b2n4a.google-rabota.icu Open in urlscan Pro
185.238.168.206 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://b2n4a.google-rabota.icu/
Submission Tags: @phishunt_io
Submission: On October 06 via api (October 6th 2020, 12:43:30 pm UTC) from ES

Summary HTTP 12 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 11 IPs in 6 countries across 11 domains to perform 12 HTTP transactions. The main IP is 185.238.168.206, located in Ukraine and belongs to SCALAXY-AS, NL. The main domain is b2n4a.google-rabota.icu.
TLS certificate: Issued by Let's Encrypt Authority X3 on October 5th 2020. Valid for: 3 months.

This is the only time b2n4a.google-rabota.icu was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	185.238.168.206 185.238.168.206	58061 (SCALAXY-AS) (SCALAXY-AS)
2	2001:4de0:ac1... 2001:4de0:ac19::1:b:2b	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:1b	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2a00:1450:400... 2a00:1450:4001:81b::200a	15169 (GOOGLE) (GOOGLE)
1	91.210.107.31 91.210.107.31	49335 (NCONNECT-AS) (NCONNECT-AS)
1	82.202.190.240 82.202.190.240	209030 (KL-KDP) (KL-KDP)
1	2606:4700:20:... 2606:4700:20::681a:12a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	193.70.92.88 193.70.92.88	16276 (OVH) (OVH)
1	193.150.7.33 193.150.7.33	31091 (LIGA-) (LIGA-)
1	104.24.119.248 104.24.119.248	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	81.19.72.32 81.19.72.32	24638 (RAMBLER-T...) (RAMBLER-TELECOM-AS)
12	11

1 185.238.168.206 (Ukraine)

ASN58061 (SCALAXY-AS, NL)

b2n4a.google-rabota.icu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4de0:ac19::1:b:2b (Netherlands)

ASN20446 (HIGHWINDS3, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:1b (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.210.107.31 (Russian Federation)

ASN49335 (NCONNECT-AS, RU)

3dnews.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 82.202.190.240 (Russian Federation)

ASN209030 (KL-KDP, RU)

tass.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:12a (United States)

ASN13335 (CLOUDFLARENET, US)

resources.finance.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.70.92.88 (France)

ASN16276 (OVH, FR)
PTR: knb-st01.kanobu.ru

u.kanobu.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.150.7.33 (Ukraine)

ASN31091 (LIGA-, UA)
PTR: UNUSED.ligazakon.net

biz.liga.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.24.119.248 (United States)

ASN13335 (CLOUDFLARENET, US)

eimg.pravda.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 81.19.72.32 (Moscow, Russian Federation)

ASN24638 (RAMBLER-TELECOM-AS, RU)
PTR: lenta.ru

icdn.lenta.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	bootstrapcdn.com stackpath.bootstrapcdn.com	46 KB
1	lenta.ru icdn.lenta.ru	321 KB
1	pravda.com eimg.pravda.com	47 KB
1	liga.net biz.liga.net	620 KB
1	kanobu.ru u.kanobu.ru	76 KB
1	finance.ua resources.finance.ua	86 KB
1	tass.ru tass.ru	369 KB
1	3dnews.ru 3dnews.ru	552 KB
1	googleapis.com fonts.googleapis.com	673 B
1	jquery.com code.jquery.com	30 KB
1	google-rabota.icu b2n4a.google-rabota.icu	45 KB
12	11

	Domain	Requested by
2	stackpath.bootstrapcdn.com	b2n4a.google-rabota.icu
1	icdn.lenta.ru	b2n4a.google-rabota.icu
1	eimg.pravda.com	b2n4a.google-rabota.icu
1	biz.liga.net	b2n4a.google-rabota.icu
1	u.kanobu.ru	b2n4a.google-rabota.icu
1	resources.finance.ua	b2n4a.google-rabota.icu
1	tass.ru	b2n4a.google-rabota.icu
1	3dnews.ru	b2n4a.google-rabota.icu
1	fonts.googleapis.com	b2n4a.google-rabota.icu
1	code.jquery.com	b2n4a.google-rabota.icu
1	b2n4a.google-rabota.icu
12	11

This site contains links to these domains. Also see Links.

