1514638098.rsc.cdn77.org Open in urlscan Pro
2a02:6ea0:c700::17  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://freshstore.vn/assets/img/banny.php Page URL
2. https://colorful-catnip-angolatitan.glitch.me/1100.html Page URL
3. https://1514638098.rsc.cdn77.org/includes/11/ Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	banny.php freshstore.vn/assets/img/	129 B 227 B	1717ms 259ms	Document text/html	125.212.254.224 VIETEL-AS-AP Viet...
General Check archive.org Show headers Download Go to Full URL https://freshstore.vn/assets/img/banny.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 125.212.254.224 , Viet Nam, ASN7552 (VIETEL-AS-AP Viettel Group, VN), Reverse DNS Software Apache / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding gzip content-type text/html; charset=UTF-8 date Thu, 03 Nov 2022 01:36:38 GMT server Apache vary Accept-Encoding
GET H2	200	1100.html Show response colorful-catnip-angolatitan.glitch.me/	206 B 549 B	468ms 233ms	Document text/html	75.101.229.39 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://colorful-catnip-angolatitan.glitch.me/1100.html Requested by Host: freshstore.vn URL: https://freshstore.vn/assets/img/banny.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 75.101.229.39 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-75-101-229-39.compute-1.amazonaws.com Software AmazonS3 / Resource Hash 48cd3c975bc5613fc0ee02d9579d45a6bbe355b52cceac72018e98cd9328becc Request headers Referer https://freshstore.vn/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes cache-control no-cache content-length 206 content-type text/html; charset=utf-8 date Thu, 03 Nov 2022 01:36:38 GMT etag "a1e8c4b29e0ffa68d1f6d70aa01ce2fc" last-modified Tue, 01 Nov 2022 20:19:37 GMT server AmazonS3 x-amz-id-2 sAiFLH4l/+oYPWBtGRIpDCWQgqlw1ZQzeM/U0d3M2nMm6SWYJu/D9UJ6+QxvvxvQ1fIhhcMfsNRdJJqcTL8hLA== x-amz-request-id VQM0A62NQ01JBF7T x-amz-version-id N_VH8_8LjDr.68pFZVET1.uMjuyGyoeK
GET H2	200	Primary Request / Show response 1514638098.rsc.cdn77.org/includes/11/	7 KB 2 KB	73ms 17ms	Document text/html	2a02:6ea0:c700::17 CDN77 ^_^
General Check archive.org Show headers Download Go to Full URL https://1514638098.rsc.cdn77.org/includes/11/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash 15ab2f213224d5982d12c1b4fd96fa6f3e7d327584d01d1528adeb04313a5369 Request headers Referer https://colorful-catnip-angolatitan.glitch.me/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding br content-type text/html date Thu, 03 Nov 2022 01:36:38 GMT last-modified Fri, 15 Jan 2021 05:47:38 GMT server CDN77-Turbo vary Accept-Encoding x-77-cache HIT x-77-nzt AZySIRDmP1n/HiMAAA x-77-nzt-ray K96nIiS0b7A x-77-pop frankfurtDE x-accel-expires @1668467208 x-age 8990 x-cache HIT
GET H2	200	core.responsive.css 1514638098.rsc.cdn77.org/includes/11/css/	170 KB 23 KB	29ms 27ms	Stylesheet text/css	2a02:6ea0:c700::17 CDN77 ^_^
General Check archive.org Show headers Download Go to Full URL https://1514638098.rsc.cdn77.org/includes/11/css/core.responsive.css Requested by Host: 1514638098.rsc.cdn77.org URL: https://1514638098.rsc.cdn77.org/includes/11/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash a8df18894afb5d95fb7f5b8826a31a9af3b80a6c84d120c5954362ac4a2a21de Request headers accept-language de-DE,de;q=0.9 Referer https://1514638098.rsc.cdn77.org/includes/11/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers x-77-nzt AZySIRDwp2n/hRcAAA x-accel-expires @1668470177 date Thu, 03 Nov 2022 01:36:38 GMT x-77-pop frankfurtDE content-encoding br last-modified Fri, 15 Jan 2021 05:40:04 GMT server CDN77-Turbo x-77-nzt-ray +UirASkq6OU vary Accept-Encoding x-cache HIT content-type text/css x-77-cache HIT x-age 6021
GET H2	200	new-to-IB-Login.jpg 1514638098.rsc.cdn77.org/includes/11/images/	35 KB 35 KB	41ms 40ms	Image image/jpeg	2a02:6ea0:c700::17 CDN77 ^_^
