u418291wim.ha002.t.justns.ru Open in urlscan Pro
2a00:b700::6:b Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/pindex.html
Submission: On July 03 via automatic, source openphish (July 3rd 2019, 10:05:04 pm UTC)

Summary HTTP 19 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 19 HTTP transactions. The main IP is 2a00:b700::6:b, located in Russian Federation and belongs to ASBAXET, RU. The main domain is u418291wim.ha002.t.justns.ru.

This is the only time u418291wim.ha002.t.justns.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BNP Paribas (Banking)

Domain & IP information

	IP Address	AS Autonomous System
18	2a00:b700::6:b 2a00:b700::6:b	51659 (ASBAXET) (ASBAXET)
1	2a00:1450:400... 2a00:1450:4001:81f::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
19	2

18 2a00:b700::6:b (Russian Federation)

ASN51659 (ASBAXET, RU)

u418291wim.ha002.t.justns.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	justns.ru u418291wim.ha002.t.justns.ru	196 KB
1	googleapis.com ajax.googleapis.com	29 KB
19	2

	Domain	Requested by
18	u418291wim.ha002.t.justns.ru	u418291wim.ha002.t.justns.ru
1	ajax.googleapis.com	u418291wim.ha002.t.justns.ru
19	2

This site contains no links.

Subject Issuer	Validity	Valid
	`1970-01-01` - `1970-01-01`	a few seconds	crt.sh
*.googleapis.com Google Internet Authority G3	`2019-06-11` - `2019-09-03`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/pindex.html
Frame ID: B827A5DD361F5FC7E8DD8A35AC4F7EAC
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ΒNΡ Ρaribas Βαnqυe | Αccéder à mes cοmptes

Detected technologies

LiteSpeed (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^LiteSpeed$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

19
Requests

5 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

225 kB
Transfer

292 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request pindex.html Show response
u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/ 4 KB
2 KB 85ms
42ms Document
text/html 2a00:b700::6:b
ASBAXET

General

Check archive.org

Show headers Download Go to

Full URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/pindex.html
Protocol: HTTP/1.1
Server: 2a00:b700::6:b , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 2b60d26c25dd8f602d6c798caf23695ee0a9c5597f67a69908f58f50ebacab2c

Request headers

Host: u418291wim.ha002.t.justns.ru
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

ETag: "1140-5d1d08d9-5573ceb51476ef10;gz"
Last-Modified: Wed, 03 Jul 2019 19:58:17 GMT
Content-Type: text/html
Content-Length: 1608
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Date: Wed, 03 Jul 2019 22:04:44 GMT
Server: LiteSpeed
Connection: close

GET
H/1.1 200
OK Sanstitre-2.css
u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/ 13 KB
3 KB 85ms
40ms Stylesheet
text/css 2a00:b700::6:b
ASBAXET

General

Check archive.org

Show headers Download Go to

Full URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/Sanstitre-2.css
Requested by: Host: u418291wim.ha002.t.justns.ru
URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/pindex.html
Protocol: HTTP/1.1
Security: , ,
Server: 2a00:b700::6:b , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 625445f8ad9fdb2392cbc547765479c717f12868827fad8443989d6791e8a56e

Request headers

Referer: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/pindex.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 03 Jul 2019 22:04:44 GMT
Content-Encoding: gzip
Last-Modified: Wed, 03 Jul 2019 19:58:17 GMT
Server: LiteSpeed
ETag: "353f-5d1d08d9-cd002fcadacfbc88;gz"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 2554
Expires: Wed, 10 Jul 2019 22:04:44 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.2.0/ 84 KB
29 KB 10ms
6ms Script
text/javascript 2a00:1450:4001:81f::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.min.js

Requested by

Host: u418291wim.ha002.t.justns.ru
URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/pindex.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

8a102873a33f24f7eb22221e6b23c4f718e29f85168ecc769a35bfaed9b12cce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/pindex.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 25 Jun 2019 13:33:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 721891
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 30089
x-xss-protection: 0
last-modified: Tue, 20 Dec 2016 18:17:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 24 Jun 2020 13:33:17 GMT

GET
H/1.1 200
OK jepy.js Show response
u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/JS/ 4 KB
1 KB 85ms
42ms Script
application/javascript 2a00:b700::6:b
ASBAXET

