pansionatdobrota.ru Open in urlscan Pro
2a03:6f00:1::5c35:629e Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://pansionatdobrota.ru/inf/info/icez.php
Submission: On January 01 via automatic, source openphish (January 1st 2022, 1:11:05 am UTC) — Scanned from DE

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 8 IPs in 3 countries across 7 domains to perform 14 HTTP transactions. The main IP is 2a03:6f00:1::5c35:629e, located in Russian Federation and belongs to TIMEWEB-AS, RU. The main domain is pansionatdobrota.ru.

This is the only time pansionatdobrota.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Aruba (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	2a03:6f00:1::... 2a03:6f00:1::5c35:629e	9123 (TIMEWEB-AS) (TIMEWEB-AS)
5	2606:4700:10:... 2606:4700:10::6816:14f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	65.9.83.110 65.9.83.110	16509 (AMAZON-02) (AMAZON-02)
1 2	192.185.4.124 192.185.4.124	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
2	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
1	104.198.110.86 104.198.110.86	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
14	8

1 2a03:6f00:1::5c35:629e (Russian Federation)

ASN9123 (TIMEWEB-AS, RU)

pansionatdobrota.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:10::6816:14f (United States)

ASN13335 (CLOUDFLARENET, US)

managehosting.aruba.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.83.110 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-83-110.ams1.r.cloudfront.net

cdn.worldvectorlogo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.185.4.124 (United States) 1 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: gator4112.hostgator.com

coollogos.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn0.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.198.110.86 (The Dalles, United States)

ASN15169 (GOOGLE, US)
PTR: 86.110.198.104.bc.googleusercontent.com

www.plurilock.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	aruba.it managehosting.aruba.it	41 KB
4	gstatic.com encrypted-tbn0.gstatic.com fonts.gstatic.com	66 KB
2	coollogos.top 1 redirects coollogos.top	120 B
1	googleapis.com fonts.googleapis.com	931 B
1	plurilock.com www.plurilock.com	167 KB
1	worldvectorlogo.com cdn.worldvectorlogo.com
1	pansionatdobrota.ru pansionatdobrota.ru	10 KB
14	7

	Domain	Requested by
5	managehosting.aruba.it	pansionatdobrota.ru
2	fonts.gstatic.com	fonts.googleapis.com
2	encrypted-tbn0.gstatic.com	pansionatdobrota.ru
2	coollogos.top	1 redirects pansionatdobrota.ru
1	fonts.googleapis.com	managehosting.aruba.it
1	www.plurilock.com	pansionatdobrota.ru
1	cdn.worldvectorlogo.com	pansionatdobrota.ru
1	pansionatdobrota.ru
14	8

This site contains no links.

Subject Issuer	Validity	Valid
aruba.it Actalis Organization Validated Server CA G3	`2021-04-26` - `2022-04-26`	a year	crt.sh
*.worldvectorlogo.com Amazon	`2021-04-18` - `2022-05-17`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
www.plurilock.com R3	`2021-12-03` - `2022-03-03`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://pansionatdobrota.ru/inf/info/icez.php
Frame ID: E3807CB0AF00521B4899DB49E7923B84
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

SMS Authentication

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

14
Requests

86 %
HTTPS

63 %
IPv6

7
Domains

8
Subdomains

8
IPs

3
Countries

286 kB
Transfer

421 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://coollogos.top/wp-content/uploads/2019/06/green-security-logo.jpg HTTP 302
https://coollogos.top/404.html

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request icez.php Show response
pansionatdobrota.ru/inf/info/ 34 KB
10 KB 176ms
75ms Document
text/html 2a03:6f00:1::5c35:629e
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://pansionatdobrota.ru/inf/info/icez.php
Protocol: HTTP/1.1
Server: 2a03:6f00:1::5c35:629e , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software: nginx/1.14.1 /
Resource Hash: 38481ee8121371bb8e127bea86c3cf2fdbdaa91697e4ee9a67b94f1c8c30afa2

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Server: nginx/1.14.1
Date: Sat, 01 Jan 2022 01:11:00 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

GET
H2 200 style.css
managehosting.aruba.it// 109 KB
20 KB 178ms
123ms Stylesheet
text/css 2606:4700:10::6816:14f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://managehosting.aruba.it//style.css?v=36

Requested by

Host: pansionatdobrota.ru
URL: http://pansionatdobrota.ru/inf/info/icez.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:14f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c809f27038696ba5d1f887df75c3e3fd94f7e5ae6530e3d5db676ef79b28b82

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://pansionatdobrota.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 01 Jan 2022 01:11:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Tue, 16 Nov 2021 15:35:56 GMT
server: cloudflare
etag: W/"05691a5ffdad71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: text/css
strict-transport-security: max-age=31536000
cf-ray: 6c67df03b9fd5ca4-FRA
vary: Accept-Encoding

