urlscan.io logo urlscan.io
SecurityTrails logo

update2.buh.by Open in urlscan Pro
212.98.162.47  Public Scan

Go To Rescan Add Verdict Report
URL: https://update2.buh.by/
Submission: On September 04 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 9 HTTP transactions. The main IP is 212.98.162.47, located in Minsk, Belarus and belongs to BN-AS Belarussian data communication service provider., BY. The main domain is update2.buh.by.
TLS certificate: Issued by R3 on September 4th 2021. Valid for: 3 months.
This is the only time update2.buh.by was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 212.98.162.47 12406 (BN-AS Bel...)
1 5 217.69.133.145 47764 (MAILRU-AS...)
1 93.125.99.66 6697 (BELPAK-AS...)
9 4
Apex Domain
Subdomains		 Transfer
5 mail.ru
top-fwz1.mail.ru
16 KB
3 buh.by
update2.buh.by
u1.buh.by
31 KB
1 jukola.info
bm2017.jukola.info
970 B
0 tut.by Failed
catalog.tut.by Failed
9 4
Domain Requested by
5 top-fwz1.mail.ru 1 redirects update2.buh.by
top-fwz1.mail.ru
2 update2.buh.by update2.buh.by
1 u1.buh.by bm2017.jukola.info
1 bm2017.jukola.info update2.buh.by
0 catalog.tut.by Failed update2.buh.by
9 5

This site contains links to these domains. Also see Links.

Domain
www.jukola.by
buh.by
update.buh.by
www.buh.by
catalog.tut.by
top.mail.ru
Subject Issuer Validity Valid
update.buh.by
R3		 2021-09-04 -
2021-12-03		 3 months crt.sh
*.mail.ru
GeoTrust ECC CA 2018		 2020-11-13 -
2021-11-17		 a year crt.sh
bm.jukola.info
R3		 2021-07-11 -
2021-10-09		 3 months crt.sh
u1.buh.by
R3		 2021-08-12 -
2021-11-10		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://update2.buh.by/
Frame ID: EB262D8ED34B452DAAC0839725251413
Requests: 7 HTTP requests in this frame

Frame: https://bm2017.jukola.info/abmw.asp?z=7&isframe=true&autorotate=true
Frame ID: F8EFB19D467BC70B44A8670899A9835C
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Автоматический заказ обновления настроек 1С от компании "ЮКОЛА-ИНФО"

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

Page Statistics

9
Requests

89 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

4
IPs

2
Countries

47 kB
Transfer

64 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • https://top-fwz1.mail.ru/counter?id=942103;t=479;l=1 HTTP 302
  • https://top-fwz1.mail.ru/counter2?id=942103;t=479;l=1

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set /
update2.buh.by/ 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://update2.buh.by/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
212.98.162.47 Minsk, Belarus, ASN12406 (BN-AS Belarussian data communication service provider., BY),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
24944437bd6e03a7007b7d06845e844af26e965c6457efa601305d2fb8d0d005

Request headers

Host
update2.buh.by
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Cache-Control
private
Content-Type
text/html
Content-Encoding
gzip
Vary
Accept-Encoding
Server
Microsoft-IIS/8.5
Set-Cookie
ASPSESSIONIDSWDRCTSB=DIPHPFIBMMNDDKOEFFPGOPGH; secure; path=/
X-Powered-By
ASP.NET
Date
Sat, 04 Sep 2021 06:02:24 GMT
Content-Length
4519
style.css
update2.buh.by/ 		1 KB
834 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://update2.buh.by/style.css
Requested by
Host: update2.buh.by
URL: https://update2.buh.by/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
212.98.162.47 Minsk, Belarus, ASN12406 (BN-AS Belarussian data communication service provider., BY),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
32a158691bd1ab83c6644c00abfa9190da82ee8edb168693e429aef20cdb2406

