supportclient.justns.ru
Open in
urlscan Pro
2a00:b700:5:100::106
Malicious Activity!
Public Scan
Submitted URL: https://t.co/UWyngblYY8
Effective URL: http://supportclient.justns.ru/e/e/u/p/files/login/login.php
Submission: On March 22 via api from JP — Scanned from JP
Effective URL: http://supportclient.justns.ru/e/e/u/p/files/login/login.php
Submission: On March 22 via api from JP — Scanned from JP
Summary
This website contacted 5 IPs
in 2 countries
across 3 domains to perform 23 HTTP transactions.
The main IP is 2a00:b700:5:100::106, located in
Russian Federation and
belongs to ASBAXET, RU.
The main domain is supportclient.justns.ru.
This is the only time supportclient.justns.ru was scanned on urlscan.io!
This is the only time supportclient.justns.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banque Postale (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 | 104.244.42.5 104.244.42.5 | 13414 (TWITTER) (TWITTER) | |
| 1 | 23.99.2.41 23.99.2.41 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
| 1 17 | 2a00:b700:5:1... 2a00:b700:5:100::106 | 51659 (ASBAXET) (ASBAXET) | |
| 3 | 91.229.90.150 91.229.90.150 | () () | |
| 23 | 5 |
1
23.99.2.41
(San Jose, United States)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
| innovationendeavorsindia.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 20 |
justns.ru
1 redirects
supportclient.justns.ru |
169 KB |
| 1 |
innovationendeavorsindia.com
innovationendeavorsindia.com |
575 B |
| 1 |
t.co
t.co — Cisco Umbrella Rank: 507 |
751 B |
| 23 | 3 |
| Domain | Requested by | |
|---|---|---|
| 20 | supportclient.justns.ru |
1 redirects
supportclient.justns.ru
|
| 1 | innovationendeavorsindia.com |
t.co
|
| 1 | t.co | |
| 23 | 3 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| t.co DigiCert TLS RSA SHA256 2020 CA1 |
2022-12-25 - 2023-12-25 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://supportclient.justns.ru/e/e/u/p/files/login/login.php
Frame ID: B8810E5A07436A17FB04574BF3A77676
Requests: 23 HTTP requests in this frame
Screenshot
Page Title
BienvenuePage URL History Show full URLs
- https://t.co/UWyngblYY8 Page URL
- http://innovationendeavorsindia.com/wp-admin/css/yt.html Page URL
-
http://supportclient.justns.ru/e/e/u/p/files/
HTTP 302
http://supportclient.justns.ru/e/e/u/p/files/login/login.php Page URL
Detected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
Bootstrap
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://t.co/UWyngblYY8 Page URL
- http://innovationendeavorsindia.com/wp-admin/css/yt.html Page URL
-
http://supportclient.justns.ru/e/e/u/p/files/
HTTP 302
http://supportclient.justns.ru/e/e/u/p/files/login/login.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
UWyngblYY8
t.co/ |
364 B 751 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
yt.html
innovationendeavorsindia.com/wp-admin/css/ |
214 B 575 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
login.php
supportclient.justns.ru/e/e/u/p/files/login/ Redirect Chain
|
10 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bootstrap.min.css
supportclient.justns.ru/e/e/u/p/files/assets/css/ |
152 KB 30 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
helpers.css
supportclient.justns.ru/e/e/u/p/files/assets/css/ |
41 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
fonts.css
supportclient.justns.ru/e/e/u/p/files/assets/css/ |
2 KB 750 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
main.css
supportclient.justns.ru/e/e/u/p/files/assets/css/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
top-header-left.png
supportclient.justns.ru/e/e/u/p/files/assets/images/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
top-header-left2.png
supportclient.justns.ru/e/e/u/p/files/assets/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
top-header-right.png
supportclient.justns.ru/e/e/u/p/files/assets/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
header-left.png
supportclient.justns.ru/e/e/u/p/files/assets/images/ |
13 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo.png
supportclient.justns.ru/e/e/u/p/files/assets/images/ |
8 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
header-right.png
supportclient.justns.ru/e/e/u/p/files/assets/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
header-right2.png
supportclient.justns.ru/e/e/u/p/files/assets/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
header-right3.png
supportclient.justns.ru/e/e/u/p/files/assets/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
footer.png
supportclient.justns.ru/e/e/u/p/files/assets/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.min.js
supportclient.justns.ru/e/e/u/p/files/assets/js/ |
86 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
popper.min.js
supportclient.justns.ru/e/e/u/p/files/assets/js/ |
20 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bootstrap.min.js
supportclient.justns.ru/e/e/u/p/files/assets/js/ |
133 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
fontawesome.min.js
supportclient.justns.ru/e/e/u/p/files/assets/js/ |
180 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
main.js
supportclient.justns.ru/e/e/u/p/files/assets/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
secure-asterisk.woff
supportclient.justns.ru/e/e/u/p/files/assets/fonts/ |
3 KB 3 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
content.png
supportclient.justns.ru/e/e/u/p/files/assets/images/ |
128 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- supportclient.justns.ru
- URL
- http://supportclient.justns.ru/e/e/u/p/files/assets/images/footer.png
- Domain
- supportclient.justns.ru
- URL
- http://supportclient.justns.ru/e/e/u/p/files/assets/js/main.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banque Postale (Banking)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .t.co/ | Name: muc Value: 03292b98-5f99-43ae-b343-a618926a04c6 |
|
| .t.co/ | Name: muc_ads Value: 03292b98-5f99-43ae-b343-a618926a04c6 |
|
| supportclient.justns.ru/ | Name: PHPSESSID Value: fca518091cdea77285cb00564cfd86c4 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Content-Security-Policy | referrer always; |
| Strict-Transport-Security | max-age=0 |
| X-Xss-Protection | 0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
innovationendeavorsindia.com
supportclient.justns.ru
t.co
supportclient.justns.ru
104.244.42.5
23.99.2.41
2a00:b700:5:100::106
91.229.90.150
004c0d90d64d9266498f39a020a0a6fe4110b94f8447daea5b1373d3e7934aad
0dd849048e70df88521b2ce7b61042f506518938f4c504eb248198fbe652ec2d
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a
2caa6404ddb0de2b9d191b1e2c8b5c35c68ca48f2a9521140bbf83b27c063700
315ac5479007d2e864a4b51f505fd0785ebbbe931a6b511467fa49504a082c58
37a288f0c7a73fecda634b2262ba8d7c23953e2268aa9a6dabc21955b5a174e9
5b6cd7b81854519965959d1549226e565a77de441a694df48579868348513d21
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
6c9f3bd3803218c842991179eaef618f5aa1519551360e1834fda108ad5c68cc
a4592a42945beac4574095cb95f96f482116e2076a20f1ef8629a6021a643f6a
ace0ff01bcbf27edbdf4dc42ffe01db57990ec904be88083c7541457d2175395
c6573f8959e56e6a621715af791a527f3da7dc0c1abd9377b83f991ccc85a91c
c83e6ec9b5ceece6db819192b3f6f877fc64296b1ed27ec5b53cc5c4d86f8ab4
c96109fef3e6ae0c4dffe3fcc9026352c44a2147b9fd2c4d6e08d32cdcf2641f
cc0b81d5e663b8abed0d6035739f40950ae99bcabb9a88f1e92eb910ae769cea
dc76d1d3963947047b414b58209d235ff6e36043fe66514606a260a8c3d96cb0
f209ec1d94d89a8fa9cdadffa82ac9f6bb696687d21caaf0a15007199fdbcbfc
f839760d1621714efedeb3eb08b25e619812dcc33d77aceb0daf405ac727a765