jwllogic.com Open in urlscan Pro
43.240.65.71 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://jwllogic.com/
Submission: On September 13 via manual (September 13th 2023, 1:36:00 pm UTC) from IN — Scanned from DE

Summary HTTP 9 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 9 HTTP transactions. The main IP is 43.240.65.71, located in India and belongs to WEBWERKS-AS-IN Web Werks India Pvt. Ltd., IN. The main domain is jwllogic.com.

This is the only time jwllogic.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BNP Paribas (Banking)

Domain & IP information

	IP Address		AS Autonomous System
9	43.240.65.71 43.240.65.71		133296 (WEBWERKS-...) (WEBWERKS-AS-IN Web Werks India Pvt. Ltd.)
9	1

9 43.240.65.71 (India)

ASN133296 (WEBWERKS-AS-IN Web Werks India Pvt. Ltd., IN)
PTR: mercury.domainzguru.com

jwllogic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	jwllogic.com jwllogic.com	249 KB
9	1

	Domain	Requested by
9	jwllogic.com	jwllogic.com
9	1

This site contains links to these domains. Also see Links.

Domain
banking.bnl.it
bnl.it

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://jwllogic.com/
Frame ID: 6F0D62F7535064145F7A2E98D5E94BD6
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login

Page Statistics

9
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

249 kB
Transfer

631 kB
Size

1
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://banking.bnl.it/rsc/SupportingFiles/numero-cliente.gif
Title: Dove trovi il tuo numero Cliente

Search URL Search Domain Scan URL

URL: https://banking.bnl.it/rsc/SupportingFiles/pin.gif
Title: Dove trovi il PIN

Search URL Search Domain Scan URL

URL: https://banking.bnl.it/pubblica/RecuperoNumeroCliente
Title: Recupera Online il Numero Cliente

Search URL Search Domain Scan URL

URL: https://bnl.it/it/Individui-e-Famiglie/Internet-e-Mobile/Navigare-in-sicurezza
Title: Proteggiti dai virus e dalle frodi online

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
jwllogic.com/ 12 KB
4 KB 1437ms
491ms Document
text/html 43.240.65.71
WEBWERKS-AS-IN We...

General

Check archive.org

Show headers Download Go to

Full URL

http://jwllogic.com/

Protocol

HTTP/1.1

Server

43.240.65.71 , India, ASN133296 (WEBWERKS-AS-IN Web Werks India Pvt. Ltd., IN),

Reverse DNS

mercury.domainzguru.com

Software

Apache /

Resource Hash

161287fcdd46249457a9bf76572fb763527cbcd81df89ab0bafeac3786467ecb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: max-age=0, private, no-cache, no-store, must-revalidate
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 3081
Content-Type: text/html; charset=UTF-8
Date: Wed, 13 Sep 2023 13:35:50 GMT
Expires: 0
Keep-Alive: timeout=5, max=100
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Accept-Encoding,User-Agent

GET
H/1.1 200
OK hb-login.css
jwllogic.com/Login_files/ 7 KB
3 KB 195ms
194ms Stylesheet
text/css 43.240.65.71
WEBWERKS-AS-IN We...

General

Check archive.org

Show headers Download Go to

Full URL

http://jwllogic.com/Login_files/hb-login.css

Requested by

Host: jwllogic.com
URL: http://jwllogic.com/

Protocol

HTTP/1.1

Server

43.240.65.71 , India, ASN133296 (WEBWERKS-AS-IN Web Werks India Pvt. Ltd., IN),

Reverse DNS

mercury.domainzguru.com

Software

Apache /

Resource Hash

af24ef4420217bda0c18c7e44c0037cc8bad16c8148ae77689974502d6cfff7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://jwllogic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 13 Sep 2023 13:35:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip
Last-Modified: Tue, 12 Apr 2022 16:16:20 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=0, private, no-cache, no-store, must-revalidate
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 2125
Expires: 0

GET
H/1.1 200
OK clientlib-redational-page-login.min.css
jwllogic.com/Login_files/ 423 KB
53 KB 360ms
206ms Stylesheet
text/css 43.240.65.71
WEBWERKS-AS-IN We...

