aisolar.gcosoftware.vn
Open in
urlscan Pro
124.158.11.209
Malicious Activity!
Public Scan
Effective URL: https://aisolar.gcosoftware.vn/wp-admin/RegDEX/web/captcha.php
Submission: On June 26 via api from JP — Scanned from JP
Summary
TLS certificate: Issued by R3 on January 26th 2023. Valid for: 3 months.
This is the only time aisolar.gcosoftware.vn was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Regions Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 14 | 124.158.11.209 124.158.11.209 | 38733 (CMCTELECO...) (CMCTELECOM-AS-VN CMC Telecom Infrastructure Company) | |
4 | 142.250.198.4 142.250.198.4 | 15169 (GOOGLE) (GOOGLE) | |
6 | 172.217.31.131 172.217.31.131 | 15169 (GOOGLE) (GOOGLE) | |
1 | 142.251.42.163 142.251.42.163 | 15169 (GOOGLE) (GOOGLE) | |
24 | 5 |
ASN38733 (CMCTELECOM-AS-VN CMC Telecom Infrastructure Company, VN)
aisolar.gcosoftware.vn |
ASN15169 (GOOGLE, US)
PTR: nrt20s08-in-f3.1e100.net
www.gstatic.com |
ASN15169 (GOOGLE, US)
PTR: nrt12s46-in-f3.1e100.net
fonts.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
gcosoftware.vn
1 redirects
aisolar.gcosoftware.vn |
236 KB |
7 |
gstatic.com
www.gstatic.com fonts.gstatic.com |
581 KB |
4 |
google.com
www.google.com — Cisco Umbrella Rank: 3 |
31 KB |
24 | 3 |
Domain | Requested by | |
---|---|---|
14 | aisolar.gcosoftware.vn |
1 redirects
aisolar.gcosoftware.vn
|
6 | www.gstatic.com |
www.google.com
www.gstatic.com |
4 | www.google.com |
aisolar.gcosoftware.vn
www.gstatic.com www.google.com |
1 | fonts.gstatic.com |
www.google.com
|
24 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
aisolar.gcosoftware.vn R3 |
2023-01-26 - 2023-04-26 |
3 months | crt.sh |
www.google.com GTS CA 1C3 |
2023-05-29 - 2023-08-21 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-05-29 - 2023-08-21 |
3 months | crt.sh |
This page contains 3 frames:
Primary Page:
https://aisolar.gcosoftware.vn/wp-admin/RegDEX/web/captcha.php
Frame ID: 5200DC2C5AAC9F9AB25C06C7A39288DB
Requests: 15 HTTP requests in this frame
Frame:
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfPqZAhAAAAAGpcZH3FAABzRqetzI-NWd0Fo2vI&co=aHR0cHM6Ly9haXNvbGFyLmdjb3NvZnR3YXJlLnZuOjQ0Mw..&hl=en&v=IqA9DpBOUJevxkykws9RiIBs&size=normal&cb=4389qxb7elqh
Frame ID: 2BE8BAE84B98FEF6E0A6C04470FF8E51
Requests: 8 HTTP requests in this frame
Frame:
https://www.google.com/recaptcha/api2/bframe?hl=en&v=IqA9DpBOUJevxkykws9RiIBs&k=6LfPqZAhAAAAAGpcZH3FAABzRqetzI-NWd0Fo2vI
Frame ID: DCC1091C99627F8CEC3A4575550B7464
Requests: 3 HTTP requests in this frame
Screenshot
Page Title
Regions Online Banking - Log in to your accounts | RegionsPage URL History Show full URLs
-
http://aisolar.gcosoftware.vn/wp-admin/RegDEX/web/captcha.php
HTTP 301
https://aisolar.gcosoftware.vn/wp-admin/RegDEX/web/captcha.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
AngularJS (JavaScript Frameworks) Expand
Detected patterns
- \bangular.{0,32}\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
reCAPTCHA (Captchas) Expand
Detected patterns
- <div[^>]+class="g-recaptcha"
- /recaptcha/api\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://aisolar.gcosoftware.vn/wp-admin/RegDEX/web/captcha.php
HTTP 301
https://aisolar.gcosoftware.vn/wp-admin/RegDEX/web/captcha.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
captcha.php
aisolar.gcosoftware.vn/wp-admin/RegDEX/web/ Redirect Chain
|
6 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
www.google.com/recaptcha/ |
850 B 878 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
com-regions.css
aisolar.gcosoftware.vn/wp-admin/RegDEX/web/assets/css2/ |
369 KB 38 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
oldAuth.min.css
aisolar.gcosoftware.vn/wp-admin/RegDEX/web/assets/css2/ |
3 KB 1017 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
angular.min.js
aisolar.gcosoftware.vn/wp-admin/RegDEX/web/assets/js/ |
163 KB 55 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
aisolar.gcosoftware.vn/wp-admin/RegDEX/web/assets/js/ |
286 KB 78 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.validate.min.js
aisolar.gcosoftware.vn/wp-admin/RegDEX/web/assets/js/ |
49 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.mask.js
