s499072.ha003.t.justns.ru Open in urlscan Pro
2a00:b700:5:100::109 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://webmaillive25s.somee.com/
Effective URL:
http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/a6635011.php?id=92108159
Submission: On December 28 via manual (December 28th 2022, 8:46:48 am UTC) from IN — Scanned from DE

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 13 HTTP transactions. The main IP is 2a00:b700:5:100::109, located in Moscow, Russian Federation and belongs to ASBAXET, RU. The main domain is s499072.ha003.t.justns.ru.

This is the only time s499072.ha003.t.justns.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Credit Agricole (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	155.254.244.35 155.254.244.35	19969 (JOESDATAC...) (JOESDATACENTER)
12	2a00:b700:5:1... 2a00:b700:5:100::109	51659 (ASBAXET) (ASBAXET)
13	3

1 155.254.244.35 (Dallas, United States)

ASN19969 (JOESDATACENTER, US)

webmaillive25s.somee.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:b700:5:100::109 (Moscow, Russian Federation)

ASN51659 (ASBAXET, RU)

s499072.ha003.t.justns.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	justns.ru s499072.ha003.t.justns.ru	658 KB
1	somee.com webmaillive25s.somee.com	366 B
13	2

	Domain	Requested by
12	s499072.ha003.t.justns.ru	s499072.ha003.t.justns.ru
1	webmaillive25s.somee.com
13	2

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/a6635011.php?id=92108159
Frame ID: F8C335DBCC84CF7B654B65895D920433
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://webmaillive25s.somee.com/ Page URL
http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/a6635011.php?id=92108159 Page URL

