gbcafe.combf.ru Open in urlscan Pro
95.165.130.208 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://gbcafe.combf.ru/includes/js/dtree/Login.php
Submission: On August 17 via automatic, source openphish (August 17th 2017, 5:59:21 pm UTC)

Summary HTTP 16 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 16 HTTP transactions. The main IP is 95.165.130.208, located in Moscow, Russian Federation and belongs to ASN-MGTS-USPD, RU. The main domain is gbcafe.combf.ru.

This is the only time gbcafe.combf.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Chase (Banking) Generic (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	95.165.130.208 95.165.130.208	25513 (ASN-MGTS-...) (ASN-MGTS-USPD)
3	202.28.77.144 202.28.77.144	4621 (UNSPECIFI...) (UNSPECIFIED UNINET-)
11	159.53.113.152 159.53.113.152	7743 (AS-7743) (AS-7743 - JPMorgan Chase & Co.)
16	4

1 95.165.130.208 (Moscow, Russian Federation)

ASN25513 (ASN-MGTS-USPD, RU)
PTR: ppp95-165-130-208.pppoe.spdop.ru

gbcafe.combf.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 202.28.77.144 (Chon Buri, Thailand)

ASN4621 (UNSPECIFIED UNINET-, TH)
PTR: www.gspa.buu.ac.th

www.gspa.buu.ac.th	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 159.53.113.152 (New York, United States)

ASN7743 (AS-7743 - JPMorgan Chase & Co., US)

chaseonline.chase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	chase.com chaseonline.chase.com	23 KB
3	buu.ac.th www.gspa.buu.ac.th Failed	47 KB
1	combf.ru gbcafe.combf.ru	243 B
16	3

	Domain	Requested by
11	chaseonline.chase.com	www.gspa.buu.ac.th
3	www.gspa.buu.ac.th	www.gspa.buu.ac.th
1	gbcafe.combf.ru
16	3

This site contains links to these domains. Also see Links.

Domain
www.chase.com
chaseonline.chase.com

Subject Issuer	Validity	Valid
apply.chase.com Symantec Class 3 EV SSL CA - G3	`2017-07-24` - `2018-08-20`	a year	crt.sh

This page contains 2 frames:

Frame: http://www.gspa.buu.ac.th/imeeting/assets/upload/account/index.html
Frame ID: 13565.1
Requests: 2 HTTP requests in this frame

Frame: http://www.gspa.buu.ac.th/imeeting/assets/upload/account/index.html
Frame ID: 13578.1
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

16
Requests

69 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

70 kB
Transfer

70 kB
Size

0
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: http://www.chase.com/

Search URL Search Domain Scan URL

URL: https://chaseonline.chase.com/Public/ReIdentify/ReidentifyFilterView.aspx?COLLogon
Title: Forgot your User ID and Password?

Search URL Search Domain Scan URL

URL: https://www.chase.com/ccp/index.jsp?pg_name=ccpmapp/privacy_security/fraud/page/report_fraud
Title: Report Fraud and E-mail scams

Search URL Search Domain Scan URL

URL: https://www.chase.com/ccp/index.jsp?pg_name=ccpmapp/privacy_security/protection/page/security_home
Title: Learn how to protect yourself

Search URL Search Domain Scan URL

URL: https://www.chase.com/ccp/index.jsp?pg_name=ccpmapp/privacy_security/protection/page/protect
Title: Find out how we protect you

Search URL Search Domain Scan URL

URL: https://www.chase.com/ccp/index.jsp?pg_name=ccpmapp/privacy_security/protection/page/safety_tips
Title: Read tips for safe online shopping

Search URL Search Domain Scan URL

URL: https://www.chase.com/ccp/index.jsp?pg_name=ccpmapp/shared/assets/page/Crypto_standard
Title: Upgrade Your Browser by November 30.