General Check archive.org Show headers Download Go to Show image Full URL https://1514638098.rsc.cdn77.org/includes/11/images/new-to-IB-Login.jpg Requested by Host: 1514638098.rsc.cdn77.org URL: https://1514638098.rsc.cdn77.org/includes/11/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash 970b30ecdac296255284371251aa42c24585c8a9a4204106ece322c3b3f670a0 Request headers accept-language de-DE,de;q=0.9 Referer https://1514638098.rsc.cdn77.org/includes/11/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers x-77-nzt AZySIRDyx+z/hRcAAA x-accel-expires @1668470177 date Thu, 03 Nov 2022 01:36:38 GMT x-77-pop frankfurtDE last-modified Fri, 15 Jan 2021 03:28:14 GMT server CDN77-Turbo x-77-nzt-ray RM9g/UN2Tfo x-cache HIT content-type image/jpeg x-77-cache HIT x-age 6021 accept-ranges bytes content-length 35972
GET H2	404	proximanova-semibold-webfont.woff2 1514638098.rsc.cdn77.org/preauth/assets/fonts/licenced/proxima-nova/	0 0	476ms 475ms	Font text/html	2a02:6ea0:c700::17 CDN77 ^_^
General Check archive.org Show headers Download Go to Full URL https://1514638098.rsc.cdn77.org/preauth/assets/fonts/licenced/proxima-nova/proximanova-semibold-webfont.woff2 Requested by Host: 1514638098.rsc.cdn77.org URL: https://1514638098.rsc.cdn77.org/includes/11/css/core.responsive.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash Request headers Referer https://1514638098.rsc.cdn77.org/includes/11/css/core.responsive.css Origin https://1514638098.rsc.cdn77.org accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers x-77-nzt AZySIRDKpfXbSQ4AAA x-accel-expires @1667439459 date Thu, 03 Nov 2022 01:36:39 GMT x-77-pop frankfurtDE content-encoding br server CDN77-Turbo x-77-nzt-ray o/xDjXC4b2w x-cache EXPIRED content-type text/html; charset=iso-8859-1 x-77-cache MISS x-age 3657
GET H2	404	anz-icons.woff 1514638098.rsc.cdn77.org/preauth/assets/fonts/	0 0	473ms 473ms	Font text/html	2a02:6ea0:c700::17 CDN77 ^_^
General Check archive.org Show headers Download Go to Full URL https://1514638098.rsc.cdn77.org/preauth/assets/fonts/anz-icons.woff?88b0600a601495d043793b3d6c58d55c Requested by Host: 1514638098.rsc.cdn77.org URL: https://1514638098.rsc.cdn77.org/includes/11/css/core.responsive.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash Request headers Referer https://1514638098.rsc.cdn77.org/includes/11/css/core.responsive.css Origin https://1514638098.rsc.cdn77.org accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers x-77-nzt AZySIRD0uiLbSQ4AAA x-accel-expires @1667439459 date Thu, 03 Nov 2022 01:36:39 GMT x-77-pop frankfurtDE content-encoding br server CDN77-Turbo x-77-nzt-ray 2+etvw5hLRY x-cache EXPIRED content-type text/html; charset=iso-8859-1 x-77-cache MISS x-age 3657
GET H2	200	anz_logo_gradient.svg Show response 1514638098.rsc.cdn77.org/includes/11/images/ Frame EF7A	5 KB 2 KB	17ms 17ms	Document image/svg+xml	2a02:6ea0:c700::17 CDN77 ^_^
General Check archive.org Show headers Download Go to Full URL https://1514638098.rsc.cdn77.org/includes/11/images/anz_logo_gradient.svg Requested by Host: 1514638098.rsc.cdn77.org URL: https://1514638098.rsc.cdn77.org/includes/11/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash c89404f1564e543aa95db072387fd1f3f84998b748be83af3e1df75910991925 Request headers Referer https://1514638098.rsc.cdn77.org/includes/11/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding br content-type image/svg+xml date Thu, 03 Nov 2022 01:36:39 GMT last-modified Fri, 15 Jan 2021 03:28:14 GMT server CDN77-Turbo x-77-cache HIT x-77-nzt AZySIRAfpGL/hRcAAA x-77-nzt-ray x1+a7xKaizc x-77-pop frankfurtDE x-accel-expires @1668470178 x-age 6021 x-cache HIT
GET H2	404	anz-icons.ttf 1514638098.rsc.cdn77.org/preauth/assets/fonts/	0 0	173ms 172ms	Font text/html	2a02:6ea0:c700::17 CDN77 ^_^
