mulqueenpu.temp.swtest.ru Open in urlscan Pro
77.222.40.109 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/login.php
Effective URL:
http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174
Submission: On October 17 via automatic, source openphish (October 17th 2021, 1:10:12 pm UTC) — Scanned from DE

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 13 HTTP transactions. The main IP is 77.222.40.109, located in Russian Federation and belongs to SWEB-AS, RU. The main domain is mulqueenpu.temp.swtest.ru.

This is the only time mulqueenpu.temp.swtest.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online) Generic (Online)

Domain & IP information

	IP Address		AS Autonomous System
1 14	77.222.40.109 77.222.40.109		44112 (SWEB-AS) (SWEB-AS)
13	1

14 77.222.40.109 (Russian Federation) 1 redirects

ASN44112 (SWEB-AS, RU)
PTR: vh286.sweb.ru

mulqueenpu.temp.swtest.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	swtest.ru 1 redirects mulqueenpu.temp.swtest.ru	47 KB
13	1

	Domain	Requested by
14	mulqueenpu.temp.swtest.ru	1 redirects mulqueenpu.temp.swtest.ru
13	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174
Frame ID: 4ED99F2B7619DA256782AA211B5CBBA6
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Netflix

Page URL History Show full URLs

http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/login.php HTTP 302
http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

