www.obadan.net
Open in
urlscan Pro
2606:4700:3031::6815:1c86
Malicious Activity!
Public Scan
Effective URL: https://www.obadan.net/hello/vr/a1b2c3/7c9e9cccf04302689ddb1cf82c07e070/login/
Submission Tags: phishing volksbank Search All
Submission: On May 02 via api from DE — Scanned from DE
Summary
TLS certificate: Issued by E1 on March 18th 2022. Valid for: 3 months.
This is the only time www.obadan.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Volksbank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 124.158.11.209 124.158.11.209 | 38733 (CMCTELECO...) (CMCTELECOM-AS-VN CMC Telecom Infrastructure Company) | |
2 28 | 2606:4700:303... 2606:4700:3031::6815:1c86 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
26 | 2 |
ASN38733 (CMCTELECOM-AS-VN CMC Telecom Infrastructure Company, VN)
duhocredbeans.gcosoftware.vn |
Apex Domain Subdomains |
Transfer | |
---|---|---|
28 |
obadan.net
2 redirects
www.obadan.net |
309 KB |
1 |
gcosoftware.vn
1 redirects
duhocredbeans.gcosoftware.vn |
139 B |
26 | 2 |
Domain | Requested by | |
---|---|---|
28 | www.obadan.net |
2 redirects
www.obadan.net
|
1 | duhocredbeans.gcosoftware.vn | 1 redirects |
26 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.obadan.net E1 |
2022-03-18 - 2022-06-16 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.obadan.net/hello/vr/a1b2c3/7c9e9cccf04302689ddb1cf82c07e070/login/
Frame ID: BD74B94477E1B8C796DFB5AFA0F05795
Requests: 27 HTTP requests in this frame
Screenshot
Page Title
VolksbankPage URL History Show full URLs
-
https://duhocredbeans.gcosoftware.vn/home/
HTTP 302
https://www.obadan.net/hello/vr/ Page URL
-
https://www.obadan.net/hello/vr/a1b2c3/7c9e9cccf04302689ddb1cf82c07e070
HTTP 301
https://www.obadan.net/hello/vr/a1b2c3/7c9e9cccf04302689ddb1cf82c07e070/ HTTP 302
https://www.obadan.net/hello/vr/a1b2c3/7c9e9cccf04302689ddb1cf82c07e070/login/ Page URL
Detected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://duhocredbeans.gcosoftware.vn/home/
HTTP 302
https://www.obadan.net/hello/vr/ Page URL
-
https://www.obadan.net/hello/vr/a1b2c3/7c9e9cccf04302689ddb1cf82c07e070
HTTP 301
https://www.obadan.net/hello/vr/a1b2c3/7c9e9cccf04302689ddb1cf82c07e070/ HTTP 302
https://www.obadan.net/hello/vr/a1b2c3/7c9e9cccf04302689ddb1cf82c07e070/login/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://duhocredbeans.gcosoftware.vn/home/ HTTP 302
- https://www.obadan.net/hello/vr/
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
www.obadan.net/hello/vr/ Redirect Chain
|
1 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
invisible.js
www.obadan.net/cdn-cgi/challenge-platform/h/g/scripts/ |
41 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pica.js
www.obadan.net/cdn-cgi/challenge-platform/h/g/scripts/ |
24 KB 9 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
704f8c79fcbc5bfd
www.obadan.net/cdn-cgi/challenge-platform/h/g/cv/result/ |
2 B 717 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
/
www.obadan.net/hello/vr/a1b2c3/7c9e9cccf04302689ddb1cf82c07e070/login/ Redirect Chain
|
12 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.min.js
www.obadan.net/hello/vr/bower_components/jquery/dist/ |
85 KB 31 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ua-parser.min.js
www.obadan.net/hello/vr/bower_components/ua-parser-js/dist/ |
17 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
font-awesome.min.css
www.obadan.net/hello/vr/bower_components/font-awesome/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
core_form.js
www.obadan.net/hello/vr/core/form/ |
14 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
core_form.css
www.obadan.net/hello/vr/core/form/ |
1 KB 889 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
core_token.js
www.obadan.net/hello/vr/core/token/ |
16 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
core_token.css
www.obadan.net/hello/vr/core/token/ |
699 B 968 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
css.css
www.obadan.net/hello/vr/login/form/ |
30 B 675 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
index.css
www.obadan.net/hello/vr/login/ |
71 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo.png
www.obadan.net/hello/vr/login/ |
9 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
xhtml-filler
www.obadan.net/hello/vr/login/ |
43 B 645 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ebpe-warnung
