urlscan.io logo urlscan.io
SecurityTrails logo

update.buh.by Open in urlscan Pro
212.98.162.47  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://updatecloud2018.buh.by/
Effective URL: https://update.buh.by/
Submission: On July 08 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 13 HTTP transactions. The main IP is 212.98.162.47, located in Slepnya, Belarus and belongs to BN-AS Belarussian data communication service provider., BY. The main domain is update.buh.by.
TLS certificate: Issued by R11 on June 19th 2024. Valid for: 3 months.
This is the only time update.buh.by was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 178.159.45.220 202090 (ACTIVECLO...)
4 212.98.162.47 12406 (BN-AS Bel...)
1 6 95.163.52.67 47764 (VK-AS)
4 2a00:1148:100... 47764 (VK-AS)
13 3
Apex Domain
Subdomains		 Transfer
10 mail.ru
top-fwz1.mail.ru — Cisco Umbrella Rank: 8283
privacy-cs.mail.ru — Cisco Umbrella Rank: 14594
61 KB
4 buh.by
updatecloud2018.buh.by
update.buh.by
12 KB
1 jukola.info
bm2017.jukola.info
13 3
Domain Requested by
6 top-fwz1.mail.ru 1 redirects update.buh.by
top-fwz1.mail.ru
4 privacy-cs.mail.ru top-fwz1.mail.ru
privacy-cs.mail.ru
3 update.buh.by update.buh.by
1 bm2017.jukola.info update.buh.by
1 updatecloud2018.buh.by 1 redirects
13 5

This site contains links to these domains. Also see Links.

Domain
www.jukola.by
buh.by
update2.buh.by
www.buh.by
top.mail.ru
Subject Issuer Validity Valid
update.buh.by
R11		 2024-06-19 -
2024-09-17		 3 months crt.sh
*.mail.ru
GlobalSign ECC OV SSL CA 2018		 2023-10-06 -
2024-11-06		 a year crt.sh
bm.jukola.info
R10		 2024-06-14 -
2024-09-12		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://update.buh.by/
Frame ID: 2EDA33D91BD0B5BE0D436FBDB90BE5A5
Requests: 11 HTTP requests in this frame

Frame: https://bm2017.jukola.info/abmw.asp?z=7&isframe=true&autorotate=true
Frame ID: 9D89C0FAF6BEBB4E7DE13E725D992DEF
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Автоматический заказ обновления настроек 1С от компании "ЮКОЛА-ИНФО"

Page URL History Show full URLs

  1. https://updatecloud2018.buh.by/ HTTP 302
    https://update.buh.by/ Page URL

Page Statistics

13
Requests

92 %
HTTPS

25 %
IPv6

3
Domains

5
Subdomains

3
IPs

2
Countries

72 kB
Transfer

195 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://updatecloud2018.buh.by/ HTTP 302
    https://update.buh.by/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://top-fwz1.mail.ru/counter?id=942103;t=479;l=1 HTTP 302
  • https://top-fwz1.mail.ru/counter2?id=942103;t=479;l=1

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
update.buh.by/
Redirect Chain
  • https://updatecloud2018.buh.by/
  • https://update.buh.by/
10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://update.buh.by/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
212.98.162.47 Slepnya, Belarus, ASN12406 (BN-AS Belarussian data communication service provider., BY),
Reverse DNS
Software
IIS /
Resource Hash
3df6e7a3a74fad697c89f639be87567480bc0b7f670aa2ecadca6d2e787f7245
Security Headers
Name Value
Content-Security-Policy frame-ancestors bm2017.jukola.info buh.by
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
private
Content-Encoding
gzip
Content-Length
4447
Content-Security-Policy
frame-ancestors bm2017.jukola.info buh.by
Content-Type
text/html
Date
Mon, 08 Jul 2024 06:13:49 GMT
Server
IIS
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-XSS-Protection
1

