urlscan.io logo urlscan.io
SecurityTrails logo

u6276137gi.ha003.t.justns.ru Open in urlscan Pro
2a00:b700::2f  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://u6276437gm.ha003.t.justns.ru/presire.php
Effective URL: http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
Submission: On February 28 via manual from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 1 domains to perform 20 HTTP transactions. The main IP is 2a00:b700::2f, located in Russian Federation and belongs to ASBAXET, RU. The main domain is u6276137gi.ha003.t.justns.ru.
This is the only time u6276137gi.ha003.t.justns.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Credit Agricole (Banking)

Domain & IP information

IP Address AS Autonomous System
1 2a00:b700::1c 51659 (ASBAXET)
1 2a00:b700::28 51659 (ASBAXET)
2 20 2a00:b700::2f 51659 (ASBAXET)
20 3
Domain Requested by
20 u6276137gi.ha003.t.justns.ru 2 redirects u6276137gi.ha003.t.justns.ru
1 u6276237gk.ha003.t.justns.ru
1 u6276437gm.ha003.t.justns.ru
20 3

This site contains no links.

Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
Frame ID: 47399E3C9C616EE79591E952C66D2FF8
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://u6276437gm.ha003.t.justns.ru/presire.php Page URL
  2. http://u6276237gk.ha003.t.justns.ru/presu.php Page URL
  3. http://u6276137gi.ha003.t.justns.ru/preso HTTP 301
    http://u6276137gi.ha003.t.justns.ru/preso/ HTTP 302
    http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928B... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers server /^LiteSpeed$/i

Page Statistics

20
Requests

0 %
HTTPS

100 %
IPv6

1
Domains

3
Subdomains

3
IPs

1
Countries

122 kB
Transfer

248 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://u6276437gm.ha003.t.justns.ru/presire.php Page URL
  2. http://u6276237gk.ha003.t.justns.ru/presu.php Page URL
  3. http://u6276137gi.ha003.t.justns.ru/preso HTTP 301
    http://u6276137gi.ha003.t.justns.ru/preso/ HTTP 302
    http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
presire.php
u6276437gm.ha003.t.justns.ru/ 		85 B
315 B 		Document
General
Check archive.org
Download Go to
Full URL
http://u6276437gm.ha003.t.justns.ru/presire.php
Protocol
HTTP/1.1
Server
2a00:b700::1c , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software
LiteSpeed /
Resource Hash
7c9aa1ca8b867655c1ce72e873fd2be858765caa9f7a4abfd3c97394ba43ef46

Request headers

Host
u6276437gm.ha003.t.justns.ru
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Content-Length
98
Content-Encoding
gzip
Vary
Accept-Encoding,User-Agent
Date
Fri, 28 Feb 2020 16:33:04 GMT
Server
LiteSpeed
presu.php
u6276237gk.ha003.t.justns.ru/ 		86 B
322 B 		Document
General
Check archive.org
Download Go to
Full URL
http://u6276237gk.ha003.t.justns.ru/presu.php
Protocol
HTTP/1.1
Server
2a00:b700::28 , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software
LiteSpeed /
Resource Hash
f498f4f01b846b7e126b843e44513bd9451af76ace7f4f33d374b740bfcb3bbe

Request headers

Host
u6276237gk.ha003.t.justns.ru
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://u6276437gm.ha003.t.justns.ru/presire.php
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://u6276437gm.ha003.t.justns.ru/presire.php

Response headers

Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Content-Length
104
Content-Encoding
gzip
Vary
Accept-Encoding,User-Agent
Date
Fri, 28 Feb 2020 16:33:05 GMT
Server
LiteSpeed
Primary Request ssl.php
u6276137gi.ha003.t.justns.ru/preso/
Redirect Chain
  • http://u6276137gi.ha003.t.justns.ru/preso
  • http://u6276137gi.ha003.t.justns.ru/preso/
  • http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
16 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
Protocol
HTTP/1.1
Server
2a00:b700::2f , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software
LiteSpeed /
Resource Hash
6c5b4a6b21bd4b6cae49bde18902af1596e2575e0b1ef149454442f75c9a68ea

