rewards-ff-gareena.ru Open in urlscan Pro
2606:4700:3030::6815:19a2 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://rewards-ff-gareena.ru/blocked_vk/
Submission: On May 21 via manual (May 21st 2024, 5:08:27 am UTC) from RU — Scanned from DE

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 14 HTTP transactions. The main IP is 2606:4700:3030::6815:19a2, located in United States and belongs to CLOUDFLARENET, US. The main domain is rewards-ff-gareena.ru.
TLS certificate: Issued by GTS CA 1P5 on April 10th 2024. Valid for: 3 months.

This is the only time rewards-ff-gareena.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Vkontakte (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
12	2606:4700:303... 2606:4700:3030::6815:19a2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	95.163.52.67 95.163.52.67	47764 (VK-AS) (VK-AS)
1	87.240.132.67 87.240.132.67	47541 (VKONTAKTE...) (VKONTAKTE-SPB-AS vk.com)
14	4

12 2606:4700:3030::6815:19a2 (United States)

ASN13335 (CLOUDFLARENET, US)

rewards-ff-gareena.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.163.52.67 (Russian Federation)

ASN47764 (VK-AS, RU)
PTR: top-fwz1.mail.ru

top-fwz1.mail.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 87.240.132.67 (Russian Federation)

ASN47541 (VKONTAKTE-SPB-AS vk.com, RU)
PTR: srv67-132-240-87.vk.com

vk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	rewards-ff-gareena.ru rewards-ff-gareena.ru	617 KB
1	vk.com vk.com — Cisco Umbrella Rank: 8074	5 KB
1	mail.ru top-fwz1.mail.ru — Cisco Umbrella Rank: 12186	19 KB
14	3

	Domain	Requested by
12	rewards-ff-gareena.ru	rewards-ff-gareena.ru
1	vk.com
1	top-fwz1.mail.ru	rewards-ff-gareena.ru
14	3

This site contains no links.

Subject Issuer	Validity	Valid
rewards-ff-gareena.ru GTS CA 1P5	`2024-04-10` - `2024-07-09`	3 months	crt.sh
*.mail.ru GlobalSign ECC OV SSL CA 2018	`2023-10-06` - `2024-11-06`	a year	crt.sh
*.vk.com GlobalSign ECC OV SSL CA 2018	`2024-02-14` - `2025-03-02`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://rewards-ff-gareena.ru/blocked_vk/
Frame ID: 1C7E7C32AA9A5B31F6390EF5BDCAD80C
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ВКонтактe | Cтраница зaблoкирoвaнa

Page Statistics

14
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

765 kB
Transfer

1958 kB
Size

6
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request / Show response
rewards-ff-gareena.ru/blocked_vk/ 16 KB
4 KB 215ms
83ms Document
text/html 2606:4700:3030::6815:19a2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rewards-ff-gareena.ru/blocked_vk/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:19a2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac56cbe0c6fa256ba313e864526a6073fadc0914729287e1322db846f4a76108

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 88720c5bae493661-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Tue, 21 May 2024 05:08:23 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ctacm54kURFwoPbWZifBHqowHRrfhrEDUBkN1K1JxjLyO3hjnFCsMk%2FqyUG%2Bnqx2fTnaGXE3kSwPu%2FEJGE%2FD8wMDpdyQQCLdkxw%2FUDChRGdecCUE99nCLEYuwc8zuxZAY7qyQiaRfmOKPBcf2q1Mp4qK67g%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H3 200 common.css
rewards-ff-gareena.ru/blocked_vk/ 326 KB
61 KB 100ms
99ms Stylesheet
text/css 2606:4700:3030::6815:19a2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rewards-ff-gareena.ru/blocked_vk/common.css
Requested by: Host: rewards-ff-gareena.ru
URL: https://rewards-ff-gareena.ru/blocked_vk/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:19a2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b57b3da604c70d666488da588a0dd3e9d4f35856f36d748589adcbbf3a04741

