blog.kardesler-trailer.com

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 4 HTTP transactions. The main IP is 213.226.124.202, located in Russian Federation and belongs to TIMEWEB-AS, RU. The main domain is blog.kardesler-trailer.com.

This is the only time blog.kardesler-trailer.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

	IP Address		AS Autonomous System
4	213.226.124.202 213.226.124.202		9123 (TIMEWEB-AS) (TIMEWEB-AS)
4	1

4 213.226.124.202 (Russian Federation)

ASN9123 (TIMEWEB-AS, RU)
PTR: vds-cx31505.timeweb.ru

blog.kardesler-trailer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	kardesler-trailer.com blog.kardesler-trailer.com	7 KB
4	1

	Domain	Requested by
4	blog.kardesler-trailer.com	blog.kardesler-trailer.com
4	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://blog.kardesler-trailer.com/pt/web.php?email=[[-Email-]]
Frame ID: C651FFCC0756345DF882B504921926B5
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Webmail

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

4
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

7 kB
Transfer

29 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request web.php Show response
blog.kardesler-trailer.com/pt/ 24 KB
4 KB 189ms
64ms Document
text/html 213.226.124.202
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL

http://blog.kardesler-trailer.com/pt/web.php?email=[[-Email-]]

Protocol

HTTP/1.1

Server

213.226.124.202 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),

Reverse DNS

vds-cx31505.timeweb.ru

Software

nginx/1.14.0 / PHP/7.1.22

Resource Hash

ca3c4762eff676d88e3aba9d8f6dc051f2bed7455eba37064c594f383edbae94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Thu, 15 Sep 2022 03:44:38 GMT
Server: nginx/1.14.0
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Powered-By: PHP/7.1.22

GET
H/1.1 200
OK default.css
blog.kardesler-trailer.com/pt/web_files/ 5 KB
2 KB 63ms
62ms Stylesheet
text/css 213.226.124.202
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL

http://blog.kardesler-trailer.com/pt/web_files/default.css

Requested by

Host: blog.kardesler-trailer.com
URL: http://blog.kardesler-trailer.com/pt/web.php?email=[[-Email-]]

Protocol

HTTP/1.1

Server

213.226.124.202 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),

Reverse DNS

vds-cx31505.timeweb.ru

Software

nginx/1.14.0 /

Resource Hash

842cb4787a0f92956b6b0f20ea8b3af85478abdb3bf4b51c6377a35d87fd1a8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.kardesler-trailer.com/pt/web.php?email=[[-Email-]]
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 15 Sep 2022 03:44:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 07 Sep 2022 01:42:04 GMT
Server: nginx/1.14.0
ETag: W/"6317f6ec-130a"
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Sat, 15 Oct 2022 03:44:38 GMT

GET
H/1.1 200
OK dummy.gif
blog.kardesler-trailer.com/pt/web_files/ 43 B
413 B 126ms
62ms Image
image/gif 213.226.124.202
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://blog.kardesler-trailer.com/pt/web_files/dummy.gif

Requested by

Host: blog.kardesler-trailer.com
URL: http://blog.kardesler-trailer.com/pt/web.php?email=[[-Email-]]

Protocol

HTTP/1.1

Server

213.226.124.202 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),

Reverse DNS

vds-cx31505.timeweb.ru

Software

nginx/1.14.0 /

Resource Hash

42cb846e07917f6731406e500f24aeb2e88c42cda124eaa59e08c5331cad8bcb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.kardesler-trailer.com/pt/web.php?email=[[-Email-]]
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 15 Sep 2022 03:44:38 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 07 Sep 2022 01:42:04 GMT
Server: nginx/1.14.0
ETag: "6317f6ec-2b"
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Sat, 15 Oct 2022 03:44:38 GMT

GET
H/1.1 200
OK logo.png
blog.kardesler-trailer.com/pt/web_files/ 530 B
902 B 63ms
62ms Image
image/png 213.226.124.202
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://blog.kardesler-trailer.com/pt/web_files/logo.png

Requested by

Host: blog.kardesler-trailer.com
URL: http://blog.kardesler-trailer.com/pt/web_files/default.css

Protocol

HTTP/1.1

Server

213.226.124.202 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),

Reverse DNS

vds-cx31505.timeweb.ru

Software

nginx/1.14.0 /

Resource Hash

f26b36cd855ffd001fdd3ee4e9cee7f5f0691f110c4f3928c520723b72e07c82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.kardesler-trailer.com/pt/web_files/default.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 15 Sep 2022 03:44:38 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 07 Sep 2022 01:42:04 GMT
Server: nginx/1.14.0
ETag: "6317f6ec-212"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 530
Expires: Sat, 15 Oct 2022 03:44:38 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blog.kardesler-trailer.com
213.226.124.202
42cb846e07917f6731406e500f24aeb2e88c42cda124eaa59e08c5331cad8bcb
842cb4787a0f92956b6b0f20ea8b3af85478abdb3bf4b51c6377a35d87fd1a8d
ca3c4762eff676d88e3aba9d8f6dc051f2bed7455eba37064c594f383edbae94
f26b36cd855ffd001fdd3ee4e9cee7f5f0691f110c4f3928c520723b72e07c82

blog.kardesler-trailer.com Open in urlscan Pro 213.226.124.202 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

4 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

7 kBTransfer

29 kBSize

0 Cookies

0 Outgoing links

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

blog.kardesler-trailer.com Open in urlscan Pro
213.226.124.202 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

7 kB
Transfer

29 kB
Size

0
Cookies

4 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!