urlscan.io logo urlscan.io
SecurityTrails logo

srv89188.ht-test.ru Open in urlscan Pro
78.110.50.131  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://u16147260.ct.sendgrid.net/ls/click?upn=EdxYW-2FdEyf26lDEMeMYJQ-2B-2FUOOH9V0D1kHKyusirmU-2BWY-2FLlSURSBGeJC3THFdXt0yZFxmYWR...
Effective URL: http://srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/index.php
Submission: On August 19 via manual from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 8 HTTP transactions. The main IP is 78.110.50.131, located in Moscow, Russian Federation and belongs to HT-SYSTEMS-AS Uplinks:, RU. The main domain is srv89188.ht-test.ru.
This is the only time srv89188.ht-test.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 167.89.115.54 11377 (SENDGRID)
6 78.110.50.131 31240 (HT-SYSTEM...)
2 192.229.133.221 15133 (EDGECAST)
8 2
Apex Domain
Subdomains		 Transfer
6 ht-test.ru
srv89188.ht-test.ru
14 KB
2 w3schools.com
www.w3schools.com
10 KB
1 sendgrid.net
u16147260.ct.sendgrid.net
310 B
8 3
Domain Requested by
6 srv89188.ht-test.ru srv89188.ht-test.ru
2 www.w3schools.com srv89188.ht-test.ru
1 u16147260.ct.sendgrid.net 1 redirects
8 3

This site contains no links.

Subject Issuer Validity Valid
*.w3schools.com
DigiCert SHA2 Secure Server CA		 2020-05-05 -
2022-05-10		 2 years crt.sh

This page contains 2 frames:

Primary Page: http://srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/index.php
Frame ID: D35FA89C42892816002051D9D950907C
Requests: 4 HTTP requests in this frame

Frame: http://srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/index.php
Frame ID: 029F689746915C81C31779EACDE843E0
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://u16147260.ct.sendgrid.net/ls/click?upn=EdxYW-2FdEyf26lDEMeMYJQ-2B-2FUOOH9V0D1kHKyusirmU-2BWY-2FLlSURSB... HTTP 302
    http://srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/index.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /php\/?([\d.]+)?/i
Overall confidence: 100%
Detected patterns
  • headers server /Red Hat/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

8
Requests

25 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

24 kB
Transfer

57 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://u16147260.ct.sendgrid.net/ls/click?upn=EdxYW-2FdEyf26lDEMeMYJQ-2B-2FUOOH9V0D1kHKyusirmU-2BWY-2FLlSURSBGeJC3THFdXt0yZFxmYWRzpngVEgE01Bgo5JZWCSWh36YsSwRLPI9mfahEqR2MtdX6gpyx6qz2Uw3UkUqign4q59YRj4-2B2m-2BR1tkEJDoK4k8Log30PEyMDc-3DzgTe_XsGA-2Fgkm2IVk-2FlYw8ReyfEIl1eXpEGklb5-2BofqkE597oErjc5NTnsiUZTUh5FubpUEvLPAk0dZo1646jy4RSFHHVOno5WqxRnFI01EAOYP6RaMToD7Br-2BiI3fnTGMpMk8vtXORk5L4laVMMcAKTm4jZuAP-2BDSBXds2AtkyAfkq0mRG2pxTvJJwsJBpGJMDT-2FvK0fCrrVu7bMAoMJzugOG32h6ew0NYfyLGTvvv7BheQ-3D HTTP 302
    http://srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/index.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set index.php
srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/
Redirect Chain
  • http://u16147260.ct.sendgrid.net/ls/click?upn=EdxYW-2FdEyf26lDEMeMYJQ-2B-2FUOOH9V0D1kHKyusirmU-2BWY-2FLlSURSBGeJC3THFdXt0yZFxmYWRzpngVEgE01Bgo5JZWCSWh36YsSwRLPI9mfahEqR2MtdX6gpyx6qz2Uw3UkUqign4q59Y...
  • http://srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/index.php?
2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/index.php?
Protocol
HTTP/1.1
Server
78.110.50.131 Moscow, Russian Federation, ASN31240 (HT-SYSTEMS-AS Uplinks:, RU),
Reverse DNS
cl33-w.ht-systems.ru
Software
Apache/2.2.24 (Red Hat) mod_rpaf/0.6 PHP/5.6.40 / PHP/5.6.40
Resource Hash
632089edf9f2c7f96d0749e65083391fb6b5955b9d070751645f7d2659850a69

