srv187078.hoster-test.ru Open in urlscan Pro
31.28.24.126 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://cuesco.tk/vec
Effective URL:
http://srv187078.hoster-test.ru/goauv/app/
Submission: On March 01 via manual (March 1st 2023, 3:01:05 am UTC) from AU — Scanned from AU

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 15 HTTP transactions. The main IP is 31.28.24.126, located in Russian Federation and belongs to CITYTELECOM-AS Filanco LTD, RU. The main domain is srv187078.hoster-test.ru.

This is the only time srv187078.hoster-test.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Australian Government (Government)

Domain & IP information

	IP Address	AS Autonomous System
1 2	162.241.71.236 162.241.71.236	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
2 12	31.28.24.126 31.28.24.126	29076 (CITYTELEC...) (CITYTELECOM-AS Filanco LTD)
15	3

2 162.241.71.236 (United States) 1 redirects

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 162-241-71-236.webhostbox.net

cuesco.tk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 31.28.24.126 (Russian Federation) 2 redirects

ASN29076 (CITYTELECOM-AS Filanco LTD, RU)
PTR: c16w.hoster.ru

srv187078.hoster-test.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	hoster-test.ru 2 redirects srv187078.hoster-test.ru	462 KB
2	cuesco.tk 1 redirects cuesco.tk	587 B
0	gstatic.com Failed fonts.gstatic.com Failed
15	3

	Domain	Requested by
12	srv187078.hoster-test.ru	2 redirects srv187078.hoster-test.ru
2	cuesco.tk	1 redirects
0	fonts.gstatic.com Failed	srv187078.hoster-test.ru
15	3

This site contains no links.

Subject Issuer	Validity	Valid
www.cuesco.tk R3	`2023-02-14` - `2023-05-15`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://srv187078.hoster-test.ru/goauv/app/
Frame ID: 5684D550BABF7523733F33BEC4CC3D1E
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://cuesco.tk/vec HTTP 301
https://cuesco.tk/vec/ Page URL
http://srv187078.hoster-test.ru/goauv HTTP 301
http://srv187078.hoster-test.ru/goauv/ HTTP 302
http://srv187078.hoster-test.ru/goauv/app/ Page URL

Page Statistics

15
Requests

7 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

461 kB
Transfer

654 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://cuesco.tk/vec HTTP 301
https://cuesco.tk/vec/ Page URL
http://srv187078.hoster-test.ru/goauv HTTP 301
http://srv187078.hoster-test.ru/goauv/ HTTP 302
http://srv187078.hoster-test.ru/goauv/app/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://cuesco.tk/vec HTTP 301
https://cuesco.tk/vec/