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://rewards-ff-gareena.ru/blocked_vk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 05:08:23 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Tue, 02 May 2023 14:12:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"64511a52-51865"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YyLuEia4tfEukrHuqO3wq9norsKnhISUHuNbUrHtcj9usq%2F5970F2oTJPTSI1f3zS1pMe3%2B%2F3q%2BRz%2Fk1lW%2B4yuQr%2B1voqZjaPKt9dPvythqYfYV9MFznsttfi0HGNotWgu%2FQD7sN25tQkHZCOV4vrac5KY8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 88720c5c4ed73661-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 fonts_cnt.css
rewards-ff-gareena.ru/blocked_vk/ 470 KB
355 KB 112ms
111ms Stylesheet
text/css 2606:4700:3030::6815:19a2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rewards-ff-gareena.ru/blocked_vk/fonts_cnt.css
Requested by: Host: rewards-ff-gareena.ru
URL: https://rewards-ff-gareena.ru/blocked_vk/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:19a2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a7dedd1dd24ac0ca3aea423ab09b6dc87b345f1bee3c3c8c3dd69a7b98f39ef3

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://rewards-ff-gareena.ru/blocked_vk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 05:08:23 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Tue, 02 May 2023 14:12:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"64511a52-75837"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n3cj9eDytzItwtlFrmMH7imUqeCiuSQKhB2vgUku2KXB8FBJ08E%2BwNC8OBub8jmXvzOLuhBwgoUUTC9tzs9f5EN0aFs%2F8iq2zzx2HoRsGBRt95VW529Hml6rM27WXc6fSEtzbFkuHqUXW5hVpwCKWC8ofkM%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 88720c5c4edb3661-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 login.css
rewards-ff-gareena.ru/blocked_vk/ 33 KB
7 KB 73ms
72ms Stylesheet
text/css 2606:4700:3030::6815:19a2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rewards-ff-gareena.ru/blocked_vk/login.css
Requested by: Host: rewards-ff-gareena.ru
URL: https://rewards-ff-gareena.ru/blocked_vk/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:19a2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a16e623b88dd9c665bfde77df7a5b03601d206ba768f9bd1a7512cb45b69c0dd

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://rewards-ff-gareena.ru/blocked_vk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 05:08:23 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Tue, 02 May 2023 14:12:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"64511a4e-8451"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MR2N5wwWq1HJy2X%2FVlBZof5rqD2dymzJOP81qXqJOe3NyAX2tvSQIQpMv6zJH0h3Ww0T%2B2zeFh5kuPOg6AowvRdr1E4fQ6uFtQwOmf2gcv1%2FQzJ%2BOrxE%2FaXj5F9dFx29HIhLiDVUuLb0C1P4GMkbQM7ugsA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 88720c5c4edd3661-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 im.css
rewards-ff-gareena.ru/blocked_vk/ 274 KB
48 KB 106ms
104ms Stylesheet
text/css 2606:4700:3030::6815:19a2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rewards-ff-gareena.ru/blocked_vk/im.css
Requested by: Host: rewards-ff-gareena.ru
URL: https://rewards-ff-gareena.ru/blocked_vk/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:19a2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 031a5a2a4ee0de00c47b23c09f1b7be980c123588706f8b1003e2d6833a13383

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://rewards-ff-gareena.ru/blocked_vk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 05:08:23 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Tue, 02 May 2023 14:12:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"64511a50-44702"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DyWnboxSwfJfu%2BWuMjetB0VJ3gGX22KOgF7lwP7N15Mnu5bS%2BhJiLcd6A5v%2F7njlGPVGGcYs1c%2F1ASfLPKQZH0clTOwKRsQzz5GQMJZWgLQXzyhap8c6LIpWuyyqiNt8wY6PmbU6PYQ9xWzeAAE%2B5KMTNek%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 88720c5c4ede3661-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 404 ui_controls.css
rewards-ff-gareena.ru/blocked_vk/ 0
0 71ms
70ms Stylesheet
text/html 2606:4700:3030::6815:19a2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rewards-ff-gareena.ru/blocked_vk/ui_controls.css
Requested by: Host: rewards-ff-gareena.ru
URL: https://rewards-ff-gareena.ru/blocked_vk/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:19a2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://rewards-ff-gareena.ru/blocked_vk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 05:08:23 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BK0let%2Bq30dcXtp9xrKMRj38EMdh%2FGSx6SP99fqJxaPl0LTN04ZNEh%2BzyPfzsTs3YdPjSEAiQCBodn7lk0KaFHcclVcLEoFxnc8u82fCmtLgZ19sEeaJTg53ivbP943QUaWww%2FjPqGAm3QJ19K7qyCWfHMc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
cache-control: max-age=14400
cf-ray: 88720c5c4edf3661-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 page.css
rewards-ff-gareena.ru/blocked_vk/ 548 KB
112 KB 129ms
128ms Stylesheet
text/css 2606:4700:3030::6815:19a2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rewards-ff-gareena.ru/blocked_vk/page.css
Requested by: Host: rewards-ff-gareena.ru
URL: https://rewards-ff-gareena.ru/blocked_vk/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:19a2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cdf4d7be986ed62813bf73633e0d657f4522aca196dce96079882b9866595859

