agvwepb9c7krt.gaflaxy.nov.ru Open in urlscan Pro
188.114.97.3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://demo.vieclamcantho.vn/baohiemthatnghiep/Redirect.aspx?sms=90bb20bb20tbb20thc3%B4ng&link=https://agvwepb9c7krt.gaflaxy....
Effective URL:
https://agvwepb9c7krt.gaflaxy.nov.ru/index.html
Submission: On May 21 via manual (May 21st 2024, 10:05:41 am UTC) from IN — Scanned from DE

Summary HTTP 13 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 7 IPs in 4 countries across 3 domains to perform 13 HTTP transactions. The main IP is 188.114.97.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is agvwepb9c7krt.gaflaxy.nov.ru.
TLS certificate: Issued by GTS CA 1P5 on April 28th 2024. Valid for: 3 months.

This is the only time agvwepb9c7krt.gaflaxy.nov.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer) Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
3	14.225.53.27 14.225.53.27	135905 (VNPT-AS-V...) (VNPT-AS-VN VIETNAM POSTS AND TELECOMMUNICATIONS GROUP)
1 6	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	104.17.2.184 104.17.2.184	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.17.3.184 104.17.3.184	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	7

3 14.225.53.27 (Hanoi, Viet Nam)

ASN135905 (VNPT-AS-VN VIETNAM POSTS AND TELECOMMUNICATIONS GROUP, VN)
PTR: static.vnpt.vn

demo.vieclamcantho.vn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 188.114.97.3 (Amsterdam, Netherlands) 1 redirects

ASN13335 (CLOUDFLARENET, US)

agvwepb9c7krt.gaflaxy.nov.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.2.184 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

challenges.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

proiswm.nov.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

comoet.nov.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.3.184 (None, )

ASN13335 (CLOUDFLARENET, US)

challenges.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	nov.ru 1 redirects agvwepb9c7krt.gaflaxy.nov.ru proiswm.nov.ru comoet.nov.ru	114 KB
3	cloudflare.com 1 redirects challenges.cloudflare.com — Cisco Umbrella Rank: 4500	14 KB
3	vieclamcantho.vn demo.vieclamcantho.vn	32 KB
13	3

	Domain	Requested by
6	agvwepb9c7krt.gaflaxy.nov.ru	1 redirects demo.vieclamcantho.vn agvwepb9c7krt.gaflaxy.nov.ru
3	challenges.cloudflare.com	1 redirects agvwepb9c7krt.gaflaxy.nov.ru challenges.cloudflare.com
3	demo.vieclamcantho.vn	demo.vieclamcantho.vn
2	comoet.nov.ru	demo.vieclamcantho.vn
1	proiswm.nov.ru	agvwepb9c7krt.gaflaxy.nov.ru
13	5

This site contains links to these domains. Also see Links.

Domain
www.microsoft.com
privacy.microsoft.com
login.live.com
go.microsoft.com

Subject Issuer	Validity	Valid
vieclamcantho.vn R3	`2024-05-07` - `2024-08-05`	3 months	crt.sh
gaflaxy.nov.ru GTS CA 1P5	`2024-04-28` - `2024-07-27`	3 months	crt.sh
proiswm.nov.ru E1	`2024-04-29` - `2024-07-28`	3 months	crt.sh
comoet.nov.ru GTS CA 1P5	`2024-04-29` - `2024-07-28`	3 months	crt.sh
challenges.cloudflare.com Cloudflare Inc ECC CA-3	`2023-08-18` - `2024-08-17`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://agvwepb9c7krt.gaflaxy.nov.ru/index.html
Frame ID: DF690E669838008035F0942AB4DABA7A
Requests: 18 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/wnsjj/0x4AAAAAAAaQjobCH7fCod-1/light/normal
Frame ID: 7F259BD9644F6FB6A889920E45EBB437
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Charming River

