a0308362.xsph.ru
Open in
urlscan Pro
2a0a:2b43:be:84ab::
Malicious Activity!
Public Scan
Effective URL: http://a0308362.xsph.ru/ssl/html/css/account/fr/c3be785eb52a722c0ecd51800efb17de/
Submission: On June 05 via api from BE
Summary
This is the only time a0308362.xsph.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BNP Paribas (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2a00:b700::6:b 2a00:b700::6:b | 51659 (ASBAXET) (ASBAXET) | |
1 | 82.98.151.218 82.98.151.218 | 42612 (DINAHOSTI...) (DINAHOSTING-AS) | |
2 29 | 2a0a:2b43:be:... 2a0a:2b43:be:84ab:: | 35278 (SPRINTHOST) (SPRINTHOST) | |
29 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
29 |
xsph.ru
2 redirects
a0308362.xsph.ru |
353 KB |
1 |
matronasgalegas.org
matronasgalegas.org |
342 B |
1 |
justns.ru
u397141r48.ha002.t.justns.ru |
405 B |
29 | 3 |
Domain | Requested by | |
---|---|---|
29 | a0308362.xsph.ru |
2 redirects
matronasgalegas.org
a0308362.xsph.ru |
1 | matronasgalegas.org |
u397141r48.ha002.t.justns.ru
|
1 | u397141r48.ha002.t.justns.ru | |
29 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
toutsurmabanque.bnpparibas.net |
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://a0308362.xsph.ru/ssl/html/css/account/fr/c3be785eb52a722c0ecd51800efb17de/
Frame ID: 8B3F2DD6293B9D975A3F5E5B902BA68A
Requests: 29 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://u397141r48.ha002.t.justns.ru/d.php Page URL
- http://matronasgalegas.org/mail/jkl/dr.php Page URL
-
http://a0308362.xsph.ru/ssl/html/css/account/fr/
HTTP 302
http://a0308362.xsph.ru/ssl/html/css/account/fr/c3be785eb52a722c0ecd51800efb17de HTTP 301
http://a0308362.xsph.ru/ssl/html/css/account/fr/c3be785eb52a722c0ecd51800efb17de/ Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
LiteSpeed (Web Servers) Expand
Detected patterns
- headers server /^LiteSpeed$/i
Webtrends (Analytics) Expand
Detected patterns
- env /^(?:WTOptimize|WebTrends)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- env /^jQuery$/i
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Title: toutsurmabanque.bnpparibas.net
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://u397141r48.ha002.t.justns.ru/d.php Page URL
- http://matronasgalegas.org/mail/jkl/dr.php Page URL
-
http://a0308362.xsph.ru/ssl/html/css/account/fr/
HTTP 302
http://a0308362.xsph.ru/ssl/html/css/account/fr/c3be785eb52a722c0ecd51800efb17de HTTP 301
http://a0308362.xsph.ru/ssl/html/css/account/fr/c3be785eb52a722c0ecd51800efb17de/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
29 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
d.php
u397141r48.ha002.t.justns.ru/ |
262 B 405 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dr.php
matronasgalegas.org/mail/jkl/ |
118 B 342 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
a0308362.xsph.ru/ssl/html/css/account/fr/c3be785eb52a722c0ecd51800efb17de/ Redirect Chain
|
16 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
context.css
a0308362.xsph.ru/ssl/html/css/account/fr/c3be785eb52a722c0ecd51800efb17de/ |
2 KB 956 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mediaelementplayer.min.css
a0308362.xsph.ru/ssl/html/css/account/fr/c3be785eb52a722c0ecd51800efb17de/ |
10 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sitefactory.css
a0308362.xsph.ru/ssl/html/css/account/fr/c3be785eb52a722c0ecd51800efb17de/ |
338 B 643 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
base.css
a0308362.xsph.ru/ssl/html/css/account/fr/c3be785eb52a722c0ecd51800efb17de/ |
209 KB 39 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
base-blessed2.css
a0308362.xsph.ru/ssl/html/css/account/fr/c3be785eb52a722c0ecd51800efb17de/ |
279 KB 50 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
base-blessed1.css
a0308362.xsph.ru/ssl/html/css/account/fr/c3be785eb52a722c0ecd51800efb17de/ |
271 KB 56 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fix.css
a0308362.xsph.ru/ssl/html/css/account/fr/c3be785eb52a722c0ecd51800efb17de/ |
22 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.11.0.min.js
