u581812y6h.ha003.t.justns.ru

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 2a00:b700::1c, located in Russian Federation and belongs to ASBAXET, RU. The main domain is u581812y6h.ha003.t.justns.ru.

This is the only time u581812y6h.ha003.t.justns.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Axa (Insurance)

Domain & IP information

	IP Address	AS Autonomous System
1	2a00:b700::29 2a00:b700::29	51659 (ASBAXET) (ASBAXET)
2 7	2a00:b700::1c 2a00:b700::1c	51659 (ASBAXET) (ASBAXET)
1	171.18.34.198 171.18.34.198	12696 (AXA-TECH ...) (AXA-TECH Paris)
7	3

1 2a00:b700::29 (Russian Federation)

ASN51659 (ASBAXET, RU)

u579032xpd.ha003.t.justns.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:b700::1c (Russian Federation) 2 redirects

ASN51659 (ASBAXET, RU)

u581812y6h.ha003.t.justns.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 171.18.34.198 (Paris, France)

ASN12696 (AXA-TECH Paris, FR)

espaceclient.axa.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	justns.ru 2 redirects u579032xpd.ha003.t.justns.ru u581812y6h.ha003.t.justns.ru	7 KB
1	axa.fr espaceclient.axa.fr	198 KB
7	2

	Domain	Requested by
7	u581812y6h.ha003.t.justns.ru	2 redirects u581812y6h.ha003.t.justns.ru
1	espaceclient.axa.fr	u581812y6h.ha003.t.justns.ru
1	u579032xpd.ha003.t.justns.ru
7	3

This site contains no links.

Subject Issuer	Validity	Valid
espaceclient.axa.fr DigiCert SHA2 Extended Validation Server CA	`2018-03-15` - `2020-03-15`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://u581812y6h.ha003.t.justns.ru/FR/Connect/AXA/responsive/u5zdg=/
Frame ID: 56A7F84C063CA79964A3F8BBF38C456D
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://u579032xpd.ha003.t.justns.ru/FR/Connect/AXA/responsive/ Page URL
http://u581812y6h.ha003.t.justns.ru/FR/Connect/AXA/responsive/ HTTP 302
http://u581812y6h.ha003.t.justns.ru/FR/Connect/AXA/responsive/u5zdg= HTTP 301
http://u581812y6h.ha003.t.justns.ru/FR/Connect/AXA/responsive/u5zdg=/ Page URL

Detected technologies

LiteSpeed (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^LiteSpeed$/i

Page Statistics

7
Requests

14 %
HTTPS

67 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

205 kB
Transfer

214 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://u579032xpd.ha003.t.justns.ru/FR/Connect/AXA/responsive/ Page URL
http://u581812y6h.ha003.t.justns.ru/FR/Connect/AXA/responsive/ HTTP 302
http://u581812y6h.ha003.t.justns.ru/FR/Connect/AXA/responsive/u5zdg= HTTP 301
http://u581812y6h.ha003.t.justns.ru/FR/Connect/AXA/responsive/u5zdg=/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
u579032xpd.ha003.t.justns.ru/FR/Connect/AXA/responsive/ 191 B
391 B 184ms
44ms Document
text/html 2a00:b700::29
ASBAXET

General

Check archive.org

Show headers Download Go to

Full URL: http://u579032xpd.ha003.t.justns.ru/FR/Connect/AXA/responsive/
Protocol: HTTP/1.1
Server: 2a00:b700::29 , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: d3eeb9600a72711b5f65ff603c1ce56ef94b8f124ab42d855305fbe027368d02

Request headers

Host: u579032xpd.ha003.t.justns.ru
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 173
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Date: Tue, 28 Jan 2020 14:52:32 GMT
Server: LiteSpeed

GET
H/1.1

200
OK

Primary Request / Show response
u581812y6h.ha003.t.justns.ru/FR/Connect/AXA/responsive/u5zdg=/
Redirect Chain

http://u581812y6h.ha003.t.justns.ru/FR/Connect/AXA/responsive/
http://u581812y6h.ha003.t.justns.ru/FR/Connect/AXA/responsive/u5zdg=
http://u581812y6h.ha003.t.justns.ru/FR/Connect/AXA/responsive/u5zdg=/