47 kB
Transfer

93 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/login.php HTTP 302
http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request payment.php Show response mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/ Redirect Chain http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/login.php http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174	3 KB 2 KB	109ms 109ms	Document text/html	77.222.40.109 SWEB-AS
General Check archive.org Show headers Download Go to Full URL http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 Protocol HTTP/1.1 Server 77.222.40.109 , Russian Federation, ASN44112 (SWEB-AS, RU), Reverse DNS vh286.sweb.ru Software nginx/1.19.1 / PHP/7.4.16 Resource Hash `e86d840145192f938da3365fc934444e5322448ccbad689b87a8aa3844e3ffca` Request headers Host mulqueenpu.temp.swtest.ru Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Server nginx/1.19.1 Date Sun, 17 Oct 2021 13:10:08 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Keep-Alive timeout=10 Vary Accept-Encoding X-Powered-By PHP/7.4.16 Content-Encoding gzip Redirect headers Server nginx/1.19.1 Date Sun, 17 Oct 2021 13:10:08 GMT Content-Type text/html; charset=UTF-8 Content-Length 0 Connection keep-alive Keep-Alive timeout=10 X-Powered-By PHP/7.4.16 Location payment.php?ip=216.131.111.174
GET H/1.1	200 OK	style.css mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/css/	21 KB 4 KB	65ms 65ms	Stylesheet text/css	77.222.40.109 SWEB-AS
General Check archive.org Show headers Download Go to Full URL http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/css/style.css Requested by Host: mulqueenpu.temp.swtest.ru URL: http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 Protocol HTTP/1.1 Server 77.222.40.109 , Russian Federation, ASN44112 (SWEB-AS, RU), Reverse DNS vh286.sweb.ru Software nginx/1.19.1 / Resource Hash `2f085a84cb00b9b35b5125231a1accae74aba455992b2b21c28380345ba52c53` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host mulqueenpu.temp.swtest.ru Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept text/css,/;q=0.1 Referer http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 Connection keep-alive Cache-Control no-cache Accept-Language de-DE,de;q=0.9 Referer http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Sun, 17 Oct 2021 13:10:08 GMT Content-Encoding gzip Last-Modified Sat, 16 Oct 2021 20:28:31 GMT Server nginx/1.19.1 ETag W/"532adda-5283-5ce7e27bf4f9a" Vary Accept-Encoding Content-Type text/css Transfer-Encoding chunked Connection keep-alive Keep-Alive timeout=10
GET H/1.1	200 OK	app.css mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/css/	2 KB 990 B	131ms 68ms	Stylesheet text/css	77.222.40.109 SWEB-AS
General Check archive.org Show headers Download Go to Full URL http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/css/app.css Requested by Host: mulqueenpu.temp.swtest.ru URL: http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 Protocol HTTP/1.1 Server 77.222.40.109 , Russian Federation, ASN44112 (SWEB-AS, RU), Reverse DNS vh286.sweb.ru Software nginx/1.19.1 / Resource Hash `5efb393cf10db7ee157dcd3109179e7619633c7e8d17c5ab3eab1ea1278f6dd1` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host mulqueenpu.temp.swtest.ru Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept text/css,/;q=0.1 Referer http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 Connection keep-alive Cache-Control no-cache Accept-Language de-DE,de;q=0.9 Referer http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Sun, 17 Oct 2021 13:10:08 GMT Content-Encoding gzip Last-Modified Sat, 16 Oct 2021 20:28:31 GMT Server nginx/1.19.1 ETag W/"532addc-9e2-5ce7e27bf4f9a" Vary Accept-Encoding Content-Type text/css Transfer-Encoding chunked Connection keep-alive Keep-Alive timeout=10
GET H/1.1	200 OK	jquery.min.js Show response mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/js/	46 KB 16 KB	133ms 70ms	Script application/x-javascript	77.222.40.109 SWEB-AS
General Check archive.org Show headers Download Go to Full URL http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/js/jquery.min.js Requested by Host: mulqueenpu.temp.swtest.ru URL: http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 Protocol HTTP/1.1 Server 77.222.40.109 , Russian Federation, ASN44112 (SWEB-AS, RU), Reverse DNS vh286.sweb.ru Software nginx/1.19.1 / Resource Hash `3780b25f4b2c77adce09a6d3c5c850b4e77aebd6d844e102ee841e1c47490339` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host mulqueenpu.temp.swtest.ru Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept / Referer http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 Connection keep-alive Cache-Control no-cache Accept-Language de-DE,de;q=0.9 Referer http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Sun, 17 Oct 2021 13:10:08 GMT Content-Encoding gzip Last-Modified Sat, 16 Oct 2021 20:28:31 GMT Server nginx/1.19.1 ETag W/"532add7-b651-5ce7e27bf4bb2" Vary Accept-Encoding Content-Type application/x-javascript Transfer-Encoding chunked Connection keep-alive Keep-Alive timeout=10
GET H/1.1	200 OK	Lock.png mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/img/	3 KB 4 KB	68ms 68ms	Image image/png	77.222.40.109 SWEB-AS
General Check archive.org Show headers Download Go to Show image Full URL http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/img/Lock.png Requested by Host: mulqueenpu.temp.swtest.ru URL: http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 Protocol HTTP/1.1 Server 77.222.40.109 , Russian Federation, ASN44112 (SWEB-AS, RU), Reverse DNS vh286.sweb.ru Software nginx/1.19.1 / Resource Hash `a309d09926f567f4415df64e618f32fabd75c49108667fd6021f7765d7193a4f` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host mulqueenpu.temp.swtest.ru Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 Referer* http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 Connection keep-alive Cache-Control no-cache Accept-Language de-DE,de;q=0.9 Referer http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Sun, 17 Oct 2021 13:10:08 GMT Last-Modified Sat, 16 Oct 2021 20:28:31 GMT Server nginx/1.19.1 ETag "532adf7-ddb-5ce7e27bf6322" Content-Type image/png Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=10 Content-Length 3547
GET H/1.1	200 OK	txt.png mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/img/	3 KB 3 KB	68ms 68ms	Image image/png	77.222.40.109 SWEB-AS
General Check archive.org Show headers Download Go to Show image Full URL http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/img/txt.png Requested by Host: mulqueenpu.temp.swtest.ru URL: http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 Protocol HTTP/1.1 Server 77.222.40.109 , Russian Federation, ASN44112 (SWEB-AS, RU), Reverse DNS vh286.sweb.ru Software nginx/1.19.1 / Resource Hash `f1ceab51050efddd325f4ea97a2c76503543ff961f2697b2af5a0fc01efed102` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host mulqueenpu.temp.swtest.ru Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 Referer* http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 Connection keep-alive Cache-Control no-cache Accept-Language de-DE,de;q=0.9 Referer http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Sun, 17 Oct 2021 13:10:08 GMT Last-Modified Sat, 16 Oct 2021 20:28:31 GMT Server nginx/1.19.1 ETag "532ae05-ae1-5ce7e27bf6af2" Content-Type image/png Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=10 Content-Length 2785
GET H/1.1	200 OK	v.png mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/img/	2 KB 2 KB	70ms 70ms	Image image/png	77.222.40.109 SWEB-AS
