chitida.com
Open in
urlscan Pro
45.64.187.233
Malicious Activity!
Public Scan
Submitted URL: http://chitida.com/onlines/authentication/authentication.do/
Effective URL: http://chitida.com/onlines/authentication/authentication.do/online/authntication.bs.php?intcp=aWlA|LOGIN|F=XOvdVfVk...
Submission: On January 21 via manual from CA
Effective URL: http://chitida.com/onlines/authentication/authentication.do/online/authntication.bs.php?intcp=aWlA|LOGIN|F=XOvdVfVk...
Submission: On January 21 via manual from CA
Summary
This website contacted 1 IPs
in 1 countries
across 1 domains to perform 20 HTTP transactions.
The main IP is 45.64.187.233, located in
Thailand and
belongs to BANGMODENTERPRISE-TH Bangmod Enterprise Co., Ltd., TH.
The main domain is chitida.com.
This is the only time chitida.com was scanned on urlscan.io!
This is the only time chitida.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Scotiabank (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 21 | 45.64.187.233 45.64.187.233 | 58955 (BANGMODEN...) (BANGMODENTERPRISE-TH Bangmod Enterprise Co.) | |
| 20 | 1 |
21
45.64.187.233
(Thailand)
ASN58955 (BANGMODENTERPRISE-TH Bangmod Enterprise Co., Ltd., TH)
PTR: vps.vpsthai.net
ASN58955 (BANGMODENTERPRISE-TH Bangmod Enterprise Co., Ltd., TH)
PTR: vps.vpsthai.net
| chitida.com | |
| www.chitida.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 21 |
chitida.com
1 redirects
chitida.com www.chitida.com |
268 KB |
| 20 | 1 |
| Domain | Requested by | |
|---|---|---|
| 20 | chitida.com |
1 redirects
chitida.com
|
| 1 | www.chitida.com |
chitida.com
|
| 20 | 2 |
This site contains no links.
| Subject Issuer | Validity | Valid |
|---|
This page contains 1 frames:
Primary Page:
http://chitida.com/onlines/authentication/authentication.do/online/authntication.bs.php?intcp=aWlA|LOGIN|F=XOvdVfVkyIUiGpnYZzSbCbCteqUBbUryjmbESxpQFJyMymlYlDAoeChJ
Frame ID: 6E6A965C80137BE6870815392B593AAB
Requests: 20 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://chitida.com/onlines/authentication/authentication.do/ Page URL
- http://chitida.com/onlines/authentication/authentication.do/online/authntication.bs.php?intcp=a... Page URL
Detected technologies
Nginx
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://chitida.com/onlines/authentication/authentication.do/ Page URL
- http://chitida.com/onlines/authentication/authentication.do/online/authntication.bs.php?intcp=aWlA|LOGIN|F=XOvdVfVkyIUiGpnYZzSbCbCteqUBbUryjmbESxpQFJyMymlYlDAoeChJ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 2- http://chitida.com/onlines/authentication/authentication.do/online/measure/jquery.css?load_id=afpHbLwJgNjLEBlYo HTTP 302
- http://www.chitida.com/onlines/authentication/authentication.do/online/measure/?SID=9tl2riehjg337huekum1fv1ta0
20 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
 Cookie set
/
chitida.com/onlines/authentication/authentication.do/ |
375 B 690 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
authntication.bs.php
chitida.com/onlines/authentication/authentication.do/online/ |
15 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
load.css
chitida.com/onlines/authentication/authentication.do/online/measure/ |
383 KB 88 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
www.chitida.com/onlines/authentication/authentication.do/online/measure/ Redirect Chain
|
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
load2.css
chitida.com/onlines/authentication/authentication.do/online/measure/ |
198 B 487 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
plugin.css
chitida.com/onlines/authentication/authentication.do/online/measure/ |
693 B 632 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ajax-loader-small.gif
chitida.com/onlines/authentication/authentication.do/online/measure/ |
673 B 932 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
icon_print.png
chitida.com/onlines/authentication/authentication.do/online/measure/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
scotiabank-group-bw.gif
chitida.com/onlines/authentication/authentication.do/online/measure/ |
2 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
icon_help.png
chitida.com/onlines/authentication/authentication.do/online/measure/ |
643 B 902 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
icon_success.png
chitida.com/onlines/authentication/authentication.do/online/measure/ |
711 B 970 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ad-travel_insurance-loginleft-en.png
chitida.com/onlines/authentication/authentication.do/online/measure/ |
71 KB 72 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
login_banner.jpg
chitida.com/onlines/authentication/authentication.do/online/measure/ |
80 KB 80 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bg_Curtain_overall.png
chitida.com/onlines/authentication/authentication.do/online/measure/reg/ |
160 B 418 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
nav-bg.png
chitida.com/onlines/authentication/authentication.do/online/measure/reg/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
scotiabank-group.gif
chitida.com/onlines/authentication/authentication.do/online/measure/reg/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bg_vertical_dotted_line1.png
chitida.com/onlines/authentication/authentication.do/online/measure/reg/ |
77 B 334 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bg_signon.png
chitida.com/onlines/authentication/authentication.do/online/measure/reg/ |
121 B 379 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
lock.png
chitida.com/onlines/authentication/authentication.do/online/measure/reg/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
download-trustee.png
chitida.com/onlines/authentication/authentication.do/online/measure/reg/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Scotiabank (Banking)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| chitida.com/ | Name: PHPSESSID Value: 9tl2riehjg337huekum1fv1ta0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
chitida.com
www.chitida.com
45.64.187.233
1dc148caf3ae416b653bfdcd9847da3642546e9683e164e2e0dc5c0aad6af87f
1df9b68c63b68a59ea8a56b43b12ca41bde0343e1c4e83ccdd44f9c64cb3e788
2290c1d1c885e7ffc5213c5f84fa864552c3640e35b5bfb45140d9f4356a6093
229def774e0909f6ae8d9938c0799f85f9f0d542f4026b68fb7d0d32a0df0ec3
37468e0d96180ad4a7f2cff247ae1990e5d541a7985c752bddec8f3e0dd108e7
3ee06783e2b747ce9493c4bbe480d195380864e45f7e3d7877d6402a76b76192
408f07113d8d08430067b70f17a6b248ce774dbe7fbf5fefd9037ff517889fd5
4320b7969df049d2ac843edc9d3b5611a6fee6802bde8bcfd97d1cbbafb7b45e
4492bc9010f56313c556ee09b9bf143ad07119ba316bd7a2b430e2bcb7b88595
541a235d37c4ecea24dbd30fb57297f1c97b7fa2a21995bc3e140d02dd58a4fb
744a1f4f91613c80cf192f53f37d58a97f2342551fc3688c6c1688ac3de97bad
76330916b02f8c37767886fc1cce39423f49a900873bc670746b367df1229312
7ca6ab8f08bd643a1eee32900e4dca2e2d8f56b716f0cf118b7a2f56ccd1f2fd
7cb55ff22196ae68d1926706f1e5fdd0a2b3fbde686094011c5a7f5549a8346b
816933517550c1e9fb4ba30176e10832a897b375de17ed22a7d53c7afb5910d3
a95fbdabc8d66f969f2e7c05e92b757dcc436c432c69eb4b45192aa68d90c9fd
b48583bc5878d27332c6f751cfd7c9be9268330fb3f61d8af683ba0fa205f58a
c6cbdb8e854f700eeb987e01ff817004ed07596e74675b628f1611fe91213369
d13d66253786ce58a09bb1e640f531686c606679892d3ab2fea0ecfe21f8baa4