urlscan.io logo urlscan.io
SecurityTrails logo

srv197312.hoster-test.ru Open in urlscan Pro
31.28.24.227  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://kolimastation.blogspot.com/
Effective URL: http://srv197312.hoster-test.ru/home/AML///AML-infos.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNY...
Submission: On August 21 via api from US — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 8 HTTP transactions. The main IP is 31.28.24.227, located in St Petersburg, Russian Federation and belongs to HOSTING-MSK, RU. The main domain is srv197312.hoster-test.ru.
This is the only time srv197312.hoster-test.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Assurance Maladie (Healthcare)

Domain & IP information

IP Address AS Autonomous System
1 3 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 5 31.28.24.227 12616 (HOSTING-MSK)
8 4
Apex Domain
Subdomains		 Transfer
5 hoster-test.ru
srv197312.hoster-test.ru
570 KB
3 blogspot.com
kolimastation.blogspot.com
6 KB
2 blogger.com
www.blogger.com — Cisco Umbrella Rank: 9676
62 KB
8 3
Domain Requested by
5 srv197312.hoster-test.ru 1 redirects kolimastation.blogspot.com
srv197312.hoster-test.ru
3 kolimastation.blogspot.com 1 redirects kolimastation.blogspot.com
2 www.blogger.com kolimastation.blogspot.com
8 3

This site contains no links.

Subject Issuer Validity Valid
misc-sni.blogspot.com
GTS CA 1C3		 2023-07-31 -
2023-10-23		 3 months crt.sh
*.blogger.com
GTS CA 1C3		 2023-07-31 -
2023-10-23		 3 months crt.sh

This page contains 1 frames:

Primary Page: http://srv197312.hoster-test.ru/home/AML///AML-infos.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzE0LjEuMiBNb2JpbGUvMTVFMTQ4IFNhZmFyaS82MDQuMTM3LjU5LjE2NC45ODIwMjM6QXVnOk1vbg==
Frame ID: D3CD6EF18279DBBBF49F7DDA825047D1
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

remboursement | Ameli

Page URL History Show full URLs

  1. https://kolimastation.blogspot.com/ HTTP 302
    https://kolimastation.blogspot.com/?m=1 Page URL
  2. http://srv197312.hoster-test.ru/home/AML///?op=1&ref=&date=undefined&courriel=undefined&0.1799674453729403 HTTP 302
    http://srv197312.hoster-test.ru/home/AML///AML-infos.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPU... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

50 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

726 kB
Transfer

998 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://kolimastation.blogspot.com/ HTTP 302
    https://kolimastation.blogspot.com/?m=1 Page URL
  2. http://srv197312.hoster-test.ru/home/AML///?op=1&ref=&date=undefined&courriel=undefined&0.1799674453729403 HTTP 302
    http://srv197312.hoster-test.ru/home/AML///AML-infos.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzE0LjEuMiBNb2JpbGUvMTVFMTQ4IFNhZmFyaS82MDQuMTM3LjU5LjE2NC45ODIwMjM6QXVnOk1vbg== Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://kolimastation.blogspot.com/ HTTP 302
  • https://kolimastation.blogspot.com/?m=1

