supportclientfacturereversmentprroadmin.justns.ru Open in urlscan Pro
2a00:b700:5:100::10e Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://cutt.ly/LCuQ0ts
Effective URL:
https://supportclientfacturereversmentprroadmin.justns.ru/
Submission: On September 01 via manual (September 1st 2022, 7:53:17 pm UTC) from PH — Scanned from DE

Summary HTTP 22 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 3 IPs in 4 countries across 5 domains to perform 22 HTTP transactions. The main IP is 2a00:b700:5:100::10e, located in Russian Federation and belongs to ASBAXET, RU. The main domain is supportclientfacturereversmentprroadmin.justns.ru.
TLS certificate: Issued by R3 on August 31st 2022. Valid for: 3 months.

This is the only time supportclientfacturereversmentprroadmin.justns.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Belgian Government (Government) Impots Gouv (Government)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:10:... 2606:4700:10::6816:e8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
19	2a00:b700:5:1... 2a00:b700:5:100::10e	51659 (ASBAXET) (ASBAXET)
1	2a00:1450:400... 2a00:1450:400e:810::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
22	3

1 2606:4700:10::6816:e8 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cutt.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3121::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

3c5.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:b700:5:100::10e (Russian Federation)

ASN51659 (ASBAXET, RU)

supportclientfacturereversmentprroadmin.justns.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400e:810::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	justns.ru supportclientfacturereversmentprroadmin.justns.ru	164 KB
2	gstatic.com fonts.gstatic.com	24 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 43	1 KB
1	3c5.com 1 redirects 3c5.com	654 B
1	cutt.ly 1 redirects cutt.ly — Cisco Umbrella Rank: 82803	363 B
22	5

	Domain	Requested by
19	supportclientfacturereversmentprroadmin.justns.ru	supportclientfacturereversmentprroadmin.justns.ru
2	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	supportclientfacturereversmentprroadmin.justns.ru
1	3c5.com	1 redirects
1	cutt.ly	1 redirects
22	5

This site contains links to these domains. Also see Links.

Domain
finances.belgium.be
www.belgium.be
financien.belgium.be

Subject Issuer	Validity	Valid
supportclientfacturereversmentprroadmin.justns.ru R3	`2022-08-31` - `2022-11-29`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://supportclientfacturereversmentprroadmin.justns.ru/
Frame ID: FF629E4AF3190154B3D9E19DD94CB14E
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sur le SPF | SPF Finances

Page URL History Show full URLs

https://cutt.ly/LCuQ0ts HTTP 301
https://3c5.com/g5orc HTTP 301
https://supportclientfacturereversmentprroadmin.justns.ru/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Page Statistics

22
Requests

100 %
HTTPS

100 %
IPv6

5
Domains

5
Subdomains

3
IPs

4
Countries

189 kB
Transfer

519 kB
Size

3
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: https://finances.belgium.be/fr/sur_le_spf#skip-to-main-content
Title: Aller au contenu principal

Search URL Search Domain Scan URL

URL: https://finances.belgium.be/nl/over_de_fod
Title: nl

Search URL Search Domain Scan URL

URL: https://finances.belgium.be/fr/sur_le_spf
Title: fr

Search URL Search Domain Scan URL

URL: https://finances.belgium.be/en/about_fps
Title: en

Search URL Search Domain Scan URL

URL: https://finances.belgium.be/de/uber_den_fod
Title: de

Search URL Search Domain Scan URL

URL: http://www.belgium.be/fr
Title: www.belgium.be

Search URL Search Domain Scan URL

URL: https://finances.belgium.be/fr/particuliers

Search URL Search Domain Scan URL

URL: https://finances.belgium.be/fr/disclaimer
Title: Disclaimer

Search URL Search Domain Scan URL

URL: https://financien.belgium.be/fr/sur_le_spf/vie-priv%C3%A9e/politique-du-spf-finances-en-mati%C3%A8re-de-protection-de-la-vie-priv%C3%A9e-%C3%A0-l%C3%A9gard
Title: Vie privée

Search URL Search Domain Scan URL

URL: https://finances.belgium.be/fr/d%C3%A9claration-daccessibilit%C3%A9
Title: Déclaration d'accessibilité