14 KB
3 KB

41ms
40ms

Document
text/html

2a00:b700::1c
ASBAXET

General

Check archive.org

Show headers Download Go to

Full URL: http://u581812y6h.ha003.t.justns.ru/FR/Connect/AXA/responsive/u5zdg=/
Protocol: HTTP/1.1
Server: 2a00:b700::1c , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 87a248cf861591c9b5204bebb5787da95fee960a7a4d95d923068621ca1a2ca9

Request headers

Host: u581812y6h.ha003.t.justns.ru
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: http://u579032xpd.ha003.t.justns.ru/FR/Connect/AXA/responsive/
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: http://u579032xpd.ha003.t.justns.ru/FR/Connect/AXA/responsive/

Response headers

Connection: Keep-Alive
Content-Type: text/html
Last-Modified: Tue, 28 Jan 2020 14:52:33 GMT
Etag: "37d7-5e304ab1-a48dd8d971ca74f;gz"
Accept-Ranges: bytes
Transfer-Encoding: chunked
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Date: Tue, 28 Jan 2020 14:52:33 GMT
Server: LiteSpeed

Redirect headers

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 705
Date: Tue, 28 Jan 2020 14:52:33 GMT
Server: LiteSpeed
Location: http://u581812y6h.ha003.t.justns.ru/FR/Connect/AXA/responsive/u5zdg=/
Vary: User-Agent

GET
H/1.1 404
Not Found style.css
u581812y6h.ha003.t.justns.ru/FR/Connect/AXA/responsive/u5zdg=/ 0
0 41ms
40ms Stylesheet
text/html 2a00:b700::1c
ASBAXET

General

Check archive.org

Show headers Download Go to

Full URL: http://u581812y6h.ha003.t.justns.ru/FR/Connect/AXA/responsive/u5zdg=/style.css
Requested by: Host: u581812y6h.ha003.t.justns.ru
URL: http://u581812y6h.ha003.t.justns.ru/FR/Connect/AXA/responsive/u5zdg=/
Protocol: HTTP/1.1
Server: 2a00:b700::1c , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash

Request headers

Referer: http://u581812y6h.ha003.t.justns.ru/FR/Connect/AXA/responsive/u5zdg=/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Tue, 28 Jan 2020 14:52:33 GMT
Content-Encoding: gzip
Server: LiteSpeed
Connection: Keep-Alive
Content-Length: 493
Vary: Accept-Encoding,User-Agent
Content-Type: text/html

GET
H/1.1 200
OK dynamic-background.css
u581812y6h.ha003.t.justns.ru/FR/Connect/AXA/responsive/u5zdg=/ 176 B
526 B 40ms
39ms Stylesheet
text/css 2a00:b700::1c
ASBAXET

General

Check archive.org

Show headers Download Go to

Full URL: http://u581812y6h.ha003.t.justns.ru/FR/Connect/AXA/responsive/u5zdg=/dynamic-background.css
Requested by: Host: u581812y6h.ha003.t.justns.ru
URL: http://u581812y6h.ha003.t.justns.ru/FR/Connect/AXA/responsive/u5zdg=/
Protocol: HTTP/1.1
Server: 2a00:b700::1c , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 5ab3164ccae6940e98a65e0c29781010baa13180c74e138d60d3a573e7269fc5

Request headers

Referer: http://u581812y6h.ha003.t.justns.ru/FR/Connect/AXA/responsive/u5zdg=/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Tue, 28 Jan 2020 14:52:33 GMT
Last-Modified: Tue, 28 Jan 2020 14:52:33 GMT
Server: LiteSpeed
Etag: "b0-5e304ab1-ed6744cff609386d;;;"
Vary: User-Agent
Content-Type: text/css
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 176
Expires: Tue, 04 Feb 2020 14:52:33 GMT

GET
H/1.1 200
OK logo.jpg
u581812y6h.ha003.t.justns.ru/FR/Connect/AXA/responsive/u5zdg=/ 1 KB
2 KB 78ms
39ms Image
image/jpeg 2a00:b700::1c
ASBAXET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://u581812y6h.ha003.t.justns.ru/FR/Connect/AXA/responsive/u5zdg=/logo.jpg
Requested by: Host: u581812y6h.ha003.t.justns.ru
URL: http://u581812y6h.ha003.t.justns.ru/FR/Connect/AXA/responsive/u5zdg=/
Protocol: HTTP/1.1
Server: 2a00:b700::1c , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 6bcbba94cd7a796861c100a8b362d7dcf92dfffa27fbb8bc77c741c77d9a9e53

