urlscan.io logo urlscan.io
SecurityTrails logo

ftp.s-sniffer.top Open in urlscan Pro
2606:4700:30::681c:22d  Public Scan

Go To Rescan Add Verdict Report
URL: https://ftp.s-sniffer.top/yandex/
Submission: On September 30 via automatic, source phishtank
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 3 domains to perform 10 HTTP transactions. The main IP is 2606:4700:30::681c:22d, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is ftp.s-sniffer.top.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on September 30th 2018. Valid for: a year.
This is the only time ftp.s-sniffer.top was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:30:... 13335 (CLOUDFLAR...)
4 2a02:6b8:20::215 13238 (YANDEX)
1 5 2a02:6b8::1:119 13238 (YANDEX)
1 2a02:6b8::1:227 13238 (YANDEX)
10 5
Apex Domain
Subdomains		 Transfer
6 yandex.ru
mc.yandex.ru
export.yandex.ru
45 KB
4 yastatic.net
yastatic.net
328 KB
1 s-sniffer.top
ftp.s-sniffer.top
3 KB
10 3
Domain Requested by
5 mc.yandex.ru 1 redirects yastatic.net
ftp.s-sniffer.top
4 yastatic.net ftp.s-sniffer.top
yastatic.net
1 export.yandex.ru yastatic.net
1 ftp.s-sniffer.top
10 4

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2018-09-30 -
2019-09-30		 a year crt.sh
static.yandex.net
Yandex CA		 2017-12-06 -
2018-12-06		 a year crt.sh
bs.yandex.ru
Yandex CA		 2017-11-23 -
2019-11-23		 2 years crt.sh
export.yandex.ru
Yandex CA		 2017-05-29 -
2019-05-29		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://ftp.s-sniffer.top/yandex/
Frame ID: F6101FBEA6A4D8495173CD66053F1DFD
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /cloudflare/i
Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js/i
  • env /^jQuery$/i

Page Statistics

10
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

4
Subdomains

5
IPs

2
Countries

374 kB
Transfer

1254 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 23
  • https://mc.yandex.ru/watch/784657?wmode=7&page-url=https%3A%2F%2Fftp.s-sniffer.top%2Fyandex%2F&charset=utf-8&browser-info=ti%3A10%3Ans%3A1538340179353%3As%3A1600x1200x24%3Ask%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Ai%3A20180930204259%3Aet%3A1538340180%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A603122346%3Ahid%3A602613258%3Ads%3A1%2C18%2C50%2C1%2C0%2C0%2C0%2C374%2C48%2C%2C%2C%2C445%3Afp%3A513%3Agdpr%3A14%3Av%3A1227%3Ast%3A1538340180%3Au%3A153834018053398935%3At%3A%D0%90%D0%B2%D1%82%D0%BE%D1%80%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F HTTP 302
  • https://mc.yandex.ru/watch/784657/1?wmode=7&page-url=https%3A%2F%2Fftp.s-sniffer.top%2Fyandex%2F&charset=utf-8&browser-info=ti%3A10%3Ans%3A1538340179353%3As%3A1600x1200x24%3Ask%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Ai%3A20180930204259%3Aet%3A1538340180%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A603122346%3Ahid%3A602613258%3Ads%3A1%2C18%2C50%2C1%2C0%2C0%2C0%2C374%2C48%2C%2C%2C%2C445%3Afp%3A513%3Agdpr%3A14%3Av%3A1227%3Ast%3A1538340180%3Au%3A153834018053398935%3At%3A%D0%90%D0%B2%D1%82%D0%BE%D1%80%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
ftp.s-sniffer.top/yandex/ 		12 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ftp.s-sniffer.top/yandex/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::681c:22d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4e4aa7208fffa1584a7913bf3e9151b1f5dd568ee0f1715a9af65edcd3b15f21

Request headers

:method
GET
:authority
ftp.s-sniffer.top
:scheme
https
:path
/yandex/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
200
date
Sun, 30 Sep 2018 20:42:59 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=db20163782953e06d1a665220e1b482191538340179; expires=Mon, 30-Sep-19 20:42:59 GMT; path=/; domain=.s-sniffer.top; HttpOnly
vary
Accept-Encoding
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
462984e90a8b96a6-FRA
content-encoding
gzip
auth.enter.css
yastatic.net/passport-frontend/0.2.29-18/public/css/ 		305 KB
68 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/passport-frontend/0.2.29-18/public/css/auth.enter.css
Requested by
Host: ftp.s-sniffer.top
URL: https://ftp.s-sniffer.top/yandex/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8:20::215 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
955034949a144172264ced449d18d6260bfaa32a1e96ab83010081e9e5fa6821

