npproductions.vn Open in urlscan Pro
139.162.31.164 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://auto-preker.de/uiu.php
Effective URL:
https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdC...
Submission: On July 04 via manual (July 4th 2022, 4:29:13 pm UTC) from CA — Scanned from DE

Summary HTTP 27 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 8 IPs in 5 countries across 6 domains to perform 27 HTTP transactions. The main IP is 139.162.31.164, located in Singapore, Singapore and belongs to LINODE-AP Linode, LLC, US. The main domain is npproductions.vn.
TLS certificate: Issued by R3 on June 9th 2022. Valid for: 3 months.

This is the only time npproductions.vn was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Canadian Government (Government)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2a01:4f8:c2c:... 2a01:4f8:c2c:fd47::1	24940 (HETZNER-AS) (HETZNER-AS)
14	139.162.31.164 139.162.31.164	63949 (LINODE-AP...) (LINODE-AP Linode)
1	2606:4700:20:... 2606:4700:20::ac43:4739	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	167.114.209.61 167.114.209.61	16276 (OVH) (OVH)
1	67.202.114.214 67.202.114.214	32748 (STEADFAST) (STEADFAST)
1	104.18.36.173 104.18.36.173	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	67.202.105.31 67.202.105.31	32748 (STEADFAST) (STEADFAST)
1	67.202.105.32 67.202.105.32	32748 (STEADFAST) (STEADFAST)
27	8

1 2a01:4f8:c2c:fd47::1 (Gunzenhausen, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)

auto-preker.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 139.162.31.164 (Singapore, Singapore)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li872-164.members.linode.com

npproductions.vn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:4739 (United States)

ASN13335 (CLOUDFLARENET, US)

waust.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 167.114.209.61 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: ns515688.ip-167-114-209.net

t.dtscout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.114.214 (United States)

ASN32748 (STEADFAST, US)
PTR: amung.us

whos.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.36.173 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 67.202.105.31 (United States)

ASN32748 (STEADFAST, US)
PTR: ip31.67-202-105.static.steadfastdns.net

ic.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.105.32 (United States)

ASN32748 (STEADFAST, US)
PTR: ip32.67-202-105.static.steadfastdns.net

de.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	npproductions.vn npproductions.vn	142 KB
9	tynt.com cdn.tynt.com — Cisco Umbrella Rank: 9591 ic.tynt.com — Cisco Umbrella Rank: 3999 de.tynt.com — Cisco Umbrella Rank: 1575	9 KB
2	dtscout.com t.dtscout.com — Cisco Umbrella Rank: 13139	3 KB
1	amung.us whos.amung.us — Cisco Umbrella Rank: 14886	142 B
1	waust.at waust.at — Cisco Umbrella Rank: 41062	7 KB
1	auto-preker.de 1 redirects auto-preker.de	267 B
27	6

	Domain	Requested by
14	npproductions.vn	npproductions.vn
7	ic.tynt.com	npproductions.vn
2	t.dtscout.com	waust.at t.dtscout.com
1	de.tynt.com	cdn.tynt.com
1	cdn.tynt.com	waust.at
1	whos.amung.us	waust.at
1	waust.at	npproductions.vn
1	auto-preker.de	1 redirects
27	8

This site contains links to these domains. Also see Links.

Domain
whos.amung.us

Subject Issuer	Validity	Valid
npproductions.vn R3	`2022-06-09` - `2022-09-07`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-07-04` - `2023-07-04`	a year	crt.sh
*.dtscout.com Sectigo RSA Domain Validation Secure Server CA	`2021-10-28` - `2022-11-27`	a year	crt.sh
*.amung.us Sectigo RSA Domain Validation Secure Server CA	`2022-05-18` - `2023-06-17`	a year	crt.sh
*.tynt.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-23` - `2022-09-30`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB
Frame ID: 9F6000D72D66CC36DCB6FD70B99D98AB
Requests: 26 HTTP requests in this frame

Frame: https://npproductions.vn/cra_ca_service/door/sig-blk-en.svg
Frame ID: 8AD53D02693BF9C4273E5311A44A2322
Requests: 1 HTTP requests in this frame

Frame: https://npproductions.vn/cra_ca_service/door/wmms-blk.svg
Frame ID: 032DFC9FE44511DF6D5D895596E1ADC6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Step 1: Start your claim - Canadian Revenue Agency

Page URL History Show full URLs

https://auto-preker.de/uiu.php HTTP 302
https://npproductions.vn/cra_ca_service/ Page URL
https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