15 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response cuesco.tk/vec/ Redirect Chain https://cuesco.tk/vec https://cuesco.tk/vec/	103 B 344 B	278ms 278ms	Document text/html	162.241.71.236 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Full URL https://cuesco.tk/vec/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.241.71.236 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS 162-241-71-236.webhostbox.net Software Apache / Resource Hash `a8b01f29daa46473d92f0e136310af803eff9f1a473d9e47ca3ea537b87031f5` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers Accept-Ranges bytes Connection Keep-Alive Content-Length 103 Content-Type text/html Date Wed, 01 Mar 2023 03:00:57 GMT Keep-Alive timeout=5, max=99 Last-Modified Wed, 01 Mar 2023 01:21:30 GMT Server Apache Redirect headers Connection Keep-Alive Content-Length 230 Content-Type text/html; charset=iso-8859-1 Date Wed, 01 Mar 2023 03:00:57 GMT Keep-Alive timeout=5, max=100 Location https://cuesco.tk/vec/ Server Apache
GET H/1.1	200 OK	Primary Request / Show response srv187078.hoster-test.ru/goauv/app/ Redirect Chain http://srv187078.hoster-test.ru/goauv http://srv187078.hoster-test.ru/goauv/ http://srv187078.hoster-test.ru/goauv/app/	11 KB 11 KB	544ms 544ms	Document text/html	31.28.24.126 CITYTELECOM-AS Fi...
General Check archive.org Show headers Download Go to Full URL http://srv187078.hoster-test.ru/goauv/app/ Protocol HTTP/1.1 Server 31.28.24.126 , Russian Federation, ASN29076 (CITYTELECOM-AS Filanco LTD, RU), Reverse DNS c16w.hoster.ru Software Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141 / PHP/5.6.40 Resource Hash `4ec46fad74fd10553f74b5afd6499fba6a2b43e84fe8d2a1aa029457a4d02c9a` Request headers Referer https://cuesco.tk/vec/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection keep-alive Content-Type text/html; charset=UTF-8 Date Wed, 01 Mar 2023 03:01:02 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Pragma no-cache Server Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141 Transfer-Encoding chunked X-Cache MISS from t0.hoster.ru X-Cache-Lookup MISS from t0.hoster.ru:6666 X-Powered-By PHP/5.6.40 Redirect headers Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection keep-alive Content-Type text/html; charset=UTF-8 Date Wed, 01 Mar 2023 03:01:00 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Location app/ Pragma no-cache Server Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141 Transfer-Encoding chunked X-Cache MISS from t0.hoster.ru X-Cache-Lookup MISS from t0.hoster.ru:6666 X-Powered-By PHP/5.6.40
GET H/1.1	200 OK	ruxitagentjs_ICA2Vfghjqrux_10243220606153550.js.download Show response srv187078.hoster-test.ru/goauv/app/login_files/	239 KB 240 KB	356ms 355ms	Script application/javascript	31.28.24.126 CITYTELECOM-AS Fi...
General Check archive.org Show headers Download Go to Full URL http://srv187078.hoster-test.ru/goauv/app/login_files/ruxitagentjs_ICA2Vfghjqrux_10243220606153550.js.download Requested by Host: srv187078.hoster-test.ru URL: http://srv187078.hoster-test.ru/goauv/app/ Protocol HTTP/1.1 Server 31.28.24.126 , Russian Federation, ASN29076 (CITYTELECOM-AS Filanco LTD, RU), Reverse DNS c16w.hoster.ru Software Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141 / Resource Hash `551d6fdc92d330f73f7b1b18554fd619d72aa8e883f8192a05f6466049ae58b9` Request headers accept-language en-AU,en;q=0.9 Referer http://srv187078.hoster-test.ru/goauv/app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Wed, 01 Mar 2023 03:01:03 GMT X-Cache-Lookup MISS from t0.hoster.ru:6666 Last-Modified Thu, 23 Feb 2023 00:01:45 GMT Server Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141 ETag "3bc81-5f552b7f2adce" X-Cache MISS from t0.hoster.ru Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 244865
GET H/1.1	200 OK	css srv187078.hoster-test.ru/goauv/app/login_files/	16 KB 16 KB	712ms 359ms	Stylesheet text/plain	31.28.24.126 CITYTELECOM-AS Fi...
General Check archive.org Show headers Download Go to Full URL http://srv187078.hoster-test.ru/goauv/app/login_files/css Requested by Host: srv187078.hoster-test.ru URL: http://srv187078.hoster-test.ru/goauv/app/ Protocol HTTP/1.1 Server 31.28.24.126 , Russian Federation, ASN29076 (CITYTELECOM-AS Filanco LTD, RU), Reverse DNS c16w.hoster.ru Software Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141 / Resource Hash `00b399de3012a5f809a1fb531286f8cdb5e7671e865f0423a0ba0dfffcc8d9c5` Request headers accept-language en-AU,en;q=0.9 Referer http://srv187078.hoster-test.ru/goauv/app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Wed, 01 Mar 2023 03:01:03 GMT X-Cache-Lookup HIT from t0.hoster.ru:6666 Last-Modified Thu, 23 Feb 2023 00:01:43 GMT Server Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141 ETag "3e92-5f552b7d52ed6" X-Cache MISS from t0.hoster.ru Content-Type text/plain; charset=UTF-8 Connection keep-alive Accept-Ranges bytes Content-Length 16018
GET H/1.1	200 OK	mgv2-application.css srv187078.hoster-test.ru/goauv/app/login_files/	122 KB 123 KB	710ms 356ms	Stylesheet text/css	31.28.24.126 CITYTELECOM-AS Fi...
General Check archive.org Show headers Download Go to Full URL http://srv187078.hoster-test.ru/goauv/app/login_files/mgv2-application.css Requested by Host: srv187078.hoster-test.ru URL: http://srv187078.hoster-test.ru/goauv/app/ Protocol HTTP/1.1 Server 31.28.24.126 , Russian Federation, ASN29076 (CITYTELECOM-AS Filanco LTD, RU), Reverse DNS c16w.hoster.ru Software Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141 / Resource Hash `e4b278f03b15d98341b6b1960e1b1d8c34dbd53cdec867348be0d728317ae756` Request headers accept-language en-AU,en;q=0.9 Referer http://srv187078.hoster-test.ru/goauv/app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Wed, 01 Mar 2023 03:01:03 GMT X-Cache-Lookup HIT from t0.hoster.ru:6666 Last-Modified Thu, 23 Feb 2023 00:01:44 GMT Server Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141 ETag "1e9fc-5f552b7ddd5bc" X-Cache MISS from t0.hoster.ru Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 125436
GET H/1.1	200 OK	blugov.css srv187078.hoster-test.ru/goauv/app/login_files/	69 KB 69 KB	824ms 466ms	Stylesheet text/css	31.28.24.126 CITYTELECOM-AS Fi...
