zt-bus.ru - urlscan.io

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 4 HTTP transactions. The main IP is 2a00:f940:2:2:1:5:0:69, located in Russian Federation and belongs to AS-REG, RU. The main domain is zt-bus.ru.
TLS certificate: Issued by GlobalSign RSA DV SSL CA 2018 on October 13th 2019. Valid for: a year.

This is the only time zt-bus.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	173.254.15.199 173.254.15.199	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer)
2 3	31.31.196.116 31.31.196.116	197695 (AS-REG) (AS-REG)
3 4	2a00:f940:2:2... 2a00:f940:2:2:1:5:0:69	197695 (AS-REG) (AS-REG)
4	3

1 173.254.15.199 (Provo, United States) 1 redirects

ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: 173-254-15-199.unifiedlayer.com

tbcawana.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 31.31.196.116 (Russian Federation) 2 redirects

ASN197695 (AS-REG, RU)
PTR: spl69.hosting.reg.ru

dvsber.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:f940:2:2:1:5:0:69 (Russian Federation) 3 redirects

ASN197695 (AS-REG, RU)

zt-bus.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	zt-bus.ru 3 redirects zt-bus.ru	1 KB
3	dvsber.ru 2 redirects dvsber.ru	966 B
1	tbcawana.org 1 redirects tbcawana.org	263 B
4	3

	Domain	Requested by
4	zt-bus.ru	3 redirects
3	dvsber.ru	2 redirects
1	tbcawana.org	1 redirects
4	3

This site contains no links.

Subject Issuer	Validity	Valid
www.zt-bus.ru GlobalSign RSA DV SSL CA 2018	`2019-10-13` - `2020-10-13`	a year	crt.sh

This page contains 1 frames:

Frame: https://zt-bus.ru/components/com_contact/models/Support-Account/52f8e3601dfcb86f863f537355422263/secureaccount.php?country.x=&locale.x=_&customer.x=ID-PA$1$y.zMmhHO$9onknI1bpasQe6Qu3LUsF/&safety=3ajOzF32R0Sf9dMU7f86cnV0fquPDhW74ZJ6oTg244QIYGEwlp6b9yf7413d6e6kNfev0ib5320d5rBxCKcAbXmsL4atH4
Frame ID: 173633E52535477C735231E812D50B92
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://tbcawana.org/TBC_AWANA/fed-admin/ HTTP 302
http://dvsber.ru/modules/mod_ariimageslidersa/KRENK3N453/ HTTP 302
http://dvsber.ru/modules/mod_ariimageslidersa/KRENK3N453/cfca2e6837954b8d76c78eb26cc8ab88 HTTP 301
http://dvsber.ru/modules/mod_ariimageslidersa/KRENK3N453/cfca2e6837954b8d76c78eb26cc8ab88/ Page URL
https://zt-bus.ru/components/com_contact/models/Support-Account/ HTTP 302
https://zt-bus.ru/components/com_contact/models/Support-Account/XYSDIRX.php HTTP 302
https://zt-bus.ru/components/com_contact/models/Support-Account/52f8e3601dfcb86f863f537355422263 HTTP 301
https://zt-bus.ru/components/com_contact/models/Support-Account/52f8e3601dfcb86f863f537355422263/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

4
Requests

25 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

1 kB
Transfer

0 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://tbcawana.org/TBC_AWANA/fed-admin/ HTTP 302
http://dvsber.ru/modules/mod_ariimageslidersa/KRENK3N453/ HTTP 302
http://dvsber.ru/modules/mod_ariimageslidersa/KRENK3N453/cfca2e6837954b8d76c78eb26cc8ab88 HTTP 301
http://dvsber.ru/modules/mod_ariimageslidersa/KRENK3N453/cfca2e6837954b8d76c78eb26cc8ab88/ Page URL
https://zt-bus.ru/components/com_contact/models/Support-Account/ HTTP 302
https://zt-bus.ru/components/com_contact/models/Support-Account/XYSDIRX.php HTTP 302
https://zt-bus.ru/components/com_contact/models/Support-Account/52f8e3601dfcb86f863f537355422263 HTTP 301
https://zt-bus.ru/components/com_contact/models/Support-Account/52f8e3601dfcb86f863f537355422263/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://tbcawana.org/TBC_AWANA/fed-admin/ HTTP 302
http://dvsber.ru/modules/mod_ariimageslidersa/KRENK3N453/ HTTP 302
http://dvsber.ru/modules/mod_ariimageslidersa/KRENK3N453/cfca2e6837954b8d76c78eb26cc8ab88 HTTP 301
http://dvsber.ru/modules/mod_ariimageslidersa/KRENK3N453/cfca2e6837954b8d76c78eb26cc8ab88/

