www.quizargame.ru Open in urlscan Pro
172.67.223.247 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.quizargame.ru/upload/001/index.html/1.html
Submission: On August 01 via api (August 1st 2024, 6:10:20 am UTC) from US — Scanned from DE

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 4 domains to perform 17 HTTP transactions. The main IP is 172.67.223.247, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.quizargame.ru.
TLS certificate: Issued by WE1 on June 17th 2024. Valid for: 3 months.

This is the only time www.quizargame.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WeTransfer (Online)

Domain & IP information

	IP Address	AS Autonomous System
11	172.67.223.247 172.67.223.247	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 4	2606:4700:10:... 2606:4700:10::ac43:8ee	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	34.198.68.168 34.198.68.168	14618 (AMAZON-AES) (AMAZON-AES)
17	3

11 172.67.223.247 (United States)

ASN13335 (CLOUDFLARENET, US)

www.quizargame.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:10::ac43:8ee (United States) 4 redirects

ASN13335 (CLOUDFLARENET, US)

cutt.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.198.68.168 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-198-68-168.compute-1.amazonaws.com

grizzly-elfin-hotel.glitch.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	quizargame.ru www.quizargame.ru	81 KB
4	glitch.me grizzly-elfin-hotel.glitch.me	469 KB
4	cutt.ly 4 redirects cutt.ly — Cisco Umbrella Rank: 35981	751 B
0	Failed function sub() { [native code] }. Failed
17	4

	Domain	Requested by
11	www.quizargame.ru	www.quizargame.ru
4	grizzly-elfin-hotel.glitch.me	www.quizargame.ru
4	cutt.ly	4 redirects
0	invalid Failed	www.quizargame.ru
17	4

This site contains no links.

Subject Issuer	Validity	Valid
quizargame.ru WE1	`2024-06-17` - `2024-09-15`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.quizargame.ru/upload/001/index.html/1.html
Frame ID: 4D981140BA706F2116BC14945FC5E1F0
Requests: 9 HTTP requests in this frame

Frame: https://www.quizargame.ru/upload/001/index.html/1.html
Frame ID: 791A9B76E93248E2C0479EBCDC9D7E4D
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

17
Requests

65 %
HTTPS

33 %
IPv6

4
Domains

4
Subdomains

3
IPs

1
Countries

549 kB
Transfer

2179 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5

https://cutt.ly/CearQTuV HTTP 301
https://grizzly-elfin-hotel.glitch.me/uiglhijll.css

Request Chain 6

https://cutt.ly/OearJLSg HTTP 301
https://grizzly-elfin-hotel.glitch.me/2.js

Request Chain 13

https://cutt.ly/CearQTuV HTTP 301
https://grizzly-elfin-hotel.glitch.me/uiglhijll.css

