demo3.osrealty.ru Open in urlscan Pro
2606:4700:3037::6812:2909 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://egokala.com/?email=omg@woah.danzo
Effective URL:
http://demo3.osrealty.ru/UPD/update/w5hhwl14i05j97gkhm62xi9c.php?client_id=469A4B0B7A04F25C2426DFD6779A6A9E&response_mode...
Submission: On March 05 via manual (March 5th 2020, 11:37:22 am UTC) from SA

Summary HTTP 1 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 1 HTTP transactions. The main IP is 2606:4700:3037::6812:2909, located in United States and belongs to CLOUDFLARENET, US. The main domain is demo3.osrealty.ru.

This is the only time demo3.osrealty.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	185.116.160.30 185.116.160.30	61173 (GWSN-AS) (GWSN-AS)
1 2	2606:4700:303... 2606:4700:3037::6812:2909	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	1

1 185.116.160.30 (Iran, Islamic Republic Of) 1 redirects

ASN61173 (GWSN-AS, IR)
PTR: static.30.160.116.185.clients.irandns.com

egokala.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3037::6812:2909 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

demo3.osrealty.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	osrealty.ru 1 redirects demo3.osrealty.ru	1 KB
1	egokala.com 1 redirects egokala.com	385 B
1	2

	Domain	Requested by
2	demo3.osrealty.ru	1 redirects
1	egokala.com	1 redirects
1	2

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://demo3.osrealty.ru/UPD/update/w5hhwl14i05j97gkhm62xi9c.php?client_id=469A4B0B7A04F25C2426DFD6779A6A9E&response_mode=form_post&response_type=code+id_token&scope=openid+profile&email=omg@woah.danzo&Connect_Authentication_Properties&&nonce=1534735936469a4b0b7a04f25c2426dfd6779a6a9e&redirect_uri=&ui_locales=en-US&mkt=en-US
Frame ID: FFA72D424F3279BA18B98A4D6E3CDD4B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://egokala.com/?email=omg@woah.danzo HTTP 302
http://demo3.osrealty.ru/UPD/update/?email=omg@woah.danzo HTTP 302
http://demo3.osrealty.ru/UPD/update/w5hhwl14i05j97gkhm62xi9c.php?client_id=469A4B0B7A04F25C2426DFD677... Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

1
Requests

0 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

0 kB
Transfer

0 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://egokala.com/?email=omg@woah.danzo HTTP 302
http://demo3.osrealty.ru/UPD/update/?email=omg@woah.danzo HTTP 302
http://demo3.osrealty.ru/UPD/update/w5hhwl14i05j97gkhm62xi9c.php?client_id=469A4B0B7A04F25C2426DFD6779A6A9E&response_mode=form_post&response_type=code+id_token&scope=openid+profile&email=omg@woah.danzo&Connect_Authentication_Properties&&nonce=1534735936469a4b0b7a04f25c2426dfd6779a6a9e&redirect_uri=&ui_locales=en-US&mkt=en-US Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	404 Not Found	Primary Request w5hhwl14i05j97gkhm62xi9c.php Show response demo3.osrealty.ru/UPD/update/ Redirect Chain http://egokala.com/?email=omg@woah.danzo http://demo3.osrealty.ru/UPD/update/?email=omg@woah.danzo http://demo3.osrealty.ru/UPD/update/w5hhwl14i05j97gkhm62xi9c.php?client_id=469A4B0B7A04F25C2426DFD6779A6A9E&response_mode=form_post&response_type=code+id_token&scope=openid+profile&email=omg@woah.d...	279 B 509 B	654ms 654ms	Document text/html	2606:4700:3037::6812:2909 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://demo3.osrealty.ru/UPD/update/w5hhwl14i05j97gkhm62xi9c.php?client_id=469A4B0B7A04F25C2426DFD6779A6A9E&response_mode=form_post&response_type=code+id_token&scope=openid+profile&email=omg@woah.danzo&Connect_Authentication_Properties&&nonce=1534735936469a4b0b7a04f25c2426dfd6779a6a9e&redirect_uri=&ui_locales=en-US&mkt=en-US Protocol HTTP/1.1 Server 2606:4700:3037::6812:2909 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `83a4785f536dc81e17d232045596f334cddd8b498db32a0bb51e3b0e667b71c9` Request headers Host demo3.osrealty.ru Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Cookie __cfduid=d0b1e5badd8c160a0045d8e333dc0cfc71583408222; PHPSESSID=21qvvrao217ufcnn1cntm4re66 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 05 Mar 2020 11:37:04 GMT Content-Type text/html; charset=iso-8859-1 Transfer-Encoding chunked Connection keep-alive CF-Cache-Status DYNAMIC Server cloudflare CF-RAY 56f38af67fe4dfdb-FRA Content-Encoding gzip Redirect headers Date Thu, 05 Mar 2020 11:37:03 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Set-Cookie __cfduid=d0b1e5badd8c160a0045d8e333dc0cfc71583408222; expires=Sat, 04-Apr-20 11:37:02 GMT; path=/; domain=.osrealty.ru; HttpOnly; SameSite=Lax PHPSESSID=21qvvrao217ufcnn1cntm4re66; path=/ Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma no-cache Location w5hhwl14i05j97gkhm62xi9c.php?client_id=469A4B0B7A04F25C2426DFD6779A6A9E&response_mode=form_post&response_type=code+id_token&scope=openid+profile&email=omg@woah.danzo&Connect_Authentication_Properties&&nonce=1534735936469a4b0b7a04f25c2426dfd6779a6a9e&redirect_uri=&ui_locales=en-US&mkt=en-US CF-Cache-Status DYNAMIC Server cloudflare CF-RAY 56f38af13f06dfdb-FRA

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			demo3.osrealty.ru/	1969-12-31 23:59:59	Name: PHPSESSID Value: 21qvvrao217ufcnn1cntm4re66
			.osrealty.ru/	1970-01-19 08:33:20	Name: __cfduid Value: d0b1e5badd8c160a0045d8e333dc0cfc71583408222

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

demo3.osrealty.ru
egokala.com
185.116.160.30
2606:4700:3037::6812:2909
83a4785f536dc81e17d232045596f334cddd8b498db32a0bb51e3b0e667b71c9

demo3.osrealty.ru Open in urlscan Pro 2606:4700:3037::6812:2909 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

1 Requests

0 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

1 IPs

2 Countries

0 kBTransfer

0 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

1 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

2 Cookies

Indicators

demo3.osrealty.ru Open in urlscan Pro
2606:4700:3037::6812:2909 Public Scan

Screenshot
Live screenshot

Full Image

1
Requests

0 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

0 kB
Transfer

0 kB
Size

2
Cookies

1 HTTP transactions
0 data transactions