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://rewards-ff-gareena.ru/blocked_vk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 05:08:23 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Tue, 02 May 2023 14:12:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"64511a52-88f58"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ebVYvz7RZVpFSOk5bPe49raWUj336tKTDP6XYZunsGqcdOgdhBNLeXZNevLyVtQFHMK420jC0CaccA%2BT3Rsnv2PD9ryv7S3L9pAlGK7WKlZteyPaTWZysrEvxinH8iTS5QgHXbEqmJBre7L6XDCS4loczTc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 88720c5c4ee13661-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 post.css
rewards-ff-gareena.ru/blocked_vk/ 35 KB
7 KB 125ms
124ms Stylesheet
text/css 2606:4700:3030::6815:19a2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rewards-ff-gareena.ru/blocked_vk/post.css
Requested by: Host: rewards-ff-gareena.ru
URL: https://rewards-ff-gareena.ru/blocked_vk/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:19a2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e4c93b6fc634d1563c3e7afa127fb4e95ed65898e1800e8668b2ab764d8afa4a

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://rewards-ff-gareena.ru/blocked_vk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 05:08:23 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Tue, 02 May 2023 14:12:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"64511a52-8ae2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=leQ%2FFDejZbW4i6j8k4WrQTWzqbcKd8bIb0lracygAi2QHM4RmOwmJD4jOq18mFdgvK0IUVMPVGpecej3G8H9Act1FOMj%2FM3TdEJJ%2BO98LUIWEZL6cQx8u794B0tnpqRU4U1tBE%2Bw6D0HEVCqODsRku6BZLw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 88720c5c4ee23661-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 ui_common.css
rewards-ff-gareena.ru/blocked_vk/ 65 KB
11 KB 130ms
129ms Stylesheet
text/css 2606:4700:3030::6815:19a2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rewards-ff-gareena.ru/blocked_vk/ui_common.css
Requested by: Host: rewards-ff-gareena.ru
URL: https://rewards-ff-gareena.ru/blocked_vk/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:19a2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a0241b300b7685cd94ea61f4f7e2e1d8d17bdebfbab23d3af81da63d20f9171e

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://rewards-ff-gareena.ru/blocked_vk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 05:08:23 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Tue, 02 May 2023 14:12:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"64511a50-102d5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fidn%2B%2FUQombkSRyi6o5Tv57WVdQ7QsnR0P3IOB840gthbZMqGYUlD%2FLuyeL1hzckD%2Fhulc%2BhiOj1N%2Fba35%2BWub%2FDNheO2yKj3kRdyKe2ArNbkrod%2BfZg3MTdxTvEFmMU4%2B%2FhrhOdfvPKrlJqZxS7ef7knrY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 88720c5c4ee33661-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 code.js Show response
rewards-ff-gareena.ru/blocked_vk/ 16 KB
7 KB 101ms
101ms Script
application/javascript 2606:4700:3030::6815:19a2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rewards-ff-gareena.ru/blocked_vk/code.js
Requested by: Host: rewards-ff-gareena.ru
URL: https://rewards-ff-gareena.ru/blocked_vk/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:19a2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0921a7dc8054b08e4b5dd8e6ca764c72370ef59b7a7bb80be61efdc320d077a8

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://rewards-ff-gareena.ru/blocked_vk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 05:08:23 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Tue, 02 May 2023 14:12:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"64511a50-4083"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YGJEOjXuNM1J5rKxHi52j4RmQY%2F6VXHBU3rdNRC67OAnOx3Ut0hJBVOrQY1whYEuKYncgeobhUpwK%2B1HN9sBfkx93eB%2F3Mo%2FbEAssEYPGVCrSnjMJoob0NPGKQXZGT67T5gXighcm2JsiOgMRlwc7FRUsdU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 88720c5c7f093661-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 deactivated_50.png
rewards-ff-gareena.ru/blocked_vk/ 969 B
1 KB 72ms
70ms Image
image/png 2606:4700:3030::6815:19a2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rewards-ff-gareena.ru/blocked_vk/deactivated_50.png
Requested by: Host: rewards-ff-gareena.ru
URL: https://rewards-ff-gareena.ru/blocked_vk/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:19a2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9b83ec8b3a3a6b153d98e17f9b745acff872f07fe8a02636838f8a37f5d61ca5