27
Requests

100 %
HTTPS

25 %
IPv6

6
Domains

8
Subdomains

8
IPs

5
Countries

161 kB
Transfer

725 kB
Size

5
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://whos.amung.us/stats/u1yub7c0a9/
Title: 9

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://auto-preker.de/uiu.php HTTP 302
https://npproductions.vn/cra_ca_service/ Page URL
https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://auto-preker.de/uiu.php HTTP 302
https://npproductions.vn/cra_ca_service/

27 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response npproductions.vn/cra_ca_service/ Redirect Chain https://auto-preker.de/uiu.php https://npproductions.vn/cra_ca_service/	163 B 515 B	2007ms 684ms	Document text/html	139.162.31.164 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://npproductions.vn/cra_ca_service/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 139.162.31.164 Singapore, Singapore, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li872-164.members.linode.com Software LiteSpeed / Resource Hash `07d66db90a8cf1e2d924ebeffad2061c2947f06380912f25b1d06c67f1eda402` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" cache-control no-store, no-cache, must-revalidate content-encoding gzip content-length 169 content-type text/html; charset=UTF-8 date Mon, 04 Jul 2022 16:29:07 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server LiteSpeed vary Accept-Encoding Redirect headers Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Mon, 04 Jul 2022 16:29:05 GMT Keep-Alive timeout=5, max=100 Location https://npproductions.vn/cra_ca_service/ Server Apache/2.4.38 (Debian) Transfer-Encoding chunked
GET H2	200	Primary Request start.php Show response npproductions.vn/cra_ca_service/	28 KB 6 KB	173ms 172ms	Document text/html	139.162.31.164 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB Protocol H2 Security TLS 1.3, , AES_128_GCM Server 139.162.31.164 Singapore, Singapore, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li872-164.members.linode.com Software LiteSpeed / Resource Hash `fbdc53f82de1e5cc57a14b061009db68b114060e3f1e6a6136a3e1e1bab6d4a8` Request headers Referer https://npproductions.vn/cra_ca_service/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" cache-control no-store, no-cache, must-revalidate content-encoding gzip content-length 6060 content-type text/html; charset=UTF-8 date Mon, 04 Jul 2022 16:29:07 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server LiteSpeed vary Accept-Encoding
GET H2	200	theme.css npproductions.vn/cra_ca_service/door/	290 KB 53 KB	170ms 168ms	Stylesheet text/css	139.162.31.164 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://npproductions.vn/cra_ca_service/door/theme.css Requested by Host: npproductions.vn URL: https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB Protocol H2 Security TLS 1.3, , AES_128_GCM Server 139.162.31.164 Singapore, Singapore, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li872-164.members.linode.com Software LiteSpeed / Resource Hash `b9adc9d233ab5f39618b6fa8ff5b5a99aff51fbbe0cc4558e8f5024b15cc1281` Request headers accept-language de-DE,de;q=0.9 Referer https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 04 Jul 2022 16:29:07 GMT content-encoding br last-modified Thu, 26 Jul 2018 15:54:40 GMT server LiteSpeed etag "486cb-5b59eec0-1dd81d;br" vary Accept-Encoding content-type text/css cache-control public, max-age=604800 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 54024 expires Mon, 11 Jul 2022 16:29:07 GMT
GET H2	200	theme_002.css npproductions.vn/cra_ca_service/door/	28 KB 4 KB	506ms 503ms	Stylesheet text/css	139.162.31.164 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://npproductions.vn/cra_ca_service/door/theme_002.css Requested by Host: npproductions.vn URL: https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB Protocol H2 Security TLS 1.3, , AES_128_GCM Server 139.162.31.164 Singapore, Singapore, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li872-164.members.linode.com Software LiteSpeed / Resource Hash `41fbb280ed197740a1c526e9619c00510e2b32dcbba016261890c9052d3243de` Request headers accept-language de-DE,de;q=0.9 Referer https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 04 Jul 2022 16:29:07 GMT content-encoding br last-modified Thu, 26 Jul 2018 15:54:42 GMT server LiteSpeed etag "6fbd-5b59eec2-1dd81e;br" vary Accept-Encoding content-type text/css cache-control public, max-age=604800 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 4095 expires Mon, 11 Jul 2022 16:29:07 GMT
