nsi.budget.gov35.ru Open in urlscan Pro
213.109.78.131 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://91.207.5.252/
Effective URL:
https://nsi.budget.gov35.ru/idp/saml
Submission Tags: l4ing gov ru 35 sub ip h8 91 Search All
Submission: On May 15 via manual (May 15th 2023, 1:37:22 am UTC) from UA — Scanned from DE

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 17 HTTP transactions. The main IP is 213.109.78.131, located in Russian Federation and belongs to CIT-AS, RU. The main domain is nsi.budget.gov35.ru.
TLS certificate: Issued by AlphaSSL CA - SHA256 - G2 on November 23rd 2022. Valid for: a year.

This is the only time nsi.budget.gov35.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4 7	91.207.5.252 91.207.5.252	200496 (CIT2-AS) (CIT2-AS)
12	213.109.78.131 213.109.78.131	43795 (CIT-AS) (CIT-AS)
17	3

7 91.207.5.252 (Vologda, Russian Federation) 4 redirects

ASN200496 (CIT2-AS, RU)

91.207.5.252	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
report.gov35.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 213.109.78.131 (Russian Federation)

ASN43795 (CIT-AS, RU)

nsi.budget.gov35.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	gov35.ru 3 redirects report.gov35.ru nsi.budget.gov35.ru	133 KB
0	Failed function sub() { [native code] }. Failed
17	2

	Domain	Requested by
12	nsi.budget.gov35.ru	nsi.budget.gov35.ru
6	report.gov35.ru	3 redirects report.gov35.ru
0	epebfcehmdedogndhlcacafjaacknbcm Failed	nsi.budget.gov35.ru
0	iifchhfnnmpdbibifmljnfjhpififfog Failed	nsi.budget.gov35.ru
17	4

This site contains no links.

Subject Issuer	Validity	Valid
*.gov35.ru AlphaSSL CA - SHA256 - G4	`2023-05-06` - `2024-06-06`	a year	crt.sh
*.budget.gov35.ru AlphaSSL CA - SHA256 - G2	`2022-11-23` - `2023-12-25`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://nsi.budget.gov35.ru/idp/saml
Frame ID: 15F2ACBA169053510271646EFD58BF9C
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Единый вход

Page URL History Show full URLs

http://91.207.5.252/ HTTP 302
https://report.gov35.ru/ HTTP 301
https://report.gov35.ru/application HTTP 307
https://report.gov35.ru/application/ Page URL
https://report.gov35.ru/login HTTP 307
https://report.gov35.ru/login/ Page URL
https://report.gov35.ru/login/ Page URL
https://nsi.budget.gov35.ru/idp/saml Page URL

Page Statistics

17
Requests

88 %
HTTPS

0 %
IPv6

2
Domains

4
Subdomains

3
IPs

1
Countries

133 kB
Transfer

135 kB
Size

11
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://91.207.5.252/ HTTP 302
https://report.gov35.ru/ HTTP 301
https://report.gov35.ru/application HTTP 307
https://report.gov35.ru/application/ Page URL
https://report.gov35.ru/login HTTP 307
https://report.gov35.ru/login/ Page URL
https://report.gov35.ru/login/ Page URL
https://nsi.budget.gov35.ru/idp/saml Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://91.207.5.252/ HTTP 302
https://report.gov35.ru/ HTTP 301
https://report.gov35.ru/application HTTP 307
https://report.gov35.ru/application/

Request Chain 1

https://report.gov35.ru/login HTTP 307
https://report.gov35.ru/login/

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/ Show response
report.gov35.ru/application/
Redirect Chain

http://91.207.5.252/
https://report.gov35.ru/
https://report.gov35.ru/application
https://report.gov35.ru/application/

126 B
739 B

85ms
85ms

Document
text/html

91.207.5.252
CIT2-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://report.gov35.ru/application/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.207.5.252 Vologda, Russian Federation, ASN200496 (CIT2-AS, RU),

