rt-pormhub.ru Open in urlscan Pro
2a06:98c1:3120::3  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. http://tlg-me.ru/QAsicZeoRYIyNWRI Page URL
2. https://rt-pormhub.ru/548104604d0a16ea666a9290326b13ab Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	QAsicZeoRYIyNWRI Show response tlg-me.ru/	22 KB 9 KB	513ms 162ms	Document text/html	2606:4700:3033::6815:186f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://tlg-me.ru/QAsicZeoRYIyNWRI Protocol HTTP/1.1 Server 2606:4700:3033::6815:186f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash fb97c4b3f4c6ae4002149636ca76c95042fe7bcaebfe79fcaee41185817f8e41 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers CF-Cache-Status DYNAMIC CF-RAY 857aad89b8a45b63-VIE Cache-Control no-store, no-cache, must-revalidate Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Mon, 19 Feb 2024 01:18:47 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Pragma no-cache Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6WGZBBcLfTpmEJFEVa6eUehh0pDRAKafr0l7hU3f71wV6IufWNCWUDrXqZ8R93VFZjaJrrCmWCL1EHL%2FC4aDUwGeaawJwv%2B4yqJJef1DegiOWT3luapWHkspW97GvwU%2FLUYLDtNFJFU%3D"}],"group":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked alt-svc h3=":443"; ma=86400
GET H2	200	Primary Request 548104604d0a16ea666a9290326b13ab Show response rt-pormhub.ru/	22 KB 7 KB	637ms 290ms	Document text/html	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rt-pormhub.ru/548104604d0a16ea666a9290326b13ab Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8e7e6944697879ab33a28b9e5510f49f0327feaa396ada6bd0e5510a37219aaa Request headers Referer http://tlg-me.ru/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 857aad8d1aebb8a0-AMS content-encoding br content-type text/html; charset=UTF-8 date Mon, 19 Feb 2024 01:18:48 GMT expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EGZ31unHZKflKULGOXr%2Bkb26oRrZRdHuq%2BQtl45RNeJcymrf9Heq9s%2Bb97K%2BvQrQos5J5Y1vIiGaUSwlta2aTCgzUSpfrRaN55%2FYcKrtNJ2WD2mLGtpjqF82YVmPU2S1S1HP6vXQqsKxmADV"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H2	200	wH2UhPc.png i.ibb.co/pj3nGJY/	618 KB 619 KB	57ms 17ms	Image image/png	162.19.58.161 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://i.ibb.co/pj3nGJY/wH2UhPc.png?Y5E8haKJF3ZvTNX Requested by Host: rt-pormhub.ru URL: https://rt-pormhub.ru/548104604d0a16ea666a9290326b13ab Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.19.58.161 , France, ASN16276 (OVH, FR), Reverse DNS ns3096669.ip-162-19-58.eu Software nginx / Resource Hash 3348ba0f4c54edde13b4a77398375241a1a430e1013d33c24a6da0be8e02e1d1 Request headers accept-language de-DE,de;q=0.9 Referer https://rt-pormhub.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Mon, 19 Feb 2024 01:18:48 GMT last-modified Sat, 03 Feb 2024 02:35:20 GMT server nginx access-control-allow-methods GET, OPTIONS content-type image/png access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 632723 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	c840961d9ed64faa904abe800c24a94d.min.js Show response rt-pormhub.ru/smeans/files/	10 KB 4 KB	86ms 86ms	Script application/javascript	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rt-pormhub.ru/smeans/files/c840961d9ed64faa904abe800c24a94d.min.js?dkYi1V0t75lsvaW Requested by Host: rt-pormhub.ru URL: https://rt-pormhub.ru/548104604d0a16ea666a9290326b13ab Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 94796893ab48d97d3a9d5a64282908deb66e4658dbd65a6b37890d39947ae31a Request headers accept-language de-DE,de;q=0.9 Referer https://rt-pormhub.ru/548104604d0a16ea666a9290326b13ab User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Mon, 19 Feb 2024 01:18:48 GMT content-encoding br cf-cache-status MISS last-modified Tue, 22 Aug 2023 22:17:37 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64e53401-28b6" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wuEyR3iOAaqbJqHALC1zGcdpkTk2gi834HUfVqiRMQfprLYhMw1OuqNN5h%2BGmr0JiD6jea8KmPIq2N%2B%2B9YvHSxUpBSFcY7tf%2BjfkvHx4tOxkIQD2iUugu9oQqObqZuAnXstuWJwWKaW8odbP"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=86400 cf-ray 857aad8eec36b8a0-AMS alt-svc h3=":443"; ma=86400 expires Tue, 20 Feb 2024 01:18:48 GMT
GET H2	200	pattern.svg rt-pormhub.ru/smeans/files/	226 KB 69 KB	159ms 158ms	Image image/svg+xml	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://rt-pormhub.ru/smeans/files/pattern.svg?rbkdstgq_ Requested by Host: rt-pormhub.ru URL: https://rt-pormhub.ru/548104604d0a16ea666a9290326b13ab Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 118add53487c02aaf5b5ab9f69380fa06717deb10492e14aaa487e3c62806ad4 Request headers Referer https://rt-pormhub.ru/548104604d0a16ea666a9290326b13ab Origin https://rt-pormhub.ru accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Mon, 19 Feb 2024 01:18:48 GMT content-encoding br cf-cache-status MISS last-modified Sun, 19 Mar 2023 20:31:20 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64177118-3891a" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3Hnt5Pa75Ve6471vWgKySiqNLKCyCiRGrKaIF%2FTc6BTwYuzQevdvqjCqehC2aEkgpunyCoUTF3rKiOQ3e981mFvZR89x54cCsELQarfm6s8OdK9VGPlKjDIKJetqQZHjJMC0FD%2BODJIyKKYj"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=86400 cf-ray 857aad8f0c47b8a0-AMS alt-svc h3=":443"; ma=86400 expires Tue, 20 Feb 2024 01:18:48 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telegram (Instant Messenger)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| _0x39ed function| _0x2e96 object| TWallpaper function| _0x28efda function| _0x327b object| tme_bg function| _0x485e function| toggleTheme object| darkMedia

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			tlg-me.ru/	1969-12-31 23:59:59	Name: Redirect Value: gis972ighqkpi5pl6leb738g0f
			tlg-me.ru/	1969-12-31 23:59:59	Name: QazldssimU7EAg5B_Y--Qu30ApRNoarLd2Wfnxolz8c Value: 3hZ-UtoRXCYUdFl8R7IiizeuNO9C1iAp8kOh-wMs2NI
			tlg-me.ru/	1970-01-20 18:31:49	Name: 921b34a2e80da49f9ddaf3b467feb92d Value: 0
			rt-pormhub.ru/	1969-12-31 23:59:59	Name: PHPSESSID Value: sfvmtteht7t6fa6bjklbag3i89

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

i.ibb.co
rt-pormhub.ru
tlg-me.ru
162.19.58.161
2606:4700:3033::6815:186f
2a06:98c1:3120::3
118add53487c02aaf5b5ab9f69380fa06717deb10492e14aaa487e3c62806ad4
3348ba0f4c54edde13b4a77398375241a1a430e1013d33c24a6da0be8e02e1d1
8e7e6944697879ab33a28b9e5510f49f0327feaa396ada6bd0e5510a37219aaa
94796893ab48d97d3a9d5a64282908deb66e4658dbd65a6b37890d39947ae31a
fb97c4b3f4c6ae4002149636ca76c95042fe7bcaebfe79fcaee41185817f8e41