best-russia-children.online Open in urlscan Pro
2606:4700:3030::6815:5347 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://best-russia-children.online/
Effective URL:
https://best-russia-children.online/qrcode
Submission: On January 14 via api (January 14th 2024, 11:37:01 am UTC) from US — Scanned from DE

Summary HTTP 15 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 15 HTTP transactions. The main IP is 2606:4700:3030::6815:5347, located in United States and belongs to CLOUDFLARENET, US. The main domain is best-russia-children.online.
TLS certificate: Issued by E1 on December 30th 2023. Valid for: 3 months.

This is the only time best-russia-children.online was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WhatsApp (Instant Messenger)

Domain & IP information

	IP Address	AS Autonomous System
2 14	2606:4700:303... 2606:4700:3030::6815:5347	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700:20:... 2606:4700:20::ac43:45e2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	4

14 2606:4700:3030::6815:5347 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

best-russia-children.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:45e2 (United States)

ASN13335 (CLOUDFLARENET, US)

ipapi.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	best-russia-children.online 2 redirects best-russia-children.online	98 KB
1	ipapi.co ipapi.co — Cisco Umbrella Rank: 16395	891 B
1	gstatic.com fonts.gstatic.com	48 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 28	2 KB
15	4

	Domain	Requested by
14	best-russia-children.online	2 redirects best-russia-children.online
1	ipapi.co	best-russia-children.online
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	best-russia-children.online
15	4

This site contains links to these domains. Also see Links.

Domain
faq.whatsapp.com

Subject Issuer	Validity	Valid
best-russia-children.online E1	`2023-12-30` - `2024-03-29`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-16` - `2024-04-15`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://best-russia-children.online/qrcode
Frame ID: F09563AECC072451D54D832F17B28363
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

WhatsApp

Page URL History Show full URLs

http://best-russia-children.online/ HTTP 301
https://best-russia-children.online/ HTTP 302
https://best-russia-children.online/qrcode Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

100 %
HTTPS

100 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

147 kB
Transfer

385 kB
Size

2
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://faq.whatsapp.com/1317564962315842?lang=ru
Title: Ready to give it a try, but need help?

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://best-russia-children.online/ HTTP 301
https://best-russia-children.online/ HTTP 302
https://best-russia-children.online/qrcode Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request qrcode Show response
best-russia-children.online/
Redirect Chain

http://best-russia-children.online/
https://best-russia-children.online/
https://best-russia-children.online/qrcode

10 KB
4 KB

194ms
193ms

Document
text/html

2606:4700:3030::6815:5347
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://best-russia-children.online/qrcode
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:5347 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e120005bc49d86018e3b1dbcb3bb07585bb283d651853a4462d61152ee3d9b80

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 84559588f8956f3f-CDG
content-encoding: br
content-type: text/html; charset=utf-8
date: Sun, 14 Jan 2024 11:36:56 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=STOzFeeWop9mv8or0JP9GMVsVJ%2BwExinzLLXXrdDiDc7m18OcYF1Y6VDzHob9mhnsgOcBd9Rr8ua3yvOPwXBrNMZRgtEzRvvuLMOiaMU22fJeHL9kNghJhICTEEdUpazqQhkH7DhsyVjVZIvf%2BYDSHG6tFNVVrSivIA%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Cookie

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 84559587eeee6f3f-CDG
content-type: text/html; charset=utf-8
date: Sun, 14 Jan 2024 11:36:56 GMT
location: /qrcode
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FBN9aywXdiBvpQhecj4N0bDhPFBKNnA%2B%2B9gc6y9NwKICQWdCv%2Fh5I7xuOZ6FKd%2FbkxZqQ%2BUc%2BIeZE64bcA1vGuy4LyB59nUHO0F9qz2mOazI0jthNSax%2FejHCwuMRjpmvGscV4cl4GJhD1NIVml%2F9VeqC%2BJPBUylzBo%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Cookie

