kajuh.online
Open in
urlscan Pro
45.94.31.20
Malicious Activity!
Public Scan
Submission: On March 27 via api from US — Scanned from US
Summary
TLS certificate: Issued by R3 on March 19th 2024. Valid for: 3 months.
This is the only time kajuh.online was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Scotiabank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
10 | 45.94.31.20 45.94.31.20 | 210558 (SERVICES-...) (SERVICES-1337-GMBH 1337-SERVICES-GMBH-NETWORK) | |
5 | 151.101.66.132 151.101.66.132 | 54113 (FASTLY) (FASTLY) | |
1 | 2600:9000:26a... 2600:9000:26a0:a400:10:fcf8:9540:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
5 | 2600:9000:26a... 2600:9000:26a0:cc00:d:e6dd:f300:21 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a04:4e42:200... 2a04:4e42:200::649 | 54113 (FASTLY) (FASTLY) | |
1 | 2600:9000:244... 2600:9000:244d:e200:a:6cdf:4440:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2600:9000:26a... 2600:9000:26a0:a400:1e:54f1:26c0:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2600:9000:269... 2600:9000:269f:cc00:13:ab57:d440:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 34.248.174.25 34.248.174.25 | 16509 (AMAZON-02) (AMAZON-02) | |
27 | 10 |
ASN210558 (SERVICES-1337-GMBH 1337-SERVICES-GMBH-NETWORK, DE)
kajuh.online |
ASN16509 (AMAZON-02, US)
bioprotect-js.scotiabankcolpatria.com |
ASN16509 (AMAZON-02, US)
dlslhpkfqfglo.cloudfront.net |
ASN16509 (AMAZON-02, US)
1.a79ab95c1589a13f8a4cab612bc71f9f7.com |
ASN16509 (AMAZON-02, US)
1.b406929acabac9b095f124c81bdfcf57f.com |
ASN16509 (AMAZON-02, US)
1.c81358859121583b7adf2ace89cb39f44.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-174-25.eu-west-1.compute.amazonaws.com
csf-09ccb1d22fba07df184c19f086a24262.memcyco.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
kajuh.online
kajuh.online |
3 KB |
5 |
cloudfront.net
dlslhpkfqfglo.cloudfront.net |
714 KB |
5 |
agilitycms.com
cdn.agilitycms.com — Cisco Umbrella Rank: 198368 |
68 KB |
1 |
memcyco.com
csf-09ccb1d22fba07df184c19f086a24262.memcyco.com — Cisco Umbrella Rank: 753963 |
|
1 |
c81358859121583b7adf2ace89cb39f44.com
1.c81358859121583b7adf2ace89cb39f44.com — Cisco Umbrella Rank: 24602 |
|
1 |
b406929acabac9b095f124c81bdfcf57f.com
1.b406929acabac9b095f124c81bdfcf57f.com — Cisco Umbrella Rank: 24633 |
|
1 |
a79ab95c1589a13f8a4cab612bc71f9f7.com
1.a79ab95c1589a13f8a4cab612bc71f9f7.com — Cisco Umbrella Rank: 24652 |
|
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 744 |
31 KB |
1 |
scotiabankcolpatria.com
bioprotect-js.scotiabankcolpatria.com — Cisco Umbrella Rank: 657207 |
132 KB |
27 | 9 |
Domain | Requested by | |
---|---|---|
10 | kajuh.online |
kajuh.online
|
5 | dlslhpkfqfglo.cloudfront.net |
kajuh.online
dlslhpkfqfglo.cloudfront.net code.jquery.com |
5 | cdn.agilitycms.com |
kajuh.online
|
1 | csf-09ccb1d22fba07df184c19f086a24262.memcyco.com |
dlslhpkfqfglo.cloudfront.net
|
1 | 1.c81358859121583b7adf2ace89cb39f44.com |
bioprotect-js.scotiabankcolpatria.com
|
1 | 1.b406929acabac9b095f124c81bdfcf57f.com |
bioprotect-js.scotiabankcolpatria.com
|
1 | 1.a79ab95c1589a13f8a4cab612bc71f9f7.com |
bioprotect-js.scotiabankcolpatria.com
|
1 | code.jquery.com |
kajuh.online
|
1 | bioprotect-js.scotiabankcolpatria.com |
kajuh.online
|
27 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
kajuh.online R3 |
2024-03-19 - 2024-06-17 |
3 months | crt.sh |
cdn.agilitycms.com Certainly Intermediate R1 |
2024-03-10 - 2024-04-09 |
a month | crt.sh |
bioprotect-js.scotiabankcolpatria.com Entrust Certification Authority - L1K |
2023-03-29 - 2024-04-29 |
a year | crt.sh |
*.cloudfront.net Amazon RSA 2048 M01 |
2023-10-10 - 2024-09-19 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
*.a79ab95c1589a13f8a4cab612bc71f9f7.com Sectigo RSA Domain Validation Secure Server CA |
