Submitted URL: https://cq65758.tmweb.ru/citadel/cp.php
Effective URL: https://cq65758.tmweb.ru/citadel/cp.php?m=login
Submission Tags: c2 malware zeus Search All
Submission: On January 19 via api from US — Scanned from DE

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 9 HTTP transactions. The main IP is 2a03:6f00:1::bce1:1583, located in Russian Federation and belongs to TIMEWEB-AS, RU. The main domain is cq65758.tmweb.ru.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on April 9th 2021. Valid for: a year.
This is the only time cq65758.tmweb.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 10 2a03:6f00:1::... 9123 (TIMEWEB-AS)
9 1
Apex Domain
Subdomains
Transfer
10 tmweb.ru
cq65758.tmweb.ru
91 KB
9 1
Domain Requested by
10 cq65758.tmweb.ru 1 redirects cq65758.tmweb.ru
9 1

This site contains no links.

Subject Issuer Validity Valid
*.tmweb.ru
Sectigo RSA Domain Validation Secure Server CA
2021-04-09 -
2022-04-09
a year crt.sh

This page contains 1 frames:

Primary Page: https://cq65758.tmweb.ru/citadel/cp.php?m=login
Frame ID: 6C3D3676515B8F12AA7F210B97E996DA
Requests: 9 HTTP requests in this frame

Screenshot

Page Title

login

Page URL History Show full URLs

  1. https://cq65758.tmweb.ru/citadel/cp.php HTTP 302
    https://cq65758.tmweb.ru/citadel/cp.php?m=login Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

91 kB
Transfer

191 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://cq65758.tmweb.ru/citadel/cp.php HTTP 302
    https://cq65758.tmweb.ru/citadel/cp.php?m=login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request cp.php
cq65758.tmweb.ru/citadel/
Redirect Chain
  • https://cq65758.tmweb.ru/citadel/cp.php
  • https://cq65758.tmweb.ru/citadel/cp.php?m=login
1 KB
947 B
Document
General
Full URL
https://cq65758.tmweb.ru/citadel/cp.php?m=login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:6f00:1::bce1:1583 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
af47ec90f9b69ce21c23de705be61f809bdfb30c5d9b6675466fd21f4b07b48d

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

server
nginx/1.20.1
date
Wed, 19 Jan 2022 20:00:33 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-store, no-cache, must-revalidate, max-age=0, pre-check=0, post-check=0
pragma
no-cache
content-encoding
gzip

Redirect headers

server
nginx/1.20.1
date
Wed, 19 Jan 2022 20:00:33 GMT
content-type
text/html; charset=utf-8
content-length
0
location
cp.php?m=login
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
jquery-1.7.1.min.js
cq65758.tmweb.ru/citadel/theme/js/
92 KB
33 KB
Script
General
Full URL
https://cq65758.tmweb.ru/citadel/theme/js/jquery-1.7.1.min.js
Requested by
Host: cq65758.tmweb.ru
URL: https://cq65758.tmweb.ru/citadel/cp.php?m=login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:6f00:1::bce1:1583 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cq65758.tmweb.ru/citadel/cp.php?m=login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 20:00:33 GMT
content-encoding
gzip
last-modified
Sun, 16 Jan 2022 16:46:56 GMT
server
nginx/1.20.1
etag
W/"61e44c00-16eac"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=2678400
expires
Sat, 19 Feb 2022 20:00:33 GMT
dextend.js
cq65758.tmweb.ru/citadel/theme/js/
14 KB
5 KB
Script
General
Full URL
https://cq65758.tmweb.ru/citadel/theme/js/dextend.js
Requested by
Host: cq65758.tmweb.ru
URL: https://cq65758.tmweb.ru/citadel/cp.php?m=login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:6f00:1::bce1:1583 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
821a960b83b33d12699b09645f2ec2089fa67c1011991920354f52ee16506034

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cq65758.tmweb.ru/citadel/cp.php?m=login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 20:00:33 GMT
content-encoding
gzip
last-modified
Sun, 16 Jan 2022 16:46:56 GMT
server
nginx/1.20.1
etag
W/"61e44c00-372e"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=2678400
expires
Sat, 19 Feb 2022 20:00:33 GMT
jlog.js
cq65758.tmweb.ru/citadel/theme/js/
4 KB
2 KB
Script
General
Full URL
https://cq65758.tmweb.ru/citadel/theme/js/jlog.js
Requested by
Host: cq65758.tmweb.ru
URL: https://cq65758.tmweb.ru/citadel/cp.php?m=login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:6f00:1::bce1:1583 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
ee20cb766cc1545980cda13ac285adff8e67fd50d025bb42537e2f8f11ae3edb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cq65758.tmweb.ru/citadel/cp.php?m=login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 20:00:33 GMT
content-encoding
gzip
last-modified
Sun, 16 Jan 2022 16:46:55 GMT
server
nginx/1.20.1
etag
W/"61e44bff-e6d"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=2678400
expires
Sat, 19 Feb 2022 20:00:33 GMT
global.js
cq65758.tmweb.ru/citadel/theme/js/
2 KB
1 KB
Script
General
Full URL
https://cq65758.tmweb.ru/citadel/theme/js/global.js
Requested by
Host: cq65758.tmweb.ru
URL: https://cq65758.tmweb.ru/citadel/cp.php?m=login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:6f00:1::bce1:1583 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
08998d065afb373ff5a40443f2866abf3a58434978ed815254ddd0706df3f995

