---|
11 | nhatngusakura.com |
1 redirects
nhatngusakura.com
|
1 | smallenvelop.com |
nhatngusakura.com
|
1 | ajax.googleapis.com |
nhatngusakura.com
|
12 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
nhatngusakura.com R3 |
2022-09-14 - 2022-12-13 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-09-12 - 2022-12-05 |
3 months | crt.sh |
smallenvelop.com R3 |
2022-09-01 - 2022-11-30 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://nhatngusakura.com/mwenehellfar/login.php?cmd=login_submit&id=9865833903da1cf9208bffe2d10d82159865833903da1cf9208bffe2d10d8215&session=9865833903da1cf9208bffe2d10d82159865833903da1cf9208bffe2d10d8215
Frame ID: 7B2FF27976660AB519D605A2D16DFAB7
Requests: 12 HTTP requests in this frame
Screenshot
Page Title
Sign InPage URL History Show full URLs
-
https://nhatngusakura.com/mwenehellfar/
HTTP 302
https://nhatngusakura.com/mwenehellfar/login.php?cmd=login_submit&id=9865833903da1cf9208bffe2d10d82159... Page URL
Detected technologies
WordPress (CMS) ExpandDetected patterns
- /wp-(?:content|includes)/
PHP (Programming Languages) Expand
Detected patterns
- \.php(?:$|\?)
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://nhatngusakura.com/mwenehellfar/
HTTP 302
https://nhatngusakura.com/mwenehellfar/login.php?cmd=login_submit&id=9865833903da1cf9208bffe2d10d82159865833903da1cf9208bffe2d10d8215&session=9865833903da1cf9208bffe2d10d82159865833903da1cf9208bffe2d10d8215 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
login.php
nhatngusakura.com/mwenehellfar/ Redirect Chain
|
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
w1.png
nhatngusakura.com/mwenehellfar/images/ |
14 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
w2.png
nhatngusakura.com/mwenehellfar/images/ |
466 KB 466 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
w3.png
nhatngusakura.com/mwenehellfar/images/ |
371 KB 371 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
w4.png
nhatngusakura.com/mwenehellfar/images/ |
652 KB 652 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
w5.png
nhatngusakura.com/mwenehellfar/images/ |
305 KB 305 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
w6.png
nhatngusakura.com/mwenehellfar/images/ |
78 KB 78 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
w7.png
nhatngusakura.com/mwenehellfar/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
w8.png
nhatngusakura.com/mwenehellfar/images/ |
78 KB 78 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Preloader_11.gif
smallenvelop.com/wp-content/uploads/2014/08/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wgh.png
nhatngusakura.com/mwenehellfar/images/ |
798 B 876 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
nhatngusakura.com
smallenvelop.com
103.130.216.100
194.1.147.82
2607:f8b0:4006:821::200a
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
132aee365fd34939b9f166f3d496c106c8b88164f15a660ed447c56be369ab34
2e93757f631c5f59cefe5e2e539b259cc71b971ff9e18c8d3bdb29dc956ea89c
2f52444b6661a762ececef9913d14b18d3a12a33284fc8d3d059ebec7b717a18
302bcd9813da778d0b8318432b453f44a10cf9a2be5ea372258b2e5f83a1adc9
3f2a22676798087ea4f7092aaa1ada0ea1a9a7811d150db644cfaf987f9d842a
64701075a3cdc35fcff4383b98a6a42d827b62ec99c2ab6f41595fdee80d9f99
65e54c437b7e5b607b1532d08a91e7d1f332a39e2036047728ee183c75d64eff
69007d0509bdbb2e53417d9e6dc5e24fae3abd22fa6f97c36a754f1c86bffb6a
9483c45d8cbbd94ccc687a5088b8ba35d8ff8b2b3855198c05179514985e317f
c825218949fd1e01b648571a1aac2422f382e713ca07d75a9fa028c27c54e2e7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855