Overview

URL u.to/VrtaFA
IP195.216.243.155
ASNAS29226 CJSC Mastertel
Location Russian Federation
Report completed2019-05-31 19:25:42 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2019-05-31 19:25:10 CEST 3  145.14.144.201 Client IP ET INFO Observed SSL Cert for Free Hosting Domain (*.000webhostapp .com)
2019-05-31 19:25:10 CEST 3 Client IP  Internal IP ET INFO Observed Free Hosting Domain (*.000webhostapp .com in DNS Lookup)


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2019-05-31 2 u.to/VrtaFA Phishing
2019-05-31 2 infinitival-bends.000webhostapp.com/chaselogin/auth/ Phishing
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 195.216.243.155

Date UQ / IDS / BL URL IP
2019-06-21 09:40:54 +0200
0 - 0 - 0 https://u.to/SWOgFQ&companycode=saagklub 195.216.243.155
2019-06-18 19:16:19 +0200
0 - 7 - 0 https://u.to/GoupFQ?=citibankverification 195.216.243.155
2019-06-17 11:50:43 +0200
0 - 0 - 0 https://u.to/8JOgFQ&cid=67&cspid=7&rgid=1&hid (...) 195.216.243.155
2019-06-16 07:10:45 +0200
0 - 0 - 1 https://u.to/tjmQFQ 195.216.243.155
2019-06-12 05:49:17 +0200
0 - 0 - 1 https://u.to/he6gFQ 195.216.243.155
2019-06-10 17:13:20 +0200
0 - 0 - 1 https://u.to/scicFQ 195.216.243.155
2019-06-10 16:55:00 +0200
0 - 0 - 0 https://u.to/2ACcFQ 195.216.243.155
2019-06-06 07:01:56 +0200
0 - 0 - 1 u.to/aQxEFQ 195.216.243.155
2019-06-04 14:42:46 +0200
0 - 0 - 0 https://u.to/5KONFQ 195.216.243.155
2019-05-31 19:54:50 +0200
0 - 2 - 2 u.to/j1n8FA 195.216.243.155

Last 10 reports on ASN: AS29226 CJSC Mastertel

Date UQ / IDS / BL URL IP
2019-06-30 00:49:38 +0200
0 - 0 - 0 blog.iyakushchenko.com 195.216.243.31
2019-06-26 20:02:40 +0200
0 - 0 - 0 uiptv.do.am 195.216.243.16
2019-06-21 09:40:54 +0200
0 - 0 - 0 https://u.to/SWOgFQ&companycode=saagklub 195.216.243.155
2019-06-18 19:16:19 +0200
0 - 7 - 0 https://u.to/GoupFQ?=citibankverification 195.216.243.155
2019-06-18 11:19:19 +0200
0 - 0 - 0 abisurekodo.com 195.216.243.218
2019-06-17 11:50:43 +0200
0 - 0 - 0 https://u.to/8JOgFQ&cid=67&cspid=7&rgid=1&hid (...) 195.216.243.155
2019-06-16 07:10:45 +0200
0 - 0 - 1 https://u.to/tjmQFQ 195.216.243.155
2019-06-12 05:49:17 +0200
0 - 0 - 1 https://u.to/he6gFQ 195.216.243.155
2019-06-10 19:55:26 +0200
0 - 0 - 1 wow-x.at.ua/news/2008-12-04-48/ 195.216.243.16
2019-06-10 17:13:20 +0200
0 - 0 - 1 https://u.to/scicFQ 195.216.243.155

Last 10 reports on domain: u.to

Date UQ / IDS / BL URL IP
2019-06-21 09:40:54 +0200
0 - 0 - 0 https://u.to/SWOgFQ&companycode=saagklub 195.216.243.155
2019-06-18 19:16:19 +0200
0 - 7 - 0 https://u.to/GoupFQ?=citibankverification 195.216.243.155
2019-06-17 11:50:43 +0200
0 - 0 - 0 https://u.to/8JOgFQ&cid=67&cspid=7&rgid=1&hid (...) 195.216.243.155
2019-06-16 07:10:45 +0200
0 - 0 - 1 https://u.to/tjmQFQ 195.216.243.155
2019-06-12 05:49:17 +0200
0 - 0 - 1 https://u.to/he6gFQ 195.216.243.155
2019-06-10 17:13:20 +0200
0 - 0 - 1 https://u.to/scicFQ 195.216.243.155
2019-06-10 16:55:00 +0200
0 - 0 - 0 https://u.to/2ACcFQ 195.216.243.155
2019-06-06 07:01:56 +0200
0 - 0 - 1 u.to/aQxEFQ 195.216.243.155
2019-06-04 14:42:46 +0200
0 - 0 - 0 https://u.to/5KONFQ 195.216.243.155
2019-05-31 19:54:50 +0200
0 - 2 - 2 u.to/j1n8FA 195.216.243.155