General Check archive.org Show headers Download Go to Full URL https://1514638098.rsc.cdn77.org/preauth/assets/fonts/anz-icons.ttf?88b0600a601495d043793b3d6c58d55c Requested by Host: 1514638098.rsc.cdn77.org URL: https://1514638098.rsc.cdn77.org/includes/11/css/core.responsive.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash Request headers Referer https://1514638098.rsc.cdn77.org/includes/11/css/core.responsive.css Origin https://1514638098.rsc.cdn77.org accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers x-77-nzt AZySIRDwmtfbSQ4AAA x-accel-expires @1667439459 date Thu, 03 Nov 2022 01:36:39 GMT x-77-pop frankfurtDE content-encoding br server CDN77-Turbo x-77-nzt-ray 93bep4RoJUM x-cache EXPIRED content-type text/html; charset=iso-8859-1 x-77-cache MISS x-age 3657
GET H2	404	proximanova-semibold-webfont.woff 1514638098.rsc.cdn77.org/preauth/assets/fonts/licenced/proxima-nova/	0 0	174ms 173ms	Font text/html	2a02:6ea0:c700::17 CDN77 ^_^
General Check archive.org Show headers Download Go to Full URL https://1514638098.rsc.cdn77.org/preauth/assets/fonts/licenced/proxima-nova/proximanova-semibold-webfont.woff Requested by Host: 1514638098.rsc.cdn77.org URL: https://1514638098.rsc.cdn77.org/includes/11/css/core.responsive.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash Request headers Referer https://1514638098.rsc.cdn77.org/includes/11/css/core.responsive.css Origin https://1514638098.rsc.cdn77.org accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers x-77-nzt AZySIRAfLv7bSQ4AAA x-accel-expires @1667439459 date Thu, 03 Nov 2022 01:36:39 GMT x-77-pop frankfurtDE content-encoding br server CDN77-Turbo x-77-nzt-ray li6S2qCgYlk x-cache EXPIRED content-type text/html; charset=iso-8859-1 x-77-cache MISS x-age 3657
GET H2	404	proximanova-semibold-webfont.ttf 1514638098.rsc.cdn77.org/preauth/assets/fonts/licenced/proxima-nova/	0 0	180ms 179ms	Font text/html	2a02:6ea0:c700::17 CDN77 ^_^
General Check archive.org Show headers Download Go to Full URL https://1514638098.rsc.cdn77.org/preauth/assets/fonts/licenced/proxima-nova/proximanova-semibold-webfont.ttf Requested by Host: 1514638098.rsc.cdn77.org URL: https://1514638098.rsc.cdn77.org/includes/11/css/core.responsive.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash Request headers Referer https://1514638098.rsc.cdn77.org/includes/11/css/core.responsive.css Origin https://1514638098.rsc.cdn77.org accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers x-77-nzt AZySIRD7jlTbSQ4AAA x-accel-expires @1667439459 date Thu, 03 Nov 2022 01:36:39 GMT x-77-pop frankfurtDE content-encoding br server CDN77-Turbo x-77-nzt-ray wjb5NSHYENs x-cache EXPIRED content-type text/html; charset=iso-8859-1 x-77-cache MISS x-age 3657

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ANZ Bank (Banking)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://1514638098.rsc.cdn77.org/preauth/assets/fonts/anz-icons.woff?88b0600a601495d043793b3d6c58d55c Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://1514638098.rsc.cdn77.org/preauth/assets/fonts/licenced/proxima-nova/proximanova-semibold-webfont.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://1514638098.rsc.cdn77.org/preauth/assets/fonts/anz-icons.ttf?88b0600a601495d043793b3d6c58d55c Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://1514638098.rsc.cdn77.org/preauth/assets/fonts/licenced/proxima-nova/proximanova-semibold-webfont.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://1514638098.rsc.cdn77.org/preauth/assets/fonts/licenced/proxima-nova/proximanova-semibold-webfont.ttf Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1514638098.rsc.cdn77.org
colorful-catnip-angolatitan.glitch.me
freshstore.vn
125.212.254.224
2a02:6ea0:c700::17
75.101.229.39
15ab2f213224d5982d12c1b4fd96fa6f3e7d327584d01d1528adeb04313a5369
48cd3c975bc5613fc0ee02d9579d45a6bbe355b52cceac72018e98cd9328becc
970b30ecdac296255284371251aa42c24585c8a9a4204106ece322c3b3f670a0
a8df18894afb5d95fb7f5b8826a31a9af3b80a6c84d120c5954362ac4a2a21de
c89404f1564e543aa95db072387fd1f3f84998b748be83af3e1df75910991925