Reverse DNS

Software

nginx/1.16.0 / Undertow/1

Resource Hash

6781ba4b31a81899d50c0c95bf394b77a380d459eda4c68386953261c4f8b94b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 126
content-security-policy-report-only: default-src data: 'self' 'unsafe-inline' 'unsafe-eval';report-uri /application/~csp~/
content-type: text/html;charset=utf-8
date: Mon, 15 May 2023 01:37:17 GMT
expires: 0
pragma: no-cache
server: nginx/1.16.0
strict-transport-security: max-age=63072000
x-frame-options: SAMEORIGIN
x-powered-by: Undertow/1

Redirect headers

content-length: 0
date: Mon, 15 May 2023 01:37:17 GMT
location: https://report.gov35.ru/application/
server: nginx/1.16.0
strict-transport-security: max-age=63072000
x-frame-options: SAMEORIGIN
x-powered-by: Undertow/1

GET
H2

200

/ Show response
report.gov35.ru/login/
Redirect Chain

https://report.gov35.ru/login
https://report.gov35.ru/login/

605 B
827 B

86ms
86ms

Document
text/html

91.207.5.252
CIT2-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://report.gov35.ru/login/

Requested by

Host: report.gov35.ru
URL: https://report.gov35.ru/application/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.207.5.252 Vologda, Russian Federation, ASN200496 (CIT2-AS, RU),

Reverse DNS

Software

nginx/1.16.0 / Undertow/1

Resource Hash

049ab2b63750877a7568d0554c4d75fa3dc33a7701fafdb9f0b90d9161bb903f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://report.gov35.ru/application/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-security-policy-report-only: default-src data: 'self' 'unsafe-inline' 'unsafe-eval';report-uri /login/~csp~/
content-type: text/html;charset=utf-8
date: Mon, 15 May 2023 01:37:17 GMT
expires: 0
pragma: no-cache
server: nginx/1.16.0
strict-transport-security: max-age=63072000
x-frame-options: SAMEORIGIN
x-powered-by: Undertow/1

Redirect headers

content-length: 0
date: Mon, 15 May 2023 01:37:17 GMT
location: https://report.gov35.ru/login/
server: nginx/1.16.0
strict-transport-security: max-age=63072000
x-frame-options: SAMEORIGIN
x-powered-by: Undertow/1

POST
H2 200 /
report.gov35.ru/login/ 4 KB
3 KB 139ms
139ms Document
text/html 91.207.5.252
CIT2-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://report.gov35.ru/login/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.207.5.252 Vologda, Russian Federation, ASN200496 (CIT2-AS, RU),

Reverse DNS

Software

nginx/1.16.0 / Undertow/1

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Frame-Options	SAMEORIGIN

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://report.gov35.ru
Referer: https://report.gov35.ru/login/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://report.gov35.ru
content-encoding: gzip
content-security-policy-report-only: default-src data: 'self' 'unsafe-inline' 'unsafe-eval';report-uri /login/~csp~/
content-type: text/html;charset=utf-8
date: Mon, 15 May 2023 01:37:18 GMT
server: nginx/1.16.0
strict-transport-security: max-age=63072000
x-frame-options: SAMEORIGIN
x-powered-by: Undertow/1

POST
H/1.1 200
OK Primary Request saml Show response
nsi.budget.gov35.ru/idp/ 3 KB
2 KB 558ms
140ms Document
text/html 213.109.78.131
CIT-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://nsi.budget.gov35.ru/idp/saml

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.109.78.131 , Russian Federation, ASN43795 (CIT-AS, RU),

