ma-banque-bnpparibas-fr.ml
Open in
urlscan Pro
2a00:b700::28
Malicious Activity!
Public Scan
Submitted URL: http://www.viking-vietnam.vn/employment
Effective URL: http://ma-banque-bnpparibas-fr.ml/bn/bnp/bnp/monde/quichange/bnplost/pindex.html?cmd=_account-details&session=230b6e621f13c3d6b9ea...
Submission: On October 28 via manual from FR
Effective URL: http://ma-banque-bnpparibas-fr.ml/bn/bnp/bnp/monde/quichange/bnplost/pindex.html?cmd=_account-details&session=230b6e621f13c3d6b9ea...
Submission: On October 28 via manual from FR
Summary
This website contacted 3 IPs
in 4 countries
across 4 domains to perform 20 HTTP transactions.
The main IP is 2a00:b700::28, located in
Russian Federation and
belongs to ASBAXET, RU.
The main domain is ma-banque-bnpparibas-fr.ml.
This is the only time ma-banque-bnpparibas-fr.ml was scanned on urlscan.io!
This is the only time ma-banque-bnpparibas-fr.ml was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BNP Paribas (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 2 | 202.143.111.152 202.143.111.152 | 56158 (THEGIOISO...) (THEGIOISO-AS-VN Digital world data online company) | |
| 1 1 | 67.199.248.11 67.199.248.11 | 396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD - Google LLC) | |
| 1 19 | 2a00:b700::28 2a00:b700::28 | 51659 (ASBAXET) (ASBAXET) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:80b::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
| 20 | 3 |
2
202.143.111.152
(Viet Nam)
ASN56158 (THEGIOISO-AS-VN Digital world data online company, VN)
PTR: ip.viettelidchcm.com
ASN56158 (THEGIOISO-AS-VN Digital world data online company, VN)
PTR: ip.viettelidchcm.com
| www.viking-vietnam.vn |
1
67.199.248.11
(United States)
ASN396982 (GOOGLE-PRIVATE-CLOUD - Google LLC, US)
PTR: bit.ly
ASN396982 (GOOGLE-PRIVATE-CLOUD - Google LLC, US)
PTR: bit.ly
| bit.ly |
1
2a00:1450:4001:80b::200a
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE - Google LLC, US)
ASN15169 (GOOGLE - Google LLC, US)
| ajax.googleapis.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 19 |
ma-banque-bnpparibas-fr.ml
1 redirects
ma-banque-bnpparibas-fr.ml |
196 KB |
| 2 |
viking-vietnam.vn
1 redirects
www.viking-vietnam.vn |
772 B |
| 1 |
googleapis.com
ajax.googleapis.com |
30 KB |
| 1 |
bit.ly
1 redirects
bit.ly |
298 B |
| 20 | 4 |
| Domain | Requested by | |
|---|---|---|
| 19 | ma-banque-bnpparibas-fr.ml |
1 redirects
ma-banque-bnpparibas-fr.ml
|
| 2 | www.viking-vietnam.vn | 1 redirects |
| 1 | ajax.googleapis.com |
ma-banque-bnpparibas-fr.ml
|
| 1 | bit.ly | 1 redirects |
| 20 | 4 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.googleapis.com GTS CA 1O1 |
2019-10-10 - 2020-01-02 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://ma-banque-bnpparibas-fr.ml/bn/bnp/bnp/monde/quichange/bnplost/pindex.html?cmd=_account-details&session=230b6e621f13c3d6b9ea71243a340316&dispatch=84946c914bd178b8fe75b53b5dfa71ffa3a242da
Frame ID: 1038CC3D6BBF8EB5AC325CFAD4CAB223
Requests: 20 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://www.viking-vietnam.vn/employment
HTTP 301
http://www.viking-vietnam.vn/employment/ Page URL
-
https://bit.ly/2okvRl8
HTTP 301
http://ma-banque-bnpparibas-fr.ml/bn/bnp/bnp/monde/quichange/bnplost/ HTTP 302
http://ma-banque-bnpparibas-fr.ml/bn/bnp/bnp/monde/quichange/bnplost/pindex.html?cmd=_account-details&session=... Page URL
Detected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /php\/?([\d.]+)?/i
CentOS
(Operating Systems)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /CentOS/i
mod_dav
(Web Server Extensions)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /\b(?:mod_)?DAV\b(?:\/([\d.]+))?/i
Apache
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
- headers server /\b(?:mod_)?DAV\b(?:\/([\d.]+))?/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.viking-vietnam.vn/employment
HTTP 301
http://www.viking-vietnam.vn/employment/ Page URL
-
https://bit.ly/2okvRl8
HTTP 301
http://ma-banque-bnpparibas-fr.ml/bn/bnp/bnp/monde/quichange/bnplost/ HTTP 302
http://ma-banque-bnpparibas-fr.ml/bn/bnp/bnp/monde/quichange/bnplost/pindex.html?cmd=_account-details&session=230b6e621f13c3d6b9ea71243a340316&dispatch=84946c914bd178b8fe75b53b5dfa71ffa3a242da Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://www.viking-vietnam.vn/employment HTTP 301
- http://www.viking-vietnam.vn/employment/
20 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
/
www.viking-vietnam.vn/employment/ Redirect Chain