JavaScript

Executed Scripts (3)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (8)


Request Response
                                        
                                            GET /VrtaFA HTTP/1.1 
Host: u.to
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         195.216.243.155
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.8.0
Date: Fri, 31 May 2019 17:25:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Set-Cookie: lng=en; path=/; expires=Sat, 30-May-2020 17:25:11 GMT; domain=.u.to;
Cache-Control: no-cache, no-store
Pragma: no-cache
Vary: host
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   634
Md5:    0f6197f6d4274458d1ff9f0b213579f6
Sha1:   be9411ece56ce988c47a2a494a6f9646d8922cce
Sha256: f23c124991c9a66a80e468421662c66ccf89ef7633f5a126060136e4f36a2cf4

Alerts:
  Blacklists:
    - fortinet: Phishing
                                        
                                            GET /hit;utostat?r;s1176*885*24;uhttp%3A//u.to/VrtaFA;1559323510071 HTTP/1.1 
Host: counter.yadro.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://u.to/VrtaFA

                                         
                                         88.212.201.199
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
                                        
Date: Fri, 31 May 2019 17:25:10 GMT
Server: 0W/0.8c
Location: http://counter.yadro.ru/hit;utostat?q;r;s1176*885*24;uhttp%3A//u.to/VrtaFA;1559323510071
Content-Length: 32
Expires: Wed, 30 May 2018 21:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Set-Cookie: FTID=1SyMDs3pSfvp1SyMDs00J03T; path=/; expires=Fri, 29 May 2020 21:00:00 GMT; domain=.yadro.ru


--- Additional Info ---
Magic:  HTML document text
Size:   32
Md5:    3e9c09a8c5a87f266e047a596f48578c
Sha1:   07d7b1940b7e3f9a3db43197458f9b8ef18a6bce
Sha256: 57fad7ae62012ff4a38ecb6045ac6e8e3a070a33bbd033b21ab6cad3566d9254
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: u.to
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: lng=en

                                         
                                         195.216.243.155
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.8.0
Date: Fri, 31 May 2019 17:25:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Etag: W/"5ce7c62b-1a75"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2624
Md5:    4ed4aa572a0271b214ec65a4f970ecf5
Sha1:   e06ce07dc3b60fc39800a0d8bbf959935e9bf7bd
Sha256: ff173b2d4c03601374bdd94a7fe2bf38961a8a8a1a83a7e9f85f72035167f19e
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: u.to
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: lng=en

                                         
                                         195.216.243.155
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.8.0
Date: Fri, 31 May 2019 17:25:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Etag: W/"5ce7c62b-1a75"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2624
Md5:    4ed4aa572a0271b214ec65a4f970ecf5
Sha1:   e06ce07dc3b60fc39800a0d8bbf959935e9bf7bd
Sha256: ff173b2d4c03601374bdd94a7fe2bf38961a8a8a1a83a7e9f85f72035167f19e
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: u.to
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: lng=en

                                         
                                         195.216.243.155
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.8.0
Date: Fri, 31 May 2019 17:25:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Etag: W/"5ce7c62b-1a75"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2624
Md5:    4ed4aa572a0271b214ec65a4f970ecf5
Sha1:   e06ce07dc3b60fc39800a0d8bbf959935e9bf7bd
Sha256: ff173b2d4c03601374bdd94a7fe2bf38961a8a8a1a83a7e9f85f72035167f19e
                                        
                                            GET /chaselogin/auth/ HTTP/1.1 
Host: infinitival-bends.000webhostapp.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://u.to/VrtaFA

                                         
                                         0.0.0.0
                                        


--- Additional Info ---

Alerts:
  Blacklists:
    - fortinet: Phishing
                                        
                                            GET /metrika/tag.js HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://u.to/VrtaFA

                                         
                                         0.0.0.0
                                        


--- Additional Info ---
                                        
                                            GET /hit;utostat?q;r;s1176*885*24;uhttp%3A//u.to/VrtaFA;1559323510071 HTTP/1.1 
Host: counter.yadro.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://u.to/VrtaFA
Cookie: FTID=1SyMDs3pSfvp1SyMDs00J03T

                                         
                                         0.0.0.0
                                        


--- Additional Info ---