Submitted URL: http://www.shevruh.com.ua
Effective URL: http://185.143.221.14/index.php?utm_c=clickun&utm_=land&network=g57&source=3678&affid=9675&siteid=8456&adid=32&c=380
Submission: On November 07 via automatic , source urlhaus

Summary

This website contacted 2 IPs in 3 countries across 4 domains to perform 2 HTTP transactions.
The main IP is 185.143.221.14, located in United Kingdom and belongs to SELECTEL, RU. The main domain is 185.143.221.14.
This is the first time this domain was scanned on urlscan.io!

Verdict: Malicious (Score: 10/100) Show Details

  • urlscan - Score: 0
  • urlhaus - Score: 10 (URL submitted from urlhaus) -
    phishing

Domain & IP information

IP Address AS Autonomous System
1 1 193.0.61.97 57167 (CITYHOST-AS)
1 1 134.249.116.78 15895 (KSNET-AS)
1 185.143.221.14 49505 (SELECTEL)
1 199.193.73.42 27257 (WEBAIR-IN...)
2 2
Domain
Subdomains
Transfer
1 hibids10.com
515 B
1 221.14
982 B
1 116.78
419 B
1 shevruh.com.ua
311 B
2 4
Domain Requested by
1 www.hibids10.com 185.143.221.14
1 185.143.221.14
1 134.249.116.78 1 redirects
1 www.shevruh.com.ua 1 redirects
2 4

This site contains links to these domains. Also see Links.

Domain
terraclicks.com
Subject / Issuer Validity Valid
hibids10.com
Let's Encrypt Authority X3
2018-11-02 -
2019-01-31
3 months

Screenshot


Detected technologies

Web
Overall confidence: 100%
Detected patterns
  • headers server /php\/?([\d.]+)?/i

Web
Overall confidence: 100%
Detected patterns
  • headers server /Win32|Win64/i

Web
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i


Stats

0
Requests

0
Ad-blocked

0
Malicious

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

0
IPs

0
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

2 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Cookie set index.php?utm_c=clickun&utm_=land&network=g57&source=3678&affid=9675&siteid=8456&adid=32&c=380

Redirect Chain
  • http://www.shevruh.com.ua/
  • http://134.249.116.78/index.php
  • http://185.143.221.14/index.php?utm_c=clickun&utm_=land&network=g57&source=3678&affid=9675&siteid=8456&adid=32&c=380
699 B
982 B
Document
General
Full URL
http://185.143.221.14/index.php?utm_c=clickun&utm_=land&network=g57&source=3678&affid=9675&siteid=8456&adid=32&c=380
Protocol
HTTP/1.1
Server
185.143.221.14 , United Kingdom, ASN49505 (SELECTEL, RU),
Reverse DNS
Software
Apache/2.4.34 (Win32) PHP/7.2.10 / PHP/7.2.10
Resource Hash
3307845497270b5f0b01f2d653d1402820d2fb323dc2812d7ac17cd16758e06d

Request headers

Host
185.143.221.14
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Wed, 07 Nov 2018 15:35:32 GMT
Server
Apache/2.4.34 (Win32) PHP/7.2.10
X-Powered-By
PHP/7.2.10
Set-Cookie
__cfbuid=1; expires=Sat, 10-Nov-2018 15:35:32 GMT; Max-Age=259200
Content-Length
699
Connection
close
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Wed, 07 Nov 2018 15:35:32 GMT
Server
Apache/2.4.34 (Win32) PHP/7.2.10
X-Powered-By
PHP/7.2.10
Set-Cookie
__cfguid=1; expires=Wed, 07-Nov-2018 21:33:52 GMT; Max-Age=21500; path=/
Location
http://185.143.221.14/index.php?utm_c=clickun&utm_=land&network=g57&source=3678&affid=9675&siteid=8456&adid=32&c=380
Content-Length
0
Connection
close
Content-Type
text/html; charset=UTF-8
Adblocked Cookie set watch?key=7d54252789920db9b4985c857ac11077
www.hibids10.com
103 B
515 B
Document
General
Full URL
https://www.hibids10.com/watch?key=7d54252789920db9b4985c857ac11077
Requested by
Host: 185.143.221.14
URL: http://185.143.221.14/index.php?utm_c=clickun&utm_=land&network=g57&source=3678&affid=9675&siteid=8456&adid=32&c=380
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.193.73.42 Garden City, United States, ASN27257 (WEBAIR-INTERNET - Webair Internet Development Company Inc., US),
Reverse DNS
wall.billionevacuation.com
Software
nginx/1.15.1 /
Resource Hash
ab030a8588ef9530d38a74d9e14b36ccdd792323af6352d4d5da9d19b9b95341
Blocked
Source: easylist, Type: ads (This would have been blocked)
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubdomains

Request headers

Host
www.hibids10.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://185.143.221.14/index.php?utm_c=clickun&utm_=land&network=g57&source=3678&affid=9675&siteid=8456&adid=32&c=380
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://185.143.221.14/index.php?utm_c=clickun&utm_=land&network=g57&source=3678&affid=9675&siteid=8456&adid=32&c=380

Response headers

Server
nginx/1.15.1
Date
Wed, 07 Nov 2018 15:35:18 GMT
Content-Type
text/html
Content-Length
103
Connection
keep-alive
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie
u_pl=14388590; expires=Thu, 08 Nov 2018 15:35:34 GMT
Expires
Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control
no-cache
Strict-Transport-Security
max-age=0; includeSubdomains

Redirect requests

There were HTTP redirects (301, 302) for the following requests:

Request 0
  • http://www.shevruh.com.ua/
  • http://134.249.116.78/index.php
  • http://185.143.221.14/index.php?utm_c=clickun&utm_=land&network=g57&source=3678&affid=9675&siteid=8456&adid=32&c=380

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Domain/Path Name / Value
www.hibids10.com/ Name: u_pl
Value: 14388590

Indicators of compromise (IoCs)

This is a term in the security industry to describe indicators around an attack. This includes IPs, hashes, domains, etc.

134.249.116.78
185.143.221.14
www.hibids10.com
www.shevruh.com.ua


134.249.116.78
185.143.221.14
193.0.61.97
199.193.73.42

3307845497270b5f0b01f2d653d1402820d2fb323dc2812d7ac17cd16758e06d
ab030a8588ef9530d38a74d9e14b36ccdd792323af6352d4d5da9d19b9b95341