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

<div class="[^"]*parbase

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

13
Requests

0 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

659 kB
Transfer

1770 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://webmaillive25s.somee.com/ Page URL
http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/a6635011.php?id=92108159 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response webmaillive25s.somee.com/	122 B 366 B	825ms 593ms	Document text/html	155.254.244.35 JOESDATACENTER
General Check archive.org Show headers Download Go to Full URL http://webmaillive25s.somee.com/ Protocol HTTP/1.1 Server 155.254.244.35 Dallas, United States, ASN19969 (JOESDATACENTER, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash `b0d0fd060b5941216accefc81d49a629aecacacd89ee7442be5981b430563906` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control private Content-Length 122 Content-Type text/html Date Wed, 28 Dec 2022 08:46:41 GMT Server Microsoft-IIS/10.0 X-Powered-By ASP.NET
GET H/1.1	200 OK	Primary Request a6635011.php Show response s499072.ha003.t.justns.ru/agrecolx/new/q99550/	13 KB 4 KB	376ms 82ms	Document text/html	2a00:b700:5:100::109 ASBAXET
General Check archive.org Show headers Download Go to Full URL http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/a6635011.php?id=92108159 Protocol HTTP/1.1 Server 2a00:b700:5:100::109 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `9bb4610c3ddc9525d29ff78f9f0cec4030a0a827676ca144f0fdb1bef7e388ba` Request headers Referer http://webmaillive25s.somee.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection Keep-Alive Keep-Alive timeout=5, max=100 cache-control no-store, no-cache, must-revalidate content-encoding gzip content-length 3666 content-type text/html; charset-UTF-8;charset=UTF-8 date Wed, 28 Dec 2022 08:46:42 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server LiteSpeed vary Accept-Encoding,User-Agent
GET H/1.1	200 OK	6997f510.css s499072.ha003.t.justns.ru/agrecolx/new/q99550/layouts/css/	1 MB 223 KB	39ms 37ms	Stylesheet text/css	2a00:b700:5:100::109 ASBAXET
General Check archive.org Show headers Download Go to Full URL http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/layouts/css/6997f510.css Requested by Host: s499072.ha003.t.justns.ru URL: http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/a6635011.php?id=92108159 Protocol HTTP/1.1 Server 2a00:b700:5:100::109 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `74a3ce7b4b1c07d85bfb5aeb0ec7c32914f348e7262e236271e135a991a61c3a` Request headers accept-language de-DE,de;q=0.9 Referer http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/a6635011.php?id=92108159 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 28 Dec 2022 08:46:42 GMT content-encoding gzip last-modified Tue, 27 Dec 2022 13:45:55 GMT server LiteSpeed etag "143120-63aaf713-517ce1f2c1ce056;gz" vary Accept-Encoding,User-Agent content-type text/css cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 228123 expires Wed, 04 Jan 2023 08:46:42 GMT
GET H/1.1	200 OK	1f61aaac.css s499072.ha003.t.justns.ru/agrecolx/new/q99550/layouts/css/	15 KB 5 KB	76ms 37ms	Stylesheet text/css	2a00:b700:5:100::109 ASBAXET
General Check archive.org Show headers Download Go to Full URL http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/layouts/css/1f61aaac.css Requested by Host: s499072.ha003.t.justns.ru URL: http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/a6635011.php?id=92108159 Protocol HTTP/1.1 Server 2a00:b700:5:100::109 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `91f03ca0626fae8c1f0ed8db8eb4df4b927071bc2f1f5cff4fbe1a97a2babfc3` Request headers accept-language de-DE,de;q=0.9 Referer http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/a6635011.php?id=92108159 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 28 Dec 2022 08:46:42 GMT content-encoding gzip last-modified Tue, 27 Dec 2022 13:45:55 GMT server LiteSpeed etag "3dcc-63aaf713-b4bcf964fe0d4642;gz" vary Accept-Encoding,User-Agent content-type text/css cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 4618 expires Wed, 04 Jan 2023 08:46:42 GMT
GET H/1.1	200 OK	3d681eff.css s499072.ha003.t.justns.ru/agrecolx/new/q99550/layouts/css/	19 KB 6 KB	77ms 39ms	Stylesheet text/css	2a00:b700:5:100::109 ASBAXET
General Check archive.org Show headers Download Go to Full URL http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/layouts/css/3d681eff.css Requested by Host: s499072.ha003.t.justns.ru URL: http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/a6635011.php?id=92108159 Protocol HTTP/1.1 Server 2a00:b700:5:100::109 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `0093bc28c850f155462b7c8892fe1f840b4da40590a45fcab97e962ddb624606` Request headers accept-language de-DE,de;q=0.9 Referer http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/a6635011.php?id=92108159 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 28 Dec 2022 08:46:42 GMT content-encoding gzip last-modified Tue, 27 Dec 2022 13:45:55 GMT server LiteSpeed etag "4b32-63aaf713-b4b3acfe1bf66aff;gz" vary Accept-Encoding,User-Agent content-type text/css cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 5343 expires Wed, 04 Jan 2023 08:46:42 GMT
GET H/1.1	200 OK	d41d8cd9.css s499072.ha003.t.justns.ru/agrecolx/new/q99550/layouts/css/	0 379 B	80ms 40ms	Stylesheet text/css	2a00:b700:5:100::109 ASBAXET
General Check archive.org Show headers Download Go to Full URL http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/layouts/css/d41d8cd9.css Requested by Host: s499072.ha003.t.justns.ru URL: http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/a6635011.php?id=92108159 Protocol HTTP/1.1 Server 2a00:b700:5:100::109 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language de-DE,de;q=0.9 Referer http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/a6635011.php?id=92108159 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 28 Dec 2022 08:46:42 GMT last-modified Tue, 27 Dec 2022 13:45:55 GMT server LiteSpeed etag "0-63aaf713-8681353f02dd1542;;;" vary User-Agent content-type text/css cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 0 expires Wed, 04 Jan 2023 08:46:42 GMT
GET H/1.1	200 OK	CA_Logo_seul-1.svg s499072.ha003.t.justns.ru/agrecolx/new/q99550/layouts/imgs//	16 KB 5 KB	73ms 36ms	Image image/svg+xml	2a00:b700:5:100::109 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/layouts/imgs//CA_Logo_seul-1.svg Requested by Host: s499072.ha003.t.justns.ru URL: http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/a6635011.php?id=92108159 Protocol HTTP/1.1 Server 2a00:b700:5:100::109 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `4a3b0d2a941677f6fb37a438d20deacc3cea1d6fdc728f72cf3d7ca099cc0ca9` Request headers accept-language de-DE,de;q=0.9 Referer http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/a6635011.php?id=92108159 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 28 Dec 2022 08:46:42 GMT content-encoding gzip last-modified Tue, 27 Dec 2022 13:45:55 GMT server LiteSpeed etag "3f78-63aaf713-74b0f3f86b355807;gz" vary Accept-Encoding,User-Agent content-type image/svg+xml cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 5200 expires Wed, 04 Jan 2023 08:46:42 GMT