General Check archive.org Show headers Download Go to Full URL http://srv187078.hoster-test.ru/goauv/app/login_files/blugov.css Requested by Host: srv187078.hoster-test.ru URL: http://srv187078.hoster-test.ru/goauv/app/ Protocol HTTP/1.1 Server 31.28.24.126 , Russian Federation, ASN29076 (CITYTELECOM-AS Filanco LTD, RU), Reverse DNS c16w.hoster.ru Software Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141 / Resource Hash `5ad45c3c8b9efc9e5427d60339eb9b65ffa97a501fe111fe373b100393acc405` Request headers accept-language en-AU,en;q=0.9 Referer http://srv187078.hoster-test.ru/goauv/app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Wed, 01 Mar 2023 03:01:03 GMT X-Cache-Lookup HIT from t0.hoster.ru:6666 Last-Modified Thu, 23 Feb 2023 00:01:43 GMT Server Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141 ETag "11275-5f552b7d653d0" X-Cache MISS from t0.hoster.ru Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 70261
GET H/1.1	200 OK	myGov-cobranded-logo-black.svg srv187078.hoster-test.ru/goauv/app/login_files/	8 KB 0	362ms 361ms	Image image/svg+xml	31.28.24.126 CITYTELECOM-AS Fi...
General Check archive.org Show headers Download Go to Show image Full URL http://srv187078.hoster-test.ru/goauv/app/login_files/myGov-cobranded-logo-black.svg Requested by Host: srv187078.hoster-test.ru URL: http://srv187078.hoster-test.ru/goauv/app/ Protocol HTTP/1.1 Server 31.28.24.126 , Russian Federation, ASN29076 (CITYTELECOM-AS Filanco LTD, RU), Reverse DNS c16w.hoster.ru Software Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141 / Resource Hash Request headers accept-language en-AU,en;q=0.9 Referer http://srv187078.hoster-test.ru/goauv/app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Wed, 01 Mar 2023 03:01:05 GMT X-Cache-Lookup HIT from t0.hoster.ru:6666 Last-Modified Thu, 23 Feb 2023 00:01:45 GMT Server Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141 ETag "fa8f-5f552b7e7b525" X-Cache MISS from t0.hoster.ru Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 64143
GET H/1.1	200 OK	myGov-cobranded-logo-white.svg srv187078.hoster-test.ru/goauv/app/login_files/	28 KB 0	453ms 359ms	Image image/svg+xml	31.28.24.126 CITYTELECOM-AS Fi...
General Check archive.org Show headers Download Go to Show image Full URL http://srv187078.hoster-test.ru/goauv/app/login_files/myGov-cobranded-logo-white.svg Requested by Host: srv187078.hoster-test.ru URL: http://srv187078.hoster-test.ru/goauv/app/ Protocol HTTP/1.1 Server 31.28.24.126 , Russian Federation, ASN29076 (CITYTELECOM-AS Filanco LTD, RU), Reverse DNS c16w.hoster.ru Software Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141 / Resource Hash Request headers accept-language en-AU,en;q=0.9 Referer http://srv187078.hoster-test.ru/goauv/app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Wed, 01 Mar 2023 03:01:05 GMT X-Cache-Lookup HIT from t0.hoster.ru:6666 Last-Modified Thu, 23 Feb 2023 00:01:45 GMT Server Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141 ETag "fa8c-5f552b7f034fa" X-Cache MISS from t0.hoster.ru Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 64140
GET H/1.1	200 OK	mgv2-vendor.js.download srv187078.hoster-test.ru/goauv/app/login_files/	102 KB 0	356ms 356ms	Script application/javascript	31.28.24.126 CITYTELECOM-AS Fi...
General Check archive.org Show headers Download Go to Full URL http://srv187078.hoster-test.ru/goauv/app/login_files/mgv2-vendor.js.download Requested by Host: srv187078.hoster-test.ru URL: http://srv187078.hoster-test.ru/goauv/app/ Protocol HTTP/1.1 Server 31.28.24.126 , Russian Federation, ASN29076 (CITYTELECOM-AS Filanco LTD, RU), Reverse DNS c16w.hoster.ru Software Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141 / Resource Hash Request headers accept-language en-AU,en;q=0.9 Referer http://srv187078.hoster-test.ru/goauv/app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Wed, 01 Mar 2023 03:01:05 GMT X-Cache-Lookup HIT from t0.hoster.ru:6666 Last-Modified Thu, 23 Feb 2023 00:01:45 GMT Server Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141 ETag "251cf-5f552b7e6e233" X-Cache MISS from t0.hoster.ru Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 152015
GET H/1.1	200 OK	mgv2-application.js.download srv187078.hoster-test.ru/goauv/app/login_files/	58 KB 0	357ms 356ms	Script application/javascript	31.28.24.126 CITYTELECOM-AS Fi...
General Check archive.org Show headers Download Go to Full URL http://srv187078.hoster-test.ru/goauv/app/login_files/mgv2-application.js.download Requested by Host: srv187078.hoster-test.ru URL: http://srv187078.hoster-test.ru/goauv/app/ Protocol HTTP/1.1 Server 31.28.24.126 , Russian Federation, ASN29076 (CITYTELECOM-AS Filanco LTD, RU), Reverse DNS c16w.hoster.ru Software Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141 / Resource Hash Request headers accept-language en-AU,en;q=0.9 Referer http://srv187078.hoster-test.ru/goauv/app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Wed, 01 Mar 2023 03:01:05 GMT X-Cache-Lookup HIT from t0.hoster.ru:6666 Last-Modified Thu, 23 Feb 2023 00:01:44 GMT Server Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141 ETag "12813-5f552b7e0f68a" X-Cache MISS from t0.hoster.ru Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 75795
GET H/1.1	200 OK	login.js.download Show response srv187078.hoster-test.ru/goauv/app/login_files/	2 KB 2 KB	361ms 360ms	Script application/javascript	31.28.24.126 CITYTELECOM-AS Fi...
General Check archive.org Show headers Download Go to Full URL http://srv187078.hoster-test.ru/goauv/app/login_files/login.js.download Requested by Host: srv187078.hoster-test.ru URL: http://srv187078.hoster-test.ru/goauv/app/ Protocol HTTP/1.1 Server 31.28.24.126 , Russian Federation, ASN29076 (CITYTELECOM-AS Filanco LTD, RU), Reverse DNS c16w.hoster.ru Software Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141 / Resource Hash `3398bdeeb65157116e93bdeef72d320cb5d90700b149a62f60ff1dcb2ac8f9a5` Request headers accept-language en-AU,en;q=0.9 Referer http://srv187078.hoster-test.ru/goauv/app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Wed, 01 Mar 2023 03:01:05 GMT X-Cache-Lookup HIT from t0.hoster.ru:6666 Last-Modified Thu, 23 Feb 2023 00:01:44 GMT Server Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141 ETag "618-5f552b7db5900" X-Cache MISS from t0.hoster.ru Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 1560
GET		icon-blugov-info.svg srv187078.hoster-test.ru/goauv/app/icons/	0 0

