helda.by Open in urlscan Pro
80.94.225.42 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://helda.by/wp-content/utah/
Submission Tags: @ipnigh
Submission: On April 23 via api (April 23rd 2020, 3:29:19 pm UTC) from GB

Summary HTTP 15 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 15 HTTP transactions. The main IP is 80.94.225.42, located in Belarus and belongs to IPTEL-AS, BY. The main domain is helda.by.

This is the only time helda.by was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: US Universities (Education)

Domain & IP information

	IP Address	AS Autonomous System
13	80.94.225.42 80.94.225.42	21305 (IPTEL-AS) (IPTEL-AS)
1	155.97.137.30 155.97.137.30	17055 (UTAH) (UTAH)
15	3

13 80.94.225.42 (Belarus)

ASN21305 (IPTEL-AS, BY)
PTR: mail.hosting.iptel.by

helda.by	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 155.97.137.30 (Salt Lake City, United States)

ASN17055 (UTAH, US)
PTR: autodiscover.coe.utah.edu

www.umail.utah.edu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	helda.by helda.by	79 KB
1	utah.edu www.umail.utah.edu	532 B
0	Failed function sub() { [native code] }. Failed
15	3

	Domain	Requested by
13	helda.by	helda.by
1	www.umail.utah.edu	helda.by
0	hhojmcideegachlhfgfdhailpfhgknjm Failed	helda.by
15	3

This site contains links to these domains. Also see Links.

Domain
uofu.service-now.com
webtools.umail.utah.edu
www.umail.utah.edu
office.com
www.it.utah.edu
www.utah.edu

Subject Issuer	Validity	Valid
www.umail.utah.edu InCommon RSA Server CA	`2018-11-16` - `2020-11-15`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://helda.by/wp-content/utah/
Frame ID: 05D1D5EC18C679DA8CB6D2C91741B3AD
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

15
Requests

7 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

79 kB
Transfer

117 kB
Size

1
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://uofu.service-now.com/it?id=uu_kb_article&sys_id=cbc3f8ae13fceec0ae6d53228144b075
Title: UMail Help

Search URL Search Domain Scan URL

URL: https://webtools.umail.utah.edu/
Title: WebTools

Search URL Search Domain Scan URL

URL: https://www.umail.utah.edu/owa/auth/logon.aspx?replaceCurrent=1&reason=2&url=https%3a%2f%2fwww.umail.utah.edu%2fowa
Title: What is this?

Search URL Search Domain Scan URL

URL: http://office.com/redir/HA102824601.aspx
Title: click here.

