hjfurtt.icu Open in urlscan Pro
43.134.24.226 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://rb.gy/vic9ar
Effective URL:
https://hjfurtt.icu/qa/
Submission: On July 12 via automatic, source phishtank (July 12th 2024, 7:05:26 am UTC) — Scanned from DE

Summary HTTP 27 Redirects Links 36 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 27 HTTP transactions. The main IP is 43.134.24.226, located in Singapore, Singapore and belongs to TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN. The main domain is hjfurtt.icu.
TLS certificate: Issued by R10 on July 11th 2024. Valid for: 3 months.

This is the only time hjfurtt.icu was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Posten Norge (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 1	107.22.29.204 107.22.29.204	14618 (AMAZON-AES) (AMAZON-AES)
1 23	43.134.24.226 43.134.24.226	132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building)
27	2

1 107.22.29.204 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-22-29-204.compute-1.amazonaws.com

rb.gy	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 43.134.24.226 (Singapore, Singapore) 1 redirects

ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)

hjfurtt.icu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
23	hjfurtt.icu 1 redirects hjfurtt.icu	341 KB
1	rb.gy 1 redirects rb.gy — Cisco Umbrella Rank: 110671	158 B
27	2

	Domain	Requested by
23	hjfurtt.icu	1 redirects hjfurtt.icu
1	rb.gy	1 redirects
27	2

This site contains links to these domains. Also see Links.

Domain
www.posten.no
id.posten.no
adressesok.posten.no
www.postennorge.no
www.bring.no

Subject Issuer	Validity	Valid
hjfurtt.icu R10	`2024-07-11` - `2024-10-09`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://hjfurtt.icu/qa/
Frame ID: 3E8C2FD8ED08082FFF970BA26581243F
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://rb.gy/vic9ar HTTP 301
http://hjfurtt.icu/qa HTTP 307
https://hjfurtt.icu/qa HTTP 301
https://hjfurtt.icu/qa/ Page URL

Detected technologies

Socket.io (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

socket\.io.*\.js

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

Page Statistics

27
Requests

81 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

340 kB
Transfer

1158 kB
Size

0
Cookies

36 Outgoing links

These are links going to different origins than the main page.

URL: https://www.posten.no/

Search URL Search Domain Scan URL

URL: https://id.posten.no/minside
Title: Min sideMin side

Search URL Search Domain Scan URL

URL: https://www.posten.no/kart
Title: Finn oss på kartet

Search URL Search Domain Scan URL

URL: https://www.posten.no/sporing-kundeservice/sporingsapplikasjon
Title: Posten-appen

