urlscan.io logo urlscan.io
SecurityTrails logo

neisd.logics.cgffood.vn Open in urlscan Pro
115.146.120.179  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://neisd.logics.cgffood.vn/Document.html
Submission: On October 27 via api from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 6 HTTP transactions. The main IP is 115.146.120.179, located in Hanoi, Viet Nam and belongs to CMCTELECOM-AS-VN CMC Telecom Infrastructure Company, VN. The main domain is neisd.logics.cgffood.vn.
This is the only time neisd.logics.cgffood.vn was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

IP Address AS Autonomous System
3 115.146.120.179 38732 (CMCTELECO...)
1 2a00:1450:400... 15169 (GOOGLE)
1 64.130.23.5 7859 (PAIR-NETW...)
1 216.137.61.234 16509 (AMAZON-02)
6 4
Domain Requested by
3 neisd.logics.cgffood.vn neisd.logics.cgffood.vn
1 d2r5da613aq50s.cloudfront.net neisd.logics.cgffood.vn
1 www.bountifulbreast.co.uk neisd.logics.cgffood.vn
1 encrypted-tbn1.gstatic.com neisd.logics.cgffood.vn
6 4

This site contains no links.

Subject Issuer Validity Valid
*.google.com
Google Internet Authority G2		 2017-10-17 -
2017-12-29		 2 months crt.sh

This page contains 1 frames:

Primary Page: http://neisd.logics.cgffood.vn/Document.html
Frame ID: 3922.1
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

6
Requests

17 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

60 kB
Transfer

60 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Document.html
neisd.logics.cgffood.vn/ 		15 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://neisd.logics.cgffood.vn/Document.html
Protocol
HTTP/1.1
Server
115.146.120.179 Hanoi, Viet Nam, ASN38732 (CMCTELECOM-AS-VN CMC Telecom Infrastructure Company, VN),
Reverse DNS
haminhgia.com.vn
Software
Apache/2.4.28 (cPanel) OpenSSL/1.0.2k mod_bwlimited/1.4 /
Resource Hash
329de62ea28310985a4895303fb8caa1c814536c355930244dd559426fb9af75

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
neisd.logics.cgffood.vn
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Cache-Control
no-cache
Connection
keep-alive
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36

Response headers

Date
Fri, 27 Oct 2017 00:43:45 GMT
Last-Modified
Wed, 19 Apr 2017 21:30:42 GMT
Server
Apache/2.4.28 (cPanel) OpenSSL/1.0.2k mod_bwlimited/1.4
ETag
"2fa061f-3ac0-54d8bbc824480"
Content-Type
text/html
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
15040
images
encrypted-tbn1.gstatic.com/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://encrypted-tbn1.gstatic.com/images?q=tbn:ANd9GcR38GFIG1wP2DHHGMai4cdN-S-BVPHcNU7A4cKdq1lQlckwIlxpQDiNvQ
Requested by
Host: neisd.logics.cgffood.vn
URL: http://neisd.logics.cgffood.vn/Document.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:816::200e , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
0adaf254d55addf5f5d9723e346ba45d2762a59f10a118b4c4c54407923e59c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/images?q=tbn:ANd9GcR38GFIG1wP2DHHGMai4cdN-S-BVPHcNU7A4cKdq1lQlckwIlxpQDiNvQ
pragma
no-cache
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
encrypted-tbn1.gstatic.com
referer
http://neisd.logics.cgffood.vn/Document.html
:scheme
https
:method
GET
Referer
http://neisd.logics.cgffood.vn/Document.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36

Response headers

date
Fri, 27 Oct 2017 00:43:47 GMT
x-content-type-options
nosniff
last-modified
Wed, 23 Aug 2017 00:17:35 GMT
server
sffe
status
200
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length
3287
x-xss-protection
1; mode=block
expires
Sat, 27 Oct 2018 00:43:47 GMT
100Secure.jpg
www.bountifulbreast.co.uk/images/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.bountifulbreast.co.uk/images/100Secure.jpg
Requested by
Host: neisd.logics.cgffood.vn
URL: http://neisd.logics.cgffood.vn/Document.html
Protocol
HTTP/1.1
Server
64.130.23.5 Pittsburgh, United States, ASN7859 (PAIR-NETWORKS - pair Networks, US),
Reverse DNS
bountifulbreast.co.uk
Software
Apache/2.4.27 /
Resource Hash
2f71bea7601b970d07eea91af38bcee8b1c9fc197b5f85cbe9bae3b9f2b705c5

