best-picture.pp.ru
Open in
urlscan Pro
195.54.174.17
Malicious Activity!
Public Scan
Submission: On January 19 via manual from IL — Scanned from NL
Summary
This is the only time best-picture.pp.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telegram (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 195.54.174.17 195.54.174.17 | 58061 (SCALAXY-AS) (SCALAXY-AS) | |
1 2 | 2606:4700::68... 2606:4700::6810:7eaf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
9 | 45.15.156.25 45.15.156.25 | 211409 (GALAXY-AS) (GALAXY-AS) | |
1 | 2a00:1450:400... 2a00:1450:4001:82b::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 2a00:1450:400... 2a00:1450:4001:831::2003 | 15169 (GOOGLE) (GOOGLE) | |
18 | 7 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
gstatic.com
fonts.gstatic.com |
51 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 199 |
166 KB |
2 |
unpkg.com
1 redirects
unpkg.com — Cisco Umbrella Rank: 767 |
3 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35 |
2 KB |
1 |
pp.ru
best-picture.pp.ru |
1 KB |
18 | 5 |
Domain | Requested by | |
---|---|---|
4 | fonts.gstatic.com |
fonts.googleapis.com
|
2 | cdnjs.cloudflare.com |
45.15.156.25
cdnjs.cloudflare.com |
2 | unpkg.com |
1 redirects
best-picture.pp.ru
|
1 | fonts.googleapis.com |
45.15.156.25
|
1 | best-picture.pp.ru | |
18 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
upload.video.google.com GTS CA 1C3 |
2023-01-02 - 2023-03-27 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-03 - 2023-08-02 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-01-02 - 2023-03-27 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
http://best-picture.pp.ru/
Frame ID: 6D3E60480023117018B7C37D979B30C2
Requests: 2 HTTP requests in this frame
Frame:
http://45.15.156.25:3005/
Frame ID: DAECAA7EBC29C189A2943E23382E5A7F
Requests: 17 HTTP requests in this frame
Screenshot
Page Title
TelegramDetected technologies
Laravel (Web Frameworks) ExpandDetected patterns
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://unpkg.com/@vkontakte/vk-bridge/dist/browser.min.js HTTP 302
- https://unpkg.com/@vkontakte/vk-bridge@2.7.2/dist/browser.min.js
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
best-picture.pp.ru/ |
859 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
browser.min.js
unpkg.com/@vkontakte/vk-bridge@2.7.2/dist/ Redirect Chain
|
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
45.15.156.25/ Frame DAEC |
1 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ Frame DAEC |
26 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/ Frame DAEC |
99 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.d3af97f4.js
45.15.156.25/static/js/ Frame DAEC |
224 KB 224 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.75e575e9.css
45.15.156.25/static/css/ Frame DAEC |
7 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
45.15.156.25/socket.io/ Frame DAEC |
118 B 315 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
monkey.f1b7095a64507f3ce88c.png
45.15.156.25/static/media/ Frame DAEC |
37 KB 38 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame DAEC |
790 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
monkey_2.9a0229fd27242547eedd.png
45.15.156.25/static/media/ Frame DAEC |
49 KB 50 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame DAEC |
16 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu5mxKOzY.woff2
fonts.gstatic.com/s/roboto/v30/ Frame DAEC |
9 KB 10 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame DAEC |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/webfonts/ Frame DAEC |
147 KB 147 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ Frame DAEC |
10 KB 10 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
/
45.15.156.25/socket.io/ Frame DAEC |
2 B 181 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
45.15.156.25/socket.io/ Frame DAEC |
32 B 228 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
45.15.156.25/socket.io/ Frame DAEC |
1 B 196 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telegram (Instant Messenger)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| oncontentvisibilityautostatechange object| vkConnect object| vkBridge3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
best-picture.pp.ru/ | Name: laravel_session Value: t03npp23t9epcj22305p94o0a2 |
|
best-picture.pp.ru/ | Name: EU7-UdyubpWSCxA3NirB2D5Vu11m_XCEwyDjzN4VYKA Value: EmN6qeoUJjGu2G5RReasfIayVcjGMadjSGuNFb-nCUE |
|
best-picture.pp.ru/ | Name: f59ee81fa0871e124860c573fab768da Value: 0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
best-picture.pp.ru
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
unpkg.com
195.54.174.17
2606:4700::6810:7eaf
2606:4700::6811:190e
2a00:1450:4001:82b::200a
2a00:1450:4001:831::2003
45.15.156.25
01b035efb5dfa529c512f82962ed633328222da6f33c224244806d4798c67349
0645a9af0d50fd57c91fbed388d18001fa0b0e86b2cd1d1e79a38c9db04e66fa
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
36233c81afe8b202b22167c68fced27aa49678c6a8749f353debc951370e77a7
3728fbdd191d75bad5b83a838dfe2fc15f84c2aaa36ffa573321275847db31a9
495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9
584c3d655eb1c3db86d25d66a891bf25afe19678d7c52b645e143f7b61e2427b
6db5eddd6353588db0969dd2ac86e0c95f0679b8fccceb081775d92b06c07251
8b80e4ea7a89afb0e0963675035b3d4d7ac5f3962056a8c67eb2d8c87e36abb5
921df72e037f5d1e0c4ffea15004d205ea7e957814834875b2cc3aef485df93b
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
bc9f62d4a8fd295c0063f0d739c80c358e265afdf4a331ae72c5349dfec1188f
c9a438a1d3a109908882ad66e9cb5c42d446741f36177159a8f8a7a6b6b37d6b
cc140ef1e7c5d527ebb4e2e73107909cd646fd0bbdb10ebad305166c8c1b5204
cc4c17ddf7a607e1f2f26c4406b0d1c3f30d71a67503c10d20b673d06e17c024
d329a3f2b6d6bff6094ab0fa3af2a363d85b23c6f26205e7f01439b3bfeea252
e7f6c011776e8db7cd330b54174fd76f7d0216b612387a5ffcfb81e6f0919683
ecbb52f5f45afa902db0d75ba3f6ef7e542758534fd3f312f3354dadc15d7077
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615