Search URL Search Domain Scan URL

URL: https://chaseonline.chase.com/public/enroll/IdentifyUser.aspx?LOB=RBGLogon
Title: Enroll Now

Search URL Search Domain Scan URL

URL: https://www.chase.com/cm/shared/crb/page/demo_selector.html
Title: See the Demo

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Login.php Show response
gbcafe.combf.ru/includes/js/dtree/ 243 B
243 B 388ms
45ms Document
text/html 95.165.130.208
ASN-MGTS-USPD

General

Check archive.org

Show headers Download Go to

Full URL: http://gbcafe.combf.ru/includes/js/dtree/Login.php
Protocol: HTTP/1.1
Server: 95.165.130.208 Moscow, Russian Federation, ASN25513 (ASN-MGTS-USPD, RU),
Reverse DNS: ppp95-165-130-208.pppoe.spdop.ru
Software: nginx/1.10.1 / PHP/5.6.30
Resource Hash: 0c80d6c4ba159e5137be8b4f81c336846a42a996b43f1bb740067360cf6b1ac9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36

Response headers

Date: Thu, 17 Aug 2017 17:59:11 GMT
Server: nginx/1.10.1
Connection: keep-alive
X-Powered-By: PHP/5.6.30
Content-Length: 243
Keep-Alive: timeout=20
Content-Type: text/html; charset=UTF-8

GET index.html
www.gspa.buu.ac.th/imeeting/assets/upload/account/ 0
0

GET
H/1.1 200
OK index.html Show response
www.gspa.buu.ac.th/imeeting/assets/upload/account/ Frame 1357 12 KB
12 KB 1064ms
232ms Document
text/html 202.28.77.144
UNSPECIFIED UNINET-

General

Check archive.org

Show headers Download Go to

Full URL: http://www.gspa.buu.ac.th/imeeting/assets/upload/account/index.html
Protocol: HTTP/1.1
Server: 202.28.77.144 Chon Buri, Thailand, ASN4621 (UNSPECIFIED UNINET-, TH),
Reverse DNS: www.gspa.buu.ac.th
Software: Apache/2.2.3 (Debian) /
Resource Hash: 733e06c2cdf9371f0ec35f7729efc862b366953da8f0c7a60ba263bdb3676e4a

Request headers

Upgrade-Insecure-Requests: 1
Referer: http://gbcafe.combf.ru/includes/js/dtree/Login.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36

Response headers

Date: Thu, 17 Aug 2017 17:58:54 GMT
Last-Modified: Thu, 17 Aug 2017 16:57:26 GMT
Server: Apache/2.2.3 (Debian)
ETag: "bf4234-2f95-e8302980"
Content-Type: text/html; charset=utf-8
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100
Content-Length: 12181

GET
H/1.1 200
OK index.css
www.gspa.buu.ac.th/imeeting/assets/upload/account/ Frame 1357 11 KB
11 KB 231ms
231ms Stylesheet
text/css 202.28.77.144
UNSPECIFIED UNINET-

General

Check archive.org

Show headers Download Go to

Full URL: http://www.gspa.buu.ac.th/imeeting/assets/upload/account/index.css
Requested by: Host: www.gspa.buu.ac.th
URL: http://www.gspa.buu.ac.th/imeeting/assets/upload/account/index.html
Protocol: HTTP/1.1
Server: 202.28.77.144 Chon Buri, Thailand, ASN4621 (UNSPECIFIED UNINET-, TH),
Reverse DNS: www.gspa.buu.ac.th
Software: Apache/2.2.3 (Debian) /
Resource Hash: 728072e34298a7162a370b1edb3666d90dc8cbf1e8240887601e258d44936915

Request headers

Referer: http://www.gspa.buu.ac.th/imeeting/assets/upload/account/index.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36

Response headers

Date: Thu, 17 Aug 2017 17:58:55 GMT
Last-Modified: Thu, 17 Aug 2017 15:42:33 GMT
Server: Apache/2.2.3 (Debian)
ETag: "bf42ac-2aea-dc626c40"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100
Content-Length: 10986

GET
H/1.1 200
OK ChaseNew.gif
chaseonline.chase.com/images// Frame 1357 742 B
742 B 791ms
119ms Image
image/gif 159.53.113.152
JPMorgan Chase & Co.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://chaseonline.chase.com/images//ChaseNew.gif