Search URL Search Domain Scan URL

URL: http://www.it.utah.edu/
Title: University Information Technology

Search URL Search Domain Scan URL

URL: http://www.utah.edu/
Title: The University of Utah

Search URL Search Domain Scan URL

URL: http://www.utah.edu/disclaimer/index.html
Title: Disclaimer

Search URL Search Domain Scan URL

URL: http://www.utah.edu/privacy/
Title: Privacy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response helda.by/wp-content/utah/	67 KB 29 KB	392ms 100ms	Document text/html	80.94.225.42 IPTEL-AS
General Check archive.org Show headers Download Go to Full URL http://helda.by/wp-content/utah/ Protocol HTTP/1.1 Server 80.94.225.42 , Belarus, ASN21305 (IPTEL-AS, BY), Reverse DNS mail.hosting.iptel.by Software nginx/1.16.0 / Resource Hash `24cd119d64e5c7bdb4d08ab2464daeca89d270f0b27f3d13f30394e8322a8de5` Request headers Host helda.by Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Server nginx/1.16.0 Date Thu, 23 Apr 2020 15:28:59 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive Vary Accept-Encoding Content-Encoding gzip
GET H/1.1	200 OK	logon.css helda.by/wp-content/utah/index_files/	3 KB 4 KB	105ms 93ms	Stylesheet text/css	80.94.225.42 IPTEL-AS
General Check archive.org Show headers Download Go to Full URL http://helda.by/wp-content/utah/index_files/logon.css Requested by Host: helda.by URL: http://helda.by/wp-content/utah/ Protocol HTTP/1.1 Server 80.94.225.42 , Belarus, ASN21305 (IPTEL-AS, BY), Reverse DNS mail.hosting.iptel.by Software nginx/1.16.0 / Resource Hash `e6b41c8774f6be10407c96c65e786f45a71343591ecf6d73acb6011124490c02` Request headers Referer http://helda.by/wp-content/utah/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 23 Apr 2020 15:28:59 GMT Last-Modified Wed, 22 Apr 2020 19:54:41 GMT Server nginx/1.16.0 ETag "5ea0a101-d2f" Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 3375
GET H/1.1	200 OK	owafont.css helda.by/wp-content/utah/index_files/	5 KB 5 KB	104ms 92ms	Stylesheet text/css	80.94.225.42 IPTEL-AS
General Check archive.org Show headers Download Go to Full URL http://helda.by/wp-content/utah/index_files/owafont.css Requested by Host: helda.by URL: http://helda.by/wp-content/utah/ Protocol HTTP/1.1 Server 80.94.225.42 , Belarus, ASN21305 (IPTEL-AS, BY), Reverse DNS mail.hosting.iptel.by Software nginx/1.16.0 / Resource Hash `5a8a50bbfec3340a13879de71a5dbe889eca252ac9cfb523c6cea94f05b7b673` Request headers Referer http://helda.by/wp-content/utah/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 23 Apr 2020 15:28:59 GMT Last-Modified Wed, 22 Apr 2020 19:54:41 GMT Server nginx/1.16.0 ETag "5ea0a101-12d6" Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 4822
GET H/1.1	200 OK	flogon.js.download Show response helda.by/wp-content/utah/index_files/	4 KB 2 KB	105ms 94ms	Script application/javascript	80.94.225.42 IPTEL-AS
General Check archive.org Show headers Download Go to Full URL http://helda.by/wp-content/utah/index_files/flogon.js.download Requested by Host: helda.by URL: http://helda.by/wp-content/utah/ Protocol HTTP/1.1 Server 80.94.225.42 , Belarus, ASN21305 (IPTEL-AS, BY), Reverse DNS mail.hosting.iptel.by Software nginx/1.16.0 / Resource Hash `215d250a6028db2afb14ba5028f23493f042cee6fdd59f59e4deb10fd63b1060` Request headers Referer http://helda.by/wp-content/utah/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 23 Apr 2020 15:28:59 GMT Content-Encoding gzip Last-Modified Wed, 22 Apr 2020 19:54:41 GMT Server nginx/1.16.0 ETag "10c8-5a3e680bcc3d8-gzip" Vary Accept-Encoding Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 1685
GET H/1.1	200 OK	lgntopl.gif helda.by/wp-content/utah/index_files/	9 KB 9 KB	51ms 51ms	Image image/gif	80.94.225.42 IPTEL-AS
