urlscan.io logo urlscan.io
SecurityTrails logo

update.buh.by Open in urlscan Pro
212.98.162.47  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://update.jukola.info/
Effective URL: http://update.buh.by/
Submission: On September 04 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 9 HTTP transactions. The main IP is 212.98.162.47, located in Minsk, Belarus and belongs to BN-AS Belarussian data communication service provider., BY. The main domain is update.buh.by.
This is the only time update.buh.by was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 4 212.98.162.47 12406 (BN-AS Bel...)
2 6 217.69.133.145 47764 (MAILRU-AS...)
1 93.125.99.66 6697 (BELPAK-AS...)
9 4
Apex Domain
Subdomains		 Transfer
6 mail.ru
top-fwz1.mail.ru
18 KB
3 buh.by
update.buh.by
u1.buh.by
31 KB
2 jukola.info
update.jukola.info
bm2017.jukola.info
1 KB
0 tut.by Failed
catalog.tut.by Failed
9 4
Domain Requested by
6 top-fwz1.mail.ru 2 redirects update.buh.by
top-fwz1.mail.ru
2 update.buh.by update.buh.by
1 u1.buh.by bm2017.jukola.info
1 bm2017.jukola.info update.buh.by
1 update.jukola.info 1 redirects
0 catalog.tut.by Failed update.buh.by
9 6

This site contains links to these domains. Also see Links.

Domain
www.jukola.by
buh.by
update2.buh.by
www.buh.by
catalog.tut.by
top.mail.ru
Subject Issuer Validity Valid
*.mail.ru
GeoTrust ECC CA 2018		 2020-11-13 -
2021-11-17		 a year crt.sh
bm.jukola.info
R3		 2021-07-11 -
2021-10-09		 3 months crt.sh
u1.buh.by
R3		 2021-08-12 -
2021-11-10		 3 months crt.sh

This page contains 2 frames:

Primary Page: http://update.buh.by/
Frame ID: A1C9C703C5F5DA1519AA9288DF5E67D3
Requests: 7 HTTP requests in this frame

Frame: https://bm2017.jukola.info/abmw.asp?z=7&isframe=true&autorotate=true
Frame ID: 4EBB3CB0095BD10BE610D90D6610B680
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Автоматический заказ обновления настроек 1С от компании "ЮКОЛА-ИНФО"

Page URL History Show full URLs

  1. https://update.jukola.info/ HTTP 302
    http://update.buh.by/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

Page Statistics

9
Requests

56 %
HTTPS

0 %
IPv6

4
Domains

6
Subdomains

4
IPs

2
Countries

48 kB
Transfer

64 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://update.jukola.info/ HTTP 302
    http://update.buh.by/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • http://top-fwz1.mail.ru/counter?id=942103;t=479;l=1 HTTP 302
  • https://top-fwz1.mail.ru/counter?id=942103;t=479;l=1 HTTP 302
  • https://top-fwz1.mail.ru/counter2?id=942103;t=479;l=1

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set /
update.buh.by/
Redirect Chain
  • https://update.jukola.info/
  • http://update.buh.by/
10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://update.buh.by/
Protocol
HTTP/1.1
Server
212.98.162.47 Minsk, Belarus, ASN12406 (BN-AS Belarussian data communication service provider., BY),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
e6ef932f8956eb109b02d5679b17c8ba3edbd779b29d586311c8ae11dc1f87b0

Request headers

Host
update.buh.by
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Cache-Control
private
Content-Type
text/html
Content-Encoding
gzip
Vary
Accept-Encoding
Server
Microsoft-IIS/8.5
Set-Cookie
ASPSESSIONIDSSDRCTSB=JIPHPFIBHLIEGGHFCBPBKDDL; path=/
X-Powered-By
ASP.NET
Date
Sat, 04 Sep 2021 06:02:37 GMT
Content-Length
4520

Redirect headers

Cache-Control
private
Content-Type
text/html
Location
http://update.buh.by
Server
Microsoft-IIS/8.5
Set-Cookie
ASPSESSIONIDSWDRCTSB=IIPHPFIBCCCKLBACOLFBFDDF; secure; path=/
X-Powered-By
ASP.NET
Date
Sat, 04 Sep 2021 06:02:37 GMT
Content-Length
149
style.css
update.buh.by/ 		1 KB
834 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://update.buh.by/style.css
Requested by
Host: update.buh.by
URL: http://update.buh.by/
Protocol
HTTP/1.1
Server
212.98.162.47 Minsk, Belarus, ASN12406 (BN-AS Belarussian data communication service provider., BY),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
32a158691bd1ab83c6644c00abfa9190da82ee8edb168693e429aef20cdb2406