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
kolimastation.blogspot.com/
Redirect Chain
  • https://kolimastation.blogspot.com/
  • https://kolimastation.blogspot.com/?m=1
9 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://kolimastation.blogspot.com/?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
69bc0d240599f754099b9f003204122eac5c456ed331a3c2cfbde822e7974aed
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language
fr-FR,fr;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
gzip
content-length
3358
content-type
text/html; charset=UTF-8
date
Mon, 21 Aug 2023 13:28:12 GMT
etag
W/"390930c44e3a9d1967aaaac04db2e05c1c7b7ed2f01613127cfefbf693cd41e9"
expires
Mon, 21 Aug 2023 13:28:12 GMT
last-modified
Mon, 21 Aug 2023 10:07:46 GMT
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
gzip
content-length
184
content-security-policy
frame-ancestors 'self'
content-type
text/html; charset=UTF-8
date
Mon, 21 Aug 2023 13:28:11 GMT
expires
Mon, 21 Aug 2023 13:28:11 GMT
location
https://kolimastation.blogspot.com/?m=1
server
GSE
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
1539816172-widget_css_mobile_2_bundle.css
www.blogger.com/static/v1/widgets/ 		20 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/static/v1/widgets/1539816172-widget_css_mobile_2_bundle.css
Requested by
Host: kolimastation.blogspot.com
URL: https://kolimastation.blogspot.com/?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fd47e1c7c5792d78bb2849ce121d3b574e2057042d5f803dfc593b7ff5d5763a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://kolimastation.blogspot.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Tue, 15 Aug 2023 22:48:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
484794
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4934
x-xss-protection
0
last-modified
Tue, 15 Aug 2023 18:03:03 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Wed, 14 Aug 2024 22:48:18 GMT
cookienotice.js
kolimastation.blogspot.com/js/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://kolimastation.blogspot.com/js/cookienotice.js
Requested by
Host: kolimastation.blogspot.com
URL: https://kolimastation.blogspot.com/?m=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://kolimastation.blogspot.com/?m=1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 21 Aug 2023 11:22:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
7560
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2026
x-xss-protection
0
last-modified
Mon, 21 Aug 2023 08:52:28 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
text/javascript
cache-control
public, max-age=604800
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Mon, 28 Aug 2023 11:22:12 GMT
2789723018-widgets.js
www.blogger.com/static/v1/widgets/ 		156 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/static/v1/widgets/2789723018-widgets.js
Requested by
Host: kolimastation.blogspot.com
URL: https://kolimastation.blogspot.com/?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://kolimastation.blogspot.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Sun, 20 Aug 2023 12:05:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
91366
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57840
x-xss-protection
0
last-modified
Mon, 14 Aug 2023 20:00:22 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Mon, 19 Aug 2024 12:05:26 GMT
Primary Request AML-infos.php
srv197312.hoster-test.ru/home/AML///
Redirect Chain
  • http://srv197312.hoster-test.ru/home/AML///?op=1&ref=&date=undefined&courriel=undefined&0.1799674453729403
  • http://srv197312.hoster-test.ru/home/AML///AML-infos.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZX...
342 KB
343 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://srv197312.hoster-test.ru/home/AML///AML-infos.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzE0LjEuMiBNb2JpbGUvMTVFMTQ4IFNhZmFyaS82MDQuMTM3LjU5LjE2NC45ODIwMjM6QXVnOk1vbg==
Requested by
Host: kolimastation.blogspot.com
URL: https://kolimastation.blogspot.com/?m=1
Protocol
HTTP/1.1
Server
31.28.24.227 St Petersburg, Russian Federation, ASN12616 (HOSTING-MSK, RU),
Reverse DNS
c17w.hoster.ru
Software
Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141 / PHP/7.4.32
Resource Hash
8d01f815b751e0f54aa9b439fecaae49dde460c161db5ffcbea752be684f813b

Request headers

Referer
https://kolimastation.blogspot.com/?m=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language
fr-FR,fr;q=0.9

Response headers

Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Mon, 21 Aug 2023 13:28:12 GMT
Server
Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
Transfer-Encoding
chunked
X-Cache
MISS from t0.hoster.ru
X-Cache-Lookup
MISS from t0.hoster.ru:6666
X-Powered-By
PHP/7.4.32

Redirect headers

Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Mon, 21 Aug 2023 13:28:12 GMT
Location
AML-infos.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzE0LjEuMiBNb2JpbGUvMTVFMTQ4IFNhZmFyaS82MDQuMTM3LjU5LjE2NC45ODIwMjM6QXVnOk1vbg==
Server
Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
Transfer-Encoding
chunked
X-Cache
MISS from t0.hoster.ru
X-Cache-Lookup
MISS from t0.hoster.ru:6666
X-Powered-By
PHP/7.4.32
truncated
/ 		6 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a4378f8d6faa5e999d889eafd5cc9629baf351c252910c28d667fc942e86c907

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://srv197312.hoster-test.ru/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/png
truncated
/ 		23 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
feb2c90181ca199fe02f5f33f99d418953958a514fd8952f771ffe8210808e20

