uets.net Open in urlscan Pro
194.28.84.196 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://uets.net/cgi-bin/index.php
Submission: On July 14 via manual (July 14th 2017, 6:11:49 pm UTC) from US

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 194.28.84.196, located in Ukraine and belongs to HOSTPRO-AS, UA. The main domain is uets.net.

This is the only time uets.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Excel / PDF download (Online)

Domain & IP information

	IP Address		AS Autonomous System
8	194.28.84.196 194.28.84.196		196645 (HOSTPRO-AS) (HOSTPRO-AS)
8	1

8 194.28.84.196 (Ukraine)

ASN196645 (HOSTPRO-AS, UA)
PTR: km82.hostsila.org

uets.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	uets.net uets.net	459 KB
8	1

	Domain	Requested by
8	uets.net	uets.net
8	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://uets.net/cgi-bin/index.php
Frame ID: 1386.1
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

8
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

459 kB
Transfer

535 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request index.php Show response uets.net/cgi-bin/	4 KB 2 KB	165ms 132ms	Document text/html	194.28.84.196 HOSTPRO-AS
General Check archive.org Show headers Download Go to Full URL http://uets.net/cgi-bin/index.php Protocol HTTP/1.1 Server 194.28.84.196 , Ukraine, ASN196645 (HOSTPRO-AS, UA), Reverse DNS km82.hostsila.org Software nginx / PHP/5.2.17 Resource Hash `c1eb7fde2cd0726ab81192c5c7202259dec7ff5e6d0e38f8484f8676cee27356` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Fri, 14 Jul 2017 18:11:40 GMT Content-Encoding gzip Server nginx Connection keep-alive X-Powered-By PHP/5.2.17 Transfer-Encoding chunked Content-Type text/html
GET H/1.1	200 OK	facebox.css uets.net/cgi-bin/javascript/facebox/src/	1 KB 495 B	54ms 54ms	Stylesheet text/css	194.28.84.196 HOSTPRO-AS
General Check archive.org Show headers Download Go to Full URL http://uets.net/cgi-bin/javascript/facebox/src/facebox.css Requested by Host: uets.net URL: http://uets.net/cgi-bin/index.php Protocol HTTP/1.1 Server 194.28.84.196 , Ukraine, ASN196645 (HOSTPRO-AS, UA), Reverse DNS km82.hostsila.org Software nginx / Resource Hash `9a2a983c9ea36e030b6ee8f7f08a2d966fed84f445af2710fcc49dd98b37e832` Request headers Referer http://uets.net/cgi-bin/index.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Pragma public Date Fri, 14 Jul 2017 18:11:40 GMT Content-Encoding gzip Last-Modified Thu, 09 Jun 2016 17:57:38 GMT Server nginx ETag W/"5759ae12-47f" Transfer-Encoding chunked Content-Type text/css Cache-Control max-age=2592000, public, must-revalidate, proxy-revalidate Connection keep-alive Expires Sun, 13 Aug 2017 18:11:40 GMT
GET H/1.1	200 OK	jquery-1.js Show response uets.net/cgi-bin/javascript/	89 KB 36 KB	77ms 44ms	Script application/javascript	194.28.84.196 HOSTPRO-AS
General Check archive.org Show headers Download Go to Full URL http://uets.net/cgi-bin/javascript/jquery-1.js Requested by Host: uets.net URL: http://uets.net/cgi-bin/index.php Protocol HTTP/1.1 Server 194.28.84.196 , Ukraine, ASN196645 (HOSTPRO-AS, UA), Reverse DNS km82.hostsila.org Software nginx / Resource Hash `d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f` Request headers Referer http://uets.net/cgi-bin/index.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Pragma public Date Fri, 14 Jul 2017 18:11:40 GMT Content-Encoding gzip Last-Modified Thu, 09 Jun 2016 17:57:38 GMT Server nginx ETag W/"5759ae12-165a4" Transfer-Encoding chunked Content-Type application/javascript Cache-Control max-age=2592000, public, must-revalidate, proxy-revalidate Connection keep-alive Expires Sun, 13 Aug 2017 18:11:40 GMT
GET H/1.1	200 OK	facebox.js Show response uets.net/cgi-bin/javascript/facebox/src/	9 KB 3 KB	80ms 47ms	Script application/javascript	194.28.84.196 HOSTPRO-AS
General Check archive.org Show headers Download Go to Full URL http://uets.net/cgi-bin/javascript/facebox/src/facebox.js Requested by Host: uets.net URL: http://uets.net/cgi-bin/index.php Protocol HTTP/1.1 Server 194.28.84.196 , Ukraine, ASN196645 (HOSTPRO-AS, UA), Reverse DNS km82.hostsila.org Software nginx / Resource Hash `983747e7938326bd872ecf4734d559a8d811dbd4488fd46c05fe6f99e9b0a867` Request headers Referer http://uets.net/cgi-bin/index.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Pragma public Date Fri, 14 Jul 2017 18:11:40 GMT Content-Encoding gzip Last-Modified Thu, 09 Jun 2016 17:57:38 GMT Server nginx ETag W/"5759ae12-2407" Transfer-Encoding chunked Content-Type application/javascript Cache-Control max-age=2592000, public, must-revalidate, proxy-revalidate Connection keep-alive Expires Sun, 13 Aug 2017 18:11:40 GMT
GET H/1.1	200 OK	jquery.js Show response uets.net/cgi-bin/javascript/watermark/	18 KB 7 KB	98ms 64ms	Script application/javascript	194.28.84.196 HOSTPRO-AS