4 HTTP transactions
-1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response dvsber.ru/modules/mod_ariimageslidersa/KRENK3N453/cfca2e6837954b8d76c78eb26cc8ab88/ Redirect Chain http://tbcawana.org/TBC_AWANA/fed-admin/ http://dvsber.ru/modules/mod_ariimageslidersa/KRENK3N453/ http://dvsber.ru/modules/mod_ariimageslidersa/KRENK3N453/cfca2e6837954b8d76c78eb26cc8ab88 http://dvsber.ru/modules/mod_ariimageslidersa/KRENK3N453/cfca2e6837954b8d76c78eb26cc8ab88/	148 B 425 B	62ms 61ms	Document text/html	31.31.196.116 AS-REG
General Check archive.org Show headers Download Go to Full URL http://dvsber.ru/modules/mod_ariimageslidersa/KRENK3N453/cfca2e6837954b8d76c78eb26cc8ab88/ Protocol HTTP/1.1 Server 31.31.196.116 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS spl69.hosting.reg.ru Software nginx / PHP/5.6.36 PleskLin Resource Hash `6a622db339b30416dc6c5c684f1f3dc37274bb5c6e4df002298c5d7fcc897523` Request headers Host dvsber.ru Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Server nginx Date Wed, 23 Oct 2019 19:37:25 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Vary Accept-Encoding X-Powered-By PHP/5.6.36 PleskLin Content-Encoding gzip Redirect headers Server nginx Date Wed, 23 Oct 2019 19:37:25 GMT Content-Type text/html; charset=iso-8859-1 Content-Length 357 Connection keep-alive Location http://dvsber.ru/modules/mod_ariimageslidersa/KRENK3N453/cfca2e6837954b8d76c78eb26cc8ab88/
GET H2	200	Primary Request / Show response zt-bus.ru/components/com_contact/models/Support-Account/52f8e3601dfcb86f863f537355422263/ Redirect Chain https://zt-bus.ru/components/com_contact/models/Support-Account/ https://zt-bus.ru/components/com_contact/models/Support-Account/XYSDIRX.php https://zt-bus.ru/components/com_contact/models/Support-Account/52f8e3601dfcb86f863f537355422263 https://zt-bus.ru/components/com_contact/models/Support-Account/52f8e3601dfcb86f863f537355422263/	279 B 499 B	325ms 323ms	Document text/html	2a00:f940:2:2:1:5:0:69 AS-REG
General Check archive.org Show headers Download Go to Full URL https://zt-bus.ru/components/com_contact/models/Support-Account/52f8e3601dfcb86f863f537355422263/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a00:f940:2:2:1:5:0:69 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / PHP/5.6.36 PleskLin Resource Hash `2c9f4a2e83791d0b3db11541242bb614868352fd41c6627b7926ee0df1f5daad` Request headers :method GET :authority zt-bus.ru :scheme https :path /components/com_contact/models/Support-Account/52f8e3601dfcb86f863f537355422263/ pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 sec-fetch-mode navigate accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 sec-fetch-site cross-site referer http://dvsber.ru/modules/mod_ariimageslidersa/KRENK3N453/cfca2e6837954b8d76c78eb26cc8ab88/ accept-encoding gzip, deflate, br cookie PHPSESSID=82d4ceb16573fe7b0183a3f68f401ef8 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Mode navigate Referer http://dvsber.ru/modules/mod_ariimageslidersa/KRENK3N453/cfca2e6837954b8d76c78eb26cc8ab88/ Response headers status 200 server nginx date Wed, 23 Oct 2019 19:37:27 GMT content-type text/html; charset=UTF-8 vary Accept-Encoding x-powered-by PHP/5.6.36 PleskLin expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma no-cache content-encoding gzip Redirect headers status 301 server nginx date Wed, 23 Oct 2019 19:37:26 GMT content-type text/html; charset=iso-8859-1 content-length 365 location https://zt-bus.ru/components/com_contact/models/Support-Account/52f8e3601dfcb86f863f537355422263/
GET		secureaccount.php zt-bus.ru/components/com_contact/models/Support-Account/52f8e3601dfcb86f863f537355422263/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: zt-bus.ru
URL: https://zt-bus.ru/components/com_contact/models/Support-Account/52f8e3601dfcb86f863f537355422263/secureaccount.php?country.x=&locale.x=_&customer.x=ID-PA$1$y.zMmhHO$9onknI1bpasQe6Qu3LUsF/&safety=3ajOzF32R0Sf9dMU7f86cnV0fquPDhW74ZJ6oTg244QIYGEwlp6b9yf7413d6e6kNfev0ib5320d5rBxCKcAbXmsL4atH4

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			zt-bus.ru/	1969-12-31 23:59:59	Name: PHPSESSID Value: 82d4ceb16573fe7b0183a3f68f401ef8

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dvsber.ru
tbcawana.org
zt-bus.ru
zt-bus.ru
173.254.15.199
2a00:f940:2:2:1:5:0:69
31.31.196.116
2c9f4a2e83791d0b3db11541242bb614868352fd41c6627b7926ee0df1f5daad
6a622db339b30416dc6c5c684f1f3dc37274bb5c6e4df002298c5d7fcc897523
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

zt-bus.ru Open in urlscan Pro 2a00:f940:2:2:1:5:0:69 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

4 Requests

25 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

1 kBTransfer

0 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all -1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

1 Cookies

Indicators

zt-bus.ru Open in urlscan Pro
2a00:f940:2:2:1:5:0:69 Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

25 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

1 kB
Transfer

0 kB
Size

1
Cookies

4 HTTP transactions
-1 data transactions