a0308362.xsph.ru/ssl/html/css/account/fr/c3be785eb52a722c0ecd51800efb17de/ |
285 KB 93 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
webtrends.min.js
a0308362.xsph.ru/ssl/html/css/account/fr/c3be785eb52a722c0ecd51800efb17de/ |
24 KB 9 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
k-50634415037854521327874135539749512918.jpg
a0308362.xsph.ru/ssl/html/css/account/fr/c3be785eb52a722c0ecd51800efb17de/ |
6 KB 6 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bnp-alone.png
a0308362.xsph.ru/ssl/html/css/account/fr/c3be785eb52a722c0ecd51800efb17de/ |
21 KB 21 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bnpp_sans-webfont-webfont.woff2
a0308362.xsph.ru/rsc/contrib/css/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bnpp_type_regular_v2-webfont.woff
a0308362.xsph.ru/rsc/contrib/css/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-print.png
a0308362.xsph.ru/rsc/contrib/image/generique/ |
312 B 312 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bnpp_sans_cond_light_v2-webfont.woff
a0308362.xsph.ru/rsc/contrib/css/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sprite-form.png
a0308362.xsph.ru/ssl/html/css/account/fr/c3be785eb52a722c0ecd51800efb17de/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bnpp_type_bold_v2-webfont.woff
a0308362.xsph.ru/rsc/contrib/css/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
iconbnp.woff
a0308362.xsph.ru/rsc/contrib/css/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bnpp_type_regular_v2-webfont.ttf
a0308362.xsph.ru/rsc/contrib/css/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bnpp_sans-webfont-webfont.woff
a0308362.xsph.ru/rsc/contrib/css/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
iconbnp.ttf
a0308362.xsph.ru/rsc/contrib/css/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bnpp_type_bold_v2-webfont.ttf
a0308362.xsph.ru/rsc/contrib/css/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bnpp_sans_cond_light_v2-webfont.ttf
a0308362.xsph.ru/rsc/contrib/css/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bnpp_type_regular_v2-webfont.woff
a0308362.xsph.ru/ssl/html/css/account/fr/c3be785eb52a722c0ecd51800efb17de/ |
32 KB 32 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bnpp_sans-webfont-webfont.ttf
a0308362.xsph.ru/rsc/contrib/css/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bnpp_sans_cond_light_v2-webfont.woff
a0308362.xsph.ru/ssl/html/css/account/fr/c3be785eb52a722c0ecd51800efb17de/ |
22 KB 23 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BNP Paribas (Banking)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery function| tagguageNext function| dcsMultiTrack object| Webtrends object| WebTrends function| pass0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
a0308362.xsph.ru
matronasgalegas.org
u397141r48.ha002.t.justns.ru
2a00:b700::6:b
2a0a:2b43:be:84ab::
82.98.151.218
05a96d3c82e726b193863c1a105080c6baa37d5c46ee634cdbaf2756dbefbc1b
06962aa750f90e7e738a1ef7dc67ff056a9e227405752104d80751826550afa1
1a2c0603e8ba42c388ce99053ec229e2afb93edfb04f9f953839754c4cafc56f
22c25085a03fbeed8af4e41182c62cd0da50422dc50d0d3412db01c994313ad8
2c9fcbc478926bbf06f295e7fb557d06f78e808b51dd7e467934a52f6e28da5a
4e404ccb5453a9dcecbc823a34b93fcb0db5b2aad04750dd4a639f8ff3010b6a
5cfcd47c763f59b765edf88bf251164a95e5e1dbcb5ad4e031a6460a2409d73c
5d77a2b7eaeb6e21059e45fb20e1556d7196a34d37458c69c660a392337df378
6935aeee017a8da33fa52da1dd852fef33fbd73bc1a07279da5f12a193ed2313
7765b30f55d23c1e9b5da76e6b4bb7129665b9fb7e0ff1f949f51d74a22f93be
8a5914aa91aff6db50981ac794d68b868dfecf6909305ab6c568466faa49d366
a61bfde1efc9877eabae1d452793bd754a9c9c2e0e5193514a5ec0374380d50f
b23d3e1f7eff8da99ca6ff524c1498f55e42dc7e6f67ea833db8bb62b31574d8
b3756223d5d5410775e3f0daf42cfecf36e82441f039a01b15e187a6f016cb0b
d9d598cd1a5e0e93b2676575d2e965bc7ea19bb66dea851cad4e4f5c355e0370
dad6e9329fe15375945974ea923f85cb44d6ef7615225e38adbe344f7fcb28c4
e3ac60ade5c6aae37d57cfc3ba1e09480bbc483253e275b00f3022f4da31408d