srv222783.hoster-test.ru

Summary

This website contacted 4 IPs in 4 countries across 5 domains to perform 5 HTTP transactions. The main IP is 31.28.24.227, located in Russian Federation and belongs to HOSTING-MSK, RU. The main domain is srv222783.hoster-test.ru.

This is the only time srv222783.hoster-test.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Lunar (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1	184.72.243.22 184.72.243.22	14618 (AMAZON-AES) (AMAZON-AES)
2	31.28.24.227 31.28.24.227	12616 (HOSTING-MSK) (HOSTING-MSK)
1 1	162.159.128.61 162.159.128.61	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:710... 2a02:26f0:7100::213:c6b1	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	4

1 184.72.243.22 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-184-72-243-22.compute-1.amazonaws.com

pointy-volcano-zone.glitch.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 31.28.24.227 (Russian Federation)

ASN12616 (HOSTING-MSK, RU)
PTR: c17w.hoster.ru

srv222783.hoster-test.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.159.128.61 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

player.vimeo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:7100::213:c6b1 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

download-video.akamaized.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	hoster-test.ru srv222783.hoster-test.ru	29 KB
1	akamaized.net download-video.akamaized.net — Cisco Umbrella Rank: 22640	3 MB
1	vimeo.com 1 redirects player.vimeo.com — Cisco Umbrella Rank: 1941	2 KB
1	glitch.me pointy-volcano-zone.glitch.me	597 B
0	telegram.org Failed api.telegram.org Failed
5	5

	Domain	Requested by
2	srv222783.hoster-test.ru	srv222783.hoster-test.ru
1	download-video.akamaized.net	srv222783.hoster-test.ru
1	player.vimeo.com	1 redirects
1	pointy-volcano-zone.glitch.me
0	api.telegram.org Failed	pointy-volcano-zone.glitch.me
5	5

This site contains no links.

Subject Issuer	Validity	Valid
glitch.com Amazon RSA 2048 M03	`2023-12-04` - `2025-01-01`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://srv222783.hoster-test.ru/Lunar/personel/
Frame ID: 8354A36CFC80AF46122EF18D17521B88
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Lunar app

Page URL History Show full URLs

https://pointy-volcano-zone.glitch.me/ Page URL
http://srv222783.hoster-test.ru/Lunar/personel/ HTTP 307
https://srv222783.hoster-test.ru/Lunar/personel/ HTTP 307
http://srv222783.hoster-test.ru/Lunar/personel/ Page URL

Page Statistics

5
Requests

20 %
HTTPS

25 %
IPv6

5
Domains

5
Subdomains

4
IPs

4
Countries

2780 kB
Transfer

2777 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://pointy-volcano-zone.glitch.me/ Page URL
http://srv222783.hoster-test.ru/Lunar/personel/ HTTP 307
https://srv222783.hoster-test.ru/Lunar/personel/ HTTP 307
http://srv222783.hoster-test.ru/Lunar/personel/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3

https://player.vimeo.com/progressive_redirect/playback/942303394/rendition/1080p/file.mp4?loc=external&oauth2_token_id=1716451392&signature=f5cc6fd7e81ed53cb50c695fc4eff912caf9f2e8c656f85c1b9ef6cac59c1362 HTTP 302
https://download-video.akamaized.net/v3-1/playback/7cd9df94-a5a5-490c-ac83-4fbfa0a1b92a/eab8d12e?__token__=st=1729594650~exp=1729609050~acl=%2Fv3-1%2Fplayback%2F7cd9df94-a5a5-490c-ac83-4fbfa0a1b92a%2Feab8d12e%2A~hmac=16633e781e147e7d0d7233c11a702bf330099a3e3c7c3ceb01cca7ffca609d4b&r=dXMtZWFzdDE%3D

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response pointy-volcano-zone.glitch.me/	234 B 597 B	456ms 165ms	Document text/html	184.72.243.22 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://pointy-volcano-zone.glitch.me/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 184.72.243.22 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-184-72-243-22.compute-1.amazonaws.com Software AmazonS3 / Resource Hash `1f0f4b282b200752dda9191366e43d154297d627c3d32c37268cca6aec9d363b` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Response headers accept-ranges bytes cache-control no-cache content-length 234 content-type text/html; charset=utf-8 date Tue, 22 Oct 2024 10:57:29 GMT etag "f464783cee332c29b92540440c54927c" last-modified Tue, 22 Oct 2024 10:27:13 GMT server AmazonS3 x-amz-id-2 4WGTVG4rW6bI4hmFA+Bz2lpRk2xABDUlNrpICN7QgjZzU+bqloUOXuxdevufTtD0gKkAHrrQVnc= x-amz-request-id HZT70GWR460WSHS4 x-amz-server-side-encryption AES256 x-amz-version-id UvYy0Y4YAkeAcQu0UYwbU0M1IgrRYo9q
GET		sendMessage api.telegram.org/bot64403TOFQOSBfJY64D898RCQWgXL4j8/	0 0

