urlscan.io logo urlscan.io
SecurityTrails logo

cu8.org Open in urlscan Pro
181.214.147.41  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://cu8.org/track/3bKsPZ15DOMV1uooitwlnlg3ZMPWAAOSJENSUXI404512/20073j9
Submission Tags: @phish_report
Submission: On October 19 via api from FI — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 1 HTTP transactions. The main IP is 181.214.147.41, located in Vilnius, Lithuania and belongs to BALTNETA Customers AS, LT. The main domain is cu8.org.
This is the only time cu8.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious1 votes Show Verdicts

Domain & IP information

IP Address AS Autonomous System
1 181.214.147.41 15440 (BALTNETA ...)
1 1
Apex Domain
Subdomains		 Transfer
1 cu8.org
cu8.org
279 B
1 1
Domain Requested by
1 cu8.org
1 1

This site contains no links.

Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://cu8.org/track/3bKsPZ15DOMV1uooitwlnlg3ZMPWAAOSJENSUXI404512/20073j9
Frame ID: B7C1BB8A12CE8C2615571224D1B36CE4
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

20073j9 (1×1)

Page Statistics

1
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 20073j9
cu8.org/track/3bKsPZ15DOMV1uooitwlnlg3ZMPWAAOSJENSUXI404512/ 		42 B
279 B 		Document
General
Check archive.org
Download Go to
Full URL
http://cu8.org/track/3bKsPZ15DOMV1uooitwlnlg3ZMPWAAOSJENSUXI404512/20073j9
Protocol
HTTP/1.1
Server
181.214.147.41 Vilnius, Lithuania, ASN15440 (BALTNETA Customers AS, LT),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

Content-Length
42
Content-Type
image/png
Date
Thu, 19 Oct 2023 00:09:39 GMT
X-Address
gin_throttle_mw_7200000000_185.204.1.181
X-Ratelimit-Limit
500
X-Ratelimit-Remaining
499
X-Ratelimit-Reset
1697677779

Verdicts & Comments Add Verdict or Comment

Malicious page.url
Submitted on October 19th 2023, 12:10:09 am UTC — From United States

Threats: Malware Unwanted Software Potentially Harmful Application
Comment: RUSSIAN SPYWARE: http://cu8.org/track/3bKsPZ15DOMV1uooitwlnlg3ZMPWAAOSJENSUXI404512/20073j9 sent by RUSSIAN MALNET using harvested emails and MALICIOUS websites: http://cu8.org https://t.co https://firebasestorage.googleapis.com https://urchingquest.com https://happyhalloween.click https://www.bcloudtrk.com http://houpin.ch http://uqoyfhyqtmgfnvakivuuaehnujrraweauv.makingstory.review https://st.hzcdn.com http://fenders.makeup https://noisygrip.com https://tinyurl.com/yvvrbc38

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cu8.org
181.214.147.41
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629