Request headers

Host
u6276137gi.ha003.t.justns.ru
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://u6276237gk.ha003.t.justns.ru/presu.php
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://u6276237gk.ha003.t.justns.ru/presu.php

Response headers

Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Content-Length
4774
Content-Encoding
gzip
Vary
Accept-Encoding,User-Agent
Date
Fri, 28 Feb 2020 16:33:06 GMT
Server
LiteSpeed

Redirect headers

Connection
Keep-Alive
Location
ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
Content-Type
text/html; charset=UTF-8
Content-Length
0
Date
Fri, 28 Feb 2020 16:33:05 GMT
Server
LiteSpeed
Cache-Control
no-cache, no-store, must-revalidate, max-age=0
Vary
User-Agent
antiquus.css
u6276137gi.ha003.t.justns.ru/preso/img/ 		26 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://u6276137gi.ha003.t.justns.ru/preso/img/antiquus.css
Requested by
Host: u6276137gi.ha003.t.justns.ru
URL: http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
Protocol
HTTP/1.1
Server
2a00:b700::2f , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software
LiteSpeed /
Resource Hash
a307d1f6262aaa120d2d8d18603e6b0eb9a7f58c2865d689a5a7c2d6b707fbbb

Request headers

Referer
http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 28 Feb 2020 16:33:06 GMT
Content-Encoding
gzip
Last-Modified
Fri, 28 Feb 2020 02:21:55 GMT
Server
LiteSpeed
Etag
"66a1-5e587943-bfe9015b7d7df299;gz"
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
3739
Expires
Fri, 06 Mar 2020 16:33:06 GMT
styles.css
u6276137gi.ha003.t.justns.ru/preso/img/ 		80 KB
15 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://u6276137gi.ha003.t.justns.ru/preso/img/styles.css
Requested by
Host: u6276137gi.ha003.t.justns.ru
URL: http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
Protocol
HTTP/1.1
Server
2a00:b700::2f , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software
LiteSpeed /
Resource Hash
f200b06c8442200a5a36b199ebdfe810115cdb8973df873db4370f6a68239d06

Request headers

Referer
http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 28 Feb 2020 16:33:06 GMT
Content-Encoding
gzip
Last-Modified
Fri, 28 Feb 2020 02:22:05 GMT
Server
LiteSpeed
Etag
"13f4d-5e58794d-4ad32402add698b1;gz"
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
15362
Expires
Fri, 06 Mar 2020 16:33:06 GMT
styles-mod.css
u6276137gi.ha003.t.justns.ru/preso/img/ 		14 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://u6276137gi.ha003.t.justns.ru/preso/img/styles-mod.css
Requested by
Host: u6276137gi.ha003.t.justns.ru
URL: http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
Protocol
HTTP/1.1
Server
2a00:b700::2f , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software
LiteSpeed /
Resource Hash
01da4e861e3a45faf7f7cbb6de898ec71b2ad3f85488dca42924305b1d4107eb

Request headers

Referer
http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 28 Feb 2020 16:33:06 GMT
Content-Encoding
gzip
Last-Modified
Fri, 28 Feb 2020 02:22:04 GMT
Server
LiteSpeed
Etag
"37e5-5e58794c-4ba2941e62e8f41f;gz"
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
3941
Expires
Fri, 06 Mar 2020 16:33:06 GMT
2.PNG
u6276137gi.ha003.t.justns.ru/preso/img/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://u6276137gi.ha003.t.justns.ru/preso/img/2.PNG
Requested by
Host: u6276137gi.ha003.t.justns.ru
URL: http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
Protocol
HTTP/1.1
Server
2a00:b700::2f , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software
LiteSpeed /
Resource Hash
46a55e83380d38b850b158ab5a161ed8381be31a83b4ebdb70673d429a66984c