Request headers

Referer
https://ftp.s-sniffer.top/yandex/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 30 Sep 2018 20:42:59 GMT
Content-Encoding
gzip
Last-Modified
Fri, 25 Dec 2015 11:09:42 GMT
Server
nginx/1.12.2
ETag
W/"567d23f6-4c3ca"
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000, public
Transfer-Encoding
chunked
Connection
keep-alive
Timing-Allow-Origin
*
Keep-Alive
timeout=5
Expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.min.js
yastatic.net/jquery/1.9.1/ 		90 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/jquery/1.9.1/jquery.min.js
Requested by
Host: ftp.s-sniffer.top
URL: https://ftp.s-sniffer.top/yandex/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8:20::215 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

Referer
https://ftp.s-sniffer.top/yandex/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 30 Sep 2018 20:42:59 GMT
Content-Encoding
gzip
Last-Modified
Tue, 23 Sep 1997 16:00:00 GMT
Server
nginx/1.12.2
ETag
"3427e780-7bc4"
Vary
Accept-Encoding
Connection
keep-alive
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000, public, immutable
Strict-Transport-Security
max-age=43200000; includeSubDomains;
Timing-Allow-Origin
*
Keep-Alive
timeout=5
Content-Length
31684
Expires
Thu, 31 Dec 2037 23:55:55 GMT
auth.enter.ru.js
yastatic.net/passport-frontend/0.2.29-18/public/js/ 		467 KB
119 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/passport-frontend/0.2.29-18/public/js/auth.enter.ru.js
Requested by
Host: ftp.s-sniffer.top
URL: https://ftp.s-sniffer.top/yandex/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8:20::215 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
19a74991935c1e07c9d86e561e9b37f66601d093bbe3c83fc24fe4e604c8c3eb

Request headers

Referer
https://ftp.s-sniffer.top/yandex/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 30 Sep 2018 20:42:59 GMT
Content-Encoding
gzip
Last-Modified
Fri, 25 Dec 2015 11:07:28 GMT
Server
nginx/1.12.2
ETag
W/"567d2370-74a79"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000, public
Transfer-Encoding
chunked
Connection
keep-alive
Timing-Allow-Origin
*
Keep-Alive
timeout=5
Expires
Thu, 31 Dec 2037 23:55:55 GMT
truncated
/ 		244 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0f6a5c0aa0bc5feac885318721b42dcf0a023d1c1484f13f271bf0659621f1c7

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/svg+xml
truncated
/ 		986 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e9c41737c087c9816ddf426c6362ef121bda8174ec5e5a0a943ae0205ae00994

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/svg+xml
truncated
/ 		1001 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
37988f1fd9c801ed1e45791c4330d7c4b69fbec436998e06af941c199252cda0

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/svg+xml
truncated
/ 		859 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
288447f4575d5289722966e3fc720664c7f92d1a68cd353cf0371f7b128a9057

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/svg+xml
truncated
/ 		874 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9b3768e31e91de2dac2b07ff7775aea4ddaeb324897fc8e5d31563df37e263be

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/svg+xml
truncated
/ 		1002 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f4a4f015c1272956f77534c90f0bfa1ead6fb3dd19663c5c45e28414779d34f8

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/svg+xml
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3ceae035af046981f710cb3a11320164ae53fd6003919eaf9444392e930a2ccd

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/svg+xml
truncated
/ 		818 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e1a16e40cf48db2d59d1931a8d07463ebecf20da0dddacc1504c39f3dee3f4db

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/svg+xml
truncated
/ 		835 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dc1b30988ed73a10486607e61483fe5ba6e6e5ce85f8d355f847defa45afc84e

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/svg+xml
truncated
/ 		425 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
621561b19b419285b89f8ca8b778611d1251cf8bb1ee90eca22fc0c6569c74ff

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/svg+xml
truncated
/ 		501 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c5429168671572f1aeea4584658b37a06fa08f4f774f0cc9cad0f0e56fb3a8e0

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/svg+xml
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
11fa33dc3a14bf42d2af2a07d46d809068ac3e63c64217c7650943aa91b9d1ef

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/svg+xml
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7c39ea7e24c9474c89a3520b4b05b0f4240c4e0ebdee1529e95323d87eac4d39

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/svg+xml
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0599f0ccfaf867428a84f897a98e42482724739e9ad43c926a1d54585e0d09fc

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7d0df8af4cb42258f6ca2d65da2d3c206b532b3353dc90e16116b11d1c692be3