Reverse DNS

Software

nginx/1.20.2 / Undertow/1

Resource Hash

273a8398abb1c6271a5ae783c316021ab04414bbf4d4af8da5804d1e5b9232bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://report.gov35.ru
Referer: https://report.gov35.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://report.gov35.ru
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Security-Policy-Report-Only: default-src data: 'self' 'unsafe-inline' 'unsafe-eval';report-uri /idp/~csp~/
Content-Type: text/html;charset=utf-8
Date: Mon, 15 May 2023 01:37:18 GMT
Expires: 0
Pragma: no-cache
Server: nginx/1.20.2
Strict-Transport-Security: max-age=63072000
Transfer-Encoding: chunked
X-Powered-By: Undertow/1

GET
H/1.1 200
OK style.css
nsi.budget.gov35.ru/idp/shared/common-utils/ 7 KB
2 KB 99ms
99ms Stylesheet
text/css 213.109.78.131
CIT-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://nsi.budget.gov35.ru/idp/shared/common-utils/style.css?version=2

Requested by

Host: nsi.budget.gov35.ru
URL: https://nsi.budget.gov35.ru/idp/saml

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.109.78.131 , Russian Federation, ASN43795 (CIT-AS, RU),

Reverse DNS

Software

nginx/1.20.2 / Undertow/1

Resource Hash

ea3d72fa21b7483c1e8e92f1526965257a6190f5b1978c8b064896d1f189e634

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nsi.budget.gov35.ru/idp/saml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 01:37:18 GMT
Strict-Transport-Security: max-age=63072000
Content-Encoding: gzip
Last-Modified: Tue, 01 Jan 1980 08:00:00 GMT
Server: nginx/1.20.2
X-Powered-By: Undertow/1
Transfer-Encoding: chunked
Content-Security-Policy-Report-Only: default-src data: 'self' 'unsafe-inline' 'unsafe-eval';report-uri /idp/~csp~/
Content-Type: text/css
Connection: keep-alive

GET
H/1.1 404
Not Found style-override.css
nsi.budget.gov35.ru/idp/shared/common-utils/ 0
0 93ms
92ms Stylesheet
text/html 213.109.78.131
CIT-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://nsi.budget.gov35.ru/idp/shared/common-utils/style-override.css?version=2

Requested by

Host: nsi.budget.gov35.ru
URL: https://nsi.budget.gov35.ru/idp/saml

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.109.78.131 , Russian Federation, ASN43795 (CIT-AS, RU),

Reverse DNS

Software

nginx/1.20.2 / Undertow/1

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nsi.budget.gov35.ru/idp/saml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 01:37:18 GMT
Strict-Transport-Security: max-age=63072000
Server: nginx/1.20.2
X-Powered-By: Undertow/1
Content-Security-Policy-Report-Only: default-src data: 'self' 'unsafe-inline' 'unsafe-eval';report-uri /idp/~csp~/
Content-Type: text/html;charset=utf-8
Connection: keep-alive
Content-Length: 123

GET
H/1.1 200
OK cadesplugin_api.js Show response
nsi.budget.gov35.ru/idp/shared/common-utils/script/ 34 KB
34 KB 189ms
95ms Script
application/javascript 213.109.78.131
CIT-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://nsi.budget.gov35.ru/idp/shared/common-utils/script/cadesplugin_api.js?timestamp=1684114638669

Requested by

Host: nsi.budget.gov35.ru
URL: https://nsi.budget.gov35.ru/idp/saml

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.109.78.131 , Russian Federation, ASN43795 (CIT-AS, RU),

Reverse DNS

Software

nginx/1.20.2 / Undertow/1

Resource Hash

eab6765d8a6c2cd756cd9aa3e7ebc8451eb5267782b57d0573c8ca28496fbe50

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nsi.budget.gov35.ru/idp/saml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 01:37:18 GMT
Strict-Transport-Security: max-age=63072000
Last-Modified: Tue, 01 Jan 1980 08:00:00 GMT
Server: nginx/1.20.2
X-Powered-By: Undertow/1
Content-Security-Policy-Report-Only: default-src data: 'self' 'unsafe-inline' 'unsafe-eval';report-uri /idp/~csp~/
Content-Type: application/javascript
Connection: keep-alive
Content-Length: 34494