Redirect headers

cache-control
private
content-length
150
content-security-policy
frame-ancestors 'self'
content-type
text/html
date
Mon, 08 Jul 2024 06:13:49 GMT
location
https://update.buh.by
referrer-policy
origin
x-xss-protection
1
style.css
update.buh.by/ 		1 KB
919 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://update.buh.by/style.css
Requested by
Host: update.buh.by
URL: https://update.buh.by/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
212.98.162.47 Slepnya, Belarus, ASN12406 (BN-AS Belarussian data communication service provider., BY),
Reverse DNS
Software
IIS /
Resource Hash
32a158691bd1ab83c6644c00abfa9190da82ee8edb168693e429aef20cdb2406
Security Headers
Name Value
Content-Security-Policy frame-ancestors bm2017.jukola.info buh.by
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://update.buh.by/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
frame-ancestors bm2017.jukola.info buh.by
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Date
Mon, 08 Jul 2024 06:13:49 GMT
Last-Modified
Wed, 14 Nov 2012 10:04:44 GMT
Server
IIS
ETag
"064b784fc2cd1:0"
Vary
Accept-Encoding
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
543
X-XSS-Protection
1
counter2
top-fwz1.mail.ru/
Redirect Chain
  • https://top-fwz1.mail.ru/counter?id=942103;t=479;l=1
  • https://top-fwz1.mail.ru/counter2?id=942103;t=479;l=1
2 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://top-fwz1.mail.ru/counter2?id=942103;t=479;l=1
Requested by
Host: update.buh.by
URL: https://update.buh.by/
Protocol
H2
Server
95.163.52.67 , Russian Federation, ASN47764 (VK-AS, RU),
Reverse DNS
top-fwz1.mail.ru
Software
nginx /
Resource Hash
1db32f93ad65f75448331c9e05fd71ddfb4acdf03e45b5cb11625a780910c64b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://update.buh.by/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 08 Jul 2024 06:13:49 GMT
x-content-type-options
nosniff
p3p
CP="NOI DSP COR NID CUR PSA OUR NOR"
content-length
2513
pragma
no-cache
amp-access-control-allow-source-origin
*
server
nginx
accept-ch
DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
access-control-allow-methods
GET, POST, HEAD, PUT, OPTIONS
content-type
image/gif
access-control-allow-origin
*
accept-ch-lifetime
86400
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
private, no-cache, no-store, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
*

Redirect headers

date
Mon, 08 Jul 2024 06:13:49 GMT
x-content-type-options
nosniff
p3p
CP="NOI DSP COR NID CUR PSA OUR NOR"
content-length
0
pragma
no-cache
amp-access-control-allow-source-origin
*
server
nginx
accept-ch
DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
access-control-allow-methods
GET, POST, HEAD, PUT, OPTIONS
accept-ch-lifetime
86400
location
https://top-fwz1.mail.ru/counter2?id=942103;t=479;l=1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
private, no-cache, no-store, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
*
code.js
top-fwz1.mail.ru/js/ 		45 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://top-fwz1.mail.ru/js/code.js
Requested by
Host: update.buh.by
URL: https://update.buh.by/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
95.163.52.67 , Russian Federation, ASN47764 (VK-AS, RU),
Reverse DNS
top-fwz1.mail.ru
Software
nginx /
Resource Hash
361d329ec16f262f405420293c028e6447946ac15af535e9c77a13c7735314d2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://update.buh.by/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 08 Jul 2024 06:13:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="NOI DSP COR NID CUR PSA OUR NOR"
amp-access-control-allow-source-origin
*
last-modified
Tue, 02 Jul 2024 15:24:48 GMT
server
nginx
accept-ch
DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
etag
W/"66841bc0-b46d"
access-control-allow-methods
GET, POST, HEAD, PUT, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
accept-ch-lifetime
86400
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
max-age=3600, private
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
*
expires
Mon, 08 Jul 2024 07:13:49 GMT
abmw.asp
bm2017.jukola.info/ Frame 9D89 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://bm2017.jukola.info/abmw.asp?z=7&isframe=true&autorotate=true
Requested by
Host: update.buh.by
URL: https://update.buh.by/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
212.98.162.47 Slepnya, Belarus, ASN12406 (BN-AS Belarussian data communication service provider., BY),
Reverse DNS
Software
IIS /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' buh.by