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://rewards-ff-gareena.ru/blocked_vk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 05:08:23 GMT
cf-cache-status: MISS
last-modified: Tue, 02 May 2023 14:12:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "64511a52-3c9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BJRDcM189SKrCof3Qq%2FK9qdDKvmNcJNCfxAz6XMUcghCoOua9MJeyDhL1sMQGAJMU%2FiPOjiUyK1CKqqZICtd%2FgWVO1GP91ye58iDj0r3aE96ceexTfRG78maQ4xA%2FFdOEZe5gEY9J6ho5gsnsx%2FaZojpFCk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 88720c5c4ee43661-FRA
alt-svc: h3=":443"; ma=86400
content-length: 969
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 code.js Show response
top-fwz1.mail.ru/js/ 43 KB
19 KB 202ms
66ms Script
application/javascript 95.163.52.67
VK-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://top-fwz1.mail.ru/js/code.js

Requested by

Host: rewards-ff-gareena.ru
URL: https://rewards-ff-gareena.ru/blocked_vk/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

95.163.52.67 , Russian Federation, ASN47764 (VK-AS, RU),

Reverse DNS

top-fwz1.mail.ru

Software

nginx /

Resource Hash

14081cc16820b9a8535675a1b4bd3597d4e67d17e5c49ef9ad6482877d401e22

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://rewards-ff-gareena.ru/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 05:08:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
amp-access-control-allow-source-origin: *
last-modified: Wed, 24 Apr 2024 09:32:10 GMT
server: nginx
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
etag: W/"6628d19a-aced"
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
accept-ch-lifetime: 86400
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: max-age=3600, private
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: *
expires: Tue, 21 May 2024 06:08:23 GMT

GET
H3 404 ic_head_logo.svg
rewards-ff-gareena.ru/images/svg_icons/ 3 KB
3 KB 71ms
71ms Image
text/html 2606:4700:3030::6815:19a2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rewards-ff-gareena.ru/images/svg_icons/ic_head_logo.svg
Requested by: Host: rewards-ff-gareena.ru
URL: https://rewards-ff-gareena.ru/blocked_vk/common.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:19a2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7a2257033e7760ec52b4c86589f7e515842cc4282591ce38b49054661441e3eb

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://rewards-ff-gareena.ru/blocked_vk/common.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 05:08:23 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=alzYC3dYkz9U1JMdPxEU8ZxzHl18yxAUISvqZthRJvRWyiZVLRoHP07PKb1qe%2BObVVcjys3AozOy9pSL7lRWlpClw9ttKdKxKx%2FppBRyxQ9T69w7o9dF7DZKGMj6KsDk9THPdbucnfzb9jQojw2qhVPVQZ8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
cache-control: max-age=14400
cf-ray: 88720c5d98253661-FRA
alt-svc: h3=":443"; ma=86400

GET
DATA 200
OK truncated
/ 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ab1774eadeca82d66a5d67353c067b88ca0b39c06ac3720cf1551a030299a6b6

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 62 KB
62 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cc7b26ac53700f78f8a452be6d14f14943e88dceb14edf64cddceba6e66f3f5e

Request headers

Referer
Origin: https://rewards-ff-gareena.ru
Accept-Language: de-DE,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: font/woff2

GET
DATA 200
OK truncated
/ 62 KB
62 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 761c95dd192a81733d024d9f644d9b531c358f0f0ea83e9fd6211b6bd424873d

Request headers

Referer
Origin: https://rewards-ff-gareena.ru
Accept-Language: de-DE,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: font/woff2

GET
H2 200 fav_logo.ico
vk.com/images/icons/favicons/ 5 KB
5 KB 137ms
42ms Other
image/x-icon 87.240.132.67
VKONTAKTE-SPB-AS ...