Request Chain 14

https://cutt.ly/OearJLSg HTTP 301
https://grizzly-elfin-hotel.glitch.me/2.js

17 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request 1.html Show response www.quizargame.ru/upload/001/index.html/	123 KB 8 KB	396ms 241ms	Document text/html	172.67.223.247 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.quizargame.ru/upload/001/index.html/1.html Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.223.247 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.1.30 Resource Hash `24afbdea262595b870d927d21b61cd535a0346a49dfd164f6198daf0a0a1d84d` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8ac3a9fabd9865a9-FRA content-encoding br content-type text/html; charset=UTF-8 date Thu, 01 Aug 2024 06:10:15 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QteDtLS09HuG3%2FBrveuNej618GKQ0xHuw%2F3BvP1iLR8ivioWoYuNFIqJfu58wGj4rppzQGz8V8u0U1GP%2BSXxLlFtaUwsTapvDYgM7FzlPMnQjsPgrV%2BJYxkSS4L43H7H9HnYfA%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-powered-by PHP/7.1.30
GET H3	200	1.js Show response www.quizargame.ru/upload/001/index.html/	123 KB 8 KB	58ms 57ms	Script text/html	172.67.223.247 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.quizargame.ru/upload/001/index.html/1.js Requested by Host: www.quizargame.ru URL: https://www.quizargame.ru/upload/001/index.html/1.html Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.223.247 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.1.30 Resource Hash `24afbdea262595b870d927d21b61cd535a0346a49dfd164f6198daf0a0a1d84d` Request headers Referer https://www.quizargame.ru/upload/001/index.html/1.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 01 Aug 2024 06:10:15 GMT content-encoding br cf-cache-status HIT last-modified Thu, 01 Aug 2024 05:17:24 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 3171 x-powered-by PHP/7.1.30 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ni8CB%2F%2BFK%2FmUPAuZH4%2FAsWzS%2F7U88CQSrGpAFA8feKh89cKzkern7o70u1inMH74Jw6wrhVYX59FqQE2jpJL1zzBdXC1x5tGMjiYjpkRzozoMAOVhSSfUcyFfjso0C5tLfsnVw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control max-age=14400 cf-ray 8ac3a9fc4f4065a9-FRA alt-svc h3=":443"; ma=86400
GET H3	200	analytics.js.download Show response www.quizargame.ru/upload/001/index.html/	123 KB 8 KB	115ms 115ms	Script text/html	172.67.223.247 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.quizargame.ru/upload/001/index.html/analytics.js.download Requested by Host: www.quizargame.ru URL: https://www.quizargame.ru/upload/001/index.html/1.html Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.223.247 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.1.30 Resource Hash `24afbdea262595b870d927d21b61cd535a0346a49dfd164f6198daf0a0a1d84d` Request headers Referer https://www.quizargame.ru/upload/001/index.html/1.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 01 Aug 2024 06:10:15 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.1.30 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D9pXUkS%2FjtBg2NitBXrw8dYl6PB%2F5Z2Zj59fHH9rMy5Vs3Ufz8q%2Bow24%2B1OOX5JLIGnOaEIdpNszWQ9UR%2Ban9g7Ycc13Gda8ptgHRwBqPA4SEr855fwVMa59ZOi0tfc7dUJk5Q%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cf-ray 8ac3a9fc4f4465a9-FRA alt-svc h3=":443"; ma=86400
GET H3	200	bWqOLA69nu2fsMi45LjA.js.download Show response www.quizargame.ru/upload/001/index.html/	123 KB 8 KB	240ms 240ms	Script text/html	172.67.223.247 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.quizargame.ru/upload/001/index.html/bWqOLA69nu2fsMi45LjA.js.download Requested by Host: www.quizargame.ru URL: https://www.quizargame.ru/upload/001/index.html/1.html Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.223.247 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.1.30 Resource Hash `24afbdea262595b870d927d21b61cd535a0346a49dfd164f6198daf0a0a1d84d` Request headers Referer https://www.quizargame.ru/upload/001/index.html/1.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 01 Aug 2024 06:10:15 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.1.30 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7Tbqsn6%2FTOdiag9ykXw%2BaT8GM8eSnffYO74a2plEj8ysJZOs4pL%2BNz83RdL98cNo4JCS67PGzb7mDtzW7OmuFXiXHjUZliVYk0sAYuHN5rkBy0CLRky10QRMeiiJ%2BXpiE99WiQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cf-ray 8ac3a9fc5f5265a9-FRA alt-svc h3=":443"; ma=86400
GET H3	200	gtm.js.download Show response www.quizargame.ru/upload/001/index.html/	123 KB 8 KB	242ms 241ms	Script text/html	172.67.223.247 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.quizargame.ru/upload/001/index.html/gtm.js.download Requested by Host: www.quizargame.ru URL: https://www.quizargame.ru/upload/001/index.html/1.html Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.223.247 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.1.30 Resource Hash `24afbdea262595b870d927d21b61cd535a0346a49dfd164f6198daf0a0a1d84d` Request headers Referer https://www.quizargame.ru/upload/001/index.html/1.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 01 Aug 2024 06:10:15 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.1.30 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mtWT7w1rpBfoLUGR7fnRzfFqeciXv%2FcdjBdieUPODha5sPu4qI5oG6hqQtJFATQpVYdTGH%2FXd9wGmjGkISESkKkTlWBnJr8AKXBBdUJobHjd2LyULEKy6Pztkr%2BZJnzZGaf%2BfA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cf-ray 8ac3a9fc5f5565a9-FRA alt-svc h3=":443"; ma=86400
GET		/ invalid/	0 0