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/svg+xml
truncated
/ 		523 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2d52f16a7600f56ec0c9ae08d1b1b2a0865a7b132366fdecf393fe252071d617

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/svg+xml
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
18a4b7165fe131156e9d3ef00497b72da57a0a5d9f81130aed581ec06b43ffd3

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/svg+xml
tb-regular.ttf
yastatic.net/passport-frontend/0.2.29-18/public/fonts/ 		239 KB
109 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/passport-frontend/0.2.29-18/public/fonts/tb-regular.ttf
Requested by
Host: yastatic.net
URL: https://yastatic.net/jquery/1.9.1/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8:20::215 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
7123dc0dc793a9486420783764cd79c049b07d4406b02d9762d311e9a7f785c5

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://yastatic.net/passport-frontend/0.2.29-18/public/css/auth.enter.css
Origin
https://ftp.s-sniffer.top

Response headers

Date
Sun, 30 Sep 2018 20:42:59 GMT
Content-Encoding
gzip
Last-Modified
Fri, 25 Dec 2015 11:03:51 GMT
Server
nginx/1.12.2
ETag
W/"567d2297-3ba44"
Vary
Accept-Encoding
Content-Type
application/x-font-ttf
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000, public
Transfer-Encoding
chunked
Connection
keep-alive
Timing-Allow-Origin
*
Keep-Alive
timeout=5
Expires
Thu, 31 Dec 2037 23:55:55 GMT
watch.js
mc.yandex.ru/metrika/ 		124 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/metrika/watch.js?_=1538340179606
Requested by
Host: yastatic.net
URL: https://yastatic.net/jquery/1.9.1/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
b90f2e7392bb93e6873953c0101ae514b1ae392ec3a8144cbd25029d056afae9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://ftp.s-sniffer.top/yandex/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 30 Sep 2018 20:42:59 GMT
Content-Encoding
gzip
Last-Modified
Fri, 14 Sep 2018 14:26:36 GMT
Server
nginx/1.12.2
ETag
"5b9bc51c-a769"
Strict-Transport-Security
max-age=31536000
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600
Connection
keep-alive
Content-Length
42857
Expires
Sun, 30 Sep 2018 21:42:59 GMT
unread.xml
export.yandex.ru/for/ 		2 B
226 B 		Script
General
Check archive.org
Download Go to
Full URL
https://export.yandex.ru/for/unread.xml?callback=jQuery19103357676114941628_1538340179607&_=1538340179608
Requested by
Host: yastatic.net
URL: https://yastatic.net/jquery/1.9.1/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:6b8::1:227 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer
https://ftp.s-sniffer.top/yandex/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 30 Sep 2018 20:42:59 GMT
X-qloud-router
man2-4946e0b6a1a9.qloud-c.yandex.net
Connection
keep-alive
Keep-Alive
timeout=120
Content-Length
2
Server
nginx
Content-Type
text/javascript
1
mc.yandex.ru/watch/784657/
Redirect Chain
  • https://mc.yandex.ru/watch/784657?wmode=7&page-url=https%3A%2F%2Fftp.s-sniffer.top%2Fyandex%2F&charset=utf-8&browser-info=ti%3A10%3Ans%3A1538340179353%3As%3A1600x1200x24%3Ask%3A1%3Afpr%3A2166136261...
  • https://mc.yandex.ru/watch/784657/1?wmode=7&page-url=https%3A%2F%2Fftp.s-sniffer.top%2Fyandex%2F&charset=utf-8&browser-info=ti%3A10%3Ans%3A1538340179353%3As%3A1600x1200x24%3Ask%3A1%3Afpr%3A21661362...
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/watch/784657/1?wmode=7&page-url=https%3A%2F%2Fftp.s-sniffer.top%2Fyandex%2F&charset=utf-8&browser-info=ti%3A10%3Ans%3A1538340179353%3As%3A1600x1200x24%3Ask%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Ai%3A20180930204259%3Aet%3A1538340180%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A603122346%3Ahid%3A602613258%3Ads%3A1%2C18%2C50%2C1%2C0%2C0%2C0%2C374%2C48%2C%2C%2C%2C445%3Afp%3A513%3Agdpr%3A14%3Av%3A1227%3Ast%3A1538340180%3Au%3A153834018053398935%3At%3A%D0%90%D0%B2%D1%82%D0%BE%D1%80%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F
Requested by
Host: ftp.s-sniffer.top
URL: https://ftp.s-sniffer.top/yandex/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ftp.s-sniffer.top/yandex/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 30 Sep 2018 20:42:59 GMT
Last-Modified
Sun, 30 Sep 2018 20:42:59 GMT
Server
nginx/1.12.2
Location
https://mc.yandex.ru/watch/784657/1?wmode=7&page-url=https%3A%2F%2Fftp.s-sniffer.top%2Fyandex%2F&charset=utf-8&browser-info=ti%3A10%3Ans%3A1538340179353%3As%3A1600x1200x24%3Ask%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Ai%3A20180930204259%3Aet%3A1538340180%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A603122346%3Ahid%3A602613258%3Ads%3A1%2C18%2C50%2C1%2C0%2C0%2C0%2C374%2C48%2C%2C%2C%2C445%3Afp%3A513%3Agdpr%3A14%3Av%3A1227%3Ast%3A1538340180%3Au%3A153834018053398935%3At%3A%D0%90%D0%B2%D1%82%D0%BE%D1%80%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F
Strict-Transport-Security
max-age=31536000
P3P
CP="NOI DEVa TAIa OUR BUS UNI STA"
Access-Control-Allow-Origin
https://ftp.s-sniffer.top
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
X-XSS-Protection
1; mode=block
Expires
Sun, 30 Sep 2018 20:42:59 GMT