GET
H/1.1 200
OK crypt.js Show response
nsi.budget.gov35.ru/idp/shared/common-utils/script/ 43 KB
43 KB 198ms
98ms Script
application/javascript 213.109.78.131
CIT-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://nsi.budget.gov35.ru/idp/shared/common-utils/script/crypt.js?timestamp=1684114638669

Requested by

Host: nsi.budget.gov35.ru
URL: https://nsi.budget.gov35.ru/idp/saml

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.109.78.131 , Russian Federation, ASN43795 (CIT-AS, RU),

Reverse DNS

Software

nginx/1.20.2 / Undertow/1

Resource Hash

9a2d30883664869fee69e09cdb56cde4f994435cf99ed77abafc86f44992af18

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nsi.budget.gov35.ru/idp/saml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 01:37:18 GMT
Strict-Transport-Security: max-age=63072000
Last-Modified: Tue, 01 Jan 1980 08:00:00 GMT
Server: nginx/1.20.2
X-Powered-By: Undertow/1
Content-Security-Policy-Report-Only: default-src data: 'self' 'unsafe-inline' 'unsafe-eval';report-uri /idp/~csp~/
Content-Type: application/javascript
Connection: keep-alive
Content-Length: 43542

POST
H/1.1 200
OK /
nsi.budget.gov35.ru/idp/~csp~/ 0
340 B 94ms
94ms Other
text/plain 213.109.78.131
CIT-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://nsi.budget.gov35.ru/idp/~csp~/

Requested by

Host: nsi.budget.gov35.ru
URL: https://nsi.budget.gov35.ru/idp/shared/common-utils/script/cadesplugin_api.js?timestamp=1684114638669

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.109.78.131 , Russian Federation, ASN43795 (CIT-AS, RU),

Reverse DNS

Software

nginx/1.20.2 / Undertow/1

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://nsi.budget.gov35.ru/idp/saml
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/csp-report

Response headers

Date: Mon, 15 May 2023 01:37:19 GMT
Strict-Transport-Security: max-age=63072000
Server: nginx/1.20.2
X-Powered-By: Undertow/1
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://nsi.budget.gov35.ru
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET nmcades_plugin_api.js
iifchhfnnmpdbibifmljnfjhpififfog/ 0
0

POST
H/1.1 200
OK /
nsi.budget.gov35.ru/idp/~csp~/ 0
340 B 93ms
93ms Other
text/plain 213.109.78.131
CIT-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://nsi.budget.gov35.ru/idp/~csp~/

Requested by

Host: nsi.budget.gov35.ru
URL: https://nsi.budget.gov35.ru/idp/shared/common-utils/script/cadesplugin_api.js?timestamp=1684114638669

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.109.78.131 , Russian Federation, ASN43795 (CIT-AS, RU),

Reverse DNS

Software

nginx/1.20.2 / Undertow/1

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://nsi.budget.gov35.ru/idp/saml
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/csp-report

Response headers

Date: Mon, 15 May 2023 01:37:19 GMT
Strict-Transport-Security: max-age=63072000
Server: nginx/1.20.2
X-Powered-By: Undertow/1
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://nsi.budget.gov35.ru
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET nmcades_plugin_api.js
epebfcehmdedogndhlcacafjaacknbcm/ 0
0

GET
H/1.1 200
OK money.png
nsi.budget.gov35.ru/idp/shared/common-utils/img/ 7 KB
7 KB 99ms
99ms Image
image/png 213.109.78.131
CIT-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nsi.budget.gov35.ru/idp/shared/common-utils/img/money.png

Requested by

Host: nsi.budget.gov35.ru
URL: https://nsi.budget.gov35.ru/idp/shared/common-utils/style.css?version=2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.109.78.131 , Russian Federation, ASN43795 (CIT-AS, RU),