General Check archive.org Show headers Download Go to Show image Full URL http://helda.by/wp-content/utah/index_files/lgntopl.gif Requested by Host: helda.by URL: http://helda.by/wp-content/utah/ Protocol HTTP/1.1 Server 80.94.225.42 , Belarus, ASN21305 (IPTEL-AS, BY), Reverse DNS mail.hosting.iptel.by Software nginx/1.16.0 / Resource Hash `d9a847e157c07d64faa94862f40d5800f57f20addd3cf0d9fbf28fb06ea285d1` Request headers Referer http://helda.by/wp-content/utah/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 23 Apr 2020 15:28:59 GMT Last-Modified Wed, 22 Apr 2020 19:54:41 GMT Server nginx/1.16.0 ETag "5ea0a101-2503" Content-Type image/gif Connection keep-alive Accept-Ranges bytes Content-Length 9475
GET H/1.1	200 OK	lgntopr.gif helda.by/wp-content/utah/index_files/	738 B 976 B	52ms 52ms	Image image/gif	80.94.225.42 IPTEL-AS
General Check archive.org Show headers Download Go to Show image Full URL http://helda.by/wp-content/utah/index_files/lgntopr.gif Requested by Host: helda.by URL: http://helda.by/wp-content/utah/ Protocol HTTP/1.1 Server 80.94.225.42 , Belarus, ASN21305 (IPTEL-AS, BY), Reverse DNS mail.hosting.iptel.by Software nginx/1.16.0 / Resource Hash `082ec41ad08138ac984a5b04a99595c8b08b727d5c5582cdf8dd8409bac9f4a1` Request headers Referer http://helda.by/wp-content/utah/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 23 Apr 2020 15:28:59 GMT Last-Modified Wed, 22 Apr 2020 19:54:41 GMT Server nginx/1.16.0 ETag "5ea0a101-2e2" Content-Type image/gif Connection keep-alive Accept-Ranges bytes Content-Length 738
GET H/1.1	200 OK	lgnexlogo.gif helda.by/wp-content/utah/index_files/	6 KB 6 KB	53ms 52ms	Image image/gif	80.94.225.42 IPTEL-AS
General Check archive.org Show headers Download Go to Show image Full URL http://helda.by/wp-content/utah/index_files/lgnexlogo.gif Requested by Host: helda.by URL: http://helda.by/wp-content/utah/ Protocol HTTP/1.1 Server 80.94.225.42 , Belarus, ASN21305 (IPTEL-AS, BY), Reverse DNS mail.hosting.iptel.by Software nginx/1.16.0 / Resource Hash `3c11c3147a6748095b23c5c6919d43670137a99b36a2832d5a26ce3ffd02742e` Request headers Referer http://helda.by/wp-content/utah/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 23 Apr 2020 15:28:59 GMT Last-Modified Wed, 22 Apr 2020 19:54:41 GMT Server nginx/1.16.0 ETag "5ea0a101-189d" Content-Type image/gif Connection keep-alive Accept-Ranges bytes Content-Length 6301
GET H/1.1	200 OK	lgnbotl.gif helda.by/wp-content/utah/index_files/	180 B 417 B	53ms 53ms	Image image/gif	80.94.225.42 IPTEL-AS
General Check archive.org Show headers Download Go to Show image Full URL http://helda.by/wp-content/utah/index_files/lgnbotl.gif Requested by Host: helda.by URL: http://helda.by/wp-content/utah/ Protocol HTTP/1.1 Server 80.94.225.42 , Belarus, ASN21305 (IPTEL-AS, BY), Reverse DNS mail.hosting.iptel.by Software nginx/1.16.0 / Resource Hash `d43b54099a9b1b387857da97e98ec0e3fb06c1476e17cd1839f1e87da5da7f9f` Request headers Referer http://helda.by/wp-content/utah/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 23 Apr 2020 15:28:59 GMT Last-Modified Wed, 22 Apr 2020 19:54:41 GMT Server nginx/1.16.0 ETag "5ea0a101-b4" Content-Type image/gif Connection keep-alive Accept-Ranges bytes Content-Length 180
GET H/1.1	200 OK	lgnbotr.gif helda.by/wp-content/utah/index_files/	76 B 312 B	104ms 93ms	Image image/gif	80.94.225.42 IPTEL-AS
General Check archive.org Show headers Download Go to Show image Full URL http://helda.by/wp-content/utah/index_files/lgnbotr.gif Requested by Host: helda.by URL: http://helda.by/wp-content/utah/ Protocol HTTP/1.1 Server 80.94.225.42 , Belarus, ASN21305 (IPTEL-AS, BY), Reverse DNS mail.hosting.iptel.by Software nginx/1.16.0 / Resource Hash `68735edb4b81bf80b20746699995d801b7d98941ed3a6e9eebe931fea734a6a3` Request headers Referer http://helda.by/wp-content/utah/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 23 Apr 2020 15:28:59 GMT Last-Modified Wed, 22 Apr 2020 19:54:41 GMT Server nginx/1.16.0 ETag "5ea0a101-4c" Content-Type image/gif Connection keep-alive Accept-Ranges bytes Content-Length 76
GET		index.js hhojmcideegachlhfgfdhailpfhgknjm/web_accessible_resources/	0 0

