u61458349m.ha004.t.justns.ru
Open in
urlscan Pro
2a00:b700::12
Malicious Activity!
Public Scan
Effective URL: http://u61458349m.ha004.t.justns.ru/sa/dd53525dad6c03f6ad56df2cdb345c18/
Submission: On February 24 via automatic, source openphish
Summary
This is the only time u61458349m.ha004.t.justns.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Credit Agricole (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:303... 2606:4700:3036::681b:8bfa | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:303... 2606:4700:3034::681b:8afa | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 13.70.82.195 13.70.82.195 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
2 20 | 2a00:b700::12 2a00:b700::12 | 51659 (ASBAXET) (ASBAXET) | |
20 | 3 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.oxfordlawyers.com.au |
Apex Domain Subdomains |
Transfer | |
---|---|---|
20 |
justns.ru
2 redirects
u61458349m.ha004.t.justns.ru |
141 KB |
2 |
hcmc100e.info
1 redirects
www.hcmc100e.info hcmc100e.info |
826 B |
1 |
oxfordlawyers.com.au
www.oxfordlawyers.com.au |
649 B |
20 | 3 |
Domain | Requested by | |
---|---|---|
20 | u61458349m.ha004.t.justns.ru |
2 redirects
www.oxfordlawyers.com.au
u61458349m.ha004.t.justns.ru |
1 | www.oxfordlawyers.com.au |
hcmc100e.info
|
1 | hcmc100e.info | |
1 | www.hcmc100e.info | 1 redirects |
20 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://u61458349m.ha004.t.justns.ru/sa/dd53525dad6c03f6ad56df2cdb345c18/
Frame ID: 9951472FAC38533B9E9572AFEED1C8FB
Requests: 20 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://www.hcmc100e.info/oslo/
HTTP 301
http://hcmc100e.info/oslo/ Page URL
- http://www.oxfordlawyers.com.au/wp-content/_/att/ Page URL
-
http://u61458349m.ha004.t.justns.ru/sa/
HTTP 302
http://u61458349m.ha004.t.justns.ru/sa/dd53525dad6c03f6ad56df2cdb345c18 HTTP 301
http://u61458349m.ha004.t.justns.ru/sa/dd53525dad6c03f6ad56df2cdb345c18/ Page URL
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.hcmc100e.info/oslo/
HTTP 301
http://hcmc100e.info/oslo/ Page URL
- http://www.oxfordlawyers.com.au/wp-content/_/att/ Page URL
-
http://u61458349m.ha004.t.justns.ru/sa/
HTTP 302
http://u61458349m.ha004.t.justns.ru/sa/dd53525dad6c03f6ad56df2cdb345c18 HTTP 301
http://u61458349m.ha004.t.justns.ru/sa/dd53525dad6c03f6ad56df2cdb345c18/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://www.hcmc100e.info/oslo/ HTTP 301
- http://hcmc100e.info/oslo/
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
hcmc100e.info/oslo/ Redirect Chain
|
119 B 406 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
www.oxfordlawyers.com.au/wp-content/_/att/ |
109 B 649 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
u61458349m.ha004.t.justns.ru/sa/dd53525dad6c03f6ad56df2cdb345c18/ Redirect Chain
|
16 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
antiquus.css
u61458349m.ha004.t.justns.ru/sa/dd53525dad6c03f6ad56df2cdb345c18/img/ |
26 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.css
u61458349m.ha004.t.justns.ru/sa/dd53525dad6c03f6ad56df2cdb345c18/img/ |
83 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles-mod.css
u61458349m.ha004.t.justns.ru/sa/dd53525dad6c03f6ad56df2cdb345c18/img/ |
15 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2.PNG
u61458349m.ha004.t.justns.ru/sa/dd53525dad6c03f6ad56df2cdb345c18/img/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
4.PNG
u61458349m.ha004.t.justns.ru/sa/dd53525dad6c03f6ad56df2cdb345c18/img/ |
80 KB 80 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1.PNG
u61458349m.ha004.t.justns.ru/sa/dd53525dad6c03f6ad56df2cdb345c18/img/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
point_transp.gif
u61458349m.ha004.t.justns.ru/sa/dd53525dad6c03f6ad56df2cdb345c18/img/ |
87 B 437 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
3.PNG