Search URL Search Domain Scan URL

URL: https://finances.belgium.be/fr/sitemap
Title: Sitemap

Search URL Search Domain Scan URL

URL: https://finances.belgium.be/fr/webmaster
Title: Webmaster

Search URL Search Domain Scan URL

URL: https://finances.belgium.be/fr/phishing
Title: Fraude en ligne ou par téléphone

Search URL Search Domain Scan URL

URL: https://financien.belgium.be/fr/contact-presse
Title: Presse

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://cutt.ly/LCuQ0ts HTTP 301
https://3c5.com/g5orc HTTP 301
https://supportclientfacturereversmentprroadmin.justns.ru/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
supportclientfacturereversmentprroadmin.justns.ru/
Redirect Chain

https://cutt.ly/LCuQ0ts
https://3c5.com/g5orc
https://supportclientfacturereversmentprroadmin.justns.ru/

42 KB
10 KB

769ms
612ms

Document
text/html

2a00:b700:5:100::10e
ASBAXET

General

Check archive.org

Show headers Download Go to

Full URL: https://supportclientfacturereversmentprroadmin.justns.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:b700:5:100::10e , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 34e35caeb63d2a1f9baf3a4d4f3868aa0b82a3458b5c79041b4729d1f9515c4f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding: br
content-length: 9734
content-type: text/html; charset=UTF-8
date: Thu, 01 Sep 2022 19:53:13 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 74408cee9c829b21-FRA
content-type: text/html; charset=UTF-8
date: Thu, 01 Sep 2022 19:53:12 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: https://supportclientfacturereversmentprroadmin.justns.ru/
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sarAfBzRJzRJgjUUjxWfakcYim749deBjno%2BQSzzyqyow%2BWRrd0Tvqau60CdN8Y7dgGxceKLjIJ%2B0O%2FKxRnXXjR8cvnVz1cI60b1Sr5wNB5d7ij2r4Uy7V4eXIDhPHIpYhEw%2FmcH"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 css_GZ0nQ6Jw3T_Xcaj4e-Iup4qG_wXWyL-uxqUKF5e3jnU.css
supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/ 180 KB
45 KB 47ms
46ms Stylesheet
text/css 2a00:b700:5:100::10e
ASBAXET

General

Check archive.org

Show headers Download Go to

Full URL: https://supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/css_GZ0nQ6Jw3T_Xcaj4e-Iup4qG_wXWyL-uxqUKF5e3jnU.css
Requested by: Host: supportclientfacturereversmentprroadmin.justns.ru
URL: https://supportclientfacturereversmentprroadmin.justns.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:b700:5:100::10e , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 199d2743a270dd3fd771a8f87be22ea78a86ff05d6c8bfaec6a50a1797b78e75

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://supportclientfacturereversmentprroadmin.justns.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 19:53:13 GMT
content-encoding: br
last-modified: Sun, 28 Aug 2022 19:12:00 GMT
server: LiteSpeed
etag: "2ce89-630bbe00-16838f79b23187aa;br"
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 46067
expires: Thu, 08 Sep 2022 19:53:13 GMT

GET
H2 200 federalheader_logo.png
supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/ 1 KB
2 KB 92ms
92ms Image
image/png 2a00:b700:5:100::10e
ASBAXET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/federalheader_logo.png
Requested by: Host: supportclientfacturereversmentprroadmin.justns.ru
URL: https://supportclientfacturereversmentprroadmin.justns.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:b700:5:100::10e , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: eec4ddc2f0495ada45849e96fa6ade552674a9235ee809b9c0972fbe79c54ae8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://supportclientfacturereversmentprroadmin.justns.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 19:53:13 GMT
last-modified: Sun, 28 Aug 2022 19:12:00 GMT
server: LiteSpeed
etag: "5e7-630bbe00-36dcb7b4fa7d8fbd;;;"
vary: User-Agent
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 1511
expires: Thu, 08 Sep 2022 19:53:13 GMT

