nptedu.go.th
Open in
urlscan Pro
111.118.214.118
Malicious Activity!
Public Scan
Submitted URL: http://122.155.223.20/CEAM
Effective URL: https://nptedu.go.th/Ameli/fr/assure_somtc=true/po/login.html?g4d3bdOsiuarHDdBl0bEP6dBVy_wP1WJ6XZDh7nemRp9bv2mHJ0HYZa...
Submission: On June 21 via automatic, source openphish
Effective URL: https://nptedu.go.th/Ameli/fr/assure_somtc=true/po/login.html?g4d3bdOsiuarHDdBl0bEP6dBVy_wP1WJ6XZDh7nemRp9bv2mHJ0HYZa...
Submission: On June 21 via automatic, source openphish
Summary
This website contacted 5 IPs
in 4 countries
across 3 domains to perform 27 HTTP transactions.
The main IP is 111.118.214.118, located in
India and
belongs to PUBLIC-DOMAIN-REGISTRY, US.
The main domain is nptedu.go.th.
TLS certificate: Issued by Let's Encrypt Authority X3 on June 12th 2020. Valid for: 3 months.
This is the only time nptedu.go.th was scanned on urlscan.io!
TLS certificate: Issued by Let's Encrypt Authority X3 on June 12th 2020. Valid for: 3 months.
This is the only time nptedu.go.th was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Assurance Maladie (Healthcare)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 2 | 122.155.223.20 122.155.223.20 | 9335 (CAT-CLOUD...) (CAT-CLOUD-AP CAT Telecom Public Company Limited) | |
| 23 | 111.118.214.118 111.118.214.118 | 394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:81c::200a | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:816::200a | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 209.126.105.197 209.126.105.197 | 30083 (AS-30083-...) (AS-30083-GO-DADDY-COM-LLC) | |
| 27 | 5 |
2
122.155.223.20
(Thailand)
ASN9335 (CAT-CLOUD-AP CAT Telecom Public Company Limited, TH)
ASN9335 (CAT-CLOUD-AP CAT Telecom Public Company Limited, TH)
| 122.155.223.20 |
23
111.118.214.118
(India)
ASN394695 (PUBLIC-DOMAIN-REGISTRY, US)
PTR: cs-mum-9.webhostbox.net
ASN394695 (PUBLIC-DOMAIN-REGISTRY, US)
PTR: cs-mum-9.webhostbox.net
| nptedu.go.th |
1
209.126.105.197
(St Louis, United States)
ASN30083 (AS-30083-GO-DADDY-COM-LLC, US)
PTR: huracan.quadkore7.com
ASN30083 (AS-30083-GO-DADDY-COM-LLC, US)
PTR: huracan.quadkore7.com
| creedmoria.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 23 |
nptedu.go.th
nptedu.go.th |
108 KB |
| 2 |
googleapis.com
ajax.googleapis.com fonts.googleapis.com |
31 KB |
| 1 |
creedmoria.com
creedmoria.com |
|
| 27 | 3 |
| Domain | Requested by | |
|---|---|---|
| 23 | nptedu.go.th |
122.155.223.20
nptedu.go.th |
| 1 | creedmoria.com |
nptedu.go.th
|
| 1 | fonts.googleapis.com |
nptedu.go.th
|
| 1 | ajax.googleapis.com |
nptedu.go.th
|
| 27 | 4 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| nptedu.go.th Let's Encrypt Authority X3 |
2020-06-12 - 2020-09-10 |
3 months | crt.sh |
| upload.video.google.com GTS CA 1O1 |
2020-05-26 - 2020-08-18 |
3 months | crt.sh |
| mail.creedmoria.com Let's Encrypt Authority X3 |
2020-05-30 - 2020-08-28 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://nptedu.go.th/Ameli/fr/assure_somtc=true/po/login.html?g4d3bdOsiuarHDdBl0bEP6dBVy_wP1WJ6XZDh7nemRp9bv2mHJ0HYZaZV6xWExsS
Frame ID: 5E209DA9155B3D9F113DAACA8132CA5E
Requests: 27 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://122.155.223.20/CEAM
HTTP 301
http://122.155.223.20/CEAM/ Page URL
- https://nptedu.go.th/Ameli/fr/assure_somtc=true/po/ Page URL
- https://nptedu.go.th/Ameli/fr/assure_somtc=true/po/login.html?g4d3bdOsiuarHDdBl0bEP6dBVy_wP1WJ6XZ... Page URL
Detected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /php\/?([\d.]+)?/i
Windows Server
(Operating Systems)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /Win32|Win64/i
OpenSSL
(Web Server Extensions)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i
Apache
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Google Font API
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://122.155.223.20/CEAM
HTTP 301
http://122.155.223.20/CEAM/ Page URL
- https://nptedu.go.th/Ameli/fr/assure_somtc=true/po/ Page URL
- https://nptedu.go.th/Ameli/fr/assure_somtc=true/po/login.html?g4d3bdOsiuarHDdBl0bEP6dBVy_wP1WJ6XZDh7nemRp9bv2mHJ0HYZaZV6xWExsS Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://122.155.223.20/CEAM HTTP 301
- http://122.155.223.20/CEAM/
27 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
/
122.155.223.20/CEAM/ Redirect Chain
|
364 B 673 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
nptedu.go.th/Ameli/fr/assure_somtc=true/po/ |
247 B 348 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Primary Request
login.html
nptedu.go.th/Ameli/fr/assure_somtc=true/po/ |
14 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.2.1/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
pop1.js
nptedu.go.th/Ameli/fr/assure_somtc=true/po/style/js/ |
4 KB 797 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
