login.bleucrm.com
Open in
urlscan Pro
2a06:98c1:3121::3
Malicious Activity!
Public Scan
Effective URL: https://login.bleucrm.com/btinternet2/nxx/lognfrward.php?redirectURL=personal-Confirm&process_ID=brnOmWCMhdAKotJTDKBsrMsPDkHn
Submission: On August 22 via api from US — Scanned from FR
Summary
TLS certificate: Issued by E1 on July 18th 2023. Valid for: 3 months.
This is the only time login.bleucrm.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BT (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 109.234.162.130 109.234.162.130 | 50474 (O2SWITCH) (O2SWITCH) | |
18 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
19 | 3 |
ASN50474 (O2SWITCH, FR)
PTR: 109-234-162-130.reverse.odns.fr
www.ajbef.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
bleucrm.com
login.bleucrm.com |
222 KB |
1 |
ajbef.net
www.ajbef.net |
238 B |
19 | 2 |
Domain | Requested by | |
---|---|---|
18 | login.bleucrm.com |
login.bleucrm.com
|
1 | www.ajbef.net | |
19 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ajbef.net R3 |
2023-08-18 - 2023-11-16 |
3 months | crt.sh |
bleucrm.com E1 |
2023-07-18 - 2023-10-16 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://login.bleucrm.com/btinternet2/nxx/lognfrward.php?redirectURL=personal-Confirm&process_ID=brnOmWCMhdAKotJTDKBsrMsPDkHn
Frame ID: E2E140AEECCA6AE0F9FD2CC67302F9EE
Requests: 20 HTTP requests in this frame
Screenshot
Page Title
Login PagePage URL History Show full URLs
- https://www.ajbef.net/btrtbt.html Page URL
- https://login.bleucrm.com/btinternet2/nxx/ Page URL
- https://login.bleucrm.com/btinternet2/nxx/lognfrward.php?redirectURL=personal-Confirm&process_ID=brnOm... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://www.ajbef.net/btrtbt.html Page URL
- https://login.bleucrm.com/btinternet2/nxx/ Page URL
- https://login.bleucrm.com/btinternet2/nxx/lognfrward.php?redirectURL=personal-Confirm&process_ID=brnOmWCMhdAKotJTDKBsrMsPDkHn Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
btrtbt.html
www.ajbef.net/ |
106 B 238 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
login.bleucrm.com/btinternet2/nxx/ |
135 B 782 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
lognfrward.php
login.bleucrm.com/btinternet2/nxx/ |
18 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
override.css
login.bleucrm.com/btinternet2/nxx/west/in/ |
6 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
common-reset.css
login.bleucrm.com/btinternet2/nxx/west/in/ |
64 KB 35 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
common.css
login.bleucrm.com/btinternet2/nxx/west/in/ |
179 KB 34 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bts-common.css
login.bleucrm.com/btinternet2/nxx/west/in/ |
88 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
responsive-footer.css
login.bleucrm.com/btinternet2/nxx/west/in/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cookies.css
login.bleucrm.com/btinternet2/nxx/west/in/ |
99 KB 40 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bt-login-logo-136423637730102601-171211194315.png
login.bleucrm.com/btinternet2/nxx/west/in/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
BT_mark_4col_rev_105x50.png
login.bleucrm.com/btinternet2/nxx/west/in/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bg_graybutton.png
login.bleucrm.com/btinternet2/nxx/west/deep/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
42 KB 42 KB |
Font
font/truetype |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logintextboxbg.png
login.bleucrm.com/btinternet2/nxx/west/deep/ |
966 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icons-sprite-8bit.png
login.bleucrm.com/btinternet2/nxx/west/deep/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
LoginButtonBg.png
login.bleucrm.com/btinternet2/nxx/west/deep/ |
211 B 754 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
login-back.png
login.bleucrm.com/btinternet2/nxx/west/deep/ |
279 B 823 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
css_sprite.png
login.bleucrm.com/btinternet2/nxx/west/deep/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
BTFont_Rg.woff
login.bleucrm.com/btinternet2/nxx/west/deep/ |
58 KB 58 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bttvicons.woff
login.bleucrm.com/btinternet2/nxx/west/deep/ |
8 KB 9 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BT (Telecommunication)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| wCKtMyhjqM function| showP1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
login.bleucrm.com/ | Name: PHPSESSID Value: d241c641f876a41ca9bca0b8d7ba706c |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
login.bleucrm.com
www.ajbef.net
109.234.162.130
2a06:98c1:3121::3
075395b59521271a9edee1ed8c731c41eb9a1a2ded816f8a4de87a759a8dc813
1c1882f7997fa8bf6263bab77bd1728793115367d85c12d5bca6ae2a26849f67
20f7cca94611e545cc8ba171b49b578f519c3ebd00132eaa0a3870d3711f5f76
2b1930ba4a2e3f401d744fc3d55c2464a79736bfbc0f0875d98dca864b16449f
32ea58d9cd77632cb82a83afb29aa53c9aaabe82cc16f42623385c2a6048014e
3b08992554ee957c4fa7e6f2a2a743bf222c14e3b641dbd36cb7a8998741a55d
5b294fc801bbb5d0701baa9d993026b56b3104f29c9a9fb28708d769c9e7ae1e
64ad63da56637f4e952fc2d1ef0140a0050e85b4b32602a2016e94713fd09e57
64bedd57e310d3b3fe9958f126eb0f9f41dda092421a363b26ea4bb49c648a90
6c15da6e07c5e0c79941d5f3e5e5839e1b1d87d3f03badceb337e88bbe78609f
6de9b19d62ae2029b5d7c51c7eb8fcbdee6503abf32cd74fa3963c76490bc0ac
7583bdd341399e600785dab65ac725a95dced3b0054ed8ca9b8d69fbde04def8
be6f4025d24e0622e1defef4a43ce3c952e335762a80934efc30eee146235d30
beb93ab36466dd7d5c025abd825efdf485f511ceb10ea13fd89d8293fd33dd7e
c471c762b4eb8ce3aac5aec2b1aac9bf9e8ccb8d2fe84d74c940e9ad2c5bc168
dca0cc5454f25ae7dbc17261f1ea34785ec26bab59bc79a04c9e17596d26d771
e1087b7574ea7cdf83a44267599f5151be755c68b45119f0106ed441c6d3c9f8
e34830f7aea8479d5e9d353ba27f32e249b01d562bf617051ff7a3e968c24ca7
ef203c78f49eb32821e0c6ce993bb2d35a0c58fe770fe5ccbcfe5585a01e2ba4
fe496c7e3bf12df3c91e59fe0c367cf2c27ef3b9d3bd0025730789f95f4a1460