Search URL Search Domain Scan URL

URL: https://www.posten.no/frimerker-til-samling
Title: Frimerker til samling

Search URL Search Domain Scan URL

URL: https://www.posten.no/sende/i-norge

Search URL Search Domain Scan URL

URL: https://www.posten.no/sende/sende-utland

Search URL Search Domain Scan URL

URL: https://www.posten.no/sende/emballering

Search URL Search Domain Scan URL

URL: https://www.posten.no/fortolling/sende-til-utlandet

Search URL Search Domain Scan URL

URL: https://www.posten.no/sende/i-norge/retur

Search URL Search Domain Scan URL

URL: https://www.posten.no/priser

Search URL Search Domain Scan URL

URL: https://www.posten.no/motta

Search URL Search Domain Scan URL

URL: https://www.posten.no/motta/postboks

Search URL Search Domain Scan URL

URL: https://www.posten.no/motta/fleksibelt/postkasse

Search URL Search Domain Scan URL

URL: https://www.posten.no/adressetjenester/min-adresse

Search URL Search Domain Scan URL

URL: https://www.posten.no/adressetjenester

Search URL Search Domain Scan URL

URL: https://www.posten.no/fortolling/motta-fra-utlandet

Search URL Search Domain Scan URL

URL: https://www.posten.no/verktoy

Search URL Search Domain Scan URL

URL: https://www.posten.no/levering-av-post

Search URL Search Domain Scan URL

URL: https://adressesok.posten.no/

Search URL Search Domain Scan URL

URL: https://www.posten.no/import

Search URL Search Domain Scan URL

URL: https://www.posten.no/motta/digipost

Search URL Search Domain Scan URL

URL: https://www.posten.no/posten-signering

Search URL Search Domain Scan URL

URL: https://www.posten.no/kundeservice

Search URL Search Domain Scan URL

URL: https://www.posten.no/kundeservice/klager-og-reklamasjon

Search URL Search Domain Scan URL

URL: https://www.posten.no/kundeservice/postens-chatbot

Search URL Search Domain Scan URL

URL: https://www.posten.no/sporing-kundeservice

Search URL Search Domain Scan URL

URL: https://www.posten.no/kundeservice/nettsvindel

Search URL Search Domain Scan URL

URL: https://www.postennorge.no/

Search URL Search Domain Scan URL

URL: http://www.postennorge.no/jobb

Search URL Search Domain Scan URL

URL: https://www.posten.no/vilkar

Search URL Search Domain Scan URL

URL: https://www.posten.no/enklere-hverdag

Search URL Search Domain Scan URL

URL: https://www.bring.no/

Search URL Search Domain Scan URL

URL: https://www.posten.no/en/

Search URL Search Domain Scan URL

URL: https://www.posten.no/personvern-sikkerhet

Search URL Search Domain Scan URL

URL: https://www.posten.no/cookies

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://rb.gy/vic9ar HTTP 301
http://hjfurtt.icu/qa HTTP 307
https://hjfurtt.icu/qa HTTP 301
https://hjfurtt.icu/qa/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

