urlscan.io logo urlscan.io
SecurityTrails logo

gionghatvietnhii2021.ga Open in urlscan Pro
103.97.125.244  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://gionghatvietnhii2021.ga/
Submission: On September 14 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 4 countries across 4 domains to perform 9 HTTP transactions. The main IP is 103.97.125.244, located in Ho Chi Minh City, Viet Nam and belongs to LUUTRUSO-AS-VN Digital Storage Company Limited, VN. The main domain is gionghatvietnhii2021.ga.
This is the only time gionghatvietnhii2021.ga was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 103.97.125.244 56153 (LUUTRUSO-...)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
1 2a04:4e42:200... 54113 (FASTLY)
1 2a03:2880:f01... 32934 (FACEBOOK)
9 5
Domain Requested by
1 cdn.jsdelivr.net gionghatvietnhii2021.ga
1 static.xx.fbcdn.net gionghatvietnhii2021.ga
1 code.jquery.com gionghatvietnhii2021.ga
1 gionghatvietnhii2021.ga
9 4
Subject Issuer Validity Valid
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2021-07-14 -
2022-08-14		 a year crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2020		 2021-04-30 -
2022-06-01		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-07-20 -
2021-10-18		 3 months crt.sh

This page contains 1 frames:

Primary Page: http://gionghatvietnhii2021.ga/
Frame ID: 19454ECBD6CDEB3A95933B58D89A122B
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Facebook

Detected technologies

Overall confidence: 100%
Detected patterns
  • /npm/sweetalert2@([\d.]+)
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

9
Requests

33 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

4
Countries

55 kB
Transfer

169 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • http://cdn.jsdelivr.net/npm/sweetalert2@10 HTTP 307
  • https://cdn.jsdelivr.net/npm/sweetalert2@10

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set /
gionghatvietnhii2021.ga/ 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://gionghatvietnhii2021.ga/
Protocol
HTTP/1.1
Server
103.97.125.244 Ho Chi Minh City, Viet Nam, ASN56153 (LUUTRUSO-AS-VN Digital Storage Company Limited, VN),
Reverse DNS
no-ptr.123host.vn
Software
Apache /
Resource Hash
214b4c588aeb58593a15d0fdc6e6b0ef93af050eef14ba4ac227c217cd716fb9

Request headers

Host
gionghatvietnhii2021.ga
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Server
Apache
Date
Tue, 14 Sep 2021 01:22:47 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
4473
Connection
keep-alive
Set-Cookie
PHPSESSID=chhcprfl4ekejfbcdg5hgaucd3; path=/
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Content-Encoding
gzip
X-Turbo-Charged-By
LiteSpeed
jquery-2.2.2.min.js
code.jquery.com/ 		84 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-2.2.2.min.js
Requested by
Host: gionghatvietnhii2021.ga
URL: http://gionghatvietnhii2021.ga/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:1b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
dfa729d82a3effadab1000181cb99108f232721e3b0af74cfae4c12704b35a32

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gionghatvietnhii2021.ga/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 14 Sep 2021 01:22:52 GMT
content-encoding
gzip
last-modified
Thu, 17 Mar 2016 17:52:17 GMT
server
nginx
etag
W/"56eaeed1-14e98"
vary
Accept-Encoding
x-hw
1631582572.dop219.fr8.t,1631582572.cds212.fr8.hn,1631582572.cds235.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
29880
BlTIO-iwJWT.css
static.xx.fbcdn.net/rsrc.php/v3/yf/l/0,cross/ 		0
0
mymUn3E0JwN.css
static.xx.fbcdn.net/rsrc.php/v3/yh/l/0,cross/ 		0
0
AnSI8cOE6MJ.css
static.xx.fbcdn.net/rsrc.php/v3/yP/l/0,cross/ 		0
0
GsxGVfOEpp-.css
static.xx.fbcdn.net/rsrc.php/v3/yz/l/0,cross/ 		0
0
IxxDAbiZepi.css
static.xx.fbcdn.net/rsrc.php/v3/yT/l/0,cross/ 		0
0
sweetalert2@10
cdn.jsdelivr.net/npm/
Redirect Chain
  • http://cdn.jsdelivr.net/npm/sweetalert2@10
  • https://cdn.jsdelivr.net/npm/sweetalert2@10
71 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/sweetalert2@10
Requested by
Host: gionghatvietnhii2021.ga
URL: http://gionghatvietnhii2021.ga/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
71518e46463eba2ba7cefd9e6b0d4604b8e026eae3111379486a510c4f6f78b3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gionghatvietnhii2021.ga/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
35751
x-jsd-version
10.16.9
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
19102
etag
W/"11bb2-TiI/wgz0Cs+BoC8fAb8miI/2YYg"
x-served-by
cache-fra19168-FRA
x-jsd-version-type
version
date
Tue, 14 Sep 2021 01:22:52 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*

