xemaybaotin.vn Open in urlscan Pro
103.116.104.238  Malicious Activity! Public Scan

Submitted URL: https://xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398
Effective URL: https://xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398/Login.php
Submission: On February 28 via automatic, source openphish — Scanned from DE

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 6 HTTP transactions. The main IP is 103.116.104.238, located in Viet Nam and belongs to INDRA-RELOAD-AS-VN Reload Company Limited, VN. The main domain is xemaybaotin.vn.
TLS certificate: Issued by R3 on February 6th 2023. Valid for: 3 months.
This is the only time xemaybaotin.vn was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Commonwealth Bank (Banking)

Domain & IP information

IP Address AS Autonomous System
2 8 103.116.104.238 135987 (INDRA-REL...)
6 1
Apex Domain
Subdomains
Transfer
8 xemaybaotin.vn
xemaybaotin.vn
51 KB
6 1
Domain Requested by
8 xemaybaotin.vn 2 redirects xemaybaotin.vn
6 1

This site contains no links.

Subject Issuer Validity Valid
xemaybaotin.vn
R3
2023-02-06 -
2023-05-07
3 months crt.sh

This page contains 1 frames:

Primary Page: https://xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398/Login.php
Frame ID: 9B67FFFE0091D5B6CE2C151836AA740D
Requests: 6 HTTP requests in this frame

Screenshot

Page Title

NetBank - Log on to NetBank - Enjoy simple and secure online banking from Commonwealth Bank

Page URL History Show full URLs

  1. https://xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398 HTTP 301
    https://xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398/ HTTP 302
    https://xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398/Login.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

50 kB
Transfer

88 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398 HTTP 301
    https://xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398/ HTTP 302
    https://xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398/Login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Login.php
xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398/
Redirect Chain
  • https://xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398
  • https://xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398/
  • https://xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398/Login.php
20 KB
7 KB
Document
General
Full URL
https://xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398/Login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
103.116.104.238 , Viet Nam, ASN135987 (INDRA-RELOAD-AS-VN Reload Company Limited, VN),
Reverse DNS
Software
LiteSpeed /
Resource Hash
d6f3d9c9ae682dd8ba0d7275b2e60b3e552e4121ccdb4840a5dec45bf3a98faf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-length
7459
content-type
text/html; charset=UTF-8
date
Tue, 28 Feb 2023 01:24:49 GMT
server
LiteSpeed
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