27 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response hjfurtt.icu/qa/ Redirect Chain https://rb.gy/vic9ar http://hjfurtt.icu/qa https://hjfurtt.icu/qa https://hjfurtt.icu/qa/	2 KB 1 KB	278ms 278ms	Document text/html	43.134.24.226 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://hjfurtt.icu/qa/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 43.134.24.226 Singapore, Singapore, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx/1.24.0 / Resource Hash `920a9fe48c93a7f341142cc08d720a55cb333e561f0ded48799881c90b475501` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Access-Control-Allow-Origin * Cache-Control public, max-age=86400 Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=utf-8 Date Fri, 12 Jul 2024 07:05:19 GMT ETag W/"666-18fc39895a0" Last-Modified Wed, 29 May 2024 09:05:08 GMT Server nginx/1.24.0 Transfer-Encoding chunked Vary Accept-Encoding Redirect headers Access-Control-Allow-Origin * Connection keep-alive Content-Length 64 Content-Type text/html; charset=utf-8 Date Fri, 12 Jul 2024 07:05:19 GMT Location /qa/ Server nginx/1.24.0 Vary Accept
GET H/1.1	200 OK	index-2b607a54.js Show response hjfurtt.icu/qa/assets/	492 KB 147 KB	551ms 550ms	Script application/javascript	43.134.24.226 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://hjfurtt.icu/qa/assets/index-2b607a54.js Requested by Host: hjfurtt.icu URL: https://hjfurtt.icu/qa/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 43.134.24.226 Singapore, Singapore, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx/1.24.0 / Resource Hash `ddd3675ab5401d6880021a9fc960413f2aa9ae31aeaa40aa546f7fee2056a2f8` Request headers Referer https://hjfurtt.icu/qa/ Origin https://hjfurtt.icu User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Fri, 12 Jul 2024 07:05:19 GMT Content-Encoding gzip Last-Modified Wed, 29 May 2024 09:05:14 GMT Server nginx/1.24.0 ETag W/"7b096-18fc398ad10" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript; charset=utf-8 Access-Control-Allow-Origin * Cache-Control public, max-age=86400 Connection keep-alive
GET H/1.1	200 OK	f6170fbb8K8a8.css hjfurtt.icu/qa/assets/	952 B 1 KB	339ms 339ms	Stylesheet text/css	43.134.24.226 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://hjfurtt.icu/qa/assets/f6170fbb8K8a8.css Requested by Host: hjfurtt.icu URL: https://hjfurtt.icu/qa/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 43.134.24.226 Singapore, Singapore, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx/1.24.0 / Resource Hash `f6170fbbee0af98d737510b5689b31d78cf4e9a152590e594175b79212210911` Request headers Referer https://hjfurtt.icu/qa/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Fri, 12 Jul 2024 07:05:19 GMT Last-Modified Wed, 29 May 2024 09:05:08 GMT Server nginx/1.24.0 ETag W/"3b8-18fc39895a0" Content-Type text/css; charset=utf-8 Access-Control-Allow-Origin * Cache-Control public, max-age=86400 Connection keep-alive Accept-Ranges bytes Content-Length 952
GET H/1.1	200 OK	86fb1c54Gtm45.js Show response hjfurtt.icu/qa/assets/	5 KB 2 KB	270ms 270ms	Script application/javascript	43.134.24.226 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://hjfurtt.icu/qa/assets/86fb1c54Gtm45.js Requested by Host: hjfurtt.icu URL: https://hjfurtt.icu/qa/assets/index-2b607a54.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 43.134.24.226 Singapore, Singapore, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx/1.24.0 / Resource Hash `9b33771f461a537e0f8675d3fc297c67e592cba811af36bf71f4a0297c4c104f` Request headers Referer Origin https://hjfurtt.icu User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Fri, 12 Jul 2024 07:05:20 GMT Content-Encoding gzip Last-Modified Wed, 29 May 2024 09:05:12 GMT Server nginx/1.24.0 ETag W/"1434-18fc398a540" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript; charset=utf-8 Access-Control-Allow-Origin * Cache-Control public, max-age=86400 Connection keep-alive