General

Check archive.org

Show headers Download Go to

Full URL: https://vk.com/images/icons/favicons/fav_logo.ico?6
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.240.132.67 , Russian Federation, ASN47541 (VKONTAKTE-SPB-AS vk.com, RU),
Reverse DNS: srv67-132-240-87.vk.com
Software: kittenx /
Resource Hash: 25dfe61842345c39cb13beeee5b921cfe1c16b5f774067416728f8046c56f925

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://rewards-ff-gareena.ru/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-trace-id: XUaTSdHgyCu-rKPqqubbRLvGBT8UIA
date: Tue, 21 May 2024 05:08:23 GMT
last-modified: Tue, 26 Oct 2021 20:12:21 GMT
server: kittenx
etag: "61786125-1350"
content-type: image/x-icon
cache-control: max-age=604800
accept-ranges: bytes
content-length: 4944
expires: Tue, 28 May 2024 05:08:23 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Vkontakte (Social Network)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| _tmr object| cur

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
rewards-ff-gareena.ru/	1969-12-31 23:59:59	Name: PHPSESSID Value: pp6fp3u01krdtuijot29ha40dh
.rewards-ff-gareena.ru/	1970-01-21 04:43:59	Name: tmr_reqNum Value: 0
.rewards-ff-gareena.ru/	1970-01-21 04:43:59	Name: tmr_lvid Value: c4ca54ce172f963c470de180be8c9d84
.rewards-ff-gareena.ru/	1970-01-21 04:43:59	Name: tmr_lvidTS Value: 1716268103222
.mail.ru/	1970-01-21 05:31:30	Name: FTID Value: 0jZPXD2JKh2P:1716268103:0:::
rewards-ff-gareena.ru/	1970-01-20 20:45:54	Name: tmr_detect Value: 0%7C1716268105583

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://rewards-ff-gareena.ru/blocked_vk/ui_controls.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://rewards-ff-gareena.ru/images/svg_icons/ic_head_logo.svg Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://rewards-ff-gareena.ru/blocked_vk/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

rewards-ff-gareena.ru
top-fwz1.mail.ru
vk.com
2606:4700:3030::6815:19a2
87.240.132.67
95.163.52.67
031a5a2a4ee0de00c47b23c09f1b7be980c123588706f8b1003e2d6833a13383
0921a7dc8054b08e4b5dd8e6ca764c72370ef59b7a7bb80be61efdc320d077a8
0b57b3da604c70d666488da588a0dd3e9d4f35856f36d748589adcbbf3a04741
14081cc16820b9a8535675a1b4bd3597d4e67d17e5c49ef9ad6482877d401e22
25dfe61842345c39cb13beeee5b921cfe1c16b5f774067416728f8046c56f925
761c95dd192a81733d024d9f644d9b531c358f0f0ea83e9fd6211b6bd424873d
7a2257033e7760ec52b4c86589f7e515842cc4282591ce38b49054661441e3eb
9b83ec8b3a3a6b153d98e17f9b745acff872f07fe8a02636838f8a37f5d61ca5
a0241b300b7685cd94ea61f4f7e2e1d8d17bdebfbab23d3af81da63d20f9171e
a16e623b88dd9c665bfde77df7a5b03601d206ba768f9bd1a7512cb45b69c0dd
a7dedd1dd24ac0ca3aea423ab09b6dc87b345f1bee3c3c8c3dd69a7b98f39ef3
ab1774eadeca82d66a5d67353c067b88ca0b39c06ac3720cf1551a030299a6b6
ac56cbe0c6fa256ba313e864526a6073fadc0914729287e1322db846f4a76108
cc7b26ac53700f78f8a452be6d14f14943e88dceb14edf64cddceba6e66f3f5e
cdf4d7be986ed62813bf73633e0d657f4522aca196dce96079882b9866595859
e4c93b6fc634d1563c3e7afa127fb4e95ed65898e1800e8668b2ab764d8afa4a

rewards-ff-gareena.ru Open in urlscan Pro 2606:4700:3030::6815:19a2 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

14 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

4 IPs

2 Countries

765 kBTransfer

1958 kBSize

6 Cookies

0 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

6 Cookies

3 Console Messages

Indicators

rewards-ff-gareena.ru Open in urlscan Pro
2606:4700:3030::6815:19a2 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

765 kB
Transfer

1958 kB
Size

6
Cookies

14 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!