2023-03-26 - 2024-04-04 |
a year | crt.sh |
*.b406929acabac9b095f124c81bdfcf57f.com Sectigo RSA Domain Validation Secure Server CA |
2023-04-02 - 2024-04-07 |
a year | crt.sh |
*.c81358859121583b7adf2ace89cb39f44.com Sectigo RSA Domain Validation Secure Server CA |
2023-04-02 - 2024-04-07 |
a year | crt.sh |
*.memcyco.com Amazon RSA 2048 M03 |
2024-02-25 - 2025-03-25 |
a year | crt.sh |
This page contains 5 frames:
Primary Page:
https://kajuh.online/frankl1/home/loading.php
Frame ID: D0566AFAC6DF03CA8293FC69B62CF27B
Requests: 23 HTTP requests in this frame
Frame:
https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
Frame ID: 13D79476C42E3168FB642F7456D6FCB4
Requests: 1 HTTP requests in this frame
Frame:
https://1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
Frame ID: A2FAB821E10394578B972F0B0CFD941A
Requests: 1 HTTP requests in this frame
Frame:
https://1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
Frame ID: F8B4E5AB56F9D83EC37BE1AF7561B1D8
Requests: 1 HTTP requests in this frame
Frame:
https://csf-09ccb1d22fba07df184c19f086a24262.memcyco.com/cdn/cd/csframe.html
Frame ID: 74A386A944F57C88B869C73D8B8BC3B9
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Scotiabank Colpatria | Banca virtualDetected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/ns\.html[^>]+></iframe>
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
27 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
loading.php
kajuh.online/frankl1/home/ |
7 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fpd2.js
cdn.agilitycms.com/scotiabank-colombia/Colpatria/digital/vendors/uat/ |
142 KB 46 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
772742e3.js
bioprotect-js.scotiabankcolpatria.com/scripts/c9a01b2f/ |
792 KB 132 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mutha-scotiacol-wrapper.js
dlslhpkfqfglo.cloudfront.net/cdn/ca/ |
5 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
scotiabank-colpatria-red.svg
cdn.agilitycms.com/scotiabank-colombia/canvas/svgs/logos/ |
12 KB 12 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
scotiabank-colpatria-symbol-red.svg
cdn.agilitycms.com/scotiabank-colombia/canvas/svgs/logos/ |
2 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-graphic.svg
cdn.agilitycms.com/scotiabank-colombia/Colpatria/digital/jump/img/ |
7 KB 7 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
runtime.19def48f8354eacf.js
kajuh.online/banca-virtual/login/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
polyfills.f114ba30045df78c.js
kajuh.online/banca-virtual/login/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.f8334f52506a36c8.js
kajuh.online/banca-virtual/login/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
EPAEB
kajuh.online/tw9Dh6ubveUWu/L0vGwGI/9l-LA_I/cED92tkhz1ESQi/VGB1VA/NiRPVRA/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.4.min.js
code.jquery.com/ |
88 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
redirect.js
kajuh.online/banca-virtual/assets/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.c034836b240571d9.css
kajuh.online/banca-virtual/login/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Scotia_W_Rg.a53c6af4aaff8c13.woff
kajuh.online/banca-virtual/login/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
78dfb220-9feb-4a28-a024-f97af99ededb
https://kajuh.online/ |
185 KB 0 |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Scotia_W_Rg.bb5cf5215aeee399.woff2
kajuh.online/banca-virtual/login/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.1.min.js
dlslhpkfqfglo.cloudfront.net/cdn/ca/ |
2 MB 704 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Scotia_W_Rg
cdn.agilitycms.com/scotiabank-colombia/canvas/fonts/ |
0 0 |
Font
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
crossdomain.html