GET H2	200	font-awesome.css npproductions.vn/cra_ca_service/door/	30 KB 7 KB	506ms 504ms	Stylesheet text/css	139.162.31.164 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://npproductions.vn/cra_ca_service/door/font-awesome.css Requested by Host: npproductions.vn URL: https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB Protocol H2 Security TLS 1.3, , AES_128_GCM Server 139.162.31.164 Singapore, Singapore, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li872-164.members.linode.com Software LiteSpeed / Resource Hash `409431c6d45382c6f353dc8d2dbeff98b90e88c1c728f263e7299d68a55dda53` Request headers accept-language de-DE,de;q=0.9 Referer https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 04 Jul 2022 16:29:07 GMT content-encoding br last-modified Thu, 26 Jul 2018 15:53:14 GMT server LiteSpeed etag "78ff-5b59ee6a-1dd780;br" vary Accept-Encoding content-type text/css cache-control public, max-age=604800 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 6643 expires Mon, 11 Jul 2022 16:29:07 GMT
GET H2	200	jquery.css npproductions.vn/cra_ca_service/door/	2 KB 473 B	507ms 504ms	Stylesheet text/css	139.162.31.164 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://npproductions.vn/cra_ca_service/door/jquery.css Requested by Host: npproductions.vn URL: https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB Protocol H2 Security TLS 1.3, , AES_128_GCM Server 139.162.31.164 Singapore, Singapore, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li872-164.members.linode.com Software LiteSpeed / Resource Hash `2cc052d474ce6ee267dd164a839814615a04865b2706d1bc1cb73160c55c549f` Request headers accept-language de-DE,de;q=0.9 Referer https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 04 Jul 2022 16:29:07 GMT content-encoding br last-modified Thu, 26 Jul 2018 15:36:54 GMT server LiteSpeed etag "636-5b59ea96-1dd782;br" vary Accept-Encoding content-type text/css cache-control public, max-age=604800 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 382 expires Mon, 11 Jul 2022 16:29:07 GMT
GET H2	200	theme-jb.css npproductions.vn/cra_ca_service/door/	96 KB 16 KB	507ms 505ms	Stylesheet text/css	139.162.31.164 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://npproductions.vn/cra_ca_service/door/theme-jb.css Requested by Host: npproductions.vn URL: https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB Protocol H2 Security TLS 1.3, , AES_128_GCM Server 139.162.31.164 Singapore, Singapore, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li872-164.members.linode.com Software LiteSpeed / Resource Hash `840787fa147628e52a9ee2f640e98efdf524beb19bdf532f2d9fed83e494a00b` Request headers accept-language de-DE,de;q=0.9 Referer https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 04 Jul 2022 16:29:07 GMT content-encoding br last-modified Thu, 26 Jul 2018 17:38:24 GMT server LiteSpeed etag "17fa5-5b5a0710-1dd81c;br" vary Accept-Encoding content-type text/css cache-control public, max-age=604800 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 16667 expires Mon, 11 Jul 2022 16:29:07 GMT
GET H2	200	typeahead.css npproductions.vn/cra_ca_service/door/	2 KB 551 B	507ms 505ms	Stylesheet text/css	139.162.31.164 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://npproductions.vn/cra_ca_service/door/typeahead.css Requested by Host: npproductions.vn URL: https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB Protocol H2 Security TLS 1.3, , AES_128_GCM Server 139.162.31.164 Singapore, Singapore, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li872-164.members.linode.com Software LiteSpeed / Resource Hash `087280e8c5432abfa73e746559de4572d34263fefac3484f125d09386cb836a7` Request headers accept-language de-DE,de;q=0.9 Referer https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 04 Jul 2022 16:29:07 GMT content-encoding br last-modified Thu, 26 Jul 2018 15:36:54 GMT server LiteSpeed etag "691-5b59ea96-1dd81f;br" vary Accept-Encoding content-type text/css cache-control public, max-age=604800 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 461 expires Mon, 11 Jul 2022 16:29:07 GMT
GET H2	200	project-jb-style.css npproductions.vn/cra_ca_service/door/	118 KB 18 KB	508ms 506ms	Stylesheet text/css	139.162.31.164 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://npproductions.vn/cra_ca_service/door/project-jb-style.css Requested by Host: npproductions.vn URL: https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB Protocol H2 Security TLS 1.3, , AES_128_GCM Server 139.162.31.164 Singapore, Singapore, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li872-164.members.linode.com Software LiteSpeed / Resource Hash `ea367de6df1889913977d3895f8144334678dd679f9d641b67fc82585a97336b` Request headers accept-language de-DE,de;q=0.9 Referer https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 04 Jul 2022 16:29:07 GMT content-encoding br last-modified Thu, 26 Jul 2018 15:53:02 GMT server LiteSpeed etag "1d8da-5b59ee5e-1dd784;br" vary Accept-Encoding content-type text/css cache-control public, max-age=604800 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 17881 expires Mon, 11 Jul 2022 16:29:07 GMT
