urlscan.io logo urlscan.io
SecurityTrails logo

best-picture.pp.ru Open in urlscan Pro
195.54.174.17  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://best-picture.pp.ru/
Submission: On January 19 via manual from IL — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 3 countries across 5 domains to perform 18 HTTP transactions. The main IP is 195.54.174.17, located in Amsterdam, Netherlands and belongs to SCALAXY-AS, NL. The main domain is best-picture.pp.ru.
This is the only time best-picture.pp.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telegram (Instant Messenger)

Domain & IP information

IP Address AS Autonomous System
1 195.54.174.17 58061 (SCALAXY-AS)
1 2 2606:4700::68... 13335 (CLOUDFLAR...)
9 45.15.156.25 211409 (GALAXY-AS)
1 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
4 2a00:1450:400... 15169 (GOOGLE)
18 7
1    195.54.174.17 (Amsterdam, Netherlands)

ASN58061 (SCALAXY-AS, NL)
best-picture.pp.ru
2    2606:4700::6810:7eaf (United States)

ASN13335 (CLOUDFLARENET, US)
unpkg.com
9    45.15.156.25 (Netherlands)

ASN211409 (GALAXY-AS, RU)
45.15.156.25
1    2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
4    2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
4 gstatic.com
fonts.gstatic.com
51 KB
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 199
166 KB
2 unpkg.com
unpkg.com — Cisco Umbrella Rank: 767
3 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35
2 KB
1 pp.ru
best-picture.pp.ru
1 KB
18 5
Domain Requested by
4 fonts.gstatic.com fonts.googleapis.com
2 cdnjs.cloudflare.com 45.15.156.25
cdnjs.cloudflare.com
2 unpkg.com 1 redirects best-picture.pp.ru
1 fonts.googleapis.com 45.15.156.25
1 best-picture.pp.ru
18 5

This site contains no links.

Subject Issuer Validity Valid
upload.video.google.com
GTS CA 1C3		 2023-01-02 -
2023-03-27		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-08-03 -
2023-08-02		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2023-01-02 -
2023-03-27		 3 months crt.sh

This page contains 2 frames:

Primary Page: http://best-picture.pp.ru/
Frame ID: 6D3E60480023117018B7C37D979B30C2
Requests: 2 HTTP requests in this frame

Frame: http://45.15.156.25:3005/
Frame ID: DAECAA7EBC29C189A2943E23382E5A7F
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Telegram

Detected technologies

Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

18
Requests

39 %
HTTPS

67 %
IPv6

5
Domains

5
Subdomains

7
IPs

3
Countries

544 kB
Transfer

647 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://unpkg.com/@vkontakte/vk-bridge/dist/browser.min.js HTTP 302
  • https://unpkg.com/@vkontakte/vk-bridge@2.7.2/dist/browser.min.js

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
best-picture.pp.ru/ 		859 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://best-picture.pp.ru/
Protocol
HTTP/1.1
Server
195.54.174.17 Amsterdam, Netherlands, ASN58061 (SCALAXY-AS, NL),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
bc9f62d4a8fd295c0063f0d739c80c358e265afdf4a331ae72c5349dfec1188f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Thu, 19 Jan 2023 15:06:02 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Pragma
no-cache
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
browser.min.js
unpkg.com/@vkontakte/vk-bridge@2.7.2/dist/
Redirect Chain
  • https://unpkg.com/@vkontakte/vk-bridge/dist/browser.min.js
  • https://unpkg.com/@vkontakte/vk-bridge@2.7.2/dist/browser.min.js
5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/@vkontakte/vk-bridge@2.7.2/dist/browser.min.js
Requested by
Host: best-picture.pp.ru
URL: http://best-picture.pp.ru/
Protocol
H2
Server
2606:4700::6810:7eaf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ecbb52f5f45afa902db0d75ba3f6ef7e542758534fd3f312f3354dadc15d7077
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://best-picture.pp.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Thu, 19 Jan 2023 15:06:16 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
4779490
last-modified
Fri, 25 Nov 2022 07:20:46 GMT
fly-request-id
01GJPTZDA55B9GEEFF463GKD86-fra
server
cloudflare
etag
W/"1473-nYRSZVvaU1d1wFLNwVvcOlj8Uu4"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
78c0792d8ac6903a-FRA

