hjfurtt.icu
Open in
urlscan Pro
43.134.24.226
Malicious Activity!
Public Scan
Effective URL: https://hjfurtt.icu/qa/
Submission: On July 14 via api from US — Scanned from SG
Summary
TLS certificate: Issued by R10 on July 11th 2024. Valid for: 3 months.
This is the only time hjfurtt.icu was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Posten Norge (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 28 | 43.134.24.226 43.134.24.226 | 132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building) | |
27 | 1 |
ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)
hjfurtt.icu |
Apex Domain Subdomains |
Transfer | |
---|---|---|
28 |
hjfurtt.icu
1 redirects
hjfurtt.icu |
427 KB |
27 | 1 |
Domain | Requested by | |
---|---|---|
28 | hjfurtt.icu |
1 redirects
hjfurtt.icu
|
27 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.posten.no |
id.posten.no |
adressesok.posten.no |
www.postennorge.no |
www.bring.no |
Subject Issuer | Validity | Valid | |
---|---|---|---|
hjfurtt.icu R10 |
2024-07-11 - 2024-10-09 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://hjfurtt.icu/qa/
Frame ID: 0AC86D55AA58A8A3C69E20AE40479B13
Requests: 27 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://hjfurtt.icu/qa?qfi=vaxorbbluu//qa//qa//qa/qa//qa/qa//qa//qa//qa/qa//qa/qa//qa//qa//qa//q...
HTTP 307
https://hjfurtt.icu/qa?qfi=vaxorbbluu//qa//qa//qa/qa//qa/qa//qa//qa//qa/qa//qa/qa//qa//qa//qa//q... HTTP 301
https://hjfurtt.icu/qa/ Page URL
Detected technologies
Socket.io (JavaScript Frameworks) ExpandDetected patterns
- socket\.io.*\.js
Vue.js (JavaScript Frameworks) Expand
Detected patterns
- <[^>]+\sdata-v(?:ue)?-
Page Statistics
36 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Min sideMin side
Search URL Search Domain Scan URL
Title: Finn oss på kartet
Search URL Search Domain Scan URL
Title: Posten-appen
Search URL Search Domain Scan URL
Title: Frimerker til samling
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://hjfurtt.icu/qa?qfi=vaxorbbluu//qa//qa//qa/qa//qa/qa//qa//qa//qa/qa//qa/qa//qa//qa//qa//qa/qa//qa/qa//qa//qa//qa//qa//qa//qa//qa/qa//qa//qa//qa//qa//qa//qa//qa//qa//qa//qa/qa
HTTP 307
https://hjfurtt.icu/qa?qfi=vaxorbbluu//qa//qa//qa/qa//qa/qa//qa//qa//qa/qa//qa/qa//qa//qa//qa//qa/qa//qa/qa//qa//qa//qa//qa//qa//qa//qa/qa//qa//qa//qa//qa//qa//qa//qa//qa//qa//qa/qa HTTP 301
https://hjfurtt.icu/qa/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
27 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
hjfurtt.icu/qa/ Redirect Chain
|
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index-2b607a54.js
hjfurtt.icu/qa/assets/ |
492 KB 147 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
f6170fbb8K8a8.css
hjfurtt.icu/qa/assets/ |
952 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
86fb1c54Gtm45.js
hjfurtt.icu/qa/assets/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
404e4081Gtm45.js
hjfurtt.icu/qa/assets/ |
52 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
hjfurtt.icu/ |
2 KB 2 KB |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
6c0c2ba6Gtm45.js
hjfurtt.icu/qa/assets/ |
35 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
09bf01f8Gtm45.js
hjfurtt.icu/qa/assets/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
d7d29c13Gtm45.js
hjfurtt.icu/qa/assets/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
05a624e3Gtm45.js
hjfurtt.icu/qa/assets/ |
268 KB 68 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
c27b6911Gtm45.js
hjfurtt.icu/qa/assets/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