content-encoding
gzip
content-length
21
content-type
text/html; charset=UTF-8
date
Tue, 28 Feb 2023 01:24:49 GMT
location
./Login.php
server
LiteSpeed
strict-transport-security
max-age=31536000
vary
Accept-Encoding
logon-merge.8397238ab0ae7a25ea1af4d375f2c3df.css
xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398/Folder/
31 KB
7 KB
Stylesheet
General
Full URL
https://xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398/Folder/logon-merge.8397238ab0ae7a25ea1af4d375f2c3df.css
Requested by
Host: xemaybaotin.vn
URL: https://xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398/Login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
103.116.104.238 , Viet Nam, ASN135987 (INDRA-RELOAD-AS-VN Reload Company Limited, VN),
Reverse DNS
Software
LiteSpeed /
Resource Hash
e7f2cda0b8b68f11ecc03785732d0a1b894f2406b0cb13d621f4786e13112d7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398/Login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Tue, 28 Feb 2023 01:24:49 GMT
content-encoding
br
strict-transport-security
max-age=31536000
last-modified
Mon, 27 Feb 2023 22:30:26 GMT
server
LiteSpeed
etag
"7b59-63fd2f02-80ad9;br"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=43200
accept-ranges
bytes
content-length
6574
expires
Tue, 28 Feb 2023 13:24:49 GMT
cba_mainlogo.ac9de6fb5214be84653367c74ba0b5f0.gif
xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398/Folder/
5 KB
5 KB
Image
General
Full URL
https://xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398/Folder/cba_mainlogo.ac9de6fb5214be84653367c74ba0b5f0.gif
Requested by
Host: xemaybaotin.vn
URL: https://xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398/Login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
103.116.104.238 , Viet Nam, ASN135987 (INDRA-RELOAD-AS-VN Reload Company Limited, VN),
Reverse DNS
Software
LiteSpeed /
Resource Hash
4620bea7b8db9ffe1747e9c29910d7ea2ec84a7a3c7416e7a8a70e450073d820
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398/Login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Tue, 28 Feb 2023 01:24:49 GMT
strict-transport-security
max-age=31536000
last-modified
Mon, 27 Feb 2023 22:30:26 GMT
server
LiteSpeed
etag
"12f4-63fd2f02-80ad3;;;"
content-type
image/gif
cache-control
public, max-age=43200
accept-ranges
bytes
content-length
4852
expires
Tue, 28 Feb 2023 13:24:49 GMT
Partnership_NetBanklogon.jpg
xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398/Folder/
17 KB
17 KB
Image
General
Full URL
https://xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398/Folder/Partnership_NetBanklogon.jpg
Requested by
Host: xemaybaotin.vn
URL: https://xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398/Login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
103.116.104.238 , Viet Nam, ASN135987 (INDRA-RELOAD-AS-VN Reload Company Limited, VN),
Reverse DNS
Software
LiteSpeed /
Resource Hash
bdb0b8e96a7b152a1d317c2dcb839d2a70f47c07782ee0ac6881d7c7443db5fc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398/Login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Tue, 28 Feb 2023 01:24:49 GMT
strict-transport-security
max-age=31536000
last-modified
Mon, 27 Feb 2023 22:30:26 GMT
server
LiteSpeed
etag
"457c-63fd2f02-80ad4;;;"
content-type
image/jpeg
cache-control
public, max-age=43200
accept-ranges
bytes
content-length
17788
expires
Tue, 28 Feb 2023 13:24:49 GMT
hbg.0236e4e9a193069c4e8554db8b06354c.png
xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398/Folder/
254 B
374 B
Image
General
Full URL
https://xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398/Folder/hbg.0236e4e9a193069c4e8554db8b06354c.png
Requested by
Host: xemaybaotin.vn
URL: https://xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398/Folder/logon-merge.8397238ab0ae7a25ea1af4d375f2c3df.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
103.116.104.238 , Viet Nam, ASN135987 (INDRA-RELOAD-AS-VN Reload Company Limited, VN),
Reverse DNS
Software
LiteSpeed /
Resource Hash
f0755c4aa02ff90cf951d4752166ce52ea98cb85b86186f954dcc5d9d9cd02c0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398/Folder/logon-merge.8397238ab0ae7a25ea1af4d375f2c3df.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Tue, 28 Feb 2023 01:24:50 GMT
strict-transport-security
max-age=31536000
last-modified
Mon, 27 Feb 2023 22:30:26 GMT
server
LiteSpeed
etag
"fe-63fd2f02-80ae5;;;"
content-type
image/png
cache-control
public, max-age=43200
accept-ranges
bytes
content-length
254
expires
Tue, 28 Feb 2023 13:24:50 GMT
logonsprite2.307a0c523f35f709f390895b4720d350.png
xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398/Folder/
14 KB
14 KB
Image
General
Full URL
https://xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398/Folder/logonsprite2.307a0c523f35f709f390895b4720d350.png
Requested by
Host: xemaybaotin.vn
URL: https://xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398/Folder/logon-merge.8397238ab0ae7a25ea1af4d375f2c3df.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
103.116.104.238 , Viet Nam, ASN135987 (INDRA-RELOAD-AS-VN Reload Company Limited, VN),
Reverse DNS
Software
LiteSpeed /
Resource Hash
c3787cbabd5c9acf9bfdc72c8e706754d644a14d5bd538e675c1885ccae87341
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://xemaybaotin.vn/wp-content/litespeed/ccss/au/39ef398/Folder/logon-merge.8397238ab0ae7a25ea1af4d375f2c3df.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Tue, 28 Feb 2023 01:24:50 GMT
strict-transport-security
max-age=31536000
last-modified
Mon, 27 Feb 2023 22:30:26 GMT
server
LiteSpeed
etag
"377f-63fd2f02-80adf;;;"
content-type
image/png
cache-control
public, max-age=43200
accept-ranges
bytes
content-length
14207
expires
Tue, 28 Feb 2023 13:24:50 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Commonwealth Bank (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000