Request headers

Host
srv89188.ht-test.ru
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 19 Aug 2020 00:36:51 GMT
Server
Apache/2.2.24 (Red Hat) mod_rpaf/0.6 PHP/5.6.40
X-Powered-By
PHP/5.6.40
Set-Cookie
PHPSESSID=5t5624pe9khq06qnfuk69bm7g0; path=/
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Content-Length
2297
Content-Type
text/html; charset=UTF-8

Redirect headers

Server
nginx
Date
Wed, 19 Aug 2020 00:36:51 GMT
Content-Type
text/html; charset=utf-8
Content-Length
129
Connection
keep-alive
Location
http://srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/index.php?#victoria.smith@qbe.com
X-Robots-Tag
noindex, nofollow
w3.css
www.w3schools.com/w3css/4/ 		23 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.w3schools.com/w3css/4/w3.css
Requested by
Host: srv89188.ht-test.ru
URL: http://srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/index.php?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.133.221 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (waw/17CE) / ASP.NET
Resource Hash
dd30cb28b7ad3a268bd4a6a5730f42e65490abd49bd2cf8a436afbbec5aceb02
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
http://srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/index.php?
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 19 Aug 2020 00:36:52 GMT
content-encoding
gzip
etag
"0386ec7c1dd51:0"
last-modified
Fri, 07 Jun 2019 08:41:20 GMT
server
ECS (waw/17CE)
age
7961
x-powered-by
ASP.NET
x-frame-options
SAMEORIGIN
x-cache
HIT
content-type
text/css
status
200
cache-control
public,max-age=14400,public
accept-ranges
bytes
vary
Accept-Encoding
content-length
5224
design.css
srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/assets/css/ 		330 B
664 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/assets/css/design.css
Requested by
Host: srv89188.ht-test.ru
URL: http://srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/index.php?
Protocol
HTTP/1.1
Server
78.110.50.131 Moscow, Russian Federation, ASN31240 (HT-SYSTEMS-AS Uplinks:, RU),
Reverse DNS
cl33-w.ht-systems.ru
Software
Apache/2.2.24 (Red Hat) mod_rpaf/0.6 PHP/5.6.40 /
Resource Hash
8a1666209ffc8b3e5398352fe43683713e97960b4fba25049726cc49fec486e2

Request headers

Referer
http://srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/index.php?
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 19 Aug 2020 00:36:52 GMT
X-Cache-Lookup
MISS from hc1.hts.ru:80
Last-Modified
Tue, 25 Dec 2018 14:59:56 GMT
Server
Apache/2.2.24 (Red Hat) mod_rpaf/0.6 PHP/5.6.40
ETag
"3032bfb1-14a-57dd9f76c5300"
X-Cache
MISS from hc1.hts.ru
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
330
validate.js
srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/assets/js/ 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/assets/js/validate.js
Requested by
Host: srv89188.ht-test.ru
URL: http://srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/index.php?
Protocol
HTTP/1.1
Server
78.110.50.131 Moscow, Russian Federation, ASN31240 (HT-SYSTEMS-AS Uplinks:, RU),
Reverse DNS
cl33-w.ht-systems.ru
Software
Apache/2.2.24 (Red Hat) mod_rpaf/0.6 PHP/5.6.40 /
Resource Hash
d35a1ab30d065cb8a0a0274c1b8a8b6140685228f14da41e53d7cfb4782ab531

Request headers

Referer
http://srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/index.php?
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 19 Aug 2020 00:36:52 GMT
X-Cache-Lookup
MISS from hc1.hts.ru:80
Last-Modified
Wed, 26 Dec 2018 10:26:00 GMT
Server
Apache/2.2.24 (Red Hat) mod_rpaf/0.6 PHP/5.6.40
ETag
"403562f3-d5a-57dea419a3e00"
X-Cache
MISS from hc1.hts.ru
Content-Type
text/javascript
Accept-Ranges
bytes
Content-Length
3418
index.php
srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/ Frame 029F 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/index.php?
Requested by
Host: srv89188.ht-test.ru
URL: http://srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/index.php?
Protocol
HTTP/1.1
Server
78.110.50.131 Moscow, Russian Federation, ASN31240 (HT-SYSTEMS-AS Uplinks:, RU),
Reverse DNS
cl33-w.ht-systems.ru
Software
Apache/2.2.24 (Red Hat) mod_rpaf/0.6 PHP/5.6.40 / PHP/5.6.40
Resource Hash
632089edf9f2c7f96d0749e65083391fb6b5955b9d070751645f7d2659850a69

Request headers

Host
srv89188.ht-test.ru
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/index.php?
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Cookie
PHPSESSID=5t5624pe9khq06qnfuk69bm7g0
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/index.php?