Request headers

Referer
http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 28 Feb 2020 16:33:06 GMT
Last-Modified
Fri, 28 Feb 2020 02:21:52 GMT
Server
LiteSpeed
Etag
"199f-5e587940-bdcab25ab42756d;;;"
Vary
User-Agent
Content-Type
image/png
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
6559
Expires
Fri, 06 Mar 2020 16:33:06 GMT
4.PNG
u6276137gi.ha003.t.justns.ru/preso/img/ 		62 KB
62 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://u6276137gi.ha003.t.justns.ru/preso/img/4.PNG
Requested by
Host: u6276137gi.ha003.t.justns.ru
URL: http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
Protocol
HTTP/1.1
Server
2a00:b700::2f , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software
LiteSpeed /
Resource Hash
2a9238404356dd38cde454db089022e19ba6c73641ee7e24a04e9f046e420cdd

Request headers

Referer
http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 28 Feb 2020 16:33:06 GMT
Last-Modified
Fri, 28 Feb 2020 02:21:54 GMT
Server
LiteSpeed
Etag
"f83f-5e587942-3b27dca232cd1e2c;;;"
Vary
User-Agent
Content-Type
image/png
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
63551
Expires
Fri, 06 Mar 2020 16:33:06 GMT
1.PNG
u6276137gi.ha003.t.justns.ru/preso/img/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://u6276137gi.ha003.t.justns.ru/preso/img/1.PNG
Requested by
Host: u6276137gi.ha003.t.justns.ru
URL: http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
Protocol
HTTP/1.1
Server
2a00:b700::2f , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software
LiteSpeed /
Resource Hash
dbfbcbafd2d82f705eb25d811a858ffe6affa7aced9d4c0e0fb826637c8c0e3d

Request headers

Referer
http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 28 Feb 2020 16:33:06 GMT
Last-Modified
Fri, 28 Feb 2020 02:21:52 GMT
Server
LiteSpeed
Etag
"147d-5e587940-d82e07ae6e712b88;;;"
Vary
User-Agent
Content-Type
image/png
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
5245
Expires
Fri, 06 Mar 2020 16:33:06 GMT
point_transp.gif
u6276137gi.ha003.t.justns.ru/preso/img/ 		87 B
437 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://u6276137gi.ha003.t.justns.ru/preso/img/point_transp.gif
Requested by
Host: u6276137gi.ha003.t.justns.ru
URL: http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
Protocol
HTTP/1.1
Server
2a00:b700::2f , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software
LiteSpeed /
Resource Hash
7a1a0dc539a9129f3ce1a26e7598a54217d8c8c0291f1a267976dcdad89bbe57

Request headers

Referer
http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 28 Feb 2020 16:33:06 GMT
Last-Modified
Fri, 28 Feb 2020 02:22:03 GMT
Server
LiteSpeed
Etag
"57-5e58794b-5aa1577a342ececf;;;"
Vary
User-Agent
Content-Type
image/gif
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
87
Expires
Fri, 06 Mar 2020 16:33:06 GMT
3.PNG
u6276137gi.ha003.t.justns.ru/preso/img/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://u6276137gi.ha003.t.justns.ru/preso/img/3.PNG
Requested by
Host: u6276137gi.ha003.t.justns.ru
URL: http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
Protocol
HTTP/1.1
Server
2a00:b700::2f , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software
LiteSpeed /
Resource Hash
981fc6bc288f27176dfd0511a1ca0e867bf6f63e6e04c076afbb9fe4fdf180af

Request headers

Referer
http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 28 Feb 2020 16:33:06 GMT
Last-Modified
Fri, 28 Feb 2020 02:21:53 GMT
Server
LiteSpeed
Etag
"c26-5e587941-5fb7bd7d8c648d78;;;"
Vary
User-Agent
Content-Type
image/png
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
3110
Expires
Fri, 06 Mar 2020 16:33:06 GMT
ssl.php
u6276137gi.ha003.t.justns.ru/preso/ 		16 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
Requested by
Host: u6276137gi.ha003.t.justns.ru
URL: http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
Protocol
HTTP/1.1
Server
2a00:b700::2f , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software
LiteSpeed /
Resource Hash
6c5b4a6b21bd4b6cae49bde18902af1596e2575e0b1ef149454442f75c9a68ea