Requested by

Host: www.gspa.buu.ac.th
URL: http://www.gspa.buu.ac.th/imeeting/assets/upload/account/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_GCM

Server

159.53.113.152 New York, United States, ASN7743 (AS-7743 - JPMorgan Chase & Co., US),

Reverse DNS

Software

Resource Hash

d82b8b41b5b6bcd2069fd19593e54bae7af16be3458f9765ffc30aee5b5a187f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.gspa.buu.ac.th/imeeting/assets/upload/account/index.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Age: 5035
X-Powered-By
WAMI: 334
Connection: Keep-Alive
Content-Length: 742
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 28 Mar 2005 18:52:40 GMT
Server
Date: Thu, 17 Aug 2017 16:35:17 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: https://m.chase.com
Cache-Control: max-age=14400
ETag: "0cfa50c733c51:0"
Accept-Ranges: bytes

GET
H/1.1 200
OK validator.js Show response
www.gspa.buu.ac.th/imeeting/assets/upload/account/ Frame 1357 24 KB
24 KB 463ms
232ms Script
application/x-javascript 202.28.77.144
UNSPECIFIED UNINET-

General

Check archive.org

Show headers Download Go to

Full URL: http://www.gspa.buu.ac.th/imeeting/assets/upload/account/validator.js
Requested by: Host: www.gspa.buu.ac.th
URL: http://www.gspa.buu.ac.th/imeeting/assets/upload/account/index.html
Protocol: HTTP/1.1
Server: 202.28.77.144 Chon Buri, Thailand, ASN4621 (UNSPECIFIED UNINET-, TH),
Reverse DNS: www.gspa.buu.ac.th
Software: Apache/2.2.3 (Debian) /
Resource Hash: 0ffcf7bce06c3750f68c5580c4f4210648124ba7077774375b28ed2b638c49c6

Request headers

Referer: http://www.gspa.buu.ac.th/imeeting/assets/upload/account/index.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36

Response headers

Date: Thu, 17 Aug 2017 17:58:55 GMT
Last-Modified: Thu, 17 Aug 2017 15:41:47 GMT
Server: Apache/2.2.3 (Debian)
ETag: "bf42a1-6096-d9a484c0"
Content-Type: application/x-javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100
Content-Length: 24726

GET
H/1.1 200
OK locker.gif
chaseonline.chase.com/images/ Frame 1357 79 B
79 B 221ms
118ms Image
image/gif 159.53.113.152
JPMorgan Chase & Co.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chaseonline.chase.com/images/locker.gif
Requested by: Host: www.gspa.buu.ac.th
URL: http://www.gspa.buu.ac.th/imeeting/assets/upload/account/index.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 159.53.113.152 New York, United States, ASN7743 (AS-7743 - JPMorgan Chase & Co., US),
Reverse DNS
Software: /
Resource Hash: 6ca635b4672526ea924ee07136e8c25deb3c1626363aa8f7abba125b2e04a55a

Request headers

Referer: http://www.gspa.buu.ac.th/imeeting/assets/upload/account/index.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36

Response headers

Date: Thu, 17 Aug 2017 17:39:02 GMT
Last-Modified: Tue, 06 Nov 2007 19:35:46 GMT
Server
Age: 1211
X-Powered-By
ETag: "01563aac20c81:0"
WAMI: 357
Content-Type: image/gif
Access-Control-Allow-Origin: https://m.chase.com
Cache-Control: max-age=14400
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 79

GET
H/1.1 200
OK spacer.gif
chaseonline.chase.com/images/ Frame 1357 43 B
43 B 237ms
119ms Image
image/gif 159.53.113.152
JPMorgan Chase & Co.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://chaseonline.chase.com/images/spacer.gif

Requested by

Host: www.gspa.buu.ac.th
URL: http://www.gspa.buu.ac.th/imeeting/assets/upload/account/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_GCM

