www.balmerlawrie.com Open in urlscan Pro
164.100.229.107 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.balmerlawrie.com/files/xml/login/
Effective URL:
https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500...
Submission: On February 04 via manual (February 4th 2020, 8:34:56 am UTC) from ES

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 14 HTTP transactions. The main IP is 164.100.229.107, located in India and belongs to NICNET-VSNL-BOARDER-AP National Informatics Centre, IN. The main domain is www.balmerlawrie.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on July 19th 2019. Valid for: 2 years.

This is the only time www.balmerlawrie.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Endesa (Utility)

Domain & IP information

	IP Address	AS Autonomous System
2 15	164.100.229.107 164.100.229.107	4758 (NICNET-VS...) (NICNET-VSNL-BOARDER-AP National Informatics Centre)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:1a	20446 (HIGHWINDS3) (HIGHWINDS3)
14	2

15 164.100.229.107 (India) 2 redirects

ASN4758 (NICNET-VSNL-BOARDER-AP National Informatics Centre, IN)

www.balmerlawrie.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:1a (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	balmerlawrie.com 2 redirects www.balmerlawrie.com	654 KB
1	jquery.com code.jquery.com	24 KB
14	2

	Domain	Requested by
15	www.balmerlawrie.com	2 redirects www.balmerlawrie.com
1	code.jquery.com	www.balmerlawrie.com
14	2

This site contains no links.

Subject Issuer	Validity	Valid
www.balmerlawrie.com DigiCert SHA2 Secure Server CA	`2019-07-19` - `2021-07-18`	2 years	crt.sh
jquery.org COMODO RSA Domain Validation Secure Server CA	`2018-10-17` - `2020-10-16`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/
Frame ID: CDA0C93E342C795709D7719EA52AAC9A
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.balmerlawrie.com/files/xml/login/ HTTP 302
https://www.balmerlawrie.com/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6... HTTP 301
https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

14
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

678 kB
Transfer

1035 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.balmerlawrie.com/files/xml/login/ HTTP 302
https://www.balmerlawrie.com/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89 HTTP 301
https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/
Redirect Chain

https://www.balmerlawrie.com/files/xml/login/
https://www.balmerlawrie.com/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89
https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/

44 KB
9 KB

523ms
178ms

Document
text/html

164.100.229.107
NICNET-VSNL-BOARD...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

164.100.229.107 , India, ASN4758 (NICNET-VSNL-BOARDER-AP National Informatics Centre, IN),

Reverse DNS

Software

Apache /

Resource Hash

d16a18a46fe25dd6e83765fd22fd345a27598195633ccee83841edaf68630dfe

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN SAMEORIGIN

Request headers

Host: www.balmerlawrie.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Sec-Fetch-User: ?1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Sec-Fetch-User: ?1

Response headers

Date: Tue, 04 Feb 2020 08:34:37 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN SAMEORIGIN
Last-Modified: Tue, 04 Feb 2020 08:34:36 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9364
Connection: close
Content-Type: text/html; charset=UTF-8

Redirect headers

Date: Tue, 04 Feb 2020 08:34:36 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Location: https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/
Content-Length: 362
Connection: close
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK index.css
www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/ 184 KB
28 KB 590ms
246ms Stylesheet
text/css 164.100.229.107
NICNET-VSNL-BOARD...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/index.css

Requested by

Host: www.balmerlawrie.com
URL: https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

164.100.229.107 , India, ASN4758 (NICNET-VSNL-BOARDER-AP National Informatics Centre, IN),

Reverse DNS

Software

Apache /

Resource Hash

caedb3bfb24c8f39260ef4d2bfabfaee9f20262fb478e1bb7ec1ffaf573ecdda

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Referer: https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Tue, 04 Feb 2020 08:34:37 GMT
Content-Encoding: gzip
Last-Modified: Tue, 04 Feb 2020 08:34:36 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 28810

GET
H/1.1 200
OK bootstrap.min.css
www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/ 118 KB
20 KB 533ms
185ms Stylesheet
text/css 164.100.229.107
NICNET-VSNL-BOARD...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/bootstrap.min.css

Requested by

Host: www.balmerlawrie.com
URL: https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

164.100.229.107 , India, ASN4758 (NICNET-VSNL-BOARDER-AP National Informatics Centre, IN),

Reverse DNS

Software

Apache /

Resource Hash

969a03328f84f961ed7a7c0e492fa9c705a8e42d317b464d8c769bc9bf17bda9

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Referer: https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Tue, 04 Feb 2020 08:34:37 GMT
Content-Encoding: gzip
Last-Modified: Tue, 04 Feb 2020 08:34:36 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 19744

GET
H/1.1 200
OK bg_logo.png
www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/ 8 KB
9 KB 531ms
179ms Image
image/png 164.100.229.107
NICNET-VSNL-BOARD...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/bg_logo.png

Requested by

Host: www.balmerlawrie.com
URL: https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

164.100.229.107 , India, ASN4758 (NICNET-VSNL-BOARDER-AP National Informatics Centre, IN),