GET
H3 200 qrcode.css
best-russia-children.online/static/css/themes/original/ 8 KB
3 KB 204ms
203ms Stylesheet
text/css 2606:4700:3030::6815:5347
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://best-russia-children.online/static/css/themes/original/qrcode.css
Requested by: Host: best-russia-children.online
URL: https://best-russia-children.online/qrcode
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:5347 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 07a4bc23acbcf6ba36e0bb3277718ae5fceb837b0c1bbd9df0ffc725adc183dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://best-russia-children.online/qrcode
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sun, 14 Jan 2024 11:36:56 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sat, 13 Jan 2024 09:32:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"1705138324.0357492-8549-342234137"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OUYZCKBkSdrC0jHkfxQg6%2BxBaWnC60wQkCNfc3V3hM9wCrapXFrlt1WI1gA5JuhxmqS6RILAqW%2FChme49OJHzuRrCtYqccZDt1deg2MmTxt0CRh468C4KCKpFOgjAPxMClJqZbO%2F%2F2VqzpwqDwZ3mgWWs1DBPPc%2Bb70%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: max-age=14400
content-disposition: inline; filename=qrcode.css
cf-ray: 8455958a284c3cdb-CDG
alt-svc: h3=":443"; ma=86400

GET
H3 200 socketio.js Show response
best-russia-children.online/static/js/lib/ 181 KB
37 KB 375ms
375ms Script
application/javascript 2606:4700:3030::6815:5347
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://best-russia-children.online/static/js/lib/socketio.js
Requested by: Host: best-russia-children.online
URL: https://best-russia-children.online/qrcode
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:5347 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 536e8e46ee0ff3ff8d6c560b3d3cb27f904acfb2d80700d0495ff38b3b10a5bd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://best-russia-children.online/qrcode
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sun, 14 Jan 2024 11:36:57 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sat, 13 Jan 2024 09:31:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"1705138294.5759335-184968-978587473"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IEXfTdHSKMUag0bTkGX7WHmqO3lan66zFcJZGamYKJgKrfVOxUZJv6FzL0x0jz78zxxoqHVUso%2B%2BmAqUjvFaGzhMn%2FRbkvCxsklW8b46cLboJ32e%2B6D5NlTJnZLnZR8qCmU5a%2B2p5bgQbOqq3zoOHJnUfevk%2BEfbcN8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
content-disposition: inline; filename=socketio.js
cf-ray: 8455958a284e3cdb-CDG
alt-svc: h3=":443"; ma=86400

GET
H3 200 jquery.js Show response
best-russia-children.online/static/js/lib/ 85 KB
31 KB 251ms
250ms Script
application/javascript 2606:4700:3030::6815:5347
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://best-russia-children.online/static/js/lib/jquery.js
Requested by: Host: best-russia-children.online
URL: https://best-russia-children.online/qrcode
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:5347 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f764efbb2cdb303e3019325d811225ead27d656f8b40390de427db1415dc56a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://best-russia-children.online/qrcode
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sun, 14 Jan 2024 11:36:56 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sat, 13 Jan 2024 09:31:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"1705138293.9519374-87461-471666320"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fjAl0Puyz6%2B%2BtNVGMRVCJh%2FVk9ogA%2BNLIKa39HHb%2Bc9DHfEdNOsUY6MoHTNqJfQq6yLPbtjJ4a%2BZKvo93ZSZ2lyKtZqek65%2Bb%2BvNtkqDICV0YRMKtAV2w09ojgisFe2J4D447%2F%2Bg%2FuOdfWbE9UhXhaNH6gu10PaDRn0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
content-disposition: inline; filename=jquery.js
cf-ray: 8455958a28513cdb-CDG
alt-svc: h3=":443"; ma=86400

GET
H3 200 functions.js Show response
best-russia-children.online/static/js/ 613 B
877 B 184ms
184ms Script
application/javascript 2606:4700:3030::6815:5347
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://best-russia-children.online/static/js/functions.js
Requested by: Host: best-russia-children.online
URL: https://best-russia-children.online/qrcode
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:5347 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae20d544ab123b95f670c2652e018a30047cf4130e59f756b8443c30dca6d685

Request headers

Referer: https://best-russia-children.online/qrcode
Origin: https://best-russia-children.online
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sun, 14 Jan 2024 11:36:56 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sat, 13 Jan 2024 09:31:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"1705138293.4959402-613-265948771"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SVp8Th5858K00aewDCe28ycSnCh7I7yAGilzVI%2BRfVJsZjDt4TDLe%2FvhvaPgsvbjvX9GMz8tH8SRAfziAfwiWpO1m4iwULxlI0MgtLymXlVBWBm18BJeZIvpf0dqc%2BDl4N9ppPRngzBI4A2tqUI7zmRsDHZjGTRmyjM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
content-disposition: inline; filename=functions.js
cf-ray: 8455958a28533cdb-CDG
alt-svc: h3=":443"; ma=86400