General Check archive.org Show headers Download Go to Show image Full URL http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/img/v.png Requested by Host: mulqueenpu.temp.swtest.ru URL: http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 Protocol HTTP/1.1 Server 77.222.40.109 , Russian Federation, ASN44112 (SWEB-AS, RU), Reverse DNS vh286.sweb.ru Software nginx/1.19.1 / Resource Hash `7334c16dc04df9eef7152086d519c011301cdbf891aacff4dd28db3d09d32e42` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host mulqueenpu.temp.swtest.ru Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 Referer* http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 Connection keep-alive Cache-Control no-cache Accept-Language de-DE,de;q=0.9 Referer http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Sun, 17 Oct 2021 13:10:08 GMT Last-Modified Sat, 16 Oct 2021 20:28:31 GMT Server nginx/1.19.1 ETag "532ae09-79b-5ce7e27bf6af2" Content-Type image/png Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=10 Content-Length 1947
GET H/1.1	200 OK	m.png mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/img/	5 KB 5 KB	65ms 64ms	Image image/png	77.222.40.109 SWEB-AS
General Check archive.org Show headers Download Go to Show image Full URL http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/img/m.png Requested by Host: mulqueenpu.temp.swtest.ru URL: http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 Protocol HTTP/1.1 Server 77.222.40.109 , Russian Federation, ASN44112 (SWEB-AS, RU), Reverse DNS vh286.sweb.ru Software nginx/1.19.1 / Resource Hash `ed120beb869dfaf483128601dca83072784b5c8dfca4a54a2cb37f6409498832` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host mulqueenpu.temp.swtest.ru Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 Referer* http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 Connection keep-alive Cache-Control no-cache Accept-Language de-DE,de;q=0.9 Referer http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Sun, 17 Oct 2021 13:10:08 GMT Last-Modified Sat, 16 Oct 2021 20:28:31 GMT Server nginx/1.19.1 ETag "532adf8-121f-5ce7e27bf6322" Content-Type image/png Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=10 Content-Length 4639
GET H/1.1	200 OK	a.png mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/img/	2 KB 2 KB	133ms 70ms	Image image/png	77.222.40.109 SWEB-AS
General Check archive.org Show headers Download Go to Show image Full URL http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/img/a.png Requested by Host: mulqueenpu.temp.swtest.ru URL: http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 Protocol HTTP/1.1 Server 77.222.40.109 , Russian Federation, ASN44112 (SWEB-AS, RU), Reverse DNS vh286.sweb.ru Software nginx/1.19.1 / Resource Hash `8ecdaac15d3a735629ac94ec194ea046e3387e8fb5315e043b093725bf21591a` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host mulqueenpu.temp.swtest.ru Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 Referer* http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 Connection keep-alive Cache-Control no-cache Accept-Language de-DE,de;q=0.9 Referer http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Sun, 17 Oct 2021 13:10:08 GMT Last-Modified Sat, 16 Oct 2021 20:28:31 GMT Server nginx/1.19.1 ETag "532ae06-625-5ce7e27bf6af2" Content-Type image/png Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=10 Content-Length 1573
GET H/1.1	200 OK	chevron.png mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/img/	371 B 646 B	130ms 64ms	Image image/png	77.222.40.109 SWEB-AS
General Check archive.org Show headers Download Go to Show image Full URL http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/img/chevron.png Requested by Host: mulqueenpu.temp.swtest.ru URL: http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 Protocol HTTP/1.1 Server 77.222.40.109 , Russian Federation, ASN44112 (SWEB-AS, RU), Reverse DNS vh286.sweb.ru Software nginx/1.19.1 / Resource Hash `29eda3eb85da8b88e4435c5cb04000678a39c13c71595f614a6b770b2026859d` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host mulqueenpu.temp.swtest.ru Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 Referer* http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 Connection keep-alive Cache-Control no-cache Accept-Language de-DE,de;q=0.9 Referer http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Sun, 17 Oct 2021 13:10:08 GMT Last-Modified Sat, 16 Oct 2021 20:28:31 GMT Server nginx/1.19.1 ETag "532adfb-173-5ce7e27bf6322" Content-Type image/png Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=10 Content-Length 371
GET H/1.1	200 OK	txt2.png mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/img/	1 KB 2 KB	135ms 68ms	Image image/png	77.222.40.109 SWEB-AS
General Check archive.org Show headers Download Go to Show image Full URL http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/img/txt2.png Requested by Host: mulqueenpu.temp.swtest.ru URL: http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 Protocol HTTP/1.1 Server 77.222.40.109 , Russian Federation, ASN44112 (SWEB-AS, RU), Reverse DNS vh286.sweb.ru Software nginx/1.19.1 / Resource Hash `2074a270575e4247f91003dc60bcb6be1cbcd885b43ee8858aea5ccbaec5c908` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host mulqueenpu.temp.swtest.ru Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 Referer* http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 Connection keep-alive Cache-Control no-cache Accept-Language de-DE,de;q=0.9 Referer http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Sun, 17 Oct 2021 13:10:08 GMT Last-Modified Sat, 16 Oct 2021 20:28:31 GMT Server nginx/1.19.1 ETag "532adf2-503-5ce7e27bf6322" Content-Type image/png Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=10 Content-Length 1283
GET H/1.1	200 OK	p.png mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/img/	5 KB 5 KB	108ms 64ms	Image image/png	77.222.40.109 SWEB-AS
General Check archive.org Show headers Download Go to Show image Full URL http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/img/p.png Requested by Host: mulqueenpu.temp.swtest.ru URL: http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 Protocol HTTP/1.1 Server 77.222.40.109 , Russian Federation, ASN44112 (SWEB-AS, RU), Reverse DNS vh286.sweb.ru Software nginx/1.19.1 / Resource Hash `f878f94a441977a2a0ec43492ea6a7c6910cfc773b38d2d71eb917e63ff8db98` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host mulqueenpu.temp.swtest.ru Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 Referer* http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 Connection keep-alive Cache-Control no-cache Accept-Language de-DE,de;q=0.9 Referer http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Sun, 17 Oct 2021 13:10:08 GMT Last-Modified Sat, 16 Oct 2021 20:28:31 GMT Server nginx/1.19.1 ETag "532ae07-12e1-5ce7e27bf6af2" Content-Type image/png Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=10 Content-Length 4833
GET H/1.1	200 OK	glob2.png mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/img/	825 B 1 KB	112ms 66ms	Image image/png	77.222.40.109 SWEB-AS
General Check archive.org Show headers Download Go to Show image Full URL http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/img/glob2.png Requested by Host: mulqueenpu.temp.swtest.ru URL: http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 Protocol HTTP/1.1 Server 77.222.40.109 , Russian Federation, ASN44112 (SWEB-AS, RU), Reverse DNS vh286.sweb.ru Software nginx/1.19.1 / Resource Hash `a22997becdc01dd9f52924cba04a2772a30412dfa265bad33bcb76d3f549a49b` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host mulqueenpu.temp.swtest.ru Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 Referer* http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 Connection keep-alive Cache-Control no-cache Accept-Language de-DE,de;q=0.9 Referer http://mulqueenpu.temp.swtest.ru/N546diiler/N546/039242398597/payment.php?ip=216.131.111.174 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Sun, 17 Oct 2021 13:10:08 GMT Last-Modified Sat, 16 Oct 2021 20:28:31 GMT Server nginx/1.19.1 ETag "532adff-339-5ce7e27bf670a" Content-Type image/png Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=10 Content-Length 825