GET H/1.1	200 OK	404e4081Gtm45.js Show response hjfurtt.icu/qa/assets/	52 KB 17 KB	573ms 573ms	Script application/javascript	43.134.24.226 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://hjfurtt.icu/qa/assets/404e4081Gtm45.js Requested by Host: hjfurtt.icu URL: https://hjfurtt.icu/qa/assets/index-2b607a54.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 43.134.24.226 Singapore, Singapore, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx/1.24.0 / Resource Hash `5b0e1e22e63182f7a5b40dd06487af6bf7010f680798f6ef128f36aa0cd6fc7c` Request headers Referer Origin https://hjfurtt.icu User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Fri, 12 Jul 2024 07:05:20 GMT Content-Encoding gzip Last-Modified Wed, 29 May 2024 09:05:10 GMT Server nginx/1.24.0 ETag W/"d060-18fc3989d70" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript; charset=utf-8 Access-Control-Allow-Origin * Cache-Control public, max-age=86400 Connection keep-alive
GET H/1.1	200 OK	favicon.ico hjfurtt.icu/	2 KB 2 KB	529ms 269ms	Other image/vnd.microsoft.icon	43.134.24.226 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://hjfurtt.icu/favicon.ico Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 43.134.24.226 Singapore, Singapore, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx/1.24.0 / Resource Hash `d3f292e1e0313f78382e3b5b5300734fa37a8a98cc774b151e34d85b4bf2057b` Request headers Referer https://hjfurtt.icu/qa/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Fri, 12 Jul 2024 07:05:21 GMT Last-Modified Wed, 29 May 2024 09:05:02 GMT Server nginx/1.24.0 ETag W/"6ac-18fc3987e30" Content-Type image/vnd.microsoft.icon Access-Control-Allow-Origin * Cache-Control public, max-age=86400 Connection keep-alive Accept-Ranges bytes Content-Length 1708
GET H/1.1	200 OK	6c0c2ba6Gtm45.js Show response hjfurtt.icu/qa/assets/	35 KB 11 KB	289ms 287ms	Script application/javascript	43.134.24.226 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://hjfurtt.icu/qa/assets/6c0c2ba6Gtm45.js Requested by Host: hjfurtt.icu URL: https://hjfurtt.icu/qa/assets/index-2b607a54.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 43.134.24.226 Singapore, Singapore, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx/1.24.0 / Resource Hash `fbd70a79ec6210b8cda6e368824de44d4fcec0863463e683592a9b6fa82951a0` Request headers Referer Origin https://hjfurtt.icu User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Fri, 12 Jul 2024 07:05:21 GMT Content-Encoding gzip Last-Modified Wed, 29 May 2024 09:05:10 GMT Server nginx/1.24.0 ETag W/"8a70-18fc3989d70" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript; charset=utf-8 Access-Control-Allow-Origin * Cache-Control public, max-age=86400 Connection keep-alive
GET H/1.1	200 OK	09bf01f8Gtm45.js Show response hjfurtt.icu/qa/assets/	2 KB 1 KB	273ms 271ms	Script application/javascript	43.134.24.226 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://hjfurtt.icu/qa/assets/09bf01f8Gtm45.js Requested by Host: hjfurtt.icu URL: https://hjfurtt.icu/qa/assets/index-2b607a54.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 43.134.24.226 Singapore, Singapore, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx/1.24.0 / Resource Hash `e47d150209ff0a7c7b0bc61990cc6b77e865b4b1584d84b2bdba97b137c0ffa1` Request headers Referer Origin https://hjfurtt.icu User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Fri, 12 Jul 2024 07:05:21 GMT Content-Encoding gzip Last-Modified Wed, 29 May 2024 09:05:10 GMT Server nginx/1.24.0 ETag W/"8cc-18fc3989d70" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript; charset=utf-8 Access-Control-Allow-Origin * Cache-Control public, max-age=86400 Connection keep-alive