Page URL History Show full URLs

http://demo.vieclamcantho.vn/baohiemthatnghiep/Redirect.aspx?sms=90bb20bb20tbb20thc3%B4ng&link=https://ag... HTTP 307
https://demo.vieclamcantho.vn/baohiemthatnghiep/Redirect.aspx?sms=90bb20bb20tbb20thc3%B4ng&link=https://ag... Page URL
https://agvwepb9c7krt.gaflaxy.nov.ru/index.html Page URL
https://agvwepb9c7krt.gaflaxy.nov.ru/cdn-cgi/phish-bypass?atok=2Bjfn5NM_dxiV3Dcg5wAp9KplrThQWWZnuSvMxxOGt4-171628... HTTP 301
https://agvwepb9c7krt.gaflaxy.nov.ru/index.html Page URL

Page Statistics

13
Requests

92 %
HTTPS

33 %
IPv6

3
Domains

5
Subdomains

7
IPs

4
Countries

161 kB
Transfer

1724 kB
Size

2
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.microsoft.com/en-US/servicesagreement/
Title: Terms of use

Search URL Search Domain Scan URL

URL: https://privacy.microsoft.com/en-US/privacystatement
Title: Privacy & cookies

Search URL Search Domain Scan URL

URL: https://login.live.com/gls.srf?urlID=WinLiveTermsOfUse&mkt=EN-US&uaid=31ed50a0657f4c7aa09e947465dde55e
Title: Terms of use

Search URL Search Domain Scan URL

URL: https://login.live.com/gls.srf?urlID=MSNPrivacyStatement&mkt=EN-US&uaid=31ed50a0657f4c7aa09e947465dde55e
Title: Privacy & cookies

Search URL Search Domain Scan URL

URL: https://login.live.com/
Title: ...

Search URL Search Domain Scan URL

URL: https://go.microsoft.com/fwlink/p/?LinkId=708614
Title: More information

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://demo.vieclamcantho.vn/baohiemthatnghiep/Redirect.aspx?sms=90bb20bb20tbb20thc3%B4ng&link=https://agvwepb9c7krt.gaflaxy.nov.ru/index.html HTTP 307
https://demo.vieclamcantho.vn/baohiemthatnghiep/Redirect.aspx?sms=90bb20bb20tbb20thc3%B4ng&link=https://agvwepb9c7krt.gaflaxy.nov.ru/index.html Page URL
https://agvwepb9c7krt.gaflaxy.nov.ru/index.html Page URL
https://agvwepb9c7krt.gaflaxy.nov.ru/cdn-cgi/phish-bypass?atok=2Bjfn5NM_dxiV3Dcg5wAp9KplrThQWWZnuSvMxxOGt4-1716285932-0.0.1.1-%2Findex.html HTTP 301
https://agvwepb9c7krt.gaflaxy.nov.ru/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://demo.vieclamcantho.vn/baohiemthatnghiep/Redirect.aspx?sms=90bb20bb20tbb20thc3%B4ng&link=https://agvwepb9c7krt.gaflaxy.nov.ru/index.html HTTP 307
https://demo.vieclamcantho.vn/baohiemthatnghiep/Redirect.aspx?sms=90bb20bb20tbb20thc3%B4ng&link=https://agvwepb9c7krt.gaflaxy.nov.ru/index.html

Request Chain 7

https://challenges.cloudflare.com/turnstile/v0/api.js HTTP 302
https://challenges.cloudflare.com/turnstile/v0/b/695da7821231/api.js

13 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Redirect.aspx Show response
demo.vieclamcantho.vn/baohiemthatnghiep/
Redirect Chain

http://demo.vieclamcantho.vn/baohiemthatnghiep/Redirect.aspx?sms=90bb20bb20tbb20thc3%B4ng&link=https://agvwepb9c7krt.gaflaxy.nov.ru/index.html
https://demo.vieclamcantho.vn/baohiemthatnghiep/Redirect.aspx?sms=90bb20bb20tbb20thc3%B4ng&link=https://agvwepb9c7krt.gaflaxy.nov.ru/index.html

