ct44862.tmweb.ru
Open in
urlscan Pro
2a03:6f00:1::5c35:60f3
Malicious Activity!
Public Scan
Effective URL: https://ct44862.tmweb.ru/postaleirm/pstl-log.php
Submission: On May 26 via manual from PL — Scanned from DE
Summary
TLS certificate: Issued by GlobalSign GCC R3 DV TLS CA 2020 on May 5th 2022. Valid for: a year.
This is the only time ct44862.tmweb.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banque Postale (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 216.10.243.64 216.10.243.64 | 394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY) | |
2 | 2a03:6f00:1::... 2a03:6f00:1::5c35:60f3 | 9123 (TIMEWEB-AS) (TIMEWEB-AS) | |
2 | 2 |
ASN394695 (PUBLIC-DOMAIN-REGISTRY, US)
PTR: server.sonyserialtalks.net
byrl.me |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
tmweb.ru
ct44862.tmweb.ru |
721 KB |
1 |
byrl.me
1 redirects
byrl.me |
1 KB |
2 | 2 |
Domain | Requested by | |
---|---|---|
2 | ct44862.tmweb.ru |
ct44862.tmweb.ru
|
1 | byrl.me | 1 redirects |
2 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.tmweb.ru GlobalSign GCC R3 DV TLS CA 2020 |
2022-05-05 - 2023-06-06 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://ct44862.tmweb.ru/postaleirm/pstl-log.php
Frame ID: 8F43C125B88ABD9F4368D340F4643FC7
Requests: 8 HTTP requests in this frame
Screenshot
Page Title
Connexion à l'espace client - La Banque PostalePage URL History Show full URLs
-
https://byrl.me/9swF7VV
HTTP 301
https://ct44862.tmweb.ru/postaleirm/pstl-log.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://byrl.me/9swF7VV
HTTP 301
https://ct44862.tmweb.ru/postaleirm/pstl-log.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
2 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
pstl-log.php
ct44862.tmweb.ru/postaleirm/ Redirect Chain
|
1 MB 690 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
6 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
302 KB 302 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
302 KB 302 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
336 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
10 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ct44862.tmweb.ru/postaleirm/Pstl_files/ |
86 KB 30 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banque Postale (Banking)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation function| $ function| jQuery2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
byrl.me/ | Name: XSRF-TOKEN Value: eyJpdiI6InNLUmlwdDhQMVpvM3ZWSk94YXk5V3c9PSIsInZhbHVlIjoiM2x5Q09vZ3NSR1FPY2JtOXBITzdGZmYrSGcvTE50dGt4RXR2R2JOUmthMHpJMExrZEJDU2Q1akl6WjdVdGx3dW15cFgrSUFJMEFxckgvcGtndmlJOExjbWpCbDI4bUwrOHJkcUpzZHZGU2VMVzgzZnRibG9aMU1KN3VMT2QvRnoiLCJtYWMiOiJjZWU2OTBhYWYwN2Y5Y2I3YzQyMDdiZDI0MTgxZjNmOGM2MGY2NTJlMzM0YWE4ZDdkMjIxMzk2ODM5ZGFjNGQ3IiwidGFnIjoiIn0%3D |
|
byrl.me/ | Name: axlsin_session Value: eyJpdiI6ImJla2FKU2RDdjNsMmFpMVhaampvZ1E9PSIsInZhbHVlIjoiUjRpKzlESzdpd2R6K29MYytDamsrYldObWs1RWlrOFlJZHA0Y0d1WmNaM3lTRmdvRDFDUldNa1lkbWovelNaZVV5V1hjaTR0Mk1EelpaclBXS3pnM3RMUmJNaVdoemNZazkxbTdwYjRIQXVyOEx5NFVPSHRoL3ZXVUlSajlQK1ciLCJtYWMiOiJiOWFmYTBiZThhMDI2MjcwNGFmZWIwYzRmMmE3NDU2NzM5ZDQ0MGJlODM5YjI4NjM5ZmU5NzllYzI5ZDYzODE0IiwidGFnIjoiIn0%3D |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
byrl.me
ct44862.tmweb.ru
216.10.243.64
2a03:6f00:1::5c35:60f3
065712ca1db04bc11b0e5558683512d07d52b390ececc32dd5af117ed989d596
0e56b17d142eb366c8007031d14e34da48c70b4a9d9a0ca492e696a7bae45e1e
1a5627a97aa8d55f0866a282ca1d226bf320f6f4aed2aeb76936f84460760318
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a
5b9025dda4d7688e3311b0c17eddc501133b807def33effaef6593843cf5416e
6c2ecc8d8ed497ccfd5de46495d86ec26eb29234a7b65a48cb3bb60ea1519a0a
a079710e67a906296308d3f4e23f6e8a1bfb326e926af1cf4feeec723c8d4674
b7e7c4371dfc5287e71640aad31420951b31a91bf4ef7361eed6a6460ba312b4