hagni.com
Open in
urlscan Pro
66.147.244.132
Malicious Activity!
Public Scan
Effective URL: https://hagni.com/paribas/bp/public/bnp/
Submission: On December 03 via manual from HK
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on November 11th 2019. Valid for: 3 months.
This is the only time hagni.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BNP Paribas (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 219.90.65.110 219.90.65.110 | 18229 (CTRLS-AS-...) (CTRLS-AS-IN CtrlS Datacenters Ltd.) | |
19 | 66.147.244.132 66.147.244.132 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer) | |
20 | 2 |
ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN)
PTR: ns5.tecz.com
gtcfoods.com |
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: box832.bluehost.com
hagni.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
hagni.com
hagni.com |
284 KB |
2 |
gtcfoods.com
1 redirects
gtcfoods.com |
592 B |
20 | 2 |
Domain | Requested by | |
---|---|---|
19 | hagni.com |
hagni.com
|
2 | gtcfoods.com | 1 redirects |
20 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
gtcfoods.com cPanel, Inc. Certification Authority |
2019-10-25 - 2020-01-23 |
3 months | crt.sh |
johnsonfinancial.co Let's Encrypt Authority X3 |
2019-11-11 - 2020-02-09 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://hagni.com/paribas/bp/public/bnp/
Frame ID: EE3B2C003947A2D86B09575556F7D029
Requests: 20 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://gtcfoods.com/wp-content/plugins/07
HTTP 301
https://gtcfoods.com/wp-content/plugins/07/ Page URL
- https://hagni.com/paribas/bp/public/bnp/ Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
- script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://gtcfoods.com/wp-content/plugins/07
HTTP 301
https://gtcfoods.com/wp-content/plugins/07/ Page URL
- https://hagni.com/paribas/bp/public/bnp/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://gtcfoods.com/wp-content/plugins/07 HTTP 301
- https://gtcfoods.com/wp-content/plugins/07/
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
gtcfoods.com/wp-content/plugins/07/ Redirect Chain
|
88 B 328 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
hagni.com/paribas/bp/public/bnp/ |
586 B 466 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.css
hagni.com/paribas/bp/public/bnp/ |
312 B 334 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.1.11.1.min.js
hagni.com/paribas/bp/public/bnp/ |
94 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
hagni.com/paribas/bp/public/bnp/ |
1 KB 739 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loading.gif
hagni.com/paribas/bp/public/bnp/ |
43 KB 43 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
hagni.com/paribas/bp/public/bnp/xd/css/ |
54 B 200 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
hagni.com/paribas/bp/public/bnp/xd/css/ |
119 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
marco.css
hagni.com/paribas/bp/public/bnp/xd/css/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
hagni.com/paribas/bp/public/bnp/xd/js/ |
86 KB 35 KB |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
hagni.com/paribas/bp/public/bnp/xd/js/ |
37 KB 12 KB |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
marco.js
hagni.com/paribas/bp/public/bnp/xd/js/ |
7 KB 2 KB |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
hagni.com/paribas/bp/public/bnp/xd/img/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hd_right.png
hagni.com/paribas/bp/public/bnp/xd/img/ |
779 B 914 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
but.png
hagni.com/paribas/bp/public/bnp/xd/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg.png
hagni.com/paribas/bp/public/bnp/xd/img/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
a1.png
hagni.com/paribas/bp/public/bnp/xd/img/ |
25 KB 25 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
del.png
hagni.com/paribas/bp/public/bnp/xd/img/ |
681 B 816 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
body_right.png
hagni.com/paribas/bp/public/bnp/xd/img/ |
39 KB 39 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ft1.png
hagni.com/paribas/bp/public/bnp/xd/img/ |
49 KB 49 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BNP Paribas (Banking)22 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery string| jib_js string| jib_css string| root object| jib_1 object| jib_2 object| jib_3 object| jib_4 object| jib_5 object| jib_6 function| hot_dakchi object| jQuery111106260677000892205 function| hena2 function| hoho function| copie function| postih function| hena function| del1 function| del20 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
gtcfoods.com
hagni.com
219.90.65.110
66.147.244.132
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
1c3b08ddec28a1d74aa14850e94b2718956f724d4b7ffa188fd7a6b9fb481a7e
1f429f4e2829515fb4ff9b67d875c2d023f08610e15a049ac0976715dd02182a
25570d0fc53834e629beceb67d346a89ef36b3c7504d7f3fbdeb71dcc4db2ced
2eec44f76e5ad803d6a3d20c7e7c7a13cbfab23f991ab161b0510d9536925e66
310be02c30e9bdb846328d10d61d43013ccc26304439883f96544fc576c76a6c
3915497a9073a8d75f85b5e386e925b2ccc655c7f01a012cdbab740b8f7ad275
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
556a9cc7c1f8f7ce99f46be62e1f47c701d6377673616bfee0abaa3d999c7786
62a1eed2558f27c39c3f6ae0792b7f73c5e0cc3dd321a16a1ee9e1e6bdfa03df
6505dca4dcff5a4899a58ce70689d5fc22432877ba1ff919cf855c98c9798c3a
909ae563eb34f7e4285a3a643ab5d7c21c5e6a80f3f455b949ac45f08d0389b4
9284721e69b8c4488ecbf5a4a154e4dbb77220a542815c8d49e87841da2de3ea
a6f5010674a070304b66116cec0dc18cd32b3f55d1581d69114fc5af3c48a450
b06872ee8144aefc2797d282fa3765758b94f8c46588cd9a88fcdecfc1a40eee
beea046c7750529d08eae144556a0e8e132359a367aa2f465a8a34c8ce9bc302
ceebd2064bd5c965a4ee672d19e6919ad15a12965d05107e220cd6127d4579f8
e6027df8328b850d886411107f24076c956192ca5bd1ef23819c770987388aad
f34309e45583d8c54bcc497c0c2fac913d5a196c95b59c41c80f4ba03e29880e