Domain
3dnews.ru
tass.ru
news.finance.ua
kanobu.ru
pikabu.ru
biz.liga.net
www.epravda.com.ua
lenta.ru
news2.ru

Subject Issuer	Validity	Valid
1o00k.alcomarket.shop Let's Encrypt Authority X3	`2020-10-05` - `2021-01-03`	3 months	crt.sh
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA	`2020-09-22` - `2021-10-12`	a year	crt.sh
jquery.org COMODO RSA Domain Validation Secure Server CA	`2018-10-17` - `2020-10-16`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2020-09-22` - `2020-12-15`	3 months	crt.sh
3dnews.ru Let's Encrypt Authority X3	`2020-09-06` - `2020-12-05`	3 months	crt.sh
*.tass.ru COMODO RSA Organization Validation Secure Server CA	`2018-12-23` - `2021-01-21`	2 years	crt.sh
*.kanobu.ru Let's Encrypt Authority X3	`2020-09-26` - `2020-12-25`	3 months	crt.sh
*.liga.net Let's Encrypt Authority X3	`2020-09-14` - `2020-12-13`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-26` - `2021-07-26`	a year	crt.sh
*.lenta.ru RapidSSL RSA CA 2018	`2018-10-29` - `2020-12-27`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://b2n4a.google-rabota.icu/
Frame ID: DE1FF4D371E05481264CE1055318C0A7
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

12
Requests

92 %
HTTPS

36 %
IPv6

11
Domains

11
Subdomains

11
IPs

6
Countries

2193 kB
Transfer

2436 kB
Size

0
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://3dnews.ru/1022196
Title:

Search URL Search Domain Scan URL

URL: https://tass.ru/ekonomika/9612687
Title:

Search URL Search Domain Scan URL

URL: https://news.finance.ua/ru/news/-/478600/odezhda-tehnika-i-kosmetika-chto-chashhe-vsego-pokupayut-ukraintsy-onlajn-infografika
Title:

Search URL Search Domain Scan URL

URL: https://kanobu.ru/news/poyavilas-kosmetika-pomotivam-seriala-druzya-est-teni-dranyij-kot-ikubok-gellerov-428313/
Title:

Search URL Search Domain Scan URL

URL: https://pikabu.ru/story/tualet_ne_daet_pokoyaremont_7747698
Title:

Search URL Search Domain Scan URL

URL: https://biz.liga.net/all/all/novosti/chto-chasche-vsego-ukraintsy-pokupayut-onlayn-issledovanie
Title:

Search URL Search Domain Scan URL

URL: https://pikabu.ru/story/dostavka_7739990
Title:

Search URL Search Domain Scan URL

URL: https://www.epravda.com.ua/rus/news/2020/09/19/665297/
Title:

Search URL Search Domain Scan URL

URL: https://pikabu.ru/story/little_bit_news_622_7752911
Title:

Search URL Search Domain Scan URL

URL: https://pikabu.ru/story/little_bit_news_618_7730630
Title:

Search URL Search Domain Scan URL

URL: https://pikabu.ru/story/interesnyie_fotografii_90_kh_chast_29_7736417
Title:

Search URL Search Domain Scan URL

URL: https://pikabu.ru/story/o_nekrasivyikh_zhenshchinakh_ili_ya_stolko_ne_vyipyu_7716734
Title:

Search URL Search Domain Scan URL

URL: https://lenta.ru/articles/2020/10/04/poison/
Title:

Search URL Search Domain Scan URL

URL: https://news2.ru/story/610955/
Title:

Search URL Search Domain Scan URL

URL: https://news2.ru/story/611790/
Title:

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
b2n4a.google-rabota.icu/ 45 KB
45 KB 177ms
38ms Document
text/html 185.238.168.206
SCALAXY-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://b2n4a.google-rabota.icu/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.238.168.206 , Ukraine, ASN58061 (SCALAXY-AS, NL),
Reverse DNS
Software: /
Resource Hash: 09acd91d1403b4952a7a566c21bc8faf0f452d7d633f5de335da21f56b3106f9

Request headers

:method: GET
:authority: b2n4a.google-rabota.icu
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
content-type: text/html; charset=utf-8
date: Tue, 06 Oct 2020 12:43:10 GMT

GET
H2 200 bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/ 156 KB
23 KB 26ms
8ms Stylesheet
text/css 2001:4de0:ac19::1:b:2b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css

Requested by

Host: b2n4a.google-rabota.icu
URL: https://b2n4a.google-rabota.icu/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4de0:ac19::1:b:2b , Netherlands, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

Resource Hash

2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://b2n4a.google-rabota.icu
Referer: https://b2n4a.google-rabota.icu/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 06 Oct 2020 12:43:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 28 Nov 2019 17:52:46 GMT
status: 200
etag: "1574963566"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 23681

GET
H2 200 jquery-3.4.1.min.js Show response
code.jquery.com/ 86 KB
30 KB 24ms
7ms Script
application/javascript 2001:4de0:ac19::1:b:1b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.4.1.min.js
Requested by: Host: b2n4a.google-rabota.icu
URL: https://b2n4a.google-rabota.icu/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac19::1:b:1b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Request headers

Origin: https://b2n4a.google-rabota.icu
Referer: https://b2n4a.google-rabota.icu/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 06 Oct 2020 12:43:10 GMT
content-encoding: gzip
last-modified: Wed, 01 May 2019 21:14:27 GMT
server: nginx
status: 200
etag: W/"5cca0c33-15851"
vary: Accept-Encoding
x-hw: 1601988190.dop005.fr8.t,1601988190.cds217.fr8.hc,1601988190.cds236.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30638

GET
H2 200 bootstrap.bundle.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/ 79 KB
22 KB 31ms
13ms Script
text/javascript 2001:4de0:ac19::1:b:2b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.bundle.min.js

Requested by

Host: b2n4a.google-rabota.icu
URL: https://b2n4a.google-rabota.icu/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4de0:ac19::1:b:2b , Netherlands, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

Resource Hash

394156ee114ed3faf968419340ecfd17f69740eb7e4f0a88d59e1f6d5bf0c34e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://b2n4a.google-rabota.icu
Referer: https://b2n4a.google-rabota.icu/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 06 Oct 2020 12:43:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 28 Nov 2019 17:52:52 GMT
status: 200
etag: "1574963572"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 22770

GET
H2 200 css
fonts.googleapis.com/ 2 KB
673 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:81b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300

Requested by

Host: b2n4a.google-rabota.icu
URL: https://b2n4a.google-rabota.icu/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9a034cf5bacb85cbe6929cabcb47742d65b76ca7e2a7d5fcc178e9d1458f0302

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 06 Oct 2020 12:23:29 GMT
server: ESF
date: Tue, 06 Oct 2020 12:43:10 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 06 Oct 2020 12:43:10 GMT

GET
H/1.1 200
OK sm.3730136-immortals-fenyx-rising_2020_09-03-20_001.750.jpg
3dnews.ru/assets/external/illustrations/2020/10/05/1022196/ 552 KB
552 KB 275ms
96ms Image
image/jpeg 91.210.107.31
NCONNECT-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://3dnews.ru/assets/external/illustrations/2020/10/05/1022196/sm.3730136-immortals-fenyx-rising_2020_09-03-20_001.750.jpg

Requested by

Host: b2n4a.google-rabota.icu
URL: https://b2n4a.google-rabota.icu/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.210.107.31 , Russian Federation, ASN49335 (NCONNECT-AS, RU),

Reverse DNS

Software

nginx /

Resource Hash

ddb5b9d62de8da937a4e9fabb2313b2dd6ae50304fdb00c02dd5070e43178e9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://b2n4a.google-rabota.icu/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 06 Oct 2020 12:43:10 GMT
x-content-type-options: nosniff
Last-Modified: Mon, 05 Oct 2020 10:13:49 GMT
Server: nginx
Strict-Transport-Security: max-age=15768000
Content-Type: image/jpeg
Cache-Control: max-age=1209600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 565363
x-xss-protection: 1; mode=block
Expires: Tue, 20 Oct 2020 12:43:10 GMT

GET
H/1.1 200
OK tass_logo_share_ru.png
tass.ru/img/blocks/common/ 368 KB
369 KB 184ms
67ms Image
image/png 82.202.190.240
KL-KDP

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tass.ru/img/blocks/common/tass_logo_share_ru.png

Requested by

Host: b2n4a.google-rabota.icu
URL: https://b2n4a.google-rabota.icu/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

