u701283o4m.ha004.t.justns.ru Open in urlscan Pro
2a00:b700::23 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://u701283o4m.ha004.t.justns.ru/BNNP/f8bf2aa0150dd37a310cf26200de4c9b/
Submission Tags: @ipnigh
Submission: On April 25 via api (April 25th 2020, 11:13:21 pm UTC) from GB

Summary HTTP 58 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 58 HTTP transactions. The main IP is 2a00:b700::23, located in Russian Federation and belongs to ASBAXET, RU. The main domain is u701283o4m.ha004.t.justns.ru.

This is the only time u701283o4m.ha004.t.justns.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BNP Paribas (Banking)

Domain & IP information

	IP Address	AS Autonomous System
43	2a00:b700::23 2a00:b700::23	51659 (ASBAXET) (ASBAXET)
1	2a00:1450:400... 2a00:1450:4001:801::200a	15169 (GOOGLE) (GOOGLE)
58	3

43 2a00:b700::23 (Russian Federation)

ASN51659 (ASBAXET, RU)

u701283o4m.ha004.t.justns.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
43	justns.ru u701283o4m.ha004.t.justns.ru	1 MB
1	googleapis.com ajax.googleapis.com	30 KB
0	Failed function sub() { [native code] }. Failed
58	3

	Domain	Requested by
43	u701283o4m.ha004.t.justns.ru	u701283o4m.ha004.t.justns.ru
1	ajax.googleapis.com	u701283o4m.ha004.t.justns.ru
0	cipmepknanmbbaneimacddfemfbfgpgo Failed	u701283o4m.ha004.t.justns.ru
58	3

This site contains links to these domains. Also see Links.

Domain
mabanque.bnpparibas

Subject Issuer	Validity	Valid
upload.video.google.com GTS CA 1O1	`2020-04-07` - `2020-06-30`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://u701283o4m.ha004.t.justns.ru/BNNP/f8bf2aa0150dd37a310cf26200de4c9b/
Frame ID: ADA2D04376C01240BB5E318F46050020
Requests: 58 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

LiteSpeed (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^LiteSpeed$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

58
Requests

2 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

1066 kB
Transfer

3891 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://mabanque.bnpparibas/fr/notre-offre-pro/comptes-cartes-et-services/devenir-client-ouvrir-un-compte/ouvrir-un-compte-bancaire
Title: Devenir client

Search URL Search Domain Scan URL

URL: https://mabanque.bnpparibas/
Title: mabanque.bnpparibas

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

58 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
u701283o4m.ha004.t.justns.ru/BNNP/f8bf2aa0150dd37a310cf26200de4c9b/ 76 KB
13 KB 87ms
44ms Document
text/html 2a00:b700::23
ASBAXET

General

u701283o4m.ha004.t.justns.ru Open in urlscan Pro 2a00:b700::23 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

58 Requests

2 %HTTPS

100 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

1066 kBTransfer

3891 kBSize

0 Cookies

2 Outgoing links

Redirected requests

58 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

u701283o4m.ha004.t.justns.ru Open in urlscan Pro
2a00:b700::23 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

58
Requests

2 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

1066 kB
Transfer

3891 kB
Size

0
Cookies

58 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!