org.covid.dvinaland.ru Open in urlscan Pro
188.130.238.50 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://org.covid.dvinaland.ru/
Effective URL:
https://org.covid.dvinaland.ru/
Submission Tags: phishing malicious Search All
Submission: On May 01 via api (May 1st 2020, 5:49:07 pm UTC) from US

Summary HTTP 10 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 188.130.238.50, located in Moscow, Russian Federation and belongs to ARKHANGELSK-AS, CZ. The main domain is org.covid.dvinaland.ru.
TLS certificate: Issued by Let's Encrypt Authority X3 on April 28th 2020. Valid for: 3 months.

This is the only time org.covid.dvinaland.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
1 11	188.130.238.50 188.130.238.50		61416 (ARKHANGEL...) (ARKHANGELSK-AS)
10	1

11 188.130.238.50 (Moscow, Russian Federation) 1 redirects

ASN61416 (ARKHANGELSK-AS, CZ)
PTR: covid.dvinaland.ru

org.covid.dvinaland.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	dvinaland.ru 1 redirects org.covid.dvinaland.ru	388 KB
10	1

	Domain	Requested by
11	org.covid.dvinaland.ru	1 redirects org.covid.dvinaland.ru
10	1

This site contains links to these domains. Also see Links.

Domain
covid.dvinaland.ru
control.covid.dvinaland.ru

Subject Issuer	Validity	Valid
covid.dvinaland.ru Let's Encrypt Authority X3	`2020-04-28` - `2020-07-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://org.covid.dvinaland.ru/
Frame ID: 7A3918591FDCEB6096C8DB7B568CEF7F
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://org.covid.dvinaland.ru/ HTTP 301
https://org.covid.dvinaland.ru/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

388 kB
Transfer

1652 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://covid.dvinaland.ru/
Title: Оформить заявку на выход из дома