82.202.190.240 , Russian Federation, ASN209030 (KL-KDP, RU),

Reverse DNS

Software

nginx/1.15.7 /

Resource Hash

e61aeef922c3cc20d22088d8d801bf08826d2b482969dc2ac4f893957598793f

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Referer: https://b2n4a.google-rabota.icu/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 06 Oct 2020 12:43:10 GMT
X-Content-Type-Options: nosniff, nosniff
Last-Modified: Wed, 23 Sep 2020 12:00:33 GMT
Server: nginx/1.15.7
ETag: "5f6b38e1-5c181"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/png
Access-Control-Allow-Origin: admin.tass.ru
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 377217
X-XSS-Protection: 1; mode=block, 1; mode=block

GET
H/1.1 200
OK image-repost
resources.finance.ua/ru/news/ 85 KB
86 KB 69ms
56ms Image
image/png 2606:4700:20::681a:12a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://resources.finance.ua/ru/news/image-repost?id=478600

Requested by

Host: b2n4a.google-rabota.icu
URL: https://b2n4a.google-rabota.icu/

Protocol

HTTP/1.1

Server

2606:4700:20::681a:12a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

88ad230a2305bf4ee99a3abb674f0f03c0df1e8cb70ff4037ab5cafd946f02ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block;

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 06 Oct 2020 12:43:10 GMT
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Age: 740
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 87279
cf-request-id: 059f88f8c40000c2e5602a4200000001
Last-Modified: Tue, 06 Oct 2020 12:30:50 GMT
Server: cloudflare
Content-Type: image/png
X-XSS-Protection: 1; mode=block;
Cache-Control: max-age=3600
Accept-Ranges: bytes
CF-RAY: 5ddf776e0b3ac2e5-FRA
Expires: Tue, 06 Oct 2020 13:30:50 GMT

GET
H/1.1 200
OK ff0b460a-d487-906f-26df-70548e8f6fac.jpg
u.kanobu.ru/articles/pics/ 75 KB
76 KB 388ms
58ms Image
image/jpeg 193.70.92.88
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u.kanobu.ru/articles/pics/ff0b460a-d487-906f-26df-70548e8f6fac.jpg
Requested by: Host: b2n4a.google-rabota.icu
URL: https://b2n4a.google-rabota.icu/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 193.70.92.88 , France, ASN16276 (OVH, FR),
Reverse DNS: knb-st01.kanobu.ru
Software: nginx /
Resource Hash: a2def4d618ec6c7665d0a11c5b0d40a7e2221d29b3f043e70216a9944c25664d

Request headers

Referer: https://b2n4a.google-rabota.icu/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 06 Oct 2020 12:43:10 GMT
Last-Modified: Wed, 16 Sep 2020 13:22:22 GMT
Server: nginx
ETag: "5f62118e-12db6"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 77238

GET
H2 200 social-20191228181743-3404-4241424.png
biz.liga.net/images/general/2019/12/28/ 620 KB
620 KB 224ms
100ms Image
image/png 193.150.7.33
LIGA-

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://biz.liga.net/images/general/2019/12/28/social-20191228181743-3404-4241424.png?v=1600359954

Requested by

Host: b2n4a.google-rabota.icu
URL: https://b2n4a.google-rabota.icu/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

193.150.7.33 , Ukraine, ASN31091 (LIGA-, UA),

Reverse DNS

UNUSED.ligazakon.net

Software

nginx /

Resource Hash

9b5f59c18f750f3ce05825f98665f0e8413497c51f3662f54d0a66e80e148e66

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://b2n4a.google-rabota.icu/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 06 Oct 2020 12:43:10 GMT
last-modified: Fri, 18 Sep 2020 10:23:10 GMT
server: nginx
etag: "5f648a8e-9ae08"
strict-transport-security: max-age=15768000
content-type: image/png
status: 200
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 634376
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 e.jpg
eimg.pravda.com/images/ 46 KB
47 KB 104ms
34ms Image
image/jpeg 104.24.119.248
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://eimg.pravda.com/images/e.jpg

Requested by

Host: b2n4a.google-rabota.icu
URL: https://b2n4a.google-rabota.icu/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.24.119.248 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aafca5d956f9c2a325feef50dd1ec4318a07792b850d99d311ef35cd6c2ee966

