benedict.p-host.in Open in urlscan Pro
2a0b:6cc0::16 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://benedict.p-host.in/index.html
Submission: On August 29 via manual (August 29th 2022, 3:57:02 pm UTC) from US — Scanned from US

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 2a0b:6cc0::16, located in Russian Federation and belongs to TEAM-HOST AS, RU. The main domain is benedict.p-host.in.
TLS certificate: Issued by R3 on August 22nd 2022. Valid for: 3 months.

This is the only time benedict.p-host.in was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Adobe (Consumer)

Domain & IP information

	IP Address		AS Autonomous System
8	2a0b:6cc0::16 2a0b:6cc0::16		202984 (TEAM-HOST AS) (TEAM-HOST AS)
8	2

8 2a0b:6cc0::16 (Russian Federation)

ASN202984 (TEAM-HOST AS, RU)

benedict.p-host.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	p-host.in benedict.p-host.in	794 KB
8	1

	Domain	Requested by
8	benedict.p-host.in	benedict.p-host.in
8	1

This site contains no links.

Subject Issuer	Validity	Valid
benedict.p-host.in R3	`2022-08-22` - `2022-11-20`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://benedict.p-host.in/index.html
Frame ID: 9691DD6EDBB46A33DA89598D2BDA0D82
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Adobe PDF