Server

159.53.113.152 New York, United States, ASN7743 (AS-7743 - JPMorgan Chase & Co., US),

Reverse DNS

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.gspa.buu.ac.th/imeeting/assets/upload/account/index.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Age: 11388
X-Powered-By
WAMI: 329
Connection: Keep-Alive
Content-Length: 43
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 08 Jun 2012 18:35:26 GMT
Server
Date: Thu, 17 Aug 2017 14:49:25 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: https://m.chase.com
Cache-Control: max-age=14400
ETag: "0ebaa78a545cd1:0"
Accept-Ranges: bytes

GET
H/1.1 200
OK logon.gif
chaseonline.chase.com/images/ Frame 1357 2 KB
2 KB 340ms
119ms Image
image/gif 159.53.113.152
JPMorgan Chase & Co.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://chaseonline.chase.com/images/logon.gif

Requested by

Host: www.gspa.buu.ac.th
URL: http://www.gspa.buu.ac.th/imeeting/assets/upload/account/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_GCM

Server

159.53.113.152 New York, United States, ASN7743 (AS-7743 - JPMorgan Chase & Co., US),

Reverse DNS

Software

Resource Hash

ee819bb4a70464b1dbc7951ee536ed9dd071a636b7e4062a012461c94941aa18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.gspa.buu.ac.th/imeeting/assets/upload/account/index.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Age: 11365
X-Powered-By
WAMI: 395
Connection: Keep-Alive
Content-Length: 1843
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 21 Nov 2007 16:53:42 GMT
Server
Date: Thu, 17 Aug 2017 14:49:47 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: https://m.chase.com
Cache-Control: max-age=14400
ETag: "0af43125f2cc81:0"
Accept-Ranges: bytes

GET
H/1.1 200
OK headerback.gif
chaseonline.chase.com/Themes/default/images/ Frame 1357 323 B
323 B 356ms
119ms Image
image/gif 159.53.113.152
JPMorgan Chase & Co.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://chaseonline.chase.com/Themes/default/images/headerback.gif

Requested by

Host: www.gspa.buu.ac.th
URL: http://www.gspa.buu.ac.th/imeeting/assets/upload/account/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_GCM

Server

159.53.113.152 New York, United States, ASN7743 (AS-7743 - JPMorgan Chase & Co., US),

Reverse DNS

Software

Resource Hash

119c8f4ce00a48b0578d58487cbfd7bf1a2ead81cdaf193624b44f0202ef2b38

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.gspa.buu.ac.th/imeeting/assets/upload/account/index.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Age: 7481
X-Powered-By
WAMI: 350
Connection: Keep-Alive
Content-Length: 323
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 12 Jan 2017 23:38:01 GMT
Server
Date: Thu, 17 Aug 2017 15:54:31 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: https://m.chase.com
Cache-Control: max-age=14400
ETag: "805276e92c6dd21:0"
Accept-Ranges: bytes

GET
H/1.1 200
OK headertext.gif
chaseonline.chase.com/Themes/default-col/images/ Frame 1357 580 B
580 B 355ms
118ms Image
image/gif 159.53.113.152
JPMorgan Chase & Co.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://chaseonline.chase.com/Themes/default-col/images/headertext.gif

Requested by

Host: www.gspa.buu.ac.th
URL: http://www.gspa.buu.ac.th/imeeting/assets/upload/account/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_GCM

Server

159.53.113.152 New York, United States, ASN7743 (AS-7743 - JPMorgan Chase & Co., US),

Reverse DNS

Software

Resource Hash

2a91c7f2487148a2094b0defe62f23cd40df2c0c4724e042718a7a09fdef48e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.gspa.buu.ac.th/imeeting/assets/upload/account/index.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Age: 12631
X-Powered-By
WAMI: 333
Connection: Keep-Alive
Content-Length: 580
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 27 Feb 2017 22:28:43 GMT
Server
Date: Thu, 17 Aug 2017 14:28:41 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: https://m.chase.com
Cache-Control: max-age=14400
ETag: "805f1ada4891d21:0"
Accept-Ranges: bytes

GET
H/1.1 200
OK bk-dash.gif
chaseonline.chase.com/content/ecpweb/sso/image/ Frame 1357 53 B
53 B 119ms
119ms Image
image/gif 159.53.113.152
JPMorgan Chase & Co.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://chaseonline.chase.com/content/ecpweb/sso/image/bk-dash.gif