f79ade9a8K8a8.css
hjfurtt.icu/qa/assets/ |
63 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
a5cbd326Gtm45.js
hjfurtt.icu/qa/assets/ |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
4cd1ec688K8a8.css
hjfurtt.icu/qa/assets/ |
323 B 650 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
MC41MzMzNTAwMDU2MzkyODky
hjfurtt.icu/api/ |
744 B 989 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
f015c267Gtm45.js
hjfurtt.icu/qa/assets/ |
111 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
hjfurtt.icu/socket.io/ |
118 B 339 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
9330262fGtm45.js
hjfurtt.icu/qa/assets/ |
113 KB 36 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
f4397ced8K8a8.css
hjfurtt.icu/qa/assets/ |
400 B 727 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
/
hjfurtt.icu/socket.io/ |
2 B 205 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
hjfurtt.icu/socket.io/ |
32 B 252 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1b92491b8K8a8.woff2
hjfurtt.icu/qa/assets/ |
29 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
34ba719e8K8a8.woff2
hjfurtt.icu/qa/assets/ |
29 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
882f8e268K8a8.woff2
hjfurtt.icu/qa/assets/ |
28 KB 28 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
hjfurtt.icu/socket.io/ |
58 B 278 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
/
hjfurtt.icu/socket.io/ |
2 B 205 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
MC44MTYwOTg4NzQ4NDY4MDU3
hjfurtt.icu/api/ |
36 B 279 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Posten Norge (Transportation)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| IMask boolean| __vite_is_modern_browser boolean| __VUE__0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
hjfurtt.icu
43.134.24.226
029c08135e2d8a6a7bd45d9a1b1ea495472f3acc982d7c22a6c9213a4bc17fab
1b92491bfcbb457aa48f6c9b6adf0f4a6be0fd6594634126b7788919bd3b734d
1ce60f33656166f6f93c1e21159c075728791cd596b436a9665b4bfa47031baf
1ea46b40d487c1def9f26f8d1b3718f68ae40e8c2cbe353a99517b65ff6d082d
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2a450a6571e55ac331095260bddaa346cfceed542eea819e961a053f8f9df198
31dad312efd9d4b9c5446408f6aa09635210684425c4e0e7488e7c6537e19bf5
34ba719e7f615b8acccbbb7deff55e38e8d5a71234d7d459ddb816340b2cd970
3d41dd19eb7790b3b3b5b282e47ae75f9aa3b456df9a442b2ab23a84182c692d
4cd1ec684ce1c4f864a8e95f9f7695c7f708160192531ff8e55fc5023abf5b64
4f9c82f60c67eeeca1aa2a4aa8b7f7b63d127765d18bfe4e16e9a8a44f2e26c1
588315e332e64ef9e95cfb8710001251a3a03d1b846a2bd764ecdc24d244e061
58becf67b9ddbe9ae289c2c2b54cea624439e9530645518dba52b6f5e7cd0f18
5b0e1e22e63182f7a5b40dd06487af6bf7010f680798f6ef128f36aa0cd6fc7c
882f8e26a41744d760948be6d84613b5485f83a9ccaf16aa64401dfc2a99e5a7
920a9fe48c93a7f341142cc08d720a55cb333e561f0ded48799881c90b475501
9b33771f461a537e0f8675d3fc297c67e592cba811af36bf71f4a0297c4c104f
d3f292e1e0313f78382e3b5b5300734fa37a8a98cc774b151e34d85b4bf2057b
ddd3675ab5401d6880021a9fc960413f2aa9ae31aeaa40aa546f7fee2056a2f8
e47d150209ff0a7c7b0bc61990cc6b77e865b4b1584d84b2bdba97b137c0ffa1
e6797326dabcb03f5cdeeab1eb4da6c7bb8938440831f7932096408322c3abda
ef938fc71f2ec8f401bb73043ebe43242fe31b2e0ccf8849afb18a2d08f2812c
f4397ced557e01524d17b5d0988131cbf8b4c9cb5af39749e74e3671b8eb1917
f6170fbbee0af98d737510b5689b31d78cf4e9a152590e594175b79212210911
f79ade9aafe0d8cd39a9958ae3f77a578b38c8373211f15fac848b9e9331ac23
fbd70a79ec6210b8cda6e368824de44d4fcec0863463e683592a9b6fa82951a0