Page Statistics

8
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

794 kB
Transfer

1315 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request index.html Show response benedict.p-host.in/	539 KB 371 KB	930ms 137ms	Document text/html	2a0b:6cc0::16 TEAM-HOST AS
General Check archive.org Show headers Download Go to Full URL https://benedict.p-host.in/index.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2a0b:6cc0::16 , Russian Federation, ASN202984 (TEAM-HOST AS, RU), Reverse DNS Software nginx / Resource Hash `c93bdc3f6370a59c4f09094e0dae79b863809147f9ca8b6a6a15bfb2e4bdaa3a` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 accept-language en-US,en;q=0.9 Response headers content-encoding gzip content-type text/html date Mon, 29 Aug 2022 15:56:56 GMT etag W/"630cd25c-86b64" last-modified Mon, 29 Aug 2022 14:51:08 GMT server nginx vary Accept-Encoding
GET DATA	200 OK	truncated /	282 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5aca679bada4d3ad55ac43881a597f382f2fa499cd3f8a5989bcf168d2927f80` Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers Content-Type image/jpeg
GET H2	404	notice-error.png benedict.p-host.in/cPanel_magic_revision_1352765682/unprotected/cpanel/images/	60 KB 60 KB	340ms 339ms	Image text/html	2a0b:6cc0::16 TEAM-HOST AS
General Check archive.org Show headers Download Go to Show image Full URL https://benedict.p-host.in/cPanel_magic_revision_1352765682/unprotected/cpanel/images/notice-error.png Requested by Host: benedict.p-host.in URL: https://benedict.p-host.in/index.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2a0b:6cc0::16 , Russian Federation, ASN202984 (TEAM-HOST AS, RU), Reverse DNS Software nginx / PHP/7.4.30 Resource Hash `3f592aa07f7962031ee448d422597a658fc8395311de0a1b71180ac44d904e00` Request headers accept-language en-US,en;q=0.9 Referer https://benedict.p-host.in/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers date Mon, 29 Aug 2022 15:56:57 GMT content-encoding gzip server nginx x-powered-by PHP/7.4.30 vary Accept-Encoding,User-Agent content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 link <https://benedict.p-host.in/wp-json/>; rel="https://api.w.org/" content-length 10269 expires Wed, 11 Jan 1984 05:00:00 GMT
GET DATA	200 OK	truncated /	71 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `4cf0818dd9010568437158677180d8aa461ec9c52770ee6cef771b5f6d01f3c1` Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers Content-Type image/png
GET H2	404	icon-username.png benedict.p-host.in/cPanel_magic_revision_1335428098/unprotected/cpanel/images/	60 KB 60 KB	314ms 314ms	Image text/html	2a0b:6cc0::16 TEAM-HOST AS
General Check archive.org Show headers Download Go to Show image Full URL https://benedict.p-host.in/cPanel_magic_revision_1335428098/unprotected/cpanel/images/icon-username.png Requested by Host: benedict.p-host.in URL: https://benedict.p-host.in/index.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2a0b:6cc0::16 , Russian Federation, ASN202984 (TEAM-HOST AS, RU), Reverse DNS Software nginx / PHP/7.4.30 Resource Hash `3f592aa07f7962031ee448d422597a658fc8395311de0a1b71180ac44d904e00` Request headers accept-language en-US,en;q=0.9 Referer https://benedict.p-host.in/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers date Mon, 29 Aug 2022 15:56:57 GMT content-encoding gzip server nginx x-powered-by PHP/7.4.30 vary Accept-Encoding,User-Agent content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 link <https://benedict.p-host.in/wp-json/>; rel="https://api.w.org/" content-length 10269 expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	404	icon-password.png benedict.p-host.in/cPanel_magic_revision_1335428098/unprotected/cpanel/images/	60 KB 60 KB	476ms 476ms	Image text/html	2a0b:6cc0::16 TEAM-HOST AS
General Check archive.org Show headers Download Go to Show image Full URL https://benedict.p-host.in/cPanel_magic_revision_1335428098/unprotected/cpanel/images/icon-password.png Requested by Host: benedict.p-host.in URL: https://benedict.p-host.in/index.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2a0b:6cc0::16 , Russian Federation, ASN202984 (TEAM-HOST AS, RU), Reverse DNS Software nginx / PHP/7.4.30 Resource Hash `3f592aa07f7962031ee448d422597a658fc8395311de0a1b71180ac44d904e00` Request headers accept-language en-US,en;q=0.9 Referer https://benedict.p-host.in/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers date Mon, 29 Aug 2022 15:56:57 GMT content-encoding gzip server nginx x-powered-by PHP/7.4.30 vary Accept-Encoding,User-Agent content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 link <https://benedict.p-host.in/wp-json/>; rel="https://api.w.org/" content-length 10269 expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	404	notice-info.png benedict.p-host.in/cPanel_magic_revision_1352765682/unprotected/cpanel/images/	60 KB 60 KB	333ms 331ms	Image text/html	2a0b:6cc0::16 TEAM-HOST AS
General Check archive.org Show headers Download Go to Show image Full URL https://benedict.p-host.in/cPanel_magic_revision_1352765682/unprotected/cpanel/images/notice-info.png Requested by Host: benedict.p-host.in URL: https://benedict.p-host.in/index.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2a0b:6cc0::16 , Russian Federation, ASN202984 (TEAM-HOST AS, RU), Reverse DNS Software nginx / PHP/7.4.30 Resource Hash `3f592aa07f7962031ee448d422597a658fc8395311de0a1b71180ac44d904e00` Request headers accept-language en-US,en;q=0.9 Referer https://benedict.p-host.in/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers date Mon, 29 Aug 2022 15:56:57 GMT content-encoding gzip server nginx x-powered-by PHP/7.4.30 vary Accept-Encoding,User-Agent content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 link <https://benedict.p-host.in/wp-json/>; rel="https://api.w.org/" content-length 10269 expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	404	notice-success.png benedict.p-host.in/cPanel_magic_revision_1352765682/unprotected/cpanel/images/	60 KB 60 KB	437ms 435ms	Image text/html	2a0b:6cc0::16 TEAM-HOST AS
General Check archive.org Show headers Download Go to Show image Full URL https://benedict.p-host.in/cPanel_magic_revision_1352765682/unprotected/cpanel/images/notice-success.png Requested by Host: benedict.p-host.in URL: https://benedict.p-host.in/index.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2a0b:6cc0::16 , Russian Federation, ASN202984 (TEAM-HOST AS, RU), Reverse DNS Software nginx / PHP/7.4.30 Resource Hash `3f592aa07f7962031ee448d422597a658fc8395311de0a1b71180ac44d904e00` Request headers accept-language en-US,en;q=0.9 Referer https://benedict.p-host.in/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers date Mon, 29 Aug 2022 15:56:57 GMT content-encoding gzip server nginx x-powered-by PHP/7.4.30 vary Accept-Encoding,User-Agent content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 link <https://benedict.p-host.in/wp-json/>; rel="https://api.w.org/" content-length 10269 expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	404	warning.png benedict.p-host.in/cPanel_magic_revision_1352765682/unprotected/cpanel/images/	60 KB 60 KB	397ms 396ms	Image text/html	2a0b:6cc0::16 TEAM-HOST AS
General Check archive.org Show headers Download Go to Show image Full URL https://benedict.p-host.in/cPanel_magic_revision_1352765682/unprotected/cpanel/images/warning.png Requested by Host: benedict.p-host.in URL: https://benedict.p-host.in/index.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2a0b:6cc0::16 , Russian Federation, ASN202984 (TEAM-HOST AS, RU), Reverse DNS Software nginx / PHP/7.4.30 Resource Hash `3f592aa07f7962031ee448d422597a658fc8395311de0a1b71180ac44d904e00` Request headers accept-language en-US,en;q=0.9 Referer https://benedict.p-host.in/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers date Mon, 29 Aug 2022 15:56:57 GMT content-encoding gzip server nginx x-powered-by PHP/7.4.30 vary Accept-Encoding,User-Agent content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 link <https://benedict.p-host.in/wp-json/>; rel="https://api.w.org/" content-length 10269 expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	404	cpanel-logo-tiny.png benedict.p-host.in/cPanel_magic_revision_1352765682/unprotected/cpanel/images/	60 KB 60 KB	477ms 476ms	Image text/html	2a0b:6cc0::16 TEAM-HOST AS
General Check archive.org Show headers Download Go to Show image Full URL https://benedict.p-host.in/cPanel_magic_revision_1352765682/unprotected/cpanel/images/cpanel-logo-tiny.png Requested by Host: benedict.p-host.in URL: https://benedict.p-host.in/index.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2a0b:6cc0::16 , Russian Federation, ASN202984 (TEAM-HOST AS, RU), Reverse DNS Software nginx / PHP/7.4.30 Resource Hash `3f592aa07f7962031ee448d422597a658fc8395311de0a1b71180ac44d904e00` Request headers accept-language en-US,en;q=0.9 Referer https://benedict.p-host.in/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers date Mon, 29 Aug 2022 15:56:57 GMT content-encoding gzip server nginx x-powered-by PHP/7.4.30 vary Accept-Encoding,User-Agent content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 link <https://benedict.p-host.in/wp-json/>; rel="https://api.w.org/" content-length 10269 expires Wed, 11 Jan 1984 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Adobe (Consumer)