Request headers

Referer: http://u581812y6h.ha003.t.justns.ru/FR/Connect/AXA/responsive/u5zdg=/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Tue, 28 Jan 2020 14:52:33 GMT
Last-Modified: Tue, 28 Jan 2020 14:52:33 GMT
Server: LiteSpeed
Etag: "57b-5e304ab1-ea4ead2498d9f568;;;"
Vary: User-Agent
Content-Type: image/jpeg
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 1403
Expires: Tue, 04 Feb 2020 14:52:33 GMT

GET
H/1.1 200
OK seS.png
u581812y6h.ha003.t.justns.ru/FR/Connect/AXA/responsive/u5zdg=/ 541 B
893 B 79ms
39ms Image
image/png 2a00:b700::1c
ASBAXET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://u581812y6h.ha003.t.justns.ru/FR/Connect/AXA/responsive/u5zdg=/seS.png
Requested by: Host: u581812y6h.ha003.t.justns.ru
URL: http://u581812y6h.ha003.t.justns.ru/FR/Connect/AXA/responsive/u5zdg=/
Protocol: HTTP/1.1
Server: 2a00:b700::1c , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 25692c1d953a19d8a493ca3d135eb868dd31795a960dc890e77e7a0eaee1298d

Request headers

Referer: http://u581812y6h.ha003.t.justns.ru/FR/Connect/AXA/responsive/u5zdg=/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Tue, 28 Jan 2020 14:52:33 GMT
Last-Modified: Tue, 28 Jan 2020 14:52:33 GMT
Server: LiteSpeed
Etag: "21d-5e304ab1-6bfcb8425ab9ee74;;;"
Vary: User-Agent
Content-Type: image/png
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 541
Expires: Tue, 04 Feb 2020 14:52:33 GMT

GET
H/1.1 200
OK visuel-saga-02.jpg
espaceclient.axa.fr/content/dam/axa-connect/ 198 KB
198 KB 590ms
50ms Image
image/jpeg 171.18.34.198
AXA-TECH Paris

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://espaceclient.axa.fr/content/dam/axa-connect/visuel-saga-02.jpg

Requested by

Host: u581812y6h.ha003.t.justns.ru
URL: http://u581812y6h.ha003.t.justns.ru/FR/Connect/AXA/responsive/u5zdg=/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

171.18.34.198 Paris, France, ASN12696 (AXA-TECH Paris, FR),

Reverse DNS

Software

aws /

Resource Hash

4b8aa548527c50803517f6a729ca5598477d6272c243bc6885d2a03685ac66ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: http://u581812y6h.ha003.t.justns.ru/FR/Connect/AXA/responsive/u5zdg=/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Tue, 28 Jan 2020 14:52:34 GMT
Last-Modified: Tue, 28 Jan 2020 10:01:37 GMT
Server: aws
ETag: "31629-59d304f461fc1"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS
Content-Type: image/jpeg
Access-Control-Allow-Origin: (null)
Access-Control-Expose-Headers: Set-cookie
Cache-control: private
Access-Control-Allow-Credentials: True
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
Access-Control-Allow-Headers: Content-Type,Cache-Control,X-Requested-With
Content-Length: 202281

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Axa (Insurance)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

espaceclient.axa.fr
u579032xpd.ha003.t.justns.ru
u581812y6h.ha003.t.justns.ru
171.18.34.198
2a00:b700::1c
2a00:b700::29
25692c1d953a19d8a493ca3d135eb868dd31795a960dc890e77e7a0eaee1298d
4b8aa548527c50803517f6a729ca5598477d6272c243bc6885d2a03685ac66ae
5ab3164ccae6940e98a65e0c29781010baa13180c74e138d60d3a573e7269fc5
6bcbba94cd7a796861c100a8b362d7dcf92dfffa27fbb8bc77c741c77d9a9e53
87a248cf861591c9b5204bebb5787da95fee960a7a4d95d923068621ca1a2ca9
d3eeb9600a72711b5f65ff603c1ce56ef94b8f124ab42d855305fbe027368d02

u581812y6h.ha003.t.justns.ru Open in urlscan Pro 2a00:b700::1c Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

14 %HTTPS

67 %IPv6

2 Domains

3 Subdomains

3 IPs

2 Countries

205 kBTransfer

214 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

12 JavaScript Global Variables

0 Cookies

Indicators

u581812y6h.ha003.t.justns.ru Open in urlscan Pro
2a00:b700::1c Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

14 %
HTTPS

67 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

205 kB
Transfer

214 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!