www.obadan.net/hello/vr/login/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ips
www.obadan.net/hello/vr/login/ |
159 KB 160 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ips_001.dat
www.obadan.net/hello/vr/login/ |
31 KB 32 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
form.js
www.obadan.net/hello/vr/login/form/ |
5 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
token.js
www.obadan.net/hello/vr/login/token/ |
1 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
wallpaper-body
www.obadan.net/hello/vr/login/ |
631 B 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
329 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
crossnav-link
www.obadan.net/hello/vr/login/ |
238 B 238 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
background-seitenanfang
www.obadan.net/hello/vr/login/ |
239 B 239 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
home.php
www.obadan.net/hello/vr/ |
57 B 671 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
home.php
www.obadan.net/hello/vr/ |
57 B 672 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Volksbank (Banking)46 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails function| $ function| jQuery function| UAParser function| ask_login_proxy function| ask_terms_proxy function| ask_smart_tan_proxy function| ask_smart_tan_2_proxy function| ask_secure_go_proxy function| ask_sms_proxy function| ask_def_proxy function| ask_pin_proxy function| ask_time_proxy function| ask_info_proxy function| next__ function| finish__ function| set_event function| def_plugin_data_receiver function| deep_json_parse object| cookies function| advanced_string_validation function| sin_luhn function| cc_luhn function| dob_luhn function| exp_with_day_luhn function| exp_luhn function| qasame__ function| valid_a function| valid_q function| send1 object| bider_obj undefined| last_respond undefined| last_operation object| respond string| bid object| php_js string| el object| CORE__ object| REST_FN__ object| loader_ function| jQuery32100798743169017917_1651481841796 number| bidder_timer function| jQuery32100798743169017917_16514818417983 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.obadan.net/hello/vr/a1b2c3/7c9e9cccf04302689ddb1cf82c07e070 | Name: bid Value: 7c9e9cccf04302689ddb1cf82c07e070 |
|
www.obadan.net/hello/vr | Name: real Value: OK |
|
.obadan.net/ | Name: __cf_bm Value: _N9fMI0UmCiXxBiO.nklw.CMpfTvq2lRcAit3YMWgC4-1651481840-0-AVm8pyjFi0kpoalae4BGfzOdcwacjgRTRxjA/hslMu/QgBukquIOoVuSWxq2pkCWOTWRFEL4tFQi92XhdbC/HOlJ6xzq/z4srI4gMnSCg/l3S8sq6o5jFhwx+f8KhqOa0w== |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
duhocredbeans.gcosoftware.vn
www.obadan.net
124.158.11.209
2606:4700:3031::6815:1c86
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896
18998268280d34cda9a5ae2dceeeeddaaa285ffcd7cb5157cfc8e1050480bb02
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2bd88d44ab5b1dfcff947d5ce739fc6bcf61a4acbd043097d3b9aa245e3f34e3
33dcafb8470734f44deceefaeb93ca1f4a82f79f8b9a15c7b7176a10b7bde15b
44462ddc0fe126587c4c30004e159fb72e4478cd8843546a3a02b115752376fa
4a3126fa1f1bbe4145287ed96b6ded90374af6fceba8a9224e5337fa2b55e5ec
50372824bb850b3891ec7f150cab492914fc6348f158deab54ecba2a48a2c5b0
5127f563453816a118ab0e70eba6a956c3ec8bef030257f1489907cd32377294
5b7d6edfb1d0fe7ddfaddde4b1776e244f38e076a22b584c18ba4df9708a6057
5e2de4263dcbb90ea4a86c2abd8ea17d3275dbd9620c1fd7653f95645a5b4aa9
63a862bfdb8e871309839cef71334c2bbe1b4249b54bedf76120e9fdfdec5068
651d5f0ebe64d2e125357f11b8e485fdfee14339bf584e7946a3b142c9ec9cff
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
81e964fbcc0d91d57d4284567a6258537efdd63474f899bbd0ff419fa91c5984
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
9284d948e86d2e99f31483b5f4b3a4c3e65e0a6fbca9a8d2db8c6095f82ac3f5
9b1ef9a4bd926fa2e091829c1a67d39206e9b2934f4117ae78e2dc7006a0aa1f
9b2c8bb6240e4eabb0c07d8d07b3aa36c7430a45c42592e82d698f5042da139b
a07e35a0a48199eb5cde940517b95ba921bb4a58e173dfea2468c5e4b5578897
ad556ddd869fecdb5c863abaac84e9d95bfbbace86e179511c6841b381423ae8
afca56431c686eab1218304b5e0f13043f0c00b935e07f82c45ba47bf3f9bd1c
b0b66376019d952661b1c357c901c8f337d47d01d4326e6b14ee8927dfeb5218
b5e024ed968916f0f6d124e5359850ac2e8b37d0232e5221cd01a6f9a0ba8702
ce8a5a50d229192e436fec31dc1f61c98a0c10fd01b22e31746468c0df40152e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855