2 KB
2 KB

1380ms
359ms

Document
text/html

14.225.53.27
VNPT-AS-VN VIETNA...

General

Check archive.org

Show headers Download Go to

Full URL: https://demo.vieclamcantho.vn/baohiemthatnghiep/Redirect.aspx?sms=90bb20bb20tbb20thc3%B4ng&link=https://agvwepb9c7krt.gaflaxy.nov.ru/index.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 14.225.53.27 Hanoi, Viet Nam, ASN135905 (VNPT-AS-VN VIETNAM POSTS AND TELECOMMUNICATIONS GROUP, VN),
Reverse DNS: static.vnpt.vn
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 0d2622783c1c94b65e13ac21d2ce88374d303f6bd6e389ae91153d8cf46fced2

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

cache-control: private
content-length: 1984
content-type: text/html; charset=utf-8
date: Tue, 21 May 2024 10:05:30 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 2.0.50727
x-powered-by: ASP.NET

Redirect headers

Location: https://demo.vieclamcantho.vn/baohiemthatnghiep/Redirect.aspx?sms=90bb20bb20tbb20thc3%B4ng&link=https://agvwepb9c7krt.gaflaxy.nov.ru/index.html
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 loading.gif
demo.vieclamcantho.vn/baohiemthatnghiep/images/ 13 KB
13 KB 357ms
356ms Image
image/gif 14.225.53.27
VNPT-AS-VN VIETNA...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://demo.vieclamcantho.vn/baohiemthatnghiep/images/loading.gif
Requested by: Host: demo.vieclamcantho.vn
URL: https://demo.vieclamcantho.vn/baohiemthatnghiep/Redirect.aspx?sms=90bb20bb20tbb20thc3%B4ng&link=https://agvwepb9c7krt.gaflaxy.nov.ru/index.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 14.225.53.27 Hanoi, Viet Nam, ASN135905 (VNPT-AS-VN VIETNAM POSTS AND TELECOMMUNICATIONS GROUP, VN),
Reverse DNS: static.vnpt.vn
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 256a72ddd0fe6296f37d3894b9af1d197068a1884b0b8d1556e36d342fdf6abd

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://demo.vieclamcantho.vn/baohiemthatnghiep/Redirect.aspx?sms=90bb20bb20tbb20thc3%B4ng&link=https://agvwepb9c7krt.gaflaxy.nov.ru/index.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 10:05:31 GMT
last-modified: Wed, 24 May 2023 11:06:33 GMT
server: Microsoft-IIS/10.0
etag: "eb0fbcc2f8ed91:0"
x-powered-by: ASP.NET
content-type: image/gif
accept-ranges: bytes
content-length: 13135

GET
H2 200 favicon.ico
demo.vieclamcantho.vn/ 17 KB
17 KB 357ms
356ms Other
image/x-icon 14.225.53.27
VNPT-AS-VN VIETNA...

General

Check archive.org

Show headers Download Go to

Full URL: https://demo.vieclamcantho.vn/favicon.ico
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 14.225.53.27 Hanoi, Viet Nam, ASN135905 (VNPT-AS-VN VIETNAM POSTS AND TELECOMMUNICATIONS GROUP, VN),
Reverse DNS: static.vnpt.vn
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b57d38ae105fe112a7ed00c176c935c46c77761bae33f023d4fda72450043607

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://demo.vieclamcantho.vn/baohiemthatnghiep/Redirect.aspx?sms=90bb20bb20tbb20thc3%B4ng&link=https://agvwepb9c7krt.gaflaxy.nov.ru/index.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 10:05:31 GMT
last-modified: Wed, 24 May 2023 11:06:02 GMT
server: Microsoft-IIS/10.0
etag: "85f9eba2f8ed91:0"
x-powered-by: ASP.NET
content-type: image/x-icon
accept-ranges: bytes
content-length: 17542

GET
H3 200 index.html Show response
agvwepb9c7krt.gaflaxy.nov.ru/ 4 KB
2 KB 147ms
47ms Document
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://agvwepb9c7krt.gaflaxy.nov.ru/index.html

