cs2.farmin.by Open in urlscan Pro
178.124.194.126 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://cs2.farmin.by/
Submission Tags: phishingrod
Submission: On June 08 via api (June 8th 2023, 6:15:10 am UTC) from DE — Scanned from DE

Summary HTTP 7 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 178.124.194.126, located in Minsk, Belarus and belongs to BELPAK-AS BELPAK, BY. The main domain is cs2.farmin.by.
TLS certificate: Issued by R3 on June 8th 2023. Valid for: 3 months.

This is the only time cs2.farmin.by was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	178.124.194.126 178.124.194.126	6697 (BELPAK-AS...) (BELPAK-AS BELPAK)
2	3.210.241.63 3.210.241.63	14618 (AMAZON-AES) (AMAZON-AES)
7	3

5 178.124.194.126 (Minsk, Belarus)

ASN6697 (BELPAK-AS BELPAK, BY)
PTR: email.farmin.by

cs2.farmin.by	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.210.241.63 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-210-241-63.compute-1.amazonaws.com

validator.swagger.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	farmin.by cs2.farmin.by	1 MB
2	swagger.io validator.swagger.io — Cisco Umbrella Rank: 222874	4 KB
7	2

	Domain	Requested by
5	cs2.farmin.by	cs2.farmin.by
2	validator.swagger.io	cs2.farmin.by
7	2

This site contains links to these domains. Also see Links.

Domain
validator.swagger.io

Subject Issuer	Validity	Valid
cs2.farmin.by R3	`2023-06-08` - `2023-09-06`	3 months	crt.sh
*.swagger.io Amazon RSA 2048 M02	`2023-01-25` - `2024-02-24`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://cs2.farmin.by/
Frame ID: 46647F3ECC2EA281CCD726622E1DBEC1
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

iRetailCloudServer API

Detected technologies

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

1463 kB
Transfer

1477 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://validator.swagger.io/validator/debug?url=https%3A%2F%2Fcs2.farmin.by%2Fswagger.json