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://update.buh.by/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
private,no-cache
Content-Encoding
gzip
Content-Length
583
Content-Security-Policy
frame-ancestors 'self' buh.by
Content-Type
text/html; charset=windows-1251
Date
Mon, 08 Jul 2024 06:13:49 GMT
Expires
Sun, 07 Jul 2024 06:13:48 GMT
Pragma
no-cache
Server
IIS
Vary
Accept-Encoding
sync-loader.js
privacy-cs.mail.ru/static/ 		127 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://privacy-cs.mail.ru/static/sync-loader.js
Requested by
Host: top-fwz1.mail.ru
URL: https://top-fwz1.mail.ru/js/code.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a00:1148:1000:101:8:3:0:17 , Russian Federation, ASN47764 (VK-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
83e21c68d339467007adb02e5c235de0eeb331fd7ac3e76d16aa9daa8f3ecf88

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://update.buh.by/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 08 Jul 2024 06:13:49 GMT
Content-Encoding
gzip
Server
nginx
Transfer-Encoding
chunked
Content-Type
application/javascript;charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=600
Connection
keep-alive
Timing-Allow-Origin
*
Expires
Mon, 08 Jul 2024 06:23:49 GMT
dyn-goal-config.js
top-fwz1.mail.ru/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://top-fwz1.mail.ru/js/dyn-goal-config.js?ids=942103
Requested by
Host: top-fwz1.mail.ru
URL: https://top-fwz1.mail.ru/js/code.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
95.163.52.67 , Russian Federation, ASN47764 (VK-AS, RU),
Reverse DNS
top-fwz1.mail.ru
Software
nginx /
Resource Hash
0e7e3045519beaff2095d4a64b8dfb1b581013eb5b8f4b3549983c69abe7139b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://update.buh.by/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 08 Jul 2024 06:13:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="NOI DSP COR NID CUR PSA OUR NOR"
amp-access-control-allow-source-origin
*
server
nginx
accept-ch
DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
access-control-allow-methods
GET, POST, HEAD, PUT, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
accept-ch-lifetime
86400
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
max-age=600, private
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
*
expires
Mon, 08 Jul 2024 06:23:49 GMT
counter
top-fwz1.mail.ru/ 		43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://top-fwz1.mail.ru/counter?_=0.11918473178840161;id=942103;u=https%3A//update.buh.by/;title=%D0%90%D0%B2%D1%82%D0%BE%D0%BC%D0%B0%D1%82%D0%B8%D1%87%D0%B5%D1%81%D0%BA%D0%B8%D0%B9%20%D0%B7%D0%B0%D0%BA%D0%B0%D0%B7%20%D0%BE%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F%20%D0%BD%D0%B0%D1%81%D1%82%D1%80%D0%BE%D0%B5%D0%BA%201%D0%A1%20%D0%BE%D1%82%20%D0%BA%D0%BE%D0%BC%D0%BF%D0%B0%D0%BD%D0%B8%D0%B8%20%22%D0%AE%D0%9A%D0%9E%D0%9B%D0%90-%D0%98%D0%9D%D0%A4%D0%9E%22;s=1600*1200;vp=1600*1218;touch=0;hds=1;sid=cc42edcb1ee0a8cd;ver=60.6.0;tz=-120%2FEurope%2FBerlin;st=1720419229485;ct=907/915/915//750;rt=751/152/0/0/0/751/751/751/751/751/751/798/902/903;gl=u;ni=10//4g/0/0/;lvid=1720419229646%3A1720419229658%3A1%3A0af369a43f93ef572a54e2caf48a0596;opts=cnhp%3Dh2%2Ccs%3D18885-46189-19185;visible=true;js=13
Requested by
Host: update.buh.by
URL: https://update.buh.by/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
95.163.52.67 , Russian Federation, ASN47764 (VK-AS, RU),
Reverse DNS
top-fwz1.mail.ru
Software
nginx /
Resource Hash
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://update.buh.by/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 08 Jul 2024 06:13:49 GMT
x-content-type-options
nosniff
p3p
CP="NOI DSP COR NID CUR PSA OUR NOR"
content-length
43
pragma
no-cache
amp-access-control-allow-source-origin
*
server
nginx
accept-ch
DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
access-control-allow-methods
GET, POST, HEAD, PUT, OPTIONS
content-type
image/gif
access-control-allow-origin
*
accept-ch-lifetime
86400
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
private, no-cache, no-store, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
*
/
privacy-cs.mail.ru/fp/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://privacy-cs.mail.ru/fp/?id=cmHFVCCVve6fKxBdlSAHc
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a00:1148:1000:101:8:3:0:17 , Russian Federation, ASN47764 (VK-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://update.buh.by
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
content-type
Access-Control-Allow-Method
POST
Access-Control-Allow-Origin
https://update.buh.by
Access-Control-Max-Age
1728000
Cache-Control
max-age=7200
Connection
keep-alive
Content-Length
0
Content-Type
application/octet-stream
Date
Mon, 08 Jul 2024 06:13:50 GMT
Expires
Mon, 08 Jul 2024 08:13:50 GMT
Server
nginx
/
privacy-cs.mail.ru/fp/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://privacy-cs.mail.ru/fp/?id=cmHFVCCVve6fKxBdlSAHc
Requested by
Host: privacy-cs.mail.ru
URL: https://privacy-cs.mail.ru/static/sync-loader.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a00:1148:1000:101:8:3:0:17 , Russian Federation, ASN47764 (VK-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://update.buh.by/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