GET H/1.1	200 OK	page-bg.gif www.umail.utah.edu/owa/auth/2010resources/	47 B 532 B	1338ms 255ms	Image image/gif	155.97.137.30 UTAH
General Check archive.org Show headers Download Go to Show image Full URL https://www.umail.utah.edu/owa/auth/2010resources/page-bg.gif Requested by Host: helda.by URL: http://helda.by/wp-content/utah/ Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 155.97.137.30 Salt Lake City, United States, ASN17055 (UTAH, US), Reverse DNS autodiscover.coe.utah.edu Software Microsoft-IIS/10.0 / ASP.NET Resource Hash `bab4372565d9faf99e6aec22c54a095d5ced7d47e7a946692e9ae3b5e6d83ce2` Request headers Referer http://helda.by/wp-content/utah/index_files/logon.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers request-id ce33c1ea-fb4a-4125-975b-0510756e4b0b Date Thu, 23 Apr 2020 15:29:00 GMT Last-Modified Thu, 15 Sep 2011 17:18:54 GMT Server Microsoft-IIS/10.0 X-Powered-By ASP.NET ETag "f2b0968bcb73cc1:0" Content-Type image/gif Cache-Control public,max-age=2592000 Accept-Ranges bytes Content-Length 47
GET H/1.1	404 Not Found	lgntopm.gif helda.by/owa/auth/2010resources/	977 B 977 B	296ms 249ms	Image text/html	80.94.225.42 IPTEL-AS
General Check archive.org Show headers Download Go to Show image Full URL http://helda.by/owa/auth/2010resources/lgntopm.gif Requested by Host: helda.by URL: http://helda.by/wp-content/utah/ Protocol HTTP/1.1 Server 80.94.225.42 , Belarus, ASN21305 (IPTEL-AS, BY), Reverse DNS mail.hosting.iptel.by Software nginx/1.16.0 / Resource Hash `11881826d9416f58da46dff850b778703daa9168dec4b1d1fd395883872d44be` Request headers Referer http://helda.by/wp-content/utah/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 23 Apr 2020 15:28:59 GMT Server nginx/1.16.0 Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control no-cache, must-revalidate, max-age=0 Connection keep-alive Link <http://helda.by/wp-json/>; rel="https://api.w.org/" Expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	404 Not Found	lgnleft.gif helda.by/owa/auth/2010resources/	3 KB 3 KB	268ms 232ms	Image text/html	80.94.225.42 IPTEL-AS
General Check archive.org Show headers Download Go to Show image Full URL http://helda.by/owa/auth/2010resources/lgnleft.gif Requested by Host: helda.by URL: http://helda.by/wp-content/utah/ Protocol HTTP/1.1 Server 80.94.225.42 , Belarus, ASN21305 (IPTEL-AS, BY), Reverse DNS mail.hosting.iptel.by Software nginx/1.16.0 / Resource Hash `14ed0d03fb7a308294952a8f33fb6bf52488ba0c3ce423c3ae3d74dd660d7869` Request headers Referer http://helda.by/wp-content/utah/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 23 Apr 2020 15:28:59 GMT Server nginx/1.16.0 Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control no-cache, must-revalidate, max-age=0 Connection keep-alive Link <http://helda.by/wp-json/>; rel="https://api.w.org/" Expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	404 Not Found	lgnbotm.gif helda.by/owa/auth/2010resources/	8 KB 8 KB	288ms 288ms	Image text/html	80.94.225.42 IPTEL-AS
General Check archive.org Show headers Download Go to Show image Full URL http://helda.by/owa/auth/2010resources/lgnbotm.gif Requested by Host: helda.by URL: http://helda.by/wp-content/utah/ Protocol HTTP/1.1 Server 80.94.225.42 , Belarus, ASN21305 (IPTEL-AS, BY), Reverse DNS mail.hosting.iptel.by Software nginx/1.16.0 / Resource Hash `d123408d2ddb3f3383ac3fe59434ac36637ae186803a2f00e919188ae97dc4bf` Request headers Referer http://helda.by/wp-content/utah/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 23 Apr 2020 15:28:59 GMT Server nginx/1.16.0 Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control no-cache, must-revalidate, max-age=0 Connection keep-alive Link <http://helda.by/wp-json/>; rel="https://api.w.org/" Expires Wed, 11 Jan 1984 05:00:00 GMT
POST H/1.1	404 Not Found	clm10 Show response helda.by/	10 KB 10 KB	226ms 226ms	XHR text/html	80.94.225.42 IPTEL-AS
General Check archive.org Show headers Download Go to Full URL http://helda.by/clm10 Requested by Host: helda.by URL: http://helda.by/wp-content/utah/ Protocol HTTP/1.1 Server 80.94.225.42 , Belarus, ASN21305 (IPTEL-AS, BY), Reverse DNS mail.hosting.iptel.by Software nginx/1.16.0 / Resource Hash `669037b6b4531fa3465fe22f20b35c9c18cc866fd0e3862390ad4d9dee138db2` Request headers Referer http://helda.by/wp-content/utah/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers Date Thu, 23 Apr 2020 15:29:01 GMT Server nginx/1.16.0 Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control no-cache, must-revalidate, max-age=0 Connection keep-alive Link <http://helda.by/wp-json/>; rel="https://api.w.org/" Expires Wed, 11 Jan 1984 05:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: hhojmcideegachlhfgfdhailpfhgknjm
URL: chrome-extension://hhojmcideegachlhfgfdhailpfhgknjm/web_accessible_resources/index.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: US Universities (Education)