Requested by

Host: www.gspa.buu.ac.th
URL: http://www.gspa.buu.ac.th/imeeting/assets/upload/account/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_GCM

Server

159.53.113.152 New York, United States, ASN7743 (AS-7743 - JPMorgan Chase & Co., US),

Reverse DNS

Software

Resource Hash

3ae96e425d90169ed208ac9ff8ecef52e8100f0c6ebf560dde388b5e6b9c5df9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.gspa.buu.ac.th/imeeting/assets/upload/account/index.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Age: 4769
X-Powered-By
WAMI: 333
Connection: Keep-Alive
Content-Length: 53
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 04 Aug 2010 21:26:07 GMT
Server
Date: Thu, 17 Aug 2017 16:39:44 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: https://m.chase.com
Cache-Control: max-age=14400
ETag: "e09c6fa61b34cb1:0"
Accept-Ranges: bytes

GET
H/1.1 200
OK sculptured-octagon.jpg
chaseonline.chase.com/content/ecpweb/sso/image/ Frame 1357 12 KB
12 KB 118ms
118ms Image
image/jpeg 159.53.113.152
JPMorgan Chase & Co.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://chaseonline.chase.com/content/ecpweb/sso/image/sculptured-octagon.jpg

Requested by

Host: www.gspa.buu.ac.th
URL: http://www.gspa.buu.ac.th/imeeting/assets/upload/account/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_GCM

Server

159.53.113.152 New York, United States, ASN7743 (AS-7743 - JPMorgan Chase & Co., US),

Reverse DNS

Software

Resource Hash

4fa15bf683fd55833ce1500a9ac9177605d30ca9c5d8d4efb228f50a562318bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.gspa.buu.ac.th/imeeting/assets/upload/account/index.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Age: 4714
X-Powered-By
WAMI: 326
Connection: Keep-Alive
Content-Length: 12402
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 04 Aug 2010 21:26:38 GMT
Server
Date: Thu, 17 Aug 2017 16:40:39 GMT
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://m.chase.com
Cache-Control: max-age=14400
ETag: "24a33fb91b34cb1:0"
Accept-Ranges: bytes

GET
H/1.1 200
OK blue-link-arrow.gif
chaseonline.chase.com/content/ecpweb/sso/image/ Frame 1357 50 B
50 B 119ms
119ms Image
image/gif 159.53.113.152
JPMorgan Chase & Co.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://chaseonline.chase.com/content/ecpweb/sso/image/blue-link-arrow.gif

Requested by

Host: www.gspa.buu.ac.th
URL: http://www.gspa.buu.ac.th/imeeting/assets/upload/account/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_GCM

Server

159.53.113.152 New York, United States, ASN7743 (AS-7743 - JPMorgan Chase & Co., US),

Reverse DNS

Software

Resource Hash

164b73f249d78f72c80ab144b628ff5f6d0d9ef6a42980d14189cd3a9c74f13a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.gspa.buu.ac.th/imeeting/assets/upload/account/index.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Age: 3847
X-Powered-By
WAMI: 328
Connection: Keep-Alive
Content-Length: 50
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 04 Aug 2010 21:26:38 GMT
Server
Date: Thu, 17 Aug 2017 16:55:05 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: https://m.chase.com
Cache-Control: max-age=14400
ETag: "a9a15eb91b34cb1:0"
Accept-Ranges: bytes

GET
H/1.1 200
OK ob-button-enroll-now.gif
chaseonline.chase.com/content/ecpweb/sso/image/ Frame 1357 4 KB
4 KB 119ms
119ms Image
image/gif 159.53.113.152
JPMorgan Chase & Co.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://chaseonline.chase.com/content/ecpweb/sso/image/ob-button-enroll-now.gif

Requested by

Host: www.gspa.buu.ac.th
URL: http://www.gspa.buu.ac.th/imeeting/assets/upload/account/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_GCM