GET H2	200	uiglhijll.css grizzly-elfin-hotel.glitch.me/ Redirect Chain https://cutt.ly/CearQTuV https://grizzly-elfin-hotel.glitch.me/uiglhijll.css	391 KB 392 KB	501ms 224ms	Stylesheet text/css	34.198.68.168 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://grizzly-elfin-hotel.glitch.me/uiglhijll.css Requested by Host: www.quizargame.ru URL: https://www.quizargame.ru/upload/001/index.html/1.html Protocol H2 Server 34.198.68.168 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-198-68-168.compute-1.amazonaws.com Software AmazonS3 / Resource Hash `7650cccb518dc3993c51d7a477c1676cf331e22856d2a5456178e5dc96f0ac39` Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 01 Aug 2024 06:10:15 GMT x-amz-version-id Yhs2ZKDwqNm99zLYwHFcOwHW0dcwq5Qx last-modified Wed, 19 Jun 2024 14:27:36 GMT server AmazonS3 x-amz-request-id G5H69QWHWX9V3TX0 etag "74acefad72f0016dcfb1e747dff5a9a7" x-amz-server-side-encryption AES256 content-type text/css; charset=utf-8 cache-control no-cache accept-ranges bytes content-length 400623 x-amz-id-2 IdWW35Ob7lFMs1Md8SocE6l4GTxoMVsb2yR+rKGau77zB/QcYMMkfvknAzW5iy6VgbeTuW0WBK4= Redirect headers pragma no-cache date Thu, 01 Aug 2024 06:10:15 GMT strict-transport-security max-age=15552000; includeSubDomains; preload referrer-policy same-origin cf-cache-status DYNAMIC x-content-type-options nosniff server cloudflare x-frame-options SAMEORIGIN content-type text/html; charset=UTF-8 location https://grizzly-elfin-hotel.glitch.me/uiglhijll.css cache-control no-cache, no-store, must-revalidate cf-ray 8ac3a9fcdab3921d-FRA alt-svc h3=":443"; ma=86400 x-xss-protection 1; mode=block expires Thu, 19 Nov 1981 08:52:00 GMT
GET H2	200	2.js Show response grizzly-elfin-hotel.glitch.me/ Redirect Chain https://cutt.ly/OearJLSg https://grizzly-elfin-hotel.glitch.me/2.js	76 KB 76 KB	773ms 483ms	Script application/javascript	34.198.68.168 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://grizzly-elfin-hotel.glitch.me/2.js Requested by Host: www.quizargame.ru URL: https://www.quizargame.ru/upload/001/index.html/1.html Protocol H2 Server 34.198.68.168 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-198-68-168.compute-1.amazonaws.com Software AmazonS3 / Resource Hash `7a32a6e4c5e81f0d51cb97466aa442a2342f5ab5c62ff62c3094296fabdda734` Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 01 Aug 2024 06:10:15 GMT x-amz-version-id RwI8O6lq.h9MsYl5DwI47xJJ41WPEGL6 last-modified Wed, 19 Jun 2024 14:27:36 GMT server AmazonS3 x-amz-request-id G5H5CF37YPBENXDN etag "46d5d43b6f75fd3fe4c0d0db009ed5dd" x-amz-server-side-encryption AES256 content-type application/javascript; charset=utf-8 cache-control no-cache accept-ranges bytes content-length 77445 x-amz-id-2 XR431dM+hpx9vN8z/3HWkf/npuafLhTEOYiCoXSC5IS7gpPLY+TncmiaWk8uNjXxzTA9Til4rFs= Redirect headers pragma no-cache date Thu, 01 Aug 2024 06:10:15 GMT strict-transport-security max-age=15552000; includeSubDomains; preload referrer-policy same-origin cf-cache-status DYNAMIC x-content-type-options nosniff server cloudflare x-frame-options SAMEORIGIN content-type text/html; charset=UTF-8 location https://grizzly-elfin-hotel.glitch.me/2.js cache-control no-cache, no-store, must-revalidate cf-ray 8ac3a9fcdab5921d-FRA alt-svc h3=":443"; ma=86400 x-xss-protection 1; mode=block expires Thu, 19 Nov 1981 08:52:00 GMT
GET H3	200	1.html Show response www.quizargame.ru/upload/001/index.html/ Frame 791A	123 KB 8 KB	168ms 168ms	Document text/html	172.67.223.247 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.quizargame.ru/upload/001/index.html/1.html Requested by Host: www.quizargame.ru URL: https://www.quizargame.ru/upload/001/index.html/1.html Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.223.247 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.1.30 Resource Hash `24afbdea262595b870d927d21b61cd535a0346a49dfd164f6198daf0a0a1d84d` Request headers Referer https://www.quizargame.ru/upload/001/index.html/1.html Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8ac3aa04e87865a9-FRA content-encoding br content-type text/html; charset=UTF-8 date Thu, 01 Aug 2024 06:10:16 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0wyAOg8NRDtpzUWaaZ%2BHT130g9SJgOV95N9BenljyPB59o5wYNtBO03xtZNVeY8KvZB5260MODV9ddyLyjpZ%2BZyBYw%2Bv4dredn%2FWL8d1sAmpgSeaoZXyPawiz9cMIkAb%2Fi%2B7yA%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-powered-by PHP/7.1.30
