u692503md5.ha004.t.justns.ru Open in urlscan Pro
2a00:b700::39 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.smartschoolonline.id/assets/Google.php
Effective URL:
https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497
Submission Tags: @ipnigh
Submission: On May 12 via api (May 12th 2020, 11:00:57 pm UTC) from GB

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 18 HTTP transactions. The main IP is 2a00:b700::39, located in Russian Federation and belongs to ASBAXET, RU. The main domain is u692503md5.ha004.t.justns.ru.
TLS certificate: Issued by Let's Encrypt Authority X3 on April 16th 2020. Valid for: 3 months.

This is the only time u692503md5.ha004.t.justns.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 2	202.159.24.22 202.159.24.22	38525 (NETSOFT-A...) (NETSOFT-AS-ID Netsoft)
15	2a00:b700::39 2a00:b700::39	51659 (ASBAXET) (ASBAXET)
2	23.111.9.35 23.111.9.35	33438 (HIGHWINDS2) (HIGHWINDS2)
18	3

2 202.159.24.22 (Indonesia) 1 redirects

ASN38525 (NETSOFT-AS-ID Netsoft, PT, ID)

www.smartschoolonline.id	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
smartschoolonline.id	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:b700::39 (Russian Federation)

ASN51659 (ASBAXET, RU)

u692503md5.ha004.t.justns.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.111.9.35 (Phoenix, United States)

ASN33438 (HIGHWINDS2, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	justns.ru u692503md5.ha004.t.justns.ru	143 KB
2	fontawesome.com use.fontawesome.com	70 KB
2	smartschoolonline.id 1 redirects www.smartschoolonline.id smartschoolonline.id	662 B
18	3

	Domain	Requested by
15	u692503md5.ha004.t.justns.ru	u692503md5.ha004.t.justns.ru
2	use.fontawesome.com	u692503md5.ha004.t.justns.ru
1	smartschoolonline.id
1	www.smartschoolonline.id	1 redirects
18	4

This site contains no links.

Subject Issuer	Validity	Valid
u692503md5.ha004.t.justns.ru Let's Encrypt Authority X3	`2020-04-16` - `2020-07-15`	3 months	crt.sh
*.fontawesome.com DigiCert SHA2 Secure Server CA	`2019-10-28` - `2020-12-23`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497
Frame ID: 88E67C31C6750A2FEC95AF6B6975BDB9
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.smartschoolonline.id/assets/Google.php HTTP 301
http://smartschoolonline.id/assets/Google.php Page URL
https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/ Page URL
https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497 Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
html /<link[^>]* href="https:\/\/use\.fontawesome\.com\/releases\/v([^>]+)\/css\//i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

18
Requests

94 %
HTTPS

33 %
IPv6

3
Domains

4
Subdomains

3
IPs

3
Countries

214 kB
Transfer

334 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.smartschoolonline.id/assets/Google.php HTTP 301
http://smartschoolonline.id/assets/Google.php Page URL
https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/ Page URL
https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://www.smartschoolonline.id/assets/Google.php HTTP 301
http://smartschoolonline.id/assets/Google.php

18 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Google.php Show response smartschoolonline.id/assets/ Redirect Chain http://www.smartschoolonline.id/assets/Google.php http://smartschoolonline.id/assets/Google.php	201 B 425 B	383ms 370ms	Document text/html	202.159.24.22 NETSOFT-AS-ID Net...
General Check archive.org Show headers Download Go to Full URL http://smartschoolonline.id/assets/Google.php Protocol HTTP/1.1 Server 202.159.24.22 , Indonesia, ASN38525 (NETSOFT-AS-ID Netsoft, PT, ID), Reverse DNS Software nginx / PHP/5.6.40 PleskLin Resource Hash `36f9ed609fd35dc84e9c2c1931b031fe08cf3554f01f0eaa1908c3fd531dbd2a` Request headers Host smartschoolonline.id Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Server nginx Date Tue, 12 May 2020 23:00:16 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive X-Powered-By PHP/5.6.40 PleskLin Redirect headers Server nginx Date Tue, 12 May 2020 23:00:16 GMT Content-Type text/html Content-Length 162 Connection keep-alive Location http://smartschoolonline.id/assets/Google.php X-Powered-By PleskLin
GET H2	200	/ Show response u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/	219 B 566 B	699ms 93ms	Document text/html	2a00:b700::39 ASBAXET
General Check archive.org Show headers Download Go to Full URL https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:b700::39 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `bba44e784cdfe7736f69b7ca328211485eb24e14868175ec8a93375d7a43863d` Request headers :method GET :authority u692503md5.ha004.t.justns.ru :scheme https :path /Chronopost/suivi-votre-colis-chronopost.fr/ pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest document referer http://smartschoolonline.id/assets/Google.php accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer http://smartschoolonline.id/assets/Google.php Response headers status 200 set-cookie PHPSESSID=509f95f981b0dddb7b953b40892cfb0a; path=/; secure expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate pragma no-cache content-type text/html; charset-UTF-8;charset=UTF-8 content-length 191 content-encoding br vary Accept-Encoding,User-Agent date Tue, 12 May 2020 23:00:29 GMT server LiteSpeed alt-svc quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
GET H2	200	Primary Request sign-in.php Show response u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/	6 KB 2 KB	86ms 86ms	Document text/html	2a00:b700::39 ASBAXET
General Check archive.org Show headers Download Go to Full URL https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497 Requested by Host: u692503md5.ha004.t.justns.ru URL: https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:b700::39 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `b3e127e5e4af8a86471bdcdd4d34a07b2187a63b21e8a9341e6954143e09aa34` Request headers :method GET :authority u692503md5.ha004.t.justns.ru :scheme https :path /Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site same-origin sec-fetch-mode navigate sec-fetch-dest document referer https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/ accept-encoding gzip, deflate, br accept-language en-US cookie PHPSESSID=509f95f981b0dddb7b953b40892cfb0a Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/ Response headers status 200 content-type text/html; charset=UTF-8 content-length 2349 content-encoding br vary Accept-Encoding,User-Agent date Tue, 12 May 2020 23:00:30 GMT server LiteSpeed
GET H2	200	jquery-latest.min.js Show response u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/lib/js/	94 KB 43 KB	87ms 85ms	Script application/javascript	2a00:b700::39 ASBAXET
General Check archive.org Show headers Download Go to Full URL https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/lib/js/jquery-latest.min.js Requested by Host: u692503md5.ha004.t.justns.ru URL: https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:b700::39 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441` Request headers Referer https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 12 May 2020 23:00:30 GMT content-encoding br last-modified Tue, 12 May 2020 22:25:29 GMT server LiteSpeed etag "1762a-5ebb2259-1ab863ef474c7ad1;br" vary Accept-Encoding,User-Agent content-type application/javascript status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 44097 expires Tue, 19 May 2020 23:00:30 GMT
GET H2	200	jquery.mask.min.js Show response u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/lib/js/	8 KB 4 KB	255ms 253ms	Script application/javascript	2a00:b700::39 ASBAXET
General Check archive.org Show headers Download Go to Full URL https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/lib/js/jquery.mask.min.js Requested by Host: u692503md5.ha004.t.justns.ru URL: https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:b700::39 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `bbb318e841b96acb3c2614eec417a4d7caf9606ea996507dccba84e2f6724e7e` Request headers Referer https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 12 May 2020 23:00:30 GMT content-encoding br last-modified Tue, 12 May 2020 22:25:29 GMT server LiteSpeed etag "1ff9-5ebb2259-4de93e75e7fc8935;br" vary Accept-Encoding,User-Agent content-type application/javascript status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 3792 expires Tue, 19 May 2020 23:00:30 GMT
GET H2	200	Acc_Carding.js Show response u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/lib/js/	1 KB 499 B	256ms 254ms	Script application/javascript	2a00:b700::39 ASBAXET
General Check archive.org Show headers Download Go to Full URL https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/lib/js/Acc_Carding.js Requested by Host: u692503md5.ha004.t.justns.ru URL: https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:b700::39 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `394ffcd0c483e448c15876af375d5266984f2f90f54c67c5acb3fd3f8cdd4d58` Request headers Referer https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 12 May 2020 23:00:30 GMT content-encoding br last-modified Tue, 12 May 2020 22:25:29 GMT server LiteSpeed etag "5b0-5ebb2259-2f74499e780a46a8;br" vary Accept-Encoding,User-Agent content-type application/javascript status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 419 expires Tue, 19 May 2020 23:00:30 GMT
GET H2	200	chronopost.css u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/lib/css/	2 KB 932 B	86ms 84ms	Stylesheet text/css	2a00:b700::39 ASBAXET
General Check archive.org Show headers Download Go to Full URL https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/lib/css/chronopost.css Requested by Host: u692503md5.ha004.t.justns.ru URL: https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:b700::39 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `8f43a9f3e13f3e6e4037387a79d9df3a705d27b808fb4d346209a7a18062c011` Request headers Referer https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 12 May 2020 23:00:30 GMT content-encoding br last-modified Tue, 12 May 2020 22:25:29 GMT server LiteSpeed etag "78f-5ebb2259-cebcd32ebc366a1;br" vary Accept-Encoding,User-Agent content-type text/css status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 797 expires Tue, 19 May 2020 23:00:30 GMT
GET H2	200	loading.css u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/lib/css/	482 B 359 B	86ms 85ms	Stylesheet text/css	2a00:b700::39 ASBAXET
General Check archive.org Show headers Download Go to Full URL https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/lib/css/loading.css Requested by Host: u692503md5.ha004.t.justns.ru URL: https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:b700::39 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `be77f65264e66598326119e42d38a363c12311df7aa5b15d98717d46e098d546` Request headers Referer https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 12 May 2020 23:00:30 GMT content-encoding br last-modified Tue, 12 May 2020 22:25:29 GMT server LiteSpeed etag "1e2-5ebb2259-e40babbab18b8c0e;br" vary Accept-Encoding,User-Agent content-type text/css status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 299 expires Tue, 19 May 2020 23:00:30 GMT
GET H2	200	style.css u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/lib/css/	3 KB 999 B	253ms 252ms	Stylesheet text/css	2a00:b700::39 ASBAXET
General Check archive.org Show headers Download Go to Full URL https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/lib/css/style.css Requested by Host: u692503md5.ha004.t.justns.ru URL: https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:b700::39 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `3302f8bc164c287ddd6b68e127f573416bce177f16f4364b04a77d3de4bd4eed` Request headers Referer https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 12 May 2020 23:00:30 GMT content-encoding br last-modified Tue, 12 May 2020 22:25:29 GMT server LiteSpeed etag "a92-5ebb2259-b1bf9366db94d26b;br" vary Accept-Encoding,User-Agent content-type text/css status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 936 expires Tue, 19 May 2020 23:00:30 GMT
GET H2	200	stylee.css u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/lib/css/	7 KB 2 KB	253ms 252ms	Stylesheet text/css	2a00:b700::39 ASBAXET
General Check archive.org Show headers Download Go to Full URL https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/lib/css/stylee.css Requested by Host: u692503md5.ha004.t.justns.ru URL: https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:b700::39 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `523d91274c32a5399be88a42dd6a2258fde7f7ff388fe2b440df5cf092a2ba27` Request headers Referer https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 12 May 2020 23:00:30 GMT content-encoding br last-modified Tue, 12 May 2020 22:25:29 GMT server LiteSpeed etag "1b59-5ebb2259-7088814cc9da3681;br" vary Accept-Encoding,User-Agent content-type text/css status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 2031 expires Tue, 19 May 2020 23:00:30 GMT
GET H2	200	css_1.css u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/lib/css/	0 69 B	254ms 253ms	Stylesheet text/css	2a00:b700::39 ASBAXET
General Check archive.org Show headers Download Go to Full URL https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/lib/css/css_1.css Requested by Host: u692503md5.ha004.t.justns.ru URL: https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:b700::39 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 12 May 2020 23:00:30 GMT last-modified Tue, 12 May 2020 22:25:29 GMT server LiteSpeed etag "0-5ebb2259-5ba5455fec8dc606;;;" vary User-Agent content-type text/css status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 0 expires Tue, 19 May 2020 23:00:30 GMT
GET H2	200	font-awesome.min.css u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/lib/css/	30 KB 8 KB	254ms 253ms	Stylesheet text/css	2a00:b700::39 ASBAXET
General Check archive.org Show headers Download Go to Full URL https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/lib/css/font-awesome.min.css Requested by Host: u692503md5.ha004.t.justns.ru URL: https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:b700::39 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd` Request headers Referer https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 12 May 2020 23:00:30 GMT content-encoding br last-modified Tue, 12 May 2020 22:25:29 GMT server LiteSpeed etag "7918-5ebb2259-2cbb7f532f2c174b;br" vary Accept-Encoding,User-Agent content-type text/css status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 8282 expires Tue, 19 May 2020 23:00:30 GMT
GET H2	200	all.css use.fontawesome.com/releases/v5.1.0/css/	45 KB 11 KB	56ms 18ms	Stylesheet text/css	23.111.9.35 HIGHWINDS2
General Check archive.org Show headers Download Go to Full URL https://use.fontawesome.com/releases/v5.1.0/css/all.css Requested by Host: u692503md5.ha004.t.justns.ru URL: https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.111.9.35 Phoenix, United States, ASN33438 (HIGHWINDS2, US), Reverse DNS Software NetDNA-cache/2.2 / Resource Hash `ce91e2144ea27f82292ef2c87c5d9e1d0b9994df63836130293865aca18fc550` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497 Origin https://u692503md5.ha004.t.justns.ru Response headers date Tue, 12 May 2020 23:00:30 GMT content-encoding gzip last-modified Wed, 20 Jun 2018 20:19:16 GMT server NetDNA-cache/2.2 status 200 etag W/"826c57385f3d35cfed5478ba7b1f5c03" vary Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding access-control-allow-methods GET content-type text/css access-control-allow-origin * access-control-max-age 3000 cache-control max-age=31556926 x-cache HIT
GET H2	200	chronopost_logo.png u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/lib/img/	16 KB 16 KB	84ms 84ms	Image image/png	2a00:b700::39 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/lib/img/chronopost_logo.png Requested by Host: u692503md5.ha004.t.justns.ru URL: https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:b700::39 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `a1d4dc7ed12cbd39ab6e8d1f572312c75c1051047a0c5b40b78721c6f6f4f934` Request headers Referer https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 12 May 2020 23:00:30 GMT last-modified Tue, 12 May 2020 22:25:29 GMT server LiteSpeed etag "40b4-5ebb2259-f665b04740568805;;;" vary User-Agent content-type image/png status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 16564 expires Tue, 19 May 2020 23:00:30 GMT
GET H2	200	double-logo.png u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/lib/img/	5 KB 5 KB	84ms 84ms	Image image/png	2a00:b700::39 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/lib/img/double-logo.png Requested by Host: u692503md5.ha004.t.justns.ru URL: https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:b700::39 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `c64afcfa2be1d10a4375990cf4d192e4d374d4eeaad621e4721c2641d2f3e12e` Request headers Referer https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 12 May 2020 23:00:30 GMT last-modified Tue, 12 May 2020 22:25:29 GMT server LiteSpeed etag "151c-5ebb2259-dc80835fd0092071;;;" vary User-Agent content-type image/png status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 5404 expires Tue, 19 May 2020 23:00:30 GMT
GET H2	404	Acc_mask.js u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/lib/js/	0 0	84ms 84ms	Script text/html	2a00:b700::39 ASBAXET
General Check archive.org Show headers Download Go to Full URL https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/lib/js/Acc_mask.js Requested by Host: u692503md5.ha004.t.justns.ru URL: https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:b700::39 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash Request headers Referer https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers status 404 date Tue, 12 May 2020 23:00:30 GMT content-encoding gzip server LiteSpeed content-length 375 vary Accept-Encoding,User-Agent content-type text/html
GET H2	200	PlutoSansDPDRegular-Web.woff u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/lib/css/	59 KB 59 KB	84ms 84ms	Font application/x-font-woff	2a00:b700::39 ASBAXET
General Check archive.org Show headers Download Go to Full URL https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/lib/css/PlutoSansDPDRegular-Web.woff Requested by Host: u692503md5.ha004.t.justns.ru URL: https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:b700::39 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `c99d0b5a290e48d4e4cbb86c29dd12436f465696702a81ded130a411f1e98cd3` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/lib/css/chronopost.css Origin https://u692503md5.ha004.t.justns.ru Response headers date Tue, 12 May 2020 23:00:30 GMT last-modified Tue, 12 May 2020 22:25:29 GMT server LiteSpeed etag "ea8a-5ebb2259-5a6040ed34082429;;;" vary User-Agent content-type application/x-font-woff status 200 accept-ranges bytes content-length 60042
GET H2	200	fa-solid-900.woff2 use.fontawesome.com/releases/v5.1.0/webfonts/	58 KB 59 KB	22ms 22ms	Font font/woff2	23.111.9.35 HIGHWINDS2
General Check archive.org Show headers Download Go to Full URL https://use.fontawesome.com/releases/v5.1.0/webfonts/fa-solid-900.woff2 Requested by Host: u692503md5.ha004.t.justns.ru URL: https://u692503md5.ha004.t.justns.ru/Chronopost/suivi-votre-colis-chronopost.fr/sign-in.php?id=91892497 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.111.9.35 Phoenix, United States, ASN33438 (HIGHWINDS2, US), Reverse DNS Software NetDNA-cache/2.2 / Resource Hash `a83079124373d924ad1402fbc08d2e24d0043234d4c26565f1c368745f55f5d9` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://use.fontawesome.com/releases/v5.1.0/css/all.css Origin https://u692503md5.ha004.t.justns.ru Response headers date Tue, 12 May 2020 23:00:30 GMT last-modified Wed, 20 Jun 2018 20:19:36 GMT server NetDNA-cache/2.2 status 200 etag "18d2347ab2a9f40ca2247cdb03303d84" vary Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding access-control-allow-methods GET content-type font/woff2 access-control-allow-origin * access-control-max-age 3000 cache-control max-age=31556926 x-cache HIT accept-ranges bytes content-length 59572