Request headers

Referer
http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 28 Feb 2020 16:33:07 GMT
Content-Encoding
gzip
Server
LiteSpeed
Connection
Keep-Alive
Content-Length
4774
Vary
Accept-Encoding,User-Agent
Content-Type
text/html; charset=UTF-8
ssl.php
u6276137gi.ha003.t.justns.ru/preso/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
Requested by
Host: u6276137gi.ha003.t.justns.ru
URL: http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
Protocol
HTTP/1.1
Server
2a00:b700::2f , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software
LiteSpeed /
Resource Hash
6c5b4a6b21bd4b6cae49bde18902af1596e2575e0b1ef149454442f75c9a68ea

Request headers

Referer
http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 28 Feb 2020 16:33:07 GMT
Content-Encoding
gzip
Server
LiteSpeed
Connection
Keep-Alive
Content-Length
4774
Vary
Accept-Encoding,User-Agent
Content-Type
text/html; charset=UTF-8
main_repeat.png
u6276137gi.ha003.t.justns.ru/preso/img/ 		661 B
661 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://u6276137gi.ha003.t.justns.ru/preso/img/main_repeat.png
Requested by
Host: u6276137gi.ha003.t.justns.ru
URL: http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
Protocol
HTTP/1.1
Server
2a00:b700::2f , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software
LiteSpeed /
Resource Hash
45f8cd8ef5a8a67ebc071bd5f4ea66c34a5398159f817eac036cf741f58a73cf

Request headers

Referer
http://u6276137gi.ha003.t.justns.ru/preso/img/styles.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 28 Feb 2020 16:33:07 GMT
Content-Encoding
gzip
Server
LiteSpeed
Connection
Keep-Alive
Content-Length
476
Vary
Accept-Encoding,User-Agent
Content-Type
text/html
entete_light.png
u6276137gi.ha003.t.justns.ru/preso/img/ 		662 B
662 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://u6276137gi.ha003.t.justns.ru/preso/img/entete_light.png
Requested by
Host: u6276137gi.ha003.t.justns.ru
URL: http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
Protocol
HTTP/1.1
Server
2a00:b700::2f , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software
LiteSpeed /
Resource Hash
196e527f3fe15d2f0fd0ddf5f19a7b8d40ba24df7db0577c1160461edf2ebf75

Request headers

Referer
http://u6276137gi.ha003.t.justns.ru/preso/img/styles-mod.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 28 Feb 2020 16:33:07 GMT
Content-Encoding
gzip
Server
LiteSpeed
Connection
Keep-Alive
Content-Length
477
Vary
Accept-Encoding,User-Agent
Content-Type
text/html
main_haut.png
u6276137gi.ha003.t.justns.ru/preso/img/ 		659 B
659 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://u6276137gi.ha003.t.justns.ru/preso/img/main_haut.png
Requested by
Host: u6276137gi.ha003.t.justns.ru
URL: http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
Protocol
HTTP/1.1
Server
2a00:b700::2f , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software
LiteSpeed /
Resource Hash
c116be7913e4062ef8834dd6dbfd63b7d12912e18c3d9cddab2564327d4d92c4

Request headers

Referer
http://u6276137gi.ha003.t.justns.ru/preso/img/styles.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 28 Feb 2020 16:33:07 GMT
Content-Encoding
gzip
Server
LiteSpeed
Connection
Keep-Alive
Content-Length
474
Vary
Accept-Encoding,User-Agent
Content-Type
text/html
bloc_arrond_bas.png
u6276137gi.ha003.t.justns.ru/preso/img/ 		665 B
665 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://u6276137gi.ha003.t.justns.ru/preso/img/bloc_arrond_bas.png
Requested by
Host: u6276137gi.ha003.t.justns.ru
URL: http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
Protocol
HTTP/1.1
Server
2a00:b700::2f , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software
LiteSpeed /
Resource Hash
9df9f23d332cbc09937089af9b73a8216387311cf72a2311e4d1c926a0993231