GET DATA	200 OK	truncated /	901 B 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `76155584344103aa0faa76819ed842f16b3ddb62f37d90b36549ac738404721b` Request headers accept-language de-DE,de;q=0.9 Referer http://s499072.ha003.t.justns.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/jpeg
GET H/1.1	200 OK	acces_cr_part_carre.jpg s499072.ha003.t.justns.ru/agrecolx/new/q99550/layouts/imgs//	238 KB 239 KB	36ms 36ms	Image image/jpeg	2a00:b700:5:100::109 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/layouts/imgs//acces_cr_part_carre.jpg Protocol HTTP/1.1 Server 2a00:b700:5:100::109 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `c4966ab5e78e2270952b89576c4a0a386e8a7ea673c56f0f396d620abf4f81b8` Request headers accept-language de-DE,de;q=0.9 Referer http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/a6635011.php?id=92108159 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 28 Dec 2022 08:46:42 GMT last-modified Tue, 27 Dec 2022 13:45:55 GMT server LiteSpeed etag "3b8cf-63aaf713-10c507ee6a1d4d46;;;" vary User-Agent content-type image/jpeg cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 243919 expires Wed, 04 Jan 2023 08:46:42 GMT
GET H/1.1	200 OK	npcicons-crunchy.woff2 s499072.ha003.t.justns.ru/agrecolx/new/q99550/layouts/css/clientlib-resources/resources/fonts/npcicons-crunchy/	16 KB 16 KB	37ms 36ms	Font font/woff2	2a00:b700:5:100::109 ASBAXET
General Check archive.org Show headers Download Go to Full URL http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/layouts/css/clientlib-resources/resources/fonts/npcicons-crunchy/npcicons-crunchy.woff2 Requested by Host: s499072.ha003.t.justns.ru URL: http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/layouts/css/6997f510.css Protocol HTTP/1.1 Server 2a00:b700:5:100::109 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `2b4f1630e7cc5b5f4b6dd7b74888509cf60f756f29f3b4405cd0310c10155361` Request headers Referer http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/layouts/css/6997f510.css Origin http://s499072.ha003.t.justns.ru accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 28 Dec 2022 08:46:42 GMT last-modified Tue, 27 Dec 2022 13:45:55 GMT server LiteSpeed etag "3efc-63aaf713-843eb2f6a46b790e;;;" vary User-Agent content-type font/woff2 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 16124
GET H/1.1	200 OK	Gotham-Book.woff2 s499072.ha003.t.justns.ru/agrecolx/new/q99550/layouts/css/clientlib-resources/resources/fonts/gotham/	41 KB 41 KB	42ms 41ms	Font font/woff2	2a00:b700:5:100::109 ASBAXET
General Check archive.org Show headers Download Go to Full URL http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/layouts/css/clientlib-resources/resources/fonts/gotham/Gotham-Book.woff2 Requested by Host: s499072.ha003.t.justns.ru URL: http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/layouts/css/6997f510.css Protocol HTTP/1.1 Server 2a00:b700:5:100::109 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `3f51250e2d3ef478f59bc89cb67681b5ed423f8f8dc22062fb49e101e5032a2e` Request headers Referer http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/layouts/css/6997f510.css Origin http://s499072.ha003.t.justns.ru accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 28 Dec 2022 08:46:42 GMT last-modified Tue, 27 Dec 2022 13:45:55 GMT server LiteSpeed etag "a300-63aaf713-c2fba6bb5e8c665d;;;" vary User-Agent content-type font/woff2 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 41728
GET H/1.1	200 OK	Gotham-Bold.woff2 s499072.ha003.t.justns.ru/agrecolx/new/q99550/layouts/css/clientlib-resources/resources/fonts/gotham/	38 KB 39 KB	37ms 37ms	Font font/woff2	2a00:b700:5:100::109 ASBAXET
General Check archive.org Show headers Download Go to Full URL http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/layouts/css/clientlib-resources/resources/fonts/gotham/Gotham-Bold.woff2 Requested by Host: s499072.ha003.t.justns.ru URL: http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/layouts/css/6997f510.css Protocol HTTP/1.1 Server 2a00:b700:5:100::109 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `319881caca6f5f0d1e8e24040579d93386008e39dee1045965124b86303143e1` Request headers Referer http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/layouts/css/6997f510.css Origin http://s499072.ha003.t.justns.ru accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 28 Dec 2022 08:46:42 GMT last-modified Tue, 27 Dec 2022 13:45:55 GMT server LiteSpeed etag "9960-63aaf713-5fa86c6a03da83e2;;;" vary User-Agent content-type font/woff2 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 39264
GET H/1.1	200 OK	Gotham-Medium.woff2 s499072.ha003.t.justns.ru/agrecolx/new/q99550/layouts/css/clientlib-resources/resources/fonts/gotham/	41 KB 41 KB	37ms 36ms	Font font/woff2	2a00:b700:5:100::109 ASBAXET
General Check archive.org Show headers Download Go to Full URL http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/layouts/css/clientlib-resources/resources/fonts/gotham/Gotham-Medium.woff2 Requested by Host: s499072.ha003.t.justns.ru URL: http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/layouts/css/6997f510.css Protocol HTTP/1.1 Server 2a00:b700:5:100::109 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `ba17f8257b1f710aa0e7136f4bd4b91a9a7db4f9cac2c409caf8708a64787303` Request headers Referer http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/layouts/css/6997f510.css Origin http://s499072.ha003.t.justns.ru accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 28 Dec 2022 08:46:42 GMT last-modified Tue, 27 Dec 2022 13:45:55 GMT server LiteSpeed etag "a210-63aaf713-87f25838b1e43dd2;;;" vary User-Agent content-type font/woff2 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 41488
GET H/1.1	200 OK	Gotham-Light.woff2 s499072.ha003.t.justns.ru/agrecolx/new/q99550/layouts/css/clientlib-resources/resources/fonts/gotham/	39 KB 40 KB	73ms 36ms	Font font/woff2	2a00:b700:5:100::109 ASBAXET
General Check archive.org Show headers Download Go to Full URL http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/layouts/css/clientlib-resources/resources/fonts/gotham/Gotham-Light.woff2 Requested by Host: s499072.ha003.t.justns.ru URL: http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/layouts/css/6997f510.css Protocol HTTP/1.1 Server 2a00:b700:5:100::109 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `e266d1f2bcf1da0faff6964637fdcd9a4e47c50a7a56be74424f409f30c83c5e` Request headers Referer http://s499072.ha003.t.justns.ru/agrecolx/new/q99550/layouts/css/6997f510.css Origin http://s499072.ha003.t.justns.ru accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 28 Dec 2022 08:46:42 GMT last-modified Tue, 27 Dec 2022 13:45:55 GMT server LiteSpeed etag "9d58-63aaf713-ef946f0b6827b4e8;;;" vary User-Agent content-type font/woff2 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 40280

