u61458349m.ha004.t.justns.ru
Open in
urlscan Pro
2a00:b700::12
Malicious Activity!
Public Scan
Effective URL: http://u61458349m.ha004.t.justns.ru/sa/bc7f013e43fc5879b1b88d29c4cfb86f/
Submission Tags: @ipnigh
Submission: On February 24 via api from GB
Summary
This is the only time u61458349m.ha004.t.justns.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Credit Agricole (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 2606:4700:303... 2606:4700:3036::681b:8bfa | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 13.70.82.195 13.70.82.195 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
2 20 | 2a00:b700::12 2a00:b700::12 | 51659 (ASBAXET) (ASBAXET) | |
20 | 3 |
ASN13335 (CLOUDFLARENET, US)
www.hcmc100e.info | |
hcmc100e.info |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.oxfordlawyers.com.au |
Apex Domain Subdomains |
Transfer | |
---|---|---|
20 |
justns.ru
2 redirects
u61458349m.ha004.t.justns.ru |
141 KB |
2 |
hcmc100e.info
1 redirects
www.hcmc100e.info hcmc100e.info |
826 B |
1 |
oxfordlawyers.com.au
www.oxfordlawyers.com.au |
649 B |
20 | 3 |
Domain | Requested by | |
---|---|---|
20 | u61458349m.ha004.t.justns.ru |
2 redirects
www.oxfordlawyers.com.au
u61458349m.ha004.t.justns.ru |
1 | www.oxfordlawyers.com.au |
hcmc100e.info
|
1 | hcmc100e.info | |
1 | www.hcmc100e.info | 1 redirects |
20 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://u61458349m.ha004.t.justns.ru/sa/bc7f013e43fc5879b1b88d29c4cfb86f/
Frame ID: E81657B2B3605107D101B5A12F93618A
Requests: 20 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://www.hcmc100e.info/oslo/
HTTP 301
http://hcmc100e.info/oslo/ Page URL
- http://www.oxfordlawyers.com.au/wp-content/_/att/ Page URL
-
http://u61458349m.ha004.t.justns.ru/sa/
HTTP 302
http://u61458349m.ha004.t.justns.ru/sa/bc7f013e43fc5879b1b88d29c4cfb86f HTTP 301
http://u61458349m.ha004.t.justns.ru/sa/bc7f013e43fc5879b1b88d29c4cfb86f/ Page URL
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.hcmc100e.info/oslo/
HTTP 301
http://hcmc100e.info/oslo/ Page URL
- http://www.oxfordlawyers.com.au/wp-content/_/att/ Page URL
-
http://u61458349m.ha004.t.justns.ru/sa/
HTTP 302
http://u61458349m.ha004.t.justns.ru/sa/bc7f013e43fc5879b1b88d29c4cfb86f HTTP 301
http://u61458349m.ha004.t.justns.ru/sa/bc7f013e43fc5879b1b88d29c4cfb86f/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://www.hcmc100e.info/oslo/ HTTP 301
- http://hcmc100e.info/oslo/
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
hcmc100e.info/oslo/ Redirect Chain
|
119 B 406 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
www.oxfordlawyers.com.au/wp-content/_/att/ |
109 B 649 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
u61458349m.ha004.t.justns.ru/sa/bc7f013e43fc5879b1b88d29c4cfb86f/ Redirect Chain
|
16 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
antiquus.css
u61458349m.ha004.t.justns.ru/sa/bc7f013e43fc5879b1b88d29c4cfb86f/img/ |
26 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.css
u61458349m.ha004.t.justns.ru/sa/bc7f013e43fc5879b1b88d29c4cfb86f/img/ |
83 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles-mod.css
u61458349m.ha004.t.justns.ru/sa/bc7f013e43fc5879b1b88d29c4cfb86f/img/ |
15 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2.PNG
u61458349m.ha004.t.justns.ru/sa/bc7f013e43fc5879b1b88d29c4cfb86f/img/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
4.PNG
u61458349m.ha004.t.justns.ru/sa/bc7f013e43fc5879b1b88d29c4cfb86f/img/ |
80 KB 80 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1.PNG
u61458349m.ha004.t.justns.ru/sa/bc7f013e43fc5879b1b88d29c4cfb86f/img/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
point_transp.gif
u61458349m.ha004.t.justns.ru/sa/bc7f013e43fc5879b1b88d29c4cfb86f/img/ |
