telegram.slto.ru Open in urlscan Pro
45.11.24.140 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://telegram.slto.ru/
Submission: On April 08 via automatic, source certstream-suspicious (April 8th 2020, 3:47:21 pm UTC)

Summary HTTP 23 Redirects Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 23 HTTP transactions. The main IP is 45.11.24.140, located in Frankfurt am Main, Germany and belongs to RETN-AS, EU. The main domain is telegram.slto.ru.
TLS certificate: Issued by Let's Encrypt Authority X3 on April 8th 2020. Valid for: 3 months.

This is the only time telegram.slto.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
2	45.11.24.140 45.11.24.140		9002 (RETN-AS) (RETN-AS)
23	2

2 45.11.24.140 (Frankfurt am Main, Germany)

ASN9002 (RETN-AS, EU)

telegram.slto.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	slto.ru telegram.slto.ru pwm.slto.ru Failed	3 KB
23	1

	Domain	Requested by
2	telegram.slto.ru	telegram.slto.ru
0	pwm.slto.ru Failed	telegram.slto.ru
23	2

This site contains no links.

Subject Issuer	Validity	Valid
telegram.slto.ru Let's Encrypt Authority X3	`2020-04-08` - `2020-07-07`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://telegram.slto.ru/
Frame ID: B0AF44E78C0AA8D239F09F483C6740DE
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Ubuntu (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Ubuntu/i

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i

animate.css (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link [^>]+(?:\/([\d.]+)\/)?animate\.(?:min\.)?css/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Select2 (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /select2(?:\.min|\.full)?\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
script /select2(?:\.min|\.full)?\.js/i

Page Statistics

23
Requests

9 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

3 kB
Transfer

6 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set / Show response telegram.slto.ru/	6 KB 2 KB	267ms 116ms	Document text/html	45.11.24.140 RETN-AS
General Check archive.org Show headers Download Go to Full URL https://telegram.slto.ru/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 45.11.24.140 Frankfurt am Main, Germany, ASN9002 (RETN-AS, EU), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `a4da3d2aefb20a91e8ab0f7b9fc8456659aacd28f244d90f2cf4e18001e86153` Request headers Host telegram.slto.ru Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest document Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest document Response headers Date Wed, 08 Apr 2020 15:46:43 GMT Server Apache/2.4.29 (Ubuntu) Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Vary Accept-Encoding Content-Encoding gzip Content-Type text/html; charset=UTF-8 Set-Cookie ci_session=7jgkl86hmf9n0kn2cogsor2i57jd4skm; expires=Fri, 08-May-2020 15:46:43 GMT; Max-Age=2592000; path=/; HttpOnly Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked
GET H/1.1	403 Forbidden	/ telegram.slto.ru/uploads/photo/	300 B 300 B	103ms 103ms	Image text/html	45.11.24.140 RETN-AS
General Check archive.org Show headers Download Go to Show image Full URL https://telegram.slto.ru/uploads/photo/ Requested by Host: telegram.slto.ru URL: https://telegram.slto.ru/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 45.11.24.140 Frankfurt am Main, Germany, ASN9002 (RETN-AS, EU), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `4776f3e7fbfc1eb2e0444ca5b153b54757ce65f61093b936f1a9bc27d60dd85c` Request headers Referer https://telegram.slto.ru/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Wed, 08 Apr 2020 15:46:43 GMT Server Apache/2.4.29 (Ubuntu) Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 300 Content-Type text/html; charset=iso-8859-1
GET		core.css pwm.slto.ru/assets/plugins/fancybox/css/	0 0