|
69 B 468 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
pindex.html
ma-banque-bnpparibas-fr.ml/bn/bnp/bnp/monde/quichange/bnplost/ Redirect Chain
|
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Sanstitre-2.css
ma-banque-bnpparibas-fr.ml/bn/bnp/bnp/monde/quichange/bnplost/ |
14 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.0/ |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jepy.js
ma-banque-bnpparibas-fr.ml/bn/bnp/bnp/monde/quichange/bnplost/JS/ |
4 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
clavier.js
ma-banque-bnpparibas-fr.ml/bn/bnp/bnp/monde/quichange/bnplost/JS/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo-top-2.png
ma-banque-bnpparibas-fr.ml/bn/bnp/bnp/monde/quichange/bnplost/img/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo-right-top1.png
ma-banque-bnpparibas-fr.ml/bn/bnp/bnp/monde/quichange/bnplost/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bnp.png
ma-banque-bnpparibas-fr.ml/bn/bnp/bnp/monde/quichange/bnplost/img/ |
21 KB 21 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
top-bzo.png
ma-banque-bnpparibas-fr.ml/bn/bnp/bnp/monde/quichange/bnplost/img/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
1-label.png
ma-banque-bnpparibas-fr.ml/bn/bnp/bnp/monde/quichange/bnplost/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
del.png
ma-banque-bnpparibas-fr.ml/bn/bnp/bnp/monde/quichange/bnplost/img/ |
840 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
2-label.png
ma-banque-bnpparibas-fr.ml/bn/bnp/bnp/monde/quichange/bnplost/img/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
zbalo.png
ma-banque-bnpparibas-fr.ml/bn/bnp/bnp/monde/quichange/bnplost/img/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
right.png
ma-banque-bnpparibas-fr.ml/bn/bnp/bnp/monde/quichange/bnplost/img/ |
95 KB 96 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
footers-txt.png
ma-banque-bnpparibas-fr.ml/bn/bnp/bnp/monde/quichange/bnplost/img/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
list-foter1.png
ma-banque-bnpparibas-fr.ml/bn/bnp/bnp/monde/quichange/bnplost/img/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
list-foter2.png
ma-banque-bnpparibas-fr.ml/bn/bnp/bnp/monde/quichange/bnplost/img/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
list-foter3.png
ma-banque-bnpparibas-fr.ml/bn/bnp/bnp/monde/quichange/bnplost/img/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
list-foter4.png
ma-banque-bnpparibas-fr.ml/bn/bnp/bnp/monde/quichange/bnplost/img/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BNP Paribas (Banking)22 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery function| hidah function| showing function| deletepassID function| deleteID function| addCode function| emptyCode function| validate function| validateForm function| king boolean| encodeXor function| encodeBase64LCL function| myXOR function| createCookie function| readCookie function| saveIdentifiant function| removeIdentifiant function| saveIdentifiantBel boolean| flag0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
bit.ly
ma-banque-bnpparibas-fr.ml
www.viking-vietnam.vn
202.143.111.152
2a00:1450:4001:80b::200a
2a00:b700::28
67.199.248.11
0ff6d0b27f8073367d9e05cf1237d34c2401c8948827be7cb0110109dc90a5e5
24831c59c068f35f8b5ceb2ed9170f3f6efa984bdcc46525bee98c23f67cc865
4f5f0c3c460379c1444b8fe8f6a39deffd610b222b357c03abdd4233ab808c65
5597b29c5d8bedfc04d334f6edcc76a6f0cc27e46483cc70f632f1dc482d22aa
56c62448b5a40248d4cbb5663b94907ed195c8d6d1269769ef641c2f087ad71a
5841bdd65380cb08314f3b373d25e316a0fe733086a9c7e5a045c8cad63654d3
5c4f116129f61c8454046908401d668d8e6ac3750f93bb0b3646282d0b007a13
62b63161bab92f8bb89f26fff793adfdd6809f8a3bfc723ce8f72ea67697b98f
76badf7b389d6c824e2260ab705bc7c5732a0f0a2533941c0a5568d837051582
7765b30f55d23c1e9b5da76e6b4bb7129665b9fb7e0ff1f949f51d74a22f93be
83ad52c2828f7d6a82a5bb376ea772c10e72eaede037fd1863edf32d006f388e
86411cb1cbce2ff92b8a66e70e426875db991f06e0ac15e6ad5428210b044166
8a102873a33f24f7eb22221e6b23c4f718e29f85168ecc769a35bfaed9b12cce
8d35c3b035177092c5077a8288b9bde03d066c661fa3a9cfe04199f9d331f357
92ad82787dc4dcab80e9b06e261ed633a643dd509e66641ed9612cc5aec4760a
c5f37b7946999009a71ab18ce9ed2b7f6cf76b443b67fc09f30cbb14130066b8
c7e94db9715a4f5ff967e5e4f9acf1e9863f417eac71fccd1daa462ce68944b2
de5993699731434df633afb4d97cd5c9ffcc37816e0f42f592d3344fda024315
fc44236c1139fc5a39ca4cfbc97603ddd9b0ee5de8e4ef40b157774cb542e073