87 B 437 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
3.PNG
u61458349m.ha004.t.justns.ru/sa/bc7f013e43fc5879b1b88d29c4cfb86f/img/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
u61458349m.ha004.t.justns.ru/sa/bc7f013e43fc5879b1b88d29c4cfb86f/ |
16 KB 5 KB |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
u61458349m.ha004.t.justns.ru/sa/bc7f013e43fc5879b1b88d29c4cfb86f/ |
16 KB 5 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main_repeat.png
u61458349m.ha004.t.justns.ru/sa/bc7f013e43fc5879b1b88d29c4cfb86f/img/ |
396 B 396 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
entete_light.png
u61458349m.ha004.t.justns.ru/sa/bc7f013e43fc5879b1b88d29c4cfb86f/img/ |
397 B 397 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main_haut.png
u61458349m.ha004.t.justns.ru/sa/bc7f013e43fc5879b1b88d29c4cfb86f/img/ |
394 B 394 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bloc_arrond_bas.png
u61458349m.ha004.t.justns.ru/sa/bc7f013e43fc5879b1b88d29c4cfb86f/img/ |
400 B 400 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bloc_arrond_haut.png
u61458349m.ha004.t.justns.ru/sa/bc7f013e43fc5879b1b88d29c4cfb86f/img/ |
401 B 401 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg_form.png
u61458349m.ha004.t.justns.ru/sa/bc7f013e43fc5879b1b88d29c4cfb86f/img/ |
392 B 392 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
thead.png
u61458349m.ha004.t.justns.ru/sa/bc7f013e43fc5879b1b88d29c4cfb86f/img/ |
390 B 390 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Credit Agricole (Banking)47 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate string| OS string| Version number| posOS number| posOS2 function| setSize function| clicPosition undefined| code undefined| pos_der_code undefined| affiche_code function| effacer function| cocherCase function| corriger string| path_static string| path_dynamic string| caisse function| raf string| urlappli string| urlapplisecu function| ValidCertif function| ValidCertifSecu string| statusconfirmer string| statusannuler string| statusaide string| statuscondjur string| statusdemo string| statuscompte string| statuscode string| statuscorriger string| statusclavnum string| statusrecom string| App number| Nav_sup boolean| browserOK boolean| browserOK1 boolean| browserOK2 function| ouvrePOPUP function| ouvreassistance function| ouvreFenetre function| validation function| isNumerique function| isAlphaNum string| srcLien string| srcPuceLien string| yesno string| authentif0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
hcmc100e.info
u61458349m.ha004.t.justns.ru
www.hcmc100e.info
www.oxfordlawyers.com.au
13.70.82.195
2606:4700:3036::681b:8bfa
2a00:b700::12
031f38b7966f2765a5b1a08609e521ee6bc94e00f5fd7666c044b3832f661783
081cb90dffbc24d43385cd7b06e9f243db89d2d17f0a4919954688b8b6ebcbdf
0a197e786ee8b74c872aeb69a671e47bf759bc2fd6db7f3101b93162bfe656dd
2683fba7cb1a08e283ce4e36c30da6b0fb637805500ce1fbdc273e3dc6aa31e7
76eaaed7f8d34114a96e41e0a09fe413af01e3ba19e7ded995d2652181b5a541
781db5e17b6d128f0a4f3eba5c30930b5be71c7e5e168dcbe55e06d13ea2bc10
7a1a0dc539a9129f3ce1a26e7598a54217d8c8c0291f1a267976dcdad89bbe57
7b2736d09d34494af3490ed5a4c14776f2c9f1c72e58f9c2ea692d17c1eb5311
86bc2146488b90478afff59b9888670d7df15b37ed69c10d00fee9247a03554c
8b6fca4d9badf5635b11bc74efb65467923a39059f5786181ce7803d9853f302
93c14a18bf17e789c6ff56c7058ff4c3442803c533cf3384be0a352a54fac0ee
981fc6bc288f27176dfd0511a1ca0e867bf6f63e6e04c076afbb9fe4fdf180af
a5c171953807186c09c88facb9fa374b3b3b7464802bab6ce14c3568c3850efc
af03fd5bbea38498f45dade415005c9bc1b63261411b5e6a2f4e83ed52c0c55e
dbfbcbafd2d82f705eb25d811a858ffe6affa7aced9d4c0e0fb826637c8c0e3d
e6ebd97ad66c3f6d4d2e43ffa5f601d8d8b3a4b110b4d359c3524a3403f31290