Reverse DNS

Software

nginx/1.20.2 / Undertow/1

Resource Hash

a7b6ba4d3df231f47453905f858d2d94893b8cc68545e447712c9d9a854f9f3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nsi.budget.gov35.ru/idp/shared/common-utils/style.css?version=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 01:37:19 GMT
Strict-Transport-Security: max-age=63072000
Last-Modified: Tue, 01 Jan 1980 08:00:00 GMT
Server: nginx/1.20.2
X-Powered-By: Undertow/1
Content-Security-Policy-Report-Only: default-src data: 'self' 'unsafe-inline' 'unsafe-eval';report-uri /idp/~csp~/
Content-Type: image/png
Connection: keep-alive
Content-Length: 7149

GET
H/1.1 200
OK splitter1.png
nsi.budget.gov35.ru/idp/shared/common-utils/img/ 18 KB
18 KB 200ms
200ms Image
image/png 213.109.78.131
CIT-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nsi.budget.gov35.ru/idp/shared/common-utils/img/splitter1.png

Requested by

Host: nsi.budget.gov35.ru
URL: https://nsi.budget.gov35.ru/idp/shared/common-utils/style.css?version=2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.109.78.131 , Russian Federation, ASN43795 (CIT-AS, RU),

Reverse DNS

Software

nginx/1.20.2 / Undertow/1

Resource Hash

3d4d4c0ee1af1bca24dfad88d7f3720766ad3ba7307aa063845a159fe1ae51f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nsi.budget.gov35.ru/idp/shared/common-utils/style.css?version=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 01:37:19 GMT
Strict-Transport-Security: max-age=63072000
Last-Modified: Tue, 01 Jan 1980 08:00:00 GMT
Server: nginx/1.20.2
X-Powered-By: Undertow/1
Content-Security-Policy-Report-Only: default-src data: 'self' 'unsafe-inline' 'unsafe-eval';report-uri /idp/~csp~/
Content-Type: image/png
Connection: keep-alive
Content-Length: 18269

GET
H/1.1 200
OK splitter2.png
nsi.budget.gov35.ru/idp/shared/common-utils/img/ 18 KB
18 KB 174ms
95ms Image
image/png 213.109.78.131
CIT-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nsi.budget.gov35.ru/idp/shared/common-utils/img/splitter2.png

Requested by

Host: nsi.budget.gov35.ru
URL: https://nsi.budget.gov35.ru/idp/shared/common-utils/style.css?version=2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.109.78.131 , Russian Federation, ASN43795 (CIT-AS, RU),

Reverse DNS

Software

nginx/1.20.2 / Undertow/1

Resource Hash

87f96552b21f2cae75792b7af8a974e1768387b8389c9daeb80a8055e4004fda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nsi.budget.gov35.ru/idp/shared/common-utils/style.css?version=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 01:37:19 GMT
Strict-Transport-Security: max-age=63072000
Last-Modified: Tue, 01 Jan 1980 08:00:00 GMT
Server: nginx/1.20.2
X-Powered-By: Undertow/1
Content-Security-Policy-Report-Only: default-src data: 'self' 'unsafe-inline' 'unsafe-eval';report-uri /idp/~csp~/
Content-Type: image/png
Connection: keep-alive
Content-Length: 18333

GET
H/1.1 200
OK person.png
nsi.budget.gov35.ru/idp/shared/common-utils/img/ 392 B
835 B 198ms
98ms Image
image/png 213.109.78.131
CIT-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nsi.budget.gov35.ru/idp/shared/common-utils/img/person.png

Requested by

Host: nsi.budget.gov35.ru
URL: https://nsi.budget.gov35.ru/idp/shared/common-utils/style.css?version=2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.109.78.131 , Russian Federation, ASN43795 (CIT-AS, RU),