GET H/1.1	200 OK	Primary Request / Show response srv222783.hoster-test.ru/Lunar/personel/ Redirect Chain http://srv222783.hoster-test.ru/Lunar/personel/ https://srv222783.hoster-test.ru/Lunar/personel/ http://srv222783.hoster-test.ru/Lunar/personel/	3 KB 3 KB	67ms 67ms	Document text/html	31.28.24.227 HOSTING-MSK
General Check archive.org Show headers Download Go to Full URL http://srv222783.hoster-test.ru/Lunar/personel/ Protocol HTTP/1.1 Server 31.28.24.227 , Russian Federation, ASN12616 (HOSTING-MSK, RU), Reverse DNS c17w.hoster.ru Software Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141 / PHP/8.3.7 Resource Hash `4b0394dae55f5d6430b00ffbb00fe4eb2c623f0368eb10d58e91a99fa340d032` Request headers Referer https://pointy-volcano-zone.glitch.me/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Response headers Connection keep-alive Content-Type text/html; charset=UTF-8 Date Tue, 22 Oct 2024 10:57:30 GMT Server Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141 Transfer-Encoding chunked X-Cache MISS from t0.hoster.ru X-Cache-Lookup MISS from t0.hoster.ru:6666 X-Powered-By PHP/8.3.7 Redirect headers Location http://srv222783.hoster-test.ru/Lunar/personel/ Non-Authoritative-Reason HttpsUpgrades
GET H/1.1	200 OK	f9e157cc3ad0f403f20929722038a41d.png srv222783.hoster-test.ru/Lunar/personel/tools/	26 KB 26 KB	65ms 65ms	Image image/png	31.28.24.227 HOSTING-MSK
General Check archive.org Show headers Download Go to Show image Full URL http://srv222783.hoster-test.ru/Lunar/personel/tools/f9e157cc3ad0f403f20929722038a41d.png Requested by Host: srv222783.hoster-test.ru URL: http://srv222783.hoster-test.ru/Lunar/personel/ Protocol HTTP/1.1 Server 31.28.24.227 , Russian Federation, ASN12616 (HOSTING-MSK, RU), Reverse DNS c17w.hoster.ru Software Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141 / Resource Hash `36e827806cf6cb9e2354c78739fff97d3f68e061e9e3a328885734f312059c31` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer http://srv222783.hoster-test.ru/Lunar/personel/ Response headers ETag "6637-6250a2f95fe10" Age 371 Connection keep-alive Accept-Ranges bytes X-Cache HIT from t0.hoster.ru Content-Length 26167 Date Tue, 22 Oct 2024 10:51:19 GMT X-Cache-Lookup HIT from t0.hoster.ru:6666 Last-Modified Tue, 22 Oct 2024 05:38:58 GMT Content-Type image/png Server Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
GET H2	206	eab8d12e download-video.akamaized.net/v3-1/playback/7cd9df94-a5a5-490c-ac83-4fbfa0a1b92a/ Redirect Chain https://player.vimeo.com/progressive_redirect/playback/942303394/rendition/1080p/file.mp4?loc=external&oauth2_token_id=1716451392&signature=f5cc6fd7e81ed53cb50c695fc4eff912caf9f2e8c656f85c1b9ef6cac... https://download-video.akamaized.net/v3-1/playback/7cd9df94-a5a5-490c-ac83-4fbfa0a1b92a/eab8d12e?__token__=st=1729594650~exp=1729609050~acl=%2Fv3-1%2Fplayback%2F7cd9df94-a5a5-490c-ac83-4fbfa0a1b92a...	3 MB 3 MB	146ms 42ms	Media video/mp4	2a02:26f0:7100::213:c6b1 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://download-video.akamaized.net/v3-1/playback/7cd9df94-a5a5-490c-ac83-4fbfa0a1b92a/eab8d12e?__token__=st=1729594650~exp=1729609050~acl=%2Fv3-1%2Fplayback%2F7cd9df94-a5a5-490c-ac83-4fbfa0a1b92a%2Feab8d12e%2A~hmac=16633e781e147e7d0d7233c11a702bf330099a3e3c7c3ceb01cca7ffca609d4b&r=dXMtZWFzdDE%3D Requested by Host: srv222783.hoster-test.ru URL: http://srv222783.hoster-test.ru/Lunar/personel/ Protocol H2 Server 2a02:26f0:7100::213:c6b1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash `4e0c850e1f5837811be0a0321397545cde0eac8dc68604d0bcc9aba5c22d44d4` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer http://srv222783.hoster-test.ru/ Response headers x-request-id uEMkNWIP8k17vBNK9ote9F5Gmvo9XijB access-control-max-age 86400 access-control-expose-headers Server,range,hdntl,hdnts,Akamai-Mon-Iucid-Ing,Akamai-Mon-Iucid-Del,Akamai-Request-BC,Akamai-Grn access-control-allow-methods GET,POST,OPTIONS alt-svc h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43" date Tue, 22 Oct 2024 10:57:31 GMT content-type video/mp4 access-control-allow-headers origin,range,hdntl,hdnts,CMCD-Request,CMCD-Object,CMCD-Status,CMCD-Session cache-control max-age=29559865 access-control-allow-credentials true akamai-request-bc [a=2.19.198.173,b=128268340,c=g,n=DE_HE_FRANKFURT,o=20940] Content-Range bytes 0-2813763/2813764 accept-ranges bytes access-control-allow-origin * Content-Length 2813764 akamai-grn 0.adc61302.1729594651.7a53834 akamai-mon-iucid-del 1190815 Redirect headers x-host player-backend-bc5df4697-ntmh6 CF-Cache-Status DYNAMIC x-content-type-options nosniff x-backend-server player-backend-edge-entry expires Fri, 15 Dec 1985 19:30:00 GMT x-player-backend g x-cache MISS Date Tue, 22 Oct 2024 10:57:30 GMT x-bapp-server player-backend-bc5df4697-ntmh6 x-served-by cache-ams21034-AMS x-cache-hits 0 strict-transport-security max-age=31536000; includeSubDomains; preload content-security-policy default-src 'self'; script-src 'self' https://f.vimeocdn.com; style-src 'self' https://f.vimeocdn.com; img-src 'self' https://f.vimeocdn.com https://i.vimeocdn.com; report-uri /_csp Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 location https://download-video.akamaized.net/v3-1/playback/7cd9df94-a5a5-490c-ac83-4fbfa0a1b92a/eab8d12e?__token__=st=1729594650~exp=1729609050~acl=%2Fv3-1%2Fplayback%2F7cd9df94-a5a5-490c-ac83-4fbfa0a1b92a%2Feab8d12e%2A~hmac=16633e781e147e7d0d7233c11a702bf330099a3e3c7c3ceb01cca7ffca609d4b&r=dXMtZWFzdDE%3D x-timer S1729594651.751074,VS0,VE180 Connection keep-alive via 1.1 varnish CF-RAY 8d68f7870e18abc9-CPH accept-ranges bytes access-control-allow-origin * Content-Length 0 x-xss-protection 1; mode=block Server cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: api.telegram.org
URL: https://api.telegram.org/bot64403TOFQOSBfJY64D898RCQWgXL4j8/sendMessage?chat_id=-40849656&text=%E2%9A%A1%EF%B8%8F(ICKEL|

