raturovichs2.ru Open in urlscan Pro
2606:4700:3036::ac43:ba64  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request / Show response raturovichs2.ru/takerobuxfree/	28 KB 8 KB	861ms 673ms	Document text/html	2606:4700:3036::ac43:ba64 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://raturovichs2.ru/takerobuxfree/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:ba64 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6bee6d0ed2081a6ec15ed98a340e785b4d13d678b263924d64b0983dc2bd6dc6 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 875f15607cf84db9-FRA content-encoding br content-type text/html; charset=UTF-8 date Wed, 17 Apr 2024 20:14:49 GMT expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qRfbrPeZPKQziSiw8uxOzB43IcHUgwCn01CHyVleYQ3H8VjQJXi2XuHB%2BA%2FNA4Cd%2FWWJbW84zVTpNTPPbB%2Bj005ecY4EuT28QTSc%2ByWNVWDGUw1XSQ5%2F1XpSPbWlNognEZm5Py5AB%2FWQZRBNHkI%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H2	200	c4J8Jri.png i.imgur.com/	54 KB 54 KB	179ms 39ms	Image image/png	146.75.116.193 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://i.imgur.com/c4J8Jri.png?EQh0aWTcMOiy6Bb Requested by Host: raturovichs2.ru URL: https://raturovichs2.ru/takerobuxfree/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software cat factory 1.0 / Resource Hash e6182367118de1022937bccb18c51c7b0e5594bcbb65dcc89a5cd6f69c742033 Security Headers Name Value Strict-Transport-Security max-age=300 X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://raturovichs2.ru/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 17 Apr 2024 20:14:49 GMT strict-transport-security max-age=300 x-content-type-options nosniff x-amz-cf-pop IAD89-P1 age 1660096 x-amz-server-side-encryption AES256 x-cache Miss from cloudfront, MISS, HIT content-length 55239 x-served-by cache-iad-kiad7000089-IAD, cache-fra-eddf8230117-FRA last-modified Fri, 16 Feb 2024 12:32:29 GMT server cat factory 1.0 x-timer S1713384889.221548,VS0,VE5 etag "ee15326697ceab683dde83c8d859d545" access-control-allow-methods GET, OPTIONS content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id -bL0wc7CT4inrf-gRMyITv7tHpk2tOcCaTCnKvjwWqeqffZzzCVHLw== x-cache-hits 0, 0
GET H3	200	c840961d9ed64faa904abe800c24a94d.min.js Show response raturovichs2.ru/smeans/files/	10 KB 4 KB	102ms 102ms	Script application/javascript	2606:4700:3036::ac43:ba64 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://raturovichs2.ru/smeans/files/c840961d9ed64faa904abe800c24a94d.min.js?1d3itLBS5mI2T0W Requested by Host: raturovichs2.ru URL: https://raturovichs2.ru/takerobuxfree/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:ba64 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 94796893ab48d97d3a9d5a64282908deb66e4658dbd65a6b37890d39947ae31a Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://raturovichs2.ru/takerobuxfree/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 17 Apr 2024 20:14:49 GMT content-encoding br cf-cache-status MISS last-modified Tue, 22 Aug 2023 22:17:36 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64e53400-28b6" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wptD6ndIjOfqz4eKymzIlG97MlM%2BH8K3nDT3VePDULjUgMLeawFklKvAwr%2B22XtnLZkb7f1WygmH8ApcgODOnhomn8JfWja7qPABOp%2BiTvTUzitweKGgXE2iv%2FacWARGD6q4zPjKm9O8%2FA%2BVecM%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=86400 cf-ray 875f1564cb194db9-FRA alt-svc h3=":443"; ma=86400 expires Thu, 18 Apr 2024 20:14:49 GMT
GET H3	200	pattern.svg raturovichs2.ru/smeans/files/	226 KB 69 KB	187ms 187ms	Image image/svg+xml	2606:4700:3036::ac43:ba64 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://raturovichs2.ru/smeans/files/pattern.svg?gvmatdpj_ Requested by Host: raturovichs2.ru URL: https://raturovichs2.ru/takerobuxfree/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:ba64 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 118add53487c02aaf5b5ab9f69380fa06717deb10492e14aaa487e3c62806ad4 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://raturovichs2.ru/takerobuxfree/ Origin https://raturovichs2.ru Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 17 Apr 2024 20:14:49 GMT content-encoding br cf-cache-status MISS last-modified Sun, 19 Mar 2023 20:31:20 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64177118-3891a" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iARmpBz1OssBMzvp8MNVTeiA9T4he8%2F6voTUmEPaSFAC7nXV8t2SegRDbCY2NR%2FKMzEQNfIVMIsspsfGiPH4YRpLSPbJAf6yy1WN27jkNCAQ6AAFmaOeIxFdadPj8ZuBC6iLbjDOHVOuneHp4dQ%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=86400 cf-ray 875f1564db304db9-FRA alt-svc h3=":443"; ma=86400 expires Thu, 18 Apr 2024 20:14:49 GMT
GET DATA	200 OK	truncated /	978 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 77c7245862717d06e6aed1bb0804aa07959e081c9e50a6ee51fcceeda6a66fb0 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	favicon.ico telegram.org/img/	15 KB 15 KB	521ms 69ms	Other image/x-icon	2001:67c:4e8:f004::9 TELEGRAM
General Check archive.org Show headers Download Go to Full URL https://telegram.org/img/favicon.ico?ldGPCScnb8xEiAf Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2001:67c:4e8:f004::9 Amsterdam, Netherlands, ASN62041 (TELEGRAM, VG), Reverse DNS Software nginx/1.18.0 / Resource Hash 4ff54bc38c267dc3a8c95f6ed4590336baaec70433ef15d027ddca608c391e78 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://raturovichs2.ru/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 17 Apr 2024 20:14:49 GMT strict-transport-security max-age=31536000; includeSubDomains; preload last-modified Thu, 21 Apr 2022 13:47:47 GMT server nginx/1.18.0 etag "62616083-3aee" content-type image/x-icon cache-control max-age=604800 accept-ranges bytes content-length 15086 expires Wed, 24 Apr 2024 20:14:49 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telegram (Instant Messenger)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| _0x39ed function| _0x2e96 object| TWallpaper function| _0x28efda function| _0x327b object| tme_bg function| _0x485e function| toggleTheme object| darkMedia

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			raturovichs2.ru/	1969-12-31 23:59:59	Name: PHPSESSID Value: hsukjjc61lme9u7mdkevntu13s

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

i.imgur.com
raturovichs2.ru
telegram.org
146.75.116.193
2001:67c:4e8:f004::9
2606:4700:3036::ac43:ba64
118add53487c02aaf5b5ab9f69380fa06717deb10492e14aaa487e3c62806ad4
4ff54bc38c267dc3a8c95f6ed4590336baaec70433ef15d027ddca608c391e78
6bee6d0ed2081a6ec15ed98a340e785b4d13d678b263924d64b0983dc2bd6dc6
77c7245862717d06e6aed1bb0804aa07959e081c9e50a6ee51fcceeda6a66fb0
94796893ab48d97d3a9d5a64282908deb66e4658dbd65a6b37890d39947ae31a
e6182367118de1022937bccb18c51c7b0e5594bcbb65dcc89a5cd6f69c742033