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cq65758.tmweb.ru/citadel/cp.php?m=login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 20:00:33 GMT
content-encoding
gzip
last-modified
Sun, 16 Jan 2022 16:46:55 GMT
server
nginx/1.20.1
etag
W/"61e44bff-740"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=2678400
expires
Sat, 19 Feb 2022 20:00:33 GMT
ajax_forms.js
cq65758.tmweb.ru/citadel/theme/js/
4 KB
2 KB
Script
General
Full URL
https://cq65758.tmweb.ru/citadel/theme/js/ajax_forms.js
Requested by
Host: cq65758.tmweb.ru
URL: https://cq65758.tmweb.ru/citadel/cp.php?m=login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:6f00:1::bce1:1583 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
ed38eb5c96a41148c89428e2d9219dbe4e036845a58089f1dbe7bf496eccc5d4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cq65758.tmweb.ru/citadel/cp.php?m=login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 20:00:33 GMT
content-encoding
gzip
last-modified
Sun, 16 Jan 2022 16:46:56 GMT
server
nginx/1.20.1
etag
W/"61e44c00-1045"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=2678400
expires
Sat, 19 Feb 2022 20:00:33 GMT
style.css
cq65758.tmweb.ru/citadel/theme/
33 KB
6 KB
Stylesheet
General
Full URL
https://cq65758.tmweb.ru/citadel/theme/style.css
Requested by
Host: cq65758.tmweb.ru
URL: https://cq65758.tmweb.ru/citadel/cp.php?m=login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:6f00:1::bce1:1583 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
8033539d78cce6b59bc1897cdb4fa3e53ed879b74d3c9dd87d54083b15494c61

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cq65758.tmweb.ru/citadel/cp.php?m=login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 20:00:33 GMT
content-encoding
gzip
last-modified
Sun, 16 Jan 2022 16:46:47 GMT
server
nginx/1.20.1
etag
W/"61e44bf7-8496"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2678400
expires
Sat, 19 Feb 2022 20:00:33 GMT
back-all.jpg
cq65758.tmweb.ru/citadel/theme/images/
41 KB
41 KB
Image
General
Full URL
https://cq65758.tmweb.ru/citadel/theme/images/back-all.jpg
Requested by
Host: cq65758.tmweb.ru
URL: https://cq65758.tmweb.ru/citadel/theme/style.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:6f00:1::bce1:1583 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
a97bec0c9b519763e6fb3c66c4632c39005f11fdb945e5483cc7831105de9775

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cq65758.tmweb.ru/citadel/theme/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 20:00:33 GMT
last-modified
Sun, 16 Jan 2022 16:46:49 GMT
server
nginx/1.20.1
etag
"61e44bf9-a33a"
content-type
image/jpeg
cache-control
max-age=2678400
accept-ranges
bytes
content-length
41786
expires
Sat, 19 Feb 2022 20:00:33 GMT
back-header.jpg
cq65758.tmweb.ru/citadel/theme/images/
736 B
915 B
Image
General
Full URL
https://cq65758.tmweb.ru/citadel/theme/images/back-header.jpg
Requested by
Host: cq65758.tmweb.ru
URL: https://cq65758.tmweb.ru/citadel/theme/style.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:6f00:1::bce1:1583 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
1962e3f49a989313252c5dd3bcf8b6aed69dcccb1ad1ec0245d7ea3c746fdaae

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cq65758.tmweb.ru/citadel/theme/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 20:00:33 GMT
last-modified
Sun, 16 Jan 2022 16:46:48 GMT
server
nginx/1.20.1
etag
"61e44bf8-2e0"
content-type
image/jpeg
cache-control
max-age=2678400
accept-ranges
bytes
content-length
736
expires
Sat, 19 Feb 2022 20:00:33 GMT

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery undefined| n undefined| C undefined| p undefined| r undefined| $styles function| AJAXcontextMenu function| phpAppend function| js_form_feeder function| FormNice

1 Cookies

Domain/Path Name / Value
cq65758.tmweb.ru/citadel Name: ref
Value: d190f2076bd04d248e366033c4614216