u635233936.ha003.t.justns.ru
Open in
urlscan Pro
2a00:b700::28
Malicious Activity!
Public Scan
Effective URL: http://u635233936.ha003.t.justns.ru/at/acard/fr/adf3e8e96ac830e930dace68d9ea0780/
Submission: On March 06 via api from DE
Summary
This is the only time u635233936.ha003.t.justns.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Credit Agricole (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2001:4860:480... 2001:4860:4802:36::15 | 15169 (GOOGLE) (GOOGLE) | |
1 | 13.70.82.195 13.70.82.195 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
2 20 | 2a00:b700::28 2a00:b700::28 | 51659 (ASBAXET) (ASBAXET) | |
19 | 2 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.oxfordlawyers.com.au |
Apex Domain Subdomains |
Transfer | |
---|---|---|
20 |
justns.ru
2 redirects
u635233936.ha003.t.justns.ru |
126 KB |
1 |
oxfordlawyers.com.au
www.oxfordlawyers.com.au |
654 B |
1 |
suloej.com
1 redirects
suloej.com |
246 B |
19 | 3 |
Domain | Requested by | |
---|---|---|
20 | u635233936.ha003.t.justns.ru |
2 redirects
www.oxfordlawyers.com.au
u635233936.ha003.t.justns.ru |
1 | www.oxfordlawyers.com.au | |
1 | suloej.com | 1 redirects |
19 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://u635233936.ha003.t.justns.ru/at/acard/fr/adf3e8e96ac830e930dace68d9ea0780/
Frame ID: 6101835AB3604CB39A435DCEA423C6BD
Requests: 19 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://suloej.com/
HTTP 302
http://www.oxfordlawyers.com.au/wp-content/bleding/ Page URL
-
http://u635233936.ha003.t.justns.ru/at/acard/fr/
HTTP 302
http://u635233936.ha003.t.justns.ru/at/acard/fr/adf3e8e96ac830e930dace68d9ea0780 HTTP 301
http://u635233936.ha003.t.justns.ru/at/acard/fr/adf3e8e96ac830e930dace68d9ea0780/ Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://suloej.com/
HTTP 302
http://www.oxfordlawyers.com.au/wp-content/bleding/ Page URL
-
http://u635233936.ha003.t.justns.ru/at/acard/fr/
HTTP 302
http://u635233936.ha003.t.justns.ru/at/acard/fr/adf3e8e96ac830e930dace68d9ea0780 HTTP 301
http://u635233936.ha003.t.justns.ru/at/acard/fr/adf3e8e96ac830e930dace68d9ea0780/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://suloej.com/ HTTP 302
- http://www.oxfordlawyers.com.au/wp-content/bleding/
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
www.oxfordlawyers.com.au/wp-content/bleding/ Redirect Chain
|
118 B 654 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
u635233936.ha003.t.justns.ru/at/acard/fr/adf3e8e96ac830e930dace68d9ea0780/ Redirect Chain
|
16 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
antiquus.css
u635233936.ha003.t.justns.ru/at/acard/fr/adf3e8e96ac830e930dace68d9ea0780/img/ |
26 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.css
u635233936.ha003.t.justns.ru/at/acard/fr/adf3e8e96ac830e930dace68d9ea0780/img/ |
83 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles-mod.css
u635233936.ha003.t.justns.ru/at/acard/fr/adf3e8e96ac830e930dace68d9ea0780/img/ |
15 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2.PNG
u635233936.ha003.t.justns.ru/at/acard/fr/adf3e8e96ac830e930dace68d9ea0780/img/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
4.PNG
u635233936.ha003.t.justns.ru/at/acard/fr/adf3e8e96ac830e930dace68d9ea0780/img/ |
62 KB 62 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1.PNG
u635233936.ha003.t.justns.ru/at/acard/fr/adf3e8e96ac830e930dace68d9ea0780/img/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
point_transp.gif
u635233936.ha003.t.justns.ru/at/acard/fr/adf3e8e96ac830e930dace68d9ea0780/img/ |
87 B 437 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
3.PNG
u635233936.ha003.t.justns.ru/at/acard/fr/adf3e8e96ac830e930dace68d9ea0780/img/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
u635233936.ha003.t.justns.ru/at/acard/fr/adf3e8e96ac830e930dace68d9ea0780/ |
