risha.com
Open in
urlscan Pro
209.182.201.221
Malicious Activity!
Public Scan
Submission: On March 20 via api from US — Scanned from US
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on January 26th 2024. Valid for: 3 months.
This is the only time risha.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Juno (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 209.182.201.221 209.182.201.221 | 22611 (INMOTION) (INMOTION) | |
9 | 64.136.45.68 64.136.45.68 | 13446 (AS-NETZERO) (AS-NETZERO) | |
1 | 64.136.53.83 64.136.53.83 | 13446 (AS-NETZERO) (AS-NETZERO) | |
1 | 64.136.45.178 64.136.45.178 | 13446 (AS-NETZERO) (AS-NETZERO) | |
1 | 64.136.53.32 64.136.53.32 | 13446 (AS-NETZERO) (AS-NETZERO) | |
13 | 5 |
ASN13446 (AS-NETZERO, US)
PTR: webmail.vgs.netzero.net
webmail.uolstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
juno.com
account.juno.com store.juno.com track.juno.com — Cisco Umbrella Rank: 229216 |
49 KB |
1 |
uolstatic.com
webmail.uolstatic.com — Cisco Umbrella Rank: 253546 |
33 KB |
1 |
risha.com
risha.com |
7 KB |
13 | 3 |
Domain | Requested by | |
---|---|---|
9 | account.juno.com |
risha.com
account.juno.com |
1 | track.juno.com |
risha.com
|
1 | store.juno.com |
risha.com
|
1 | webmail.uolstatic.com |
risha.com
|
1 | risha.com | |
13 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.juno.com |
store.juno.com |
my.juno.com |
account.juno.com |
www.untd.com |
www.netzero.net |
www.mysite.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
risha.com cPanel, Inc. Certification Authority |
2024-01-26 - 2024-04-25 |
3 months | crt.sh |
account.juno.com Go Daddy Secure Certificate Authority - G2 |
2023-07-07 - 2024-07-19 |
a year | crt.sh |
webmail.netzero.net Go Daddy Secure Certificate Authority - G2 |
2023-07-12 - 2024-08-12 |
a year | crt.sh |
store.juno.com Go Daddy Secure Certificate Authority - G2 |
2023-05-10 - 2024-05-22 |
a year | crt.sh |
track.netzero.net Go Daddy Secure Certificate Authority - G2 |
2023-09-14 - 2024-09-25 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://risha.com/wwjuno/8lw0fqqxIdzzsYM1ylS9zoiHh3NrEqK31J5o0op5JOIRTyRbeDHgIKwxKVpkRkOQoryoWamvdpn/
Frame ID: E0BB537C7C3B1F898D87B25D2C834451
Requests: 13 HTTP requests in this frame
Screenshot
Page Title
Juno - My Account - Value-priced Internet Service Provider - ISP - Free, low-cost and fast Internet AccessDetected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
14 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: SUPPORT
Search URL Search Domain Scan URL
Title: sign in issues
Search URL Search Domain Scan URL
Title: Juno Store
Search URL Search Domain Scan URL
Title: My Juno
Search URL Search Domain Scan URL
Title: My Account
Search URL Search Domain Scan URL
Title: Our Services
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Title: Your Privacy Rights
Search URL Search Domain Scan URL
Title: About Ads
Search URL Search Domain Scan URL
Title: Terms of Service
Search URL Search Domain Scan URL
Title: United Online
Search URL Search Domain Scan URL
Title: NetZero
Search URL Search Domain Scan URL
Title: MySite
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
risha.com/wwjuno/8lw0fqqxIdzzsYM1ylS9zoiHh3NrEqK31J5o0op5JOIRTyRbeDHgIKwxKVpkRkOQoryoWamvdpn/ |
18 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common-j.css
account.juno.com/static/account/view/css/ |
52 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jQuery.js
webmail.uolstatic.com/js_c/l/jq/1.12.4/ |
95 KB 33 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.dcjqaccordion.2.7.min.js
account.juno.com/static/account/view/js/ |
7 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common.js
account.juno.com/static/account/view/js/ |
120 KB 24 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
j_logo-black.gif
account.juno.com/static/account/view/img/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
j_sign-in-btn.gif
account.juno.com/static/account/view/img/ |
2 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
j_signin-issue.gif
account.juno.com/static/account/view/img/ |
470 B 988 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
j_netzero-store.gif
account.juno.com/static/account/view/img/ |
402 B 920 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common-print.css