Redirect headers

Location
https://cdn.jsdelivr.net/npm/sweetalert2@10
Non-Authoritative-Reason
HSTS
dF5SId3UHWd.svg
static.xx.fbcdn.net/rsrc.php/y8/r/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/y8/r/dF5SId3UHWd.svg
Requested by
Host: gionghatvietnhii2021.ga
URL: http://gionghatvietnhii2021.ga/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self';script-src *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gionghatvietnhii2021.ga/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self';script-src *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
br
x-content-type-options
nosniff
content-md5
NiMA5zHIsmaYxSYEaw9fHg==
content-security-policy-report-only
default-src data: blob: 'self';script-src *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline';connect-src *.fbcdn.net attachment.fbsbx.com blob: 'self';report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
1027
x-xss-protection
0
x-fb-debug
DlxUWUrWOj12ScTkmtUlSJaG4OJQ0kYveS+VM+1bwBlnNjTMJcfzEaBaQ+QDahuFdSN6sjkCE3lH2JznwQnTAQ==
x-fb-trip-id
686109401
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
date
Tue, 14 Sep 2021 01:22:52 GMT
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
x-fb-rlafr
0
timing-allow-origin
*
expires
Sat, 10 Sep 2022 04:17:59 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
static.xx.fbcdn.net
URL
https://static.xx.fbcdn.net/rsrc.php/v3/yf/l/0,cross/BlTIO-iwJWT.css?_nc_x=Ij3Wp8lg5Kz
Domain
static.xx.fbcdn.net
URL
https://static.xx.fbcdn.net/rsrc.php/v3/yh/l/0,cross/mymUn3E0JwN.css?_nc_x=Ij3Wp8lg5Kz
Domain
static.xx.fbcdn.net
URL
https://static.xx.fbcdn.net/rsrc.php/v3/yP/l/0,cross/AnSI8cOE6MJ.css?_nc_x=Ij3Wp8lg5Kz
Domain
static.xx.fbcdn.net
URL
https://static.xx.fbcdn.net/rsrc.php/v3/yz/l/0,cross/GsxGVfOEpp-.css?_nc_x=Ij3Wp8lg5Kz
Domain
static.xx.fbcdn.net
URL
https://static.xx.fbcdn.net/rsrc.php/v3/yT/l/0,cross/IxxDAbiZepi.css?_nc_x=Ij3Wp8lg5Kz

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster function| $ function| jQuery function| Sweetalert2 function| SweetAlert function| Swal function| sweetAlert function| swal function| thongbao object| _0x556e

1 Cookies

Domain/Path Name / Value
gionghatvietnhii2021.ga/ Name: PHPSESSID
Value: chhcprfl4ekejfbcdg5hgaucd3

10 Console Messages

Source Level URL
Text
javascript error URL: http://gionghatvietnhii2021.ga/
Message:
Access to CSS stylesheet at 'https://static.xx.fbcdn.net/rsrc.php/v3/yT/l/0,cross/IxxDAbiZepi.css?_nc_x=Ij3Wp8lg5Kz' from origin 'http://gionghatvietnhii2021.ga' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://static.xx.fbcdn.net/rsrc.php/v3/yT/l/0,cross/IxxDAbiZepi.css?_nc_x=Ij3Wp8lg5Kz
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: http://gionghatvietnhii2021.ga/
Message:
Access to CSS stylesheet at 'https://static.xx.fbcdn.net/rsrc.php/v3/yP/l/0,cross/AnSI8cOE6MJ.css?_nc_x=Ij3Wp8lg5Kz' from origin 'http://gionghatvietnhii2021.ga' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://static.xx.fbcdn.net/rsrc.php/v3/yP/l/0,cross/AnSI8cOE6MJ.css?_nc_x=Ij3Wp8lg5Kz
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: http://gionghatvietnhii2021.ga/
Message:
Access to CSS stylesheet at 'https://static.xx.fbcdn.net/rsrc.php/v3/yz/l/0,cross/GsxGVfOEpp-.css?_nc_x=Ij3Wp8lg5Kz' from origin 'http://gionghatvietnhii2021.ga' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://static.xx.fbcdn.net/rsrc.php/v3/yz/l/0,cross/GsxGVfOEpp-.css?_nc_x=Ij3Wp8lg5Kz
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: http://gionghatvietnhii2021.ga/
Message:
Access to CSS stylesheet at 'https://static.xx.fbcdn.net/rsrc.php/v3/yf/l/0,cross/BlTIO-iwJWT.css?_nc_x=Ij3Wp8lg5Kz' from origin 'http://gionghatvietnhii2021.ga' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://static.xx.fbcdn.net/rsrc.php/v3/yf/l/0,cross/BlTIO-iwJWT.css?_nc_x=Ij3Wp8lg5Kz
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: http://gionghatvietnhii2021.ga/
Message:
Access to CSS stylesheet at 'https://static.xx.fbcdn.net/rsrc.php/v3/yh/l/0,cross/mymUn3E0JwN.css?_nc_x=Ij3Wp8lg5Kz' from origin 'http://gionghatvietnhii2021.ga' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://static.xx.fbcdn.net/rsrc.php/v3/yh/l/0,cross/mymUn3E0JwN.css?_nc_x=Ij3Wp8lg5Kz
Message:
Failed to load resource: net::ERR_FAILED