Date
Mon, 08 Jul 2024 06:13:50 GMT
Server
nginx
Transfer-Encoding
chunked
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"
Content-Type
application/octet-stream
Access-Control-Allow-Origin
https://update.buh.by
Cache-Control
max-age=7200
Access-Control-Allow-Credentials
true
Connection
keep-alive
Timing-Allow-Origin
*
Expires
Mon, 08 Jul 2024 08:13:50 GMT
tracker
top-fwz1.mail.ru/ 		43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://top-fwz1.mail.ru/tracker?_=0.6410147919339166;id=942103;u=https%3A//update.buh.by/;title=%D0%90%D0%B2%D1%82%D0%BE%D0%BC%D0%B0%D1%82%D0%B8%D1%87%D0%B5%D1%81%D0%BA%D0%B8%D0%B9%20%D0%B7%D0%B0%D0%BA%D0%B0%D0%B7%20%D0%BE%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F%20%D0%BD%D0%B0%D1%81%D1%82%D1%80%D0%BE%D0%B5%D0%BA%201%D0%A1%20%D0%BE%D1%82%20%D0%BA%D0%BE%D0%BC%D0%BF%D0%B0%D0%BD%D0%B8%D0%B8%20%22%D0%AE%D0%9A%D0%9E%D0%9B%D0%90-%D0%98%D0%9D%D0%A4%D0%9E%22;s=1600*1200;vp=1600*1218;touch=0;hds=1;sid=cc42edcb1ee0a8cd;ver=60.6.0;tz=-120%2FEurope%2FBerlin;st=1720419229485;nt=0/0/1720419228732/////358/425/425/425/615/486/615/678/679/683/753/753/753/1404/1404/1404;ct=907/915/915/927/750;rt=751/152/0/0/0/751/751/751/751/751/751/798/902/903;gl=u;ni=10//4g/0/0/;lvid=1720419229646%3A1720419230138%3A2%3A0af369a43f93ef572a54e2caf48a0596;opts=cnhp%3Dh2%2Ccs%3D18885-46189-19185;fpid=cmHFVCCVve6fKxBdlSAHc;visible=true;js=13;e=RT/load;et=1720419230136
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
95.163.52.67 , Russian Federation, ASN47764 (VK-AS, RU),
Reverse DNS
top-fwz1.mail.ru
Software
nginx /
Resource Hash
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://update.buh.by/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 08 Jul 2024 06:13:50 GMT
x-content-type-options
nosniff
p3p
CP="NOI DSP COR NID CUR PSA OUR NOR"
content-length
43
pragma
no-cache
amp-access-control-allow-source-origin
*
server
nginx
accept-ch
DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
access-control-allow-methods
GET, POST, HEAD, PUT, OPTIONS
content-type
image/gif
access-control-allow-origin
*
accept-ch-lifetime
86400
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
private, no-cache, no-store, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
*
favicon.ico
update.buh.by/ 		6 KB
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://update.buh.by/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
212.98.162.47 Slepnya, Belarus, ASN12406 (BN-AS Belarussian data communication service provider., BY),
Reverse DNS
Software
IIS /
Resource Hash
ce2201bb157d7106a76619f2c91f3c4759ac7911a62f9fd5f40c5f7cabe862d7
Security Headers
Name Value
Content-Security-Policy frame-ancestors bm2017.jukola.info buh.by
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://update.buh.by/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
frame-ancestors bm2017.jukola.info buh.by
Date
Mon, 08 Jul 2024 06:13:49 GMT
X-Content-Type-Options
nosniff
Server
IIS
Content-Type
text/html; charset=utf-8
Cache-Control
private
Content-Length
5867
X-XSS-Protection
1
/
privacy-cs.mail.ru/fp/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://privacy-cs.mail.ru/fp/?id=cmHFVCCVve6fKxBdlSAHc
Requested by
Host: privacy-cs.mail.ru
URL: https://privacy-cs.mail.ru/static/sync-loader.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a00:1148:1000:101:8:3:0:17 , Russian Federation, ASN47764 (VK-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://update.buh.by/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