Search URL Search Domain Scan URL

URL: https://control.covid.dvinaland.ru/
Title: Оформить заявку для сотрудников

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://org.covid.dvinaland.ru/ HTTP 301
https://org.covid.dvinaland.ru/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response org.covid.dvinaland.ru/ Redirect Chain http://org.covid.dvinaland.ru/ https://org.covid.dvinaland.ru/	66 KB 12 KB	438ms 155ms	Document text/html	188.130.238.50 ARKHANGELSK-AS
General Check archive.org Show headers Download Go to Full URL https://org.covid.dvinaland.ru/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 188.130.238.50 Moscow, Russian Federation, ASN61416 (ARKHANGELSK-AS, CZ), Reverse DNS covid.dvinaland.ru Software nginx/1.18.0 / Resource Hash `9d02dcffe99b2a34a44b9ca9026434a4296c3aa140c175c5b50a3f08dbb61c2c` Request headers Host org.covid.dvinaland.ru Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Server nginx/1.18.0 Date Fri, 01 May 2020 17:48:48 GMT Content-Type text/html; charset=utf-8 Content-Length 12225 Connection keep-alive Last-Modified Thu, 30 Apr 2020 13:41:19 GMT ETag "5eaad57f-2fc1" Content-Encoding br Expires Fri, 01 May 2020 17:48:48 GMT Cache-Control max-age=0 no-cache, public, must-revalidate, proxy-revalidate Redirect headers Server nginx/1.18.0 Date Fri, 01 May 2020 17:48:47 GMT Content-Type text/html Content-Length 169 Connection keep-alive Location https://org.covid.dvinaland.ru/
GET H/1.1	200 OK	bootstrap.css org.covid.dvinaland.ru/styles/pgu2/css/	132 KB 18 KB	147ms 146ms	Stylesheet text/css	188.130.238.50 ARKHANGELSK-AS
General Check archive.org Show headers Download Go to Full URL https://org.covid.dvinaland.ru/styles/pgu2/css/bootstrap.css?_=1586353754119 Requested by Host: org.covid.dvinaland.ru URL: https://org.covid.dvinaland.ru/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 188.130.238.50 Moscow, Russian Federation, ASN61416 (ARKHANGELSK-AS, CZ), Reverse DNS covid.dvinaland.ru Software nginx/1.18.0 / Resource Hash `d530b510e6b48bdd6ca81d7e15e85011bb902d29deccaa70391a6900c2408d6b` Request headers Referer https://org.covid.dvinaland.ru/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Fri, 01 May 2020 17:48:48 GMT Content-Encoding br Last-Modified Thu, 30 Apr 2020 13:41:19 GMT Server nginx/1.18.0 ETag "5eaad57f-4821" Content-Type text/css Expires Thu, 31 Dec 2037 23:55:55 GMT Cache-Control max-age=315360000, public Connection keep-alive Content-Length 18465 X-Proxy-Cache MISS
GET H/1.1	200 OK	app.css org.covid.dvinaland.ru/styles/pgu2/css/	1 MB 75 KB	295ms 145ms	Stylesheet text/css	188.130.238.50 ARKHANGELSK-AS
General Check archive.org Show headers Download Go to Full URL https://org.covid.dvinaland.ru/styles/pgu2/css/app.css?_=1586353754119 Requested by Host: org.covid.dvinaland.ru URL: https://org.covid.dvinaland.ru/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 188.130.238.50 Moscow, Russian Federation, ASN61416 (ARKHANGELSK-AS, CZ), Reverse DNS covid.dvinaland.ru Software nginx/1.18.0 / Resource Hash `f8a712a7ad6a9b0415792b6792b2f52b5b0ff86837ede654cded7db06209f604` Request headers Referer https://org.covid.dvinaland.ru/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Fri, 01 May 2020 17:48:48 GMT Content-Encoding br Last-Modified Thu, 30 Apr 2020 13:41:19 GMT Server nginx/1.18.0 ETag "5eaad57f-12c11" Content-Type text/css Expires Thu, 31 Dec 2037 23:55:55 GMT Cache-Control max-age=315360000, public Connection keep-alive Content-Length 76817 X-Proxy-Cache MISS
GET H/1.1	200 OK	chesmev-logo.svg org.covid.dvinaland.ru/images/pgu2/	2 KB 1 KB	415ms 142ms	Image image/svg+xml	188.130.238.50 ARKHANGELSK-AS
General Check archive.org Show headers Download Go to Show image Full URL https://org.covid.dvinaland.ru/images/pgu2/chesmev-logo.svg Requested by Host: org.covid.dvinaland.ru URL: https://org.covid.dvinaland.ru/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 188.130.238.50 Moscow, Russian Federation, ASN61416 (ARKHANGELSK-AS, CZ), Reverse DNS covid.dvinaland.ru Software nginx/1.18.0 / Resource Hash `a22c42b6ec12ff853fc9b9850a63314bbc285641ec1e3556cf5990e1911e5c45` Request headers Referer https://org.covid.dvinaland.ru/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Fri, 01 May 2020 17:48:48 GMT Content-Encoding br Last-Modified Thu, 30 Apr 2020 13:41:19 GMT Server nginx/1.18.0 ETag "5eaad57f-2af" Content-Type image/svg+xml Expires Thu, 31 Dec 2037 23:55:55 GMT Cache-Control max-age=315360000, public Connection keep-alive Content-Length 687 X-Proxy-Cache MISS
GET H/1.1	200 OK	covid19.jpg org.covid.dvinaland.ru/images/	74 KB 73 KB	182ms 182ms	Image image/jpeg	188.130.238.50 ARKHANGELSK-AS
General Check archive.org Show headers Download Go to Show image Full URL https://org.covid.dvinaland.ru/images/covid19.jpg Requested by Host: org.covid.dvinaland.ru URL: https://org.covid.dvinaland.ru/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 188.130.238.50 Moscow, Russian Federation, ASN61416 (ARKHANGELSK-AS, CZ), Reverse DNS covid.dvinaland.ru Software nginx/1.18.0 / Resource Hash `9af83300da0f4f401801a61ea8df1578dbd6fe133499d6eace5e5aea49a3dd66` Request headers Referer https://org.covid.dvinaland.ru/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Fri, 01 May 2020 17:48:49 GMT Content-Encoding br Last-Modified Thu, 30 Apr 2020 13:41:19 GMT Server nginx/1.18.0 ETag "5eaad57f-120e1" Content-Type image/jpeg Cache-Control max-age=315360000, public Connection keep-alive Content-Length 73953 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	fontawesome-webfont.woff2 org.covid.dvinaland.ru/fonts/font-awesome/	63 KB 63 KB	314ms 313ms	Font font/woff2	188.130.238.50 ARKHANGELSK-AS
