protection-update.ru
Open in
urlscan Pro
52.45.9.216
Malicious Activity!
Public Scan
Effective URL: https://protection-update.ru/login
Submission: On November 24 via api from IE — Scanned from DE
Summary
TLS certificate: Issued by GlobalSign GCC R3 DV TLS CA 2020 on November 17th 2022. Valid for: a year.
This is the only time protection-update.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Societe Generale (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 6 | 52.45.9.216 52.45.9.216 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 1 | 2606:4700:20:... 2606:4700:20::ac43:4bab | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a06:98c1:312... 2a06:98c1:3120::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:810::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:3a | 20446 (STACKPATH...) (STACKPATH-CDN) | |
8 | 4 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-9-216.compute-1.amazonaws.com
protection-update.ru |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
protection-update.ru
1 redirects
protection-update.ru |
102 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 677 |
24 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 257 |
83 KB |
1 |
jquery.app
jquery.app — Cisco Umbrella Rank: 87822 |
1 KB |
1 |
jqueryscript.net
1 redirects
www.jqueryscript.net — Cisco Umbrella Rank: 65933 |
498 B |
8 | 5 |
Domain | Requested by | |
---|---|---|
6 | protection-update.ru |
1 redirects
protection-update.ru
|
1 | code.jquery.com |
protection-update.ru
|
1 | ajax.googleapis.com |
protection-update.ru
|
1 | jquery.app |
protection-update.ru
|
1 | www.jqueryscript.net | 1 redirects |
8 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.protection-update.ru GlobalSign GCC R3 DV TLS CA 2020 |
2022-11-17 - 2023-12-19 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-11-02 - 2023-01-25 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2022-08-03 - 2023-07-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://protection-update.ru/login
Frame ID: 8644D0B6926CF0C0B617D38B4A999E26
Requests: 8 HTTP requests in this frame
Screenshot
Page Title
Société Générale - Banque et AssurancePage URL History Show full URLs
-
https://protection-update.ru/
HTTP 301
https://protection-update.ru/login Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://protection-update.ru/
HTTP 301
https://protection-update.ru/login Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://www.jqueryscript.net/css/jquerysctipttop.css HTTP 302
- https://jquery.app/jqueryscripttop.css
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login
protection-update.ru/ Redirect Chain
|
4 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jqueryscripttop.css
jquery.app/ Redirect Chain
|
1 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
image.css
protection-update.ru/assets/ |
4 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.1.1/ |
82 KB 83 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.slim.min.js
code.jquery.com/ |
68 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.cryxpad.js
protection-update.ru/assets/ |
7 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
back.png
protection-update.ru/assets/ |
85 KB 85 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
reset.png
protection-update.ru/assets/ |
657 B 898 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Societe Generale (Banking)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| help object| idInput object| idRmBtn object| successIc object| pswdPart function| removeId function| filterData function| validateId function| toggleHelpMessage function| showHiden function| $ function| jQuery number| j1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
protection-update.ru/ | Name: PHPSESSID Value: b0919e40ab1c13d4db9bdc7a4b02a66a |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff header |
X-Frame-Options | deny header |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
code.jquery.com
jquery.app
protection-update.ru
www.jqueryscript.net
2001:4de0:ac18::1:a:3a
2606:4700:20::ac43:4bab
2a00:1450:4001:810::200a
2a06:98c1:3120::3
52.45.9.216
028a208358852873460968db61746b0c3ecbbb5b93705794a488bdb8d03df0a5
0aaccc2fdf4a49c8687c99b9f83c30f3d0320d20e0b13065a027e6ab8555fe1e
0c631c6fa7907794cbbb8090deccf2b2cd646f7a8de342f2f423eaeb74b27149
69763d2136743a257ada23f71b193779a74c7751fb0c83d4cdb22f77659a3a34
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
9705cd86bd3c80505ba34630f14a1efad2b8e48a006a8cef97f07dfa268b741a
dde76b9b2b90d30eb97fc81f06caa8c338c97b688cea7d2729c88f529f32fbb1
f0c8cfc1df8c4e78892c4d61fc135582b920cbe6def185970470530921747e86