Requested by

Host: demo.vieclamcantho.vn
URL: https://demo.vieclamcantho.vn/baohiemthatnghiep/Redirect.aspx?sms=90bb20bb20tbb20thc3%B4ng&link=https://agvwepb9c7krt.gaflaxy.nov.ru/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddb2f75f4378aa1168ef38de9fd9219ecc05c2cdbb0ce39aae65dbd554140a50

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://demo.vieclamcantho.vn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cf-ray: 8873bfa68f5219ad-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 21 May 2024 10:05:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FjFCbq0oIWwBGCPGm8%2BAc46Nj8ZMW9cSMwudgTgQH0kafnb3Wc1Tlir%2B9CzbitG%2BaSWTyvBavMm5GQ4Jzisut%2BU7kUbkYA4xP0qpGDUQmFYjOQR533z2VDg9%2BFixexHapj%2F2dhYf6r8IIsXl%2BegB"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H3 200 cf.errors.css
agvwepb9c7krt.gaflaxy.nov.ru/cdn-cgi/styles/ 23 KB
5 KB 43ms
43ms Stylesheet
text/css 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://agvwepb9c7krt.gaflaxy.nov.ru/cdn-cgi/styles/cf.errors.css

Requested by

Host: agvwepb9c7krt.gaflaxy.nov.ru
URL: https://agvwepb9c7krt.gaflaxy.nov.ru/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://agvwepb9c7krt.gaflaxy.nov.ru/index.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 10:05:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 14 May 2024 13:45:29 GMT
server: cloudflare
etag: W/"66436af9-5df3"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 8873bfa6efeb19ad-FRA
expires: Tue, 21 May 2024 12:05:32 GMT

GET
H3 200 icon-exclamation.png
agvwepb9c7krt.gaflaxy.nov.ru/cdn-cgi/images/ 452 B
635 B 47ms
47ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://agvwepb9c7krt.gaflaxy.nov.ru/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: agvwepb9c7krt.gaflaxy.nov.ru
URL: https://agvwepb9c7krt.gaflaxy.nov.ru/cdn-cgi/styles/cf.errors.css

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://agvwepb9c7krt.gaflaxy.nov.ru/cdn-cgi/styles/cf.errors.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 10:05:32 GMT
x-content-type-options: nosniff
last-modified: Tue, 14 May 2024 13:45:29 GMT
server: cloudflare
etag: "66436af9-1c4"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 8873bfa7385719ad-FRA
content-length: 452
expires: Tue, 21 May 2024 12:05:32 GMT

GET
H3 404 favicon.ico
agvwepb9c7krt.gaflaxy.nov.ru/ 1 KB
1 KB 106ms
106ms Other
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://agvwepb9c7krt.gaflaxy.nov.ru/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 679e7e62b81267c93d0778083ae0fd0efe24172ff0ac581835b54165b3d9ed43

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://agvwepb9c7krt.gaflaxy.nov.ru/index.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 21 May 2024 10:05:32 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I6Kokindd6A9ofMtRCqFf8fUgH1NDX84h%2FmIz3oklu5IunSbEsg4H%2F1CUWQ7iNFEB7IBT45xlV3jQ17Hoo1Zaxt%2FPwgTvLPumfHcPkDObYz%2Fb1o4tztTUH2jOSx%2FNdhkijPAqHDwgFTJPnh5A2iS"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: private, no-cache, max-age=0
cf-ray: 8873bfa788d819ad-FRA
alt-svc: h3=":443"; ma=86400

GET
H3

200

Primary Request index.html Show response
agvwepb9c7krt.gaflaxy.nov.ru/
Redirect Chain

https://agvwepb9c7krt.gaflaxy.nov.ru/cdn-cgi/phish-bypass?atok=2Bjfn5NM_dxiV3Dcg5wAp9KplrThQWWZnuSvMxxOGt4-1716285932-0.0.1.1-%2Findex.html
https://agvwepb9c7krt.gaflaxy.nov.ru/index.html

4 KB
2 KB

165ms
165ms

Document
text/html

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://agvwepb9c7krt.gaflaxy.nov.ru/index.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8987f58d530d878217daec76d84ea190d40264c31d785835e04f8acca21ed95d

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://agvwepb9c7krt.gaflaxy.nov.ru/index.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8873bfb64ee319ad-FRA
content-encoding: br
content-type: text/html
date: Tue, 21 May 2024 10:05:35 GMT
last-modified: Fri, 17 May 2024 10:18:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q8mL7U6CRYnEP4YgizV%2FtI2YGlhRwp8h%2BoRLMEt6U%2F%2FcjrwdZ5eRa8esUEI91yPfo13wEkVXrJk0c8S0M%2FKZDgELsi5Jl2Fn6Sco0GrzFfZ6TeXPMsdniNokMi%2FSkJQ%2FB2Et%2BZ634owDIF8rLMhL"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

cache-control: private, no-cache
cf-ray: 8873bfb60e5519ad-FRA
content-length: 167
content-type: text/html
date: Tue, 21 May 2024 10:05:35 GMT
location: https://agvwepb9c7krt.gaflaxy.nov.ru/index.html
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H3

200

api.js Show response
challenges.cloudflare.com/turnstile/v0/b/695da7821231/
Redirect Chain

https://challenges.cloudflare.com/turnstile/v0/api.js
https://challenges.cloudflare.com/turnstile/v0/b/695da7821231/api.js

42 KB
14 KB

59ms
59ms

Script
application/javascript

104.17.2.184
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/turnstile/v0/b/695da7821231/api.js
Requested by: Host: agvwepb9c7krt.gaflaxy.nov.ru
URL: https://agvwepb9c7krt.gaflaxy.nov.ru/index.html
Protocol: H3
Server: 104.17.2.184 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e158035a6f740b0245a027bf0d559c56782ebbeec7cab5a827083bd16aa47901

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://agvwepb9c7krt.gaflaxy.nov.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Tue, 21 May 2024 10:05:35 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=604800, public
cross-origin-resource-policy: cross-origin
cf-ray: 8873bfb9a995349e-WAW
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Tue, 21 May 2024 10:05:35 GMT
server: cloudflare
vary: Accept-Encoding
location: /turnstile/v0/b/695da7821231/api.js
access-control-allow-origin: *
cache-control: max-age=300, public
cross-origin-resource-policy: cross-origin
cf-ray: 8873bfb938c2349e-WAW
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 code.php Show response
proiswm.nov.ru/ 2 MB
103 KB 970ms
660ms Script
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://proiswm.nov.ru/code.php
Requested by: Host: agvwepb9c7krt.gaflaxy.nov.ru
URL: https://agvwepb9c7krt.gaflaxy.nov.ru/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 498e998e5c3068f8f08efb6c3d8cc05e2f972c2c10ceb0448234432de0c92696

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://agvwepb9c7krt.gaflaxy.nov.ru/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 10:05:36 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I3%2FXLV04KSjIn0wdOK8XsoovRBX4gHfId6vIb0Xvsl7A5A0VtmlT0Pjl9slvludMMDdbBV%2FKCLU1I7I%2FDt2oogUjaum41FiWnKN1dcZ%2BawnPgT5vOVLIeSw9oSQuUtDsAeeScXk43H1Nwnr5AQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cf-ray: 8873bfb959e34d5b-FRA
alt-svc: h3=":443"; ma=86400

POST
H2 200 pro.php Show response
comoet.nov.ru/ 240 B
566 B 237ms
237ms XHR
application/json 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://comoet.nov.ru/pro.php
Requested by: Host: demo.vieclamcantho.vn
URL: https://demo.vieclamcantho.vn/baohiemthatnghiep/Redirect.aspx?sms=90bb20bb20tbb20thc3%B4ng&link=https://agvwepb9c7krt.gaflaxy.nov.ru/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9167c4e8fb27824593308779168970015d1334ea3986172b052c06109e574d8