aisolar.gcosoftware.vn/wp-admin/RegDEX/web/assets/js/ |
18 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
regions-logo-no-r.svg
aisolar.gcosoftware.vn/wp-admin/RegDEX/web/assets/img/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Common.css
aisolar.gcosoftware.vn/wp-admin/RegDEX/web/assets/css2/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
equal-housing-lender.svg
aisolar.gcosoftware.vn/wp-admin/RegDEX/web/assets/img/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
member-fdic.svg
aisolar.gcosoftware.vn/wp-admin/RegDEX/web/assets/img/ |
6 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha__en.js
www.gstatic.com/recaptcha/releases/IqA9DpBOUJevxkykws9RiIBs/ |
427 KB 172 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
source-sans-pro-regular-webfont.woff
aisolar.gcosoftware.vn/wp-admin/RegDEX/web/assets/css2/Fonts/ |
19 KB 19 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
source-sans-pro-700-webfont.woff
aisolar.gcosoftware.vn/wp-admin/RegDEX/web/assets/css2/Fonts/ |
18 KB 18 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
anchor
www.google.com/recaptcha/api2/ Frame 2BE8 |
52 KB 29 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles__ltr.css
www.gstatic.com/recaptcha/releases/IqA9DpBOUJevxkykws9RiIBs/ Frame 2BE8 |
55 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha__en.js
www.gstatic.com/recaptcha/releases/IqA9DpBOUJevxkykws9RiIBs/ Frame 2BE8 |
427 KB 171 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 2BE8 |
14 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 2BE8 |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 2BE8 |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 2BE8 |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webworker.js
www.google.com/recaptcha/api2/ Frame 2BE8 |
102 B 205 B |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bframe
www.google.com/recaptcha/api2/ Frame DCC1 |
7 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles__ltr.css
www.gstatic.com/recaptcha/releases/IqA9DpBOUJevxkykws9RiIBs/ Frame DCC1 |
55 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha__en.js
www.gstatic.com/recaptcha/releases/IqA9DpBOUJevxkykws9RiIBs/ Frame DCC1 |
427 KB 171 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Regions Bank (Banking)15 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 boolean| credentialless object| onbeforetoggle object| onscrollend object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| angular function| $ function| jQuery object| recaptcha object| closure_lm_8240720 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aisolar.gcosoftware.vn
fonts.gstatic.com
www.google.com
www.gstatic.com
124.158.11.209
142.250.198.4
142.251.42.163
172.217.31.131
02ca49fda602d411bc21fbfa941871cd8944352e3ffb6b289b4f86eb1849a6c5
092a690c556396c5c85bb83728e427187415bcc74a7be26c340d0d3affd70129
0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e
1382ac6c6c52c680eff5bd31e677587d8b8186a76060c5bb4577c3e40c915d1f
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3e793e84b0992ddda04aad917199e8ad7be56af6a8459c7204d42b8351d861ab
43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27
48b80132cadfd8fedbd07731a568c07ad73b9b8e559be0b7a9147961e24465f5
4f586e699ab27b788af25ac5c56b6643c49219c2bd612d1fe66a3ff3a2b4fb99
692d421d5c163409a5918e802f507abbaa6bec90baa454c5252977a5b3b7ff0d
7cdd1ac485682bdbec3acd13ad2f7121dc33a37c8b1b9e295dccf11cab871a0a
8b69a3707a2ef4a748dd6c9923a1fa17d1ed5d32eee6e60240540217cf30b324
8c50aa8567731858e81bcfd2027718d9a7c8fd7bf54cf496499adbf5da5741b9
8cd9ec1f69dc5eae76225efcb7e0e4f067d70f6d67f936b4ba98f6e7c317ece2
912f72af9fe61099bc2452960df7b72ee662d5c3e6188ab246767de1fe367913
952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8
95fa45a07af8d2be5412ce54289b24c7ff2c2f0d524eb69913b1bfe26b28e539
c76d1157888f0e90d43d4a1d347081f2c6aa56b4fdd4f30950d421fef844756f
cf1f0d954cbbbcb32d170b1ff68c5b082a1086f34f2bbee825ca88b7c9fb213a
de623d70cab62eab2a379667b4758a279efa7bba87d3fb79fc34c02661a7658c
e4bc94279e093f25720c2867e7a08dbfaaa140636f11eab5ac4e204a93a3751e
fd8c074c5e7a27b179b199c790d0fe5337d2d7c7adc94955aea62f361ab8743e