1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/ Frame 13D7 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
crossdomain.html
1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/ Frame A2FA |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
crossdomain.html
1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/ Frame F8B4 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gpk
dlslhpkfqfglo.cloudfront.net/cdn/cd/ |
767 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
csframe.html
csf-09ccb1d22fba07df184c19f086a24262.memcyco.com/cdn/cd/ Frame 74A3 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
kajuh.online/banca-virtual/login/ |
808 B 501 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
gwf
dlslhpkfqfglo.cloudfront.net/cdn/cd/ |
7 KB 6 KB |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
l
dlslhpkfqfglo.cloudfront.net/cdn/cd/ |
88 B 578 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Scotiabank (Banking)41 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onpagereveal object| cdwpb object| cdApi function| $ function| jQuery object| MPFingerprintV2 object| core object| __core-js_shared__ object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill function| ft_0v string| ft_0c string| ft_0d string| ft_0g function| ft_0b object| ft_0h string| ft_0i string| ft_0j boolean| ft_0k object| ft_0l object| ft_0m string| ft_0n boolean| ft_0o string| ft_0p function| ft_0r function| ft_0s function| ft_0a function| ft_0t object| localforage object| KJUR function| JSEncrypt object| CryptoJS function| UAParser function| lTa function| interact6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.kajuh.online/ | Name: cdContextId Value: 1 |
|
.kajuh.online/ | Name: bmuid Value: 1711548330908-61F8804B-C317-42FB-AD3A-6EAE84EA9272 |
|
dlslhpkfqfglo.cloudfront.net/ | Name: aphishCookie-1711541768942-SCOTIACOL Value: Xw7seFv9NyV8V70EWiKpLovbFXJn8ScUbhiHcn54UzhqT6Sg0m |
|
kajuh.online/ | Name: UUID Value: 56015c6899ffe0e05fdcadba19e2c563 |
|
.kajuh.online/ | Name: cdSNum Value: 1711548331208-sjn0000987-dc653069-a5ba-46d3-b842-a9fbabfade11 |
|
csf-09ccb1d22fba07df184c19f086a24262.memcyco.com/ | Name: AWSALBCORS Value: ZrhWq1vt6CqZscIXkcsB/xm3xVqX1XBibc/RONHolB9rdnCsb3S5nbgssdJFLd+b5WKNQyfDHczebKFgjc1/tMSHmFwtwERH4zQRLdTemGcngSm3RhONX3J/dL7a |
14 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
1.a79ab95c1589a13f8a4cab612bc71f9f7.com
1.b406929acabac9b095f124c81bdfcf57f.com
1.c81358859121583b7adf2ace89cb39f44.com
bioprotect-js.scotiabankcolpatria.com
cdn.agilitycms.com
code.jquery.com
csf-09ccb1d22fba07df184c19f086a24262.memcyco.com
dlslhpkfqfglo.cloudfront.net
kajuh.online
151.101.66.132
2600:9000:244d:e200:a:6cdf:4440:93a1
2600:9000:269f:cc00:13:ab57:d440:93a1
2600:9000:26a0:a400:10:fcf8:9540:93a1
2600:9000:26a0:a400:1e:54f1:26c0:93a1
2600:9000:26a0:cc00:d:e6dd:f300:21
2a04:4e42:200::649
34.248.174.25
45.94.31.20
192acd11e276a8a6131abbf54aa56e6563eaf3203ea4b7394ad2c88227e358b8
2933c5c27784b1869ba9534af1f8ebd72d151dd5a7e581b588d5a36406c8956e
43f986395b3119e935b8ae6a3232de11889edaa53f9f9a3511f8f835a0ca122c
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
ac806024bf637652f42ce05f6a2b6762a514ffa54b7941b969b029b0973d17f5
ad87fcc75a5b176a8f725361c241389baa21dc0a4db8f087c922a8df01bd2f94
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
beab811f20a879752ac194f25647dfd1f29d4b5f180837ef021bcf5eb6efd47b
beec4c3b339f4d6fb16af3e9be281ce288353c5316a51d9606be478ea69e2356
c05d656b9ddc5394a7d681e07bdf8ecd1aef787cfc0c00efeca6f9284bc17b41
c1137f6bd91195f0d9d569d2cfec0db245c557e96b6e257eb0d824ec42071585
e7aba9689263f48d33a2429262ec7d86d744570af557e350401a407b3381424d
ef4c2a3aa09d2ad0e90c9042f4922bb36c9998b3226f09e43a4cba6830f9f779
f0f46d954b7acd5da9f900e7716087c88de3d1e3652b373e7be5362d57feb6a3