account.juno.com/static/account/view/css/ |
388 B 794 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
event.do
store.juno.com/account/ |
43 B 692 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pv
track.juno.com/s/ |
43 B 506 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
j_header-keyline.gif
account.juno.com/static/account/view/img/ |
1 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Juno (Telecommunication)129 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
string| brandLetterLC function| $ function| jQuery string| href undefined| buttonLocation boolean| flagBills boolean| handsetUsage boolean| buttonShippingStauts boolean| errorFlag boolean| errorFlag1 boolean| errorFlag2 function| getCookieValue function| getCookieDomain function| setCookieValue object| d boolean| safari function| gebtn function| check_it function| turn_radio function| reverse function| logonValidate function| TabNext function| getAbsDimension function| showTip function| hideTip function| showEstimated function| showUPS function| collapseSummary function| changeSliderLight function| changeSliderWarp function| vpnAlertOverlay function| displayOrderCdOverlay function| displayTollfreeOverlay function| showUpgradeOverlay function| showDatashieldCancelOverlay function| showPaypalCancelOverlay function| helpNumbersOverlay function| showUmwb function| displayOverlay function| updateOverlayContent function| showConfOverlayContent function| showLoadingOverlay function| hideOverlay function| goToUrl function| selectTab function| changeClass function| addEvent function| removeEvent function| getIfrDoc function| setIfrHeight function| getQueryString function| createDateinJS function| updateSelectListValue function| ReloadUsage function| setIframeHeight function| setDynIframeHeight function| changePaymentInfo function| secretAnswerPop function| pwdStrengthPop function| pwdStrengthPopN function| faqPop function| rulesPop function| softwarePop function| securePop function| securePopEpay function| securePopN function| editRhinobootAddress function| tosbillingauthpop function| rights function| termsOfServicePop function| termsOfServiceEpay function| getEmailaddress function| submitForm function| pageWidth function| pageHeight function| getScrollX function| getScrollY undefined| tooltipTimer function| hideToolTip function| displayToolTipPrevious function| displayToolTipOutstanding function| findPosX function| findPosY function| onlyCaptcha function| positionOverlay function| getPageSize function| getPageScroll string| phoneNumber string| areacode string| prefix string| suffix function| addErrorPhone function| phoneNoFormat function| phoneNoFormat1 function| myErrorHandler string| store function| popup string| overridePageName object| member object| session object| order function| rememberJN boolean| pseudo_jn object| nz boolean| jn object| env string| pagename string| myRefcd string| memberId function| trkEvent function| Set_Cookie function| Get_Cookie string| params2Str object| temp string| servlet string| refcd string| cf string| flowid string| serverType string| omEnv string| pname boolean| track object| pagesToTrack undefined| offer undefined| device undefined| notes function| testForMSIE927917 function| logPageView object| jQuery11240219852930001585230 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
account.juno.com
risha.com
store.juno.com
track.juno.com
webmail.uolstatic.com
209.182.201.221
64.136.45.178
64.136.45.68
64.136.53.32
64.136.53.83
002518b99d4b6301e81eed98543c9f8a8b459fca4222810b257ec5a24b7f606a
00d1f131e5622864f1b4eba30e315b6184dfb1f3ae452873c6da030084965c78
0856a6dd32e4bb7283e9ee5a16864a3455a483c53d9b3132852b910f2929a7b9
2b4c6e154d4ce8a1a4d4970dcddb078f1d6480a8cd31d31a5db1e655435adfd4
4b1ee66aad85ced7b58203a3847a0aefe850678211a0fed613687a49e5d29694
5c5ac9a525fc89deff94641d337c75cf84ea8ec106d9bdbcb99453d3931adc68
83e8763c495ec64bcd1fda5113b5cb349eb7b2cd541a57ff102167a7c13deec6
8612f65941164b6564d4e374615270c7442da86e95220b564a3817c93ee201e9
a5e76956ee90e7bd8734dff6e2318022cd07e21425c0f58e2590563fb412f9a7
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b5e27fd7a1e52a127c658e4f6dab7986ba6efee03075fe387143608f82afd1c4
f5e6b14721cde30c590db55c88cb4ad24b5770e406b8af6a330828a40ad78156