Reverse DNS

Software

Apache /

Resource Hash

9554b456dca15320787db75f15dfa54f7765a624e25411142fb74f8b7e535bdc

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Referer: https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Tue, 04 Feb 2020 08:34:37 GMT
Last-Modified: Tue, 04 Feb 2020 08:34:36 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=2592000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 8431

GET
H/1.1 200
OK MenuMob.png
www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/ 330 B
633 B 533ms
181ms Image
image/png 164.100.229.107
NICNET-VSNL-BOARD...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/MenuMob.png

Requested by

Host: www.balmerlawrie.com
URL: https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

164.100.229.107 , India, ASN4758 (NICNET-VSNL-BOARDER-AP National Informatics Centre, IN),

Reverse DNS

Software

Apache /

Resource Hash

5eeed61bed8c6cad8f4c2c66625a07dfc733f60a1e8bac9bc98c5cda52790e03

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Referer: https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Tue, 04 Feb 2020 08:34:37 GMT
Last-Modified: Tue, 04 Feb 2020 08:34:36 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=2592000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 330

GET
H/1.1 200
OK jquery-3.3.1.slim.min.js Show response
code.jquery.com/ 68 KB
24 KB 22ms
7ms Script
application/javascript 2001:4de0:ac19::1:b:1a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.3.1.slim.min.js
Requested by: Host: www.balmerlawrie.com
URL: https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:4de0:ac19::1:b:1a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: dde76b9b2b90d30eb97fc81f06caa8c338c97b688cea7d2729c88f529f32fbb1

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/
Origin: https://www.balmerlawrie.com

Response headers

Date: Tue, 04 Feb 2020 08:34:37 GMT
Content-Encoding: gzip
Last-Modified: Sat, 20 Jan 2018 17:26:44 GMT
Server: nginx
ETag: W/"5a637bd4-1111d"
Vary: Accept-Encoding
X-HW: 1580805277.dop011.fr8.shc,1580805277.dop011.fr8.t,1580805277.cds124.fr8.c
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 24038

GET
H/1.1 200
OK bootstrap.min.js Show response
www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/ 36 KB
10 KB 586ms
235ms Script
application/javascript 164.100.229.107
NICNET-VSNL-BOARD...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/bootstrap.min.js

Requested by

Host: www.balmerlawrie.com
URL: https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

164.100.229.107 , India, ASN4758 (NICNET-VSNL-BOARDER-AP National Informatics Centre, IN),

Reverse DNS

Software

Apache /

Resource Hash

53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Referer: https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Tue, 04 Feb 2020 08:34:37 GMT
Content-Encoding: gzip
Last-Modified: Tue, 04 Feb 2020 08:34:36 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 9833

GET
H/1.1 200
OK ezone_movil_busqueda.png
www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/ 632 B
935 B 552ms
185ms Image
image/png 164.100.229.107
NICNET-VSNL-BOARD...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/ezone_movil_busqueda.png

Requested by

Host: www.balmerlawrie.com
URL: https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

164.100.229.107 , India, ASN4758 (NICNET-VSNL-BOARDER-AP National Informatics Centre, IN),

Reverse DNS

Software

Apache /

Resource Hash

a141e5682750e907159ff25b672f9056ef8585395dccbe89b12c5d4394dd8be5

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Referer: https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/index.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Tue, 04 Feb 2020 08:34:38 GMT
Last-Modified: Tue, 04 Feb 2020 08:34:36 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=2592000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 632

GET
H/1.1 200
OK iconsmall_chat.png
www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/ 473 B
776 B 554ms
188ms Image
image/png 164.100.229.107
NICNET-VSNL-BOARD...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/iconsmall_chat.png

Requested by

Host: www.balmerlawrie.com
URL: https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

164.100.229.107 , India, ASN4758 (NICNET-VSNL-BOARDER-AP National Informatics Centre, IN),

Reverse DNS

Software

Apache /

Resource Hash

a43997d37b0941d45b94c7b4a1b783bf2fe77325e6b49847929ddea006ff54ea

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Referer: https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/index.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Tue, 04 Feb 2020 08:34:38 GMT
Last-Modified: Tue, 04 Feb 2020 08:34:36 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=2592000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 473

GET
H/1.1 200
OK logo_enel_footer.png
www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/ 3 KB
3 KB 1081ms
181ms Image
image/png 164.100.229.107
NICNET-VSNL-BOARD...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/logo_enel_footer.png

Requested by

Host: www.balmerlawrie.com
URL: https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

164.100.229.107 , India, ASN4758 (NICNET-VSNL-BOARDER-AP National Informatics Centre, IN),

Reverse DNS

Software

Apache /

Resource Hash

44ff884f020195acbee3765a6c2e35786bc8fb8424089e61838b65e9d22e13c7

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Referer: https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/index.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Tue, 04 Feb 2020 08:34:39 GMT
Last-Modified: Tue, 04 Feb 2020 08:34:36 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=2592000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 3275

GET
H/1.1 200
OK opensans-semibold.ttf
www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/ 68 KB
69 KB 520ms
175ms Font
application/font-sfnt 164.100.229.107
NICNET-VSNL-BOARD...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/opensans-semibold.ttf