GET H/1.1	200 OK	d7d29c13Gtm45.js Show response hjfurtt.icu/qa/assets/	3 KB 1 KB	576ms 286ms	Script application/javascript	43.134.24.226 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://hjfurtt.icu/qa/assets/d7d29c13Gtm45.js Requested by Host: hjfurtt.icu URL: https://hjfurtt.icu/qa/assets/index-2b607a54.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 43.134.24.226 Singapore, Singapore, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx/1.24.0 / Resource Hash `58becf67b9ddbe9ae289c2c2b54cea624439e9530645518dba52b6f5e7cd0f18` Request headers Referer Origin https://hjfurtt.icu User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Fri, 12 Jul 2024 07:05:21 GMT Content-Encoding gzip Last-Modified Wed, 29 May 2024 09:05:12 GMT Server nginx/1.24.0 ETag W/"ac5-18fc398a540" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript; charset=utf-8 Access-Control-Allow-Origin * Cache-Control public, max-age=86400 Connection keep-alive
GET H/1.1	200 OK	05a624e3Gtm45.js Show response hjfurtt.icu/qa/assets/	268 KB 68 KB	1099ms 558ms	Script application/javascript	43.134.24.226 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://hjfurtt.icu/qa/assets/05a624e3Gtm45.js Requested by Host: hjfurtt.icu URL: https://hjfurtt.icu/qa/assets/index-2b607a54.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 43.134.24.226 Singapore, Singapore, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx/1.24.0 / Resource Hash `ef938fc71f2ec8f401bb73043ebe43242fe31b2e0ccf8849afb18a2d08f2812c` Request headers Referer Origin https://hjfurtt.icu User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Fri, 12 Jul 2024 07:05:21 GMT Content-Encoding gzip Last-Modified Wed, 29 May 2024 09:05:10 GMT Server nginx/1.24.0 ETag W/"430ee-18fc3989d70" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript; charset=utf-8 Access-Control-Allow-Origin * Cache-Control public, max-age=86400 Connection keep-alive
GET H/1.1	200 OK	c27b6911Gtm45.js Show response hjfurtt.icu/qa/assets/	2 KB 1 KB	820ms 275ms	Script application/javascript	43.134.24.226 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://hjfurtt.icu/qa/assets/c27b6911Gtm45.js Requested by Host: hjfurtt.icu URL: https://hjfurtt.icu/qa/assets/index-2b607a54.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 43.134.24.226 Singapore, Singapore, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx/1.24.0 / Resource Hash `e6797326dabcb03f5cdeeab1eb4da6c7bb8938440831f7932096408322c3abda` Request headers Referer Origin https://hjfurtt.icu User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Fri, 12 Jul 2024 07:05:21 GMT Content-Encoding gzip Last-Modified Wed, 29 May 2024 09:05:12 GMT Server nginx/1.24.0 ETag W/"788-18fc398a540" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript; charset=utf-8 Access-Control-Allow-Origin * Cache-Control public, max-age=86400 Connection keep-alive
GET H/1.1	200 OK	f79ade9a8K8a8.css hjfurtt.icu/qa/assets/	63 KB 13 KB	622ms 594ms	Stylesheet text/css	43.134.24.226 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://hjfurtt.icu/qa/assets/f79ade9a8K8a8.css Requested by Host: hjfurtt.icu URL: https://hjfurtt.icu/qa/assets/index-2b607a54.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 43.134.24.226 Singapore, Singapore, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx/1.24.0 / Resource Hash `f79ade9aafe0d8cd39a9958ae3f77a578b38c8373211f15fac848b9e9331ac23` Request headers Referer https://hjfurtt.icu/qa/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Fri, 12 Jul 2024 07:05:21 GMT Content-Encoding gzip Last-Modified Wed, 29 May 2024 09:05:08 GMT Server nginx/1.24.0 ETag W/"fbf9-18fc39895a0" Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/css; charset=utf-8 Access-Control-Allow-Origin * Cache-Control public, max-age=86400 Connection keep-alive
