urlscan.io logo urlscan.io
SecurityTrails logo

cdc.poltava.ua Open in urlscan Pro
2606:4700:30::681b:9b2d  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://cdc.poltava.ua/business
Effective URL: http://cdc.poltava.ua/business/znocxny6q9s9j8zr2n39zzir.php?6J9CCe156345885592bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5...
Submission: On July 18 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 3 HTTP transactions. The main IP is 2606:4700:30::681b:9b2d, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is cdc.poltava.ua.
This is the only time cdc.poltava.ua was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Excel / PDF download (Online)

Domain & IP information

IP Address AS Autonomous System
2 5 2606:4700:30:... 13335 (CLOUDFLAR...)
3 1
Apex Domain
Subdomains		 Transfer
5 cdc.poltava.ua
cdc.poltava.ua
195 KB
3 1
Domain Requested by
5 cdc.poltava.ua 2 redirects cdc.poltava.ua
3 1

This site contains no links.

Subject Issuer Validity Valid

1970-01-01 -
1970-01-01		 a few seconds crt.sh

This page contains 1 frames:

Primary Page: http://cdc.poltava.ua/business/znocxny6q9s9j8zr2n39zzir.php?6J9CCe156345885592bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf8
Frame ID: 03377193DF9E4718177FC1F78FD224DD
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://cdc.poltava.ua/business HTTP 301
    http://cdc.poltava.ua/business/ HTTP 302
    http://cdc.poltava.ua/business/znocxny6q9s9j8zr2n39zzir.php?6J9CCe156345885592bc6e69d5e76c0573cf66... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

3
Requests

0 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

194 kB
Transfer

195 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://cdc.poltava.ua/business HTTP 301
    http://cdc.poltava.ua/business/ HTTP 302
    http://cdc.poltava.ua/business/znocxny6q9s9j8zr2n39zzir.php?6J9CCe156345885592bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf8 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request znocxny6q9s9j8zr2n39zzir.php
cdc.poltava.ua/business/
Redirect Chain
  • https://cdc.poltava.ua/business
  • http://cdc.poltava.ua/business/
  • http://cdc.poltava.ua/business/znocxny6q9s9j8zr2n39zzir.php?6J9CCe156345885592bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46...
3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://cdc.poltava.ua/business/znocxny6q9s9j8zr2n39zzir.php?6J9CCe156345885592bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf8
Protocol
HTTP/1.1
Server
2606:4700:30::681b:9b2d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / PHP/7.3.0
Resource Hash
0099f2f08e81ba76d2d58c82c9e233f3b17caa86fe116fb31255f37346cf83be

Request headers

Host
cdc.poltava.ua
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Cookie
__cfduid=de617c47c0435d0304660cadd775f5c531563458854; PHPSESSID=c683a5079ae17ac16dfd4cb48cb0cadb
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 18 Jul 2019 14:07:36 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Powered-By
PHP/7.3.0
Vary
Accept-Encoding
Server
cloudflare
CF-RAY
4f8505d55d6fd6f9-FRA
Content-Encoding
gzip

Redirect headers

Date
Thu, 18 Jul 2019 14:07:35 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Powered-By
PHP/7.3.0
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Set-Cookie
PHPSESSID=c683a5079ae17ac16dfd4cb48cb0cadb; path=/
Location
znocxny6q9s9j8zr2n39zzir.php?6J9CCe156345885592bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf8
Vary
Accept-Encoding
Server
cloudflare
CF-RAY
4f8505d46a02d6f9-FRA
logo-connector-excel.png
cdc.poltava.ua/business/images/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cdc.poltava.ua/business/images/logo-connector-excel.png
Requested by
Host: cdc.poltava.ua
URL: http://cdc.poltava.ua/business/znocxny6q9s9j8zr2n39zzir.php?6J9CCe156345885592bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf8
Protocol
HTTP/1.1
Security
, ,
Server
2606:4700:30::681b:9b2d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2f0a12d82e986071057bb8d41f05e083d2b63d44bf270e8b671d282e4d2b77c8

Request headers

Referer
http://cdc.poltava.ua/business/znocxny6q9s9j8zr2n39zzir.php?6J9CCe156345885592bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf8
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 18 Jul 2019 14:07:36 GMT
CF-Cache-Status
HIT
Last-Modified
Tue, 16 Jul 2019 23:00:00 GMT
Server
cloudflare
Age
2
ETag
"5d2e56f0-20f5"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
public, max-age=14400
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
4f8505dfcba8d6f9-FRA
Content-Length
8437
Expires
Thu, 18 Jul 2019 18:07:36 GMT
background.jpg
cdc.poltava.ua/business/images/ 		184 KB
185 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cdc.poltava.ua/business/images/background.jpg
Requested by
Host: cdc.poltava.ua
URL: http://cdc.poltava.ua/business/znocxny6q9s9j8zr2n39zzir.php?6J9CCe156345885592bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf8
Protocol
HTTP/1.1
Security
, ,
Server
2606:4700:30::681b:9b2d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3735eee1a0eeec29398bb496e39190e579a2512a724c81c879a0e19a2bd3f5e4

Request headers

Referer
http://cdc.poltava.ua/business/znocxny6q9s9j8zr2n39zzir.php?6J9CCe156345885592bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf892bc6e69d5e76c0573cf66b46d8e0cf8
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 18 Jul 2019 14:07:36 GMT
CF-Cache-Status
HIT
Last-Modified
Tue, 16 Jul 2019 23:00:00 GMT
Server
cloudflare
Age
2
ETag
"5d2e56f0-2e070"
Vary
Accept-Encoding
Content-Type
image/jpeg
Cache-Control
public, max-age=14400
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
4f8505dfdbebd6f9-FRA
Content-Length
188528
Expires
Thu, 18 Jul 2019 18:07:36 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Excel / PDF download (Online)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| validateForm

2 Cookies

Domain/Path Name / Value
cdc.poltava.ua/ Name: PHPSESSID
Value: c683a5079ae17ac16dfd4cb48cb0cadb
.cdc.poltava.ua/ Name: __cfduid
Value: de617c47c0435d0304660cadd775f5c531563458854

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdc.poltava.ua
2606:4700:30::681b:9b2d
0099f2f08e81ba76d2d58c82c9e233f3b17caa86fe116fb31255f37346cf83be
2f0a12d82e986071057bb8d41f05e083d2b63d44bf270e8b671d282e4d2b77c8
3735eee1a0eeec29398bb496e39190e579a2512a724c81c879a0e19a2bd3f5e4