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Credit Agricole (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			webmaillive25s.somee.com/	1969-12-31 23:59:59	Name: ASPSESSIONIDSCBQDTST Value: PBOJDBACMOFDBJLDHODMLEKI
			s499072.ha003.t.justns.ru/	1969-12-31 23:59:59	Name: PHPSESSID Value: 962188c22a18ba91627942070f15ee4b

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

s499072.ha003.t.justns.ru
webmaillive25s.somee.com
155.254.244.35
2a00:b700:5:100::109
0093bc28c850f155462b7c8892fe1f840b4da40590a45fcab97e962ddb624606
2b4f1630e7cc5b5f4b6dd7b74888509cf60f756f29f3b4405cd0310c10155361
319881caca6f5f0d1e8e24040579d93386008e39dee1045965124b86303143e1
3f51250e2d3ef478f59bc89cb67681b5ed423f8f8dc22062fb49e101e5032a2e
4a3b0d2a941677f6fb37a438d20deacc3cea1d6fdc728f72cf3d7ca099cc0ca9
74a3ce7b4b1c07d85bfb5aeb0ec7c32914f348e7262e236271e135a991a61c3a
76155584344103aa0faa76819ed842f16b3ddb62f37d90b36549ac738404721b
91f03ca0626fae8c1f0ed8db8eb4df4b927071bc2f1f5cff4fbe1a97a2babfc3
9bb4610c3ddc9525d29ff78f9f0cec4030a0a827676ca144f0fdb1bef7e388ba
b0d0fd060b5941216accefc81d49a629aecacacd89ee7442be5981b430563906
ba17f8257b1f710aa0e7136f4bd4b91a9a7db4f9cac2c409caf8708a64787303
c4966ab5e78e2270952b89576c4a0a386e8a7ea673c56f0f396d620abf4f81b8
e266d1f2bcf1da0faff6964637fdcd9a4e47c50a7a56be74424f409f30c83c5e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

s499072.ha003.t.justns.ru Open in urlscan Pro 2a00:b700:5:100::109 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

0 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

659 kBTransfer

1770 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

2 Cookies

Indicators

s499072.ha003.t.justns.ru Open in urlscan Pro
2a00:b700:5:100::109 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

0 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

659 kB
Transfer

1770 kB
Size

2
Cookies

13 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!