GET H2	200	project-style.css npproductions.vn/cra_ca_service/door/	42 KB 9 KB	508ms 506ms	Stylesheet text/css	139.162.31.164 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://npproductions.vn/cra_ca_service/door/project-style.css Requested by Host: npproductions.vn URL: https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB Protocol H2 Security TLS 1.3, , AES_128_GCM Server 139.162.31.164 Singapore, Singapore, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li872-164.members.linode.com Software LiteSpeed / Resource Hash `59cbf75521f37224126ca5245658398f41f4edb1d1c4abdd08274e9acfefd937` Request headers accept-language de-DE,de;q=0.9 Referer https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 04 Jul 2022 16:29:07 GMT content-encoding br last-modified Thu, 26 Jul 2018 15:52:28 GMT server LiteSpeed etag "a811-5b59ee3c-1dd785;br" vary Accept-Encoding content-type text/css cache-control public, max-age=604800 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 9366 expires Mon, 11 Jul 2022 16:29:07 GMT
GET H2	200	d.js Show response waust.at/	14 KB 7 KB	72ms 32ms	Script application/x-javascript	2606:4700:20::ac43:4739 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://waust.at/d.js Requested by Host: npproductions.vn URL: https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:4739 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `95c9628c1b9999a708886345c166c5234c9e0f4e8f540939a0e2fe66168d320c` Request headers accept-language de-DE,de;q=0.9 Referer https://npproductions.vn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 04 Jul 2022 16:29:08 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 2566 last-modified Sun, 26 Jun 2022 09:57:25 GMT server cloudflare etag W/"62b82d85-397a" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zBF%2B7XD%2BeafE3MYTQnGW78lCmgqDtUXoh3IB0w0Kf1vgcKDufIXhYVpuFWaZ3ffqr1q5uxdL01NF%2BOAS16iyAabhe8S9ti5rt1EaYOq3vQhyxW2PMmqi1vcGUCLIMBnsGOr6tq7U"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript access-control-allow-origin * cache-control max-age=86400 cf-ray 72593cee4b6690dc-FRA expires Tue, 05 Jul 2022 15:46:22 GMT
GET H3	200	css.css npproductions.vn/cra_ca_service/door/	15 KB 1 KB	180ms 179ms	Stylesheet text/css	139.162.31.164 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://npproductions.vn/cra_ca_service/door/css.css Requested by Host: npproductions.vn URL: https://npproductions.vn/cra_ca_service/door/theme-jb.css Protocol H3 Security QUIC, , AES_128_GCM Server 139.162.31.164 Singapore, Singapore, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li872-164.members.linode.com Software LiteSpeed / Resource Hash `792c90a99278257ce02b561b401f489f2bd5acf0147ded12115b92cc1fba2154` Request headers accept-language de-DE,de;q=0.9 Referer https://npproductions.vn/cra_ca_service/door/theme-jb.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 04 Jul 2022 16:29:08 GMT content-encoding br last-modified Thu, 26 Jul 2018 16:19:46 GMT server LiteSpeed etag "3ac8-5b59f4a2-1dd77e;br" vary Accept-Encoding content-type text/css cache-control public, max-age=604800 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 876 expires Mon, 11 Jul 2022 16:29:08 GMT
GET H3	200	glyphicons-halflings-regular.woff npproductions.vn/cra_ca_service/door/semi/	23 KB 23 KB	177ms 177ms	Font application/font-woff	139.162.31.164 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://npproductions.vn/cra_ca_service/door/semi/glyphicons-halflings-regular.woff Requested by Host: npproductions.vn URL: https://npproductions.vn/cra_ca_service/door/theme.css Protocol H3 Security QUIC, , AES_128_GCM Server 139.162.31.164 Singapore, Singapore, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li872-164.members.linode.com Software LiteSpeed / Resource Hash `fc969dc1c6ff531abcf368089dcbaf5775133b0626ff56b52301a059fc0f9e1e` Request headers Referer https://npproductions.vn/cra_ca_service/door/theme.css Origin https://npproductions.vn accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 04 Jul 2022 16:29:08 GMT last-modified Thu, 26 Jul 2018 15:10:50 GMT server LiteSpeed etag "5b18-5b59e47a-1dd7ac;;;" content-type application/font-woff accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 23320
