Submitted URL: http://tinyurl.com/5n6zhx6s
Effective URL: https://huaythai.bet/bofa/newboaforipanw/?645685&_branch_match_id=1064993372146531609&utm_medium=marketing&_branch_re...
Submission Tags: falconsandbox
Submission: On June 13 via api from US — Scanned from DE

Summary

This website contacted 1 IPs in 2 countries across 3 domains to perform 4 HTTP transactions. The main IP is 184.168.103.18, located in Singapore, Singapore and belongs to AS-26496-GO-DADDY-COM-LLC, US. The main domain is huaythai.bet.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on June 10th 2022. Valid for: a year.
This is the only time huaythai.bet was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bank of America (Banking)

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 1 2600:9000:215... 16509 (AMAZON-02)
1 5 184.168.103.18 26496 (AS-26496-...)
4 1
Apex Domain
Subdomains
Transfer
5 huaythai.bet
huaythai.bet
122 KB
1 app.link
xxcrg.app.link
589 B
1 tinyurl.com
tinyurl.com — Cisco Umbrella Rank: 18916
429 B
4 3
Domain Requested by
5 huaythai.bet 1 redirects huaythai.bet
1 xxcrg.app.link 1 redirects
1 tinyurl.com 1 redirects
4 3

This site contains no links.

Subject Issuer Validity Valid
huaythai.bet
Go Daddy Secure Certificate Authority - G2
2022-06-10 -
2023-06-11
a year crt.sh

This page contains 1 frames:

Primary Page: https://huaythai.bet/bofa/newboaforipanw/?645685&_branch_match_id=1064993372146531609&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXr6hILkrXSywo0MvJzMvWN3P1NEtPc%2FEPKEwCANPlJMwiAAAA
Frame ID: 4AAB6E3E06C28B543210221D2E1825A8
Requests: 4 HTTP requests in this frame

Screenshot

Page Title

Document

Page URL History Show full URLs

  1. http://tinyurl.com/5n6zhx6s HTTP 307
    https://tinyurl.com/5n6zhx6s HTTP 301
    https://xxcrg.app.link/6EI6gfDOPqb/?645685 HTTP 307
    https://huaythai.bet/bofa/newboaforipanw?645685&_branch_match_id=1064993372146531609&utm_medium=m... HTTP 301
    https://huaythai.bet/bofa/newboaforipanw/?645685&_branch_match_id=1064993372146531609&utm_medium=... Page URL

Page Statistics

4
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

1
IPs

2
Countries

122 kB
Transfer

316 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://tinyurl.com/5n6zhx6s HTTP 307
    https://tinyurl.com/5n6zhx6s HTTP 301
    https://xxcrg.app.link/6EI6gfDOPqb/?645685 HTTP 307
    https://huaythai.bet/bofa/newboaforipanw?645685&_branch_match_id=1064993372146531609&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXr6hILkrXSywo0MvJzMvWN3P1NEtPc%2FEPKEwCANPlJMwiAAAA HTTP 301
    https://huaythai.bet/bofa/newboaforipanw/?645685&_branch_match_id=1064993372146531609&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXr6hILkrXSywo0MvJzMvWN3P1NEtPc%2FEPKEwCANPlJMwiAAAA Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
huaythai.bet/bofa/newboaforipanw/
Redirect Chain
  • http://tinyurl.com/5n6zhx6s
  • https://tinyurl.com/5n6zhx6s
  • https://xxcrg.app.link/6EI6gfDOPqb/?645685
  • https://huaythai.bet/bofa/newboaforipanw?645685&_branch_match_id=1064993372146531609&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXr6hILkrXSywo0MvJzMvWN3P1NEtPc%2FEPKEwCANPlJMwiAAAA
  • https://huaythai.bet/bofa/newboaforipanw/?645685&_branch_match_id=1064993372146531609&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXr6hILkrXSywo0MvJzMvWN3P1NEtPc%2FEPKEwCANPlJMwiAAAA
385 B
523 B
Document
General
Full URL
https://huaythai.bet/bofa/newboaforipanw/?645685&_branch_match_id=1064993372146531609&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXr6hILkrXSywo0MvJzMvWN3P1NEtPc%2FEPKEwCANPlJMwiAAAA
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.168.103.18 Singapore, Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
ip-184-168-103-18.ip.secureserver.net
Software
Apache / PHP/7.3.33
Resource Hash
2e3fc978d46a004e403d9c1ba5776dd1163d58553bebbb664f4ad682d84b599c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-length
259
content-type
text/html; charset=UTF-8
date
Mon, 13 Jun 2022 20:33:54 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
Apache
vary
Accept-Encoding
x-powered-by
PHP/7.3.33