GET H/1.1	200 OK	a5cbd326Gtm45.js Show response hjfurtt.icu/qa/assets/	6 KB 3 KB	860ms 284ms	Script application/javascript	43.134.24.226 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://hjfurtt.icu/qa/assets/a5cbd326Gtm45.js Requested by Host: hjfurtt.icu URL: https://hjfurtt.icu/qa/assets/index-2b607a54.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 43.134.24.226 Singapore, Singapore, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx/1.24.0 / Resource Hash `3d41dd19eb7790b3b3b5b282e47ae75f9aa3b456df9a442b2ab23a84182c692d` Request headers Referer Origin https://hjfurtt.icu User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Fri, 12 Jul 2024 07:05:21 GMT Content-Encoding gzip Last-Modified Wed, 29 May 2024 09:05:12 GMT Server nginx/1.24.0 ETag W/"1841-18fc398a540" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript; charset=utf-8 Access-Control-Allow-Origin * Cache-Control public, max-age=86400 Connection keep-alive
GET H/1.1	200 OK	4cd1ec688K8a8.css hjfurtt.icu/qa/assets/	323 B 650 B	542ms 268ms	Stylesheet text/css	43.134.24.226 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://hjfurtt.icu/qa/assets/4cd1ec688K8a8.css Requested by Host: hjfurtt.icu URL: https://hjfurtt.icu/qa/assets/index-2b607a54.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 43.134.24.226 Singapore, Singapore, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx/1.24.0 / Resource Hash `4cd1ec684ce1c4f864a8e95f9f7695c7f708160192531ff8e55fc5023abf5b64` Request headers Referer https://hjfurtt.icu/qa/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Fri, 12 Jul 2024 07:05:21 GMT Last-Modified Wed, 29 May 2024 09:05:08 GMT Server nginx/1.24.0 ETag W/"143-18fc39895a0" Content-Type text/css; charset=utf-8 Access-Control-Allow-Origin * Cache-Control public, max-age=86400 Connection keep-alive Accept-Ranges bytes Content-Length 323
POST H/1.1	200 OK	MC4yMTI5OTY0MzY3NTA2MzQz Show response hjfurtt.icu/api/	700 B 945 B	329ms 328ms	XHR application/json	43.134.24.226 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://hjfurtt.icu/api/MC4yMTI5OTY0MzY3NTA2MzQz Requested by Host: hjfurtt.icu URL: https://hjfurtt.icu/qa/assets/index-2b607a54.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 43.134.24.226 Singapore, Singapore, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx/1.24.0 / Resource Hash `8ffc2574b661d66d2ed5d8bcf6f2013fe2334e98d32748dbe5500603345c5522` Request headers Referer https://hjfurtt.icu/qa/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type text/encrypt Response headers Access-Control-Allow-Origin * Date Fri, 12 Jul 2024 07:05:22 GMT Server nginx/1.24.0 Connection keep-alive ETag W/"2bc-dJN/hWiOBd9JsZQ48i8TVnUlpa0" Content-Length 700 Content-Type application/json; charset=utf-8
GET H/1.1	200 OK	f015c267Gtm45.js Show response hjfurtt.icu/qa/assets/	111 KB 33 KB	2363ms 2363ms	Script application/javascript	43.134.24.226 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://hjfurtt.icu/qa/assets/f015c267Gtm45.js Requested by Host: hjfurtt.icu URL: https://hjfurtt.icu/qa/assets/index-2b607a54.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 43.134.24.226 Singapore, Singapore, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx/1.24.0 / Resource Hash `2a450a6571e55ac331095260bddaa346cfceed542eea819e961a053f8f9df198` Request headers Referer Origin https://hjfurtt.icu User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Fri, 12 Jul 2024 07:05:22 GMT Content-Encoding gzip Last-Modified Wed, 29 May 2024 09:05:12 GMT Server nginx/1.24.0 ETag W/"1bb07-18fc398a540" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript; charset=utf-8 Access-Control-Allow-Origin * Cache-Control public, max-age=86400 Connection keep-alive
GET H/1.1	200 OK	/ Show response hjfurtt.icu/socket.io/	118 B 339 B	294ms 293ms	XHR text/plain	43.134.24.226 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://hjfurtt.icu/socket.io/?EIO=4&transport=polling&t=P2bmihD Requested by Host: hjfurtt.icu URL: https://hjfurtt.icu/qa/assets/f015c267Gtm45.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 43.134.24.226 Singapore, Singapore, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx/1.24.0 / Resource Hash `43559fe3a9f2b54b6747422ece129885589fa3ddc8205bedcf2811994f2dace9` Request headers Accept / Referer https://hjfurtt.icu/qa/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Access-Control-Allow-Origin * Date Fri, 12 Jul 2024 07:05:25 GMT cache-control no-store Server nginx/1.24.0 Connection keep-alive Content-Length 118 Content-Type text/plain; charset=UTF-8
