URL: http://cq65758.tmweb.ru/citadel/cp.php?m=login
Submission Tags: c2 malware zeus Search All
Submission: On January 22 via api from US — Scanned from DE

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 9 HTTP transactions. The main IP is 2a03:6f00:1::bce1:1583, located in Russian Federation and belongs to TIMEWEB-AS, RU. The main domain is cq65758.tmweb.ru.
This is the only time cq65758.tmweb.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
9 2a03:6f00:1::... 9123 (TIMEWEB-AS)
9 1
Apex Domain
Subdomains
Transfer
9 tmweb.ru
cq65758.tmweb.ru
92 KB
9 1
Domain Requested by
9 cq65758.tmweb.ru cq65758.tmweb.ru
9 1

This site contains no links.

Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://cq65758.tmweb.ru/citadel/cp.php?m=login
Frame ID: 6F7122D9C887A1497A5972AD95EBC373
Requests: 9 HTTP requests in this frame

Screenshot

Page Title

login

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

0 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

92 kB
Transfer

191 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request cp.php
cq65758.tmweb.ru/citadel/
1 KB
1 KB
Document
General
Full URL
http://cq65758.tmweb.ru/citadel/cp.php?m=login
Protocol
HTTP/1.1
Server
2a03:6f00:1::bce1:1583 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
af47ec90f9b69ce21c23de705be61f809bdfb30c5d9b6675466fd21f4b07b48d

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Server
nginx/1.20.1
Date
Sat, 22 Jan 2022 17:28:34 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Expires
Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, max-age=0, pre-check=0, post-check=0
Pragma
no-cache
Content-Encoding
gzip
jquery-1.7.1.min.js
cq65758.tmweb.ru/citadel/theme/js/
92 KB
33 KB
Script
General
Full URL
http://cq65758.tmweb.ru/citadel/theme/js/jquery-1.7.1.min.js
Requested by
Host: cq65758.tmweb.ru
URL: http://cq65758.tmweb.ru/citadel/cp.php?m=login
Protocol
HTTP/1.1
Server
2a03:6f00:1::bce1:1583 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://cq65758.tmweb.ru/citadel/cp.php?m=login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Sat, 22 Jan 2022 17:28:34 GMT
Content-Encoding
gzip
Last-Modified
Sun, 16 Jan 2022 16:46:56 GMT
Server
nginx/1.20.1
ETag
W/"61e44c00-16eac"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=2678400
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Tue, 22 Feb 2022 17:28:34 GMT
dextend.js
cq65758.tmweb.ru/citadel/theme/js/
14 KB
5 KB
Script
General
Full URL
http://cq65758.tmweb.ru/citadel/theme/js/dextend.js
Requested by
Host: cq65758.tmweb.ru
URL: http://cq65758.tmweb.ru/citadel/cp.php?m=login
Protocol
HTTP/1.1
Server
2a03:6f00:1::bce1:1583 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
821a960b83b33d12699b09645f2ec2089fa67c1011991920354f52ee16506034

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://cq65758.tmweb.ru/citadel/cp.php?m=login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Sat, 22 Jan 2022 17:28:34 GMT
Content-Encoding
gzip
Last-Modified
Sun, 16 Jan 2022 16:46:56 GMT
Server
nginx/1.20.1
ETag
W/"61e44c00-372e"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=2678400
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Tue, 22 Feb 2022 17:28:34 GMT
jlog.js
cq65758.tmweb.ru/citadel/theme/js/
4 KB
2 KB
Script
General
Full URL
http://cq65758.tmweb.ru/citadel/theme/js/jlog.js
Requested by
Host: cq65758.tmweb.ru
URL: http://cq65758.tmweb.ru/citadel/cp.php?m=login
Protocol
HTTP/1.1
Server
2a03:6f00:1::bce1:1583 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
ee20cb766cc1545980cda13ac285adff8e67fd50d025bb42537e2f8f11ae3edb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://cq65758.tmweb.ru/citadel/cp.php?m=login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Sat, 22 Jan 2022 17:28:34 GMT
Content-Encoding
gzip
Last-Modified
Sun, 16 Jan 2022 16:46:55 GMT
Server
nginx/1.20.1
ETag
W/"61e44bff-e6d"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=2678400
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Tue, 22 Feb 2022 17:28:34 GMT
global.js
cq65758.tmweb.ru/citadel/theme/js/
2 KB
1 KB
Script
General
Full URL
http://cq65758.tmweb.ru/citadel/theme/js/global.js
Requested by
Host: cq65758.tmweb.ru
URL: http://cq65758.tmweb.ru/citadel/cp.php?m=login
Protocol
HTTP/1.1
Server
2a03:6f00:1::bce1:1583 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
08998d065afb373ff5a40443f2866abf3a58434978ed815254ddd0706df3f995