GET H3	200	sig-blk-en.svg Show response npproductions.vn/cra_ca_service/door/ Frame 8AD5	10 KB 2 KB	203ms 203ms	Document image/svg+xml	139.162.31.164 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://npproductions.vn/cra_ca_service/door/sig-blk-en.svg Requested by Host: npproductions.vn URL: https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB Protocol H3 Security QUIC, , AES_128_GCM Server 139.162.31.164 Singapore, Singapore, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li872-164.members.linode.com Software LiteSpeed / Resource Hash `b493143147246fc0d7a9f377c2526560329e923b8be0bb4c9ac3e408adcfb06f` Request headers Referer https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" cache-control public, max-age=604800 content-encoding br content-length 2065 content-type image/svg+xml date Mon, 04 Jul 2022 16:29:08 GMT etag "29d6-5b59ea96-1dd81b;br" expires Mon, 11 Jul 2022 16:29:08 GMT last-modified Thu, 26 Jul 2018 15:36:54 GMT server LiteSpeed vary Accept-Encoding
GET H3	200	wmms-blk.svg Show response npproductions.vn/cra_ca_service/door/ Frame 032D	5 KB 2 KB	211ms 211ms	Document image/svg+xml	139.162.31.164 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://npproductions.vn/cra_ca_service/door/wmms-blk.svg Requested by Host: npproductions.vn URL: https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB Protocol H3 Security QUIC, , AES_128_GCM Server 139.162.31.164 Singapore, Singapore, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li872-164.members.linode.com Software LiteSpeed / Resource Hash `e3f871276a81f087b28dcadca177edf7511d7fdd6c8287c51030c4ac454296ab` Request headers Referer https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" cache-control public, max-age=604800 content-encoding br content-length 1677 content-type image/svg+xml date Mon, 04 Jul 2022 16:29:08 GMT etag "128f-5b59ea98-1dd820;br" expires Mon, 11 Jul 2022 16:29:08 GMT last-modified Thu, 26 Jul 2018 15:36:56 GMT server LiteSpeed vary Accept-Encoding
GET H/1.1	200 OK	/ Show response t.dtscout.com/i/	2 KB 3 KB	342ms 135ms	Script application/javascript	167.114.209.61 OVH
General Check archive.org Show headers Download Go to Full URL https://t.dtscout.com/i/?l=https%3A%2F%2Fnpproductions.vn%2Fcra_ca_service%2Fstart.php%3Fprogram%3Dtax%26target%3Ddetails%26lang%3Den%26idp%3Dcms%3Bjsessnid%3DMMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB&j=https%3A%2F%2Fnpproductions.vn%2Fcra_ca_service%2F Requested by Host: waust.at URL: https://waust.at/d.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 167.114.209.61 Montreal, Canada, ASN16276 (OVH, FR), Reverse DNS ns515688.ip-167-114-209.net Software nginx/1.10.3 (Ubuntu) / Resource Hash `867e8c0f65910529d214a22ff58f5ad38158e1c104cc1706c94d5f4d3780944c` Request headers accept-language de-DE,de;q=0.9 Referer https://npproductions.vn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers Date Mon, 04 Jul 2022 16:29:09 GMT X-T 1.359 Server nginx/1.10.3 (Ubuntu) Transfer-Encoding chunked Content-Type application/javascript Cache-Control no-cache Connection close X-S mtl1 Expires Mon, 04 Jul 2022 16:29:08 GMT
GET H2	200	/ Show response whos.amung.us/pingjs/	28 B 142 B	331ms 111ms	Script text/javascript	67.202.114.214 STEADFAST
General Check archive.org Show headers Download Go to Full URL https://whos.amung.us/pingjs/?k=u1yub7c0a9&t=Step%201%3A%20Start%20your%20claim%20-%20Canadian%20Revenue%20Agency&c=d&x=https%3A%2F%2Fnpproductions.vn%2Fcra_ca_service%2Fstart.php%3Fprogram%3Dtax%26target%3Ddetails%26lang%3Den%26idp%3Dcms%3Bjsessnid%3DMMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB&y=https%3A%2F%2Fnpproductions.vn%2Fcra_ca_service%2F&a=0&v=27&r=3802 Requested by Host: waust.at URL: https://waust.at/d.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 67.202.114.214 , United States, ASN32748 (STEADFAST, US), Reverse DNS amung.us Software / Resource Hash `292f04c7bb934d2a11378026143a77f965744abb2774ff9719643348b4591657` Request headers accept-language de-DE,de;q=0.9 Referer https://npproductions.vn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 04 Jul 2022 16:29:09 GMT content-encoding gzip content-type text/javascript;charset=UTF-8
GET H2	200	tc.js Show response cdn.tynt.com/	17 KB 7 KB	235ms 23ms	Script application/javascript	104.18.36.173 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.tynt.com/tc.js Requested by Host: waust.at URL: https://waust.at/d.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.18.36.173 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `34d3c5bccdafcfd082aba4d2c845ac06ef9a24ae683225d596117f0e53ff1300` Request headers accept-language de-DE,de;q=0.9 Referer https://npproductions.vn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 04 Jul 2022 16:29:09 GMT content-encoding gzip cf-cache-status HIT last-modified Tue, 28 Jun 2022 14:45:43 GMT server cloudflare age 6200 etag W/"62bb1417-4523" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript cache-control public, max-age=259200 cf-ray 72593cf70e3f9be0-FRA expires Thu, 07 Jul 2022 16:29:09 GMT