GET H3	200	1.js Show response www.quizargame.ru/upload/001/index.html/ Frame 791A	123 KB 0	0ms 0ms	Script text/html	172.67.223.247 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.quizargame.ru/upload/001/index.html/1.js Requested by Host: www.quizargame.ru URL: https://www.quizargame.ru/upload/001/index.html/1.html Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.223.247 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.1.30 Resource Hash `24afbdea262595b870d927d21b61cd535a0346a49dfd164f6198daf0a0a1d84d` Request headers Referer https://www.quizargame.ru/upload/001/index.html/1.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 01 Aug 2024 06:10:15 GMT content-encoding br cf-cache-status HIT last-modified Thu, 01 Aug 2024 05:17:24 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 3171 x-powered-by PHP/7.1.30 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ni8CB%2F%2BFK%2FmUPAuZH4%2FAsWzS%2F7U88CQSrGpAFA8feKh89cKzkern7o70u1inMH74Jw6wrhVYX59FqQE2jpJL1zzBdXC1x5tGMjiYjpkRzozoMAOVhSSfUcyFfjso0C5tLfsnVw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control max-age=14400 cf-ray 8ac3a9fc4f4065a9-FRA alt-svc h3=":443"; ma=86400
GET H3	200	analytics.js.download Show response www.quizargame.ru/upload/001/index.html/ Frame 791A	123 KB 8 KB	166ms 166ms	Script text/html	172.67.223.247 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.quizargame.ru/upload/001/index.html/analytics.js.download Requested by Host: www.quizargame.ru URL: https://www.quizargame.ru/upload/001/index.html/1.html Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.223.247 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.1.30 Resource Hash `24afbdea262595b870d927d21b61cd535a0346a49dfd164f6198daf0a0a1d84d` Request headers Referer https://www.quizargame.ru/upload/001/index.html/1.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 01 Aug 2024 06:10:16 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.1.30 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sK%2Fb%2FamwBM7mlX9WdVxtwN8Ow70sjZYbXVu36Rtsn%2FiDsUFfcw7Qw5caBVG1q1T%2BrfoB7dbdDcEGNgHanBJxuzQMhpeowXKn0Vo73%2F172G%2Bku2br0mo3GyRvT5pU%2FD8ZIlNuAw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cf-ray 8ac3aa0619af65a9-FRA alt-svc h3=":443"; ma=86400
GET H3	200	bWqOLA69nu2fsMi45LjA.js.download Show response www.quizargame.ru/upload/001/index.html/ Frame 791A	123 KB 8 KB	171ms 171ms	Script text/html	172.67.223.247 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.quizargame.ru/upload/001/index.html/bWqOLA69nu2fsMi45LjA.js.download Requested by Host: www.quizargame.ru URL: https://www.quizargame.ru/upload/001/index.html/1.html Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.223.247 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.1.30 Resource Hash `24afbdea262595b870d927d21b61cd535a0346a49dfd164f6198daf0a0a1d84d` Request headers Referer https://www.quizargame.ru/upload/001/index.html/1.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 01 Aug 2024 06:10:16 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.1.30 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6L0wRpxQpLBm4tvzviBT5HEnXz1vkETGMvQI3Vx6dWIHN6kYeHMsO4rM5xCev785Z9YbDo%2BPUHQnTCkHHh%2BvKiXsf5IJ%2Bf103xgWShuE2kJ11ozZQbaMOp%2BS%2F3QPy%2F01TdTFHA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cf-ray 8ac3aa0619b165a9-FRA alt-svc h3=":443"; ma=86400
GET H3	200	gtm.js.download Show response www.quizargame.ru/upload/001/index.html/ Frame 791A	123 KB 8 KB	117ms 117ms	Script text/html	172.67.223.247 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.quizargame.ru/upload/001/index.html/gtm.js.download Requested by Host: www.quizargame.ru URL: https://www.quizargame.ru/upload/001/index.html/1.html Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.223.247 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.1.30 Resource Hash `24afbdea262595b870d927d21b61cd535a0346a49dfd164f6198daf0a0a1d84d` Request headers Referer https://www.quizargame.ru/upload/001/index.html/1.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 01 Aug 2024 06:10:16 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.1.30 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AVYIbuuNIfwy7OjC3SbT4MShEq5BUqNNVrQGs%2FgzT%2Fld0oh6sYet4SRxGhTcTWqvjFp15FLpB2mNQPLbuxpm3h8cYlwhsF9gCHMPiRa4lPgjjOkUj%2BP3dyCEFWs3MsVumK9zwg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cf-ray 8ac3aa0619b265a9-FRA alt-svc h3=":443"; ma=86400
GET		/ invalid/ Frame 791A	0 0