GET
H2 200 logo_fr.png
supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/ 53 KB
53 KB 125ms
123ms Image
image/png 2a00:b700:5:100::10e
ASBAXET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/logo_fr.png
Requested by: Host: supportclientfacturereversmentprroadmin.justns.ru
URL: https://supportclientfacturereversmentprroadmin.justns.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:b700:5:100::10e , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 3204e01df55349362406c60e0b9afbe827906f93cd4ba7eb4194802d66743af6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://supportclientfacturereversmentprroadmin.justns.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 19:53:13 GMT
last-modified: Sun, 28 Aug 2022 19:12:00 GMT
server: LiteSpeed
etag: "d32d-630bbe00-2793a3fe8a5e8150;;;"
vary: User-Agent
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 54061
expires: Thu, 08 Sep 2022 19:53:13 GMT

GET
H2 200 bootstrap-3.3.6.min.css
supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/ 145 KB
33 KB 120ms
118ms Stylesheet
text/css 2a00:b700:5:100::10e
ASBAXET

General

Check archive.org

Show headers Download Go to

Full URL: https://supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/bootstrap-3.3.6.min.css
Requested by: Host: supportclientfacturereversmentprroadmin.justns.ru
URL: https://supportclientfacturereversmentprroadmin.justns.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:b700:5:100::10e , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 9c754dd05feb48a86e9f98386d27629430f821bbc7df729fab5302007f8681bb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://supportclientfacturereversmentprroadmin.justns.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 19:53:13 GMT
content-encoding: br
last-modified: Sun, 28 Aug 2022 19:12:00 GMT
server: LiteSpeed
etag: "2454c-630bbe00-e620353386872574;br"
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 33555
expires: Thu, 08 Sep 2022 19:53:13 GMT

GET
H2 200 autentification.css
supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/ 17 KB
5 KB 122ms
119ms Stylesheet
text/css 2a00:b700:5:100::10e
ASBAXET

General

Check archive.org

Show headers Download Go to

Full URL: https://supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/autentification.css
Requested by: Host: supportclientfacturereversmentprroadmin.justns.ru
URL: https://supportclientfacturereversmentprroadmin.justns.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:b700:5:100::10e , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 59d549736637282e61259be858ab72763edc5a322f2952ffa4d450372aed1627

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://supportclientfacturereversmentprroadmin.justns.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 19:53:13 GMT
content-encoding: br
last-modified: Sun, 28 Aug 2022 19:12:00 GMT
server: LiteSpeed
etag: "432a-630bbe00-662265ee036f2107;br"
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 5237
expires: Thu, 08 Sep 2022 19:53:13 GMT

GET
H2 200 imp.css
supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/ 36 KB
8 KB 123ms
120ms Stylesheet
text/css 2a00:b700:5:100::10e
ASBAXET

General

Check archive.org

Show headers Download Go to

Full URL: https://supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/imp.css
Requested by: Host: supportclientfacturereversmentprroadmin.justns.ru
URL: https://supportclientfacturereversmentprroadmin.justns.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:b700:5:100::10e , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: ff6f22d67aa5b0061443d2b7ad38a792aff0bf804b9c4d9c61e963217efd4f7e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://supportclientfacturereversmentprroadmin.justns.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 19:53:13 GMT
content-encoding: br
last-modified: Sun, 28 Aug 2022 19:12:00 GMT
server: LiteSpeed
etag: "919a-630bbe00-6c8d7b4a8680d60c;br"
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 8159
expires: Thu, 08 Sep 2022 19:53:13 GMT

GET
H2 200 info.png
supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/ 3 KB
3 KB 164ms
163ms Image
image/png 2a00:b700:5:100::10e
ASBAXET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/info.png
Requested by: Host: supportclientfacturereversmentprroadmin.justns.ru
URL: https://supportclientfacturereversmentprroadmin.justns.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:b700:5:100::10e , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: b16fbbc475f7128aa28ed91bc59e48517a580ca486ef5a4836e240e62224cc61

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://supportclientfacturereversmentprroadmin.justns.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 19:53:13 GMT
last-modified: Sun, 28 Aug 2022 19:12:00 GMT
server: LiteSpeed
etag: "c56-630bbe00-c5ba6dab97d90b1d;;;"
vary: User-Agent
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 3158
expires: Thu, 08 Sep 2022 19:53:13 GMT

GET
H2 404 aide.html
supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/ 708 B
708 B 165ms
163ms Image
text/html 2a00:b700:5:100::10e
ASBAXET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/aide.html
Requested by: Host: supportclientfacturereversmentprroadmin.justns.ru
URL: https://supportclientfacturereversmentprroadmin.justns.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:b700:5:100::10e , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://supportclientfacturereversmentprroadmin.justns.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Sep 2022 19:53:13 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
server: LiteSpeed
content-length: 708
vary: User-Agent
content-type: text/html

GET
H2 200 fermer.svg
supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/ 2 KB
927 B 165ms
164ms Image
image/svg+xml 2a00:b700:5:100::10e
ASBAXET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/fermer.svg
Requested by: Host: supportclientfacturereversmentprroadmin.justns.ru
URL: https://supportclientfacturereversmentprroadmin.justns.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:b700:5:100::10e , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: bd41f1926d21d2cdcc4522c7d6ad6348e4f79230f97dc81910486b633fc98c23

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://supportclientfacturereversmentprroadmin.justns.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 19:53:13 GMT
content-encoding: br
last-modified: Sun, 28 Aug 2022 19:12:00 GMT
server: LiteSpeed
etag: "6dd-630bbe00-c860827d06447de9;br"
vary: Accept-Encoding,User-Agent
content-type: image/svg+xml
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 854
expires: Thu, 08 Sep 2022 19:53:13 GMT

GET
H2 404 Miniballs.html
supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/ 708 B
708 B 166ms
164ms Image
text/html 2a00:b700:5:100::10e
ASBAXET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/Miniballs.html
Requested by: Host: supportclientfacturereversmentprroadmin.justns.ru
URL: https://supportclientfacturereversmentprroadmin.justns.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:b700:5:100::10e , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://supportclientfacturereversmentprroadmin.justns.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Sep 2022 19:53:13 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
server: LiteSpeed
content-length: 708
vary: User-Agent
content-type: text/html

GET
H2 404 jquery-1.11.3.min.html
supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/ 0
0 123ms
121ms Script
text/html 2a00:b700:5:100::10e
ASBAXET

General

Check archive.org

Show headers Download Go to

Full URL: https://supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/jquery-1.11.3.min.html
Requested by: Host: supportclientfacturereversmentprroadmin.justns.ru
URL: https://supportclientfacturereversmentprroadmin.justns.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:b700:5:100::10e , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://supportclientfacturereversmentprroadmin.justns.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Sep 2022 19:53:13 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
server: LiteSpeed
content-length: 708
vary: User-Agent
content-type: text/html

GET
H2 404 bootstrap.min.html
supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/ 0
0 124ms
122ms Script
text/html 2a00:b700:5:100::10e
ASBAXET

General

Check archive.org

Show headers Download Go to

Full URL: https://supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/bootstrap.min.html
Requested by: Host: supportclientfacturereversmentprroadmin.justns.ru
URL: https://supportclientfacturereversmentprroadmin.justns.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:b700:5:100::10e , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://supportclientfacturereversmentprroadmin.justns.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Sep 2022 19:53:13 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
server: LiteSpeed
content-length: 708
vary: User-Agent
content-type: text/html

GET
H2 404 auth.html
supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/ 0
0 124ms
122ms Script
text/html 2a00:b700:5:100::10e
ASBAXET

General

Check archive.org

Show headers Download Go to

Full URL: https://supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/auth.html
Requested by: Host: supportclientfacturereversmentprroadmin.justns.ru
URL: https://supportclientfacturereversmentprroadmin.justns.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:b700:5:100::10e , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://supportclientfacturereversmentprroadmin.justns.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Sep 2022 19:53:13 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
server: LiteSpeed
content-length: 708
vary: User-Agent
content-type: text/html

GET
H2 404 urls.html
supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/ 0
0 125ms
123ms Script
text/html 2a00:b700:5:100::10e
ASBAXET

General

Check archive.org

Show headers Download Go to

Full URL: https://supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/urls.html
Requested by: Host: supportclientfacturereversmentprroadmin.justns.ru
URL: https://supportclientfacturereversmentprroadmin.justns.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:b700:5:100::10e , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://supportclientfacturereversmentprroadmin.justns.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Sep 2022 19:53:13 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
server: LiteSpeed
content-length: 708
vary: User-Agent
content-type: text/html