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://cq65758.tmweb.ru/citadel/cp.php?m=login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Sat, 22 Jan 2022 17:28:34 GMT
Content-Encoding
gzip
Last-Modified
Sun, 16 Jan 2022 16:46:55 GMT
Server
nginx/1.20.1
ETag
W/"61e44bff-740"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=2678400
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Tue, 22 Feb 2022 17:28:34 GMT
ajax_forms.js
cq65758.tmweb.ru/citadel/theme/js/
4 KB
2 KB
Script
General
Full URL
http://cq65758.tmweb.ru/citadel/theme/js/ajax_forms.js
Requested by
Host: cq65758.tmweb.ru
URL: http://cq65758.tmweb.ru/citadel/cp.php?m=login
Protocol
HTTP/1.1
Server
2a03:6f00:1::bce1:1583 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
ed38eb5c96a41148c89428e2d9219dbe4e036845a58089f1dbe7bf496eccc5d4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://cq65758.tmweb.ru/citadel/cp.php?m=login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Sat, 22 Jan 2022 17:28:34 GMT
Content-Encoding
gzip
Last-Modified
Sun, 16 Jan 2022 16:46:56 GMT
Server
nginx/1.20.1
ETag
W/"61e44c00-1045"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=2678400
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Tue, 22 Feb 2022 17:28:34 GMT
style.css
cq65758.tmweb.ru/citadel/theme/
33 KB
7 KB
Stylesheet
General
Full URL
http://cq65758.tmweb.ru/citadel/theme/style.css
Requested by
Host: cq65758.tmweb.ru
URL: http://cq65758.tmweb.ru/citadel/cp.php?m=login
Protocol
HTTP/1.1
Server
2a03:6f00:1::bce1:1583 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
8033539d78cce6b59bc1897cdb4fa3e53ed879b74d3c9dd87d54083b15494c61

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://cq65758.tmweb.ru/citadel/cp.php?m=login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Sat, 22 Jan 2022 17:28:34 GMT
Content-Encoding
gzip
Last-Modified
Sun, 16 Jan 2022 16:46:47 GMT
Server
nginx/1.20.1
ETag
W/"61e44bf7-8496"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=2678400
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Tue, 22 Feb 2022 17:28:34 GMT
back-all.jpg
cq65758.tmweb.ru/citadel/theme/images/
41 KB
41 KB
Image
General
Full URL
http://cq65758.tmweb.ru/citadel/theme/images/back-all.jpg
Requested by
Host: cq65758.tmweb.ru
URL: http://cq65758.tmweb.ru/citadel/theme/style.css
Protocol
HTTP/1.1
Server
2a03:6f00:1::bce1:1583 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
a97bec0c9b519763e6fb3c66c4632c39005f11fdb945e5483cc7831105de9775

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://cq65758.tmweb.ru/citadel/theme/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Sat, 22 Jan 2022 17:28:34 GMT
Last-Modified
Sun, 16 Jan 2022 16:46:49 GMT
Server
nginx/1.20.1
ETag
"61e44bf9-a33a"
Content-Type
image/jpeg
Cache-Control
max-age=2678400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
41786
Expires
Tue, 22 Feb 2022 17:28:34 GMT
back-header.jpg
cq65758.tmweb.ru/citadel/theme/images/
736 B
1 KB
Image
General
Full URL
http://cq65758.tmweb.ru/citadel/theme/images/back-header.jpg
Requested by
Host: cq65758.tmweb.ru
URL: http://cq65758.tmweb.ru/citadel/theme/style.css
Protocol
HTTP/1.1
Server
2a03:6f00:1::bce1:1583 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
1962e3f49a989313252c5dd3bcf8b6aed69dcccb1ad1ec0245d7ea3c746fdaae

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://cq65758.tmweb.ru/citadel/theme/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Sat, 22 Jan 2022 17:28:34 GMT
Last-Modified
Sun, 16 Jan 2022 16:46:48 GMT
Server
nginx/1.20.1
ETag
"61e44bf8-2e0"
Content-Type
image/jpeg
Cache-Control
max-age=2678400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
736
Expires
Tue, 22 Feb 2022 17:28:34 GMT

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery undefined| n undefined| C undefined| p undefined| r undefined| $styles function| AJAXcontextMenu function| phpAppend function| js_form_feeder function| FormNice

1 Cookies

Domain/Path Name / Value
cq65758.tmweb.ru/citadel Name: ref
Value: 76b89d0032c330a6e291c82b3230f6e0