GET H/1.1	200 OK	9330262fGtm45.js Show response hjfurtt.icu/qa/assets/	113 KB 36 KB	564ms 563ms	Script application/javascript	43.134.24.226 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://hjfurtt.icu/qa/assets/9330262fGtm45.js Requested by Host: hjfurtt.icu URL: https://hjfurtt.icu/qa/assets/index-2b607a54.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 43.134.24.226 Singapore, Singapore, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx/1.24.0 / Resource Hash `588315e332e64ef9e95cfb8710001251a3a03d1b846a2bd764ecdc24d244e061` Request headers Referer Origin https://hjfurtt.icu User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Fri, 12 Jul 2024 07:05:25 GMT Content-Encoding gzip Last-Modified Wed, 29 May 2024 09:05:12 GMT Server nginx/1.24.0 ETag W/"1c58c-18fc398a540" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript; charset=utf-8 Access-Control-Allow-Origin * Cache-Control public, max-age=86400 Connection keep-alive
GET H/1.1	200 OK	f4397ced8K8a8.css hjfurtt.icu/qa/assets/	400 B 727 B	285ms 285ms	Stylesheet text/css	43.134.24.226 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://hjfurtt.icu/qa/assets/f4397ced8K8a8.css Requested by Host: hjfurtt.icu URL: https://hjfurtt.icu/qa/assets/index-2b607a54.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 43.134.24.226 Singapore, Singapore, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx/1.24.0 / Resource Hash `f4397ced557e01524d17b5d0988131cbf8b4c9cb5af39749e74e3671b8eb1917` Request headers Referer https://hjfurtt.icu/qa/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Fri, 12 Jul 2024 07:05:25 GMT Last-Modified Wed, 29 May 2024 09:05:08 GMT Server nginx/1.24.0 ETag W/"190-18fc39895a0" Content-Type text/css; charset=utf-8 Access-Control-Allow-Origin * Cache-Control public, max-age=86400 Connection keep-alive Accept-Ranges bytes Content-Length 400
POST H/1.1	200 OK	/ Show response hjfurtt.icu/socket.io/	2 B 205 B	295ms 294ms	XHR text/html	43.134.24.226 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://hjfurtt.icu/socket.io/?EIO=4&transport=polling&t=P2bmilt&sid=Z7WcMoNkZUAsDG96AKz6 Requested by Host: hjfurtt.icu URL: https://hjfurtt.icu/qa/assets/f015c267Gtm45.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 43.134.24.226 Singapore, Singapore, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx/1.24.0 / Resource Hash `2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df` Request headers Accept / Referer https://hjfurtt.icu/qa/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-type text/plain;charset=UTF-8 Response headers Access-Control-Allow-Origin * Date Fri, 12 Jul 2024 07:05:25 GMT cache-control no-store Server nginx/1.24.0 Connection keep-alive Content-Length 2 Content-Type text/html
GET H/1.1	200 OK	/ Show response hjfurtt.icu/socket.io/	32 B 252 B	288ms 288ms	XHR text/plain	43.134.24.226 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://hjfurtt.icu/socket.io/?EIO=4&transport=polling&t=P2bmilt.0&sid=Z7WcMoNkZUAsDG96AKz6 Requested by Host: hjfurtt.icu URL: https://hjfurtt.icu/qa/assets/f015c267Gtm45.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 43.134.24.226 Singapore, Singapore, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx/1.24.0 / Resource Hash `630af88396c6f2e8de9255931881aa5bafa0bc7d59e7fd91f424ea9d6a483681` Request headers Accept / Referer https://hjfurtt.icu/qa/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Access-Control-Allow-Origin * Date Fri, 12 Jul 2024 07:05:25 GMT cache-control no-store Server nginx/1.24.0 Connection keep-alive Content-Length 32 Content-Type text/plain; charset=UTF-8
GET		1b92491b8K8a8.woff2 hjfurtt.icu/qa/assets/	0 0