General

Check archive.org

Show headers Download Go to

Full URL

http://jwllogic.com/Login_files/clientlib-redational-page-login.min.css

Requested by

Host: jwllogic.com
URL: http://jwllogic.com/

Protocol

HTTP/1.1

Server

43.240.65.71 , India, ASN133296 (WEBWERKS-AS-IN Web Werks India Pvt. Ltd., IN),

Reverse DNS

mercury.domainzguru.com

Software

Apache /

Resource Hash

9bbcce28a99d5b02e2eb077eb0d7db919f3f4f8b7b8aa96f665fff4181ad6903

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://jwllogic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 13 Sep 2023 13:35:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip
Last-Modified: Tue, 01 Mar 2022 08:10:34 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=0, private, no-cache, no-store, must-revalidate
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 53416
Expires: 0

GET
H/1.1 200
OK logo.png
jwllogic.com/ 7 KB
7 KB 335ms
179ms Image
image/png 43.240.65.71
WEBWERKS-AS-IN We...

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://jwllogic.com/logo.png

Requested by

Host: jwllogic.com
URL: http://jwllogic.com/

Protocol

HTTP/1.1

Server

43.240.65.71 , India, ASN133296 (WEBWERKS-AS-IN Web Werks India Pvt. Ltd., IN),

Reverse DNS

mercury.domainzguru.com

Software

Apache /

Resource Hash

99543d933ae6c6b53aa79a42deb665f785cba48b798e0420ae34e835a588f018

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://jwllogic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 13 Sep 2023 13:35:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 01 Mar 2022 07:22:02 GMT
Server: Apache
Content-Type: image/png
Cache-Control: max-age=0, private, no-cache, no-store, must-revalidate
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 7254
Expires: 0

GET
H/1.1 200
OK alert2.png
jwllogic.com/Login_files/ 20 KB
20 KB 344ms
182ms Image
image/png 43.240.65.71
WEBWERKS-AS-IN We...

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://jwllogic.com/Login_files/alert2.png

Requested by

Host: jwllogic.com
URL: http://jwllogic.com/

Protocol

HTTP/1.1

Server

43.240.65.71 , India, ASN133296 (WEBWERKS-AS-IN Web Werks India Pvt. Ltd., IN),

Reverse DNS

mercury.domainzguru.com

Software

Apache /

Resource Hash

e4d615de09a41c8c2d8d395a3ab156ce9520a9fc96c23b1780bb2adab4292b67

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://jwllogic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 13 Sep 2023 13:35:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Wed, 14 Apr 2021 19:43:34 GMT
Server: Apache
Content-Type: image/png
Cache-Control: max-age=0, private, no-cache, no-store, must-revalidate
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 20545
Expires: 0

GET
H/1.1 200
OK login-button.png
jwllogic.com/css/gfx/ 975 B
1 KB 164ms
163ms Image
image/png 43.240.65.71
WEBWERKS-AS-IN We...

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://jwllogic.com/css/gfx/login-button.png

Requested by

Host: jwllogic.com
URL: http://jwllogic.com/Login_files/hb-login.css

Protocol

HTTP/1.1

Server

43.240.65.71 , India, ASN133296 (WEBWERKS-AS-IN Web Werks India Pvt. Ltd., IN),

Reverse DNS

mercury.domainzguru.com

Software

Apache /

Resource Hash

8cab5b8e34941f772d77479763c39a00082334338f96287b63c0ec33cc343696

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://jwllogic.com/Login_files/hb-login.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 13 Sep 2023 13:35:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 12 Apr 2022 16:14:04 GMT
Server: Apache
Content-Type: image/png
Cache-Control: max-age=0, private, no-cache, no-store, must-revalidate
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 975
Expires: 0

GET
H/1.1 200
OK bnpp-sans.woff
jwllogic.com/fonts/bnpp-sans/ 54 KB
54 KB 175ms
174ms Font
font/woff 43.240.65.71
WEBWERKS-AS-IN We...