Reverse DNS

Software

nginx/1.20.2 / Undertow/1

Resource Hash

9968a610f85588f8bf6ad119deb72ff1a47ab4ec3670e7b792d495a1425de0ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nsi.budget.gov35.ru/idp/shared/common-utils/style.css?version=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 01:37:19 GMT
Strict-Transport-Security: max-age=63072000
Last-Modified: Tue, 01 Jan 1980 08:00:00 GMT
Server: nginx/1.20.2
X-Powered-By: Undertow/1
Content-Security-Policy-Report-Only: default-src data: 'self' 'unsafe-inline' 'unsafe-eval';report-uri /idp/~csp~/
Content-Type: image/png
Connection: keep-alive
Content-Length: 392

GET
H/1.1 200
OK lock.png
nsi.budget.gov35.ru/idp/shared/common-utils/img/ 410 B
853 B 166ms
91ms Image
image/png 213.109.78.131
CIT-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nsi.budget.gov35.ru/idp/shared/common-utils/img/lock.png

Requested by

Host: nsi.budget.gov35.ru
URL: https://nsi.budget.gov35.ru/idp/shared/common-utils/style.css?version=2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.109.78.131 , Russian Federation, ASN43795 (CIT-AS, RU),

Reverse DNS

Software

nginx/1.20.2 / Undertow/1

Resource Hash

f28df3c241e9a8977a89974f97f35eb87f90a14d335f0f7862bd9c781186e7c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nsi.budget.gov35.ru/idp/shared/common-utils/style.css?version=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 01:37:19 GMT
Strict-Transport-Security: max-age=63072000
Last-Modified: Tue, 01 Jan 1980 08:00:00 GMT
Server: nginx/1.20.2
X-Powered-By: Undertow/1
Content-Security-Policy-Report-Only: default-src data: 'self' 'unsafe-inline' 'unsafe-eval';report-uri /idp/~csp~/
Content-Type: image/png
Connection: keep-alive
Content-Length: 410

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: iifchhfnnmpdbibifmljnfjhpififfog
URL: chrome-extension://iifchhfnnmpdbibifmljnfjhpififfog/nmcades_plugin_api.js

Domain: epebfcehmdedogndhlcacafjaacknbcm
URL: chrome-extension://epebfcehmdedogndhlcacafjaacknbcm/nmcades_plugin_api.js

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
nsi.budget.gov35.ru/idp/shared/common-utils/script	1969-12-31 23:59:59	Name: RK-8fa50b40-f818-11ea-a795-2f7c9603d152 Value: null
nsi.budget.gov35.ru/idp/shared/common-utils/img	1969-12-31 23:59:59	Name: RK-8fa50b40-f818-11ea-a795-2f7c9603d152 Value: null
nsi.budget.gov35.ru/idp/shared/common-utils	1969-12-31 23:59:59	Name: RK-8fa50b40-f818-11ea-a795-2f7c9603d152 Value: null
report.gov35.ru/application	1969-12-31 23:59:59	Name: JSESSIONID Value: 7mt_vW0RaR1QkDlRMiLKpYS9.node1
report.gov35.ru/application	1969-12-31 23:59:59	Name: RK-8fa50b40-f818-11ea-a795-2f7c9603d152 Value: 8WuJon9rDDHi34YfRIDHmQFHum7in6Cs3PCFzt4uNX0=
report.gov35.ru/login	1969-12-31 23:59:59	Name: JSESSIONID Value: Q3so6Mcy_RW8HAAmOoL0nYD5.node1
report.gov35.ru/login	1969-12-31 23:59:59	Name: RK-8fa50b40-f818-11ea-a795-2f7c9603d152 Value: h1UXCGIsftGqH7DmKWEjATtu++f4vw6q8wwo4NC9zwk=
nsi.budget.gov35.ru/idp	1969-12-31 23:59:59	Name: JSESSIONID Value: dnaB4sPzD2k858WNfV3XstXz.node1
nsi.budget.gov35.ru/idp	1969-12-31 23:59:59	Name: RK-8fa50b40-f818-11ea-a795-2f7c9603d152 Value: null
report.gov35.ru/	1969-12-31 23:59:59	Name: JSESSIONIDSSO.CLIENT-ACTION Value: Base64L2FwcGxpY2F0aW9uL21haW4=
report.gov35.ru/	1969-12-31 23:59:59	Name: CN-0294B41265CA11E9BCB44B8D11E954F3 Value: aHR0cHM6Ly9yZXBvcnQuZ292MzUucnUv

