anti-covid-mask.ru - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 3 HTTP transactions. The main IP is 2606:4700:3034::681f:5ce0, located in United States and belongs to CLOUDFLARENET, US. The main domain is anti-covid-mask.ru.
TLS certificate: Issued by Let's Encrypt Authority X3 on May 3rd 2020. Valid for: 3 months.

This is the only time anti-covid-mask.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 4	2606:4700:303... 2606:4700:3034::681f:5ce0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	185.165.123.99 185.165.123.99	64432 (VARITI-AS) (VARITI-AS)
3	2

4 2606:4700:3034::681f:5ce0 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

anti-covid-mask.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.165.123.99 (Russian Federation)

ASN64432 (VARITI-AS, RU)

ohio8.vchecks.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	anti-covid-mask.ru 2 redirects anti-covid-mask.ru	13 KB
1	vchecks.me ohio8.vchecks.me	1 KB
3	2

	Domain	Requested by
4	anti-covid-mask.ru	2 redirects anti-covid-mask.ru
1	ohio8.vchecks.me	anti-covid-mask.ru
3	2

This site contains no links.

Subject Issuer	Validity	Valid
*.anti-covid-mask.ru Let's Encrypt Authority X3	`2020-05-03` - `2020-08-01`	3 months	crt.sh
ohio8.vchecks.me Let's Encrypt Authority X3	`2020-05-14` - `2020-08-12`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://anti-covid-mask.ru/?utm_referrer=
Frame ID: DC317B2022B6D3AD7D85CCF021D10E3F
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://anti-covid-mask.ru/ HTTP 301
https://anti-covid-mask.ru/ Page URL
http://anti-covid-mask.ru/?utm_referrer= HTTP 301
https://anti-covid-mask.ru/?utm_referrer= Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

3
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

14 kB
Transfer

39 kB
Size

6
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://anti-covid-mask.ru/ HTTP 301
https://anti-covid-mask.ru/ Page URL
http://anti-covid-mask.ru/?utm_referrer= HTTP 301
https://anti-covid-mask.ru/?utm_referrer= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://anti-covid-mask.ru/ HTTP 301
https://anti-covid-mask.ru/