General Check archive.org Show headers Download Go to Full URL http://uets.net/cgi-bin/javascript/watermark/jquery.js Requested by Host: uets.net URL: http://uets.net/cgi-bin/index.php Protocol HTTP/1.1 Server 194.28.84.196 , Ukraine, ASN196645 (HOSTPRO-AS, UA), Reverse DNS km82.hostsila.org Software nginx / Resource Hash `d76d8ccf3c229b319c08e3b8f44a9b3cbc00d72b25a5cdbe40609ef4856a8c98` Request headers Referer http://uets.net/cgi-bin/index.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Pragma public Date Fri, 14 Jul 2017 18:11:40 GMT Content-Encoding gzip Last-Modified Thu, 09 Jun 2016 17:57:38 GMT Server nginx ETag W/"5759ae12-48ea" Transfer-Encoding chunked Content-Type application/javascript Cache-Control max-age=2592000, public, must-revalidate, proxy-revalidate Connection keep-alive Expires Sun, 13 Aug 2017 18:11:40 GMT
GET H/1.1	200 OK	javascript1.js Show response uets.net/cgi-bin/javascript/	4 KB 1 KB	76ms 42ms	Script application/javascript	194.28.84.196 HOSTPRO-AS
General Check archive.org Show headers Download Go to Full URL http://uets.net/cgi-bin/javascript/javascript1.js Requested by Host: uets.net URL: http://uets.net/cgi-bin/index.php Protocol HTTP/1.1 Server 194.28.84.196 , Ukraine, ASN196645 (HOSTPRO-AS, UA), Reverse DNS km82.hostsila.org Software nginx / Resource Hash `941da604bff2db3f3e220be1320278330a492021d588693a65fbf8c6083317b3` Request headers Referer http://uets.net/cgi-bin/index.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Pragma public Date Fri, 14 Jul 2017 18:11:40 GMT Content-Encoding gzip Last-Modified Wed, 17 May 2017 23:12:34 GMT Server nginx ETag W/"591cd8e2-e3d" Transfer-Encoding chunked Content-Type application/javascript Cache-Control max-age=2592000, public, must-revalidate, proxy-revalidate Connection keep-alive Expires Sun, 13 Aug 2017 18:11:40 GMT
GET H/1.1	200 OK	pdf.png uets.net/cgi-bin/	330 KB 330 KB	42ms 41ms	Image image/png	194.28.84.196 HOSTPRO-AS
General Check archive.org Show headers Download Go to Show image Full URL http://uets.net/cgi-bin/pdf.png Requested by Host: uets.net URL: http://uets.net/cgi-bin/index.php Protocol HTTP/1.1 Server 194.28.84.196 , Ukraine, ASN196645 (HOSTPRO-AS, UA), Reverse DNS km82.hostsila.org Software nginx / Resource Hash `173ccb5de106362df171d127b711be29c5b9d6c9bca6970ed1b13961584f8c3a` Request headers Referer http://uets.net/cgi-bin/index.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Pragma public Date Fri, 14 Jul 2017 18:11:40 GMT Last-Modified Wed, 17 May 2017 23:45:30 GMT Server nginx ETag "591ce09a-52783" Content-Type image/png Cache-Control max-age=2592000, public, must-revalidate, proxy-revalidate Connection keep-alive Accept-Ranges bytes Content-Length 337795 Expires Sun, 13 Aug 2017 18:11:40 GMT
GET H/1.1	200 OK	pdf2013.png uets.net/cgi-bin/	80 KB 80 KB	47ms 47ms	Image image/png	194.28.84.196 HOSTPRO-AS
General Check archive.org Show headers Download Go to Show image Full URL http://uets.net/cgi-bin/pdf2013.png Requested by Host: uets.net URL: http://uets.net/cgi-bin/index.php Protocol HTTP/1.1 Server 194.28.84.196 , Ukraine, ASN196645 (HOSTPRO-AS, UA), Reverse DNS km82.hostsila.org Software nginx / Resource Hash `40ce82b3cbf8de9e2dd6ecfa54a4ad3986d89a90b1df1371b99d97f01c8dd72f` Request headers Referer http://uets.net/cgi-bin/index.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Pragma public Date Fri, 14 Jul 2017 18:11:40 GMT Last-Modified Wed, 17 May 2017 23:45:42 GMT Server nginx ETag "591ce0a6-14075" Content-Type image/png Cache-Control max-age=2592000, public, must-revalidate, proxy-revalidate Connection keep-alive Accept-Ranges bytes Content-Length 82037 Expires Sun, 13 Aug 2017 18:11:40 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Excel / PDF download (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

uets.net
194.28.84.196
173ccb5de106362df171d127b711be29c5b9d6c9bca6970ed1b13961584f8c3a
40ce82b3cbf8de9e2dd6ecfa54a4ad3986d89a90b1df1371b99d97f01c8dd72f
941da604bff2db3f3e220be1320278330a492021d588693a65fbf8c6083317b3
983747e7938326bd872ecf4734d559a8d811dbd4488fd46c05fe6f99e9b0a867
9a2a983c9ea36e030b6ee8f7f08a2d966fed84f445af2710fcc49dd98b37e832
c1eb7fde2cd0726ab81192c5c7202259dec7ff5e6d0e38f8484f8676cee27356
d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f
d76d8ccf3c229b319c08e3b8f44a9b3cbc00d72b25a5cdbe40609ef4856a8c98

uets.net Open in urlscan Pro 194.28.84.196 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

8 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

459 kBTransfer

535 kBSize

0 Cookies

0 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

uets.net Open in urlscan Pro
194.28.84.196 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

459 kB
Transfer

535 kB
Size

0
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!