layout.css
nptedu.go.th/Ameli/fr/assure_somtc=true/po/style/css/ |
206 B 174 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
biblicnam-structure-sans.min.css
nptedu.go.th/Ameli/fr/assure_somtc=true/po/style/css/ |
82 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
reset.css
nptedu.go.th/Ameli/fr/assure_somtc=true/po/style/css/ |
414 B 349 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
clear.css
nptedu.go.th/Ameli/fr/assure_somtc=true/po/style/css/ |
2 KB 826 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
liens.css
nptedu.go.th/Ameli/fr/assure_somtc=true/po/style/css/ |
893 B 509 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
forms.css
nptedu.go.th/Ameli/fr/assure_somtc=true/po/style/css/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
boutons.css
nptedu.go.th/Ameli/fr/assure_somtc=true/po/style/css/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
general.css
nptedu.go.th/Ameli/fr/assure_somtc=true/po/style/css/ |
23 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
nav.css
nptedu.go.th/Ameli/fr/assure_somtc=true/po/style/css/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
colors.css
nptedu.go.th/Ameli/fr/assure_somtc=true/po/style/css/ |
2 KB 746 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
custom.css
nptedu.go.th/Ameli/fr/assure_somtc=true/po/style/css/ |
177 KB 50 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
window.css
nptedu.go.th/Ameli/fr/assure_somtc=true/po/style/css/ |
400 B 270 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
plop.css
nptedu.go.th/Ameli/fr/assure_somtc=true/po/style/css/ |
2 KB 774 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css
fonts.googleapis.com/ |
10 KB 893 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo_general.png
nptedu.go.th/Ameli/fr/assure_somtc=true/po/style/img/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
font,css
creedmoria.com/wordpress/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
puce_obligatoire.gif
nptedu.go.th/Ameli/fr/assure_somtc=true/po/style/img/ |
101 B 161 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
picto-fleche-action.png
nptedu.go.th/Ameli/fr/assure_somtc=true/po/style/img/ |
204 B 279 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
down.svg
nptedu.go.th/Ameli/fr/assure_somtc=true/po/style/img/ |
1 KB 696 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
help.png
nptedu.go.th/Ameli/fr/assure_somtc=true/po/style/img/ |
422 B 474 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ameli-footer.png
nptedu.go.th/Ameli/fr/assure_somtc=true/po/style/img/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
menu-separateur.png
nptedu.go.th/Ameli/fr/assure_somtc=true/po/style/img/ |
115 B 167 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Assurance Maladie (Healthcare)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery function| validateForm0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
creedmoria.com
fonts.googleapis.com
nptedu.go.th
111.118.214.118
122.155.223.20
209.126.105.197
2a00:1450:4001:816::200a
2a00:1450:4001:81c::200a
0d9bad80b15f47564e271ab3e332c49734a17dfbd588f42844d08bfd1cb7ee75
0fe06673341be1ee89fb71668796fda232aa768db24918012bc49db90842c055
0feece22208061aaf14ad937952b2a186cae86668dd0cf9b42e0fc49cb4c4d56
101daff056dbb47ea3d2c2dc20a39c349d706fd6cf38c4943e70494107c05236
1dda410d1e57107370efce2fa1a5f0e462e43441d373b78c67b9c8ad1943dd6c
29946014b302a217011d7b5fb3fdff6dca0cca5fea24e023b26b033c797763c0
3498297c12089ddc4341fde707d5e94697bc0a435640a726aed5121914609a10
4c51961a98bff2068f9b72f207e0a8a5dcb64fbd04faab23d8b004deecd16705
523303ce43b2bf9660f5d1d4b700e9b4f4448a01d321c400c21941bf9bededef
564a025175e43b6d916c34cbdc26e9c7ed2b5ecf2fd88cf2f2261def600d90ed
57ccf63112f07d355d3e4dca731b849f717da0d3a3094e3a4214c231571eb0fd
59a5cf1a9a2ab5fc89de1cd0e0ddaa78ae2e1ab7a928c00c59514a98aaa0785c
5c06b6329970d1560039f39c4935a041d96fcf0f877b47951d8ece559a1b4dc6
6044be265b64de043650d0ef44c6640ec57bda7aecf62658adfb205ffde63445
6cc69af30475e68abf6c21d73f8a595c3b20c5a4a0c4fa9f5e046c81996ff3f2
7a7b028c47bf32ccb7b748105b68b5e3a8f9c64cc7a16d1714e5fafb73ac17ab
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8ace94f1d77dacec95fbdca2f24e1dd5740aa38284bfd74b3473a8d8670f2765
b7b4fd85c7d1e0329a17438dad3ab9a3d8dea209a81726cc1b2aacb3b6271b6e
bd3db8fee8bc679eb8c6e8dc052ed33c6da3192c4101d9dda98ac63e62bd39bd
c18151532530f154c230634f78e55bcd799c06d41bde6047b8b740a334a2d317
c3e285de4ffa27370a965adb865756cb95b1c8b9ccb60bc54838cac520b3acd9
d288cca9cc5830fd07fcf5b9cb9374589c1e22510de768b306b84383f84a8bad
d2d959c7ba13a6db0e8654f4c17638ef57a6aa85d321ed9be2118f752ea2742a
d65a9720946ae3a411c5988b2cc384ef3b051ca35ba1d1ebb41716cc5983b5dd
d93976c34c9dd7ca7f574ff4ce33d109b887b32114c8fe6f5121728ea20ee097