GET		34ba719e8K8a8.woff2 hjfurtt.icu/qa/assets/	0 0

GET		882f8e268K8a8.woff2 hjfurtt.icu/qa/assets/	0 0

GET		/ hjfurtt.icu/socket.io/	0 0

POST		/ hjfurtt.icu/socket.io/	0 0

POST H/1.1	200 OK	/ hjfurtt.icu/socket.io/	2 B 205 B	302ms 296ms	XHR text/html	43.134.24.226 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://hjfurtt.icu/socket.io/?EIO=4&transport=polling&t=P2bmiuC&sid=Z7WcMoNkZUAsDG96AKz6 Requested by Host: hjfurtt.icu URL: https://hjfurtt.icu/qa/assets/f015c267Gtm45.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 43.134.24.226 Singapore, Singapore, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx/1.24.0 / Resource Hash Request headers Accept / Referer https://hjfurtt.icu/qa/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-type text/plain;charset=UTF-8 Response headers Access-Control-Allow-Origin * Date Fri, 12 Jul 2024 07:05:25 GMT cache-control no-store Server nginx/1.24.0 Connection keep-alive Content-Length 2 Content-Type text/html

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: hjfurtt.icu
URL: https://hjfurtt.icu/qa/assets/1b92491b8K8a8.woff2

Domain: hjfurtt.icu
URL: https://hjfurtt.icu/qa/assets/34ba719e8K8a8.woff2

Domain: hjfurtt.icu
URL: https://hjfurtt.icu/qa/assets/882f8e268K8a8.woff2

Domain: hjfurtt.icu
URL: https://hjfurtt.icu/socket.io/?EIO=4&transport=polling&t=P2bmiq_&sid=Z7WcMoNkZUAsDG96AKz6

Domain: hjfurtt.icu
URL: https://hjfurtt.icu/socket.io/?EIO=4&transport=polling&t=P2bmirD&sid=Z7WcMoNkZUAsDG96AKz6

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Posten Norge (Transportation)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| IMask boolean| __vite_is_modern_browser boolean| __VUE__

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	warning	URL: https://hjfurtt.icu/qa/assets/f015c267Gtm45.js Message: WebSocket connection to 'wss://hjfurtt.icu/socket.io/?EIO=4&transport=websocket&sid=Z7WcMoNkZUAsDG96AKz6' failed: WebSocket is closed before the connection is established.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

hjfurtt.icu
rb.gy
hjfurtt.icu
107.22.29.204
43.134.24.226
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2a450a6571e55ac331095260bddaa346cfceed542eea819e961a053f8f9df198
3d41dd19eb7790b3b3b5b282e47ae75f9aa3b456df9a442b2ab23a84182c692d
43559fe3a9f2b54b6747422ece129885589fa3ddc8205bedcf2811994f2dace9
4cd1ec684ce1c4f864a8e95f9f7695c7f708160192531ff8e55fc5023abf5b64
588315e332e64ef9e95cfb8710001251a3a03d1b846a2bd764ecdc24d244e061
58becf67b9ddbe9ae289c2c2b54cea624439e9530645518dba52b6f5e7cd0f18
5b0e1e22e63182f7a5b40dd06487af6bf7010f680798f6ef128f36aa0cd6fc7c
630af88396c6f2e8de9255931881aa5bafa0bc7d59e7fd91f424ea9d6a483681
8ffc2574b661d66d2ed5d8bcf6f2013fe2334e98d32748dbe5500603345c5522
920a9fe48c93a7f341142cc08d720a55cb333e561f0ded48799881c90b475501
9b33771f461a537e0f8675d3fc297c67e592cba811af36bf71f4a0297c4c104f
d3f292e1e0313f78382e3b5b5300734fa37a8a98cc774b151e34d85b4bf2057b
ddd3675ab5401d6880021a9fc960413f2aa9ae31aeaa40aa546f7fee2056a2f8
e47d150209ff0a7c7b0bc61990cc6b77e865b4b1584d84b2bdba97b137c0ffa1
e6797326dabcb03f5cdeeab1eb4da6c7bb8938440831f7932096408322c3abda
ef938fc71f2ec8f401bb73043ebe43242fe31b2e0ccf8849afb18a2d08f2812c
f4397ced557e01524d17b5d0988131cbf8b4c9cb5af39749e74e3671b8eb1917
f6170fbbee0af98d737510b5689b31d78cf4e9a152590e594175b79212210911
f79ade9aafe0d8cd39a9958ae3f77a578b38c8373211f15fac848b9e9331ac23
fbd70a79ec6210b8cda6e368824de44d4fcec0863463e683592a9b6fa82951a0

hjfurtt.icu Open in urlscan Pro 43.134.24.226 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

27 Requests

81 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

340 kBTransfer

1158 kBSize

0 Cookies

36 Outgoing links

Page URL History

Redirected requests

27 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

hjfurtt.icu Open in urlscan Pro
43.134.24.226 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

27
Requests

81 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

340 kB
Transfer

1158 kB
Size

0
Cookies

27 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!