GET
H3 200 qrcode.js Show response
best-russia-children.online/static/js/ 1018 B
983 B 228ms
227ms Script
application/javascript 2606:4700:3030::6815:5347
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://best-russia-children.online/static/js/qrcode.js
Requested by: Host: best-russia-children.online
URL: https://best-russia-children.online/qrcode
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:5347 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f57a05ca9779e4c00a3466925be4108a385d685f553159c3081f6460f7d464e1

Request headers

Referer: https://best-russia-children.online/qrcode
Origin: https://best-russia-children.online
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sun, 14 Jan 2024 11:36:56 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sat, 13 Jan 2024 09:31:36 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"1705138296.391922-1018-3842837768"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HngHy2O%2Fne9KMMCqBT%2F8lCYmO0sHvihLARAYryEIVhOK33KvS%2B0CAReXI50eG9JXqHg7k7ihV7XOslGHhLRFAQAjVGPz17aRTgMu5vmdBd%2F3LV3LbEPzw8Rt1WnOdTby%2F7ztTEz1BXHRBmLO39R49tmv%2FD32AuWyz2s%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
content-disposition: inline; filename=qrcode.js
cf-ray: 8455958a28543cdb-CDG
alt-svc: h3=":443"; ma=86400

GET
H3 200 icon.svg
best-russia-children.online/static/img/svg/ 1 KB
1 KB 203ms
203ms Image
image/svg+xml 2606:4700:3030::6815:5347
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://best-russia-children.online/static/img/svg/icon.svg
Requested by: Host: best-russia-children.online
URL: https://best-russia-children.online/qrcode
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:5347 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 652d967810a29600aeee2f981002e147f19f9c344fbf15f1e6175a4b20b0a9bb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://best-russia-children.online/qrcode
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sun, 14 Jan 2024 11:36:56 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sat, 13 Jan 2024 09:31:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"1705138285.835988-1227-473173637"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wd6pp2gE%2B1zSQOHtAetwg3MQsxbUyz6wnSJKK22Ozxbgg6mqOb51DgyuJTl68hX0tDPrtgtIVJG%2F%2FgWRR%2Bw1hYaZiua%2FF4B%2B9JYgbt%2BCiiR9IMfeeq2IDCX1U9oqhxzCgE2o25f2jA6XcJG2oBw7MRejRdYPMhxq6n8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml; charset=utf-8
cache-control: max-age=14400
content-disposition: inline; filename=icon.svg
cf-ray: 8455958a28553cdb-CDG
alt-svc: h3=":443"; ma=86400

GET
H3 200 video.png
best-russia-children.online/static/img/themes/original/ 16 KB
16 KB 220ms
220ms Image
image/png 2606:4700:3030::6815:5347
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://best-russia-children.online/static/img/themes/original/video.png
Requested by: Host: best-russia-children.online
URL: https://best-russia-children.online/qrcode
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:5347 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://best-russia-children.online/qrcode
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sun, 14 Jan 2024 11:36:56 GMT
cf-cache-status: MISS
last-modified: Sat, 13 Jan 2024 09:31:28 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "1705138288.4359717-16259-4275770274"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JQSMvK85mz3jG0OacTum8V%2FQv9eWSp%2FkxnTmcmn%2FZ06vaYVbMfLFdmD2NvgJ79E61bhOYlrmJNvc0STT3DTp1xQB6aUsn%2F9grJavkZM%2B%2FDDr%2BSrHPwM2lvj%2BPGfnhrLnxwQSWgTgauEWEhT2xhOHaayUC3i%2FeArB2B0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
content-disposition: inline; filename=video.png
accept-ranges: bytes
cf-ray: 8455958a48743cdb-CDG
alt-svc: h3=":443"; ma=86400
content-length: 16259

GET
H2 200 css2
fonts.googleapis.com/ 34 KB
2 KB 40ms
15ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Open+Sans:wght@300;400;500;600;700;800&display=swap

Requested by

Host: best-russia-children.online
URL: https://best-russia-children.online/static/css/themes/original/qrcode.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d7f92fca171404f4c87d2cf676ae9ba011e869e03410a9cbc1e0e47a3c32406e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://best-russia-children.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 14 Jan 2024 11:36:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 14 Jan 2024 09:59:06 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 14 Jan 2024 11:36:56 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 47 KB
48 KB 32ms
7ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:wght@300;400;500;600;700;800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://best-russia-children.online
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 12:05:18 GMT
x-content-type-options: nosniff
age: 171099
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48236
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 11 Jan 2025 12:05:18 GMT

