srv208655.hoster-test.ru
Open in
urlscan Pro
31.28.24.131
Malicious Activity!
Public Scan
Effective URL: http://srv208655.hoster-test.ru/CNDPOST/CAD/?id=4932YR-329TR23R
Submission: On February 15 via manual from CA — Scanned from CA
Summary
This is the only time srv208655.hoster-test.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Canada Post (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 79.125.35.253 79.125.35.253 | 16509 (AMAZON-02) (AMAZON-02) | |
2 19 | 31.28.24.131 31.28.24.131 | 29076 (CITYTELEC...) (CITYTELECOM-AS Filanco LTD) | |
2 | 104.18.40.68 104.18.40.68 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 142.251.32.106 142.251.32.106 | 15169 (GOOGLE) (GOOGLE) | |
2 | 142.250.81.227 142.250.81.227 | 15169 (GOOGLE) (GOOGLE) | |
22 | 4 |
ASN16509 (AMAZON-02, US)
PTR: ec2-79-125-35-253.eu-west-1.compute.amazonaws.com
i.mtr.cool |
ASN29076 (CITYTELECOM-AS Filanco LTD, RU)
PTR: c06w.hoster.ru
srv208655.hoster-test.ru |
ASN15169 (GOOGLE, US)
PTR: lga25s77-in-f10.1e100.net
fonts.googleapis.com |
ASN15169 (GOOGLE, US)
PTR: lga25s74-in-f3.1e100.net
fonts.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
hoster-test.ru
2 redirects
srv208655.hoster-test.ru |
508 KB |
2 |
gstatic.com
fonts.gstatic.com |
31 KB |
2 |
fontawesome.com
pro.fontawesome.com — Cisco Umbrella Rank: 6305 |
103 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 48 |
1 KB |
1 |
mtr.cool
1 redirects
i.mtr.cool |
556 B |
22 | 5 |
Domain | Requested by | |
---|---|---|
19 | srv208655.hoster-test.ru |
2 redirects
srv208655.hoster-test.ru
|
2 | fonts.gstatic.com |
fonts.googleapis.com
|
2 | pro.fontawesome.com |
srv208655.hoster-test.ru
pro.fontawesome.com |
1 | fonts.googleapis.com |
srv208655.hoster-test.ru
|
1 | i.mtr.cool | 1 redirects |
22 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.fontawesome.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-12-04 - 2025-01-03 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2024-01-29 - 2024-04-22 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2024-01-29 - 2024-04-22 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://srv208655.hoster-test.ru/CNDPOST/CAD/?id=4932YR-329TR23R
Frame ID: 91BDFA9B0C8961BAEEB72265882E525E
Requests: 22 HTTP requests in this frame
Screenshot
Page Title
Re-Delivery ProcessPage URL History Show full URLs
-
https://i.mtr.cool/QAUKAZPZVJ
HTTP 302
http://srv208655.hoster-test.ru/CNDPOST/ HTTP 302
http://srv208655.hoster-test.ru/CNDPOST/CAD?id=4932YR-329TR23R HTTP 301
http://srv208655.hoster-test.ru/CNDPOST/CAD/?id=4932YR-329TR23R Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Google Font API (Font Scripts) Expand
Detected patterns
- googleapis\.com/.+webfont
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://i.mtr.cool/QAUKAZPZVJ
HTTP 302
http://srv208655.hoster-test.ru/CNDPOST/ HTTP 302
http://srv208655.hoster-test.ru/CNDPOST/CAD?id=4932YR-329TR23R HTTP 301
http://srv208655.hoster-test.ru/CNDPOST/CAD/?id=4932YR-329TR23R Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
srv208655.hoster-test.ru/CNDPOST/CAD/ Redirect Chain
|
10 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.css
srv208655.hoster-test.ru/CNDPOST/CAD/css/ |
188 KB 189 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
test.css
srv208655.hoster-test.ru/CNDPOST/CAD/css/ |
5 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hover.css
srv208655.hoster-test.ru/CNDPOST/CAD/css/ |
112 KB 112 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
html5shiv.min.js
srv208655.hoster-test.ru/CNDPOST/CAD/js/ |
3 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
respond.min.js
srv208655.hoster-test.ru/CNDPOST/CAD/js/ |
4 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.css
pro.fontawesome.com/releases/v5.10.0/css/ |
