u542312q96.ha003.t.justns.ru Open in urlscan Pro
2a00:b700::2e Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://lbdnh.sbikose.net/
Effective URL:
http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/
Submission: On December 12 via api (December 12th 2019, 9:13:39 pm UTC) from BE

Summary HTTP 19 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 3 countries across 3 domains to perform 19 HTTP transactions. The main IP is 2a00:b700::2e, located in Russian Federation and belongs to ASBAXET, RU. The main domain is u542312q96.ha003.t.justns.ru.

This is the only time u542312q96.ha003.t.justns.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Credit Agricole (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	46.30.213.254 46.30.213.254	51468 (ONECOM) (ONECOM)
1	124.156.99.47 124.156.99.47	132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building)
2 20	2a00:b700::2e 2a00:b700::2e	51659 (ASBAXET) (ASBAXET)
19	2

1 46.30.213.254 (Copenhagen, Denmark) 1 redirects

ASN51468 (ONECOM, DK)
PTR: webforward2.webpod4-cph3.one.com

lbdnh.sbikose.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 124.156.99.47 (Hong Kong)

ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)

www.xinshidaimall.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:b700::2e (Russian Federation) 2 redirects

ASN51659 (ASBAXET, RU)

u542312q96.ha003.t.justns.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	justns.ru 2 redirects u542312q96.ha003.t.justns.ru	143 KB
1	xinshidaimall.com www.xinshidaimall.com	392 B
1	sbikose.net 1 redirects lbdnh.sbikose.net	378 B
19	3

	Domain	Requested by
20	u542312q96.ha003.t.justns.ru	2 redirects www.xinshidaimall.com u542312q96.ha003.t.justns.ru
1	www.xinshidaimall.com
1	lbdnh.sbikose.net	1 redirects
19	3

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/
Frame ID: 3F03AEC9883DCE2F962235C84EC49EF5
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://lbdnh.sbikose.net/ HTTP 302
http://www.xinshidaimall.com/admin/ji/ Page URL
http://u542312q96.ha003.t.justns.ru/zien/m/ HTTP 302
http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1 HTTP 301
http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ Page URL

Detected technologies

Windows Server (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Win32|Win64/i

OpenSSL (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

19
Requests

0 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

143 kB
Transfer

274 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://lbdnh.sbikose.net/ HTTP 302
http://www.xinshidaimall.com/admin/ji/ Page URL
http://u542312q96.ha003.t.justns.ru/zien/m/ HTTP 302
http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1 HTTP 301
http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://lbdnh.sbikose.net/ HTTP 302
http://www.xinshidaimall.com/admin/ji/

