urlscan.io logo urlscan.io
SecurityTrails logo

phimsexhotnhat.tk Open in urlscan Pro
2a02:4780:dead:c5d8::1  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://phimsexhotnhat.tk/
Submission: On September 03 via api from QA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 5 countries across 7 domains to perform 10 HTTP transactions. The main IP is 2a02:4780:dead:c5d8::1, located in United States and belongs to AWEX, US. The main domain is phimsexhotnhat.tk.
This is the only time phimsexhotnhat.tk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 2a02:4780:dea... 204915 (AWEX)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
2 139.99.69.67 16276 (OVH)
1 162.210.102.230 32748 (STEADFAST)
3 103.57.221.26 45899 (VNPT-AS-V...)
1 2a03:2880:f11... 32934 (FACEBOOK)
1 42.112.37.35 18403 (FPT-AS-AP...)
10 7
1    2a02:4780:dead:c5d8::1 (United States)

ASN204915 (AWEX, US)
phimsexhotnhat.tk
1    2001:4de0:ac19::1:b:1a (Netherlands)

ASN20446 (HIGHWINDS3, US)
code.jquery.com
2    139.99.69.67 (Singapore)

ASN16276 (OVH, FR)
PTR: sgprm40.fastcpanelserver.com
trian-freefire.com
1    162.210.102.230 (United States)

ASN32748 (STEADFAST, US)
khabanhidol.dyndns-office.com
3    103.57.221.26 (Viet Nam)

ASN45899 (VNPT-AS-VN VNPT Corp, VN)
tuanxuong.com
1    2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    42.112.37.35 (Viet Nam)

ASN18403 (FPT-AS-AP The Corporation for Financing & Promoting Technology, VN)
gamek.mediacdn.vn
Domain Requested by
3 tuanxuong.com phimsexhotnhat.tk
2 trian-freefire.com phimsexhotnhat.tk
trian-freefire.com
1 gamek.mediacdn.vn phimsexhotnhat.tk
1 www.facebook.com phimsexhotnhat.tk
1 khabanhidol.dyndns-office.com phimsexhotnhat.tk
1 code.jquery.com phimsexhotnhat.tk
1 phimsexhotnhat.tk
10 7

This site contains no links.

Subject Issuer Validity Valid
jquery.org
COMODO RSA Domain Validation Secure Server CA		 2018-10-17 -
2020-10-16		 2 years crt.sh
trian-freefire.com
Let's Encrypt Authority X3		 2020-08-19 -
2020-11-17		 3 months crt.sh
tuanxuong.com
cPanel, Inc. Certification Authority		 2020-06-27 -
2020-09-25		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2020-07-21 -
2020-10-12		 3 months crt.sh
*.mediacdn.vn
Sectigo RSA Domain Validation Secure Server CA		 2019-06-24 -
2021-06-23		 2 years crt.sh

This page contains 1 frames:

Primary Page: http://phimsexhotnhat.tk/
Frame ID: 230FEED14571499DA5F532C208B1817F
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

10
Requests

80 %
HTTPS

43 %
IPv6

7
Domains

7
Subdomains

7
IPs

5
Countries

166 kB
Transfer

325 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set /
phimsexhotnhat.tk/ 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://phimsexhotnhat.tk/
Protocol
HTTP/1.1
Server
2a02:4780:dead:c5d8::1 , United States, ASN204915 (AWEX, US),
Reverse DNS
Software
awex /
Resource Hash
7db76fd12f5080ea7a8cd74de1f80ca99c26c1ab346eb8b1c067c8253a4f55d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
phimsexhotnhat.tk
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 03 Sep 2020 01:23:42 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
PHPSESSID=abukb08mg9bobhhd9l8h8hnjib; path=/
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Server
awex
X-Xss-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Request-ID
63364ac513dd920fdea8a5166db46c46
Content-Encoding
gzip
jquery-2.2.2.min.js
code.jquery.com/ 		84 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-2.2.2.min.js
Requested by
Host: phimsexhotnhat.tk
URL: http://phimsexhotnhat.tk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:1a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
dfa729d82a3effadab1000181cb99108f232721e3b0af74cfae4c12704b35a32

Request headers

Referer
http://phimsexhotnhat.tk/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 03 Sep 2020 01:23:43 GMT
content-encoding
gzip
last-modified
Thu, 17 Mar 2016 17:52:17 GMT
server
nginx
status
200
etag
W/"56eaeed1-14e98"
vary
Accept-Encoding
x-hw
1599096223.dop207.fr8.t,1599096223.cds227.fr8.hn,1599096223.cds235.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
29880
fb.css
trian-freefire.com/assets/ 		132 KB
29 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://trian-freefire.com/assets/fb.css
Requested by
Host: phimsexhotnhat.tk
URL: http://phimsexhotnhat.tk/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.99.69.67 , Singapore, ASN16276 (OVH, FR),
Reverse DNS
sgprm40.fastcpanelserver.com
Software
LiteSpeed /
Resource Hash
a4ecc72a8b783b91faa49e534658571c18b5fc72a50d0c85c4ae316ca9825b17
Security Headers
Name Value
X-Frame-Options sameorigin

