huaythai.bet
Open in
urlscan Pro
184.168.103.18
Malicious Activity!
Public Scan
Effective URL: https://huaythai.bet/bofa/newboaforipanw/?645685&_branch_match_id=1064993372146531609&utm_medium=marketing&_branch_re...
Submission Tags: falconsandbox
Submission: On June 13 via api from US — Scanned from DE
Summary
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on June 10th 2022. Valid for: a year.
This is the only time huaythai.bet was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Bank of America (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:10:... 2606:4700:10::ac43:1e1 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 2600:9000:215... 2600:9000:2156:a00:19:9934:6a80:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
1 5 | 184.168.103.18 184.168.103.18 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC) | |
4 | 1 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-184-168-103-18.ip.secureserver.net
huaythai.bet |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
huaythai.bet
1 redirects
huaythai.bet |
122 KB |
1 |
app.link
1 redirects
xxcrg.app.link |
589 B |
1 |
tinyurl.com
1 redirects
tinyurl.com — Cisco Umbrella Rank: 18916 |
429 B |
4 | 3 |
Domain | Requested by | |
---|---|---|
5 | huaythai.bet |
1 redirects
huaythai.bet
|
1 | xxcrg.app.link | 1 redirects |
1 | tinyurl.com | 1 redirects |
4 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
huaythai.bet Go Daddy Secure Certificate Authority - G2 |
2022-06-10 - 2023-06-11 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://huaythai.bet/bofa/newboaforipanw/?645685&_branch_match_id=1064993372146531609&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXr6hILkrXSywo0MvJzMvWN3P1NEtPc%2FEPKEwCANPlJMwiAAAA
Frame ID: 4AAB6E3E06C28B543210221D2E1825A8
Requests: 4 HTTP requests in this frame
Screenshot
Page Title
DocumentPage URL History Show full URLs
-
http://tinyurl.com/5n6zhx6s
HTTP 307
https://tinyurl.com/5n6zhx6s HTTP 301
https://xxcrg.app.link/6EI6gfDOPqb/?645685 HTTP 307
https://huaythai.bet/bofa/newboaforipanw?645685&_branch_match_id=1064993372146531609&utm_medium=m... HTTP 301
https://huaythai.bet/bofa/newboaforipanw/?645685&_branch_match_id=1064993372146531609&utm_medium=... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://tinyurl.com/5n6zhx6s
HTTP 307
https://tinyurl.com/5n6zhx6s HTTP 301
https://xxcrg.app.link/6EI6gfDOPqb/?645685 HTTP 307
https://huaythai.bet/bofa/newboaforipanw?645685&_branch_match_id=1064993372146531609&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXr6hILkrXSywo0MvJzMvWN3P1NEtPc%2FEPKEwCANPlJMwiAAAA HTTP 301
https://huaythai.bet/bofa/newboaforipanw/?645685&_branch_match_id=1064993372146531609&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXr6hILkrXSywo0MvJzMvWN3P1NEtPc%2FEPKEwCANPlJMwiAAAA Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
4 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
huaythai.bet/bofa/newboaforipanw/ Redirect Chain
|
385 B 523 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
captcha.js
huaythai.bet/bofa/newboaforipanw/assets/js/ |
244 KB 56 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
captcha.png
huaythai.bet/bofa/newboaforipanw/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2134651.png
huaythai.bet/bofa/newboaforipanw/ |
59 KB 54 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Bank of America (Banking)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation function| setImmediate function| clearImmediate function| Vue2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.app.link/ | Name: _s Value: dNupHltLFPkfe0x%2BLbW0PW73qH1sKPLgc%2B0IT%2BrYeCw5rIo9elZPMzkii%2F9CwrQo |
|
huaythai.bet/ | Name: cazanova Value: e0066083eb9c79897b25f9146ca203d1f1e76218 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
huaythai.bet
tinyurl.com
xxcrg.app.link
184.168.103.18
2600:9000:2156:a00:19:9934:6a80:93a1
2606:4700:10::ac43:1e1
2e3fc978d46a004e403d9c1ba5776dd1163d58553bebbb664f4ad682d84b599c
3905e9fdf4b9d870e33262cb2a396965988200627f882c3c68925ee302b2d32e
41e95dff992e69531899a5c6735f3484a3c41f67ee6ee40df9ba024ed8b11707
f4814d70ed99897016a16fab78fde915de3c3c645d4c4858fbed14d661ef401d