GET H2	200	uiglhijll.css grizzly-elfin-hotel.glitch.me/ Frame 791A Redirect Chain https://cutt.ly/CearQTuV https://grizzly-elfin-hotel.glitch.me/uiglhijll.css	391 KB 273 B	166ms 164ms	Stylesheet text/css	34.198.68.168 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://grizzly-elfin-hotel.glitch.me/uiglhijll.css Requested by Host: www.quizargame.ru URL: https://www.quizargame.ru/upload/001/index.html/1.html Protocol H2 Server 34.198.68.168 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-198-68-168.compute-1.amazonaws.com Software AmazonS3 / Resource Hash `7650cccb518dc3993c51d7a477c1676cf331e22856d2a5456178e5dc96f0ac39` Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 01 Aug 2024 06:10:16 GMT x-amz-version-id Yhs2ZKDwqNm99zLYwHFcOwHW0dcwq5Qx last-modified Wed, 19 Jun 2024 14:27:36 GMT server AmazonS3 x-amz-request-id YCF22VYE3Z2JK07C etag "74acefad72f0016dcfb1e747dff5a9a7" x-amz-server-side-encryption AES256 content-type text/css; charset=utf-8 cache-control no-cache accept-ranges bytes content-length 400623 x-amz-id-2 fCFMdio94xhHhVfi8ywzlsk8//Vl7JrY3gId68QenjRezXeNBN95rTCgnb+RlDeYIhNomlXTzo0= Redirect headers pragma no-cache date Thu, 01 Aug 2024 06:10:16 GMT strict-transport-security max-age=15552000; includeSubDomains; preload referrer-policy same-origin cf-cache-status DYNAMIC x-content-type-options nosniff server cloudflare x-frame-options SAMEORIGIN content-type text/html; charset=UTF-8 location https://grizzly-elfin-hotel.glitch.me/uiglhijll.css cache-control no-cache, no-store, must-revalidate cf-ray 8ac3aa065892921d-FRA alt-svc h3=":443"; ma=86400 x-xss-protection 1; mode=block expires Thu, 19 Nov 1981 08:52:00 GMT
GET H2	200	2.js Show response grizzly-elfin-hotel.glitch.me/ Frame 791A Redirect Chain https://cutt.ly/OearJLSg https://grizzly-elfin-hotel.glitch.me/2.js	76 KB 275 B	180ms 179ms	Script application/javascript	34.198.68.168 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://grizzly-elfin-hotel.glitch.me/2.js Requested by Host: www.quizargame.ru URL: https://www.quizargame.ru/upload/001/index.html/1.html Protocol H2 Server 34.198.68.168 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-198-68-168.compute-1.amazonaws.com Software AmazonS3 / Resource Hash `7a32a6e4c5e81f0d51cb97466aa442a2342f5ab5c62ff62c3094296fabdda734` Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 01 Aug 2024 06:10:16 GMT x-amz-version-id RwI8O6lq.h9MsYl5DwI47xJJ41WPEGL6 last-modified Wed, 19 Jun 2024 14:27:36 GMT server AmazonS3 x-amz-request-id YCF1S9WTWAMPHBTG etag "46d5d43b6f75fd3fe4c0d0db009ed5dd" x-amz-server-side-encryption AES256 content-type application/javascript; charset=utf-8 cache-control no-cache accept-ranges bytes content-length 77445 x-amz-id-2 GY6Oc/OsBdk3E3+JDYjyzXwrgCjoU7nTkcoxbcqCEB9RUc215NkpfIgiKZT7ewxyIO9hDKEYUPg= Redirect headers pragma no-cache date Thu, 01 Aug 2024 06:10:16 GMT strict-transport-security max-age=15552000; includeSubDomains; preload referrer-policy same-origin cf-cache-status DYNAMIC x-content-type-options nosniff server cloudflare x-frame-options SAMEORIGIN content-type text/html; charset=UTF-8 location https://grizzly-elfin-hotel.glitch.me/2.js cache-control no-cache, no-store, must-revalidate cf-ray 8ac3aa065894921d-FRA alt-svc h3=":443"; ma=86400 x-xss-protection 1; mode=block expires Thu, 19 Nov 1981 08:52:00 GMT
GET H3	200	favicon.ico www.quizargame.ru/	15 KB 7 KB	56ms 55ms	Other image/x-icon	172.67.223.247 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.quizargame.ru/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.223.247 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `861381a33265e42c0c56e9b8d001f174ba61f67f58db518efbe3745ae7089e8f` Request headers Referer https://www.quizargame.ru/upload/001/index.html/1.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 01 Aug 2024 06:10:17 GMT content-encoding br cf-cache-status HIT last-modified Sun, 19 Apr 2020 17:25:56 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 3170 etag W/"3c2e-5a3a8133ab100" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KGz0CgGjEKqGaLoYBAg3LVfb1oFgJg7KaB4KmGlQkuewSKye6g5A5Pql0n3rz8K2%2FTtNh3jts%2BWhK0wG5b6ccrnpSTkAktvJ0LrLRTbyAOZKTU5Ty%2Ff1cXZymsEcUFNB%2BvKgow%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/x-icon cache-control max-age=14400 cf-ray 8ac3aa085c3165a9-FRA alt-svc h3=":443"; ma=86400