Request headers

Referer
http://u6276137gi.ha003.t.justns.ru/preso/img/styles.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 28 Feb 2020 16:33:07 GMT
Content-Encoding
gzip
Server
LiteSpeed
Connection
Keep-Alive
Content-Length
480
Vary
Accept-Encoding,User-Agent
Content-Type
text/html
bloc_arrond_haut.png
u6276137gi.ha003.t.justns.ru/preso/img/ 		666 B
666 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://u6276137gi.ha003.t.justns.ru/preso/img/bloc_arrond_haut.png
Requested by
Host: u6276137gi.ha003.t.justns.ru
URL: http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
Protocol
HTTP/1.1
Server
2a00:b700::2f , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software
LiteSpeed /
Resource Hash
e96ec6919523bd31e6783786714e5f2af18352f1d036aa1e0cf92c72e54d3250

Request headers

Referer
http://u6276137gi.ha003.t.justns.ru/preso/img/styles.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 28 Feb 2020 16:33:07 GMT
Content-Encoding
gzip
Server
LiteSpeed
Connection
Keep-Alive
Content-Length
481
Vary
Accept-Encoding,User-Agent
Content-Type
text/html
bg_form.png
u6276137gi.ha003.t.justns.ru/preso/img/ 		657 B
657 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://u6276137gi.ha003.t.justns.ru/preso/img/bg_form.png
Requested by
Host: u6276137gi.ha003.t.justns.ru
URL: http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
Protocol
HTTP/1.1
Server
2a00:b700::2f , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software
LiteSpeed /
Resource Hash
e4b5ec4571509dcdef7d473abd13bd416b33cab44f806537b3a79f2cdbdf79a4

Request headers

Referer
http://u6276137gi.ha003.t.justns.ru/preso/img/styles.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 28 Feb 2020 16:33:07 GMT
Content-Encoding
gzip
Server
LiteSpeed
Connection
Keep-Alive
Content-Length
472
Vary
Accept-Encoding,User-Agent
Content-Type
text/html
thead.png
u6276137gi.ha003.t.justns.ru/preso/img/ 		655 B
655 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://u6276137gi.ha003.t.justns.ru/preso/img/thead.png
Requested by
Host: u6276137gi.ha003.t.justns.ru
URL: http://u6276137gi.ha003.t.justns.ru/preso/ssl.php?PaReq=a8f4b2ef1e2374eb0fe37fc0249d1020&MD=782687DB6V279GDH928BUDI2OU
Protocol
HTTP/1.1
Server
2a00:b700::2f , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software
LiteSpeed /
Resource Hash
a647c2cb2e9f03df1119aa87ac4af0f35789ee3f0c612c8c18b264b7a82dd98f

Request headers

Referer
http://u6276137gi.ha003.t.justns.ru/preso/img/styles-mod.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 28 Feb 2020 16:33:07 GMT
Content-Encoding
gzip
Server
LiteSpeed
Connection
Keep-Alive
Content-Length
470
Vary
Accept-Encoding,User-Agent
Content-Type
text/html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Credit Agricole (Banking)

47 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate string| OS string| Version number| posOS number| posOS2 function| setSize function| clicPosition undefined| code undefined| pos_der_code undefined| affiche_code function| effacer function| cocherCase function| corriger string| path_static string| path_dynamic string| caisse function| raf string| urlappli string| urlapplisecu function| ValidCertif function| ValidCertifSecu string| statusconfirmer string| statusannuler string| statusaide string| statuscondjur string| statusdemo string| statuscompte string| statuscode string| statuscorriger string| statusclavnum string| statusrecom string| App number| Nav_sup boolean| browserOK boolean| browserOK1 boolean| browserOK2 function| ouvrePOPUP function| ouvreassistance function| ouvreFenetre function| validation function| isNumerique function| isAlphaNum string| srcLien string| srcPuceLien string| yesno string| authentif

0 Cookies