GET		KFOmCnqEu92Fr1Mu4mxK.woff2 fonts.gstatic.com/s/roboto/v30/	0 0

GET		KFOlCnqEu92Fr1MmWUlfBBc4.woff2 fonts.gstatic.com/s/roboto/v30/	0 0

GET		KFOlCnqEu92Fr1MmEU9fBBc4.woff2 fonts.gstatic.com/s/roboto/v30/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: srv187078.hoster-test.ru
URL: http://srv187078.hoster-test.ru/goauv/app/icons/icon-blugov-info.svg

Domain: fonts.gstatic.com
URL: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Domain: fonts.gstatic.com
URL: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Domain: fonts.gstatic.com
URL: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Australian Government (Government)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			srv187078.hoster-test.ru/	1969-12-31 23:59:59	Name: PHPSESSID Value: hhdc0et3vncsbqf44mdkfgfl27

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cuesco.tk
fonts.gstatic.com
srv187078.hoster-test.ru
fonts.gstatic.com
srv187078.hoster-test.ru
162.241.71.236
31.28.24.126
00b399de3012a5f809a1fb531286f8cdb5e7671e865f0423a0ba0dfffcc8d9c5
3398bdeeb65157116e93bdeef72d320cb5d90700b149a62f60ff1dcb2ac8f9a5
4ec46fad74fd10553f74b5afd6499fba6a2b43e84fe8d2a1aa029457a4d02c9a
551d6fdc92d330f73f7b1b18554fd619d72aa8e883f8192a05f6466049ae58b9
5ad45c3c8b9efc9e5427d60339eb9b65ffa97a501fe111fe373b100393acc405
a8b01f29daa46473d92f0e136310af803eff9f1a473d9e47ca3ea537b87031f5
e4b278f03b15d98341b6b1960e1b1d8c34dbd53cdec867348be0d728317ae756

srv187078.hoster-test.ru Open in urlscan Pro 31.28.24.126 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

15 Requests

7 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

461 kBTransfer

654 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

1 Cookies

Indicators

srv187078.hoster-test.ru Open in urlscan Pro
31.28.24.126 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

7 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

461 kB
Transfer

654 kB
Size

1
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!