ukst.ml Open in urlscan Pro
2606:4700:3035::6815:3483 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://ukst.ml/verify_dv/
Effective URL:
https://ukst.ml/verify_dv/logon.htm?6mfOdXrmse4qL4czbI1gZe3jqS3BNMNAwHpnOrYGJ208KOoiTbpZzjowWUvrz5aQrgwjclK2TMOn...
Submission: On August 19 via manual (August 19th 2021, 10:11:34 pm UTC) from US

Summary HTTP 8 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 2606:4700:3035::6815:3483, located in United States and belongs to CLOUDFLARENET, US. The main domain is ukst.ml.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 19th 2021. Valid for: a year.

This is the only time ukst.ml was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: US Government (Government)

Domain & IP information

	IP Address		AS Autonomous System
8	2606:4700:303... 2606:4700:3035::6815:3483		13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	1

8 2606:4700:3035::6815:3483 (United States)

ASN13335 (CLOUDFLARENET, US)

ukst.ml	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	ukst.ml ukst.ml	89 KB
8	1

	Domain	Requested by
8	ukst.ml	ukst.ml
8	1

This site contains links to these domains. Also see Links.

Domain
www.uimn.org
www1.uimn.org

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-08-19` - `2022-08-18`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://ukst.ml/verify_dv/logon.htm?6mfOdXrmse4qL4czbI1gZe3jqS3BNMNAwHpnOrYGJ208KOoiTbpZzjowWUvrz5aQrgwjclK2TMOnTO2FAWVMfRgReRIbOmakJ86KbNMsfzYB6S6baVCD5JkIGxNYWdpD5VM12
Frame ID: 1E67E78EFA48DBACD5BAB038CB2F13C7
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Applicant login

Page URL History Show full URLs

https://ukst.ml/verify_dv/ Page URL
https://ukst.ml/verify_dv/logon.htm?6mfOdXrmse4qL4czbI1gZe3jqS3BNMNAwHpnOrYGJ208KOoiTbpZzjow... Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

8
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

89 kB
Transfer

111 kB
Size

0
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: http://www.uimn.org/applicants
Title: Information For Applicants

Search URL Search Domain Scan URL

URL: http://www.uimn.org/assets/HowToApplyForUI_tcm1068-193561.pdf
Title: How to Apply

Search URL Search Domain Scan URL

URL: http://www.uimn.org/applicants/help-support/info-handbook/info-handbook-intro.jsp
Title: Information Handbook

Search URL Search Domain Scan URL

URL: http://www.uimn.org/applicants/videos/
Title: Video Library

Search URL Search Domain Scan URL

URL: http://www.uimn.org/applicants/contact-us/
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www1.uimn.org/ui_applicant/staticcontent/Accessibility_Statement.htm
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://www1.uimn.org/ui_applicant/staticcontent/PrivacyStatement.htm
Title: Privacy and security

Search URL Search Domain Scan URL

URL: https://www1.uimn.org/ui_applicant/staticcontent/prelim_Web_Page_Settings_Generic.html
Title: System requirements