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
update.buh.by
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://update.buh.by/
Cookie
ASPSESSIONIDSSDRCTSB=JIPHPFIBHLIEGGHFCBPBKDDL
Connection
keep-alive
Cache-Control
no-cache
Referer
http://update.buh.by/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Sat, 04 Sep 2021 06:02:37 GMT
Content-Encoding
gzip
Last-Modified
Wed, 14 Nov 2012 10:04:44 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
ETag
"064b784fc2cd1:0"
Vary
Accept-Encoding
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
543
catalog-tut.gif
catalog.tut.by/images/ 		0
0
counter2
top-fwz1.mail.ru/
Redirect Chain
  • http://top-fwz1.mail.ru/counter?id=942103;t=479;l=1
  • https://top-fwz1.mail.ru/counter?id=942103;t=479;l=1
  • https://top-fwz1.mail.ru/counter2?id=942103;t=479;l=1
2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://top-fwz1.mail.ru/counter2?id=942103;t=479;l=1
Requested by
Host: update.buh.by
URL: http://update.buh.by/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
217.69.133.145 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),
Reverse DNS
top-fwz1.mail.ru
Software
nginx /
Resource Hash
7fe65b608036e901f6038f4c981e60710e850156c5432973ee9e8abb95a68a32
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://update.buh.by/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Sat, 04 Sep 2021 06:02:38 GMT
x-content-type-options
nosniff
p3p
CP="NOI DSP COR NID CUR PSA OUR NOR"
content-length
2518
pragma
no-cache
amp-access-control-allow-source-origin
*
server
nginx
access-control-allow-methods
GET, POST, HEAD, PUT, OPTIONS
content-type
image/gif
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
private, no-cache, no-store, max-age=0
access-control-allow-credentials
true
accept-ch-lifetime
86400
accept-ch
DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
timing-allow-origin
*
access-control-allow-headers
*

Redirect headers

date
Sat, 04 Sep 2021 06:02:38 GMT
x-content-type-options
nosniff
access-control-allow-origin
*
p3p
CP="NOI DSP COR NID CUR PSA OUR NOR"
content-length
0
pragma
no-cache
amp-access-control-allow-source-origin
*
server
nginx
access-control-allow-methods
GET, POST, HEAD, PUT, OPTIONS
location
https://top-fwz1.mail.ru/counter2?id=942103;t=479;l=1
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
private, no-cache, no-store, max-age=0
access-control-allow-credentials
true
accept-ch-lifetime
86400
accept-ch
DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
timing-allow-origin
*
access-control-allow-headers
*
code.js
top-fwz1.mail.ru/js/ 		25 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://top-fwz1.mail.ru/js/code.js
Requested by
Host: update.buh.by
URL: http://update.buh.by/
Protocol
HTTP/1.1
Server
217.69.133.145 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),
Reverse DNS
top-fwz1.mail.ru
Software
nginx /
Resource Hash
536cd983c5ac840349770984405fe9eb9e67b9d7e35e0c45673a653b003173b6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://update.buh.by/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Sat, 04 Sep 2021 06:02:38 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
P3P
CP="NOI DSP COR NID CUR PSA OUR NOR"
Connection
keep-alive
Access-Control-Allow-Headers
*
AMP-Access-Control-Allow-Source-Origin
*
Last-Modified
Thu, 15 Jul 2021 18:35:46 GMT
Server
nginx
ETag
W/"60f08002-64db"
Access-Control-Allow-Methods
GET, POST, HEAD, PUT, OPTIONS
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
AMP-Access-Control-Allow-Source-Origin
Cache-Control
max-age=3600, private
Access-Control-Allow-Credentials
true
Accept-CH-Lifetime
86400
Accept-CH
DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
Timing-Allow-Origin
*
Keep-Alive
timeout=60
Expires
Sat, 04 Sep 2021 07:02:38 GMT
Cookie set abmw.asp
bm2017.jukola.info/ Frame 4EBB 		760 B
970 B 		Document
General
Check archive.org
Download Go to
Full URL
https://bm2017.jukola.info/abmw.asp?z=7&isframe=true&autorotate=true
Requested by
Host: update.buh.by
URL: http://update.buh.by/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
212.98.162.47 Minsk, Belarus, ASN12406 (BN-AS Belarussian data communication service provider., BY),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
115a0ba3ae09ff383ffb5b5467f0ad43bf4038eba6877ecf127c8e15f227b6fe

Request headers

Host
bm2017.jukola.info
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
http://update.buh.by/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
http://update.buh.by/

