www.balmerlawrie.com
Open in
urlscan Pro
164.100.229.107
Malicious Activity!
Public Scan
Effective URL: https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500...
Submission: On February 04 via manual from ES
Summary
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on July 19th 2019. Valid for: 2 years.
This is the only time www.balmerlawrie.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Endesa (Utility)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 15 | 164.100.229.107 164.100.229.107 | 4758 (NICNET-VS...) (NICNET-VSNL-BOARDER-AP National Informatics Centre) | |
1 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:1a | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
14 | 2 |
ASN4758 (NICNET-VSNL-BOARDER-AP National Informatics Centre, IN)
www.balmerlawrie.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
balmerlawrie.com
2 redirects
www.balmerlawrie.com |
654 KB |
1 |
jquery.com
code.jquery.com |
24 KB |
14 | 2 |
Domain | Requested by | |
---|---|---|
15 | www.balmerlawrie.com |
2 redirects
www.balmerlawrie.com
|
1 | code.jquery.com |
www.balmerlawrie.com
|
14 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.balmerlawrie.com DigiCert SHA2 Secure Server CA |
2019-07-19 - 2021-07-18 |
2 years | crt.sh |
jquery.org COMODO RSA Domain Validation Secure Server CA |
2018-10-17 - 2020-10-16 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/
Frame ID: CDA0C93E342C795709D7719EA52AAC9A
Requests: 14 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://www.balmerlawrie.com/files/xml/login/
HTTP 302
https://www.balmerlawrie.com/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6... HTTP 301
https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0... Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.balmerlawrie.com/files/xml/login/
HTTP 302
https://www.balmerlawrie.com/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89 HTTP 301
https://www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/ Redirect Chain
|
44 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.css
www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/ |
184 KB 28 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/ |
118 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg_logo.png
www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/ |
8 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
MenuMob.png
www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/ |
330 B 633 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.3.1.slim.min.js
code.jquery.com/ |
68 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.js
www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/ |
36 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ezone_movil_busqueda.png
www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/ |
632 B 935 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
iconsmall_chat.png
www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/ |
473 B 776 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_enel_footer.png
www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
opensans-semibold.ttf
www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/ |
68 KB 69 KB |
Font
application/font-sfnt |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
opensans-regular.ttf
www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/ |
66 KB 66 KB |
Font
application/font-sfnt |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
opensans-light.ttf
www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/ |
217 KB 217 KB |
Font
application/font-sfnt |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
opensans-bold.ttf
www.balmerlawrie.com/app/webroot/files/xml/login/6e558c72ca8bb963b0b776b54e104ce5fffb7ac4d08187f0ae717d6921b6b4be2500b8bc1334df06fb5d5cf13ef08f89/src/ |
219 KB 220 KB |
Font
application/font-sfnt |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Endesa (Utility)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
www.balmerlawrie.com
164.100.229.107
2001:4de0:ac19::1:b:1a
44ff884f020195acbee3765a6c2e35786bc8fb8424089e61838b65e9d22e13c7
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
5894a3649b213cf5b2d673b6e7a871815fd1d120fa68a463592f27db14eae323
5eeed61bed8c6cad8f4c2c66625a07dfc733f60a1e8bac9bc98c5cda52790e03
8f6705bb754eee4dfbf510f5ffc58ea1216727be5acc00acc1a8294d64696d96
9554b456dca15320787db75f15dfa54f7765a624e25411142fb74f8b7e535bdc
969a03328f84f961ed7a7c0e492fa9c705a8e42d317b464d8c769bc9bf17bda9
a141e5682750e907159ff25b672f9056ef8585395dccbe89b12c5d4394dd8be5
a43997d37b0941d45b94c7b4a1b783bf2fe77325e6b49847929ddea006ff54ea
caedb3bfb24c8f39260ef4d2bfabfaee9f20262fb478e1bb7ec1ffaf573ecdda
cf5f5184c1441a1660aa52526328e9d5c2793e77b6d8d3a3ad654bdb07ab8424
d0c5a1f2ab7514267eb5a11e4023de53510a34663165c04c57a37b56b99a3b72
d16a18a46fe25dd6e83765fd22fd345a27598195633ccee83841edaf68630dfe
dde76b9b2b90d30eb97fc81f06caa8c338c97b688cea7d2729c88f529f32fbb1