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6f4587fb64cd2e7ce26ba21941c80f3ab8d28c257b73d04a87c949b32e4cde2d` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers Content-Type image/png
GET H/1.1	200 OK	/ Show response t.dtscout.com/pv/	51 B 319 B	290ms 99ms	Script application/javascript	167.114.209.61 OVH
General Check archive.org Show headers Download Go to Full URL https://t.dtscout.com/pv/?_a=v&_h=npproductions.vn&_ss=2i03zt8fdk&_pv=1&_ls=0&_u1=1&_u3=1&_cc=de&_pl=d&_cbid=vrjs&_cb=_dtspv.c Requested by Host: t.dtscout.com URL: https://t.dtscout.com/i/?l=https%3A%2F%2Fnpproductions.vn%2Fcra_ca_service%2Fstart.php%3Fprogram%3Dtax%26target%3Ddetails%26lang%3Den%26idp%3Dcms%3Bjsessnid%3DMMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB&j=https%3A%2F%2Fnpproductions.vn%2Fcra_ca_service%2F Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 167.114.209.61 Montreal, Canada, ASN16276 (OVH, FR), Reverse DNS ns515688.ip-167-114-209.net Software nginx/1.10.3 (Ubuntu) / Resource Hash `271abc1a2b85ca823c5bdd411c9c3c9772ca4846dd8a7ae6a8be53d98c52e21d` Request headers accept-language de-DE,de;q=0.9 Referer https://npproductions.vn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers Date Mon, 04 Jul 2022 16:29:09 GMT X-T 0.124 Server nginx/1.10.3 (Ubuntu) Transfer-Encoding chunked X-C 0 Content-Type application/javascript Cache-Control no-cache Connection close Expires Mon, 04 Jul 2022 16:29:08 GMT
GET H2	204	p ic.tynt.com/b/	0 227 B	610ms 101ms	Image text/plain	67.202.105.31 STEADFAST
General Check archive.org Show headers Download Go to Show image Full URL https://ic.tynt.com/b/p?id=w!u1yub7c0a9&lm=0&ts=1656952149683&dn=TC&iso=0&r=https%3A%2F%2Fnpproductions.vn%2Fcra_ca_service%2F&t=Step%201%3A%20Start%20your%20claim%20-%20Canadian%20Revenue%20Agency Requested by Host: npproductions.vn URL: https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB Protocol H2 Security TLS 1.3, , AES_256_GCM Server 67.202.105.31 , United States, ASN32748 (STEADFAST, US), Reverse DNS ip31.67-202-105.static.steadfastdns.net Software nginx/1.16.1 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language de-DE,de;q=0.9 Referer https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 04 Jul 2022 16:29:10 GMT cache-control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false" expires "Sat, 26 Jul 1997 05:00:00 GMT" server nginx/1.16.1 p3p CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
GET H2	200	v2 Show response de.tynt.com/deb/	4 B 260 B	386ms 105ms	Script application/javascript	67.202.105.32 STEADFAST
General Check archive.org Show headers Download Go to Full URL https://de.tynt.com/deb/v2?id=w!u1yub7c0a9&dn=TC&cc=1&r=https%3A%2F%2Fnpproductions.vn%2Fcra_ca_service%2F Requested by Host: cdn.tynt.com URL: https://cdn.tynt.com/tc.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 67.202.105.32 , United States, ASN32748 (STEADFAST, US), Reverse DNS ip32.67-202-105.static.steadfastdns.net Software / Resource Hash `d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179` Request headers accept-language de-DE,de;q=0.9 Referer https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 04 Jul 2022 16:29:09 GMT cache-control max-age=86400 content-type application/javascript accept-ch Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version p3p CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA" content-length 4 expires Tue, 05 Jul 2022 16:29:10 GMT
GET H2	204	p ic.tynt.com/b/	0 227 B	104ms 103ms	Image text/plain	67.202.105.31 STEADFAST
General Check archive.org Show headers Download Go to Show image Full URL https://ic.tynt.com/b/p?id=w!u1yub7c0a9&lm=0&ts=1656952149683&dn=TC&iso=0&r=https%3A%2F%2Fnpproductions.vn%2Fcra_ca_service%2F&t=Step%201%3A%20Start%20your%20claim%20-%20Canadian%20Revenue%20Agency Requested by Host: npproductions.vn URL: https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB Protocol H2 Security TLS 1.3, , AES_256_GCM Server 67.202.105.31 , United States, ASN32748 (STEADFAST, US), Reverse DNS ip31.67-202-105.static.steadfastdns.net Software nginx/1.16.1 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language de-DE,de;q=0.9 Referer https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 04 Jul 2022 16:29:10 GMT cache-control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false" expires "Sat, 26 Jul 1997 05:00:00 GMT" server nginx/1.16.1 p3p CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
GET H2	204	p ic.tynt.com/b/	0 227 B	102ms 101ms	Image text/plain	67.202.105.31 STEADFAST