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ukst.ml/verify_dv/ Page URL
https://ukst.ml/verify_dv/logon.htm?6mfOdXrmse4qL4czbI1gZe3jqS3BNMNAwHpnOrYGJ208KOoiTbpZzjowWUvrz5aQrgwjclK2TMOnTO2FAWVMfRgReRIbOmakJ86KbNMsfzYB6S6baVCD5JkIGxNYWdpD5VM12 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ ukst.ml/verify_dv/	350 B 814 B	731ms 706ms	Document text/html	2606:4700:3035::6815:3483 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ukst.ml/verify_dv/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6815:3483 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers :method GET :authority ukst.ml :scheme https :path /verify_dv/ pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 19 Aug 2021 22:11:15 GMT content-type text/html last-modified Mon, 21 Jun 2021 01:11:12 GMT cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sr9wYkHRj8OYsYXx3mVcAMNxxK9W3R4g%2FoM81IWN9Upoj9SxkaZc3YkKYUAclmSZOjtkj7mh8BM9tEz86z%2FTJ6HYwWWcksFEjVVeg5YKF82h5lxwOnobrmV2yxQ2HP9d%2Bafwbt%2Fm"}],"group":"cf-nel","max_age":604800} nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 6816b76fbd504a62-FRA content-encoding br alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
GET H3-29	200	Primary Request logon.htm Show response ukst.ml/verify_dv/	20 KB 4 KB	721ms 707ms	Document text/html	2606:4700:3035::6815:3483 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ukst.ml/verify_dv/logon.htm?6mfOdXrmse4qL4czbI1gZe3jqS3BNMNAwHpnOrYGJ208KOoiTbpZzjowWUvrz5aQrgwjclK2TMOnTO2FAWVMfRgReRIbOmakJ86KbNMsfzYB6S6baVCD5JkIGxNYWdpD5VM12 Requested by Host: ukst.ml URL: https://ukst.ml/verify_dv/ Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:3483 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `83569296c94620ca2271f183c75ea865b84a3526458c4e6529b4ff6539305790` Request headers :method GET :authority ukst.ml :scheme https :path /verify_dv/logon.htm?6mfOdXrmse4qL4czbI1gZe3jqS3BNMNAwHpnOrYGJ208KOoiTbpZzjowWUvrz5aQrgwjclK2TMOnTO2FAWVMfRgReRIbOmakJ86KbNMsfzYB6S6baVCD5JkIGxNYWdpD5VM12 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site same-origin sec-fetch-mode navigate sec-fetch-dest document referer https://ukst.ml/verify_dv/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://ukst.ml/verify_dv/ Response headers date Thu, 19 Aug 2021 22:11:15 GMT content-type text/html last-modified Mon, 21 Jun 2021 01:11:22 GMT cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=foGSmPS9aJu%2BcE3s3pCWzHNjcXTO7629Awwx37PLxKJ3HDaYBVdXCVIROA6xNSs8DpQRF2zcDwamtZyxrt0U2iKX4DgvbDux0axt6GfIwkjCPz9CkKm3Cs%2FzPVMpg9KIoLwjxa86"}],"group":"cf-nel","max_age":604800} nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 6816b77448ea96bc-FRA content-encoding br alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
GET H3-29	200	ui.css ukst.ml/verify_dv/gif/	12 KB 3 KB	932ms 931ms	Stylesheet text/css	2606:4700:3035::6815:3483 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ukst.ml/verify_dv/gif/ui.css Requested by Host: ukst.ml URL: https://ukst.ml/verify_dv/logon.htm?6mfOdXrmse4qL4czbI1gZe3jqS3BNMNAwHpnOrYGJ208KOoiTbpZzjowWUvrz5aQrgwjclK2TMOnTO2FAWVMfRgReRIbOmakJ86KbNMsfzYB6S6baVCD5JkIGxNYWdpD5VM12 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:3483 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ff937f7f106247fac1e6ebba6d664bea1ada57ed49a4ad25561a9bc4928ff273` Request headers :path /verify_dv/gif/ui.css pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept text/css,/;q=0.1 cache-control no-cache sec-fetch-dest style :authority ukst.ml referer https://ukst.ml/verify_dv/logon.htm?6mfOdXrmse4qL4czbI1gZe3jqS3BNMNAwHpnOrYGJ208KOoiTbpZzjowWUvrz5aQrgwjclK2TMOnTO2FAWVMfRgReRIbOmakJ86KbNMsfzYB6S6baVCD5JkIGxNYWdpD5VM12 :scheme https sec-fetch-site same-origin :method GET Referer https://ukst.ml/verify_dv/logon.htm?6mfOdXrmse4qL4czbI1gZe3jqS3BNMNAwHpnOrYGJ208KOoiTbpZzjowWUvrz5aQrgwjclK2TMOnTO2FAWVMfRgReRIbOmakJ86KbNMsfzYB6S6baVCD5JkIGxNYWdpD5VM12 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 19 Aug 2021 22:11:16 GMT content-encoding br cf-cache-status MISS last-modified Mon, 21 Jun 2021 00:49:34 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YIgOfxIZZtxgjmmnR4aFOZ5g7i%2BdmPPtt3nYyL2hQCK5gXbG90ICBJ1pFsQcXaNNoNWvFeQ3LzemTS7DkVaOhUd%2Bs4eIUKPqJ1IdA2kKYIWa%2Fgp3ts62WY7vzHujtmzFpE6Acrkm"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6816b778ca2196bc-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
GET H3-29	200	spacer.gif ukst.ml/verify_dv/gif/	43 B 603 B	706ms 706ms	Image image/gif	2606:4700:3035::6815:3483 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://ukst.ml/verify_dv/gif/spacer.gif Requested by Host: ukst.ml URL: https://ukst.ml/verify_dv/logon.htm?6mfOdXrmse4qL4czbI1gZe3jqS3BNMNAwHpnOrYGJ208KOoiTbpZzjowWUvrz5aQrgwjclK2TMOnTO2FAWVMfRgReRIbOmakJ86KbNMsfzYB6S6baVCD5JkIGxNYWdpD5VM12 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:3483 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7` Request headers :path /verify_dv/gif/spacer.gif pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority ukst.ml referer https://ukst.ml/verify_dv/logon.htm?6mfOdXrmse4qL4czbI1gZe3jqS3BNMNAwHpnOrYGJ208KOoiTbpZzjowWUvrz5aQrgwjclK2TMOnTO2FAWVMfRgReRIbOmakJ86KbNMsfzYB6S6baVCD5JkIGxNYWdpD5VM12 :scheme https sec-fetch-site same-origin :method GET Referer https://ukst.ml/verify_dv/logon.htm?6mfOdXrmse4qL4czbI1gZe3jqS3BNMNAwHpnOrYGJ208KOoiTbpZzjowWUvrz5aQrgwjclK2TMOnTO2FAWVMfRgReRIbOmakJ86KbNMsfzYB6S6baVCD5JkIGxNYWdpD5VM12 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 19 Aug 2021 22:11:16 GMT cf-cache-status MISS last-modified Mon, 21 Jun 2021 00:49:34 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dIJclHlXUZp1ZPF%2B5Rx6HUdYCxl83QuX0TETVdsm%2BE106W1zysMP3I%2BO%2BNY5Yb8pCC4wXsUkm3lbNYelncCHK6zPtRw8Ks3qF6EVviOYro8coyu8TTCF0CZJ1i4uJ2T%2FPXSFqZDn"}],"group":"cf-nel","max_age":604800} content-type image/gif cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 6816b778ca2296bc-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 content-length 43
GET H3-29	200	Unemployment%20Insurance%20Logo%20RGB-websites-projects.png ukst.ml/verify_dv/gif/	77 KB 78 KB	1153ms 1153ms	Image image/png	2606:4700:3035::6815:3483 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://ukst.ml/verify_dv/gif/Unemployment%20Insurance%20Logo%20RGB-websites-projects.png Requested by Host: ukst.ml URL: https://ukst.ml/verify_dv/logon.htm?6mfOdXrmse4qL4czbI1gZe3jqS3BNMNAwHpnOrYGJ208KOoiTbpZzjowWUvrz5aQrgwjclK2TMOnTO2FAWVMfRgReRIbOmakJ86KbNMsfzYB6S6baVCD5JkIGxNYWdpD5VM12 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:3483 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `402df36267c7dd63cd0180cf618c6002668ff2f2268415fd4195925952d53268` Request headers :path /verify_dv/gif/Unemployment%20Insurance%20Logo%20RGB-websites-projects.png pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority ukst.ml referer https://ukst.ml/verify_dv/logon.htm?6mfOdXrmse4qL4czbI1gZe3jqS3BNMNAwHpnOrYGJ208KOoiTbpZzjowWUvrz5aQrgwjclK2TMOnTO2FAWVMfRgReRIbOmakJ86KbNMsfzYB6S6baVCD5JkIGxNYWdpD5VM12 :scheme https sec-fetch-site same-origin :method GET Referer https://ukst.ml/verify_dv/logon.htm?6mfOdXrmse4qL4czbI1gZe3jqS3BNMNAwHpnOrYGJ208KOoiTbpZzjowWUvrz5aQrgwjclK2TMOnTO2FAWVMfRgReRIbOmakJ86KbNMsfzYB6S6baVCD5JkIGxNYWdpD5VM12 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 19 Aug 2021 22:11:17 GMT cf-cache-status MISS last-modified Mon, 21 Jun 2021 00:49:34 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4fmAwBICP0%2FlVIW6NLSRpRO2Ro6fiXZAU1Q4Az6Mz3HPnY%2FGFtMCN6rq6T8AJuoKOjRh2VGkN9U2eHRwxcmcfzNVB5F8JoSgR4szW7%2BMilcPYfb9zKfB%2Bijuj0e20lONwcv0TCps"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 6816b778ca2396bc-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 content-length 78822
GET H3-29	404	spacer.gif ukst.ml/verify_dv/	315 B 315 B	706ms 706ms	Image text/html	2606:4700:3035::6815:3483 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://ukst.ml/verify_dv/spacer.gif Requested by Host: ukst.ml URL: https://ukst.ml/verify_dv/logon.htm?6mfOdXrmse4qL4czbI1gZe3jqS3BNMNAwHpnOrYGJ208KOoiTbpZzjowWUvrz5aQrgwjclK2TMOnTO2FAWVMfRgReRIbOmakJ86KbNMsfzYB6S6baVCD5JkIGxNYWdpD5VM12 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:3483 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3` Request headers :path /verify_dv/spacer.gif pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority ukst.ml referer https://ukst.ml/verify_dv/logon.htm?6mfOdXrmse4qL4czbI1gZe3jqS3BNMNAwHpnOrYGJ208KOoiTbpZzjowWUvrz5aQrgwjclK2TMOnTO2FAWVMfRgReRIbOmakJ86KbNMsfzYB6S6baVCD5JkIGxNYWdpD5VM12 :scheme https sec-fetch-site same-origin :method GET Referer https://ukst.ml/verify_dv/logon.htm?6mfOdXrmse4qL4czbI1gZe3jqS3BNMNAwHpnOrYGJ208KOoiTbpZzjowWUvrz5aQrgwjclK2TMOnTO2FAWVMfRgReRIbOmakJ86KbNMsfzYB6S6baVCD5JkIGxNYWdpD5VM12 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 19 Aug 2021 22:11:16 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=USmXr3KSo5hsI75swC6onsNCfl1Sm9zAlD7cRTi%2B5%2FZvQjW6VldevsH12Xziym4KLpbCEFsvuYcEOo9%2BFr1kgVIVlJw%2FRNK7OOrp6jeca5Ewmspxi%2FcI27hfArSpjPXi5XS%2BYfdv"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 6816b778ca2496bc-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
GET H3-29	200	b_start.gif ukst.ml/verify_dv/gif/	856 B 1 KB	704ms 704ms	Image image/gif	2606:4700:3035::6815:3483 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://ukst.ml/verify_dv/gif/b_start.gif Requested by Host: ukst.ml URL: https://ukst.ml/verify_dv/logon.htm?6mfOdXrmse4qL4czbI1gZe3jqS3BNMNAwHpnOrYGJ208KOoiTbpZzjowWUvrz5aQrgwjclK2TMOnTO2FAWVMfRgReRIbOmakJ86KbNMsfzYB6S6baVCD5JkIGxNYWdpD5VM12 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:3483 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f3ca101abe3776929aa7723f2bcb2174c1e3a21d38fd8e3528906ae16161eb43` Request headers :path /verify_dv/gif/b_start.gif pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority ukst.ml referer https://ukst.ml/verify_dv/logon.htm?6mfOdXrmse4qL4czbI1gZe3jqS3BNMNAwHpnOrYGJ208KOoiTbpZzjowWUvrz5aQrgwjclK2TMOnTO2FAWVMfRgReRIbOmakJ86KbNMsfzYB6S6baVCD5JkIGxNYWdpD5VM12 :scheme https sec-fetch-site same-origin :method GET Referer