u61458349m.ha004.t.justns.ru/sa/dd53525dad6c03f6ad56df2cdb345c18/img/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
u61458349m.ha004.t.justns.ru/sa/dd53525dad6c03f6ad56df2cdb345c18/ |
16 KB 5 KB |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
u61458349m.ha004.t.justns.ru/sa/dd53525dad6c03f6ad56df2cdb345c18/ |
16 KB 5 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main_repeat.png
u61458349m.ha004.t.justns.ru/sa/dd53525dad6c03f6ad56df2cdb345c18/img/ |
396 B 396 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
entete_light.png
u61458349m.ha004.t.justns.ru/sa/dd53525dad6c03f6ad56df2cdb345c18/img/ |
397 B 397 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main_haut.png
u61458349m.ha004.t.justns.ru/sa/dd53525dad6c03f6ad56df2cdb345c18/img/ |
394 B 394 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bloc_arrond_bas.png
u61458349m.ha004.t.justns.ru/sa/dd53525dad6c03f6ad56df2cdb345c18/img/ |
400 B 400 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bloc_arrond_haut.png
u61458349m.ha004.t.justns.ru/sa/dd53525dad6c03f6ad56df2cdb345c18/img/ |
401 B 401 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg_form.png
u61458349m.ha004.t.justns.ru/sa/dd53525dad6c03f6ad56df2cdb345c18/img/ |
392 B 392 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
thead.png
u61458349m.ha004.t.justns.ru/sa/dd53525dad6c03f6ad56df2cdb345c18/img/ |
390 B 390 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Credit Agricole (Banking)47 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate string| OS string| Version number| posOS number| posOS2 function| setSize function| clicPosition undefined| code undefined| pos_der_code undefined| affiche_code function| effacer function| cocherCase function| corriger string| path_static string| path_dynamic string| caisse function| raf string| urlappli string| urlapplisecu function| ValidCertif function| ValidCertifSecu string| statusconfirmer string| statusannuler string| statusaide string| statuscondjur string| statusdemo string| statuscompte string| statuscode string| statuscorriger string| statusclavnum string| statusrecom string| App number| Nav_sup boolean| browserOK boolean| browserOK1 boolean| browserOK2 function| ouvrePOPUP function| ouvreassistance function| ouvreFenetre function| validation function| isNumerique function| isAlphaNum string| srcLien string| srcPuceLien string| yesno string| authentif0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
hcmc100e.info
u61458349m.ha004.t.justns.ru
www.hcmc100e.info
www.oxfordlawyers.com.au
13.70.82.195
2606:4700:3034::681b:8afa
2606:4700:3036::681b:8bfa
2a00:b700::12
016b8d314d3f16143113d63a2b3565535c69b0d7cf622e692c44931c6ef1a711
1b874a4f3274f387f74a2e53fd30820e323847dec923975845d841ead5017603
2683fba7cb1a08e283ce4e36c30da6b0fb637805500ce1fbdc273e3dc6aa31e7
27919452c60d5e3c21195be6f14ecb2ea4a926e77b8a3bbb9b6c075edd4668ca
3d694d31a9b14f28ce0b365d960eff9af08bdeb94257fe05fb45e37f8d89b62f
4b464139d70857ff4282ecd48f13987a2e31b9664e4ac67261b6c52a50b4b3dd
5419b03ff5ae60531376f541926b728d39f15f79959f01e52aa89c6aa5cc13fc
7a1a0dc539a9129f3ce1a26e7598a54217d8c8c0291f1a267976dcdad89bbe57
7b2736d09d34494af3490ed5a4c14776f2c9f1c72e58f9c2ea692d17c1eb5311
818dbce391b5b9e65f6a5ecb4dbd5effc69f22d17b7bd462a2a8b40852817697
93c14a18bf17e789c6ff56c7058ff4c3442803c533cf3384be0a352a54fac0ee
981fc6bc288f27176dfd0511a1ca0e867bf6f63e6e04c076afbb9fe4fdf180af
a5c171953807186c09c88facb9fa374b3b3b7464802bab6ce14c3568c3850efc
af03fd5bbea38498f45dade415005c9bc1b63261411b5e6a2f4e83ed52c0c55e
b5436a0313c7fdc284ff1443687a3e9c8437c3200e451e81861cca2e050e5b94
dbfbcbafd2d82f705eb25d811a858ffe6affa7aced9d4c0e0fb826637c8c0e3d
e6ebd97ad66c3f6d4d2e43ffa5f601d8d8b3a4b110b4d359c3524a3403f31290
fb5bcd795aae3ecfe407404666b052529a802198a68752770f3ca273658dd1b7