General Check archive.org Show headers Download Go to Full URL https://org.covid.dvinaland.ru/fonts/font-awesome/fontawesome-webfont.woff2?v=4.4.0 Requested by Host: org.covid.dvinaland.ru URL: https://org.covid.dvinaland.ru/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 188.130.238.50 Moscow, Russian Federation, ASN61416 (ARKHANGELSK-AS, CZ), Reverse DNS covid.dvinaland.ru Software nginx/1.18.0 / Resource Hash `3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://org.covid.dvinaland.ru/styles/pgu2/css/bootstrap.css?_=1586353754119 Origin https://org.covid.dvinaland.ru Response headers Date Fri, 01 May 2020 17:48:49 GMT Content-Encoding br Last-Modified Thu, 30 Apr 2020 13:41:19 GMT Server nginx/1.18.0 ETag "5eaad57f-fbd4" Content-Type font/woff2 Cache-Control max-age=315360000, public Connection keep-alive Content-Length 64468 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	als_ekibastuz_light.woff2 org.covid.dvinaland.ru/fonts/ekibastuz/	12 KB 13 KB	177ms 176ms	Font font/woff2	188.130.238.50 ARKHANGELSK-AS
General Check archive.org Show headers Download Go to Full URL https://org.covid.dvinaland.ru/fonts/ekibastuz/als_ekibastuz_light.woff2 Requested by Host: org.covid.dvinaland.ru URL: https://org.covid.dvinaland.ru/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 188.130.238.50 Moscow, Russian Federation, ASN61416 (ARKHANGELSK-AS, CZ), Reverse DNS covid.dvinaland.ru Software nginx/1.18.0 / Resource Hash `4a8b5cb88f3a1cd9c45eed878c7fea136367e184d4d09e6704f8dbfe0d8ee18a` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://org.covid.dvinaland.ru/styles/pgu2/css/app.css?_=1586353754119 Origin https://org.covid.dvinaland.ru Response headers Date Fri, 01 May 2020 17:48:49 GMT Content-Encoding br Last-Modified Thu, 30 Apr 2020 13:41:19 GMT Server nginx/1.18.0 ETag "5eaad57f-30f1" Content-Type font/woff2 Cache-Control max-age=315360000, public Connection keep-alive Content-Length 12529 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	etelka-light-pro_16165-webfont.woff2 org.covid.dvinaland.ru/fonts/EtelkaLightPro/	22 KB 22 KB	327ms 149ms	Font font/woff2	188.130.238.50 ARKHANGELSK-AS
General Check archive.org Show headers Download Go to Full URL https://org.covid.dvinaland.ru/fonts/EtelkaLightPro/etelka-light-pro_16165-webfont.woff2 Requested by Host: org.covid.dvinaland.ru URL: https://org.covid.dvinaland.ru/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 188.130.238.50 Moscow, Russian Federation, ASN61416 (ARKHANGELSK-AS, CZ), Reverse DNS covid.dvinaland.ru Software nginx/1.18.0 / Resource Hash `2547ff623f1fe74d0ce00328ff02f879b643613800819dc74bf8b689c12794b4` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://org.covid.dvinaland.ru/styles/pgu2/css/app.css?_=1586353754119 Origin https://org.covid.dvinaland.ru Response headers Date Fri, 01 May 2020 17:48:49 GMT Content-Encoding br Last-Modified Thu, 30 Apr 2020 13:41:19 GMT Server nginx/1.18.0 ETag "5eaad57f-57ee" Content-Type font/woff2 Cache-Control max-age=315360000, public Connection keep-alive Content-Length 22510 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	als_ekibastuz_bold.woff2 org.covid.dvinaland.ru/fonts/ekibastuz/	12 KB 12 KB	328ms 143ms	Font font/woff2	188.130.238.50 ARKHANGELSK-AS
General Check archive.org Show headers Download Go to Full URL https://org.covid.dvinaland.ru/fonts/ekibastuz/als_ekibastuz_bold.woff2 Requested by Host: org.covid.dvinaland.ru URL: https://org.covid.dvinaland.ru/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 188.130.238.50 Moscow, Russian Federation, ASN61416 (ARKHANGELSK-AS, CZ), Reverse DNS covid.dvinaland.ru Software nginx/1.18.0 / Resource Hash `c20744f08709244c8600e72fa7cf988ac702bce65ece14f861c5bd7f8de4c494` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://org.covid.dvinaland.ru/styles/pgu2/css/app.css?_=1586353754119 Origin https://org.covid.dvinaland.ru Response headers Date Fri, 01 May 2020 17:48:49 GMT Content-Encoding br Last-Modified Thu, 30 Apr 2020 13:41:19 GMT Server nginx/1.18.0 ETag "5eaad57f-2fe5" Content-Type font/woff2 Cache-Control max-age=315360000, public Connection keep-alive Content-Length 12261 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	EtelkaMediumProRegular.woff org.covid.dvinaland.ru/fonts/EtelkaMediumPro/	98 KB 98 KB	572ms 282ms	Font font/woff	188.130.238.50 ARKHANGELSK-AS
General Check archive.org Show headers Download Go to Full URL https://org.covid.dvinaland.ru/fonts/EtelkaMediumPro/EtelkaMediumProRegular.woff Requested by Host: org.covid.dvinaland.ru URL: https://org.covid.dvinaland.ru/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 188.130.238.50 Moscow, Russian Federation, ASN61416 (ARKHANGELSK-AS, CZ), Reverse DNS covid.dvinaland.ru Software nginx/1.18.0 / Resource Hash `8068ca88bf4933ca78ab07d5b9462fbe0a1e542d7d7b4abefd5ad6d89855b09f` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://org.covid.dvinaland.ru/styles/pgu2/css/app.css?_=1586353754119 Origin https://org.covid.dvinaland.ru Response headers Date Fri, 01 May 2020 17:48:49 GMT Content-Encoding br Last-Modified Thu, 30 Apr 2020 13:41:19 GMT Server nginx/1.18.0 ETag "5eaad57f-18629" Content-Type font/woff Expires Thu, 31 Dec 2037 23:55:55 GMT Cache-Control max-age=315360000, public Connection keep-alive Content-Length 99881 X-Proxy-Cache MISS

