raturovichs2.ru
Open in
urlscan Pro
2606:4700:3036::ac43:ba64
Malicious Activity!
Public Scan
Submission: On April 17 via api from US — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on April 10th 2024. Valid for: 3 months.
This is the only time raturovichs2.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telegram (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 2606:4700:303... 2606:4700:3036::ac43:ba64 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 146.75.116.193 146.75.116.193 | 54113 (FASTLY) (FASTLY) | |
1 | 2001:67c:4e8:... 2001:67c:4e8:f004::9 | 62041 (TELEGRAM) (TELEGRAM) | |
5 | 4 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
raturovichs2.ru
raturovichs2.ru |
80 KB |
1 |
telegram.org
telegram.org — Cisco Umbrella Rank: 11172 |
15 KB |
1 |
imgur.com
i.imgur.com — Cisco Umbrella Rank: 7834 |
54 KB |
5 | 3 |
Domain | Requested by | |
---|---|---|
3 | raturovichs2.ru |
raturovichs2.ru
|
1 | telegram.org | |
1 | i.imgur.com |
raturovichs2.ru
|
5 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
raturovichs2.ru GTS CA 1P5 |
2024-04-10 - 2024-07-09 |
3 months | crt.sh |
*.imgur.com Sectigo RSA Domain Validation Secure Server CA |
2024-02-15 - 2025-02-14 |
a year | crt.sh |
*.telegram.org Go Daddy Secure Certificate Authority - G2 |
2023-08-11 - 2024-09-11 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://raturovichs2.ru/takerobuxfree/
Frame ID: 135FE59C3257A80EC5902DA0EF740557
Requests: 6 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
5 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
/
raturovichs2.ru/takerobuxfree/ |
28 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
c4J8Jri.png
i.imgur.com/ |
54 KB 54 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
c840961d9ed64faa904abe800c24a94d.min.js
raturovichs2.ru/smeans/files/ |
10 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pattern.svg
raturovichs2.ru/smeans/files/ |
226 KB 69 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
978 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
telegram.org/img/ |
15 KB 15 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telegram (Instant Messenger)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| _0x39ed function| _0x2e96 object| TWallpaper function| _0x28efda function| _0x327b object| tme_bg function| _0x485e function| toggleTheme object| darkMedia1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
raturovichs2.ru/ | Name: PHPSESSID Value: hsukjjc61lme9u7mdkevntu13s |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
i.imgur.com
raturovichs2.ru
telegram.org
146.75.116.193
2001:67c:4e8:f004::9
2606:4700:3036::ac43:ba64
118add53487c02aaf5b5ab9f69380fa06717deb10492e14aaa487e3c62806ad4
4ff54bc38c267dc3a8c95f6ed4590336baaec70433ef15d027ddca608c391e78
6bee6d0ed2081a6ec15ed98a340e785b4d13d678b263924d64b0983dc2bd6dc6
77c7245862717d06e6aed1bb0804aa07959e081c9e50a6ee51fcceeda6a66fb0
94796893ab48d97d3a9d5a64282908deb66e4658dbd65a6b37890d39947ae31a
e6182367118de1022937bccb18c51c7b0e5594bcbb65dcc89a5cd6f69c742033