truongthinh.net Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://eliteconsultghana.com/continue.php
Effective URL:
https://truongthinh.net/home/
Submission: On October 27 via manual (October 27th 2022, 7:45:50 pm UTC) from US — Scanned from DE

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 11 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is truongthinh.net.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 15th 2022. Valid for: a year.

This is the only time truongthinh.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: USAA (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700:303... 2606:4700:3030::6815:479d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 11	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2

1 2606:4700:3030::6815:479d (United States)

ASN13335 (CLOUDFLARENET, US)

eliteconsultghana.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a06:98c1:3121::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

truongthinh.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	truongthinh.net 1 redirects truongthinh.net	44 KB
1	eliteconsultghana.com eliteconsultghana.com	1 KB
11	2

	Domain	Requested by
11	truongthinh.net	1 redirects eliteconsultghana.com truongthinh.net
1	eliteconsultghana.com
11	2

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-13` - `2023-05-12`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://truongthinh.net/home/
Frame ID: 9B941B3B387CAF63798CEEA8A5D9DE54
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Member Account Login | USAA

Page URL History Show full URLs

https://eliteconsultghana.com/continue.php Page URL
https://truongthinh.net/home HTTP 301
https://truongthinh.net/home/ Page URL

Page Statistics

11
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

45 kB
Transfer

57 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://eliteconsultghana.com/continue.php Page URL
https://truongthinh.net/home HTTP 301
https://truongthinh.net/home/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	continue.php eliteconsultghana.com/	3 KB 1 KB	257ms 166ms	Document text/html	2606:4700:3030::6815:479d CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://eliteconsultghana.com/continue.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::6815:479d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.30 Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 760def072ae9caed-DUS content-encoding br content-type text/html; charset=UTF-8 date Thu, 27 Oct 2022 19:45:43 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qu5y0UxchveFHCULPs1rg8rhyby%2F4W2LwQSK%2FnQsgLEuvwiEOj1YSFO%2BEBUw2U4yFixXvzf8OdY1eXsYbPNKWjgt%2FxzXEqmwa3aLD8YcHonDhAmcv7jhk2avcb4GVZBk0ZZ%2B8tEJg8wrnKyiuojQ8qE0D1g%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-powered-by PHP/7.4.30
GET H2	200	Primary Request / Show response truongthinh.net/home/ Redirect Chain https://truongthinh.net/home https://truongthinh.net/home/	3 KB 1 KB	223ms 221ms	Document text/html	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://truongthinh.net/home/ Requested by Host: eliteconsultghana.com URL: https://eliteconsultghana.com/continue.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.3.33 Resource Hash `ca7ba11e170cfebb093b40cd37bda7ebe0a78600c1af3ad861aa2ad556f4c4f3` Request headers Referer https://eliteconsultghana.com/continue.php Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 760def0dcb05b724-AMS content-encoding br content-type text/html; charset=UTF-8 date Thu, 27 Oct 2022 19:45:44 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TcdbEqWaxW6FD9Gist5j5EOn9R7El%2FFleZkpgYiMlepV5pt0Ma%2FBoJ1gPW9wwbYQ%2BUysYdMCKDQFi77LH68%2FIahF%2FQshNVbd3H9uN3oDlIQ%2BAG4PLlG839Wx8yCmOTT%2BmzgLOg0eCRfgJSF%2Bid4%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-powered-by PHP/7.3.33 Redirect headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 760def093c65b724-AMS content-type text/html; charset=iso-8859-1 date Thu, 27 Oct 2022 19:45:44 GMT location https://truongthinh.net/home/ nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bF4T0CXvNnchVujXFUthD0NoJhlZ7sjdkkgE5bLi8kMXZScAT9DYuUqSq8akmcKYn%2FARvosLDIz9yo9BxbY4VxFhBmmG3%2FdrKXuAni0wXTBJQ8Sg8hX5oYOy2CVawk1Cltyz%2BKj0l3vem9HrujU%3D"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H3	200	Untitled1.css truongthinh.net/home/	2 KB 828 B	1061ms 1060ms	Stylesheet text/css	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://truongthinh.net/home/Untitled1.css Requested by Host: truongthinh.net URL: https://truongthinh.net/home/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `97eeb3dfa47efa7aafbaf073eaf579b71c9ee1f885d4f7a070d8eeeb1114dd7e` Request headers accept-language de-DE,de;q=0.9 Referer https://truongthinh.net/home/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 27 Oct 2022 19:45:45 GMT content-encoding br cf-cache-status EXPIRED last-modified Sat, 22 Jan 2022 23:45:44 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"3a00aca-7c7-5d63455761a00-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dE3vRuWMtnEXWZ7cXVBp6Xq3yvr9W4DV2KS7oc534POxiDjfpSs1NG6r%2FJN81UD%2BQv4BTlJnEaU5SrRT6aZ1PUxHtVAo%2BSsY6Khu1rLKQW1K232w8i70WKIKl2%2BBjsVW%2F%2Bdb7TcvLMRNBpgwCnk%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=31536000 cf-ray 760def0f6c94fafa-DUS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	index.css truongthinh.net/home/	13 KB 3 KB	1034ms 1033ms	Stylesheet text/css	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://truongthinh.net/home/index.css Requested by Host: truongthinh.net URL: https://truongthinh.net/home/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f2f26f331d9c4ec7d46988822c0abeb589e15b51ce944848440e8e075ea56c6e` Request headers accept-language de-DE,de;q=0.9 Referer https://truongthinh.net/home/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 27 Oct 2022 19:45:45 GMT content-encoding br cf-cache-status MISS last-modified Sat, 22 Jan 2022 23:45:44 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"3a00a60-33e5-5d63455761a00-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hZekQ8FffJ4%2FVLTaXOmOCDOTqEOUg9FLRM2yX4%2FbpQOZrG5QWAaZUdJUmGUm47BFIE22dz74nSWDwlCUt3dMMwiM8H5M9XRmYefz4SmWOg0p0SC6cHzL99cFXJsFidpvdvyfPBNFkVg0mVsYT9Y%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=31536000 cf-ray 760def0f3c54fafa-DUS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	Capture.PNG truongthinh.net/home/images/	18 KB 19 KB	1072ms 1070ms	Image image/png	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://truongthinh.net/home/images/Capture.PNG Requested by Host: truongthinh.net URL: https://truongthinh.net/home/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `595e273018ad95b90da98535769f2fa29d3eefbd1a25349228e912de82c7e340` Request headers accept-language de-DE,de;q=0.9 Referer