estimation-urban.ru
Open in
urlscan Pro
2606:4700:3034::ac43:ca4d
Malicious Activity!
Public Scan
Submission: On November 25 via manual from SE — Scanned from DE
Summary
TLS certificate: Issued by WE1 on November 19th 2024. Valid for: 3 months.
This is the only time estimation-urban.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telegram (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
19 | 2606:4700:303... 2606:4700:3034::ac43:ca4d | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
24 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
estimation-urban.ru
estimation-urban.ru |
354 KB |
24 | 1 |
Domain | Requested by | |
---|---|---|
19 | estimation-urban.ru |
estimation-urban.ru
|
24 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
estimation-urban.ru WE1 |
2024-11-19 - 2025-02-17 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://estimation-urban.ru/battle2
Frame ID: 25289B6F141A8F3AB053FEC7A06C5ECF
Requests: 23 HTTP requests in this frame
Screenshot
Page Title
WebPage URL History Show full URLs
- https://estimation-urban.ru/battle2 Page URL
- https://estimation-urban.ru/battle2 Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://estimation-urban.ru/battle2 Page URL
- https://estimation-urban.ru/battle2 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
battle2
estimation-urban.ru/ |
14 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
index-Dm-jjAos.js
estimation-urban.ru/auth/ |
259 KB 82 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
64yal8slwqeb.css
estimation-urban.ru/auth/ |
477 KB 84 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
battle2
estimation-urban.ru/ |
14 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
index-Dm-jjAos.js
estimation-urban.ru/auth/ |
259 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
64yal8slwqeb.css
estimation-urban.ru/auth/ |
477 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
mtproto.worker-BMchXu5G.js
estimation-urban.ru/auth/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
crypto.worker-CfCshcpI.js
estimation-urban.ru/auth/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
369 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
crypto.worker-CfCshcpI.js
estimation-urban.ru/auth/ |
164 KB 44 KB |
Fetch
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
59 B 59 B |
Image
image/jxl |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
311 B 0 |
Image
image/avif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
estimation-urban.ru/auth/assets/img/ |
15 KB 4 KB |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jsdvupyufd1m.js
estimation-urban.ru/auth/ |
208 KB 54 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
wgoiekdkql45.js
estimation-urban.ru/auth/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
47637y97ojhs.js
estimation-urban.ru/auth/ |
35 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
uaki6s5xmf4d.js
estimation-urban.ru/auth/ |
12 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
yklrr1307e73.js
estimation-urban.ru/auth/ |
23 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
47n6yij3l0kb.js
estimation-urban.ru/auth/ |
20 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
f5ki7uumjwdv.js
estimation-urban.ru/auth/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ptmjmnsmxg6z.js
estimation-urban.ru/auth/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
b53fcdd2-aecc-4e0a-ae60-7b72e94cecb9
https://estimation-urban.ru/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
83d21751-c66d-4e45-b932-b94d098466bd
https://estimation-urban.ru/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
a8494316-99b8-4013-8a92-3c13a6bf2cbb
https://estimation-urban.ru/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
2agfy80jx4vg.js
estimation-urban.ru/auth/ |
145 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
z890i37xwdkf.js
estimation-urban.ru/auth/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo_padded.svg
estimation-urban.ru/auth/assets/img/ |
1 KB 1 KB |
Fetch
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- estimation-urban.ru
- URL
- https://estimation-urban.ru/auth/mtproto.worker-BMchXu5G.js
- Domain
- estimation-urban.ru
- URL
- https://estimation-urban.ru/auth/crypto.worker-CfCshcpI.js
- Domain
- estimation-urban.ru
- URL
- blob:https://estimation-urban.ru/b53fcdd2-aecc-4e0a-ae60-7b72e94cecb9
- Domain
- estimation-urban.ru
- URL
- blob:https://estimation-urban.ru/83d21751-c66d-4e45-b932-b94d098466bd
- Domain
- estimation-urban.ru
- URL
- blob:https://estimation-urban.ru/a8494316-99b8-4013-8a92-3c13a6bf2cbb
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telegram (Instant Messenger)30 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| rootScope function| deferredPromise function| AppStorage object| stateStorage function| wrapUrl object| I18n object| webpWorkerController object| appStorage object| appNavigationController object| singleInstance object| webPushApiManager object| telegramMeWebManager object| opusDecodeController object| cryptoMessagePort object| mtprotoMessagePort object| serviceMessagePort object| apiManagerProxy function| calcImageInBox object| mediaSizes object| customProperties object| windowSize object| liteMode object| themeController object| overlayCounter function| formatDateAccordingToTodayNew function| fillTipDates function| dispatchHeavyAnimationEvent object| pagesManager object| sequentialDom function| putPreloader1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
estimation-urban.ru/ | Name: PHPSESSID Value: 4f60eca4210b0a6e73403c34ca319f3a |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
estimation-urban.ru
estimation-urban.ru
2606:4700:3034::ac43:ca4d
04dfc8e1a6e59e36a3a3a5c15443a97a92a6d2a7da9d276b050d58be3c7952a7
372087134adaf98554e6331c042a838ff4ccc3e71ca2de75171f770f0f6066b9
3fa3318d4565d695b297232a6ca1f7e310b7d9be6d7296069d90227772b9029d
4b0a09402dcc09b18e4ac71442c11e324dc019eff549e380924734da2c5e5c99
55073646800c2dafa80abb6f0fd1dc1cd230b64dafd19496dc12242834294a8a
5ee7b373772bb4ae49cd612bec1aeae57a87747ec00484c0ea30ff5cc4e87ec4
664d77374d02214d138ffc0bbf27b1eae1e4cd03227992d559886a29a1f38182
6658af2730024a3bdb59afa66146e1497f04b17d9b3fd8f2c6d393111912254a
6f2cf0c99091af44641cb27eee6a0f32a56aa85f446f60a9482864f2ade413d4
7a9dd368ee05ae0d9b6b4f87e70b3d2824454fd19a685cc5bc92a5520dc8acc9
7cfcef990b55000b656940f60e0636e899f0ac824fddaa83c3a77b68a3be23e9
7e2388ec283fe17472ef02829a93da550af8f3ad4a975f50a0110bff61afe523
9288b5ee67db919b7550f8305281ba548d6057274cf420f5d8f4654687497134
9eaadc98d96bf2942c1e86d6023d99a5fd9a2b3727c542f972b6662643441fd6
c05686959a080efe1ddb38205b583355268c4ed543debd24e857c2bbaae0e151
db611413510cd4800f237c9eb412180499f5bfd298a9f399dc8ec3549e3afd28
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eeb79b0ae5da35d3433de6edeec3a0e3cce9c24f517dbad26ed97e852666c8f4
ef8913583b9bbfe32ec56bc943f31300bd283a4ab019c5ef46bc9540db5061a4