General Check archive.org Show headers Download Go to Show image Full URL https://ic.tynt.com/b/p?id=w!u1yub7c0a9&lm=0&ts=1656952149683&dn=TC&iso=0&r=https%3A%2F%2Fnpproductions.vn%2Fcra_ca_service%2F&t=Step%201%3A%20Start%20your%20claim%20-%20Canadian%20Revenue%20Agency Requested by Host: npproductions.vn URL: https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB Protocol H2 Security TLS 1.3, , AES_256_GCM Server 67.202.105.31 , United States, ASN32748 (STEADFAST, US), Reverse DNS ip31.67-202-105.static.steadfastdns.net Software nginx/1.16.1 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language de-DE,de;q=0.9 Referer https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 04 Jul 2022 16:29:10 GMT cache-control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false" expires "Sat, 26 Jul 1997 05:00:00 GMT" server nginx/1.16.1 p3p CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
GET H2	204	p ic.tynt.com/b/	0 227 B	102ms 101ms	Image text/plain	67.202.105.31 STEADFAST
General Check archive.org Show headers Download Go to Show image Full URL https://ic.tynt.com/b/p?id=w!u1yub7c0a9&lm=0&ts=1656952149683&dn=TC&iso=0&r=https%3A%2F%2Fnpproductions.vn%2Fcra_ca_service%2F Requested by Host: npproductions.vn URL: https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB Protocol H2 Security TLS 1.3, , AES_256_GCM Server 67.202.105.31 , United States, ASN32748 (STEADFAST, US), Reverse DNS ip31.67-202-105.static.steadfastdns.net Software nginx/1.16.1 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language de-DE,de;q=0.9 Referer https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 04 Jul 2022 16:29:10 GMT cache-control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false" expires "Sat, 26 Jul 1997 05:00:00 GMT" server nginx/1.16.1 p3p CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
GET H2	204	p ic.tynt.com/b/	0 227 B	102ms 102ms	Image text/plain	67.202.105.31 STEADFAST
General Check archive.org Show headers Download Go to Show image Full URL https://ic.tynt.com/b/p?id=w!u1yub7c0a9&lm=0&ts=1656952149683&dn=TC&iso=0 Requested by Host: npproductions.vn URL: https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB Protocol H2 Security TLS 1.3, , AES_256_GCM Server 67.202.105.31 , United States, ASN32748 (STEADFAST, US), Reverse DNS ip31.67-202-105.static.steadfastdns.net Software nginx/1.16.1 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language de-DE,de;q=0.9 Referer https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 04 Jul 2022 16:29:10 GMT cache-control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false" expires "Sat, 26 Jul 1997 05:00:00 GMT" server nginx/1.16.1 p3p CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
GET H2	204	p ic.tynt.com/b/	0 227 B	102ms 101ms	Image text/plain	67.202.105.31 STEADFAST
General Check archive.org Show headers Download Go to Show image Full URL https://ic.tynt.com/b/p?id=w!u1yub7c0a9&lm=0&ts=1656952149683&dn=TC&iso=0 Requested by Host: npproductions.vn URL: https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB Protocol H2 Security TLS 1.3, , AES_256_GCM Server 67.202.105.31 , United States, ASN32748 (STEADFAST, US), Reverse DNS ip31.67-202-105.static.steadfastdns.net Software nginx/1.16.1 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language de-DE,de;q=0.9 Referer https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 04 Jul 2022 16:29:10 GMT cache-control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false" expires "Sat, 26 Jul 1997 05:00:00 GMT" server nginx/1.16.1 p3p CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
GET H2	204	p ic.tynt.com/b/	0 227 B	102ms 102ms	Image text/plain	67.202.105.31 STEADFAST
General Check archive.org Show headers Download Go to Show image Full URL https://ic.tynt.com/b/p?id=w!u1yub7c0a9&lm=0&ts=1656952149683&dn=TC&iso=0 Requested by Host: npproductions.vn URL: https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB Protocol H2 Security TLS 1.3, , AES_256_GCM Server 67.202.105.31 , United States, ASN32748 (STEADFAST, US), Reverse DNS ip31.67-202-105.static.steadfastdns.net Software nginx/1.16.1 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language de-DE,de;q=0.9 Referer https://npproductions.vn/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=MMbBLhBYPnokdPWGAdCSOQNDmojFWuirQJbNjrQeOjciZRrfB User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 04 Jul 2022 16:29:10 GMT cache-control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false" expires "Sat, 26 Jul 1997 05:00:00 GMT" server nginx/1.16.1 p3p CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Canadian Government (Government)