36 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			helda.by/wp-content/utah	1969-12-31 23:59:59	Name: cookieTest Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

helda.by
hhojmcideegachlhfgfdhailpfhgknjm
www.umail.utah.edu
hhojmcideegachlhfgfdhailpfhgknjm
155.97.137.30
80.94.225.42
082ec41ad08138ac984a5b04a99595c8b08b727d5c5582cdf8dd8409bac9f4a1
11881826d9416f58da46dff850b778703daa9168dec4b1d1fd395883872d44be
14ed0d03fb7a308294952a8f33fb6bf52488ba0c3ce423c3ae3d74dd660d7869
215d250a6028db2afb14ba5028f23493f042cee6fdd59f59e4deb10fd63b1060
24cd119d64e5c7bdb4d08ab2464daeca89d270f0b27f3d13f30394e8322a8de5
3c11c3147a6748095b23c5c6919d43670137a99b36a2832d5a26ce3ffd02742e
5a8a50bbfec3340a13879de71a5dbe889eca252ac9cfb523c6cea94f05b7b673
669037b6b4531fa3465fe22f20b35c9c18cc866fd0e3862390ad4d9dee138db2
68735edb4b81bf80b20746699995d801b7d98941ed3a6e9eebe931fea734a6a3
bab4372565d9faf99e6aec22c54a095d5ced7d47e7a946692e9ae3b5e6d83ce2
d123408d2ddb3f3383ac3fe59434ac36637ae186803a2f00e919188ae97dc4bf
d43b54099a9b1b387857da97e98ec0e3fb06c1476e17cd1839f1e87da5da7f9f
d9a847e157c07d64faa94862f40d5800f57f20addd3cf0d9fbf28fb06ea285d1
e6b41c8774f6be10407c96c65e786f45a71343591ecf6d73acb6011124490c02

helda.by Open in urlscan Pro 80.94.225.42 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

15 Requests

7 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

79 kBTransfer

117 kBSize

1 Cookies

8 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

36 JavaScript Global Variables

1 Cookies

Indicators

helda.by Open in urlscan Pro
80.94.225.42 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

7 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

79 kB
Transfer

117 kB
Size

1
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!