16 KB 5 KB |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
u635233936.ha003.t.justns.ru/at/acard/fr/adf3e8e96ac830e930dace68d9ea0780/ |
16 KB 5 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main_repeat.png
u635233936.ha003.t.justns.ru/at/acard/fr/adf3e8e96ac830e930dace68d9ea0780/img/ |
700 B 700 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
entete_light.png
u635233936.ha003.t.justns.ru/at/acard/fr/adf3e8e96ac830e930dace68d9ea0780/img/ |
701 B 701 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main_haut.png
u635233936.ha003.t.justns.ru/at/acard/fr/adf3e8e96ac830e930dace68d9ea0780/img/ |
698 B 698 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bloc_arrond_bas.png
u635233936.ha003.t.justns.ru/at/acard/fr/adf3e8e96ac830e930dace68d9ea0780/img/ |
704 B 704 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bloc_arrond_haut.png
u635233936.ha003.t.justns.ru/at/acard/fr/adf3e8e96ac830e930dace68d9ea0780/img/ |
705 B 705 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg_form.png
u635233936.ha003.t.justns.ru/at/acard/fr/adf3e8e96ac830e930dace68d9ea0780/img/ |
696 B 696 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
thead.png
u635233936.ha003.t.justns.ru/at/acard/fr/adf3e8e96ac830e930dace68d9ea0780/img/ |
694 B 694 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Credit Agricole (Banking)47 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate string| OS string| Version number| posOS number| posOS2 function| setSize function| clicPosition undefined| code undefined| pos_der_code undefined| affiche_code function| effacer function| cocherCase function| corriger string| path_static string| path_dynamic string| caisse function| raf string| urlappli string| urlapplisecu function| ValidCertif function| ValidCertifSecu string| statusconfirmer string| statusannuler string| statusaide string| statuscondjur string| statusdemo string| statuscompte string| statuscode string| statuscorriger string| statusclavnum string| statusrecom string| App number| Nav_sup boolean| browserOK boolean| browserOK1 boolean| browserOK2 function| ouvrePOPUP function| ouvreassistance function| ouvreFenetre function| validation function| isNumerique function| isAlphaNum string| srcLien string| srcPuceLien string| yesno string| authentif0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src http: data: 'unsafe-inline' 'unsafe-eval' |
X-Content-Type-Options | nosniff |
X-Frame-Options | sameorigin |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
suloej.com
u635233936.ha003.t.justns.ru
www.oxfordlawyers.com.au
13.70.82.195
2001:4860:4802:36::15
2a00:b700::28
2683fba7cb1a08e283ce4e36c30da6b0fb637805500ce1fbdc273e3dc6aa31e7
28d29a40c4a908d5d5906cd167578f4e09d88a3e59e2eb8e45a4285e2b0d905f
2a9238404356dd38cde454db089022e19ba6c73641ee7e24a04e9f046e420cdd
71aa0dc785c19fe006ad49b5bc99c67820ffd5ee4a5c44fc122dd423cb3bfa02
7a1a0dc539a9129f3ce1a26e7598a54217d8c8c0291f1a267976dcdad89bbe57
7b2736d09d34494af3490ed5a4c14776f2c9f1c72e58f9c2ea692d17c1eb5311
89afaf4d68d37d010300b2269d101839bb50a40aac351d4d65386c9c9cdb3176
93c14a18bf17e789c6ff56c7058ff4c3442803c533cf3384be0a352a54fac0ee
981fc6bc288f27176dfd0511a1ca0e867bf6f63e6e04c076afbb9fe4fdf180af
99061689d60e130cc5f2cf4bfc3e6fe0121f666d06fcb4217718d6b957766a5a
af03fd5bbea38498f45dade415005c9bc1b63261411b5e6a2f4e83ed52c0c55e
cfbc52d7e1209e2eece7f2d2de4b75860356d85dd0a657667b5c4cc876d49d98
d67e183b9aabab69af65bccc1951cb8a7fd244557cd591112f4ff7ff3fde9c0b
dbab1ee5dfd7e485b6db1953bce9836100c158a10a59712d61b3e318bdf054dd
dbfbcbafd2d82f705eb25d811a858ffe6affa7aced9d4c0e0fb826637c8c0e3d
df8489961ef5bc946614ca9e3a299cb6a50e7398429db3a257bfe5b6648122be
e6ebd97ad66c3f6d4d2e43ffa5f601d8d8b3a4b110b4d359c3524a3403f31290