u655503dsr.ha004.t.justns.ru

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 6 HTTP transactions. The main IP is 2a00:b700::12, located in Russian Federation and belongs to ASBAXET, RU. The main domain is u655503dsr.ha004.t.justns.ru.

This is the only time u655503dsr.ha004.t.justns.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Societe Generale (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	192.210.213.120 192.210.213.120	36352 (AS-COLOCR...) (AS-COLOCROSSING)
3 9	2a00:b700::12 2a00:b700::12	51659 (ASBAXET) (ASBAXET)
6	1

1 192.210.213.120 (Buffalo, United States) 1 redirects

ASN36352 (AS-COLOCROSSING, US)
PTR: 192-210-213-120-host.colocrossing.com

www.gamedeveloperunion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:b700::12 (Russian Federation) 3 redirects

ASN51659 (ASBAXET, RU)

u655503dsr.ha004.t.justns.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	justns.ru 3 redirects u655503dsr.ha004.t.justns.ru	530 KB
1	gamedeveloperunion.com 1 redirects www.gamedeveloperunion.com	271 B
6	2

	Domain	Requested by
9	u655503dsr.ha004.t.justns.ru	3 redirects u655503dsr.ha004.t.justns.ru
1	www.gamedeveloperunion.com	1 redirects
6	2

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://u655503dsr.ha004.t.justns.ru/sgbaonline.com/6c5c0/
Frame ID: A74E8B36D2D472D9F50926E80F54FE90
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.gamedeveloperunion.com/ HTTP 301
http://u655503dsr.ha004.t.justns.ru/sgbaonline.com HTTP 301
http://u655503dsr.ha004.t.justns.ru/sgbaonline.com/ HTTP 302
http://u655503dsr.ha004.t.justns.ru/sgbaonline.com/6c5c0 HTTP 301
http://u655503dsr.ha004.t.justns.ru/sgbaonline.com/6c5c0/ Page URL