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

org.covid.dvinaland.ru
188.130.238.50
2547ff623f1fe74d0ce00328ff02f879b643613800819dc74bf8b689c12794b4
3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019
4a8b5cb88f3a1cd9c45eed878c7fea136367e184d4d09e6704f8dbfe0d8ee18a
8068ca88bf4933ca78ab07d5b9462fbe0a1e542d7d7b4abefd5ad6d89855b09f
9af83300da0f4f401801a61ea8df1578dbd6fe133499d6eace5e5aea49a3dd66
9d02dcffe99b2a34a44b9ca9026434a4296c3aa140c175c5b50a3f08dbb61c2c
a22c42b6ec12ff853fc9b9850a63314bbc285641ec1e3556cf5990e1911e5c45
c20744f08709244c8600e72fa7cf988ac702bce65ece14f861c5bd7f8de4c494
d530b510e6b48bdd6ca81d7e15e85011bb902d29deccaa70391a6900c2408d6b
f8a712a7ad6a9b0415792b6792b2f52b5b0ff86837ede654cded7db06209f604

org.covid.dvinaland.ru Open in urlscan Pro 188.130.238.50 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

388 kBTransfer

1652 kBSize

0 Cookies

2 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

0 Cookies

Indicators

org.covid.dvinaland.ru Open in urlscan Pro
188.130.238.50 Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

388 kB
Transfer

1652 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions