doghaircut.ru Open in urlscan Pro
2606:4700:3037::ac43:8ae4 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://doghaircut.ru/
Submission: On August 06 via api (August 6th 2024, 5:59:06 am UTC) from BE — Scanned from DE

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 2606:4700:3037::ac43:8ae4, located in United States and belongs to CLOUDFLARENET, US. The main domain is doghaircut.ru.
TLS certificate: Issued by WE1 on August 4th 2024. Valid for: 3 months.

This is the only time doghaircut.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WhatsApp (Instant Messenger)

Domain & IP information

	IP Address		AS Autonomous System
8	2606:4700:303... 2606:4700:3037::ac43:8ae4		13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	1

8 2606:4700:3037::ac43:8ae4 (United States)

ASN13335 (CLOUDFLARENET, US)

doghaircut.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	doghaircut.ru doghaircut.ru	148 KB
8	1

	Domain	Requested by
8	doghaircut.ru	doghaircut.ru
8	1

This site contains no links.

Subject Issuer	Validity	Valid
doghaircut.ru WE1	`2024-08-04` - `2024-11-02`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://doghaircut.ru/
Frame ID: FCB5C3C7D23497FCF1749FE11EBD8BA1
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Главная

Detected technologies

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

Page Statistics

8
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

148 kB
Transfer

467 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request / Show response
doghaircut.ru/ 355 B
920 B 592ms
319ms Document
text/html 2606:4700:3037::ac43:8ae4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://doghaircut.ru/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8ae4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cbb20c331c87e6d25481d5e56ad9a2202eb9757af4e171104a961b92960b6093

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, JSNLog-RequestId, activityId, applicationId, applicationUserId, channelId, senderId, sessionId
access-control-allow-methods: GET, DELETE, OPTIONS, POST, PUT
access-control-allow-origin: *
access-control-max-age: 3628800
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 8aeccc607f612bf8-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 06 Aug 2024 05:59:00 GMT
last-modified: Wed, 28 Feb 2024 13:02:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DGajRBg7GiXq4CfHhiD2eKizQAccpU%2BjOniWEIQfmqeejGZytsl1u6D7KfeiIu0i64gkTbf3SY74vktpJ5V5KTAO%2FhSMCKWTG5JQfQeiN6bGwSpY%2B6dSeoKlK0YEJMLfsfiGuAFkgfNXz%2Bbm"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H3 200 index-affbc48c.js Show response
doghaircut.ru/assets/ 265 KB
81 KB 527ms
526ms Script
application/javascript 2606:4700:3037::ac43:8ae4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://doghaircut.ru/assets/index-affbc48c.js
Requested by: Host: doghaircut.ru
URL: https://doghaircut.ru/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8ae4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2a32f987b6641bef1e3da0af267d4de2b3c753275409fcb0d85ae36725a064f8

Request headers

Referer: https://doghaircut.ru/
Origin: https://doghaircut.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 05:59:00 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 28 Feb 2024 13:02:13 GMT
server: cloudflare
etag: W/"42200-18defcef008"
access-control-max-age: 3628800
access-control-allow-methods: GET, DELETE, OPTIONS, POST, PUT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0UHxRFEQg4G8oRudKAxjehOXG7ZA5yZ4mMkKx0SHnbWXiv76ftMMKdVjblHpWBxvErCK01SR9Es9LENf6Z6uDhA0qI1%2Fju07hr2cbVQ274cVIU3oxUkKJTnhgUwGV3DZlsxOuHHZ%2FGx54LFD"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=14400
vary: Accept-Encoding
cf-ray: 8aeccc6299d42bf8-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, JSNLog-RequestId, activityId, applicationId, applicationUserId, channelId, senderId, sessionId

GET
H3 200 index-62abddb2.css
doghaircut.ru/assets/ 202 KB
64 KB 521ms
520ms Stylesheet
text/css 2606:4700:3037::ac43:8ae4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://doghaircut.ru/assets/index-62abddb2.css
Requested by: Host: doghaircut.ru
URL: https://doghaircut.ru/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8ae4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 62abddb23181d4e77fbeec5b5bc80f6577b46da5a2be68c08dc26880f65e4cd6

Request headers

Referer: https://doghaircut.ru/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 05:59:00 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 28 Feb 2024 13:02:13 GMT
server: cloudflare
etag: W/"3271d-18defcef008"
access-control-max-age: 3628800
access-control-allow-methods: GET, DELETE, OPTIONS, POST, PUT
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7BYizqlUsXpYpXywSVH08BsZekZjG7QL14veLnJjYps86Pn9Z1pBpatOKjWwUr4Viin8Ez8uTwj1cCJ7rEzTJ3LZyZnl6lJF%2FOltdZCK%2B74F34Iq2XctbOki9y8KcuvYY0b8IBROOV1%2ByOKd"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=14400
vary: Accept-Encoding
cf-ray: 8aeccc6299d62bf8-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, JSNLog-RequestId, activityId, applicationId, applicationUserId, channelId, senderId, sessionId

GET
H3 200 / Show response
doghaircut.ru/socket.io/ 118 B
705 B 210ms
209ms XHR
text/plain 2606:4700:3037::ac43:8ae4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://doghaircut.ru/socket.io/?EIO=4&transport=polling&t=P4cHFlE
Requested by: Host: doghaircut.ru
URL: https://doghaircut.ru/assets/index-affbc48c.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8ae4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e0c1d8a376063007a91c73c85495af51217df754b932875f82e2a2c737b50803

Request headers

Accept: */*
Referer: https://doghaircut.ru/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 05:59:01 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin
access-control-allow-methods: GET, DELETE, OPTIONS, POST, PUT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1RQPTNPNnA1xFOWWiGdTmpplFMmpeSUpcIAM2oXC6whH%2FNVHO0XaU0Tr0zbk675x8GXBEcVdxZc%2BKazABX6%2FTTOsdMW%2Fjowq6pV8ZVeXHKpMP66ft0ueEILnGfbe79x5gc%2BgKrGdWg6JfRI6"}],"group":"cf-nel","max_age":604800}
cache-control: no-store
access-control-max-age: 3628800
cf-ray: 8aeccc662d1a2bf8-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, JSNLog-RequestId, activityId, applicationId, applicationUserId, channelId, senderId, sessionId
alt-svc: h3=":443"; ma=86400

GET
H3 404 favicon.ico
doghaircut.ru/ 150 B
719 B 309ms
308ms Other
text/html 2606:4700:3037::ac43:8ae4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://doghaircut.ru/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:8ae4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e21162bc64073fe9e3d3d6375ca24d04fed1912a5b7716aac0cb0f2d16fae7c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
X-Content-Type-Options	nosniff

Request headers

Referer: https://doghaircut.ru/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 05:59:01 GMT
content-security-policy: default-src 'none'
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 3628800
access-control-allow-methods: GET, DELETE, OPTIONS, POST, PUT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5QHX6yGLNYYxoLjvWbaf2j967cDwjRNxoRO69dqJ2pH5Sgc00gUxRL6JArMXMgLSs69p1AXfdcq0GBuma%2BN%2FPtIeDwEQCqfoog%2FZjoqMV4xM%2F2q0hb3DfrVY%2Fte%2BTM9iWEcH8tOPITRFgIMB"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
vary: Accept-Encoding
cf-ray: 8aeccc670db12bf8-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, JSNLog-RequestId, activityId, applicationId, applicationUserId, channelId, senderId, sessionId

POST
H3 200 / Show response
doghaircut.ru/socket.io/ 2 B
583 B 304ms
303ms XHR
text/html 2606:4700:3037::ac43:8ae4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://doghaircut.ru/socket.io/?EIO=4&transport=polling&t=P4cHFoe&sid=CBIzS7VWM5ljdBq6AGq2
Requested by: Host: doghaircut.ru
URL: https://doghaircut.ru/assets/index-affbc48c.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8ae4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Accept: */*
Referer: https://doghaircut.ru/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-type: text/plain;charset=UTF-8

Response headers

date: Tue, 06 Aug 2024 05:59:01 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin
access-control-allow-methods: GET, DELETE, OPTIONS, POST, PUT
content-type: text/html
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GfQLcnxxoQ1htTJ8nWiuoXCDvYMs0jEBSo7cmlV2cdpKgjdG3HUQF4leLKKtG00%2BLPLuKLJ4Eeg%2Fzh48XG6fmvp8PdlpzGRQA9csPw4CbkkURJN7Ioc9Yi5JkCeiax1sfDgslXO2Y7e0xzK5"}],"group":"cf-nel","max_age":604800}
cache-control: no-store
access-control-max-age: 3628800
cf-ray: 8aeccc677e072bf8-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, JSNLog-RequestId, activityId, applicationId, applicationUserId, channelId, senderId, sessionId
alt-svc: h3=":443"; ma=86400

GET
H3 200 / Show response
doghaircut.ru/socket.io/ 32 B
629 B 315ms
315ms XHR
text/plain 2606:4700:3037::ac43:8ae4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://doghaircut.ru/socket.io/?EIO=4&transport=polling&t=P4cHFof&sid=CBIzS7VWM5ljdBq6AGq2
Requested by: Host: doghaircut.ru
URL: https://doghaircut.ru/assets/index-affbc48c.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8ae4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9a6bda350ce4fbf0f08a99b9b0f422632204652a00f9d850055999e5f1cbd667

Request headers

Accept: */*
Referer: https://doghaircut.ru/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 05:59:01 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin
access-control-max-age: 3628800
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
access-control-allow-methods: GET, DELETE, OPTIONS, POST, PUT
cache-control: no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7ZxcDBMNbHGqQYBMoF9b%2FD0QvTarB4ASKn1vJbiXNz%2BZl%2FnxoUTf5g%2B7huxIQxCnAlNcyruNtVeJVVJ9z7SqaC95kgCK8w4oJW%2BHUCo3aUAeFFTZrxLkV759F7Hek2ytPIDwrdpmpZdSB66P"}],"group":"cf-nel","max_age":604800}
cf-ray: 8aeccc677e0a2bf8-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, JSNLog-RequestId, activityId, applicationId, applicationUserId, channelId, senderId, sessionId
content-length: 32
alt-svc: h3=":443"; ma=86400

GET
H3 200 / Show response
doghaircut.ru/socket.io/ 1 B
598 B 739ms
739ms XHR
text/plain 2606:4700:3037::ac43:8ae4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://doghaircut.ru/socket.io/?EIO=4&transport=polling&t=P4cHFtc&sid=CBIzS7VWM5ljdBq6AGq2
Requested by: Host: doghaircut.ru
URL: https://doghaircut.ru/assets/index-affbc48c.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8ae4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e7f6c011776e8db7cd330b54174fd76f7d0216b612387a5ffcfb81e6f0919683

Request headers

Accept: */*
Referer: https://doghaircut.ru/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 05:59:02 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin
access-control-max-age: 3628800
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
access-control-allow-methods: GET, DELETE, OPTIONS, POST, PUT
cache-control: no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fPxANsJj9qGMLwLTOkQTYPolwTJTdB7DLDGriBk9m%2BYy4x8G2xuRCI6Ri4KRKue%2FobDMU21xkVu8s0oNQjYulOpuiByrKp%2FPZ%2Bs5%2F83kO0Tqj52iGUqj%2BzHXyFNIotaS8anHu1l6o70JdARo"}],"group":"cf-nel","max_age":604800}
cf-ray: 8aeccc6978722bf8-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, JSNLog-RequestId, activityId, applicationId, applicationUserId, channelId, senderId, sessionId
content-length: 1
alt-svc: h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WhatsApp (Instant Messenger)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| __VUE__

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			doghaircut.ru/	1969-12-31 23:59:59	Name: Auth Value: def8e701783fbbeda8e95917a4244d52

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://doghaircut.ru/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

doghaircut.ru
2606:4700:3037::ac43:8ae4
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2a32f987b6641bef1e3da0af267d4de2b3c753275409fcb0d85ae36725a064f8
62abddb23181d4e77fbeec5b5bc80f6577b46da5a2be68c08dc26880f65e4cd6
6e21162bc64073fe9e3d3d6375ca24d04fed1912a5b7716aac0cb0f2d16fae7c
9a6bda350ce4fbf0f08a99b9b0f422632204652a00f9d850055999e5f1cbd667
cbb20c331c87e6d25481d5e56ad9a2202eb9757af4e171104a961b92960b6093
e0c1d8a376063007a91c73c85495af51217df754b932875f82e2a2c737b50803
e7f6c011776e8db7cd330b54174fd76f7d0216b612387a5ffcfb81e6f0919683

doghaircut.ru Open in urlscan Pro 2606:4700:3037::ac43:8ae4 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

148 kBTransfer

467 kBSize

1 Cookies

0 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

doghaircut.ru Open in urlscan Pro
2606:4700:3037::ac43:8ae4 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

148 kB
Transfer

467 kB
Size

1
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!