u705693p3e.ha004.t.justns.ru
Open in
urlscan Pro
2a00:b700::26
Malicious Activity!
Public Scan
Effective URL: http://u705693p3e.ha004.t.justns.ru/vr/
Submission: On April 29 via automatic, source certstream-suspicious
Summary
This is the only time u705693p3e.ha004.t.justns.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banque Postale (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 81.88.52.70 81.88.52.70 | 39729 (REGISTER-AS) (REGISTER-AS) | |
1 16 | 2a00:b700::26 2a00:b700::26 | 51659 (ASBAXET) (ASBAXET) | |
15 | 1 |
ASN39729 (REGISTER-AS, IT)
PTR: lhcp3070.webapps.net
idbanquepostale.nuemagenle.fr |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
justns.ru
1 redirects
u705693p3e.ha004.t.justns.ru |
159 KB |
1 |
nuemagenle.fr
1 redirects
idbanquepostale.nuemagenle.fr |
107 B |
15 | 2 |
Domain | Requested by | |
---|---|---|
16 | u705693p3e.ha004.t.justns.ru |
1 redirects
u705693p3e.ha004.t.justns.ru
|
1 | idbanquepostale.nuemagenle.fr | 1 redirects |
15 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 2 frames:
Primary Page:
http://u705693p3e.ha004.t.justns.ru/vr/
Frame ID: 63E663550421B7EDC97220A62820E2BC
Requests: 6 HTTP requests in this frame
Frame:
http://u705693p3e.ha004.t.justns.ru/vr/login.php
Frame ID: 639B7E3E6906223E17F6CBC44E2474D8
Requests: 9 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://idbanquepostale.nuemagenle.fr/
HTTP 301
http://u705693p3e.ha004.t.justns.ru/vr HTTP 301
http://u705693p3e.ha004.t.justns.ru/vr/ Page URL
Detected technologies
LiteSpeed (Web Servers) ExpandDetected patterns
- headers server /^LiteSpeed$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://idbanquepostale.nuemagenle.fr/
HTTP 301
http://u705693p3e.ha004.t.justns.ru/vr HTTP 301
http://u705693p3e.ha004.t.justns.ru/vr/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
u705693p3e.ha004.t.justns.ru/vr/ Redirect Chain
|
1 KB 753 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index_01.gif
u705693p3e.ha004.t.justns.ru/vr/images/ |
7 KB 7 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index_02.gif
u705693p3e.ha004.t.justns.ru/vr/images/ |
4 KB 5 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index_04.gif
u705693p3e.ha004.t.justns.ru/vr/images/ |
16 KB 16 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index_05.gif
u705693p3e.ha004.t.justns.ru/vr/images/ |
62 KB 62 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.php
u705693p3e.ha004.t.justns.ru/vr/ Frame 639B |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg.jpg
u705693p3e.ha004.t.justns.ru/vr/images/ |
14 KB 14 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cvs_all.css
u705693p3e.ha004.t.justns.ru/vr/css/ Frame 639B |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cvs_portable.css
u705693p3e.ha004.t.justns.ru/vr/css/ Frame 639B |
1001 B 779 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
transparent.gif
u705693p3e.ha004.t.justns.ru/vr/images/ Frame 639B |
42 B 392 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.7.2.min.js
u705693p3e.ha004.t.justns.ru/vr/js/ Frame 639B |
93 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
val_keypad_cvvs-commun-unifie.js
u705693p3e.ha004.t.justns.ru/vr/js/ Frame 639B |
12 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
val_keypad_cvvs-unifie.js
u705693p3e.ha004.t.justns.ru/vr/js/ Frame 639B |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bad.png
u705693p3e.ha004.t.justns.ru/vr/img/ Frame 639B |
355 B 355 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.png
u705693p3e.ha004.t.justns.ru/vr/data_img/ Frame 639B |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banque Postale (Banking)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
idbanquepostale.nuemagenle.fr
u705693p3e.ha004.t.justns.ru
2a00:b700::26
81.88.52.70
0250b13f2f63c1a36e0586501207ab1853902a3ce90d6e0f7116f84431b48ffa
04fd3a5bb751974a97e3025f80bb60966d6746f14ac75ddba4de8a1a9bec4def
26ac457637b6e883ca410bef71797ad78df8ab692fd4a42eebc2cf35326d4de5
3b3db52fa8e90f441a2dc9ecc1732df0a53c8f6f974fbd390affc6367cea67e6
46ff2be4b8263e5493aba57d07584b033e2cdc72cc395afde19fab5dc86629bb
50f08e3f8e9097920c6d34dc772b9cf34310e754b8455e0926c8dfcb3dfccc35
68374609fd96961cd1590f53a2b061527ae5ba00bc5a505b7c5758aea3b93b7e
8646606c95edd17842c81e1740c5d5b82ce0db9d85cee289e7f9f8b4f949ba34
9aaac9ad9b461893e7a54809e3a819de0af5d6b227fb24efe1c577f62645bc32
9c3c51c993e93289ee20b82b30e73ddab4ea26312b9aab6f0b16e0e289ab5be9
ac4b179388e43f276ab7562431986e8acb819e986ca88a3b5bf70d645337a8f3
c2ad8f0fc38f50b12290b2d62bb678bee2fc6c927df5c16ff615708e4c283296
d72fcb8924d1e14dbd4b04aff994c1183ee86c620f0aaac034f75fc508548220
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fb04604a9152cc57920f51513c860c699b2c71551334e5986b12ecc560b4ed2e