en.baikal-planet.ru Open in urlscan Pro
81.177.140.121  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response en.baikal-planet.ru/modules/locale/tests/translations/YY2X92NBPQSOK96123VVPSKOFDOCKCkKOAfr/	2 KB 1 KB	377ms 188ms	Document text/html	81.177.140.121 RTCOMM-AS
General Check archive.org Show headers Download Go to Full URL http://en.baikal-planet.ru/modules/locale/tests/translations/YY2X92NBPQSOK96123VVPSKOFDOCKCkKOAfr/ Protocol HTTP/1.1 Server 81.177.140.121 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU), Reverse DNS Software Jino.ru/mod_pizza / Resource Hash a128fb1545d3342544c7b05f795e565fca6d9458cd198558bc267e25c5d746a7 Security Headers Name Value X-Content-Type-Options nosniff Request headers Host en.baikal-planet.ru Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 11 Sep 2020 19:35:04 GMT Content-Type text/html; charset=UTF-8 Content-Length 1195 Connection keep-alive Server Jino.ru/mod_pizza X-Content-Type-Options nosniff Vary Accept-Encoding Content-Encoding gzip
GET		log.css en.baikal-planet.ru/modules/locale/tests/translations/YY2X92NBPQSOK96123VVPSKOFDOCKCkKOAfr/cs/xBanana/lib/css/	0 0
GET H2	200	api.js Show response www.google.com/recaptcha/	736 B 551 B	16ms 15ms	Script text/javascript	2a00:1450:4001:814::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api.js Requested by Host: en.baikal-planet.ru URL: http://en.baikal-planet.ru/modules/locale/tests/translations/YY2X92NBPQSOK96123VVPSKOFDOCKCkKOAfr/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:814::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash b38e3464dee0d0f1007c2c1195c69202c8212455c982d1fddf214b8aeedcb417 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer http://en.baikal-planet.ru/modules/locale/tests/translations/YY2X92NBPQSOK96123VVPSKOFDOCKCkKOAfr/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 11 Sep 2020 19:35:04 GMT content-encoding gzip x-content-type-options nosniff server GSE x-frame-options SAMEORIGIN content-type text/javascript; charset=UTF-8 status 200 cache-control private, max-age=300 cross-origin-resource-policy cross-origin content-security-policy frame-ancestors 'self' alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 463 x-xss-protection 1; mode=block expires Fri, 11 Sep 2020 19:35:04 GMT
GET H/1.1	200 OK	pp.svg en.baikal-planet.ru/modules/locale/tests/translations/YY2X92NBPQSOK96123VVPSKOFDOCKCkKOAfr/cs/xBanana/lib/img/	4 KB 5 KB	544ms 510ms	Image image/svg+xml	81.177.140.121 RTCOMM-AS
General Check archive.org Show headers Download Go to Show image Full URL http://en.baikal-planet.ru/modules/locale/tests/translations/YY2X92NBPQSOK96123VVPSKOFDOCKCkKOAfr/cs/xBanana/lib/img/pp.svg Requested by Host: en.baikal-planet.ru URL: http://en.baikal-planet.ru/modules/locale/tests/translations/YY2X92NBPQSOK96123VVPSKOFDOCKCkKOAfr/ Protocol HTTP/1.1 Server 81.177.140.121 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU), Reverse DNS Software Jino.ru/mod_pizza / Resource Hash 85816cdb3190281e1d4ce7ef9bb5688a68ed4e1d43fa366ba2197680e528e490 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer http://en.baikal-planet.ru/modules/locale/tests/translations/YY2X92NBPQSOK96123VVPSKOFDOCKCkKOAfr/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 11 Sep 2020 19:35:04 GMT X-Content-Type-Options nosniff Last-Modified Wed, 24 Jul 2019 03:00:01 GMT Server Jino.ru/mod_pizza ETag "7a60ed5-114e-58e6481510e40" Content-Type image/svg+xml Cache-Control max-age=1209600 Connection keep-alive Accept-Ranges bytes Content-Length 4430 Expires Fri, 25 Sep 2020 19:35:04 GMT
GET H2	200	recaptcha__en.js Show response www.gstatic.com/recaptcha/releases/iSHzt4kCrNgSxGUYDFqaZAL9/	336 KB 132 KB	6ms 6ms	Script text/javascript	2a00:1450:4001:815::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/iSHzt4kCrNgSxGUYDFqaZAL9/recaptcha__en.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 854f7a7915f240546d3950dd2b067466da13c013d04a3f8c790880c58ec61151 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer http://en.baikal-planet.ru/modules/locale/tests/translations/YY2X92NBPQSOK96123VVPSKOFDOCKCkKOAfr/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Tue, 08 Sep 2020 15:45:21 GMT content-encoding gzip x-content-type-options nosniff last-modified Mon, 07 Sep 2020 04:06:55 GMT server sffe age 272983 vary Accept-Encoding content-type text/javascript status 200 cache-control public, max-age=31536000 accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 134800 x-xss-protection 0 expires Wed, 08 Sep 2021 15:45:21 GMT
GET H/1.1	200 OK	bck.jpeg en.baikal-planet.ru/modules/locale/tests/translations/YY2X92NBPQSOK96123VVPSKOFDOCKCkKOAfr/cs/xBanana/lib/img/	156 KB 157 KB	268ms 268ms	Image image/jpeg	81.177.140.121 RTCOMM-AS
General Check archive.org Show headers Download Go to Show image Full URL http://en.baikal-planet.ru/modules/locale/tests/translations/YY2X92NBPQSOK96123VVPSKOFDOCKCkKOAfr/cs/xBanana/lib/img/bck.jpeg Requested by Host: en.baikal-planet.ru URL: http://en.baikal-planet.ru/modules/locale/tests/translations/YY2X92NBPQSOK96123VVPSKOFDOCKCkKOAfr/ Protocol HTTP/1.1 Server 81.177.140.121 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU), Reverse DNS Software Jino.ru/mod_pizza / Resource Hash 19455abeb5d16262ebc0ad8c9d07c8e7832510dabc6bc821937b7e22b51c5004 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer http://en.baikal-planet.ru/modules/locale/tests/translations/YY2X92NBPQSOK96123VVPSKOFDOCKCkKOAfr/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 11 Sep 2020 19:35:05 GMT X-Content-Type-Options nosniff Last-Modified Wed, 24 Jul 2019 02:58:32 GMT Server Jino.ru/mod_pizza ETag "7a60ec6-270e8-58e647c030600" Content-Type image/jpeg Cache-Control max-age=1209600 Connection keep-alive Accept-Ranges bytes Content-Length 159976 Expires Fri, 25 Sep 2020 19:35:05 GMT
GET H3-Q050	200	anchor www.google.com/recaptcha/api2/ Frame 06AE	0 0	49ms 49ms	Document text/html	2a00:1450:4001:814::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdJ4bgUAAAAALd-V5YSdgMt8HEG0P4bgmP-H7HQ&co=aHR0cDovL2VuLmJhaWthbC1wbGFuZXQucnU6ODA.&hl=en&v=iSHzt4kCrNgSxGUYDFqaZAL9&size=normal&cb=7lacr27qtte2 Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/releases/iSHzt4kCrNgSxGUYDFqaZAL9/recaptcha__en.js Protocol H3-Q050 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:814::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-Kxv3sEK1mWBiupQoCHFnNw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers :method GET :authority www.google.com :scheme https :path /recaptcha/api2/anchor?ar=1&k=6LdJ4bgUAAAAALd-V5YSdgMt8HEG0P4bgmP-H7HQ&co=aHR0cDovL2VuLmJhaWthbC1wbGFuZXQucnU6ODA.&hl=en&v=iSHzt4kCrNgSxGUYDFqaZAL9&size=normal&cb=7lacr27qtte2 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer http://en.baikal-planet.ru/modules/locale/tests/translations/YY2X92NBPQSOK96123VVPSKOFDOCKCkKOAfr/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer http://en.baikal-planet.ru/modules/locale/tests/translations/YY2X92NBPQSOK96123VVPSKOFDOCKCkKOAfr/ Response headers status 200 content-type text/html; charset=utf-8 cache-control no-cache, no-store, max-age=0, must-revalidate pragma no-cache expires Mon, 01 Jan 1990 00:00:00 GMT date Fri, 11 Sep 2020 19:35:05 GMT content-security-policy script-src 'report-sample' 'nonce-Kxv3sEK1mWBiupQoCHFnNw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-encoding gzip x-content-type-options nosniff x-xss-protection 1; mode=block content-length 10631 server GSE alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3-Q050	200	bframe www.google.com/recaptcha/api2/ Frame 3196	0 0	20ms 20ms	Document text/html	2a00:1450:4001:814::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/bframe?hl=en&v=iSHzt4kCrNgSxGUYDFqaZAL9&k=6LdJ4bgUAAAAALd-V5YSdgMt8HEG0P4bgmP-H7HQ&cb=2ps3zyirkpyd Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/releases/iSHzt4kCrNgSxGUYDFqaZAL9/recaptcha__en.js Protocol H3-Q050 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:814::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-9+HdCraoi8pu1QTAsv9gHQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers :method GET :authority www.google.com :scheme https :path /recaptcha/api2/bframe?hl=en&v=iSHzt4kCrNgSxGUYDFqaZAL9&k=6LdJ4bgUAAAAALd-V5YSdgMt8HEG0P4bgmP-H7HQ&cb=2ps3zyirkpyd pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer http://en.baikal-planet.ru/modules/locale/tests/translations/YY2X92NBPQSOK96123VVPSKOFDOCKCkKOAfr/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer http://en.baikal-planet.ru/modules/locale/tests/translations/YY2X92NBPQSOK96123VVPSKOFDOCKCkKOAfr/ Response headers status 200 content-type text/html; charset=utf-8 cache-control no-cache, no-store, max-age=0, must-revalidate pragma no-cache expires Mon, 01 Jan 1990 00:00:00 GMT date Fri, 11 Sep 2020 19:35:05 GMT content-security-policy script-src 'report-sample' 'nonce-9+HdCraoi8pu1QTAsv9gHQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-encoding gzip x-content-type-options nosniff x-xss-protection 1; mode=block content-length 1176 server GSE alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

en.baikal-planet.ru

URL

http://en.baikal-planet.ru/modules/locale/tests/translations/YY2X92NBPQSOK96123VVPSKOFDOCKCkKOAfr/cs/xBanana/lib/css/log.css

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client function| correctCaptcha object| recaptcha object| closure_lm_746104

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

en.baikal-planet.ru
www.google.com
www.gstatic.com
en.baikal-planet.ru
2a00:1450:4001:814::2004
2a00:1450:4001:815::2003
81.177.140.121
19455abeb5d16262ebc0ad8c9d07c8e7832510dabc6bc821937b7e22b51c5004
854f7a7915f240546d3950dd2b067466da13c013d04a3f8c790880c58ec61151
85816cdb3190281e1d4ce7ef9bb5688a68ed4e1d43fa366ba2197680e528e490
a128fb1545d3342544c7b05f795e565fca6d9458cd198558bc267e25c5d746a7
b38e3464dee0d0f1007c2c1195c69202c8212455c982d1fddf214b8aeedcb417