GET
H2 200 css
fonts.googleapis.com/ 13 KB
1 KB 90ms
37ms Stylesheet
text/css 2a00:1450:400e:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,400i,600,800|Titillium+Web:400,600,700

Requested by

Host: supportclientfacturereversmentprroadmin.justns.ru
URL: https://supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/css_GZ0nQ6Jw3T_Xcaj4e-Iup4qG_wXWyL-uxqUKF5e3jnU.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:810::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

24af00ae4e42c16eb15d8dc9fbd41c1aa13bd4983ee136801f3f4dd4600dc2c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://supportclientfacturereversmentprroadmin.justns.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 01 Sep 2022 19:53:13 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 01 Sep 2022 19:53:13 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 01 Sep 2022 19:53:13 GMT

GET
H2 404 _fin_bg_dots_deg.gif
supportclientfacturereversmentprroadmin.justns.ru/sites/all/themes/custom/finance/images/ 708 B
708 B 46ms
46ms Image
text/html 2a00:b700:5:100::10e
ASBAXET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://supportclientfacturereversmentprroadmin.justns.ru/sites/all/themes/custom/finance/images/_fin_bg_dots_deg.gif
Requested by: Host: supportclientfacturereversmentprroadmin.justns.ru
URL: https://supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/css_GZ0nQ6Jw3T_Xcaj4e-Iup4qG_wXWyL-uxqUKF5e3jnU.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:b700:5:100::10e , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/css_GZ0nQ6Jw3T_Xcaj4e-Iup4qG_wXWyL-uxqUKF5e3jnU.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Sep 2022 19:53:13 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
server: LiteSpeed
content-length: 708
vary: User-Agent
content-type: text/html

GET
H2 200 NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzYw.woff2
fonts.gstatic.com/s/titilliumweb/v15/ 12 KB
12 KB 66ms
20ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v15/NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzYw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,400i,600,800|Titillium+Web:400,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d5c1172f24f4f49f780c65cf5be897527fd08f3662a2ba8db0cfe0057d92e367

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://supportclientfacturereversmentprroadmin.justns.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 19:25:27 GMT
x-content-type-options: nosniff
age: 88066
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11796
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 15:47:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Aug 2023 19:25:27 GMT

GET
H2 200 NaPecZTIAOhVxoMyOr9n_E7fdMPmDQ.woff2
fonts.gstatic.com/s/titilliumweb/v15/ 12 KB
12 KB 51ms
24ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v15/NaPecZTIAOhVxoMyOr9n_E7fdMPmDQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,400i,600,800|Titillium+Web:400,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

557f6d0883db85be712c3a77baa38875ddf99ecbdfd6fec98e5c0b1f7a0e1532

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://supportclientfacturereversmentprroadmin.justns.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 19:24:57 GMT
x-content-type-options: nosniff
age: 88096
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12372
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:19:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Aug 2023 19:24:57 GMT

GET
H2 404 2.png
supportclientfacturereversmentprroadmin.justns.ru/templates/ 708 B
708 B 46ms
45ms Image
text/html 2a00:b700:5:100::10e
ASBAXET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://supportclientfacturereversmentprroadmin.justns.ru/templates/2.png
Requested by: Host: supportclientfacturereversmentprroadmin.justns.ru
URL: https://supportclientfacturereversmentprroadmin.justns.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:b700:5:100::10e , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://supportclientfacturereversmentprroadmin.justns.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Sep 2022 19:53:13 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
server: LiteSpeed
content-length: 708
vary: User-Agent
content-type: text/html

GET
H2 404 3.ico
supportclientfacturereversmentprroadmin.justns.ru/templates/ 708 B
708 B 46ms
46ms Image
text/html 2a00:b700:5:100::10e
ASBAXET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://supportclientfacturereversmentprroadmin.justns.ru/templates/3.ico
Requested by: Host: supportclientfacturereversmentprroadmin.justns.ru
URL: https://supportclientfacturereversmentprroadmin.justns.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:b700:5:100::10e , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://supportclientfacturereversmentprroadmin.justns.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Sep 2022 19:53:13 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
server: LiteSpeed
content-length: 708
vary: User-Agent
content-type: text/html