GET
H3 200 / Show response
best-russia-children.online/socket.io/ 97 B
542 B 112ms
112ms XHR
text/plain 2606:4700:3030::6815:5347
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://best-russia-children.online/socket.io/?EIO=4&transport=polling&t=Oq7mhGH
Requested by: Host: best-russia-children.online
URL: https://best-russia-children.online/static/js/lib/socketio.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:5347 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3dbecc48dab4994fe4845f55f2d7139ae04e146efd8199212f64c8bf01f2116d

Request headers

Accept: */*
Referer: https://best-russia-children.online/qrcode
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sun, 14 Jan 2024 11:36:57 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yk75QQBxXJLiI7Cci%2FStSNOqdd5oQPDAah%2BTQS3lKR6YA3qxe5gyNdpy2TQJMNke%2B%2BehPjrkVc9LHxYhFEhDGNz1nZbNKbhpDFFWx%2BP9Rrm%2BdgUoOXqgnFbhS4%2FPcaWYrS9iY8tEgwoAR4Medu0JxcoyBIBm%2Bc%2B3Rqc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
access-control-allow-credentials: true
cf-ray: 8455958cfc6d3cdb-CDG
alt-svc: h3=":443"; ma=86400

GET
H2 200 / Show response
ipapi.co/json/ 743 B
891 B 244ms
215ms Fetch
application/json 2606:4700:20::ac43:45e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ipapi.co/json/

Requested by

Host: best-russia-children.online
URL: https://best-russia-children.online/static/js/functions.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700:20::ac43:45e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

814b7b323ad78952d9d363ff881f59dd3ff58b87bc37ca3ad124ee5a88c5e7d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://best-russia-children.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sun, 14 Jan 2024 11:36:57 GMT
content-encoding: br
x-content-type-options: nosniff
referrer-policy: same-origin
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Host, origin
allow: OPTIONS, OPTIONS, POST, HEAD, GET
content-type: application/json
access-control-allow-origin: https://best-russia-children.online
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8E8i3HYNocRZoxe2yQ36VpmONCjpRcCJTrqwAcmbi3xf4NImhdO6MPRnBGvCfgIVwxg3gRwReYK%2Buc%2FllFBhjb9bzAaZdAEBKDanL5CI70wlZ4iYwIfe4aJdfd5%2FhvSmnhlMnwCo"}],"group":"cf-nel","max_age":604800}
x-frame-options: DENY
cf-ray: 8455958d2ba4bbcb-FRA

POST
H3 200 / Show response
best-russia-children.online/socket.io/ 2 B
456 B 94ms
94ms XHR
text/plain 2606:4700:3030::6815:5347
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://best-russia-children.online/socket.io/?EIO=4&transport=polling&t=Oq7mhIY&sid=jJ5U8dS71sowFCnzAAMA
Requested by: Host: best-russia-children.online
URL: https://best-russia-children.online/static/js/lib/socketio.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:5347 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Accept: */*
Referer: https://best-russia-children.online/qrcode
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-type: text/plain;charset=UTF-8

Response headers

date: Sun, 14 Jan 2024 11:36:57 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UjSV5Fkum%2BwP12QkUagrtXS8UESKDQ0x3iPwjX5GFQ5nLLf5FdeIilPOjG0BDrgsNF%2BSwqUDT6msmJqa%2FoIrKyC%2BjuZOZmGPYOxCqGUO7oMD9XRhPJBZ2WEDE2mejXYMrx4FexXFNcXeBzrr3qfRx1BW8fT6noU%2By04%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://best-russia-children.online
access-control-allow-credentials: true
cf-ray: 8455958dddac3cdb-CDG
alt-svc: h3=":443"; ma=86400

GET
H3 200 / Show response
best-russia-children.online/socket.io/ 1 B
447 B 97ms
97ms XHR
text/plain 2606:4700:3030::6815:5347
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://best-russia-children.online/socket.io/?EIO=4&transport=polling&t=Oq7mhIZ&sid=jJ5U8dS71sowFCnzAAMA
Requested by: Host: best-russia-children.online
URL: https://best-russia-children.online/static/js/lib/socketio.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:5347 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e7f6c011776e8db7cd330b54174fd76f7d0216b612387a5ffcfb81e6f0919683

Request headers

Accept: */*
Referer: https://best-russia-children.online/qrcode
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sun, 14 Jan 2024 11:36:57 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=apqi0EnJvtycrQUFOGvT%2BDhAtSSHwfnnQMBG0iiECFZDUe0xcNP%2Fb3RYT2BP19UDyiHdKmKfY0OxLIS7IB4I2oxMI2n56qtTJaqdgPFojO2u%2FgQujkMqbEJmfWUBX2vJDh%2BblBS%2B5MddRYyTkrYgX6Ythe%2BUx3Lh33M%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
access-control-allow-credentials: true
cf-ray: 8455958dddae3cdb-CDG
alt-svc: h3=":443"; ma=86400

GET
H3 200 / Show response
best-russia-children.online/socket.io/ 1 B
447 B 105ms
105ms XHR
text/plain 2606:4700:3030::6815:5347
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://best-russia-children.online/socket.io/?EIO=4&transport=polling&t=Oq7mhKQ&sid=jJ5U8dS71sowFCnzAAMA
Requested by: Host: best-russia-children.online
URL: https://best-russia-children.online/static/js/lib/socketio.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:5347 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e7f6c011776e8db7cd330b54174fd76f7d0216b612387a5ffcfb81e6f0919683

Request headers

Accept: */*
Referer: https://best-russia-children.online/qrcode
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sun, 14 Jan 2024 11:36:57 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CE%2B0lTcgPIW%2FpU4w4joCLztlzJsMXS0KptpT%2FOo2N%2FPXYnVZdzRcsW6fpzsJmevmqtRzOnrGiGRqnJRPohNwBmUEC83uMfAf9m4F2KmRyXXZ5C%2BX5naDxmsazej4YOKeIaeMHql6tWZ%2FoZJMA2U2izUqzEevClMhxRs%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
access-control-allow-credentials: true
cf-ray: 8455958e9ea93cdb-CDG
alt-svc: h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WhatsApp (Instant Messenger)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| io function| $ function| jQuery

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			best-russia-children.online/	1969-12-31 23:59:59	Name: template Value: default
			best-russia-children.online/	1969-12-31 23:59:59	Name: session Value: eyJfZnJlc2giOmZhbHNlLCJmcm9udF9sYW5ndWFnZSI6bnVsbH0.ZaPHWA.CTAX5CIq-fs7TC0J56HtB-Vm81w

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

best-russia-children.online
fonts.googleapis.com
fonts.gstatic.com
ipapi.co
2606:4700:20::ac43:45e2
2606:4700:3030::6815:5347
2a00:1450:4001:806::200a
2a00:1450:4001:811::2003
07a4bc23acbcf6ba36e0bb3277718ae5fceb837b0c1bbd9df0ffc725adc183dc
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
3dbecc48dab4994fe4845f55f2d7139ae04e146efd8199212f64c8bf01f2116d
536e8e46ee0ff3ff8d6c560b3d3cb27f904acfb2d80700d0495ff38b3b10a5bd
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
652d967810a29600aeee2f981002e147f19f9c344fbf15f1e6175a4b20b0a9bb
814b7b323ad78952d9d363ff881f59dd3ff58b87bc37ca3ad124ee5a88c5e7d0
8f764efbb2cdb303e3019325d811225ead27d656f8b40390de427db1415dc56a
ae20d544ab123b95f670c2652e018a30047cf4130e59f756b8443c30dca6d685
d7f92fca171404f4c87d2cf676ae9ba011e869e03410a9cbc1e0e47a3c32406e
d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994
e120005bc49d86018e3b1dbcb3bb07585bb283d651853a4462d61152ee3d9b80
e7f6c011776e8db7cd330b54174fd76f7d0216b612387a5ffcfb81e6f0919683
f57a05ca9779e4c00a3466925be4108a385d685f553159c3081f6460f7d464e1

best-russia-children.online Open in urlscan Pro 2606:4700:3030::6815:5347 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

100 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

147 kBTransfer

385 kBSize

2 Cookies

1 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

2 Cookies

Indicators

best-russia-children.online Open in urlscan Pro
2606:4700:3030::6815:5347 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

100 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

147 kB
Transfer

385 kB
Size

2
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!