53 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://benedict.p-host.in/cPanel_magic_revision_1352765682/unprotected/cpanel/images/notice-error.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://benedict.p-host.in/cPanel_magic_revision_1335428098/unprotected/cpanel/images/icon-username.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://benedict.p-host.in/cPanel_magic_revision_1352765682/unprotected/cpanel/images/notice-info.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://benedict.p-host.in/cPanel_magic_revision_1352765682/unprotected/cpanel/images/warning.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://benedict.p-host.in/cPanel_magic_revision_1352765682/unprotected/cpanel/images/notice-success.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://benedict.p-host.in/cPanel_magic_revision_1335428098/unprotected/cpanel/images/icon-password.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://benedict.p-host.in/cPanel_magic_revision_1352765682/unprotected/cpanel/images/cpanel-logo-tiny.png Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

benedict.p-host.in
2a0b:6cc0::16
3f592aa07f7962031ee448d422597a658fc8395311de0a1b71180ac44d904e00
4cf0818dd9010568437158677180d8aa461ec9c52770ee6cef771b5f6d01f3c1
5aca679bada4d3ad55ac43881a597f382f2fa499cd3f8a5989bcf168d2927f80
c93bdc3f6370a59c4f09094e0dae79b863809147f9ca8b6a6a15bfb2e4bdaa3a

benedict.p-host.in Open in urlscan Pro 2a0b:6cc0::16 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

8 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

794 kBTransfer

1315 kBSize

0 Cookies

0 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

53 JavaScript Global Variables

0 Cookies

7 Console Messages

Indicators

benedict.p-host.in Open in urlscan Pro
2a0b:6cc0::16 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

794 kB
Transfer

1315 kB
Size

0
Cookies

8 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!