https://truongthinh.net/home/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 27 Oct 2022 19:45:45 GMT cf-cache-status EXPIRED last-modified Sat, 22 Jan 2022 23:45:44 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"3a00a1a-4952-5d63455761a00-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kDB6pBN0b1z6h3fwk9erpsl062GcH4pmlykzOUKOcGd4wG1srBx4YFuML%2Bbf1DvYeEgZwYPWlpYnXrYsTaG4TYWn06ErKGVKmCUpTp45ebjnRsUMupIOSGxDy5dS2ZRI1TLjhfgz4TD8LtXZgbk%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=31536000 cf-ray 760def0f8cabfafa-DUS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	id.PNG truongthinh.net/home/images/	1 KB 2 KB	1096ms 1094ms	Image image/png	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://truongthinh.net/home/images/id.PNG Requested by Host: truongthinh.net URL: https://truongthinh.net/home/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `6b0ded8f9af9c49c676f84566b40a6424c0708a5611705bdfa3b00c8d063536d` Request headers accept-language de-DE,de;q=0.9 Referer https://truongthinh.net/home/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 27 Oct 2022 19:45:45 GMT cf-cache-status EXPIRED last-modified Sat, 22 Jan 2022 23:45:44 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"3a00a20-457-5d63455761a00-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TzdH7sClATIFnULjND%2BtuMQK6mv%2Bl0YYjHrlDC10rvXLCpYMEaEUsRJnsi5EZ3%2FCg2NVzNVqs7iYxew92wPmoc7Iymd8gRhEQIEReUgkHllsoJsaQRNM3MZNuEGDBnBtChLFl165Jww2aTdSj0o%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=31536000 cf-ray 760def0f8caffafa-DUS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	pwd.PNG truongthinh.net/home/images/	1 KB 2 KB	1096ms 1095ms	Image image/png	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://truongthinh.net/home/images/pwd.PNG Requested by Host: truongthinh.net URL: https://truongthinh.net/home/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `051b0ba3732f4f242e6228ab82230ca4dcae40ce4c05dc4270c1d6bb0ea402da` Request headers accept-language de-DE,de;q=0.9 Referer https://truongthinh.net/home/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 27 Oct 2022 19:45:45 GMT cf-cache-status MISS last-modified Sat, 22 Jan 2022 23:45:44 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"3a00a3f-580-5d63455761a00-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pSCTwijP3T%2BuwULls38m0JIVKPWWa5q5uCSx5z4YiSLcFQhwjB0DQ8iy0gLAc5%2BhFgQ%2F1421GJJw4yWOoiIV%2FUGlyFMlXi4JGddoNo4uDGKdeEr3IFPjZsiXEXrXeJN4rWvtLjZkB1rJmHefB2w%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=31536000 cf-ray 760def0f8cb1fafa-DUS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	logCapture.PNG truongthinh.net/home/images/	2 KB 2 KB	1097ms 1095ms	Image image/png	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://truongthinh.net/home/images/logCapture.PNG Requested by Host: truongthinh.net URL: https://truongthinh.net/home/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d52b271f17694d8468f772200065e77721836e4a383d8ab1fea902ff68d207ae` Request headers accept-language de-DE,de;q=0.9 Referer https://truongthinh.net/home/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 27 Oct 2022 19:45:45 GMT cf-cache-status MISS last-modified Sat, 22 Jan 2022 23:45:44 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"3a00a34-75b-5d63455761a00-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hw5wCWl%2BdbSUrXVgtj3E4KIKTSiKYXOuuZUwVfUcVSGDLee2Hz9pcZm8wvrjEwPMI%2BQqwWl5XwD0okqGkG%2FzKUpwRd6FbHLkGmADIP2KclUPdHqA9HgkdLl98R1X4rV%2FnAkBU4hlLmgkmHpDz2w%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=31536000 cf-ray 760def0f8cb2fafa-DUS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	WWWCapture.PNG truongthinh.net/home/images/	8 KB 9 KB	1097ms 1095ms	Image image/png	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://truongthinh.net/home/images/WWWCapture.PNG Requested by Host: truongthinh.net URL: https://truongthinh.net/home/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b3a64b17f3736d0d13d8377ddba6f9312be40a9813ba268058dca46e0e60b091` Request headers accept-language de-DE,de;q=0.9 Referer https://truongthinh.net/home/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 27 Oct 2022 19:45:45 GMT cf-cache-status EXPIRED last-modified Sat, 22 Jan 2022 23:45:44 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"3a00a4f-210a-5d63455761a00-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9xy0l7ZKXDd%2Bz%2BgyOk42dk6uY%2F%2BRy6PiHFKSxgo487xkKCnrIdB1UurmpkQ9YRd0o02OkJrdXlkvEzmC3nexKwN9vE%2BdxFV0KrjP4jWV7JstXlLg3Bzp9iSgCGAsFWESUq3Ekqr6vRROyzi7qh0%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=31536000 cf-ray 760def0f8cbffafa-DUS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	aCapture.PNG truongthinh.net/home/images/	2 KB 2 KB	1069ms 1068ms	Image image/png	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://truongthinh.net/home/images/aCapture.PNG Requested by Host: truongthinh.net URL: https://truongthinh.net/home/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `75aab5df282099b602d349c5703c25b695aba5175cfc54b87e305b32b0a06eea` Request headers accept-language de-DE,de;q=0.9 Referer https://truongthinh.net/home/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 27 Oct 2022 19:45:45 GMT cf-cache-status MISS last-modified Sat, 22 Jan 2022 23:45:44 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"3a00a10-71c-5d63455761a00-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hzuUky8yL9ab2tdt4wFf5Ldi1gHQfmIUIK958Qy3GSyfwn2uWD7iNJrHpPIaLuAtuWw252mjki8ZaL5WDu9eRKmvXXGEPvdvZVKcqPdW9hDULixtbSBmUEDCg6rqjZg3At1dnknVT3V8CJwoxpE%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=31536000 cf-ray 760def0f8cc3fafa-DUS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	zCapture.PNG truongthinh.net/home/images/	3 KB 4 KB	1116ms 1115ms	Image image/png	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://truongthinh.net/home/images/zCapture.PNG Requested by Host: truongthinh.net URL: https://truongthinh.net/home/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d1c9b0d47d2841aceb602141b665b7155b2f2e8325c25e0cdd4428c54fe1302e` Request headers accept-language de-DE,de;q=0.9 Referer https://truongthinh.net/home/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 27 Oct 2022 19:45:45 GMT cf-cache-status EXPIRED last-modified Sat, 22 Jan 2022 23:45:44 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"3a00a55-d8e-5d63455761a00-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G6jKJe%2Bb8MqcRC3S4O8i1LWtIKD70KruCAmJH1TI5Hd429fuOfw8bp57O%2Bze%2FSgkKsmRTByZzDsE4J41aUv%2B%2FFVzhChdKlp6CCuJReHQTnLt5mzPgf7yy%2BE9TproYSE5gWzycl4sxIa05PFFbHI%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=31536000 cf-ray 760def0f8cc5fafa-DUS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: USAA (Banking)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