General

Check archive.org

Show headers Download Go to

Full URL

http://jwllogic.com/fonts/bnpp-sans/bnpp-sans.woff

Requested by

Host: jwllogic.com
URL: http://jwllogic.com/Login_files/clientlib-redational-page-login.min.css

Protocol

HTTP/1.1

Server

43.240.65.71 , India, ASN133296 (WEBWERKS-AS-IN Web Werks India Pvt. Ltd., IN),

Reverse DNS

mercury.domainzguru.com

Software

Apache /

Resource Hash

3ad317867dbc668f3e6dacfa4c17870a9affaa520346201b394810564e214e7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: http://jwllogic.com/Login_files/clientlib-redational-page-login.min.css
Origin: http://jwllogic.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 13 Sep 2023 13:35:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip
Last-Modified: Tue, 01 Mar 2022 08:09:16 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: font/woff
Cache-Control: max-age=0, private, no-cache, no-store, must-revalidate
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 54639
Expires: 0

GET
H/1.1 200
OK bnpp-sans-light.woff
jwllogic.com/fonts/bnpp-sans/ 53 KB
53 KB 169ms
168ms Font
font/woff 43.240.65.71
WEBWERKS-AS-IN We...

General

Check archive.org

Show headers Download Go to

Full URL

http://jwllogic.com/fonts/bnpp-sans/bnpp-sans-light.woff

Requested by

Host: jwllogic.com
URL: http://jwllogic.com/Login_files/clientlib-redational-page-login.min.css

Protocol

HTTP/1.1

Server

43.240.65.71 , India, ASN133296 (WEBWERKS-AS-IN Web Werks India Pvt. Ltd., IN),

Reverse DNS

mercury.domainzguru.com

Software

Apache /

Resource Hash

d9356a502a3e4c129bfddb49268c0531dc91c92a868f600cbe322cfa11e68cba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: http://jwllogic.com/Login_files/clientlib-redational-page-login.min.css
Origin: http://jwllogic.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 13 Sep 2023 13:35:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip
Last-Modified: Tue, 01 Mar 2022 08:09:18 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: font/woff
Cache-Control: max-age=0, private, no-cache, no-store, must-revalidate
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 53915
Expires: 0

GET
H/1.1 200
OK bnpp-sans-bold.woff
jwllogic.com/fonts/bnpp-sans/ 54 KB
54 KB 178ms
177ms Font
font/woff 43.240.65.71
WEBWERKS-AS-IN We...

General

Check archive.org

Show headers Download Go to

Full URL

http://jwllogic.com/fonts/bnpp-sans/bnpp-sans-bold.woff

Requested by

Host: jwllogic.com
URL: http://jwllogic.com/Login_files/clientlib-redational-page-login.min.css

Protocol

HTTP/1.1

Server

43.240.65.71 , India, ASN133296 (WEBWERKS-AS-IN Web Werks India Pvt. Ltd., IN),

Reverse DNS

mercury.domainzguru.com

Software

Apache /

Resource Hash

80bf8cdea9bc8b01b1b12f18210a7eb3b5f30fefa0d9f9209813d9f9cfe6e39e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: http://jwllogic.com/Login_files/clientlib-redational-page-login.min.css
Origin: http://jwllogic.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 13 Sep 2023 13:35:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip
Last-Modified: Tue, 01 Mar 2022 08:09:18 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: font/woff
Cache-Control: max-age=0, private, no-cache, no-store, must-revalidate
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 54755
Expires: 0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BNP Paribas (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			jwllogic.com/	1970-01-21 00:19:32	Name: COOKIE_KEY Value: 169461215087

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

jwllogic.com
43.240.65.71
161287fcdd46249457a9bf76572fb763527cbcd81df89ab0bafeac3786467ecb
3ad317867dbc668f3e6dacfa4c17870a9affaa520346201b394810564e214e7c
80bf8cdea9bc8b01b1b12f18210a7eb3b5f30fefa0d9f9209813d9f9cfe6e39e
8cab5b8e34941f772d77479763c39a00082334338f96287b63c0ec33cc343696
99543d933ae6c6b53aa79a42deb665f785cba48b798e0420ae34e835a588f018
9bbcce28a99d5b02e2eb077eb0d7db919f3f4f8b7b8aa96f665fff4181ad6903
af24ef4420217bda0c18c7e44c0037cc8bad16c8148ae77689974502d6cfff7d
d9356a502a3e4c129bfddb49268c0531dc91c92a868f600cbe322cfa11e68cba
e4d615de09a41c8c2d8d395a3ab156ce9520a9fc96c23b1780bb2adab4292b67

jwllogic.com Open in urlscan Pro 43.240.65.71 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

9 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

249 kBTransfer

631 kBSize

1 Cookies

4 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

jwllogic.com Open in urlscan Pro
43.240.65.71 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

249 kB
Transfer

631 kB
Size

1
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!