cq65758.tmweb.ru
Open in
urlscan Pro
2a03:6f00:1::bce1:1583
Public Scan
Effective URL: https://cq65758.tmweb.ru/citadel/cp.php?m=login
Submission Tags: c2 malware zeus Search All
Submission: On January 19 via api from US — Scanned from DE
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on April 9th 2021. Valid for: a year.
This is the only time cq65758.tmweb.ru was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 10 | 2a03:6f00:1::... 2a03:6f00:1::bce1:1583 | 9123 (TIMEWEB-AS) (TIMEWEB-AS) | |
9 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
tmweb.ru
1 redirects
cq65758.tmweb.ru |
91 KB |
9 | 1 |
Domain | Requested by | |
---|---|---|
10 | cq65758.tmweb.ru |
1 redirects
cq65758.tmweb.ru
|
9 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.tmweb.ru Sectigo RSA Domain Validation Secure Server CA |
2021-04-09 - 2022-04-09 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://cq65758.tmweb.ru/citadel/cp.php?m=login
Frame ID: 6C3D3676515B8F12AA7F210B97E996DA
Requests: 9 HTTP requests in this frame
Screenshot
Page Title
loginPage URL History Show full URLs
-
https://cq65758.tmweb.ru/citadel/cp.php
HTTP 302
https://cq65758.tmweb.ru/citadel/cp.php?m=login Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://cq65758.tmweb.ru/citadel/cp.php
HTTP 302
https://cq65758.tmweb.ru/citadel/cp.php?m=login Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
cp.php
cq65758.tmweb.ru/citadel/ Redirect Chain
|
1 KB 947 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.7.1.min.js
cq65758.tmweb.ru/citadel/theme/js/ |
92 KB 33 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dextend.js
cq65758.tmweb.ru/citadel/theme/js/ |
14 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jlog.js
cq65758.tmweb.ru/citadel/theme/js/ |
4 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
global.js
cq65758.tmweb.ru/citadel/theme/js/ |
2 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ajax_forms.js
cq65758.tmweb.ru/citadel/theme/js/ |
4 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
cq65758.tmweb.ru/citadel/theme/ |
33 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
back-all.jpg
cq65758.tmweb.ru/citadel/theme/images/ |
41 KB 41 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
back-header.jpg
cq65758.tmweb.ru/citadel/theme/images/ |
736 B 915 B |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery undefined| n undefined| C undefined| p undefined| r undefined| $styles function| AJAXcontextMenu function| phpAppend function| js_form_feeder function| FormNice1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
cq65758.tmweb.ru/citadel | Name: ref Value: d190f2076bd04d248e366033c4614216 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cq65758.tmweb.ru
2a03:6f00:1::bce1:1583
08998d065afb373ff5a40443f2866abf3a58434978ed815254ddd0706df3f995
1962e3f49a989313252c5dd3bcf8b6aed69dcccb1ad1ec0245d7ea3c746fdaae
8033539d78cce6b59bc1897cdb4fa3e53ed879b74d3c9dd87d54083b15494c61
821a960b83b33d12699b09645f2ec2089fa67c1011991920354f52ee16506034
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
a97bec0c9b519763e6fb3c66c4632c39005f11fdb945e5483cc7831105de9775
af47ec90f9b69ce21c23de705be61f809bdfb30c5d9b6675466fd21f4b07b48d
ed38eb5c96a41148c89428e2d9219dbe4e036845a58089f1dbe7bf496eccc5d4
ee20cb766cc1545980cda13ac285adff8e67fd50d025bb42537e2f8f11ae3edb