General

Check archive.org

Show headers Download Go to

Full URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/JS/jepy.js
Requested by: Host: u418291wim.ha002.t.justns.ru
URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/pindex.html
Protocol: HTTP/1.1
Security: , ,
Server: 2a00:b700::6:b , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 345546f32de590afdd31eb75738d8e0af8c8c1ec44566d4355e6980346514cb2

Request headers

Referer: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/pindex.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 03 Jul 2019 22:04:44 GMT
Content-Encoding: gzip
Last-Modified: Wed, 03 Jul 2019 19:58:17 GMT
Server: LiteSpeed
ETag: "f0e-5d1d08d9-b411e09baf553392;gz"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 999
Expires: Wed, 10 Jul 2019 22:04:44 GMT

GET
H/1.1 200
OK clavier.js Show response
u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/JS/ 4 KB
2 KB 85ms
42ms Script
application/javascript 2a00:b700::6:b
ASBAXET

General

Check archive.org

Show headers Download Go to

Full URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/JS/clavier.js
Requested by: Host: u418291wim.ha002.t.justns.ru
URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/pindex.html
Protocol: HTTP/1.1
Security: , ,
Server: 2a00:b700::6:b , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 7eed283346ba155d3fa398884232bb5ca3d12fc98d265428b61f50f1daa20f5d

Request headers

Referer: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/pindex.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 03 Jul 2019 22:04:44 GMT
Content-Encoding: gzip
Last-Modified: Wed, 03 Jul 2019 19:58:17 GMT
Server: LiteSpeed
ETag: "118d-5d1d08d9-c9d37b2823b994c7;gz"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 1691
Expires: Wed, 10 Jul 2019 22:04:44 GMT

GET
H/1.1 200
OK logo-top-2.png
u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/img/ 2 KB
3 KB 85ms
42ms Image
image/png 2a00:b700::6:b
ASBAXET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/img/logo-top-2.png
Requested by: Host: u418291wim.ha002.t.justns.ru
URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/pindex.html
Protocol: HTTP/1.1
Security: , ,
Server: 2a00:b700::6:b , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 0ff6d0b27f8073367d9e05cf1237d34c2401c8948827be7cb0110109dc90a5e5

Request headers

Referer: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/pindex.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 03 Jul 2019 22:04:44 GMT
Last-Modified: Wed, 03 Jul 2019 19:58:17 GMT
Server: LiteSpeed
ETag: "9f5-5d1d08d9-3a3ba127d616ff5b;;;"
Vary: User-Agent
Content-Type: image/png
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 2549
Expires: Wed, 10 Jul 2019 22:04:44 GMT

GET
H/1.1 200
OK logo-right-top1.png
u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/img/ 2 KB
2 KB 42ms
42ms Image
image/png 2a00:b700::6:b
ASBAXET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/img/logo-right-top1.png
Requested by: Host: u418291wim.ha002.t.justns.ru
URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/pindex.html
Protocol: HTTP/1.1
Security: , ,
Server: 2a00:b700::6:b , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 76badf7b389d6c824e2260ab705bc7c5732a0f0a2533941c0a5568d837051582

Request headers

Referer: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/Sanstitre-2.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 03 Jul 2019 22:04:44 GMT
Last-Modified: Wed, 03 Jul 2019 19:58:17 GMT
Server: LiteSpeed
ETag: "79e-5d1d08d9-cff05a3f2bba6bd8;;;"
Vary: User-Agent
Content-Type: image/png
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 1950
Expires: Wed, 10 Jul 2019 22:04:44 GMT

GET
H/1.1 200
OK bnp.png
u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/img/ 21 KB
21 KB 43ms
42ms Image
image/png 2a00:b700::6:b
ASBAXET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/img/bnp.png
Requested by: Host: u418291wim.ha002.t.justns.ru
URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/pindex.html
Protocol: HTTP/1.1
Security: , ,
Server: 2a00:b700::6:b , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 7765b30f55d23c1e9b5da76e6b4bb7129665b9fb7e0ff1f949f51d74a22f93be

Request headers

Referer: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/Sanstitre-2.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 03 Jul 2019 22:04:44 GMT
Last-Modified: Wed, 03 Jul 2019 19:58:17 GMT
Server: LiteSpeed
ETag: "5312-5d1d08d9-fd7385c2a826dea4;;;"
Vary: User-Agent
Content-Type: image/png
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 21266
Expires: Wed, 10 Jul 2019 22:04:44 GMT