Date
Mon, 08 Jul 2024 06:13:50 GMT
Server
nginx
Transfer-Encoding
chunked
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"
Content-Type
application/octet-stream
Access-Control-Allow-Origin
https://update.buh.by
Cache-Control
max-age=7200
Access-Control-Allow-Credentials
true
Connection
keep-alive
Timing-Allow-Origin
*
Expires
Mon, 08 Jul 2024 08:13:50 GMT

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 undefined| event object| fence object| sharedStorage object| _tmr number| rb_sync_refresh_time object| rb_sync

8 Cookies

Domain/Path Name / Value
updatecloud2018.buh.by/ Name: ASPSESSIONIDAWCRTDQD
Value: IPILPHKBAGBOLCKELAEPGFOE
update.buh.by/ Name: ASPSESSIONIDAWQBRABC
Value: ADHJBILBOPBGPIIJMEPMBONI
.buh.by/ Name: tmr_lvid
Value: 0af369a43f93ef572a54e2caf48a0596
.buh.by/ Name: tmr_lvidTS
Value: 1720419229646
update.buh.by/ Name: domain_sid
Value: cmHFVCCVve6fKxBdlSAHc%3A1720419229926
top-fwz1.mail.ru/ Name: PVID
Value: 0GbA0e1Q7a2Q00001y3uzCYQ:::0-0-0-ba5dc5d-0-ba5dc5e:CAASEMXlNy3gVKg6ex29jKVpZ-YaYEVqQ8BcJwlQhEiZd5FKD5fjg7sXh4xE1S13omaS-QGJyrRHxw-3cJJnfeizxWbcZRgNFtIt2rjDHSaeXmaogpmIkGylj_RAmSrVXuONvYOj8ywpW2aMkc3E71poMXhH7Q
.mail.ru/ Name: VID
Value: 0GbA0e1Q7a2Q00001y3uzCYQ:::0-0-0-ba5dc5d-0-ba5dc5e:CAASEMXlNy3gVKg6ex29jKVpZ-YaYEVqQ8BcJwlQhEiZd5FKD5fjg7sXh4xE1S13omaS-QGJyrRHxw-3cJJnfeizxWbcZRgNFtIt2rjDHSaeXmaogpmIkGylj_RAmSrVXuONvYOj8ywpW2aMkc3E71poMXhH7Q
update.buh.by/ Name: tmr_detect
Value: 0%7C1720419232091

5 Console Messages

Source Level URL
Text
javascript info URL: https://privacy-cs.mail.ru/static/sync-loader.js(Line 4)
Message:
WebGPU is experimental on this platform. See https://github.com/gpuweb/gpuweb/wiki/Implementation-Status#implementation-status
rendering warning URL: https://privacy-cs.mail.ru/static/sync-loader.js(Line 4)
Message:
Failed to create WebGPU Context Provider
other warning URL: https://privacy-cs.mail.ru/static/sync-loader.js(Line 4)
Message:
Failed to parse video contentType: video/ogg; codecs=theora
security error
Message:
Refused to frame 'https://bm2017.jukola.info/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' buh.by".
network error URL: https://update.buh.by/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors bm2017.jukola.info buh.by
X-Content-Type-Options nosniff
X-Xss-Protection 1