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
update2.buh.by
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://update2.buh.by/
Cookie
ASPSESSIONIDSWDRCTSB=DIPHPFIBMMNDDKOEFFPGOPGH
Connection
keep-alive
Referer
https://update2.buh.by/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Sat, 04 Sep 2021 06:02:24 GMT
Content-Encoding
gzip
Last-Modified
Wed, 14 Nov 2012 10:04:44 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
ETag
"064b784fc2cd1:0"
Vary
Accept-Encoding
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
543
catalog-tut.gif
catalog.tut.by/images/ 		0
0
counter2
top-fwz1.mail.ru/
Redirect Chain
  • https://top-fwz1.mail.ru/counter?id=942103;t=479;l=1
  • https://top-fwz1.mail.ru/counter2?id=942103;t=479;l=1
2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://top-fwz1.mail.ru/counter2?id=942103;t=479;l=1
Requested by
Host: update2.buh.by
URL: https://update2.buh.by/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
217.69.133.145 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),
Reverse DNS
top-fwz1.mail.ru
Software
nginx /
Resource Hash
7fe65b608036e901f6038f4c981e60710e850156c5432973ee9e8abb95a68a32
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://update2.buh.by/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Sat, 04 Sep 2021 06:02:24 GMT
x-content-type-options
nosniff
p3p
CP="NOI DSP COR NID CUR PSA OUR NOR"
content-length
2518
pragma
no-cache
amp-access-control-allow-source-origin
*
server
nginx
access-control-allow-methods
GET, POST, HEAD, PUT, OPTIONS
content-type
image/gif
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
private, no-cache, no-store, max-age=0
access-control-allow-credentials
true
accept-ch-lifetime
86400
accept-ch
DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
timing-allow-origin
*
access-control-allow-headers
*

Redirect headers

date
Sat, 04 Sep 2021 06:02:24 GMT
x-content-type-options
nosniff
access-control-allow-origin
*
p3p
CP="NOI DSP COR NID CUR PSA OUR NOR"
content-length
0
pragma
no-cache
amp-access-control-allow-source-origin
*
server
nginx
access-control-allow-methods
GET, POST, HEAD, PUT, OPTIONS
location
https://top-fwz1.mail.ru/counter2?id=942103;t=479;l=1
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
private, no-cache, no-store, max-age=0
access-control-allow-credentials
true
accept-ch-lifetime
86400
accept-ch
DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
timing-allow-origin
*
access-control-allow-headers
*
code.js
top-fwz1.mail.ru/js/ 		25 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://top-fwz1.mail.ru/js/code.js
Requested by
Host: update2.buh.by
URL: https://update2.buh.by/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
217.69.133.145 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),
Reverse DNS
top-fwz1.mail.ru
Software
nginx /
Resource Hash
536cd983c5ac840349770984405fe9eb9e67b9d7e35e0c45673a653b003173b6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://update2.buh.by/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Sat, 04 Sep 2021 06:02:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="NOI DSP COR NID CUR PSA OUR NOR"
amp-access-control-allow-source-origin
*
last-modified
Thu, 15 Jul 2021 18:35:46 GMT
server
nginx
etag
W/"60f08002-64db"
access-control-allow-methods
GET, POST, HEAD, PUT, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
max-age=3600, private
access-control-allow-credentials
true
accept-ch-lifetime
86400
accept-ch
DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
timing-allow-origin
*
access-control-allow-headers
*
expires
Sat, 04 Sep 2021 07:02:24 GMT
Cookie set abmw.asp
bm2017.jukola.info/ Frame F8EF 		760 B
970 B 		Document
General
Check archive.org
Download Go to
Full URL
https://bm2017.jukola.info/abmw.asp?z=7&isframe=true&autorotate=true
Requested by
Host: update2.buh.by
URL: https://update2.buh.by/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
212.98.162.47 Minsk, Belarus, ASN12406 (BN-AS Belarussian data communication service provider., BY),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
115a0ba3ae09ff383ffb5b5467f0ad43bf4038eba6877ecf127c8e15f227b6fe

Request headers

Host
bm2017.jukola.info
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://update2.buh.by/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://update2.buh.by/