GET
H/1.1 200
OK top-bzo.png
u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/img/ 6 KB
6 KB 43ms
42ms Image
image/png 2a00:b700::6:b
ASBAXET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/img/top-bzo.png
Requested by: Host: u418291wim.ha002.t.justns.ru
URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/pindex.html
Protocol: HTTP/1.1
Security: , ,
Server: 2a00:b700::6:b , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 62b63161bab92f8bb89f26fff793adfdd6809f8a3bfc723ce8f72ea67697b98f

Request headers

Referer: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/Sanstitre-2.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 03 Jul 2019 22:04:44 GMT
Last-Modified: Wed, 03 Jul 2019 19:58:17 GMT
Server: LiteSpeed
ETag: "1852-5d1d08d9-b542242268c2a90f;;;"
Vary: User-Agent
Content-Type: image/png
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 6226
Expires: Wed, 10 Jul 2019 22:04:44 GMT

GET
H/1.1 200
OK 1-label.png
u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/img/ 2 KB
2 KB 41ms
41ms Image
image/png 2a00:b700::6:b
ASBAXET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/img/1-label.png
Requested by: Host: u418291wim.ha002.t.justns.ru
URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/pindex.html
Protocol: HTTP/1.1
Security: , ,
Server: 2a00:b700::6:b , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 86411cb1cbce2ff92b8a66e70e426875db991f06e0ac15e6ad5428210b044166

Request headers

Referer: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/Sanstitre-2.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 03 Jul 2019 22:04:44 GMT
Last-Modified: Wed, 03 Jul 2019 19:58:17 GMT
Server: LiteSpeed
ETag: "78c-5d1d08d9-84e26a5e24e37e46;;;"
Vary: User-Agent
Content-Type: image/png
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 1932
Expires: Wed, 10 Jul 2019 22:04:44 GMT

GET
H/1.1 200
OK del.png
u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/img/ 840 B
1 KB 124ms
42ms Image
image/png 2a00:b700::6:b
ASBAXET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/img/del.png
Requested by: Host: u418291wim.ha002.t.justns.ru
URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/pindex.html
Protocol: HTTP/1.1
Security: , ,
Server: 2a00:b700::6:b , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 4f5f0c3c460379c1444b8fe8f6a39deffd610b222b357c03abdd4233ab808c65

Request headers

Referer: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/Sanstitre-2.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 03 Jul 2019 22:04:44 GMT
Last-Modified: Wed, 03 Jul 2019 19:58:17 GMT
Server: LiteSpeed
ETag: "348-5d1d08d9-359be7c2aa79160a;;;"
Vary: User-Agent
Content-Type: image/png
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 840
Expires: Wed, 10 Jul 2019 22:04:44 GMT

GET
H/1.1 200
OK 2-label.png
u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/img/ 3 KB
4 KB 125ms
42ms Image
image/png 2a00:b700::6:b
ASBAXET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/img/2-label.png
Requested by: Host: u418291wim.ha002.t.justns.ru
URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/pindex.html
Protocol: HTTP/1.1
Security: , ,
Server: 2a00:b700::6:b , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: c7e94db9715a4f5ff967e5e4f9acf1e9863f417eac71fccd1daa462ce68944b2

Request headers

Referer: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/Sanstitre-2.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 03 Jul 2019 22:04:44 GMT
Last-Modified: Wed, 03 Jul 2019 19:58:17 GMT
Server: LiteSpeed
ETag: "d03-5d1d08d9-abf9f6be98b9fb99;;;"
Vary: User-Agent
Content-Type: image/png
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 3331
Expires: Wed, 10 Jul 2019 22:04:44 GMT

GET
H/1.1 200
OK zbalo.png
u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/img/ 6 KB
6 KB 117ms
40ms Image
image/png 2a00:b700::6:b
ASBAXET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/img/zbalo.png
Requested by: Host: u418291wim.ha002.t.justns.ru
URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/pindex.html
Protocol: HTTP/1.1
Security: , ,
Server: 2a00:b700::6:b , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 24831c59c068f35f8b5ceb2ed9170f3f6efa984bdcc46525bee98c23f67cc865