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Lunar (Financial)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.vimeo.com/	1970-01-21 00:26:36	Name: __cf_bm Value: 6_K_6v59YOL0M23NiH9Lr0_DmaCFHdvJmrx5K2RPSOI-1729594650-1.0.1.1-QuWBoSeKO1B2sr6Ze7vaGS.sspkMZmnlCkuA64D9rq1WtkFeC.OMI7JdMNrmvjzT
			.vimeo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: lMgu4YZTec3QVXkXec5c2Qz9Y0K14OrkhEKVSWdLTnQ-1729594650942-0.0.1.1-604800000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.telegram.org
download-video.akamaized.net
player.vimeo.com
pointy-volcano-zone.glitch.me
srv222783.hoster-test.ru
api.telegram.org
162.159.128.61
184.72.243.22
2a02:26f0:7100::213:c6b1
31.28.24.227
1f0f4b282b200752dda9191366e43d154297d627c3d32c37268cca6aec9d363b
36e827806cf6cb9e2354c78739fff97d3f68e061e9e3a328885734f312059c31
4b0394dae55f5d6430b00ffbb00fe4eb2c623f0368eb10d58e91a99fa340d032
4e0c850e1f5837811be0a0321397545cde0eac8dc68604d0bcc9aba5c22d44d4

srv222783.hoster-test.ru Open in urlscan Pro 31.28.24.227 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

5 Requests

20 %HTTPS

25 %IPv6

5 Domains

5 Subdomains

4 IPs

4 Countries

2780 kBTransfer

2777 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

2 Cookies

Indicators

srv222783.hoster-test.ru Open in urlscan Pro
31.28.24.227 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

20 %
HTTPS

25 %
IPv6

5
Domains

5
Subdomains

4
IPs

4
Countries

2780 kB
Transfer

2777 kB
Size

2
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!