Redirect headers

Pragma
no-cache
Date
Sun, 30 Sep 2018 20:42:59 GMT
Last-Modified
Sun, 30 Sep 2018 20:42:59 GMT
Server
nginx/1.12.2
Location
https://mc.yandex.ru/watch/784657/1?wmode=7&page-url=https%3A%2F%2Fftp.s-sniffer.top%2Fyandex%2F&charset=utf-8&browser-info=ti%3A10%3Ans%3A1538340179353%3As%3A1600x1200x24%3Ask%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Ai%3A20180930204259%3Aet%3A1538340180%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A603122346%3Ahid%3A602613258%3Ads%3A1%2C18%2C50%2C1%2C0%2C0%2C0%2C374%2C48%2C%2C%2C%2C445%3Afp%3A513%3Agdpr%3A14%3Av%3A1227%3Ast%3A1538340180%3Au%3A153834018053398935%3At%3A%D0%90%D0%B2%D1%82%D0%BE%D1%80%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F
Strict-Transport-Security
max-age=31536000
P3P
CP="NOI DEVa TAIa OUR BUS UNI STA"
Access-Control-Allow-Origin
https://ftp.s-sniffer.top
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
X-XSS-Protection
1; mode=block
Expires
Sun, 30 Sep 2018 20:42:59 GMT
advert.gif
mc.yandex.ru/metrika/ 		43 B
445 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mc.yandex.ru/metrika/advert.gif
Requested by
Host: ftp.s-sniffer.top
URL: https://ftp.s-sniffer.top/yandex/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://ftp.s-sniffer.top/yandex/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 30 Sep 2018 20:42:59 GMT
Content-Encoding
gzip
Last-Modified
Mon, 12 Oct 2015 13:09:09 GMT
Server
nginx/1.12.2
ETag
"561bb0f5-3d"
Strict-Transport-Security
max-age=31536000
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600
Connection
keep-alive
Content-Length
61
Expires
Sun, 30 Sep 2018 21:42:59 GMT
1
mc.yandex.ru/watch/784657/ 		152 B
746 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/watch/784657/1?wmode=7&page-url=https%3A%2F%2Fftp.s-sniffer.top%2Fyandex%2F&charset=utf-8&browser-info=ti%3A10%3Ans%3A1538340179353%3As%3A1600x1200x24%3Ask%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Ai%3A20180930204259%3Aet%3A1538340180%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A603122346%3Ahid%3A602613258%3Ads%3A1%2C18%2C50%2C1%2C0%2C0%2C0%2C374%2C48%2C%2C%2C%2C445%3Afp%3A513%3Agdpr%3A14%3Av%3A1227%3Ast%3A1538340180%3Au%3A153834018053398935%3At%3A%D0%90%D0%B2%D1%82%D0%BE%D1%80%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F
Requested by
Host: ftp.s-sniffer.top
URL: https://ftp.s-sniffer.top/yandex/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
1d6de6720f559847072576b56b910b71451286ceba0ab02c0809bb97c57f56fa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ftp.s-sniffer.top/yandex/
Origin
https://ftp.s-sniffer.top
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Sun, 30 Sep 2018 20:42:59 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sun, 30 Sep 2018 20:42:59 GMT
Server
nginx/1.12.2
Strict-Transport-Security
max-age=31536000
P3P
CP="NOI DEVa TAIa OUR BUS UNI STA"
Access-Control-Allow-Origin
https://ftp.s-sniffer.top
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
152
X-XSS-Protection
1; mode=block
Expires
Sun, 30 Sep 2018 20:42:59 GMT