GET
H2 200 jquery-ui.css
managehosting.aruba.it//FullOrder/styles/ 28 KB
5 KB 172ms
117ms Stylesheet
text/css 2606:4700:10::6816:14f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://managehosting.aruba.it//FullOrder/styles/jquery-ui.css?v=10

Requested by

Host: pansionatdobrota.ru
URL: http://pansionatdobrota.ru/inf/info/icez.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:14f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3950a0095e23d53c987e8b87e6a0e19fb4ddf366d17955485d7bc3a0dd31171

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://pansionatdobrota.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 01 Jan 2022 01:11:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Tue, 16 Nov 2021 15:35:20 GMT
server: cloudflare
etag: W/"02c1c90ffdad71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: text/css
strict-transport-security: max-age=31536000
cf-ray: 6c67df03b9ff5ca4-FRA
vary: Accept-Encoding

GET
H2 200 top.css
managehosting.aruba.it// 2 KB
987 B 155ms
100ms Stylesheet
text/css 2606:4700:10::6816:14f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://managehosting.aruba.it//top.css?v=36

Requested by

Host: pansionatdobrota.ru
URL: http://pansionatdobrota.ru/inf/info/icez.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:14f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e47ff2546ed336aa800b3e749123a0b4d4a1aac6f2219486a04e25597fe4cca5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://pansionatdobrota.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 01 Jan 2022 01:11:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Tue, 16 Nov 2021 15:36:08 GMT
server: cloudflare
etag: W/"064b8acffdad71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: text/css
strict-transport-security: max-age=31536000
cf-ray: 6c67df03ba025ca4-FRA
vary: Accept-Encoding

GET
H2 403 paypal.svg
cdn.worldvectorlogo.com/logos/ 0
0 180ms
139ms Image
application/xml 65.9.83.110
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.worldvectorlogo.com/logos/paypal.svg
Requested by: Host: pansionatdobrota.ru
URL: http://pansionatdobrota.ru/inf/info/icez.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.83.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-83-110.ams1.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://pansionatdobrota.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H2

200

404.html
coollogos.top/
Redirect Chain

https://coollogos.top/wp-content/uploads/2019/06/green-security-logo.jpg
https://coollogos.top/404.html

0
0

132ms
132ms

Image
text/html

192.185.4.124
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://coollogos.top/404.html
Requested by: Host: pansionatdobrota.ru
URL: http://pansionatdobrota.ru/inf/info/icez.php
Protocol: H2
Server: 192.185.4.124 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: gator4112.hostgator.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://pansionatdobrota.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Redirect headers

location: /404.html
pragma: no-cache
date: Sat, 01 Jan 2022 01:11:00 GMT
cache-control: no-cache, no-store, must-revalidate
expires: 0
server: Apache
content-type: text/html; charset=UTF-8

GET
H2 200 images
encrypted-tbn0.gstatic.com/ 9 KB
9 KB 79ms
43ms Image
image/png 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/images?q=tbn%3AANd9GcS9vCaK7Z7_rOwZbCADWBNASR8gzKSWmEHCVMoPp8MM99-TUPJ4&usqp=CAU

Requested by

Host: pansionatdobrota.ru
URL: http://pansionatdobrota.ru/inf/info/icez.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25dd2ba4fc46177a5f95a86c1b8162d0d18abda25ee569327dd81513496badf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://pansionatdobrota.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 01 Jan 2022 01:11:00 GMT
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8735
x-xss-protection: 0
last-modified: Fri, 02 Aug 2019 06:04:07 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sun, 01 Jan 2023 01:11:00 GMT

GET
H2 200 spinner.gif
www.plurilock.com/static/scripts/assets/ 166 KB
167 KB 621ms
173ms Image
image/gif 104.198.110.86
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.plurilock.com/static/scripts/assets/spinner.gif
Requested by: Host: pansionatdobrota.ru
URL: http://pansionatdobrota.ru/inf/info/icez.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.198.110.86 The Dalles, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 86.110.198.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: e16b9bb9d28c028badce62adab83d1ef403c0e80b2e460bf7dd567d3c15122d7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://pansionatdobrota.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 01 Jan 2022 01:11:00 GMT
last-modified: Wed, 01 Dec 2021 00:50:50 GMT
server: nginx
etag: "61a6c6ea-299f6"
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 170486

GET
H2 200 images
encrypted-tbn0.gstatic.com/ 11 KB
11 KB 51ms
16ms Image
image/png 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/images?q=tbn%3AANd9GcQdoFNv4jckDl7QaB8_wg8GK3LJISXKfU6y7A&usqp=CAU

Requested by

Host: pansionatdobrota.ru
URL: http://pansionatdobrota.ru/inf/info/icez.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2af15d9d6badb744ea0f4e4ce2e1799a8e604465c22e7a3d2ec0606ee340dca4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://pansionatdobrota.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 01 Jan 2022 01:11:00 GMT
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10815
x-xss-protection: 0
last-modified: Fri, 21 Jun 2019 19:59:06 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sun, 01 Jan 2023 01:11:00 GMT