19 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response www.xinshidaimall.com/admin/ji/ Redirect Chain http://lbdnh.sbikose.net/ http://www.xinshidaimall.com/admin/ji/	113 B 392 B	693ms 436ms	Document text/html	124.156.99.47 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL http://www.xinshidaimall.com/admin/ji/ Protocol HTTP/1.1 Server 124.156.99.47 , Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software Apache/2.4.23 (Win32) OpenSSL/1.0.2j mod_fcgid/2.3.9 / PHP/5.6.27 Resource Hash `66059ee040ec3d8bb4c07be85bdd45191bfb6dc73228e89d4eda6487d6052b78` Request headers Host www.xinshidaimall.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 12 Dec 2019 21:13:19 GMT Server Apache/2.4.23 (Win32) OpenSSL/1.0.2j mod_fcgid/2.3.9 X-Powered-By PHP/5.6.27 Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Redirect headers Cache-Control max-age:600, public Content-Length 173 Expires Thu, 12 Dec 2019 21:23:19 GMT Last-Modified Thu, 12 Dec 2019 21:13:19 GMT Location http://www.xinshidaimall.com/admin/ji/ Date Thu, 12 Dec 2019 21:13:19 GMT Content-Type text/html; charset=utf-8 X-Varnish 816775496 Age 0 Via 1.1 varnish (Varnish/6.3) Connection keep-alive
GET H/1.1	200 OK	Primary Request / Show response u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ Redirect Chain http://u542312q96.ha003.t.justns.ru/zien/m/ http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1 http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/	16 KB 5 KB	42ms 41ms	Document text/html	2a00:b700::2e ASBAXET
General Check archive.org Show headers Download Go to Full URL http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ Requested by Host: www.xinshidaimall.com URL: http://www.xinshidaimall.com/admin/ji/ Protocol HTTP/1.1 Server 2a00:b700::2e , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `e6ebd97ad66c3f6d4d2e43ffa5f601d8d8b3a4b110b4d359c3524a3403f31290` Request headers Host u542312q96.ha003.t.justns.ru Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Referer http://www.xinshidaimall.com/admin/ji/ Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer http://www.xinshidaimall.com/admin/ji/ Response headers Connection Keep-Alive Content-Type text/html; charset=UTF-8 Content-Length 4800 Content-Encoding gzip Vary Accept-Encoding,User-Agent Date Thu, 12 Dec 2019 21:13:21 GMT Server LiteSpeed Redirect headers Connection Keep-Alive Content-Type text/html Content-Length 705 Date Thu, 12 Dec 2019 21:13:21 GMT Server LiteSpeed Location http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ Vary User-Agent
GET H/1.1	200 OK	antiquus.css u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/	26 KB 4 KB	79ms 39ms	Stylesheet text/css	2a00:b700::2e ASBAXET
General Check archive.org Show headers Download Go to Full URL http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/antiquus.css Requested by Host: u542312q96.ha003.t.justns.ru URL: http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ Protocol HTTP/1.1 Server 2a00:b700::2e , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `7b2736d09d34494af3490ed5a4c14776f2c9f1c72e58f9c2ea692d17c1eb5311` Request headers Referer http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 12 Dec 2019 21:13:21 GMT Content-Encoding gzip Last-Modified Thu, 12 Dec 2019 21:13:21 GMT Server LiteSpeed Etag "6969-5df2ad71-aa05ac2019d3841a;gz" Vary Accept-Encoding,User-Agent Content-Type text/css Cache-Control public, max-age=604800 Transfer-Encoding chunked Connection Keep-Alive Accept-Ranges bytes Expires Thu, 19 Dec 2019 21:13:21 GMT
GET H/1.1	200 OK	styles.css u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/	83 KB 16 KB	79ms 39ms	Stylesheet text/css	2a00:b700::2e ASBAXET
General Check archive.org Show headers Download Go to Full URL http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/styles.css Requested by Host: u542312q96.ha003.t.justns.ru URL: http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ Protocol HTTP/1.1 Server 2a00:b700::2e , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `93c14a18bf17e789c6ff56c7058ff4c3442803c533cf3384be0a352a54fac0ee` Request headers Referer http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 12 Dec 2019 21:13:21 GMT Content-Encoding gzip Last-Modified Thu, 12 Dec 2019 21:13:21 GMT Server LiteSpeed Etag "14cf3-5df2ad71-bdcc8c9ab8d8c82c;gz" Vary Accept-Encoding,User-Agent Content-Type text/css Cache-Control public, max-age=604800 Transfer-Encoding chunked Connection Keep-Alive Accept-Ranges bytes Expires Thu, 19 Dec 2019 21:13:21 GMT
GET H/1.1	200 OK	styles-mod.css u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/	15 KB 4 KB	79ms 40ms	Stylesheet text/css	2a00:b700::2e ASBAXET
General Check archive.org Show headers Download Go to Full URL http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/styles-mod.css Requested by Host: u542312q96.ha003.t.justns.ru URL: http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ Protocol HTTP/1.1 Server 2a00:b700::2e , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `af03fd5bbea38498f45dade415005c9bc1b63261411b5e6a2f4e83ed52c0c55e` Request headers Referer http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 12 Dec 2019 21:13:21 GMT Content-Encoding gzip Last-Modified Thu, 12 Dec 2019 21:13:21 GMT Server LiteSpeed Etag "3aba-5df2ad71-ba73e64e4c2c7111;gz" Vary Accept-Encoding,User-Agent Content-Type text/css Cache-Control public, max-age=604800 Transfer-Encoding chunked Connection Keep-Alive Accept-Ranges bytes Expires Thu, 19 Dec 2019 21:13:21 GMT
GET H/1.1	200 OK	/ u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/	16 KB 5 KB	42ms 41ms	Stylesheet text/html	2a00:b700::2e ASBAXET