3 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response anti-covid-mask.ru/ Redirect Chain http://anti-covid-mask.ru/ https://anti-covid-mask.ru/	38 KB 12 KB	43ms 24ms	Document text/html	2606:4700:3034::681f:5ce0 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://anti-covid-mask.ru/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::681f:5ce0 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `08bc048b387ea23a8c1d1552c349b1735e53795c255f179eecd2e492e9afe837` Request headers :method GET :authority anti-covid-mask.ru :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 date Sun, 31 May 2020 05:08:49 GMT content-type text/html set-cookie __cfduid=dc102db003b7725925fcac8ab2c18f10e1590901729; expires=Tue, 30-Jun-20 05:08:49 GMT; path=/; domain=.anti-covid-mask.ru; HttpOnly; SameSite=Lax; Secure rerf=AAAAAF7TO+FfhFC3AwN0Ag==; expires=Tue, 30-Jun-20 05:08:49 GMT; path=/ vary Accept-Encoding x-iauth-set-uid 2:nrUjUTTaUIYlAjgu:1590901729336:nrUjUTTaUIYlAjgu/6RnFUIw33eLUOAvOATt7HQ==:0000 x-request-id n8eEoxJrTCg1 cache-control no-cache no-cache expires Sun, 31 May 2020 05:08:48 GMT pragma no-cache no-cache access-control-allow-origin * p3p policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID" cf-cache-status DYNAMIC cf-request-id 030abb002a000096da26bec200000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 59be2de04f6596da-FRA content-encoding br Redirect headers Date Sun, 31 May 2020 05:08:49 GMT Transfer-Encoding chunked Connection keep-alive Cache-Control max-age=3600 Expires Sun, 31 May 2020 06:08:49 GMT Location https://anti-covid-mask.ru/ cf-request-id 030abb000b0000175623355200000001 Vary Accept-Encoding Server cloudflare CF-RAY 59be2de01b881756-FRA
GET H/1.1	200 OK	n8eEoxJrTCg1 Show response ohio8.vchecks.me/share/	849 B 1 KB	315ms 129ms	Script application/javascript	185.165.123.99 VARITI-AS
General Check archive.org Show headers Download Go to Full URL https://ohio8.vchecks.me/share/n8eEoxJrTCg1?sid=3582&scheme=http&host=anti-covid-mask.ru&uri=%2f%3futm_referrer%3d&t=1590901729336&sad=v%2fop5c%2bw%3d%3d&uid=nrUjUTTaUIYlAjgu&uct=1590901729336&kct=0&m=2&ver=7&flags=0&ua=6386828519903006346&v=ZpU695NsyGCQ5un-njiEWA&test=JrTCg1&fp=e0f7949a4958aab77511752e8b1c17fe_614336141_8d7612e8db321d8194a3de269d7545a1 Requested by Host: anti-covid-mask.ru URL: https://anti-covid-mask.ru/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.165.123.99 , Russian Federation, ASN64432 (VARITI-AS, RU), Reverse DNS Software Variti/0.9.3a / Resource Hash `7333427ddf8ceff8420893b7beacc515fc5bd689de0a6e8e9e2f2ac27f4cfaae` Request headers Referer https://anti-covid-mask.ru/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Pragma no-cache Date Sun, 31 May 2020 05:08:49 GMT Server Variti/0.9.3a Transfer-Encoding chunked Content-Type application/javascript Access-Control-Allow-Origin * Cache-Control no-cache Connection close X-Request-ID n8eaQjRMH0U1 Expires Sun, 31 May 2020 05:08:49 GMT
GET H2	403	Primary Request / Show response anti-covid-mask.ru/ Redirect Chain http://anti-covid-mask.ru/?utm_referrer= https://anti-covid-mask.ru/?utm_referrer=	571 B 244 B	19ms 19ms	Document text/html	2606:4700:3034::681f:5ce0 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://anti-covid-mask.ru/?utm_referrer= Requested by Host: anti-covid-mask.ru URL: https://anti-covid-mask.ru/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::681f:5ce0 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `53d85d8c4ee63eca18604bc5db5f1ad732c789c18c03e1ef5462a1364aba1da1` Request headers :method GET :authority anti-covid-mask.ru :scheme https :path /?utm_referrer= pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US cookie __cfduid=dc102db003b7725925fcac8ab2c18f10e1590901729; rerf=AAAAAF7TO+FfhFC3AwN0Ag==; ipp_key=v1590901729336/v3394bd400b5e53a13cfc651638eca4afa04ab2/CQK0K1b82dlHh82jNRvo7w==; ipp_uid=1590901729336/nrUjUTTaUIYlAjgu/6RnFUIw33eLUOAvOATt7HQ==; ipp_uid1=1590901729336; ipp_uid2=nrUjUTTaUIYlAjgu/6RnFUIw33eLUOAvOATt7HQ== Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://anti-covid-mask.ru/ Response headers status 403 date Sun, 31 May 2020 05:08:49 GMT content-type text/html x-variti-ccr 1436051402:1 cf-cache-status DYNAMIC cf-request-id 030abb0279000096da26805200000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 59be2de3f9aa96da-FRA content-encoding br Redirect headers Date Sun, 31 May 2020 05:08:49 GMT Transfer-Encoding chunked Connection keep-alive Cache-Control max-age=3600 Expires Sun, 31 May 2020 06:08:49 GMT Location https://anti-covid-mask.ru/?utm_referrer= cf-request-id 030abb02700000175623377200000001 Vary Accept-Encoding Server cloudflare CF-RAY 59be2de3ea9c1756-FRA

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
anti-covid-mask.ru/	1970-01-23 06:43:11	Name: ipp_uid2 Value: nrUjUTTaUIYlAjgu/6RnFUIw33eLUOAvOATt7HQ==
anti-covid-mask.ru/	1970-01-23 06:43:11	Name: ipp_uid1 Value: 1590901729336
anti-covid-mask.ru/	1970-01-23 06:43:11	Name: ipp_uid Value: 1590901729336/nrUjUTTaUIYlAjgu/6RnFUIw33eLUOAvOATt7HQ==
anti-covid-mask.ru/	1969-12-31 23:59:59	Name: ipp_key Value: v1590901729336/v3394bd400b5e53a13cfc651638eca4afa04ab2/CQK0K1b82dlHh82jNRvo7w==
anti-covid-mask.ru/	1970-01-19 10:38:13	Name: rerf Value: AAAAAF7TO+FfhFC3AwN0Ag==
.anti-covid-mask.ru/	1970-01-19 10:38:13	Name: __cfduid Value: dc102db003b7725925fcac8ab2c18f10e1590901729

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

anti-covid-mask.ru
ohio8.vchecks.me
185.165.123.99
2606:4700:3034::681f:5ce0
08bc048b387ea23a8c1d1552c349b1735e53795c255f179eecd2e492e9afe837
53d85d8c4ee63eca18604bc5db5f1ad732c789c18c03e1ef5462a1364aba1da1
7333427ddf8ceff8420893b7beacc515fc5bd689de0a6e8e9e2f2ac27f4cfaae

anti-covid-mask.ru Open in urlscan Pro 2606:4700:3034::681f:5ce0 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

3 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

14 kBTransfer

39 kBSize

6 Cookies

0 Outgoing links

Page URL History

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

6 Cookies

Indicators

anti-covid-mask.ru Open in urlscan Pro
2606:4700:3034::681f:5ce0 Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

14 kB
Transfer

39 kB
Size

6
Cookies

3 HTTP transactions
0 data transactions