eliteconsultghana.com
truongthinh.net
2606:4700:3030::6815:479d
2a06:98c1:3121::3
051b0ba3732f4f242e6228ab82230ca4dcae40ce4c05dc4270c1d6bb0ea402da
595e273018ad95b90da98535769f2fa29d3eefbd1a25349228e912de82c7e340
6b0ded8f9af9c49c676f84566b40a6424c0708a5611705bdfa3b00c8d063536d
75aab5df282099b602d349c5703c25b695aba5175cfc54b87e305b32b0a06eea
97eeb3dfa47efa7aafbaf073eaf579b71c9ee1f885d4f7a070d8eeeb1114dd7e
b3a64b17f3736d0d13d8377ddba6f9312be40a9813ba268058dca46e0e60b091
ca7ba11e170cfebb093b40cd37bda7ebe0a78600c1af3ad861aa2ad556f4c4f3
d1c9b0d47d2841aceb602141b665b7155b2f2e8325c25e0cdd4428c54fe1302e
d52b271f17694d8468f772200065e77721836e4a383d8ab1fea902ff68d207ae
f2f26f331d9c4ec7d46988822c0abeb589e15b51ce944848440e8e075ea56c6e

truongthinh.net Open in urlscan Pro 2a06:98c1:3121::3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

11 Requests

100 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

45 kBTransfer

57 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

0 Cookies

Indicators

truongthinh.net Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

45 kB
Transfer

57 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!