Requested by

Host: www.balmerlawrie.com
URL: https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

164.100.229.107 , India, ASN4758 (NICNET-VSNL-BOARDER-AP National Informatics Centre, IN),

Reverse DNS

Software

Apache /

Resource Hash

d0c5a1f2ab7514267eb5a11e4023de53510a34663165c04c57a37b56b99a3b72

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/index.css
Origin: https://www.balmerlawrie.com

Response headers

Date: Tue, 04 Feb 2020 08:34:38 GMT
Last-Modified: Tue, 04 Feb 2020 08:34:36 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: application/font-sfnt
Connection: close
Accept-Ranges: bytes
Content-Length: 69884

GET
H/1.1 200
OK opensans-regular.ttf
www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/ 66 KB
66 KB 526ms
177ms Font
application/font-sfnt 164.100.229.107
NICNET-VSNL-BOARD...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/opensans-regular.ttf

Requested by

Host: www.balmerlawrie.com
URL: https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

164.100.229.107 , India, ASN4758 (NICNET-VSNL-BOARDER-AP National Informatics Centre, IN),

Reverse DNS

Software

Apache /

Resource Hash

8f6705bb754eee4dfbf510f5ffc58ea1216727be5acc00acc1a8294d64696d96

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/index.css
Origin: https://www.balmerlawrie.com

Response headers

Date: Tue, 04 Feb 2020 08:34:38 GMT
Last-Modified: Tue, 04 Feb 2020 08:34:36 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: application/font-sfnt
Connection: close
Accept-Ranges: bytes
Content-Length: 67524

GET
H/1.1 200
OK opensans-light.ttf
www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/ 217 KB
217 KB 535ms
180ms Font
application/font-sfnt 164.100.229.107
NICNET-VSNL-BOARD...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/opensans-light.ttf

Requested by

Host: www.balmerlawrie.com
URL: https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

164.100.229.107 , India, ASN4758 (NICNET-VSNL-BOARDER-AP National Informatics Centre, IN),

Reverse DNS

Software

Apache /

Resource Hash

cf5f5184c1441a1660aa52526328e9d5c2793e77b6d8d3a3ad654bdb07ab8424

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/index.css
Origin: https://www.balmerlawrie.com

Response headers

Date: Tue, 04 Feb 2020 08:34:38 GMT
Last-Modified: Tue, 04 Feb 2020 08:34:36 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: application/font-sfnt
Connection: close
Accept-Ranges: bytes
Content-Length: 222412

GET
H/1.1 200
OK opensans-bold.ttf
www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/ 219 KB
220 KB 542ms
184ms Font
application/font-sfnt 164.100.229.107
NICNET-VSNL-BOARD...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/opensans-bold.ttf

Requested by

Host: www.balmerlawrie.com
URL: https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

164.100.229.107 , India, ASN4758 (NICNET-VSNL-BOARDER-AP National Informatics Centre, IN),

Reverse DNS

Software

Apache /

Resource Hash

5894a3649b213cf5b2d673b6e7a871815fd1d120fa68a463592f27db14eae323

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/index.css
Origin: https://www.balmerlawrie.com

Response headers

Date: Tue, 04 Feb 2020 08:34:38 GMT
Last-Modified: Tue, 04 Feb 2020 08:34:36 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: application/font-sfnt
Connection: close
Accept-Ranges: bytes
Content-Length: 224592

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Endesa (Utility)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
www.balmerlawrie.com
164.100.229.107
2001:4de0:ac19::1:b:1a
44ff884f020195acbee3765a6c2e35786bc8fb8424089e61838b65e9d22e13c7
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
5894a3649b213cf5b2d673b6e7a871815fd1d120fa68a463592f27db14eae323
5eeed61bed8c6cad8f4c2c66625a07dfc733f60a1e8bac9bc98c5cda52790e03
8f6705bb754eee4dfbf510f5ffc58ea1216727be5acc00acc1a8294d64696d96
9554b456dca15320787db75f15dfa54f7765a624e25411142fb74f8b7e535bdc
969a03328f84f961ed7a7c0e492fa9c705a8e42d317b464d8c769bc9bf17bda9
a141e5682750e907159ff25b672f9056ef8585395dccbe89b12c5d4394dd8be5
a43997d37b0941d45b94c7b4a1b783bf2fe77325e6b49847929ddea006ff54ea
caedb3bfb24c8f39260ef4d2bfabfaee9f20262fb478e1bb7ec1ffaf573ecdda
cf5f5184c1441a1660aa52526328e9d5c2793e77b6d8d3a3ad654bdb07ab8424
d0c5a1f2ab7514267eb5a11e4023de53510a34663165c04c57a37b56b99a3b72
d16a18a46fe25dd6e83765fd22fd345a27598195633ccee83841edaf68630dfe
dde76b9b2b90d30eb97fc81f06caa8c338c97b688cea7d2729c88f529f32fbb1

www.balmerlawrie.com Open in urlscan Pro 164.100.229.107 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

678 kBTransfer

1035 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

www.balmerlawrie.com Open in urlscan Pro
164.100.229.107 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

678 kB
Transfer

1035 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!