Server

159.53.113.152 New York, United States, ASN7743 (AS-7743 - JPMorgan Chase & Co., US),

Reverse DNS

Software

Resource Hash

69d71b38b85db4666d3e7c93f934edfda061b02ec497b93ca73e049ba5e17350

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.gspa.buu.ac.th/imeeting/assets/upload/account/index.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Age: 14309
X-Powered-By
WAMI: 328
Connection: Keep-Alive
Content-Length: 3858
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 04 Aug 2010 21:26:38 GMT
Server
Date: Thu, 17 Aug 2017 14:00:44 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: https://m.chase.com
Cache-Control: max-age=14400
ETag: "9e7a57b91b34cb1:0"
Accept-Ranges: bytes

GET
H/1.1 200
OK ob-button-see-the-demo.gif
chaseonline.chase.com/content/ecpweb/sso/image/ Frame 1357 4 KB
4 KB 118ms
118ms Image
image/gif 159.53.113.152
JPMorgan Chase & Co.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://chaseonline.chase.com/content/ecpweb/sso/image/ob-button-see-the-demo.gif

Requested by

Host: www.gspa.buu.ac.th
URL: http://www.gspa.buu.ac.th/imeeting/assets/upload/account/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_GCM

Server

159.53.113.152 New York, United States, ASN7743 (AS-7743 - JPMorgan Chase & Co., US),

Reverse DNS

Software

Resource Hash

0a16ba8439e3d70b8eb41a3504ecaf69799118cfc02c87d9aab3dd1cd39a279c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.gspa.buu.ac.th/imeeting/assets/upload/account/index.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Age: 13738
X-Powered-By
WAMI: 351
Connection: Keep-Alive
Content-Length: 3836
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 04 Aug 2010 21:26:38 GMT
Server
Date: Thu, 17 Aug 2017 14:10:15 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: https://m.chase.com
Cache-Control: max-age=14400
ETag: "a9a15eb91b34cb1:0"
Accept-Ranges: bytes

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.gspa.buu.ac.th
URL: http://www.gspa.buu.ac.th/imeeting/assets/upload/account/index.html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Chase (Banking) Generic (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

chaseonline.chase.com
gbcafe.combf.ru
www.gspa.buu.ac.th
www.gspa.buu.ac.th
159.53.113.152
202.28.77.144
95.165.130.208
0a16ba8439e3d70b8eb41a3504ecaf69799118cfc02c87d9aab3dd1cd39a279c
0c80d6c4ba159e5137be8b4f81c336846a42a996b43f1bb740067360cf6b1ac9
0ffcf7bce06c3750f68c5580c4f4210648124ba7077774375b28ed2b638c49c6
119c8f4ce00a48b0578d58487cbfd7bf1a2ead81cdaf193624b44f0202ef2b38
164b73f249d78f72c80ab144b628ff5f6d0d9ef6a42980d14189cd3a9c74f13a
2a91c7f2487148a2094b0defe62f23cd40df2c0c4724e042718a7a09fdef48e0
3ae96e425d90169ed208ac9ff8ecef52e8100f0c6ebf560dde388b5e6b9c5df9
4fa15bf683fd55833ce1500a9ac9177605d30ca9c5d8d4efb228f50a562318bf
69d71b38b85db4666d3e7c93f934edfda061b02ec497b93ca73e049ba5e17350
6ca635b4672526ea924ee07136e8c25deb3c1626363aa8f7abba125b2e04a55a
728072e34298a7162a370b1edb3666d90dc8cbf1e8240887601e258d44936915
733e06c2cdf9371f0ec35f7729efc862b366953da8f0c7a60ba263bdb3676e4a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
d82b8b41b5b6bcd2069fd19593e54bae7af16be3458f9765ffc30aee5b5a187f
ee819bb4a70464b1dbc7951ee536ed9dd071a636b7e4062a012461c94941aa18

gbcafe.combf.ru Open in urlscan Pro 95.165.130.208 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

16 Requests

69 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

4 IPs

3 Countries

70 kBTransfer

70 kBSize

0 Cookies

9 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

gbcafe.combf.ru Open in urlscan Pro
95.165.130.208 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

69 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

70 kB
Transfer

70 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!