Detected technologies

LiteSpeed (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^LiteSpeed$/i

Page Statistics

6
Requests

0 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

529 kB
Transfer

531 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.gamedeveloperunion.com/ HTTP 301
http://u655503dsr.ha004.t.justns.ru/sgbaonline.com HTTP 301
http://u655503dsr.ha004.t.justns.ru/sgbaonline.com/ HTTP 302
http://u655503dsr.ha004.t.justns.ru/sgbaonline.com/6c5c0 HTTP 301
http://u655503dsr.ha004.t.justns.ru/sgbaonline.com/6c5c0/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response u655503dsr.ha004.t.justns.ru/sgbaonline.com/6c5c0/ Redirect Chain http://www.gamedeveloperunion.com/ http://u655503dsr.ha004.t.justns.ru/sgbaonline.com http://u655503dsr.ha004.t.justns.ru/sgbaonline.com/ http://u655503dsr.ha004.t.justns.ru/sgbaonline.com/6c5c0 http://u655503dsr.ha004.t.justns.ru/sgbaonline.com/6c5c0/	3 KB 1 KB	41ms 40ms	Document text/html	2a00:b700::12 ASBAXET
General Check archive.org Show headers Download Go to Full URL http://u655503dsr.ha004.t.justns.ru/sgbaonline.com/6c5c0/ Protocol HTTP/1.1 Server 2a00:b700::12 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `b78801ed2d3e871e4666ccf564cbc8d84f7a759a8b4d90c81122cc9d49b906c7` Request headers Host u655503dsr.ha004.t.justns.ru Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Connection Keep-Alive Content-Type text/html Last-Modified Mon, 27 Apr 2020 00:38:14 GMT Etag "c3a-5ea62976-abd3434ba8dc65b7;gz" Accept-Ranges bytes Transfer-Encoding chunked Content-Encoding gzip Vary Accept-Encoding,User-Agent Date Mon, 27 Apr 2020 00:38:14 GMT Server LiteSpeed Redirect headers Connection Keep-Alive Content-Type text/html Content-Length 706 Date Mon, 27 Apr 2020 00:38:14 GMT Server LiteSpeed Location http://u655503dsr.ha004.t.justns.ru/sgbaonline.com/6c5c0/ Vary User-Agent
GET H/1.1	200 OK	styles.css u655503dsr.ha004.t.justns.ru/sgbaonline.com/6c5c0/	3 KB 1 KB	41ms 40ms	Stylesheet text/css	2a00:b700::12 ASBAXET
General Check archive.org Show headers Download Go to Full URL http://u655503dsr.ha004.t.justns.ru/sgbaonline.com/6c5c0/styles.css Requested by Host: u655503dsr.ha004.t.justns.ru URL: http://u655503dsr.ha004.t.justns.ru/sgbaonline.com/6c5c0/ Protocol HTTP/1.1 Server 2a00:b700::12 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `853f7ccbfc6e49745afe885dadfb0d01522eac59449a12a11be7aadf91cc5505` Request headers Referer http://u655503dsr.ha004.t.justns.ru/sgbaonline.com/6c5c0/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 27 Apr 2020 00:38:14 GMT Content-Encoding gzip Last-Modified Mon, 27 Apr 2020 00:38:14 GMT Server LiteSpeed Etag "ba7-5ea62976-12001a2352a2260c;gz" Vary Accept-Encoding,User-Agent Content-Type text/css Cache-Control public, max-age=604800 Transfer-Encoding chunked Connection Keep-Alive Accept-Ranges bytes Expires Mon, 04 May 2020 00:38:14 GMT
GET H/1.1	200 OK	rules.js Show response u655503dsr.ha004.t.justns.ru/sgbaonline.com/6c5c0/	600 B 746 B	82ms 40ms	Script application/javascript	2a00:b700::12 ASBAXET
General Check archive.org Show headers Download Go to Full URL http://u655503dsr.ha004.t.justns.ru/sgbaonline.com/6c5c0/rules.js Requested by Host: u655503dsr.ha004.t.justns.ru URL: http://u655503dsr.ha004.t.justns.ru/sgbaonline.com/6c5c0/ Protocol HTTP/1.1 Server 2a00:b700::12 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `600b42b51a3a0ecb121e710e814428f907f6b120fb3b0e30ea18c740f2f81f15` Request headers Referer http://u655503dsr.ha004.t.justns.ru/sgbaonline.com/6c5c0/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 27 Apr 2020 00:38:14 GMT Content-Encoding gzip Last-Modified Mon, 27 Apr 2020 00:38:14 GMT Server LiteSpeed Etag "258-5ea62976-ef5732382380fa23;gz" Vary Accept-Encoding,User-Agent Content-Type application/javascript Cache-Control public, max-age=604800 Transfer-Encoding chunked Connection Keep-Alive Accept-Ranges bytes Expires Mon, 04 May 2020 00:38:14 GMT
GET H/1.1	200 OK	Calque0.png u655503dsr.ha004.t.justns.ru/sgbaonline.com/6c5c0/images/	496 KB 496 KB	40ms 40ms	Image image/png	2a00:b700::12 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL http://u655503dsr.ha004.t.justns.ru/sgbaonline.com/6c5c0/images/Calque0.png Requested by Host: u655503dsr.ha004.t.justns.ru URL: http://u655503dsr.ha004.t.justns.ru/sgbaonline.com/6c5c0/ Protocol HTTP/1.1 Server 2a00:b700::12 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `6add86b7892a1dc7812a805d8a6a7dda6812cab926c34ae6736b38b906199369` Request headers Referer http://u655503dsr.ha004.t.justns.ru/sgbaonline.com/6c5c0/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 27 Apr 2020 00:38:14 GMT Last-Modified Mon, 27 Apr 2020 00:38:14 GMT Server LiteSpeed Etag "7c03f-5ea62976-823515283d58c510;;;" Vary User-Agent Content-Type image/png Cache-Control public, max-age=604800 Connection Keep-Alive Accept-Ranges bytes Content-Length 507967 Expires Mon, 04 May 2020 00:38:14 GMT
GET H/1.1	200 OK	nb.png u655503dsr.ha004.t.justns.ru/sgbaonline.com/6c5c0/images/	28 KB 29 KB	41ms 40ms	Image image/png	2a00:b700::12 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL http://u655503dsr.ha004.t.justns.ru/sgbaonline.com/6c5c0/images/nb.png Requested by Host: u655503dsr.ha004.t.justns.ru URL: http://u655503dsr.ha004.t.justns.ru/sgbaonline.com/6c5c0/ Protocol HTTP/1.1 Server 2a00:b700::12 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `9d8ee6c4ab82a90f9d583826eab568446e49767dca51b484f39e36fa736b18fd` Request headers Referer http://u655503dsr.ha004.t.justns.ru/sgbaonline.com/6c5c0/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 27 Apr 2020 00:38:14 GMT Last-Modified Mon, 27 Apr 2020 00:38:14 GMT Server LiteSpeed Etag "71ae-5ea62976-5205f1c4d12ddc76;;;" Vary User-Agent Content-Type image/png Cache-Control public, max-age=604800 Connection Keep-Alive Accept-Ranges bytes Content-Length 29102 Expires Mon, 04 May 2020 00:38:14 GMT
GET H/1.1	404 Not Found	index_Button1_bkgrnd.png u655503dsr.ha004.t.justns.ru/sgbaonline.com/6c5c0/images/	393 B 393 B	83ms 42ms	Image text/html	2a00:b700::12 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL http://u655503dsr.ha004.t.justns.ru/sgbaonline.com/6c5c0/images/index_Button1_bkgrnd.png Requested by Host: u655503dsr.ha004.t.justns.ru URL: http://u655503dsr.ha004.t.justns.ru/sgbaonline.com/6c5c0/ Protocol HTTP/1.1 Server 2a00:b700::12 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `66922f44f8203695af66d08118a3259ed5bdc072169ddd2a641c998ef133e2be` Request headers Referer http://u655503dsr.ha004.t.justns.ru/sgbaonline.com/6c5c0/styles.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 27 Apr 2020 00:38:14 GMT Content-Encoding gzip Server LiteSpeed Connection Keep-Alive Content-Length 373 Vary Accept-Encoding,User-Agent Content-Type text/html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Societe Generale (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| vide1 function| addCode

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

u655503dsr.ha004.t.justns.ru
www.gamedeveloperunion.com
192.210.213.120
2a00:b700::12
600b42b51a3a0ecb121e710e814428f907f6b120fb3b0e30ea18c740f2f81f15
66922f44f8203695af66d08118a3259ed5bdc072169ddd2a641c998ef133e2be
6add86b7892a1dc7812a805d8a6a7dda6812cab926c34ae6736b38b906199369
853f7ccbfc6e49745afe885dadfb0d01522eac59449a12a11be7aadf91cc5505
9d8ee6c4ab82a90f9d583826eab568446e49767dca51b484f39e36fa736b18fd
b78801ed2d3e871e4666ccf564cbc8d84f7a759a8b4d90c81122cc9d49b906c7

u655503dsr.ha004.t.justns.ru Open in urlscan Pro 2a00:b700::12 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

6 Requests

0 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

1 IPs

2 Countries

529 kBTransfer

531 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

Indicators

u655503dsr.ha004.t.justns.ru Open in urlscan Pro
2a00:b700::12 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

0 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

529 kB
Transfer

531 kB
Size

0
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!