General Check archive.org Show headers Download Go to Full URL http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ Requested by Host: u542312q96.ha003.t.justns.ru URL: http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ Protocol HTTP/1.1 Server 2a00:b700::2e , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `e6ebd97ad66c3f6d4d2e43ffa5f601d8d8b3a4b110b4d359c3524a3403f31290` Request headers Referer http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 12 Dec 2019 21:13:21 GMT Content-Encoding gzip Server LiteSpeed Connection Keep-Alive Content-Length 4800 Vary Accept-Encoding,User-Agent Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	/ Show response u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/	16 KB 5 KB	84ms 43ms	Script text/html	2a00:b700::2e ASBAXET
General Check archive.org Show headers Download Go to Full URL http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ Requested by Host: u542312q96.ha003.t.justns.ru URL: http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ Protocol HTTP/1.1 Server 2a00:b700::2e , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `e6ebd97ad66c3f6d4d2e43ffa5f601d8d8b3a4b110b4d359c3524a3403f31290` Request headers Referer http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 12 Dec 2019 21:13:21 GMT Content-Encoding gzip Server LiteSpeed Connection Keep-Alive Content-Length 4800 Vary Accept-Encoding,User-Agent Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	2.PNG u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/	10 KB 10 KB	41ms 40ms	Image image/png	2a00:b700::2e ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/2.PNG Requested by Host: u542312q96.ha003.t.justns.ru URL: http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ Protocol HTTP/1.1 Server 2a00:b700::2e , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `2683fba7cb1a08e283ce4e36c30da6b0fb637805500ce1fbdc273e3dc6aa31e7` Request headers Referer http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 12 Dec 2019 21:13:21 GMT Last-Modified Thu, 12 Dec 2019 21:13:21 GMT Server LiteSpeed Etag "26d8-5df2ad71-989729262cda5df4;;;" Vary User-Agent Content-Type image/png Cache-Control public, max-age=604800 Connection Keep-Alive Accept-Ranges bytes Content-Length 9944 Expires Thu, 19 Dec 2019 21:13:21 GMT
GET H/1.1	200 OK	4.PNG u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/	80 KB 80 KB	40ms 39ms	Image image/png	2a00:b700::2e ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/4.PNG Requested by Host: u542312q96.ha003.t.justns.ru URL: http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ Protocol HTTP/1.1 Server 2a00:b700::2e , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `a5c171953807186c09c88facb9fa374b3b3b7464802bab6ce14c3568c3850efc` Request headers Referer http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 12 Dec 2019 21:13:21 GMT Last-Modified Thu, 12 Dec 2019 21:13:21 GMT Server LiteSpeed Etag "13ea1-5df2ad71-eb200f654c5f82c6;;;" Vary User-Agent Content-Type image/png Cache-Control public, max-age=604800 Connection Keep-Alive Accept-Ranges bytes Content-Length 81569 Expires Thu, 19 Dec 2019 21:13:21 GMT
GET H/1.1	200 OK	1.PNG u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/	5 KB 5 KB	41ms 41ms	Image image/png	2a00:b700::2e ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/1.PNG Requested by Host: u542312q96.ha003.t.justns.ru URL: http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ Protocol HTTP/1.1 Server 2a00:b700::2e , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `dbfbcbafd2d82f705eb25d811a858ffe6affa7aced9d4c0e0fb826637c8c0e3d` Request headers Referer http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 12 Dec 2019 21:13:21 GMT Last-Modified Thu, 12 Dec 2019 21:13:21 GMT Server LiteSpeed Etag "147d-5df2ad71-680ad18f6ffbafe3;;;" Vary User-Agent Content-Type image/png Cache-Control public, max-age=604800 Connection Keep-Alive Accept-Ranges bytes Content-Length 5245 Expires Thu, 19 Dec 2019 21:13:21 GMT
GET H/1.1	200 OK	point_transp.gif u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/	87 B 437 B	40ms 39ms	Image image/gif	2a00:b700::2e ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/point_transp.gif Requested by Host: u542312q96.ha003.t.justns.ru URL: http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ Protocol HTTP/1.1 Server 2a00:b700::2e , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `7a1a0dc539a9129f3ce1a26e7598a54217d8c8c0291f1a267976dcdad89bbe57` Request headers Referer http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 12 Dec 2019 21:13:21 GMT Last-Modified Thu, 12 Dec 2019 21:13:21 GMT Server LiteSpeed Etag "57-5df2ad71-61e16a448159f8fa;;;" Vary User-Agent Content-Type image/gif Cache-Control public, max-age=604800 Connection Keep-Alive Accept-Ranges bytes Content-Length 87 Expires Thu, 19 Dec 2019 21:13:21 GMT
GET H/1.1	200 OK	3.PNG u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/	3 KB 3 KB	40ms 39ms	Image image/png	2a00:b700::2e ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/3.PNG Requested by Host: u542312q96.ha003.t.justns.ru URL: http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ Protocol HTTP/1.1 Server 2a00:b700::2e , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `981fc6bc288f27176dfd0511a1ca0e867bf6f63e6e04c076afbb9fe4fdf180af` Request headers Referer http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 12 Dec 2019 21:13:21 GMT Last-Modified Thu, 12 Dec 2019 21:13:21 GMT Server LiteSpeed Etag "c26-5df2ad71-c76aa4c50eb35ec9;;;" Vary User-Agent Content-Type image/png Cache-Control public, max-age=604800 Connection Keep-Alive Accept-Ranges bytes Content-Length 3110 Expires Thu, 19 Dec 2019 21:13:21 GMT