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Xsrf: 6e234f9ad5f5c7cd5cc4cb7d667eb9f5ae86c221
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 10:05:37 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=viHNIs8tt84EbryjRGy9mymewjWhsUsojc6X72MjUMD7a%2Fzr%2B%2F5nH4tAJoxB%2BwI9uQIaPUcIhl9hRbq2D%2B4NKp9Extfn3aagVL%2Bi%2F8s%2FKFhyq41EgxoQ1K8y9dhf4MdRpujf7jjlPTSljRjf"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
cf-ray: 8873bfc14ecf36e0-FRA
access-control-allow-headers: *
content-length: 230
alt-svc: h3=":443"; ma=86400

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 513 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 7 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a7ee799dd5b6f6dbb70b043b766362a6724e71458f9839306c995f06b218c2f8

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 55ce3b0ce5bc71339308107982cd7671f96014256ded0be36dc8062e64c847f1

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cbb3706e65b35a43bdcfebd23b5479dc0542ca7e23197869b683d12b524472fe

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 250 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8ed8f3acb9b87f99e42c74463d4e2be96ee85b8a87cd6eb874295ace420a5904

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/wnsjj/0x4AAAAAAAaQjobCH7fCod-1/light/ Frame 7F25 0
0 146ms
79ms Document
text/html 104.17.3.184
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/wnsjj/0x4AAAAAAAaQjobCH7fCod-1/light/normal

Requested by

Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/api.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.3.184 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-src https://challenges.cloudflare.com/; base-uri 'self'

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
alt-svc: h3=":443"; ma=86400
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 8873bfc0e932352e-WAW
content-encoding: br
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
content-type: text/html; charset=UTF-8
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
date: Tue, 21 May 2024 10:05:36 GMT
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare

OPTIONS
H2 200 pro.php
comoet.nov.ru/ Frame 0
0 432ms
105ms Preflight
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://comoet.nov.ru/pro.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: xsrf
Access-Control-Request-Method: POST
Origin: https://agvwepb9c7krt.gaflaxy.nov.ru
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8873bfc0ade136e0-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 21 May 2024 10:05:36 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PLocY5GvyvivRLW744VEm9ca8H0aEGB4IQWqkJoA%2BdbntQK5CLlDLF9KXCq%2Fu4EZZCA5GEeV3zfu0wagIvfIpS0Yifg8ztjW778YeTijM0DFfUfrnbORGwsmD57yJaFyB6JF9j1LkGGDo1gS"}],"group":"cf-nel","max_age":604800}
server: cloudflare

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer) Generic Cloudflare (Online)

60 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			demo.vieclamcantho.vn/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: hnq3hkuoe4xpclm3y4wsqby0
			.agvwepb9c7krt.gaflaxy.nov.ru/	1970-01-20 20:46:12	Name: __cf_mw_byp Value: 2Bjfn5NM_dxiV3Dcg5wAp9KplrThQWWZnuSvMxxOGt4-1716285932-0.0.1.1-/index.html