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

smartschoolonline.id
u692503md5.ha004.t.justns.ru
use.fontawesome.com
www.smartschoolonline.id
202.159.24.22
23.111.9.35
2a00:b700::39
3302f8bc164c287ddd6b68e127f573416bce177f16f4364b04a77d3de4bd4eed
36f9ed609fd35dc84e9c2c1931b031fe08cf3554f01f0eaa1908c3fd531dbd2a
394ffcd0c483e448c15876af375d5266984f2f90f54c67c5acb3fd3f8cdd4d58
523d91274c32a5399be88a42dd6a2258fde7f7ff388fe2b440df5cf092a2ba27
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
8f43a9f3e13f3e6e4037387a79d9df3a705d27b808fb4d346209a7a18062c011
a1d4dc7ed12cbd39ab6e8d1f572312c75c1051047a0c5b40b78721c6f6f4f934
a83079124373d924ad1402fbc08d2e24d0043234d4c26565f1c368745f55f5d9
b3e127e5e4af8a86471bdcdd4d34a07b2187a63b21e8a9341e6954143e09aa34
bba44e784cdfe7736f69b7ca328211485eb24e14868175ec8a93375d7a43863d
bbb318e841b96acb3c2614eec417a4d7caf9606ea996507dccba84e2f6724e7e
be77f65264e66598326119e42d38a363c12311df7aa5b15d98717d46e098d546
c64afcfa2be1d10a4375990cf4d192e4d374d4eeaad621e4721c2641d2f3e12e
c99d0b5a290e48d4e4cbb86c29dd12436f465696702a81ded130a411f1e98cd3
ce91e2144ea27f82292ef2c87c5d9e1d0b9994df63836130293865aca18fc550
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

u692503md5.ha004.t.justns.ru Open in urlscan Pro 2a00:b700::39 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

94 %HTTPS

33 %IPv6

3 Domains

4 Subdomains

3 IPs

3 Countries

214 kBTransfer

334 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

Indicators

u692503md5.ha004.t.justns.ru Open in urlscan Pro
2a00:b700::39 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

94 %
HTTPS

33 %
IPv6

3
Domains

4
Subdomains

3
IPs

3
Countries

214 kB
Transfer

334 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!