Request headers

Referer
http://phimsexhotnhat.tk/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 03 Sep 2020 01:23:43 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Fri, 14 Feb 2020 03:43:26 GMT
server
LiteSpeed
x-frame-options
sameorigin
content-type
text/css
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length
29562
expires
Thu, 10 Sep 2020 01:23:43 GMT
responesive.css
khabanhidol.dyndns-office.com/mycss/ 		50 B
334 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://khabanhidol.dyndns-office.com/mycss/responesive.css
Requested by
Host: phimsexhotnhat.tk
URL: http://phimsexhotnhat.tk/
Protocol
HTTP/1.1
Server
162.210.102.230 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
Software
Apache /
Resource Hash
4dd339d79774e04b1778aaa37e6c5b2d0044c980e1f0a2e7ea08abe13a300b41

Request headers

Referer
http://phimsexhotnhat.tk/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 03 Sep 2020 01:23:43 GMT
Last-Modified
Sun, 31 May 2020 05:13:36 GMT
Server
Apache
ETag
"32-5a6eabd89b7d7"
Vary
User-Agent
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
50
3a.css
tuanxuong.com/demo/25885/css/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://tuanxuong.com/demo/25885/css/3a.css
Requested by
Host: phimsexhotnhat.tk
URL: http://phimsexhotnhat.tk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
103.57.221.26 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
http://phimsexhotnhat.tk/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers
4a.css
tuanxuong.com/demo/25885/css/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://tuanxuong.com/demo/25885/css/4a.css
Requested by
Host: phimsexhotnhat.tk
URL: http://phimsexhotnhat.tk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
103.57.221.26 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
http://phimsexhotnhat.tk/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers
5a.css
tuanxuong.com/demo/25885/css/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://tuanxuong.com/demo/25885/css/5a.css
Requested by
Host: phimsexhotnhat.tk
URL: http://phimsexhotnhat.tk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
103.57.221.26 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
http://phimsexhotnhat.tk/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers
fb_icon_325x325.png
www.facebook.com/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/images/fb_icon_325x325.png
Requested by
Host: phimsexhotnhat.tk
URL: http://phimsexhotnhat.tk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b6b82bf5645626796f4768d65283f0d38d6ca833a1c1387eef36a8c4582fb077
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://phimsexhotnhat.tk/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fb-debug
uF/bImUbJk3Vu0OBUzX8qRJGv5TMnghPiXBP7ZzybeWJmQIBn2ar2EsxCR0q2FuPV5WbHWmCTwfn13x2v9m0LQ==
x-content-type-options
nosniff
content-md5
QoHxqzSPjnHu+6AQ0nfa6w==
status
200
date
Thu, 03 Sep 2020 01:15:57 GMT
strict-transport-security
max-age=15552000; preload
content-type
image/png
access-control-allow-origin
*
edge-control
cache-maxage=86400s
cache-control
public,max-age=86400
timing-allow-origin
*
content-length
1919
expires
Fri, 04 Sep 2020 01:15:57 GMT
photo-1-157391848492999759146.jpg
gamek.mediacdn.vn/2019/11/16/ 		93 KB
93 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gamek.mediacdn.vn/2019/11/16/photo-1-157391848492999759146.jpg
Requested by
Host: phimsexhotnhat.tk
URL: http://phimsexhotnhat.tk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
42.112.37.35 , Viet Nam, ASN18403 (FPT-AS-AP The Corporation for Financing & Promoting Technology, VN),
Reverse DNS
Software
VCCloud CDN / 158 /
Resource Hash
38a6eaeaa2682f438c89fd7260acb6a43286dfb537e0632a28e133b4dfd2a4b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://phimsexhotnhat.tk/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 03 Sep 2020 01:23:44 GMT
x-content-type-options
nosniff
x-cache
HIT from VCCloud CDN
status
200
content-length
94757
x-xss-protection
1; mode=block
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Length,Content-Type,DNT,If-Modified-Since,Keep-Alive,Key,Origin,Range,User-Agent,X-Requested-With
last-modified
Tue, 17 Dec 2019 14:11:10 GMT
server
VCCloud CDN / 158
access-control-allow-methods
GET, HEAD, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
link
<>; rel="canonical"
jT0UEYSEi4D.png
trian-freefire.com/images/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trian-freefire.com/images/jT0UEYSEi4D.png
Requested by
Host: trian-freefire.com
URL: https://trian-freefire.com/assets/fb.css
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
139.99.69.67 , Singapore, ASN16276 (OVH, FR),
Reverse DNS
sgprm40.fastcpanelserver.com
Software
LiteSpeed /
Resource Hash
5951d931dbf6a79657527f6c61445c3a4be81114ce8cbbb5585a287140e5f426
Security Headers
Name Value
X-Frame-Options sameorigin

Request headers

Referer
https://trian-freefire.com/assets/fb.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 03 Sep 2020 01:23:44 GMT
last-modified
Fri, 14 Feb 2020 03:43:26 GMT
server
LiteSpeed
x-frame-options
sameorigin
content-type
image/png
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
8636
expires
Thu, 10 Sep 2020 01:23:44 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes function| $ function| jQuery

1 Cookies

Domain/Path Name / Value
phimsexhotnhat.tk/ Name: PHPSESSID
Value: abukb08mg9bobhhd9l8h8hnjib

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block