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
npproductions.vn/	1969-12-31 23:59:59	Name: PHPSESSID Value: e0rt0ifgokkd88s7sthuhqo1b8
.dtscout.com/	1970-01-20 04:15:57	Name: m Value: 1
.dtscout.com/	1970-01-20 04:16:10	Name: b Value: 1
.dtscout.com/	1970-01-20 04:16:06	Name: oa Value: 1
.dtscout.com/	1970-01-20 06:39:52	Name: df Value: 1656952149

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

auto-preker.de
cdn.tynt.com
de.tynt.com
ic.tynt.com
npproductions.vn
t.dtscout.com
waust.at
whos.amung.us
104.18.36.173
139.162.31.164
167.114.209.61
2606:4700:20::ac43:4739
2a01:4f8:c2c:fd47::1
67.202.105.31
67.202.105.32
67.202.114.214
07d66db90a8cf1e2d924ebeffad2061c2947f06380912f25b1d06c67f1eda402
087280e8c5432abfa73e746559de4572d34263fefac3484f125d09386cb836a7
271abc1a2b85ca823c5bdd411c9c3c9772ca4846dd8a7ae6a8be53d98c52e21d
292f04c7bb934d2a11378026143a77f965744abb2774ff9719643348b4591657
2cc052d474ce6ee267dd164a839814615a04865b2706d1bc1cb73160c55c549f
34d3c5bccdafcfd082aba4d2c845ac06ef9a24ae683225d596117f0e53ff1300
409431c6d45382c6f353dc8d2dbeff98b90e88c1c728f263e7299d68a55dda53
41fbb280ed197740a1c526e9619c00510e2b32dcbba016261890c9052d3243de
59cbf75521f37224126ca5245658398f41f4edb1d1c4abdd08274e9acfefd937
6f4587fb64cd2e7ce26ba21941c80f3ab8d28c257b73d04a87c949b32e4cde2d
792c90a99278257ce02b561b401f489f2bd5acf0147ded12115b92cc1fba2154
840787fa147628e52a9ee2f640e98efdf524beb19bdf532f2d9fed83e494a00b
867e8c0f65910529d214a22ff58f5ad38158e1c104cc1706c94d5f4d3780944c
95c9628c1b9999a708886345c166c5234c9e0f4e8f540939a0e2fe66168d320c
b493143147246fc0d7a9f377c2526560329e923b8be0bb4c9ac3e408adcfb06f
b9adc9d233ab5f39618b6fa8ff5b5a99aff51fbbe0cc4558e8f5024b15cc1281
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3f871276a81f087b28dcadca177edf7511d7fdd6c8287c51030c4ac454296ab
ea367de6df1889913977d3895f8144334678dd679f9d641b67fc82585a97336b
fbdc53f82de1e5cc57a14b061009db68b114060e3f1e6a6136a3e1e1bab6d4a8
fc969dc1c6ff531abcf368089dcbaf5775133b0626ff56b52301a059fc0f9e1e

npproductions.vn Open in urlscan Pro 139.162.31.164 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

27 Requests

100 %HTTPS

25 %IPv6

6 Domains

8 Subdomains

8 IPs

5 Countries

161 kBTransfer

725 kBSize

5 Cookies

1 Outgoing links

Page URL History

Redirected requests

27 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

npproductions.vn Open in urlscan Pro
139.162.31.164 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

27
Requests

100 %
HTTPS

25 %
IPv6

6
Domains

8
Subdomains

8
IPs

5
Countries

161 kB
Transfer

725 kB
Size

5
Cookies

27 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!