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online) Generic (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

mulqueenpu.temp.swtest.ru
77.222.40.109
2074a270575e4247f91003dc60bcb6be1cbcd885b43ee8858aea5ccbaec5c908
29eda3eb85da8b88e4435c5cb04000678a39c13c71595f614a6b770b2026859d
2f085a84cb00b9b35b5125231a1accae74aba455992b2b21c28380345ba52c53
3780b25f4b2c77adce09a6d3c5c850b4e77aebd6d844e102ee841e1c47490339
5efb393cf10db7ee157dcd3109179e7619633c7e8d17c5ab3eab1ea1278f6dd1
7334c16dc04df9eef7152086d519c011301cdbf891aacff4dd28db3d09d32e42
8ecdaac15d3a735629ac94ec194ea046e3387e8fb5315e043b093725bf21591a
a22997becdc01dd9f52924cba04a2772a30412dfa265bad33bcb76d3f549a49b
a309d09926f567f4415df64e618f32fabd75c49108667fd6021f7765d7193a4f
e86d840145192f938da3365fc934444e5322448ccbad689b87a8aa3844e3ffca
ed120beb869dfaf483128601dca83072784b5c8dfca4a54a2cb37f6409498832
f1ceab51050efddd325f4ea97a2c76503543ff961f2697b2af5a0fc01efed102
f878f94a441977a2a0ec43492ea6a7c6910cfc773b38d2d71eb917e63ff8db98

mulqueenpu.temp.swtest.ru Open in urlscan Pro 77.222.40.109 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

47 kBTransfer

93 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Indicators

mulqueenpu.temp.swtest.ru Open in urlscan Pro
77.222.40.109 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

47 kB
Transfer

93 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!