153 KB 29 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.svg
srv208655.hoster-test.ru/CNDPOST/CAD/image/ |
12 KB 12 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
search.svg
srv208655.hoster-test.ru/CNDPOST/CAD/image/ |
320 B 662 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
menu.png
srv208655.hoster-test.ru/CNDPOST/CAD/image/ |
160 B 567 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-res.png
srv208655.hoster-test.ru/CNDPOST/CAD/image/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
serach-res.png
srv208655.hoster-test.ru/CNDPOST/CAD/image/ |
387 B 795 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
chevron-right.svg
srv208655.hoster-test.ru/CNDPOST/CAD/image/ |
223 B 564 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
feedback.svg
srv208655.hoster-test.ru/CNDPOST/CAD/image/ |
724 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-footer.svg
srv208655.hoster-test.ru/CNDPOST/CAD/image/ |
14 KB 14 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.5.1.min.js
srv208655.hoster-test.ru/CNDPOST/CAD/js/ |
87 KB 88 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.js
srv208655.hoster-test.ru/CNDPOST/CAD/js/ |
61 KB 61 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
test.js
srv208655.hoster-test.ru/CNDPOST/CAD/js/ |
2 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
11 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-brands-400.woff2
pro.fontawesome.com/releases/v5.10.0/webfonts/ |
73 KB 73 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Canada Post (Transportation)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| html5 object| respond function| $ function| jQuery number| uidEvent object| bootstrap4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
i.mtr.cool/ | Name: AWSALB Value: eQepXCIl01fv1mUl/qb3je+oKJAfk90oHDWkH1sRpYFByK9DXXwB03MRfnmFVazH0xNFuyMqY41G9WXQMYyfTxO2en013t+MOkHaRWPTp2NO5lKvrukpxr026+La |
|
i.mtr.cool/ | Name: AWSALBCORS Value: eQepXCIl01fv1mUl/qb3je+oKJAfk90oHDWkH1sRpYFByK9DXXwB03MRfnmFVazH0xNFuyMqY41G9WXQMYyfTxO2en013t+MOkHaRWPTp2NO5lKvrukpxr026+La |
|
i.mtr.cool/ | Name: JSESSIONID Value: C5AFA17D66B32822B99A9FD5598E8974 |
|
srv208655.hoster-test.ru/ | Name: PHPSESSID Value: 7qkaeojcv1sdnek2i927calm7c |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.googleapis.com
fonts.gstatic.com
i.mtr.cool
pro.fontawesome.com
srv208655.hoster-test.ru
104.18.40.68
142.250.81.227
142.251.32.106
31.28.24.131
79.125.35.253
03a811b7e81f930c938141ba6c0a439f59acfe1a3c4a6768b7901741a32b459e
06c513c7ac0a0df108a23ca2a69de080290f08287c951e92c0b5181b4f306dbd
0c159070e198b7ed2a9162d6c9751f5914ff62803914d8512d60b1f5ffde4334
1944a255577a8ed66ae984c6f6356281ff6f29dc84a2af6f1facf258c7dab62e
2909d4fa86cf09191e768576e1a6eab7f2635a2627549c45d29595ffac9c0da9
2af905d92cfd34b5413126a54f639da408166cbbcb54318e413ad5e10b5bf6ec
3228f4cd6fd28ef733c3d98079f3478b1c4cb3338dcd7b95658ba731b817e113
59031fbe9c55f4bb1626065b56161ab7bdd3ae68912586f6f0e9735cc4badb64
5f7333d34ec2936004a11a354ae07b619d895a9ecd500508e179dbf7d6f08c5d
6a50626ef34e5da6014662089f0775c6187d23e5c22379da71203848eac50ee3
6f20f4f3eed36cf7727ce4476a6934467f66c77d644c1a8ecef75181925b931a
79fd1434861a7d75febb173d1fbfbad3b70adaa95f23d196e17e5c49dcec58fc
7d140e2b517d4b83fc062daaf3d1b853ddb93daad13ebab6bc2c654e50de2351
97b6872832f8f9569e6487317c9649121b42d7d47361befdbc5430aec0fceab5
97df3c4148fc3bc7930f5c31b3986f438011ef89fccf1831e0690d0a807a3dfd
acf56f4833ccd8789f66864deae46f9a6efb8625f15b9e5996a00e5634f094e1
dc9cbf19b48bae0d28f72e59e67d6ec34ab1644087ec2e8e42954180d1586b48
e467e89a41e68909313eef448847f3446650158fb5d046295fea70fd7d776b87
f59fb0a6f0a0a1808d7547dff549c86de7b102618527549ff5a3bf28b0df033a
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d