GET H/1.1	404 Not Found	main_repeat.png u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/	695 B 695 B	40ms 39ms	Image text/html	2a00:b700::2e ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/main_repeat.png Requested by Host: u542312q96.ha003.t.justns.ru URL: http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ Protocol HTTP/1.1 Server 2a00:b700::2e , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `147f6d57da2ff1e82c179bcd745d41deac988ee922409ab531fca086e3e00f32` Request headers Referer http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/styles.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 12 Dec 2019 21:13:21 GMT Content-Encoding gzip Server LiteSpeed Connection Keep-Alive Content-Length 510 Vary Accept-Encoding,User-Agent Content-Type text/html
GET H/1.1	404 Not Found	entete_light.png u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/	696 B 696 B	75ms 42ms	Image text/html	2a00:b700::2e ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/entete_light.png Requested by Host: u542312q96.ha003.t.justns.ru URL: http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ Protocol HTTP/1.1 Server 2a00:b700::2e , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `b1192757cf51d14fdf9246565d9018ecdadd6de52300e8d6e51d2ec8b8025148` Request headers Referer http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/styles-mod.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 12 Dec 2019 21:13:21 GMT Content-Encoding gzip Server LiteSpeed Connection Keep-Alive Content-Length 511 Vary Accept-Encoding,User-Agent Content-Type text/html
GET H/1.1	404 Not Found	main_haut.png u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/	693 B 693 B	72ms 40ms	Image text/html	2a00:b700::2e ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/main_haut.png Requested by Host: u542312q96.ha003.t.justns.ru URL: http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ Protocol HTTP/1.1 Server 2a00:b700::2e , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `782abe48106cb3e8c87f44b5cc60a8eda95ef7951cfdc58386893d99b027d699` Request headers Referer http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/styles.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 12 Dec 2019 21:13:21 GMT Content-Encoding gzip Server LiteSpeed Connection Keep-Alive Content-Length 508 Vary Accept-Encoding,User-Agent Content-Type text/html
GET H/1.1	404 Not Found	bloc_arrond_bas.png u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/	699 B 699 B	73ms 40ms	Image text/html	2a00:b700::2e ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/bloc_arrond_bas.png Requested by Host: u542312q96.ha003.t.justns.ru URL: http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ Protocol HTTP/1.1 Server 2a00:b700::2e , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `f72450cd2f22e0a21509b07527fc7b542e01e8a96c3990e8646b15dd75bb426b` Request headers Referer http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/styles.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 12 Dec 2019 21:13:21 GMT Content-Encoding gzip Server LiteSpeed Connection Keep-Alive Content-Length 514 Vary Accept-Encoding,User-Agent Content-Type text/html
GET H/1.1	404 Not Found	bloc_arrond_haut.png u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/	700 B 700 B	75ms 42ms	Image text/html	2a00:b700::2e ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/bloc_arrond_haut.png Requested by Host: u542312q96.ha003.t.justns.ru URL: http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ Protocol HTTP/1.1 Server 2a00:b700::2e , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `fb1f33d89a7ee704b6b34203a59925a376a3d3f0d60a8605f41376d768b59a99` Request headers Referer http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/styles.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 12 Dec 2019 21:13:21 GMT Content-Encoding gzip Server LiteSpeed Connection Keep-Alive Content-Length 515 Vary Accept-Encoding,User-Agent Content-Type text/html
GET H/1.1	404 Not Found	bg_form.png u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/	691 B 691 B	109ms 39ms	Image text/html	2a00:b700::2e ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/bg_form.png Requested by Host: u542312q96.ha003.t.justns.ru URL: http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ Protocol HTTP/1.1 Server 2a00:b700::2e , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `6103c1bdf4fb5a0ec80b96cffc7b8c522b60275660697e1785ec865ad7dcffbd` Request headers Referer http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/styles.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 12 Dec 2019 21:13:21 GMT Content-Encoding gzip Server LiteSpeed Connection Keep-Alive Content-Length 506 Vary Accept-Encoding,User-Agent Content-Type text/html
GET H/1.1	404 Not Found	thead.png u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/	689 B 689 B	74ms 41ms	Image text/html	2a00:b700::2e ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/thead.png Requested by Host: u542312q96.ha003.t.justns.ru URL: http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/ Protocol HTTP/1.1 Server 2a00:b700::2e , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `d5db98020a066493d04f0b330ccb96fbae46db6e39fe1b150d768262f00153f6` Request headers Referer http://u542312q96.ha003.t.justns.ru/zien/m/d9ae9471cd8ce53c295f4cee1cce6bc1/img/styles-mod.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 12 Dec 2019 21:13:21 GMT Content-Encoding gzip Server LiteSpeed Connection Keep-Alive Content-Length 504 Vary Accept-Encoding,User-Agent Content-Type text/html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Credit Agricole (Banking)