Response headers

Cache-Control
private,no-cache
Pragma
no-cache
Content-Type
text/html; charset=windows-1251
Content-Encoding
gzip
Expires
Fri, 03 Sep 2021 06:02:24 GMT
Vary
Accept-Encoding
Server
Microsoft-IIS/8.5
Set-Cookie
ASPSESSIONIDQWCTCTTB=EKKGJPPADPBLOBOFBHEIEKJF; secure; path=/
X-Powered-By
ASP.NET
Date
Sat, 04 Sep 2021 06:02:24 GMT
Content-Length
583
counter
top-fwz1.mail.ru/ 		43 B
918 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://top-fwz1.mail.ru/counter?js=13;id=942103;u=https%3A//update2.buh.by/;st=1630735344405;title=%D0%90%D0%B2%D1%82%D0%BE%D0%BC%D0%B0%D1%82%D0%B8%D1%87%D0%B5%D1%81%D0%BA%D0%B8%D0%B9%20%D0%B7%D0%B0%D0%BA%D0%B0%D0%B7%20%D0%BE%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F%20%D0%BD%D0%B0%D1%81%D1%82%D1%80%D0%BE%D0%B5%D0%BA%201%D0%A1%20%D0%BE%D1%82%20%D0%BA%D0%BE%D0%BC%D0%BF%D0%B0%D0%BD%D0%B8%D0%B8%20%22%D0%AE%D0%9A%D0%9E%D0%9B%D0%90-%D0%98%D0%9D%D0%A4%D0%9E%22;s=1600*1200;vp=1600*1221;touch=0;hds=1;frame=0;flash=;sid=e313a0874ad13227;ver=60.3.0;tz=-120%2FEurope%2FBerlin;ni=10//4g/0/0/;lvid=1630735344470%3A1630735344484%3A1%3A4c0e89c982ccb7fdfa36f3b28cede71e;visible=true;_=0.29298891222965207
Requested by
Host: top-fwz1.mail.ru
URL: https://top-fwz1.mail.ru/js/code.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
217.69.133.145 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),
Reverse DNS
top-fwz1.mail.ru
Software
nginx /
Resource Hash
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://update2.buh.by/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Sat, 04 Sep 2021 06:02:24 GMT
x-content-type-options
nosniff
p3p
CP="NOI DSP COR NID CUR PSA OUR NOR"
content-length
43
pragma
no-cache
amp-access-control-allow-source-origin
https://update2.buh.by
server
nginx
access-control-allow-methods
GET, POST, HEAD, PUT, OPTIONS
content-type
image/gif
access-control-allow-origin
https://update2.buh.by
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
private, no-cache, no-store, max-age=0
access-control-allow-credentials
true
accept-ch-lifetime
86400
accept-ch
DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
timing-allow-origin
https://update2.buh.by
access-control-allow-headers
*
cso468x60_v2.gif
u1.buh.by/banners/ Frame F8EF 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u1.buh.by/banners/cso468x60_v2.gif
Requested by
Host: bm2017.jukola.info
URL: https://bm2017.jukola.info/abmw.asp?z=7&isframe=true&autorotate=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.125.99.66 , Belarus, ASN6697 (BELPAK-AS BELPAK, BY),
Reverse DNS
vh84.hosterby.com
Software
nginx /
Resource Hash
ef884f50b82e6cce5b0db55ebbeaf27b5968ab55d92a773df4004b35bc9a20f3

Request headers

Referer
https://bm2017.jukola.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Sat, 04 Sep 2021 06:02:25 GMT
last-modified
Wed, 07 May 2008 14:59:53 GMT
server
nginx
etag
"4821c3e9-6374"
content-type
image/gif
cache-control
max-age=8380800
accept-ranges
bytes
content-length
25460
expires
Fri, 10 Dec 2021 06:02:25 GMT
tracker
top-fwz1.mail.ru/ 		43 B
787 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://top-fwz1.mail.ru/tracker?js=13;id=942103;u=https%3A//update2.buh.by/;st=1630735344405;s=1600*1200;vp=1600*1221;touch=0;hds=1;frame=0;flash=;sid=e313a0874ad13227;ver=60.3.0;tz=-120%2FEurope%2FBerlin;nt=0/0/1630735343965/////2/4/5/5/243/10/243/322/322/328/440/440/440/25106/25106/;ni=10//4g/0/0/;detect=0;lvid=1630735344470%3A1630735369072%3A2%3A4c0e89c982ccb7fdfa36f3b28cede71e;visible=true;_=0.4003409788482317;e=RT/load;et=1630735369071
Requested by
Host: top-fwz1.mail.ru
URL: https://top-fwz1.mail.ru/js/code.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
217.69.133.145 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),
Reverse DNS
top-fwz1.mail.ru
Software
nginx /
Resource Hash
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://update2.buh.by/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Sat, 04 Sep 2021 06:02:49 GMT
x-content-type-options
nosniff
p3p
CP="NOI DSP COR NID CUR PSA OUR NOR"
content-length
43
pragma
no-cache
amp-access-control-allow-source-origin
https://update2.buh.by
server
nginx
access-control-allow-methods
GET, POST, HEAD, PUT, OPTIONS
content-type
image/gif
access-control-allow-origin
https://update2.buh.by
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
private, no-cache, no-store, max-age=0
access-control-allow-credentials
true
accept-ch-lifetime
86400
accept-ch
DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
timing-allow-origin
https://update2.buh.by
access-control-allow-headers
*

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
catalog.tut.by
URL
https://catalog.tut.by/images/catalog-tut.gif

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| _tmr

1 Cookies

Domain/Path Name / Value
.buh.by/ Name: tmr_reqNum
Value: 2