Response headers

Cache-Control
private,no-cache
Pragma
no-cache
Content-Type
text/html; charset=windows-1251
Content-Encoding
gzip
Expires
Fri, 03 Sep 2021 06:02:38 GMT
Vary
Accept-Encoding
Server
Microsoft-IIS/8.5
Set-Cookie
ASPSESSIONIDQWCTCTTB=HKKGJPPAIHOIHPEOLJIGMLIF; secure; path=/
X-Powered-By
ASP.NET
Date
Sat, 04 Sep 2021 06:02:37 GMT
Content-Length
583
counter
top-fwz1.mail.ru/ 		43 B
917 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://top-fwz1.mail.ru/counter?js=13;id=942103;u=http%3A//update.buh.by/;st=1630735358497;title=%D0%90%D0%B2%D1%82%D0%BE%D0%BC%D0%B0%D1%82%D0%B8%D1%87%D0%B5%D1%81%D0%BA%D0%B8%D0%B9%20%D0%B7%D0%B0%D0%BA%D0%B0%D0%B7%20%D0%BE%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F%20%D0%BD%D0%B0%D1%81%D1%82%D1%80%D0%BE%D0%B5%D0%BA%201%D0%A1%20%D0%BE%D1%82%20%D0%BA%D0%BE%D0%BC%D0%BF%D0%B0%D0%BD%D0%B8%D0%B8%20%22%D0%AE%D0%9A%D0%9E%D0%9B%D0%90-%D0%98%D0%9D%D0%A4%D0%9E%22;s=1600*1200;vp=1600*1221;touch=0;hds=1;frame=0;flash=;sid=cd2b3a4de1c0cd37;ver=60.3.0;tz=-120%2FEurope%2FBerlin;ni=10//4g/0/0/;lvid=1630735358567%3A1630735358582%3A1%3Ad25b1ddd284fd3378e8e521e0bad0dc0;visible=true;_=0.7893190886515917
Requested by
Host: top-fwz1.mail.ru
URL: http://top-fwz1.mail.ru/js/code.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
217.69.133.145 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),
Reverse DNS
top-fwz1.mail.ru
Software
nginx /
Resource Hash
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://update.buh.by/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Sat, 04 Sep 2021 06:02:38 GMT
x-content-type-options
nosniff
p3p
CP="NOI DSP COR NID CUR PSA OUR NOR"
content-length
43
pragma
no-cache
amp-access-control-allow-source-origin
http://update.buh.by
server
nginx
access-control-allow-methods
GET, POST, HEAD, PUT, OPTIONS
content-type
image/gif
access-control-allow-origin
http://update.buh.by
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
private, no-cache, no-store, max-age=0
access-control-allow-credentials
true
accept-ch-lifetime
86400
accept-ch
DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
timing-allow-origin
http://update.buh.by
access-control-allow-headers
*
cso468x60_v2.gif
u1.buh.by/banners/ Frame 4EBB 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u1.buh.by/banners/cso468x60_v2.gif
Requested by
Host: bm2017.jukola.info
URL: https://bm2017.jukola.info/abmw.asp?z=7&isframe=true&autorotate=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.125.99.66 , Belarus, ASN6697 (BELPAK-AS BELPAK, BY),
Reverse DNS
vh84.hosterby.com
Software
nginx /
Resource Hash
ef884f50b82e6cce5b0db55ebbeaf27b5968ab55d92a773df4004b35bc9a20f3

Request headers

Referer
https://bm2017.jukola.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Sat, 04 Sep 2021 06:02:39 GMT
last-modified
Wed, 07 May 2008 14:59:53 GMT
server
nginx
etag
"4821c3e9-6374"
content-type
image/gif
cache-control
max-age=8380800
accept-ranges
bytes
content-length
25460
expires
Fri, 10 Dec 2021 06:02:39 GMT
tracker
top-fwz1.mail.ru/ 		43 B
784 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://top-fwz1.mail.ru/tracker?js=13;id=942103;u=http%3A//update.buh.by/;st=1630735358497;s=1600*1200;vp=1600*1221;touch=0;hds=1;frame=0;flash=;sid=cd2b3a4de1c0cd37;ver=60.3.0;tz=-120%2FEurope%2FBerlin;nt=0/0/1630735356873/////1230/1230/1231/1231/1245//1245/1330/1330/1332/1624/1624/1624/26004/26004/;ni=10//4g/0/0/;detect=0;lvid=1630735358567%3A1630735382878%3A2%3Ad25b1ddd284fd3378e8e521e0bad0dc0;visible=true;_=0.00595915674948766;e=RT/load;et=1630735382877
Requested by
Host: top-fwz1.mail.ru
URL: http://top-fwz1.mail.ru/js/code.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
217.69.133.145 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),
Reverse DNS
top-fwz1.mail.ru
Software
nginx /
Resource Hash
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://update.buh.by/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Sat, 04 Sep 2021 06:03:02 GMT
x-content-type-options
nosniff
p3p
CP="NOI DSP COR NID CUR PSA OUR NOR"
content-length
43
pragma
no-cache
amp-access-control-allow-source-origin
http://update.buh.by
server
nginx
access-control-allow-methods
GET, POST, HEAD, PUT, OPTIONS
content-type
image/gif
access-control-allow-origin
http://update.buh.by
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
private, no-cache, no-store, max-age=0
access-control-allow-credentials
true
accept-ch-lifetime
86400
accept-ch
DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
timing-allow-origin
http://update.buh.by
access-control-allow-headers
*

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
catalog.tut.by
URL
https://catalog.tut.by/images/catalog-tut.gif

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| _tmr

1 Cookies

Domain/Path Name / Value
.buh.by/ Name: tmr_reqNum
Value: 2