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://nsi.budget.gov35.ru/idp/shared/common-utils/style-override.css?version=2 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
security	error	URL: https://nsi.budget.gov35.ru/idp/shared/common-utils/script/cadesplugin_api.js?timestamp=1684114638669(Line 586) Message: [Report Only] Refused to load the script 'chrome-extension://iifchhfnnmpdbibifmljnfjhpififfog/nmcades_plugin_api.js' because it violates the following Content Security Policy directive: "default-src data: 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://nsi.budget.gov35.ru/idp/shared/common-utils/script/cadesplugin_api.js?timestamp=1684114638669(Line 592) Message: [Report Only] Refused to load the script 'chrome-extension://epebfcehmdedogndhlcacafjaacknbcm/nmcades_plugin_api.js' because it violates the following Content Security Policy directive: "default-src data: 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'default-src' is used as a fallback.
network	error	URL: chrome-extension://iifchhfnnmpdbibifmljnfjhpififfog/nmcades_plugin_api.js Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network	error	URL: chrome-extension://epebfcehmdedogndhlcacafjaacknbcm/nmcades_plugin_api.js Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

epebfcehmdedogndhlcacafjaacknbcm
iifchhfnnmpdbibifmljnfjhpififfog
nsi.budget.gov35.ru
report.gov35.ru
epebfcehmdedogndhlcacafjaacknbcm
iifchhfnnmpdbibifmljnfjhpififfog
213.109.78.131
91.207.5.252
049ab2b63750877a7568d0554c4d75fa3dc33a7701fafdb9f0b90d9161bb903f
273a8398abb1c6271a5ae783c316021ab04414bbf4d4af8da5804d1e5b9232bc
3d4d4c0ee1af1bca24dfad88d7f3720766ad3ba7307aa063845a159fe1ae51f2
6781ba4b31a81899d50c0c95bf394b77a380d459eda4c68386953261c4f8b94b
87f96552b21f2cae75792b7af8a974e1768387b8389c9daeb80a8055e4004fda
9968a610f85588f8bf6ad119deb72ff1a47ab4ec3670e7b792d495a1425de0ef
9a2d30883664869fee69e09cdb56cde4f994435cf99ed77abafc86f44992af18
a7b6ba4d3df231f47453905f858d2d94893b8cc68545e447712c9d9a854f9f3b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea3d72fa21b7483c1e8e92f1526965257a6190f5b1978c8b064896d1f189e634
eab6765d8a6c2cd756cd9aa3e7ebc8451eb5267782b57d0573c8ca28496fbe50
f28df3c241e9a8977a89974f97f35eb87f90a14d335f0f7862bd9c781186e7c8

nsi.budget.gov35.ru Open in urlscan Pro 213.109.78.131 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

17 Requests

88 %HTTPS

0 %IPv6

2 Domains

4 Subdomains

3 IPs

1 Countries

133 kBTransfer

135 kBSize

11 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

11 Cookies

5 Console Messages

Security Headers

Indicators

nsi.budget.gov35.ru Open in urlscan Pro
213.109.78.131 Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

88 %
HTTPS

0 %
IPv6

2
Domains

4
Subdomains

3
IPs

1
Countries

133 kB
Transfer

135 kB
Size

11
Cookies

17 HTTP transactions
0 data transactions