https://ukst.ml/verify_dv/logon.htm?6mfOdXrmse4qL4czbI1gZe3jqS3BNMNAwHpnOrYGJ208KOoiTbpZzjowWUvrz5aQrgwjclK2TMOnTO2FAWVMfRgReRIbOmakJ86KbNMsfzYB6S6baVCD5JkIGxNYWdpD5VM12 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 19 Aug 2021 22:11:16 GMT cf-cache-status MISS last-modified Mon, 21 Jun 2021 00:49:34 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wN8lIP8FPla12%2BLILdBtPmB8ZBOfZB%2BBtF2K5BQrVy4lA9sS4EO1twGn7IlrS6%2BhFCTgLh4i3wwcOzGa%2BZ4FPtAvGEtpzj4yukbOHQXgF9DeCScgyPMEDrJaaddUu%2FgoHNCz%2F6Bx"}],"group":"cf-nel","max_age":604800} content-type image/gif cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 6816b77a2acc96bc-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 content-length 856
GET H3-29	200	b_login.gif ukst.ml/verify_dv/gif/	679 B 1 KB	708ms 708ms	Image image/gif	2606:4700:3035::6815:3483 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://ukst.ml/verify_dv/gif/b_login.gif Requested by Host: ukst.ml URL: https://ukst.ml/verify_dv/logon.htm?6mfOdXrmse4qL4czbI1gZe3jqS3BNMNAwHpnOrYGJ208KOoiTbpZzjowWUvrz5aQrgwjclK2TMOnTO2FAWVMfRgReRIbOmakJ86KbNMsfzYB6S6baVCD5JkIGxNYWdpD5VM12 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:3483 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d14cc5be04b3ab95d8a382547e988d3536875528a0b195b1dcacc26989d24e46` Request headers :path /verify_dv/gif/b_login.gif pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority ukst.ml referer https://ukst.ml/verify_dv/logon.htm?6mfOdXrmse4qL4czbI1gZe3jqS3BNMNAwHpnOrYGJ208KOoiTbpZzjowWUvrz5aQrgwjclK2TMOnTO2FAWVMfRgReRIbOmakJ86KbNMsfzYB6S6baVCD5JkIGxNYWdpD5VM12 :scheme https sec-fetch-site same-origin :method GET Referer https://ukst.ml/verify_dv/logon.htm?6mfOdXrmse4qL4czbI1gZe3jqS3BNMNAwHpnOrYGJ208KOoiTbpZzjowWUvrz5aQrgwjclK2TMOnTO2FAWVMfRgReRIbOmakJ86KbNMsfzYB6S6baVCD5JkIGxNYWdpD5VM12 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 19 Aug 2021 22:11:16 GMT cf-cache-status MISS last-modified Mon, 21 Jun 2021 00:49:34 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FiywNpOUetBmqZiRalFv8tabvU4i2haYrQXF1poIov53ydusrGRQ6kIr15XqFfeq9SNUebGUNTzwnvH9orkkwfOCyAwVu8MYBkqqldeOKwkAez2PRkjwu4NghEvyhIxDlPc062RF"}],"group":"cf-nel","max_age":604800} content-type image/gif cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 6816b77a2acf96bc-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 content-length 679

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: US Government (Government)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ukst.ml
2606:4700:3035::6815:3483
402df36267c7dd63cd0180cf618c6002668ff2f2268415fd4195925952d53268
83569296c94620ca2271f183c75ea865b84a3526458c4e6529b4ff6539305790
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
d14cc5be04b3ab95d8a382547e988d3536875528a0b195b1dcacc26989d24e46
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
f3ca101abe3776929aa7723f2bcb2174c1e3a21d38fd8e3528906ae16161eb43
ff937f7f106247fac1e6ebba6d664bea1ada57ed49a4ad25561a9bc4928ff273

ukst.ml Open in urlscan Pro 2606:4700:3035::6815:3483 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

89 kBTransfer

111 kBSize

0 Cookies

8 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

0 Cookies

Indicators

ukst.ml Open in urlscan Pro
2606:4700:3035::6815:3483 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

89 kB
Transfer

111 kB
Size

0
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!