GET
H2 404 _fin_njr.gif
supportclientfacturereversmentprroadmin.justns.ru/sites/all/themes/custom/finance/images/ 708 B
708 B 47ms
46ms Image
text/html 2a00:b700:5:100::10e
ASBAXET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://supportclientfacturereversmentprroadmin.justns.ru/sites/all/themes/custom/finance/images/_fin_njr.gif
Requested by: Host: supportclientfacturereversmentprroadmin.justns.ru
URL: https://supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/css_GZ0nQ6Jw3T_Xcaj4e-Iup4qG_wXWyL-uxqUKF5e3jnU.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:b700:5:100::10e , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/css_GZ0nQ6Jw3T_Xcaj4e-Iup4qG_wXWyL-uxqUKF5e3jnU.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Sep 2022 19:53:13 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
server: LiteSpeed
content-length: 708
vary: User-Agent
content-type: text/html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Belgian Government (Government) Impots Gouv (Government)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
cutt.ly/	1969-12-31 23:59:59	Name: PHPSESSID Value: nbd3gorhg06cf15uafj681kmid
3c5.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: divouq1t3e18ovag389j73sn7a
3c5.com/	1970-01-20 05:41:03	Name: short_g5orc Value: 1

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/jquery-1.11.3.min.html Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/bootstrap.min.html Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/auth.html Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/urls.html Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/aide.html Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://supportclientfacturereversmentprroadmin.justns.ru/templates/impo_fichiers/Miniballs.html Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://supportclientfacturereversmentprroadmin.justns.ru/sites/all/themes/custom/finance/images/_fin_bg_dots_deg.gif Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://supportclientfacturereversmentprroadmin.justns.ru/templates/2.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://supportclientfacturereversmentprroadmin.justns.ru/templates/3.ico Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://supportclientfacturereversmentprroadmin.justns.ru/sites/all/themes/custom/finance/images/_fin_njr.gif Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3c5.com
cutt.ly
fonts.googleapis.com
fonts.gstatic.com
supportclientfacturereversmentprroadmin.justns.ru
2606:4700:10::6816:e8
2a00:1450:4001:829::2003
2a00:1450:400e:810::200a
2a00:b700:5:100::10e
2a06:98c1:3121::3
199d2743a270dd3fd771a8f87be22ea78a86ff05d6c8bfaec6a50a1797b78e75
24af00ae4e42c16eb15d8dc9fbd41c1aa13bd4983ee136801f3f4dd4600dc2c5
3204e01df55349362406c60e0b9afbe827906f93cd4ba7eb4194802d66743af6
34e35caeb63d2a1f9baf3a4d4f3868aa0b82a3458b5c79041b4729d1f9515c4f
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
557f6d0883db85be712c3a77baa38875ddf99ecbdfd6fec98e5c0b1f7a0e1532
59d549736637282e61259be858ab72763edc5a322f2952ffa4d450372aed1627
9c754dd05feb48a86e9f98386d27629430f821bbc7df729fab5302007f8681bb
b16fbbc475f7128aa28ed91bc59e48517a580ca486ef5a4836e240e62224cc61
bd41f1926d21d2cdcc4522c7d6ad6348e4f79230f97dc81910486b633fc98c23
d5c1172f24f4f49f780c65cf5be897527fd08f3662a2ba8db0cfe0057d92e367
eec4ddc2f0495ada45849e96fa6ade552674a9235ee809b9c0972fbe79c54ae8
ff6f22d67aa5b0061443d2b7ad38a792aff0bf804b9c4d9c61e963217efd4f7e

supportclientfacturereversmentprroadmin.justns.ru Open in urlscan Pro 2a00:b700:5:100::10e Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

22 Requests

100 %HTTPS

100 %IPv6

5 Domains

5 Subdomains

3 IPs

4 Countries

189 kBTransfer

519 kBSize

3 Cookies

14 Outgoing links

Page URL History

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

17 JavaScript Global Variables

3 Cookies

10 Console Messages

Indicators

supportclientfacturereversmentprroadmin.justns.ru Open in urlscan Pro
2a00:b700:5:100::10e Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

100 %
HTTPS

100 %
IPv6

5
Domains

5
Subdomains

3
IPs

4
Countries

189 kB
Transfer

519 kB
Size

3
Cookies

22 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!