47 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

lbdnh.sbikose.net
u542312q96.ha003.t.justns.ru
www.xinshidaimall.com
124.156.99.47
2a00:b700::2e
46.30.213.254
147f6d57da2ff1e82c179bcd745d41deac988ee922409ab531fca086e3e00f32
2683fba7cb1a08e283ce4e36c30da6b0fb637805500ce1fbdc273e3dc6aa31e7
6103c1bdf4fb5a0ec80b96cffc7b8c522b60275660697e1785ec865ad7dcffbd
66059ee040ec3d8bb4c07be85bdd45191bfb6dc73228e89d4eda6487d6052b78
782abe48106cb3e8c87f44b5cc60a8eda95ef7951cfdc58386893d99b027d699
7a1a0dc539a9129f3ce1a26e7598a54217d8c8c0291f1a267976dcdad89bbe57
7b2736d09d34494af3490ed5a4c14776f2c9f1c72e58f9c2ea692d17c1eb5311
93c14a18bf17e789c6ff56c7058ff4c3442803c533cf3384be0a352a54fac0ee
981fc6bc288f27176dfd0511a1ca0e867bf6f63e6e04c076afbb9fe4fdf180af
a5c171953807186c09c88facb9fa374b3b3b7464802bab6ce14c3568c3850efc
af03fd5bbea38498f45dade415005c9bc1b63261411b5e6a2f4e83ed52c0c55e
b1192757cf51d14fdf9246565d9018ecdadd6de52300e8d6e51d2ec8b8025148
d5db98020a066493d04f0b330ccb96fbae46db6e39fe1b150d768262f00153f6
dbfbcbafd2d82f705eb25d811a858ffe6affa7aced9d4c0e0fb826637c8c0e3d
e6ebd97ad66c3f6d4d2e43ffa5f601d8d8b3a4b110b4d359c3524a3403f31290
f72450cd2f22e0a21509b07527fc7b542e01e8a96c3990e8646b15dd75bb426b
fb1f33d89a7ee704b6b34203a59925a376a3d3f0d60a8605f41376d768b59a99

u542312q96.ha003.t.justns.ru Open in urlscan Pro 2a00:b700::2e Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

19 Requests

0 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

2 IPs

3 Countries

143 kBTransfer

274 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

47 JavaScript Global Variables

0 Cookies

Indicators

u542312q96.ha003.t.justns.ru Open in urlscan Pro
2a00:b700::2e Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

0 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

143 kB
Transfer

274 kB
Size

0
Cookies

19 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!