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://srv197312.hoster-test.ru/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/png
jquery.min.js
srv197312.hoster-test.ru/home/AML///AML_files/ 		86 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://srv197312.hoster-test.ru/home/AML///AML_files/jquery.min.js
Requested by
Host: srv197312.hoster-test.ru
URL: http://srv197312.hoster-test.ru/home/AML///AML-infos.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzE0LjEuMiBNb2JpbGUvMTVFMTQ4IFNhZmFyaS82MDQuMTM3LjU5LjE2NC45ODIwMjM6QXVnOk1vbg==
Protocol
HTTP/1.1
Server
31.28.24.227 St Petersburg, Russian Federation, ASN12616 (HOSTING-MSK, RU),
Reverse DNS
c17w.hoster.ru
Software
Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141 /
Resource Hash
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://srv197312.hoster-test.ru/home/AML///AML-infos.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzE0LjEuMiBNb2JpbGUvMTVFMTQ4IFNhZmFyaS82MDQuMTM3LjU5LjE2NC45ODIwMjM6QXVnOk1vbg==
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Mon, 21 Aug 2023 13:28:13 GMT
X-Cache-Lookup
HIT from t0.hoster.ru:6666
Last-Modified
Fri, 18 Aug 2023 16:04:42 GMT
Server
Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
ETag
"15851-60334afc50e9a"
X-Cache
MISS from t0.hoster.ru
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
88145
imask.min.js
srv197312.hoster-test.ru/home/AML///AML_files/ 		45 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://srv197312.hoster-test.ru/home/AML///AML_files/imask.min.js
Requested by
Host: srv197312.hoster-test.ru
URL: http://srv197312.hoster-test.ru/home/AML///AML-infos.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzE0LjEuMiBNb2JpbGUvMTVFMTQ4IFNhZmFyaS82MDQuMTM3LjU5LjE2NC45ODIwMjM6QXVnOk1vbg==
Protocol
HTTP/1.1
Server
31.28.24.227 St Petersburg, Russian Federation, ASN12616 (HOSTING-MSK, RU),
Reverse DNS
c17w.hoster.ru
Software
Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141 /
Resource Hash
8b76b3502583edddf22df0b9c6ee640053a2cdfeaa113ceff3ea9b61d1f6410d

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://srv197312.hoster-test.ru/home/AML///AML-infos.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzE0LjEuMiBNb2JpbGUvMTVFMTQ4IFNhZmFyaS82MDQuMTM3LjU5LjE2NC45ODIwMjM6QXVnOk1vbg==
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Mon, 21 Aug 2023 13:28:13 GMT
X-Cache-Lookup
HIT from t0.hoster.ru:6666
Last-Modified
Fri, 18 Aug 2023 16:04:42 GMT
Server
Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
ETag
"b217-60334afc4f342"
X-Cache
MISS from t0.hoster.ru
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
45591
infos.js
srv197312.hoster-test.ru/home/AML///AML_files/ 		95 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://srv197312.hoster-test.ru/home/AML///AML_files/infos.js
Requested by
Host: srv197312.hoster-test.ru
URL: http://srv197312.hoster-test.ru/home/AML///AML-infos.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzE0LjEuMiBNb2JpbGUvMTVFMTQ4IFNhZmFyaS82MDQuMTM3LjU5LjE2NC45ODIwMjM6QXVnOk1vbg==
Protocol
HTTP/1.1
Server
31.28.24.227 St Petersburg, Russian Federation, ASN12616 (HOSTING-MSK, RU),
Reverse DNS
c17w.hoster.ru
Software
Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141 /
Resource Hash
31d6c83c556571fbd4cbac36e0319c9d9b9d275fbe6c8156ce39bb4e878193f4

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://srv197312.hoster-test.ru/home/AML///AML-infos.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzE0LjEuMiBNb2JpbGUvMTVFMTQ4IFNhZmFyaS82MDQuMTM3LjU5LjE2NC45ODIwMjM6QXVnOk1vbg==
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Mon, 21 Aug 2023 13:28:13 GMT
X-Cache-Lookup
HIT from t0.hoster.ru:6666
Last-Modified
Fri, 18 Aug 2023 16:04:42 GMT
Server
Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
ETag
"17a61-60334afc502e2"
X-Cache
MISS from t0.hoster.ru
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
96865
truncated
/ 		120 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c3eb3265dddf3a7527147670249ad8a956870e0fa4c3dfaf99a3b4d737ca56c8

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://srv197312.hoster-test.ru/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/png
truncated
/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b

Request headers

Referer
http://srv197312.hoster-test.ru/
Origin
http://srv197312.hoster-test.ru
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
font/woff2
truncated
/ 		75 KB
75 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer
http://srv197312.hoster-test.ru/
Origin
http://srv197312.hoster-test.ru
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
font/woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Assurance Maladie (Healthcare)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| __core-js_shared__ object| core function| IMask

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block