GET
H2 200 main_separatore_5_5.gif
managehosting.aruba.it/image_main/ 45 B
159 B 79ms
25ms Image
image/gif 2606:4700:10::6816:14f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://managehosting.aruba.it/image_main/main_separatore_5_5.gif

Requested by

Host: pansionatdobrota.ru
URL: http://pansionatdobrota.ru/inf/info/icez.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:14f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9ad9ccafbc7696d83a75b36483dc07f3a1465c7d4443047f7d2803045435dcd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://pansionatdobrota.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 01 Jan 2022 01:11:00 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6791
vary: Accept-Encoding
content-length: 45
last-modified: Thu, 03 Oct 2019 07:03:10 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "0b769db879d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
content-type: image/gif
cache-control: max-age=1382400
accept-ranges: bytes
cf-ray: 6c67df03ba035ca4-FRA

GET
H2 200 grayLineFull.png
managehosting.aruba.it/images/ 15 KB
15 KB 77ms
23ms Image
image/png 2606:4700:10::6816:14f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://managehosting.aruba.it/images/grayLineFull.png

Requested by

Host: pansionatdobrota.ru
URL: http://pansionatdobrota.ru/inf/info/icez.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:14f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7d4f46e5b853727d9fe49f79faadb7c77d3235992542e1229b5c3f9cc1184a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://pansionatdobrota.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 01 Jan 2022 01:11:00 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2968
vary: Accept-Encoding
content-length: 15030
last-modified: Thu, 03 Oct 2019 07:03:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "038a79eb879d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=1382400
accept-ranges: bytes
cf-ray: 6c67df03ba045ca4-FRA

GET
H2 200 css
fonts.googleapis.com/ 3 KB
931 B 38ms
15ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:300,400,700,900

Requested by

Host: managehosting.aruba.it
URL: https://managehosting.aruba.it//style.css?v=36

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

30c7c639fd48a0186026f900282a3b92893c32043019a5efb0ddf7e0805e296f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://managehosting.aruba.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 31 Dec 2021 23:13:29 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 01 Jan 2022 01:11:00 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 01 Jan 2022 01:11:00 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v20/ 23 KB
24 KB 119ms
7ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,400,700,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: http://pansionatdobrota.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 20:12:18 GMT
x-content-type-options: nosniff
age: 190722
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:19:01 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 29 Dec 2022 20:12:18 GMT

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v20/ 22 KB
23 KB 116ms
13ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,400,700,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: http://pansionatdobrota.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 20:12:20 GMT
x-content-type-options: nosniff
age: 277120
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22992
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:18:57 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 28 Dec 2022 20:12:20 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Aruba (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| ia7307ad string| k

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			managehosting.aruba.it/	1970-01-19 23:50:01	Name: __cflb Value: 0H28ve23puggqTBDCz71dWFYuFVeiPjrAADvkEghRMP

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cdn.worldvectorlogo.com/logos/paypal.svg Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.worldvectorlogo.com
coollogos.top
encrypted-tbn0.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
managehosting.aruba.it
pansionatdobrota.ru
www.plurilock.com
104.198.110.86
192.185.4.124
2606:4700:10::6816:14f
2a00:1450:4001:808::200e
2a00:1450:4001:810::2003
2a00:1450:4001:82f::200a
2a03:6f00:1::5c35:629e
65.9.83.110
25dd2ba4fc46177a5f95a86c1b8162d0d18abda25ee569327dd81513496badf7
2af15d9d6badb744ea0f4e4ce2e1799a8e604465c22e7a3d2ec0606ee340dca4
2c809f27038696ba5d1f887df75c3e3fd94f7e5ae6530e3d5db676ef79b28b82
30c7c639fd48a0186026f900282a3b92893c32043019a5efb0ddf7e0805e296f
38481ee8121371bb8e127bea86c3cf2fdbdaa91697e4ee9a67b94f1c8c30afa2
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
d9ad9ccafbc7696d83a75b36483dc07f3a1465c7d4443047f7d2803045435dcd
e16b9bb9d28c028badce62adab83d1ef403c0e80b2e460bf7dd567d3c15122d7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e47ff2546ed336aa800b3e749123a0b4d4a1aac6f2219486a04e25597fe4cca5
f3950a0095e23d53c987e8b87e6a0e19fb4ddf366d17955485d7bc3a0dd31171
f7d4f46e5b853727d9fe49f79faadb7c77d3235992542e1229b5c3f9cc1184a2

pansionatdobrota.ru Open in urlscan Pro 2a03:6f00:1::5c35:629e Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

14 Requests

86 %HTTPS

63 %IPv6

7 Domains

8 Subdomains

8 IPs

3 Countries

286 kBTransfer

421 kBSize

1 Cookies

0 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

pansionatdobrota.ru Open in urlscan Pro
2a03:6f00:1::5c35:629e Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

86 %
HTTPS

63 %
IPv6

7
Domains

8
Subdomains

8
IPs

3
Countries

286 kB
Transfer

421 kB
Size

1
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!