urlscan.io logo urlscan.io
SecurityTrails logo

h91706qk.beget.tech Open in urlscan Pro
185.50.25.23  Public Scan

Go To Rescan Add Verdict Report
URL: http://h91706qk.beget.tech/login.php
Submission Tags: c2 malware dt-stealer Search All
Submission: On October 23 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 5 HTTP transactions. The main IP is 185.50.25.23, located in Russian Federation and belongs to BEGET-AS, RU. The main domain is h91706qk.beget.tech.
This is the only time h91706qk.beget.tech was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 185.50.25.23 198610 (BEGET-AS)
2 2001:4de0:ac1... 20446 (HIGHWINDS3)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
1 2a04:4e42:1b:... 54113 (FASTLY)
5 4
Domain Requested by
2 stackpath.bootstrapcdn.com h91706qk.beget.tech
1 cdn.jsdelivr.net h91706qk.beget.tech
1 code.jquery.com h91706qk.beget.tech
1 h91706qk.beget.tech
5 4

This site contains links to these domains. Also see Links.

Domain
xss.is
t.me
Subject Issuer Validity Valid
*.bootstrapcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2020-09-22 -
2021-10-12		 a year crt.sh
jquery.org
Sectigo RSA Domain Validation Secure Server CA		 2020-10-06 -
2021-10-16		 a year crt.sh
f3.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2020-10-05 -
2021-04-17		 6 months crt.sh

This page contains 1 frames:

Primary Page: http://h91706qk.beget.tech/login.php
Frame ID: 98E7F5CE09266BEE19C6F1BD9A01CED7
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
  • script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^/]*\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

5
Requests

80 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

72 kB
Transfer

306 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set login.php
h91706qk.beget.tech/ 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://h91706qk.beget.tech/login.php
Protocol
HTTP/1.1
Server
185.50.25.23 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS
m2.free19.beget.com
Software
nginx-reuseport/1.13.4 / PHP/5.6.40
Resource Hash
f972cc7f4b834461024b73b64f68360cd29199f242926cbf5bc246136ec97500

Request headers

Host
h91706qk.beget.tech
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
nginx-reuseport/1.13.4
Date
Fri, 23 Oct 2020 14:45:36 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Keep-Alive
timeout=30
Vary
Accept-Encoding
X-Powered-By
PHP/5.6.40
Set-Cookie
PHPSESSID=7dca6ea80b4d603fae7f243c49bf46c7; path=/
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Content-Encoding
gzip
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/ 		156 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css
Requested by
Host: h91706qk.beget.tech
URL: http://h91706qk.beget.tech/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:2b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
http://h91706qk.beget.tech
Referer
http://h91706qk.beget.tech/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 23 Oct 2020 14:45:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 28 Nov 2019 17:52:46 GMT
status
200
etag
"1574963566"
vary
Accept-Encoding
x-cache
HIT
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
23681
jquery-3.4.1.slim.min.js
code.jquery.com/ 		69 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.4.1.slim.min.js
Requested by
Host: h91706qk.beget.tech
URL: http://h91706qk.beget.tech/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:1b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
a5ab2a00a0439854f8787a0dda775dea5377ef4905886505c938941d6854ee4f

Request headers

Origin
http://h91706qk.beget.tech
Referer
http://h91706qk.beget.tech/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 23 Oct 2020 14:45:36 GMT
content-encoding
gzip
last-modified
Wed, 01 May 2019 21:14:27 GMT
server
nginx
status
200
etag
W/"5cca0c33-1157d"
vary
Accept-Encoding
x-hw
1603464336.dop244.fr8.t,1603464336.cds224.fr8.hc,1603464336.cds260.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
24328
popper.min.js
cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/ 		21 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js
Requested by
Host: h91706qk.beget.tech
URL: http://h91706qk.beget.tech/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c776195ad46333c6c9a9fe3c74502ffea9a02faf122388ea3567922cc65a3060
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Origin
http://h91706qk.beget.tech
Referer
http://h91706qk.beget.tech/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
13208669
x-cache
HIT, HIT
status
200
content-length
7510
etag
W/"5309-YvI45zNIx3656GVCan0bfeI8uy0"
x-served-by
cache-fra19183-FRA, cache-hhn4029-HHN
date
Fri, 23 Oct 2020 14:45:36 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/ 		59 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js
Requested by
Host: h91706qk.beget.tech
URL: http://h91706qk.beget.tech/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:2b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
http://h91706qk.beget.tech
Referer
http://h91706qk.beget.tech/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 23 Oct 2020 14:45:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 28 Nov 2019 17:52:52 GMT
status
200
etag
"1574963572"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
15919

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes function| $ function| jQuery function| Popper object| bootstrap

1 Cookies

Domain/Path Name / Value
h91706qk.beget.tech/ Name: PHPSESSID
Value: 7dca6ea80b4d603fae7f243c49bf46c7