Response headers

Date
Wed, 19 Aug 2020 00:36:52 GMT
Server
Apache/2.2.24 (Red Hat) mod_rpaf/0.6 PHP/5.6.40
X-Powered-By
PHP/5.6.40
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Content-Length
2297
Content-Type
text/html; charset=UTF-8
w3.css
www.w3schools.com/w3css/4/ Frame 029F 		23 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.w3schools.com/w3css/4/w3.css
Requested by
Host: srv89188.ht-test.ru
URL: http://srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/index.php?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.133.221 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (waw/17CE) / ASP.NET
Resource Hash
dd30cb28b7ad3a268bd4a6a5730f42e65490abd49bd2cf8a436afbbec5aceb02
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
http://srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/index.php?
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 19 Aug 2020 00:36:52 GMT
content-encoding
gzip
etag
"0386ec7c1dd51:0"
last-modified
Fri, 07 Jun 2019 08:41:20 GMT
server
ECS (waw/17CE)
age
7961
x-powered-by
ASP.NET
x-frame-options
SAMEORIGIN
x-cache
HIT
content-type
text/css
status
200
cache-control
public,max-age=14400,public
accept-ranges
bytes
vary
Accept-Encoding
content-length
5224
design.css
srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/assets/css/ Frame 029F 		330 B
664 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/assets/css/design.css
Requested by
Host: srv89188.ht-test.ru
URL: http://srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/index.php?
Protocol
HTTP/1.1
Server
78.110.50.131 Moscow, Russian Federation, ASN31240 (HT-SYSTEMS-AS Uplinks:, RU),
Reverse DNS
cl33-w.ht-systems.ru
Software
Apache/2.2.24 (Red Hat) mod_rpaf/0.6 PHP/5.6.40 /
Resource Hash
8a1666209ffc8b3e5398352fe43683713e97960b4fba25049726cc49fec486e2

Request headers

Referer
http://srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/index.php?
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 19 Aug 2020 00:36:52 GMT
X-Cache-Lookup
MISS from hc1.hts.ru:80
Last-Modified
Tue, 25 Dec 2018 14:59:56 GMT
Server
Apache/2.2.24 (Red Hat) mod_rpaf/0.6 PHP/5.6.40
ETag
"3032bfb1-14a-57dd9f76c5300"
X-Cache
MISS from hc1.hts.ru
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
330
validate.js
srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/assets/js/ Frame 029F 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/assets/js/validate.js
Requested by
Host: srv89188.ht-test.ru
URL: http://srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/index.php?
Protocol
HTTP/1.1
Server
78.110.50.131 Moscow, Russian Federation, ASN31240 (HT-SYSTEMS-AS Uplinks:, RU),
Reverse DNS
cl33-w.ht-systems.ru
Software
Apache/2.2.24 (Red Hat) mod_rpaf/0.6 PHP/5.6.40 /
Resource Hash
d35a1ab30d065cb8a0a0274c1b8a8b6140685228f14da41e53d7cfb4782ab531

Request headers

Referer
http://srv89188.ht-test.ru/auto/Login-Auto-Page2020-voicemail/Login/page/index.php?
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 19 Aug 2020 00:36:52 GMT
X-Cache-Lookup
MISS from hc1.hts.ru:80
Last-Modified
Wed, 26 Dec 2018 10:26:00 GMT
Server
Apache/2.2.24 (Red Hat) mod_rpaf/0.6 PHP/5.6.40
ETag
"403562f3-d5a-57dea419a3e00"
X-Cache
MISS from hc1.hts.ru
Content-Type
text/javascript
Accept-Ranges
bytes
Content-Length
3418

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes function| getUrlVars undefined| email undefined| domain undefined| provider undefined| locateFav undefined| aol undefined| cn21 undefined| yandex undefined| yahoo undefined| a163 undefined| sina undefined| mailru undefined| office undefined| godaddy undefined| gmail undefined| locate

1 Cookies

Domain/Path Name / Value
srv89188.ht-test.ru/ Name: PHPSESSID
Value: 5t5624pe9khq06qnfuk69bm7g0