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response cs2.farmin.by/	1 KB 996 B	484ms 46ms	Document text/html	178.124.194.126 BELPAK-AS BELPAK
General Check archive.org Show headers Download Go to Full URL https://cs2.farmin.by/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 178.124.194.126 Minsk, Belarus, ASN6697 (BELPAK-AS BELPAK, BY), Reverse DNS email.farmin.by Software nginx/1.10.3 / iRetailCloudServer v3.10.4 Resource Hash `2009fc39bb7ca90bfea736e62edf2ae2b13c3b8b8de26023446cbb5e139d5d79` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control public, max-age=0 Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Thu, 08 Jun 2023 06:15:03 GMT ETag W/"4c2-18856bac1e7" Last-Modified Fri, 26 May 2023 06:24:19 GMT Server nginx/1.10.3 Transfer-Encoding chunked X-Powered-By iRetailCloudServer v3.10.4
GET H/1.1	200 OK	swagger-ui.css cs2.farmin.by/index_files/	150 KB 151 KB	231ms 219ms	Stylesheet text/css	178.124.194.126 BELPAK-AS BELPAK
General Check archive.org Show headers Download Go to Full URL https://cs2.farmin.by/index_files/swagger-ui.css Requested by Host: cs2.farmin.by URL: https://cs2.farmin.by/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 178.124.194.126 Minsk, Belarus, ASN6697 (BELPAK-AS BELPAK, BY), Reverse DNS email.farmin.by Software nginx/1.10.3 / iRetailCloudServer v3.10.4 Resource Hash `9f46553f70440a1dc8b10ef85ecb8912b1efd6544168723a35bd799464882276` Request headers accept-language de-DE,de;q=0.9 Referer https://cs2.farmin.by/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Date Thu, 08 Jun 2023 06:15:03 GMT Last-Modified Fri, 26 May 2023 06:24:20 GMT Server nginx/1.10.3 X-Powered-By iRetailCloudServer v3.10.4 ETag W/"25996-18856bac29f" Content-Type text/css; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 154006
GET H/1.1	200 OK	swagger-ui-bundle.js Show response cs2.farmin.by/index_files/	922 KB 922 KB	310ms 237ms	Script application/javascript	178.124.194.126 BELPAK-AS BELPAK
General Check archive.org Show headers Download Go to Full URL https://cs2.farmin.by/index_files/swagger-ui-bundle.js Requested by Host: cs2.farmin.by URL: https://cs2.farmin.by/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 178.124.194.126 Minsk, Belarus, ASN6697 (BELPAK-AS BELPAK, BY), Reverse DNS email.farmin.by Software nginx/1.10.3 / iRetailCloudServer v3.10.4 Resource Hash `c505277b43e6912c1673c05b139e6252cd1b515eb99e23d3d7084d091959cd78` Request headers accept-language de-DE,de;q=0.9 Referer https://cs2.farmin.by/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Date Thu, 08 Jun 2023 06:15:03 GMT Last-Modified Fri, 26 May 2023 06:24:19 GMT Server nginx/1.10.3 X-Powered-By iRetailCloudServer v3.10.4 ETag W/"e688d-18856bac20f" Content-Type application/javascript; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 944269
GET H/1.1	200 OK	swagger-ui-standalone-preset.js Show response cs2.farmin.by/index_files/	320 KB 320 KB	285ms 203ms	Script application/javascript	178.124.194.126 BELPAK-AS BELPAK
General Check archive.org Show headers Download Go to Full URL https://cs2.farmin.by/index_files/swagger-ui-standalone-preset.js Requested by Host: cs2.farmin.by URL: https://cs2.farmin.by/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 178.124.194.126 Minsk, Belarus, ASN6697 (BELPAK-AS BELPAK, BY), Reverse DNS email.farmin.by Software nginx/1.10.3 / iRetailCloudServer v3.10.4 Resource Hash `9565113cb95319ae21ff0e4aab84d35d8a79c50ac9b9439b24c367e4af362e75` Request headers accept-language de-DE,de;q=0.9 Referer https://cs2.farmin.by/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Date Thu, 08 Jun 2023 06:15:03 GMT Last-Modified Fri, 26 May 2023 06:24:20 GMT Server nginx/1.10.3 X-Powered-By iRetailCloudServer v3.10.4 ETag W/"4fea6-18856bac26f" Content-Type application/javascript; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 327334
GET H/1.1	200 OK	swagger.json Show response cs2.farmin.by/	65 KB 65 KB	124ms 123ms	Fetch application/json	178.124.194.126 BELPAK-AS BELPAK
General Check archive.org Show headers Download Go to Full URL https://cs2.farmin.by/swagger.json Requested by Host: cs2.farmin.by URL: https://cs2.farmin.by/index_files/swagger-ui-bundle.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 178.124.194.126 Minsk, Belarus, ASN6697 (BELPAK-AS BELPAK, BY), Reverse DNS email.farmin.by Software nginx/1.10.3 / iRetailCloudServer v3.10.4 Resource Hash `dbdb0d087f63fc1f1d4618d9f1e2d22516ffc5ff4c9ef6028af1bba931e8bb0e` Request headers Accept application/json,/ Referer https://cs2.farmin.by/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Date Thu, 08 Jun 2023 06:15:04 GMT Last-Modified Fri, 26 May 2023 06:24:20 GMT Server nginx/1.10.3 X-Powered-By iRetailCloudServer v3.10.4 ETag W/"1044e-18856bac2af" Content-Type application/json; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 66638
GET DATA	200 OK	truncated /	15 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `692881516b5727543e5d0e2afe602c1659d1b50d7af857219c33d12913167520` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	validator validator.swagger.io/	2 KB 2 KB	1527ms 1196ms	Image image/png	3.210.241.63 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://validator.swagger.io/validator?url=https%3A%2F%2Fcs2.farmin.by%2Fswagger.json Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.210.241.63 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-210-241-63.compute-1.amazonaws.com Software Jetty(9.4.18.v20190429) / Resource Hash `503516f9cccdbfa57c8ca528d4397cd78ad1a154f4c2a9c2e3ddf944885cfddc` Request headers accept-language de-DE,de;q=0.9 Referer https://cs2.farmin.by/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Thu, 08 Jun 2023 06:15:05 GMT server Jetty(9.4.18.v20190429) access-control-allow-methods GET, POST, DELETE, PUT content-type image/png access-control-allow-origin * access-control-expose-headers Content-Disposition access-control-allow-headers Content-Type, api_key, Authorization content-length 1635
GET DATA	200 OK	truncated /	261 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `74bb6e4d4d9dce03624a54590957e142b49b0467bc617b7cc637f87d6e9d3f9e` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	147 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `575ebc6a2f086b5de60916aa1b65dd785f69143178fc204ef7432db79ee08a50` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf-8
GET H2	200	validator validator.swagger.io/	2 KB 2 KB	976ms 976ms	Image image/png	3.210.241.63 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://validator.swagger.io/validator?url=https%3A%2F%2Fcs2.farmin.by%2Fswagger.json Requested by Host: cs2.farmin.by URL: https://cs2.farmin.by/index_files/swagger-ui-bundle.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.210.241.63 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-210-241-63.compute-1.amazonaws.com Software Jetty(9.4.18.v20190429) / Resource Hash `503516f9cccdbfa57c8ca528d4397cd78ad1a154f4c2a9c2e3ddf944885cfddc` Request headers accept-language de-DE,de;q=0.9 Referer https://cs2.farmin.by/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Thu, 08 Jun 2023 06:15:06 GMT server Jetty(9.4.18.v20190429) access-control-allow-methods GET, POST, DELETE, PUT content-type image/png access-control-allow-origin * access-control-expose-headers Content-Disposition access-control-allow-headers Content-Type, api_key, Authorization content-length 1635

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cs2.farmin.by
validator.swagger.io
178.124.194.126
3.210.241.63
2009fc39bb7ca90bfea736e62edf2ae2b13c3b8b8de26023446cbb5e139d5d79
503516f9cccdbfa57c8ca528d4397cd78ad1a154f4c2a9c2e3ddf944885cfddc
575ebc6a2f086b5de60916aa1b65dd785f69143178fc204ef7432db79ee08a50
692881516b5727543e5d0e2afe602c1659d1b50d7af857219c33d12913167520
74bb6e4d4d9dce03624a54590957e142b49b0467bc617b7cc637f87d6e9d3f9e
9565113cb95319ae21ff0e4aab84d35d8a79c50ac9b9439b24c367e4af362e75
9f46553f70440a1dc8b10ef85ecb8912b1efd6544168723a35bd799464882276
c505277b43e6912c1673c05b139e6252cd1b515eb99e23d3d7084d091959cd78
dbdb0d087f63fc1f1d4618d9f1e2d22516ffc5ff4c9ef6028af1bba931e8bb0e

cs2.farmin.by Open in urlscan Pro 178.124.194.126 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

7 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

1463 kBTransfer

1477 kBSize

0 Cookies

1 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

0 Cookies

Indicators

cs2.farmin.by Open in urlscan Pro
178.124.194.126 Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

1463 kB
Transfer

1477 kB
Size

0
Cookies

7 HTTP transactions
3 data transactions