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.bountifulbreast.co.uk
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://neisd.logics.cgffood.vn/Document.html
Connection
keep-alive
Cache-Control
no-cache
Referer
http://neisd.logics.cgffood.vn/Document.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36

Response headers

Date
Fri, 27 Oct 2017 00:43:47 GMT
Last-Modified
Fri, 08 Apr 2011 07:10:07 GMT
Server
Apache/2.4.27
ETag
"124f-4a062ea6b91c0"
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
4687
316893.image0.jpg
d2r5da613aq50s.cloudfront.net/wp-content/uploads/ 		37 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://d2r5da613aq50s.cloudfront.net/wp-content/uploads/316893.image0.jpg
Requested by
Host: neisd.logics.cgffood.vn
URL: http://neisd.logics.cgffood.vn/Document.html
Protocol
HTTP/1.1
Server
216.137.61.234 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-216-137-61-234.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a37cd55f528c6fa090e3c91d39c9db677c8d59129d3fdf920913d309a415f326

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
d2r5da613aq50s.cloudfront.net
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://neisd.logics.cgffood.vn/Document.html
Connection
keep-alive
Cache-Control
no-cache
Referer
http://neisd.logics.cgffood.vn/Document.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36

Response headers

Date
Fri, 27 Oct 2017 00:43:48 GMT
Via
1.1 9f37c8b999ae2d6018396fda48773445.cloudfront.net (CloudFront)
Last-Modified
Wed, 23 Aug 2017 00:59:54 GMT
Server
AmazonS3
ETag
"8954e9abd87fb6e133fd96c30f7dae9b"
X-Cache
Miss from cloudfront
Content-Type
image/jpeg
Cache-Control
max-age=86400,publicexit
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
38095
X-Amz-Cf-Id
V9l9AhEreHbAM9rHUO0-d52nfFbqINSoN-1iBz0Ye-H-g5zNbDyhLg==
et-line.woff
neisd.logics.cgffood.vn/fonts/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
http://neisd.logics.cgffood.vn/fonts/et-line.woff
Requested by
Host: neisd.logics.cgffood.vn
URL: http://neisd.logics.cgffood.vn/Document.html
Protocol
HTTP/1.1
Server
115.146.120.179 Hanoi, Viet Nam, ASN38732 (CMCTELECOM-AS-VN CMC Telecom Infrastructure Company, VN),
Reverse DNS
haminhgia.com.vn
Software
Apache/2.4.28 (cPanel) OpenSSL/1.0.2k mod_bwlimited/1.4 /
Resource Hash

Request headers

Pragma
no-cache
Origin
http://neisd.logics.cgffood.vn
Accept-Encoding
gzip, deflate
Host
neisd.logics.cgffood.vn
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept
*/*
Referer
http://neisd.logics.cgffood.vn/Document.html
Connection
keep-alive
Cache-Control
no-cache
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Referer
http://neisd.logics.cgffood.vn/Document.html
Origin
http://neisd.logics.cgffood.vn

Response headers

Date
Fri, 27 Oct 2017 00:43:46 GMT
Server
Apache/2.4.28 (cPanel) OpenSSL/1.0.2k mod_bwlimited/1.4
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
335
Content-Type
text/html; charset=iso-8859-1
et-line.ttf
neisd.logics.cgffood.vn/fonts/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
http://neisd.logics.cgffood.vn/fonts/et-line.ttf
Requested by
Host: neisd.logics.cgffood.vn
URL: http://neisd.logics.cgffood.vn/Document.html
Protocol
HTTP/1.1
Server
115.146.120.179 Hanoi, Viet Nam, ASN38732 (CMCTELECOM-AS-VN CMC Telecom Infrastructure Company, VN),
Reverse DNS
haminhgia.com.vn
Software
Apache/2.4.28 (cPanel) OpenSSL/1.0.2k mod_bwlimited/1.4 /
Resource Hash

Request headers

Pragma
no-cache
Origin
http://neisd.logics.cgffood.vn
Accept-Encoding
gzip, deflate
Host
neisd.logics.cgffood.vn
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept
*/*
Referer
http://neisd.logics.cgffood.vn/Document.html
Connection
keep-alive
Cache-Control
no-cache
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Referer
http://neisd.logics.cgffood.vn/Document.html
Origin
http://neisd.logics.cgffood.vn

Response headers

Date
Fri, 27 Oct 2017 00:43:46 GMT
Server
Apache/2.4.28 (cPanel) OpenSSL/1.0.2k mod_bwlimited/1.4
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
334
Content-Type
text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies