urlscan.io logo urlscan.io
SecurityTrails logo

rust.voz.city Open in urlscan Pro
2606:4700:3031::ac43:c246  Public Scan

Go To Rescan Add Verdict Report
URL: https://rust.voz.city/
Submission Tags: phishingrod
Submission: On February 06 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 8 HTTP transactions. The main IP is 2606:4700:3031::ac43:c246, located in United States and belongs to CLOUDFLARENET, US. The main domain is rust.voz.city.
TLS certificate: Issued by GTS CA 1P5 on December 26th 2023. Valid for: 3 months.
This is the only time rust.voz.city was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2606:4700:303... 13335 (CLOUDFLAR...)
6 2001:67c:4e8:... 62041 (TELEGRAM)
8 3
Apex Domain
Subdomains		 Transfer
6 telegram.org
telegram.org — Cisco Umbrella Rank: 10912
oauth.telegram.org — Cisco Umbrella Rank: 254313
65 KB
2 voz.city
rust.voz.city
346 KB
8 2
Domain Requested by
5 telegram.org rust.voz.city
oauth.telegram.org
telegram.org
2 rust.voz.city rust.voz.city
1 oauth.telegram.org telegram.org
8 3

This site contains no links.

Subject Issuer Validity Valid
voz.city
GTS CA 1P5		 2023-12-26 -
2024-03-25		 3 months crt.sh
*.telegram.org
Go Daddy Secure Certificate Authority - G2		 2023-08-11 -
2024-09-11		 a year crt.sh

This page contains 2 frames:

Primary Page: https://rust.voz.city/
Frame ID: CDCB09CAD9666B217B205896EB606926
Requests: 3 HTTP requests in this frame

Frame: https://oauth.telegram.org/embed/rust_items_bot?origin=https%3A%2F%2Frust.voz.city&return_to=https%3A%2F%2Frust.voz.city%2F&size=large&request_access=write
Frame ID: E15AD74B8EDA23E00898131863F5B1D5
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

RusT

Page Statistics

8
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

411 kB
Transfer

558 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
rust.voz.city/ 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rust.voz.city/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:c246 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.33
Resource Hash
30beb4d741bea8c160dda347e9cfd0148036a111b49a3534de2c019a088bdae6

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
851621b418efb8ea-AMS
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Tue, 06 Feb 2024 20:27:03 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=axeSUpeYvhHy3O8QXSyt%2BB7WHi7Z91CkbDFAoDT3n9kSdRIQNMKNxEiNYbeyehM1pa6g%2B9Ptdl3z9wPMSZct0qOKdPYwV6YDJ0v%2FLWP4UIhYEq%2BA0vtOgHFJvZw5R%2FzN38JOl3CFOFNe2Jpn"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
PHP/7.4.33
telegram-widget.js
telegram.org/js/ 		20 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://telegram.org/js/telegram-widget.js?22
Requested by
Host: rust.voz.city
URL: https://rust.voz.city/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:67c:4e8:f004::9 Amsterdam, Netherlands, ASN62041 (TELEGRAM, VG),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
0f6cdd09b3bbebf50c4e1679aff6f021f5e183a4ba2dea3a0801394599ff6afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rust.voz.city/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 20:27:03 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
last-modified
Mon, 03 Apr 2023 11:46:12 GMT
server
nginx/1.18.0
etag
W/"642abc84-4ff5"
content-type
application/javascript
cache-control
max-age=345600
expires
Sat, 10 Feb 2024 20:27:03 GMT
background.jpg
rust.voz.city/image/ 		344 KB
345 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rust.voz.city/image/background.jpg
Requested by
Host: rust.voz.city
URL: https://rust.voz.city/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:c246 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
541a22abed49f2a59eadbc5127a5c1181f53b022f781f373a3cd121a007b9aec

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rust.voz.city/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 20:27:04 GMT
cf-cache-status
MISS
last-modified
Fri, 08 Dec 2023 22:54:12 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"65739e94-56111"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bIlJnqV%2FTSE9QE50yVV5dFeTNr%2FD3esRVMxeTidBO31GvGsphixp7bUt4r8Y%2BYiHtRZwzjeCndt9COKqQajGryzAjGqOfhiMi5SSZlG5i%2BZ4Qt47eUAVCa9Jnlvj9NkUawiICHsYhtQkVWLM"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=120
accept-ranges
bytes
cf-ray
851621b4ca23b8ea-AMS
alt-svc
h3=":443"; ma=86400
content-length
352529
rust_items_bot
oauth.telegram.org/embed/ Frame E15A 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://oauth.telegram.org/embed/rust_items_bot?origin=https%3A%2F%2Frust.voz.city&return_to=https%3A%2F%2Frust.voz.city%2F&size=large&request_access=write
Requested by
Host: telegram.org
URL: https://telegram.org/js/telegram-widget.js?22
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:67c:4e8:f004::9 Amsterdam, Netherlands, ASN62041 (TELEGRAM, VG),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
d2893d2d8e37ff9ddb63d160a1257009946de96b1d296154de5f87b37e063e77
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://rust.voz.city
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options ALLOW-FROM https://rust.voz.city

Request headers

Referer
https://rust.voz.city/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store
content-encoding
gzip
content-length
710
content-security-policy
frame-ancestors https://rust.voz.city
content-type
text/html; charset=utf-8
date
Tue, 06 Feb 2024 20:27:03 GMT
pragma
no-cache
server
nginx/1.18.0
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-frame-options
ALLOW-FROM https://rust.voz.city
font-roboto.css
telegram.org/css/ Frame E15A 		6 KB
893 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://telegram.org/css/font-roboto.css?1
Requested by
Host: oauth.telegram.org
URL: https://oauth.telegram.org/embed/rust_items_bot?origin=https%3A%2F%2Frust.voz.city&return_to=https%3A%2F%2Frust.voz.city%2F&size=large&request_access=write
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:67c:4e8:f004::9 Amsterdam, Netherlands, ASN62041 (TELEGRAM, VG),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
84b97b3fa8847b64c6d3833561e4b3146530577171e85ad226578a087db70974
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://oauth.telegram.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 20:27:03 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
last-modified
Thu, 20 Oct 2022 11:05:33 GMT
server
nginx/1.18.0
etag
W/"63512b7d-1816"
content-type
text/css
cache-control
max-age=345600
expires
Sat, 10 Feb 2024 20:27:03 GMT
widget-frame.css
telegram.org/css/ Frame E15A 		81 KB
21 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://telegram.org/css/widget-frame.css?66
Requested by
Host: oauth.telegram.org
URL: https://oauth.telegram.org/embed/rust_items_bot?origin=https%3A%2F%2Frust.voz.city&return_to=https%3A%2F%2Frust.voz.city%2F&size=large&request_access=write
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:67c:4e8:f004::9 Amsterdam, Netherlands, ASN62041 (TELEGRAM, VG),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
d61214fdf1c1eee41b83cb56d52b82db20a47bfeab5248bb6fda7a4f0744eedf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://oauth.telegram.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 20:27:03 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
last-modified
Sat, 01 Apr 2023 17:42:21 GMT
server
nginx/1.18.0
etag
W/"64286cfd-1456a"
content-type
text/css
cache-control
max-age=345600
expires
Sat, 10 Feb 2024 20:27:03 GMT
widget-frame.js
telegram.org/js/ Frame E15A 		92 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://telegram.org/js/widget-frame.js?62
Requested by
Host: oauth.telegram.org
URL: https://oauth.telegram.org/embed/rust_items_bot?origin=https%3A%2F%2Frust.voz.city&return_to=https%3A%2F%2Frust.voz.city%2F&size=large&request_access=write
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:67c:4e8:f004::9 Amsterdam, Netherlands, ASN62041 (TELEGRAM, VG),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
9db6a684c4b8c87ced6ca91ed34a348464a41df4d3f74c007cae6d87e68a1e88
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://oauth.telegram.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 20:27:03 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
last-modified
Thu, 20 Apr 2023 18:46:51 GMT
server
nginx/1.18.0
etag
W/"6441889b-16f16"
content-type
application/javascript
cache-control
max-age=345600
expires
Sat, 10 Feb 2024 20:27:03 GMT
truncated
/ Frame E15A 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5df09ceb29f5fa499b25f7039c336281ebeafc1f76672adfd856f6c512ed1e76

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type
image/svg+xml
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
telegram.org/fonts/Roboto/ Frame E15A 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: telegram.org
URL: https://telegram.org/css/font-roboto.css?1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:67c:4e8:f004::9 Amsterdam, Netherlands, ASN62041 (TELEGRAM, VG),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f

Request headers

Referer
https://telegram.org/css/font-roboto.css?1
Origin
https://oauth.telegram.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 20:27:04 GMT
last-modified
Thu, 20 Oct 2022 11:05:33 GMT
server
nginx/1.18.0
etag
"63512b7d-2b14"
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=345600
accept-ranges
bytes
content-length
11028
expires
Sat, 10 Feb 2024 20:27:04 GMT

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| __parseFunction object| Telegram

1 Cookies

Domain/Path Name / Value
oauth.telegram.org/ Name: stel_ssid
Value: 00c1098cc9c17d02aa_15956605548367575190

1 Console Messages

Source Level URL
Text
other warning URL: https://rust.voz.city/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.