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://b2n4a.google-rabota.icu/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 06 Oct 2020 12:43:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6511
status: 200
cf-int-pingora-origin-digest: {"ext_ip":"162.158.134.62","ext_port":59214,"upstream_rtt":39,"upstream_reused":false,"http_version":1}
content-length: 47540
cf-request-id: 059f88f90600007383aa260200000001
last-modified: Mon, 26 Sep 2016 18:11:32 GMT
server: cloudflare
x-frame-options: sameorigin
etag: "57e964d4-b9b4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?lkg-colo=65&lkg-time=1601988190"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
x-xss-protection: 1; mode=block
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 5ddf776e7f0b7383-CPH
expires: Tue, 20 Oct 2020 10:54:39 GMT

GET
H/1.1 200
OK share_082ff24d68897f819303f23d8b0f9c88.jpg
icdn.lenta.ru/images/2020/10/03/17/20201003171755524/ 321 KB
321 KB 1284ms
118ms Image
image/jpeg 81.19.72.32
RAMBLER-TELECOM-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.lenta.ru/images/2020/10/03/17/20201003171755524/share_082ff24d68897f819303f23d8b0f9c88.jpg
Requested by: Host: b2n4a.google-rabota.icu
URL: https://b2n4a.google-rabota.icu/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.19.72.32 Moscow, Russian Federation, ASN24638 (RAMBLER-TELECOM-AS, RU),
Reverse DNS: lenta.ru
Software: nginx/1.13.4 /
Resource Hash: c191d8980b80440b6858a80ba64ec53e8915d9f8d697e8967535b7724f257013

Request headers

Referer: https://b2n4a.google-rabota.icu/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 06 Oct 2020 12:43:11 GMT
Last-Modified: Sat, 03 Oct 2020 20:03:22 GMT
Server: nginx/1.13.4
ETag: "5f78d90a-502d1"
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 328401
Expires: Thu, 31 Dec 2037 23:55:55 GMT

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes function| $ function| jQuery object| bootstrap

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3dnews.ru
b2n4a.google-rabota.icu
biz.liga.net
code.jquery.com
eimg.pravda.com
fonts.googleapis.com
icdn.lenta.ru
resources.finance.ua
stackpath.bootstrapcdn.com
tass.ru
u.kanobu.ru
104.24.119.248
185.238.168.206
193.150.7.33
193.70.92.88
2001:4de0:ac19::1:b:1b
2001:4de0:ac19::1:b:2b
2606:4700:20::681a:12a
2a00:1450:4001:81b::200a
81.19.72.32
82.202.190.240
91.210.107.31
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
09acd91d1403b4952a7a566c21bc8faf0f452d7d633f5de335da21f56b3106f9
2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6
394156ee114ed3faf968419340ecfd17f69740eb7e4f0a88d59e1f6d5bf0c34e
88ad230a2305bf4ee99a3abb674f0f03c0df1e8cb70ff4037ab5cafd946f02ba
9a034cf5bacb85cbe6929cabcb47742d65b76ca7e2a7d5fcc178e9d1458f0302
9b5f59c18f750f3ce05825f98665f0e8413497c51f3662f54d0a66e80e148e66
a2def4d618ec6c7665d0a11c5b0d40a7e2221d29b3f043e70216a9944c25664d
aafca5d956f9c2a325feef50dd1ec4318a07792b850d99d311ef35cd6c2ee966
c191d8980b80440b6858a80ba64ec53e8915d9f8d697e8967535b7724f257013
ddb5b9d62de8da937a4e9fabb2313b2dd6ae50304fdb00c02dd5070e43178e9d
e61aeef922c3cc20d22088d8d801bf08826d2b482969dc2ac4f893957598793f

b2n4a.google-rabota.icu Open in urlscan Pro 185.238.168.206 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

12 Requests

92 %HTTPS

36 %IPv6

11 Domains

11 Subdomains

11 IPs

6 Countries

2193 kBTransfer

2436 kBSize

0 Cookies

15 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

0 Cookies

Indicators

b2n4a.google-rabota.icu Open in urlscan Pro
185.238.168.206 Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

92 %
HTTPS

36 %
IPv6

11
Domains

11
Subdomains

11
IPs

6
Countries

2193 kB
Transfer

2436 kB
Size

0
Cookies

12 HTTP transactions
0 data transactions