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: invalid
URL: chrome-extension://invalid/

Domain: invalid
URL: chrome-extension://invalid/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WeTransfer (Online)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: chrome-extension://invalid/ Message: Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
recommendation	verbose	URL: https://www.quizargame.ru/upload/001/index.html/1.html Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network	error	URL: chrome-extension://invalid/ Message: Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
recommendation	verbose	URL: https://www.quizargame.ru/upload/001/index.html/1.html Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cutt.ly
grizzly-elfin-hotel.glitch.me
invalid
www.quizargame.ru
invalid
172.67.223.247
2606:4700:10::ac43:8ee
34.198.68.168
24afbdea262595b870d927d21b61cd535a0346a49dfd164f6198daf0a0a1d84d
7650cccb518dc3993c51d7a477c1676cf331e22856d2a5456178e5dc96f0ac39
7a32a6e4c5e81f0d51cb97466aa442a2342f5ab5c62ff62c3094296fabdda734
861381a33265e42c0c56e9b8d001f174ba61f67f58db518efbe3745ae7089e8f

www.quizargame.ru Open in urlscan Pro 172.67.223.247 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

17 Requests

65 %HTTPS

33 %IPv6

4 Domains

4 Subdomains

3 IPs

1 Countries

549 kBTransfer

2179 kBSize

0 Cookies

0 Outgoing links

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

14 JavaScript Global Variables

0 Cookies

4 Console Messages

Indicators

www.quizargame.ru Open in urlscan Pro
172.67.223.247 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

65 %
HTTPS

33 %
IPv6

4
Domains

4
Subdomains

3
IPs

1
Countries

549 kB
Transfer

2179 kB
Size

0
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!