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| uid object| login string| passportHost function| $ function| jQuery object| i18n object| nb boolean| VALIDATION_FAILED boolean| VALIDATION_PASSED object| yr undefined| returnExports object| passport undefined| jQuery19103357676114941628_1538340179607 object| Ya object| yaCounter784657

4 Cookies

Domain/Path Name / Value
.s-sniffer.top/ Name: _ym_isad
Value: 2
.s-sniffer.top/ Name: _ym_d
Value: 1538340180
.s-sniffer.top/ Name: _ym_uid
Value: 153834018053398935
.s-sniffer.top/ Name: __cfduid
Value: db20163782953e06d1a665220e1b482191538340179

5 Console Messages

Source Level URL
Text
console-api log URL: https://yastatic.net/passport-frontend/0.2.29-18/public/js/auth.enter.ru.js(Line 9)
Message:
Block "domik" inited.
console-api log URL: https://yastatic.net/passport-frontend/0.2.29-18/public/js/auth.enter.ru.js(Line 9)
Message:
Block "login-auth" inited.
console-api log URL: https://yastatic.net/passport-frontend/0.2.29-18/public/js/auth.enter.ru.js(Line 9)
Message:
Block "password-auth" inited.
console-api log URL: https://yastatic.net/passport-frontend/0.2.29-18/public/js/auth.enter.ru.js(Line 9)
Message:
Block "submit" inited.
console-api log URL: https://yastatic.net/passport-frontend/0.2.29-18/public/js/auth.enter.ru.js(Line 9)
Message:
Block "footer" inited.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

export.yandex.ru
ftp.s-sniffer.top
mc.yandex.ru
yastatic.net
2606:4700:30::681c:22d
2a02:6b8:20::215
2a02:6b8::1:119
2a02:6b8::1:227
0599f0ccfaf867428a84f897a98e42482724739e9ad43c926a1d54585e0d09fc
0f6a5c0aa0bc5feac885318721b42dcf0a023d1c1484f13f271bf0659621f1c7
11fa33dc3a14bf42d2af2a07d46d809068ac3e63c64217c7650943aa91b9d1ef
18a4b7165fe131156e9d3ef00497b72da57a0a5d9f81130aed581ec06b43ffd3
19a74991935c1e07c9d86e561e9b37f66601d093bbe3c83fc24fe4e604c8c3eb
1d6de6720f559847072576b56b910b71451286ceba0ab02c0809bb97c57f56fa
288447f4575d5289722966e3fc720664c7f92d1a68cd353cf0371f7b128a9057
2d52f16a7600f56ec0c9ae08d1b1b2a0865a7b132366fdecf393fe252071d617
37988f1fd9c801ed1e45791c4330d7c4b69fbec436998e06af941c199252cda0
3ceae035af046981f710cb3a11320164ae53fd6003919eaf9444392e930a2ccd
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4e4aa7208fffa1584a7913bf3e9151b1f5dd568ee0f1715a9af65edcd3b15f21
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
621561b19b419285b89f8ca8b778611d1251cf8bb1ee90eca22fc0c6569c74ff
7123dc0dc793a9486420783764cd79c049b07d4406b02d9762d311e9a7f785c5
7c39ea7e24c9474c89a3520b4b05b0f4240c4e0ebdee1529e95323d87eac4d39
7d0df8af4cb42258f6ca2d65da2d3c206b532b3353dc90e16116b11d1c692be3
955034949a144172264ced449d18d6260bfaa32a1e96ab83010081e9e5fa6821
9b3768e31e91de2dac2b07ff7775aea4ddaeb324897fc8e5d31563df37e263be
b90f2e7392bb93e6873953c0101ae514b1ae392ec3a8144cbd25029d056afae9
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c5429168671572f1aeea4584658b37a06fa08f4f774f0cc9cad0f0e56fb3a8e0
dc1b30988ed73a10486607e61483fe5ba6e6e5ce85f8d355f847defa45afc84e
e1a16e40cf48db2d59d1931a8d07463ebecf20da0dddacc1504c39f3dee3f4db
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9c41737c087c9816ddf426c6362ef121bda8174ec5e5a0a943ae0205ae00994
f4a4f015c1272956f77534c90f0bfa1ead6fb3dd19663c5c45e28414779d34f8