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://agvwepb9c7krt.gaflaxy.nov.ru/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://proiswm.nov.ru/code.php Message: The Content Security Policy 'default-src 'none'; font-src 'self' data:; img-src 'self' data:; style-src 'unsafe-inline'; media-src 'self' data:; script-src 'unsafe-inline' data:; object-src 'self' data:; frame-src 'self' data:;' was delivered via a <meta> element outside the document's <head>, which is disallowed. The policy has been ignored.
security	error	URL: https://proiswm.nov.ru/code.php Message: The Content Security Policy 'default-src 'none'; font-src 'self' data:; img-src 'self' data:; style-src 'unsafe-inline'; media-src 'self' data:; script-src 'unsafe-inline' data:; object-src 'self' data:; frame-src 'self' data:;' was delivered via a <meta> element outside the document's <head>, which is disallowed. The policy has been ignored.
security	error	URL: https://proiswm.nov.ru/code.php Message: The Content Security Policy 'default-src 'none'; font-src 'self' data:; img-src 'self' data:; style-src 'unsafe-inline'; media-src 'self' data:; script-src 'unsafe-inline' data:; object-src 'self' data:; frame-src 'self' data:;' was delivered via a <meta> element outside the document's <head>, which is disallowed. The policy has been ignored.
security	error	URL: https://proiswm.nov.ru/code.php Message: The Content Security Policy 'default-src 'none'; font-src 'self' data:; img-src 'self' data:; style-src 'unsafe-inline'; media-src 'self' data:; script-src 'unsafe-inline' data:; object-src 'self' data:; frame-src 'self' data:;' was delivered via a <meta> element outside the document's <head>, which is disallowed. The policy has been ignored.
security	error	URL: https://proiswm.nov.ru/code.php Message: The Content Security Policy 'default-src 'none'; font-src 'self' data:; img-src 'self' data:; style-src 'unsafe-inline'; media-src 'self' data:; script-src 'unsafe-inline' data:; object-src 'self' data:; frame-src 'self' data:;' was delivered via a <meta> element outside the document's <head>, which is disallowed. The policy has been ignored.
security	error	URL: https://proiswm.nov.ru/code.php Message: The Content Security Policy 'default-src 'none'; font-src 'self' data:; img-src 'self' data:; style-src 'unsafe-inline'; media-src 'self' data:; script-src 'unsafe-inline' data:; object-src 'self' data:; frame-src 'self' data:;' was delivered via a <meta> element outside the document's <head>, which is disallowed. The policy has been ignored.
recommendation	verbose	URL: https://agvwepb9c7krt.gaflaxy.nov.ru/index.html Message: [DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

agvwepb9c7krt.gaflaxy.nov.ru
challenges.cloudflare.com
comoet.nov.ru
demo.vieclamcantho.vn
proiswm.nov.ru
104.17.2.184
104.17.3.184
14.225.53.27
188.114.97.3
2a06:98c1:3120::3
2a06:98c1:3121::3
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0d2622783c1c94b65e13ac21d2ce88374d303f6bd6e389ae91153d8cf46fced2
256a72ddd0fe6296f37d3894b9af1d197068a1884b0b8d1556e36d342fdf6abd
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
498e998e5c3068f8f08efb6c3d8cc05e2f972c2c10ceb0448234432de0c92696
55ce3b0ce5bc71339308107982cd7671f96014256ded0be36dc8062e64c847f1
679e7e62b81267c93d0778083ae0fd0efe24172ff0ac581835b54165b3d9ed43
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
8987f58d530d878217daec76d84ea190d40264c31d785835e04f8acca21ed95d
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
8ed8f3acb9b87f99e42c74463d4e2be96ee85b8a87cd6eb874295ace420a5904
a7ee799dd5b6f6dbb70b043b766362a6724e71458f9839306c995f06b218c2f8
b57d38ae105fe112a7ed00c176c935c46c77761bae33f023d4fda72450043607
cbb3706e65b35a43bdcfebd23b5479dc0542ca7e23197869b683d12b524472fe
d9167c4e8fb27824593308779168970015d1334ea3986172b052c06109e574d8
ddb2f75f4378aa1168ef38de9fd9219ecc05c2cdbb0ce39aae65dbd554140a50
e158035a6f740b0245a027bf0d559c56782ebbeec7cab5a827083bd16aa47901
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

agvwepb9c7krt.gaflaxy.nov.ru Open in urlscan Pro 188.114.97.3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

13 Requests

92 %HTTPS

33 %IPv6

3 Domains

5 Subdomains

7 IPs

4 Countries

161 kBTransfer

1724 kBSize

2 Cookies

6 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

60 JavaScript Global Variables

2 Cookies

8 Console Messages

Indicators

agvwepb9c7krt.gaflaxy.nov.ru Open in urlscan Pro
188.114.97.3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

92 %
HTTPS

33 %
IPv6

3
Domains

5
Subdomains

7
IPs

4
Countries

161 kB
Transfer

1724 kB
Size

2
Cookies

13 HTTP transactions
7 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!