Request headers

Referer: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/Sanstitre-2.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 03 Jul 2019 22:04:44 GMT
Last-Modified: Wed, 03 Jul 2019 19:58:17 GMT
Server: LiteSpeed
ETag: "1850-5d1d08d9-bc93c24496be38d6;;;"
Vary: User-Agent
Content-Type: image/png
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 6224
Expires: Wed, 10 Jul 2019 22:04:44 GMT

GET
H/1.1 200
OK right.png
u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/img/ 95 KB
96 KB 79ms
42ms Image
image/png 2a00:b700::6:b
ASBAXET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/img/right.png
Requested by: Host: u418291wim.ha002.t.justns.ru
URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/pindex.html
Protocol: HTTP/1.1
Security: , ,
Server: 2a00:b700::6:b , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: fc44236c1139fc5a39ca4cfbc97603ddd9b0ee5de8e4ef40b157774cb542e073

Request headers

Referer: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/Sanstitre-2.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 03 Jul 2019 22:04:44 GMT
Last-Modified: Wed, 03 Jul 2019 19:58:17 GMT
Server: LiteSpeed
ETag: "17ce4-5d1d08d9-27ffd3099168d70b;;;"
Vary: User-Agent
Content-Type: image/png
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 97508
Expires: Wed, 10 Jul 2019 22:04:44 GMT

GET
H/1.1 200
OK footers-txt.png
u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/img/ 7 KB
7 KB 77ms
40ms Image
image/png 2a00:b700::6:b
ASBAXET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/img/footers-txt.png
Requested by: Host: u418291wim.ha002.t.justns.ru
URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/pindex.html
Protocol: HTTP/1.1
Security: , ,
Server: 2a00:b700::6:b , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: c5f37b7946999009a71ab18ce9ed2b7f6cf76b443b67fc09f30cbb14130066b8

Request headers

Referer: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/Sanstitre-2.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 03 Jul 2019 22:04:44 GMT
Last-Modified: Wed, 03 Jul 2019 19:58:17 GMT
Server: LiteSpeed
ETag: "1c0c-5d1d08d9-f566e2f59ea7d5a;;;"
Vary: User-Agent
Content-Type: image/png
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 7180
Expires: Wed, 10 Jul 2019 22:04:44 GMT

GET
H/1.1 200
OK list-foter1.png
u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/img/ 10 KB
10 KB 80ms
42ms Image
image/png 2a00:b700::6:b
ASBAXET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/img/list-foter1.png
Requested by: Host: u418291wim.ha002.t.justns.ru
URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/pindex.html
Protocol: HTTP/1.1
Security: , ,
Server: 2a00:b700::6:b , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 5597b29c5d8bedfc04d334f6edcc76a6f0cc27e46483cc70f632f1dc482d22aa

Request headers

Referer: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/Sanstitre-2.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 03 Jul 2019 22:04:44 GMT
Last-Modified: Wed, 03 Jul 2019 19:58:17 GMT
Server: LiteSpeed
ETag: "2752-5d1d08d9-584fcaad281d215b;;;"
Vary: User-Agent
Content-Type: image/png
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 10066
Expires: Wed, 10 Jul 2019 22:04:44 GMT

GET
H/1.1 200
OK list-foter2.png
u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/img/ 10 KB
10 KB 79ms
42ms Image
image/png 2a00:b700::6:b
ASBAXET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/img/list-foter2.png
Requested by: Host: u418291wim.ha002.t.justns.ru
URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/pindex.html
Protocol: HTTP/1.1
Security: , ,
Server: 2a00:b700::6:b , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 83ad52c2828f7d6a82a5bb376ea772c10e72eaede037fd1863edf32d006f388e

Request headers

Referer: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/Sanstitre-2.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 03 Jul 2019 22:04:44 GMT
Last-Modified: Wed, 03 Jul 2019 19:58:17 GMT
Server: LiteSpeed
ETag: "2702-5d1d08d9-bb58b418d28151d4;;;"
Vary: User-Agent
Content-Type: image/png
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 9986
Expires: Wed, 10 Jul 2019 22:04:44 GMT

GET
H/1.1 200
OK list-foter3.png
u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/img/ 8 KB
8 KB 117ms
40ms Image
image/png 2a00:b700::6:b
ASBAXET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/img/list-foter3.png
Requested by: Host: u418291wim.ha002.t.justns.ru
URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/pindex.html
Protocol: HTTP/1.1
Security: , ,
Server: 2a00:b700::6:b , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 5c4f116129f61c8454046908401d668d8e6ac3750f93bb0b3646282d0b007a13

Request headers

Referer: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/Sanstitre-2.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 03 Jul 2019 22:04:44 GMT
Last-Modified: Wed, 03 Jul 2019 19:58:17 GMT
Server: LiteSpeed
ETag: "1f1e-5d1d08d9-a37b60055ad62b42;;;"
Vary: User-Agent
Content-Type: image/png
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 7966
Expires: Wed, 10 Jul 2019 22:04:44 GMT

GET
H/1.1 200
OK list-foter4.png
u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/img/ 10 KB
10 KB 76ms
40ms Image
image/png 2a00:b700::6:b
ASBAXET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/img/list-foter4.png
Requested by: Host: u418291wim.ha002.t.justns.ru
URL: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/pindex.html
Protocol: HTTP/1.1
Security: , ,
Server: 2a00:b700::6:b , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 56c62448b5a40248d4cbb5663b94907ed195c8d6d1269769ef641c2f087ad71a

Request headers

Referer: http://u418291wim.ha002.t.justns.ru/depar/avanc/f677df40450cea680a04e6ef02350353/Sanstitre-2.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 03 Jul 2019 22:04:44 GMT
Last-Modified: Wed, 03 Jul 2019 19:58:17 GMT
Server: LiteSpeed
ETag: "282d-5d1d08d9-da62ff65e8ca396d;;;"
Vary: User-Agent
Content-Type: image/png
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 10285
Expires: Wed, 10 Jul 2019 22:04:44 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BNP Paribas (Banking)

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
u418291wim.ha002.t.justns.ru
2a00:1450:4001:81f::200a
2a00:b700::6:b
0ff6d0b27f8073367d9e05cf1237d34c2401c8948827be7cb0110109dc90a5e5
24831c59c068f35f8b5ceb2ed9170f3f6efa984bdcc46525bee98c23f67cc865
2b60d26c25dd8f602d6c798caf23695ee0a9c5597f67a69908f58f50ebacab2c
345546f32de590afdd31eb75738d8e0af8c8c1ec44566d4355e6980346514cb2
4f5f0c3c460379c1444b8fe8f6a39deffd610b222b357c03abdd4233ab808c65
5597b29c5d8bedfc04d334f6edcc76a6f0cc27e46483cc70f632f1dc482d22aa
56c62448b5a40248d4cbb5663b94907ed195c8d6d1269769ef641c2f087ad71a
5c4f116129f61c8454046908401d668d8e6ac3750f93bb0b3646282d0b007a13
625445f8ad9fdb2392cbc547765479c717f12868827fad8443989d6791e8a56e
62b63161bab92f8bb89f26fff793adfdd6809f8a3bfc723ce8f72ea67697b98f
76badf7b389d6c824e2260ab705bc7c5732a0f0a2533941c0a5568d837051582
7765b30f55d23c1e9b5da76e6b4bb7129665b9fb7e0ff1f949f51d74a22f93be
7eed283346ba155d3fa398884232bb5ca3d12fc98d265428b61f50f1daa20f5d
83ad52c2828f7d6a82a5bb376ea772c10e72eaede037fd1863edf32d006f388e
86411cb1cbce2ff92b8a66e70e426875db991f06e0ac15e6ad5428210b044166
8a102873a33f24f7eb22221e6b23c4f718e29f85168ecc769a35bfaed9b12cce
c5f37b7946999009a71ab18ce9ed2b7f6cf76b443b67fc09f30cbb14130066b8
c7e94db9715a4f5ff967e5e4f9acf1e9863f417eac71fccd1daa462ce68944b2
fc44236c1139fc5a39ca4cfbc97603ddd9b0ee5de8e4ef40b157774cb542e073

u418291wim.ha002.t.justns.ru Open in urlscan Pro 2a00:b700::6:b Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

19 Requests

5 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

225 kBTransfer

292 kBSize

0 Cookies

0 Outgoing links

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

23 JavaScript Global Variables

0 Cookies

Indicators

u418291wim.ha002.t.justns.ru Open in urlscan Pro
2a00:b700::6:b Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

5 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

225 kB
Transfer

292 kB
Size

0
Cookies

19 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!