Redirect headers

date
Thu, 19 Jan 2023 15:06:16 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
fly-request-id
01GQ5917VX0CCTZRZ0C0PA75T1-fra
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
13
vary
Accept, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
location
/@vkontakte/vk-bridge@2.7.2/dist/browser.min.js
cache-control
public, s-maxage=600, max-age=60
cf-ray
78c0792d5a6e903a-FRA
/
45.15.156.25/ Frame DAEC 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://45.15.156.25:3005/
Requested by
Host: best-picture.pp.ru
URL: http://best-picture.pp.ru/
Protocol
HTTP/1.1
Server
45.15.156.25 , Netherlands, ASN211409 (GALAXY-AS, RU),
Reverse DNS
Software
/ Express
Resource Hash
921df72e037f5d1e0c4ffea15004d205ea7e957814834875b2cc3aef485df93b

Request headers

Referer
http://best-picture.pp.ru/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
public, max-age=0
Connection
keep-alive
Content-Length
1188
Content-Type
text/html; charset=UTF-8
Date
Thu, 19 Jan 2023 15:06:16 GMT
ETag
W/"4a4-185a7d888c0"
Keep-Alive
timeout=5
Last-Modified
Thu, 12 Jan 2023 21:17:44 GMT
X-Powered-By
Express
css2
fonts.googleapis.com/ Frame DAEC 		26 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&display=swap
Requested by
Host: 45.15.156.25
URL: http://45.15.156.25:3005/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
cc140ef1e7c5d527ebb4e2e73107909cd646fd0bbdb10ebad305166c8c1b5204
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://45.15.156.25:3005/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 19 Jan 2023 15:06:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 19 Jan 2023 14:02:41 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 19 Jan 2023 15:06:16 GMT
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/ Frame DAEC 		99 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/all.min.css
Requested by
Host: 45.15.156.25
URL: http://45.15.156.25:3005/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
01b035efb5dfa529c512f82962ed633328222da6f33c224244806d4798c67349
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
Origin
http://45.15.156.25:3005
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Thu, 19 Jan 2023 15:06:16 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
280242
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
18688
last-modified
Tue, 30 Aug 2022 20:09:06 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"630e6e62-4900"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O6Fi4rf%2B6rz1msrfiM4BSceZ4WKBTPXZIDMUPKiJ3HK9J5NlQzvV%2FwDsht02%2BBAjoB%2FYri8ZtwtbutVqlLi1wvz2VIcd6hF6uyH6wjvG7C4YD4%2FsmBRXdSjAtQ9JB%2FhkwDfvLZF7CxUwLfDKBr2qA4Jf"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
78c0792dfbd3bbdf-FRA
expires
Tue, 09 Jan 2024 15:06:16 GMT
main.d3af97f4.js
45.15.156.25/static/js/ Frame DAEC 		224 KB
224 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://45.15.156.25:3005/static/js/main.d3af97f4.js
Requested by
Host: 45.15.156.25
URL: http://45.15.156.25:3005/
Protocol
HTTP/1.1
Server
45.15.156.25 , Netherlands, ASN211409 (GALAXY-AS, RU),
Reverse DNS
Software
/ Express
Resource Hash
8b80e4ea7a89afb0e0963675035b3d4d7ac5f3962056a8c67eb2d8c87e36abb5

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://45.15.156.25:3005/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date
Thu, 19 Jan 2023 15:06:16 GMT
Last-Modified
Thu, 12 Jan 2023 21:17:44 GMT
X-Powered-By
Express
ETag
W/"380ac-185a7d888c0"
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
229548
main.75e575e9.css
45.15.156.25/static/css/ Frame DAEC 		7 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://45.15.156.25:3005/static/css/main.75e575e9.css
Requested by
Host: 45.15.156.25
URL: http://45.15.156.25:3005/
Protocol
HTTP/1.1
Server
45.15.156.25 , Netherlands, ASN211409 (GALAXY-AS, RU),
Reverse DNS
Software
/ Express
Resource Hash
0645a9af0d50fd57c91fbed388d18001fa0b0e86b2cd1d1e79a38c9db04e66fa

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://45.15.156.25:3005/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date
Thu, 19 Jan 2023 15:06:16 GMT
Last-Modified
Thu, 12 Jan 2023 21:17:44 GMT
X-Powered-By
Express
ETag
W/"1bbd-185a7d888c0"
Content-Type
text/css; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
7101
/
45.15.156.25/socket.io/ Frame DAEC 		118 B
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://45.15.156.25:3005/socket.io/?EIO=4&transport=polling&t=ONAaFac
Requested by
Host: 45.15.156.25
URL: http://45.15.156.25:3005/static/js/main.d3af97f4.js
Protocol
HTTP/1.1
Server
45.15.156.25 , Netherlands, ASN211409 (GALAXY-AS, RU),
Reverse DNS
Software
/
Resource Hash
d329a3f2b6d6bff6094ab0fa3af2a363d85b23c6f26205e7f01439b3bfeea252

Request headers

Accept
*/*
Referer
http://45.15.156.25:3005/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 19 Jan 2023 15:06:16 GMT
Connection
keep-alive
Keep-Alive
timeout=5
Content-Length
118
Content-Type
text/plain; charset=UTF-8
monkey.f1b7095a64507f3ce88c.png
45.15.156.25/static/media/ Frame DAEC 		37 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://45.15.156.25:3005/static/media/monkey.f1b7095a64507f3ce88c.png
Protocol
HTTP/1.1
Server
45.15.156.25 , Netherlands, ASN211409 (GALAXY-AS, RU),
Reverse DNS
Software
/ Express
Resource Hash
584c3d655eb1c3db86d25d66a891bf25afe19678d7c52b645e143f7b61e2427b

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://45.15.156.25:3005/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date
Thu, 19 Jan 2023 15:06:16 GMT
Last-Modified
Thu, 12 Jan 2023 21:17:44 GMT
X-Powered-By
Express
ETag
W/"9509-185a7d888c0"
Content-Type
image/png
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
38153
truncated
/ Frame DAEC 		790 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6db5eddd6353588db0969dd2ac86e0c95f0679b8fccceb081775d92b06c07251

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://45.15.156.25:3005/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/png
monkey_2.9a0229fd27242547eedd.png
45.15.156.25/static/media/ Frame DAEC 		49 KB
50 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://45.15.156.25:3005/static/media/monkey_2.9a0229fd27242547eedd.png
Protocol
HTTP/1.1
Server
45.15.156.25 , Netherlands, ASN211409 (GALAXY-AS, RU),
Reverse DNS
Software
/ Express
Resource Hash
36233c81afe8b202b22167c68fced27aa49678c6a8749f353debc951370e77a7

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://45.15.156.25:3005/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date
Thu, 19 Jan 2023 15:06:16 GMT
Last-Modified
Thu, 12 Jan 2023 21:17:44 GMT
X-Powered-By
Express
ETag
W/"c50c-185a7d888c0"
Content-Type
image/png
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
50444
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame DAEC 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
http://45.15.156.25:3005
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Sat, 14 Jan 2023 09:07:05 GMT
x-content-type-options
nosniff
age
453551
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15920
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 14 Jan 2024 09:07:05 GMT
KFOmCnqEu92Fr1Mu5mxKOzY.woff2
fonts.gstatic.com/s/roboto/v30/ Frame DAEC 		9 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
http://45.15.156.25:3005
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Thu, 19 Jan 2023 12:01:13 GMT
x-content-type-options
nosniff
age
11103
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9628
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 19 Jan 2024 12:01:13 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame DAEC 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
http://45.15.156.25:3005
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Thu, 12 Jan 2023 19:42:15 GMT
x-content-type-options
nosniff
age
588241
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 12 Jan 2024 19:42:15 GMT
fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/webfonts/ Frame DAEC 		147 KB
147 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/webfonts/fa-solid-900.woff2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/all.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c9a438a1d3a109908882ad66e9cb5c42d446741f36177159a8f8a7a6b6b37d6b
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/all.min.css
Origin
http://45.15.156.25:3005
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Thu, 19 Jan 2023 15:06:16 GMT
strict-transport-security
max-age=15780000
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1099787
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
150472
last-modified
Tue, 30 Aug 2022 20:09:06 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"630e6e62-24bc8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QpzTWk953QhXtoza9DB6wfDYKIgcxgvVTGzTg5jeVAT3VzNZhnOarjfKrxFw2SnOBANNHhzFHTl9MQGUzG%2BArH0EbPJtCKh3JwU5GULqsw%2FIupB80%2FRVEpxvrw1g4rz1irPkSHpwVE76GhE2ZanKO6iV"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
78c0792ecd92bbdf-FRA
expires
Tue, 09 Jan 2024 15:06:16 GMT
KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ Frame DAEC 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3728fbdd191d75bad5b83a838dfe2fc15f84c2aaa36ffa573321275847db31a9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
http://45.15.156.25:3005
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Sat, 14 Jan 2023 12:15:45 GMT
x-content-type-options
nosniff
age
442231
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9840
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:39 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 14 Jan 2024 12:15:45 GMT
/
45.15.156.25/socket.io/ Frame DAEC 		2 B
181 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://45.15.156.25:3005/socket.io/?EIO=4&transport=polling&t=ONAaFb7&sid=0Qy_PV2GA_YccrBYAABU
Requested by
Host: 45.15.156.25
URL: http://45.15.156.25:3005/static/js/main.d3af97f4.js
Protocol
HTTP/1.1
Server
45.15.156.25 , Netherlands, ASN211409 (GALAXY-AS, RU),
Reverse DNS
Software
/
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Accept
*/*
Referer
http://45.15.156.25:3005/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 19 Jan 2023 15:06:16 GMT
Connection
keep-alive
Keep-Alive
timeout=5
Content-Length
2
Content-Type
text/html
/
45.15.156.25/socket.io/ Frame DAEC 		32 B
228 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://45.15.156.25:3005/socket.io/?EIO=4&transport=polling&t=ONAaFb8&sid=0Qy_PV2GA_YccrBYAABU
Requested by
Host: 45.15.156.25
URL: http://45.15.156.25:3005/static/js/main.d3af97f4.js
Protocol
HTTP/1.1
Server
45.15.156.25 , Netherlands, ASN211409 (GALAXY-AS, RU),
Reverse DNS
Software
/
Resource Hash
cc4c17ddf7a607e1f2f26c4406b0d1c3f30d71a67503c10d20b673d06e17c024

Request headers

Accept
*/*
Referer
http://45.15.156.25:3005/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 19 Jan 2023 15:06:16 GMT
Connection
keep-alive
Keep-Alive
timeout=5
Content-Length
32
Content-Type
text/plain; charset=UTF-8
/
45.15.156.25/socket.io/ Frame DAEC 		1 B
196 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://45.15.156.25:3005/socket.io/?EIO=4&transport=polling&t=ONAaFc8&sid=0Qy_PV2GA_YccrBYAABU
Requested by
Host: 45.15.156.25
URL: http://45.15.156.25:3005/static/js/main.d3af97f4.js
Protocol
HTTP/1.1
Server
45.15.156.25 , Netherlands, ASN211409 (GALAXY-AS, RU),
Reverse DNS
Software
/
Resource Hash
e7f6c011776e8db7cd330b54174fd76f7d0216b612387a5ffcfb81e6f0919683

Request headers

Accept
*/*
Referer
http://45.15.156.25:3005/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 19 Jan 2023 15:06:16 GMT
Connection
keep-alive
Keep-Alive
timeout=5
Content-Length
1
Content-Type
text/plain; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telegram (Instant Messenger)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontentvisibilityautostatechange object| vkConnect object| vkBridge

3 Cookies

Domain/Path Name / Value
best-picture.pp.ru/ Name: laravel_session
Value: t03npp23t9epcj22305p94o0a2
best-picture.pp.ru/ Name: EU7-UdyubpWSCxA3NirB2D5Vu11m_XCEwyDjzN4VYKA
Value: EmN6qeoUJjGu2G5RReasfIayVcjGMadjSGuNFb-nCUE
best-picture.pp.ru/ Name: f59ee81fa0871e124860c573fab768da
Value: 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

best-picture.pp.ru
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
unpkg.com
195.54.174.17
2606:4700::6810:7eaf
2606:4700::6811:190e
2a00:1450:4001:82b::200a
2a00:1450:4001:831::2003
45.15.156.25
01b035efb5dfa529c512f82962ed633328222da6f33c224244806d4798c67349
0645a9af0d50fd57c91fbed388d18001fa0b0e86b2cd1d1e79a38c9db04e66fa
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
36233c81afe8b202b22167c68fced27aa49678c6a8749f353debc951370e77a7
3728fbdd191d75bad5b83a838dfe2fc15f84c2aaa36ffa573321275847db31a9
495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9
584c3d655eb1c3db86d25d66a891bf25afe19678d7c52b645e143f7b61e2427b
6db5eddd6353588db0969dd2ac86e0c95f0679b8fccceb081775d92b06c07251
8b80e4ea7a89afb0e0963675035b3d4d7ac5f3962056a8c67eb2d8c87e36abb5
921df72e037f5d1e0c4ffea15004d205ea7e957814834875b2cc3aef485df93b
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
bc9f62d4a8fd295c0063f0d739c80c358e265afdf4a331ae72c5349dfec1188f
c9a438a1d3a109908882ad66e9cb5c42d446741f36177159a8f8a7a6b6b37d6b
cc140ef1e7c5d527ebb4e2e73107909cd646fd0bbdb10ebad305166c8c1b5204
cc4c17ddf7a607e1f2f26c4406b0d1c3f30d71a67503c10d20b673d06e17c024
d329a3f2b6d6bff6094ab0fa3af2a363d85b23c6f26205e7f01439b3bfeea252
e7f6c011776e8db7cd330b54174fd76f7d0216b612387a5ffcfb81e6f0919683
ecbb52f5f45afa902db0d75ba3f6ef7e542758534fd3f312f3354dadc15d7077
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615