GET		color-picker.min.css pwm.slto.ru/assets/plugins/color-picker/	0 0

GET		select2.min.css pwm.slto.ru/assets/plugins/select2/css/	0 0

GET		select2.bootstrap.min.css pwm.slto.ru/assets/plugins/select2/css/	0 0

GET		animate.css pwm.slto.ru/assets/css/	0 0

GET		bootstrap.min.css pwm.slto.ru/assets/bootstrap/css/	0 0

GET		all.min.css pwm.slto.ru/assets/fonts/fontawesome/css/	0 0

GET		common.css pwm.slto.ru/assets/css/	0 0

GET		jquery.min.js pwm.slto.ru/assets/js/	0 0

GET		core.js pwm.slto.ru/assets/plugins/fancybox/js/	0 0

GET		select2.js pwm.slto.ru/assets/plugins/select2/js/	0 0

GET		color-picker.js pwm.slto.ru/assets/plugins/color-picker/	0 0

GET		header.js pwm.slto.ru/assets/js/	0 0

GET		bootstrap.min.js pwm.slto.ru/assets/bootstrap/js/	0 0

GET		jquery.timeago.js pwm.slto.ru/assets/js/	0 0

GET		jquery.timeago.ru.js pwm.slto.ru/assets/js/	0 0

GET		url.js pwm.slto.ru/assets/js/	0 0

GET		popup.js pwm.slto.ru/assets/js/	0 0

GET		photo.js pwm.slto.ru/assets/js/	0 0

GET		upload.js pwm.slto.ru/assets/js/	0 0

GET		common.js pwm.slto.ru/assets/js/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pwm.slto.ru
URL: http://pwm.slto.ru/assets/plugins/fancybox/css/core.css?v=83f06

Domain: pwm.slto.ru
URL: http://pwm.slto.ru/assets/plugins/color-picker/color-picker.min.css?v=c18f5

Domain: pwm.slto.ru
URL: http://pwm.slto.ru/assets/plugins/select2/css/select2.min.css?v=7332c

Domain: pwm.slto.ru
URL: http://pwm.slto.ru/assets/plugins/select2/css/select2.bootstrap.min.css?v=ce463

Domain: pwm.slto.ru
URL: http://pwm.slto.ru/assets/css/animate.css?v=feca7

Domain: pwm.slto.ru
URL: http://pwm.slto.ru/assets/bootstrap/css/bootstrap.min.css?v=8e8df

Domain: pwm.slto.ru
URL: http://pwm.slto.ru/assets/fonts/fontawesome/css/all.min.css?v=31f85

Domain: pwm.slto.ru
URL: http://pwm.slto.ru/assets/css/common.css?v=3ebe2

Domain: pwm.slto.ru
URL: http://pwm.slto.ru/assets/js/jquery.min.js?v=f2b60

Domain: pwm.slto.ru
URL: http://pwm.slto.ru/assets/plugins/fancybox/js/core.js?v=e1740

Domain: pwm.slto.ru
URL: http://pwm.slto.ru/assets/plugins/select2/js/select2.js?v=e6e72

Domain: pwm.slto.ru
URL: http://pwm.slto.ru/assets/plugins/color-picker/color-picker.js?v=5977d

Domain: pwm.slto.ru
URL: http://pwm.slto.ru/assets/js/header.js?v=a6a8d

Domain: pwm.slto.ru
URL: http://pwm.slto.ru/assets/bootstrap/js/bootstrap.min.js?v=ac182

Domain: pwm.slto.ru
URL: http://pwm.slto.ru/assets/js/jquery.timeago.js?v=5b890

Domain: pwm.slto.ru
URL: http://pwm.slto.ru/assets/js/jquery.timeago.ru.js?v=2c912

Domain: pwm.slto.ru
URL: http://pwm.slto.ru/assets/js/url.js?v=1754b

Domain: pwm.slto.ru
URL: http://pwm.slto.ru/assets/js/popup.js?v=d6c14

Domain: pwm.slto.ru
URL: http://pwm.slto.ru/assets/js/photo.js?v=1ccaf

Domain: pwm.slto.ru
URL: http://pwm.slto.ru/assets/js/upload.js?v=69cd2

Domain: pwm.slto.ru
URL: http://pwm.slto.ru/assets/js/common.js?v=769b9

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			telegram.slto.ru/	1970-01-19 09:22:32	Name: ci_session Value: 7jgkl86hmf9n0kn2cogsor2i57jd4skm

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

pwm.slto.ru
telegram.slto.ru
pwm.slto.ru
45.11.24.140
4776f3e7fbfc1eb2e0444ca5b153b54757ce65f61093b936f1a9bc27d60dd85c
a4da3d2aefb20a91e8ab0f7b9fc8456659aacd28f244d90f2cf4e18001e86153