Redirect headers

content-length
418
content-type
text/html; charset=iso-8859-1
date
Mon, 13 Jun 2022 20:33:53 GMT
location
https://huaythai.bet/bofa/newboaforipanw/?645685&_branch_match_id=1064993372146531609&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXr6hILkrXSywo0MvJzMvWN3P1NEtPc%2FEPKEwCANPlJMwiAAAA
server
Apache
captcha.js
huaythai.bet/bofa/newboaforipanw/assets/js/
244 KB
56 KB
Script
General
Full URL
https://huaythai.bet/bofa/newboaforipanw/assets/js/captcha.js
Requested by
Host: huaythai.bet
URL: https://huaythai.bet/bofa/newboaforipanw/?645685&_branch_match_id=1064993372146531609&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXr6hILkrXSywo0MvJzMvWN3P1NEtPc%2FEPKEwCANPlJMwiAAAA
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.168.103.18 Singapore, Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
ip-184-168-103-18.ip.secureserver.net
Software
Apache /
Resource Hash
f4814d70ed99897016a16fab78fde915de3c3c645d4c4858fbed14d661ef401d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huaythai.bet/bofa/newboaforipanw/?645685&_branch_match_id=1064993372146531609&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXr6hILkrXSywo0MvJzMvWN3P1NEtPc%2FEPKEwCANPlJMwiAAAA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Mon, 13 Jun 2022 20:33:54 GMT
content-encoding
gzip
last-modified
Mon, 20 Dec 2021 09:13:38 GMT
server
Apache
etag
"520d54-3d150-5d3904dd35480-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
content-length
56594
captcha.png
huaythai.bet/bofa/newboaforipanw/
12 KB
12 KB
Image
General
Full URL
https://huaythai.bet/bofa/newboaforipanw/captcha.png?_1655152437541
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.168.103.18 Singapore, Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
ip-184-168-103-18.ip.secureserver.net
Software
Apache / PHP/7.3.33
Resource Hash
41e95dff992e69531899a5c6735f3484a3c41f67ee6ee40df9ba024ed8b11707

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huaythai.bet/bofa/newboaforipanw/?645685&_branch_match_id=1064993372146531609&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXr6hILkrXSywo0MvJzMvWN3P1NEtPc%2FEPKEwCANPlJMwiAAAA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 13 Jun 2022 20:33:57 GMT
content-encoding
gzip
server
Apache
x-powered-by
PHP/7.3.33
vary
Accept-Encoding
content-type
image/png
cache-control
no-store, no-cache, must-revalidate
content-length
12349
expires
Thu, 19 Nov 1981 08:52:00 GMT
2134651.png
huaythai.bet/bofa/newboaforipanw/
59 KB
54 KB
Image
General
Full URL
https://huaythai.bet/bofa/newboaforipanw/2134651.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.168.103.18 Singapore, Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
ip-184-168-103-18.ip.secureserver.net
Software
Apache /
Resource Hash
3905e9fdf4b9d870e33262cb2a396965988200627f882c3c68925ee302b2d32e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huaythai.bet/bofa/newboaforipanw/?645685&_branch_match_id=1064993372146531609&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXr6hILkrXSywo0MvJzMvWN3P1NEtPc%2FEPKEwCANPlJMwiAAAA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Mon, 13 Jun 2022 20:33:57 GMT
content-encoding
gzip
last-modified
Sat, 23 Oct 2021 07:40:52 GMT
server
Apache
etag
"520c91-eb84-5cf003f452900-gzip"
vary
Accept-Encoding
content-type
image/png
accept-ranges
bytes

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bank of America (Banking)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation function| setImmediate function| clearImmediate function| Vue

2 Cookies

Domain/Path Name / Value
.app.link/ Name: _s
Value: dNupHltLFPkfe0x%2BLbW0PW73qH1sKPLgc%2B0IT%2BrYeCw5rIo9elZPMzkii%2F9CwrQo
huaythai.bet/ Name: cazanova
Value: e0066083eb9c79897b25f9146ca203d1f1e76218