wherematalage.ru - urlscan.io

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 5 HTTP transactions. The main IP is 2606:4700:3030::6815:4b6e, located in United States and belongs to CLOUDFLARENET, US. The main domain is wherematalage.ru.
TLS certificate: Issued by WE1 on October 21st 2024. Valid for: 3 months.

This is the only time wherematalage.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telegram (Instant Messenger)

Domain & IP information

	IP Address	AS Autonomous System
3	2606:4700:303... 2606:4700:3030::6815:4b6e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.67.222.106 172.67.222.106	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2

3 2606:4700:3030::6815:4b6e (United States)

ASN13335 (CLOUDFLARENET, US)

wherematalage.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.222.106 (United States)

ASN13335 (CLOUDFLARENET, US)

wherematalage.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	wherematalage.ru wherematalage.ru	114 KB
5	1

	Domain	Requested by
5	wherematalage.ru	wherematalage.ru
5	1

This site contains no links.

Subject Issuer	Validity	Valid
wherematalage.ru WE1	`2024-10-21` - `2025-01-19`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://wherematalage.ru/static/js/main.e49056de.js
Frame ID: 51D62BFAED51F35A0FC3981DA73C6100
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Telegram Web

Page Statistics

5
Requests

100 %
HTTPS

50 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

114 kB
Transfer

317 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request main.e49056de.js Show response wherematalage.ru/static/js/	702 B 971 B	161ms 28ms	Document text/html	2606:4700:3030::6815:4b6e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wherematalage.ru/static/js/main.e49056de.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::6815:4b6e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2f9fc6eb65ad89b7fe8b83b948d0cf6d0707685a05f131b01b91676c85a4212a` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers age 5673 alt-svc h3=":443"; ma=86400 cache-control max-age=14400 cf-cache-status HIT cf-ray 8d926f33d95299f4-CDG content-encoding br content-type text/html date Sun, 27 Oct 2024 11:44:28 GMT last-modified Fri, 25 Oct 2024 06:12:29 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gJeHNRvMe8Tbd1TH5bLZ7GVrLPttp2Czaizjp%2FOSJXr%2BXZGGLG4F1mO4MrAEXXnP7Tcn9Wt2ghZPvpoevvUa8B0WfrI8rQLPzWUNGvksKFixmbchpc1fJ5P3MEDcMcecADxyFP384o3pScy56lm5"}],"group":"cf-nel","max_age":604800} server cloudflare server-timing cfL4;desc="?proto=TCP&rtt=17206&sent=8&recv=10&lost=0&retrans=0&sent_bytes=4007&recv_bytes=2372&delivery_rate=250337&cwnd=129&unsent_bytes=0&cid=682a96d285ee6475&ts=34&x=0" vary Accept-Encoding
GET H2	200	main.bad692cb.js Show response wherematalage.ru/static/js/	281 KB 93 KB	36ms 35ms	Script application/javascript	2606:4700:3030::6815:4b6e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wherematalage.ru/static/js/main.bad692cb.js Requested by Host: wherematalage.ru URL: https://wherematalage.ru/static/js/main.e49056de.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::6815:4b6e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ed0b1f8a161fdc511cc243afc1436e515ac8de8672e775fb2a6e68b9d039c0c2` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://wherematalage.ru/static/js/main.e49056de.js Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding br cf-cache-status HIT etag W/"671b36cd-46520" age 3373 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t5Pn7ohXjwVkje%2Br9uOK0ibWVkFRw%2BTJERkoxNffYgkHAGN91DVTmSFpeLHpZanTJMggFQLHQ38ao%2FDjkvSV03oNNWl2AzEvdmQfY%2F7dDTo7EKAM1IE2HW50xjC7qA2LsbbytsUu%2B0CPmlSpFu3I"}],"group":"cf-nel","max_age":604800} cf-ray 8d926f34199399f4-CDG alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=TCP&rtt=16230&sent=12&recv=18&lost=0&retrans=0&sent_bytes=5044&recv_bytes=2631&delivery_rate=257904&cwnd=134&unsent_bytes=0&cid=682a96d285ee6475&ts=88&x=0" date Sun, 27 Oct 2024 11:44:28 GMT content-type application/javascript last-modified Fri, 25 Oct 2024 06:12:29 GMT vary Accept-Encoding server cloudflare
GET H2	200	main.afe8ddbc.css wherematalage.ru/static/css/	6 KB 2 KB	53ms 53ms	Stylesheet text/css	2606:4700:3030::6815:4b6e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wherematalage.ru/static/css/main.afe8ddbc.css Requested by Host: wherematalage.ru URL: https://wherematalage.ru/static/js/main.e49056de.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::6815:4b6e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `68e1357ce3f6cd2aae9c8666d7a275fbf23565d423194cac45a6d6ab12420cf1` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://wherematalage.ru/static/js/main.e49056de.js Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding br cf-cache-status REVALIDATED etag W/"671b36cd-180b" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8jmZMiHK1qVFs3eA8gxTg2D1PpVlFw7R4eAESH6sIEeEsW7hQbrWlT68fdi5KWG%2BlD%2BvcCPFNdBOMPSY5AYWLP%2BRRTLuSnkY0m6ln8UNfh4Z4A%2BG2tkqLUnbuoKyUT%2FMxWxScjijjGpPK9WgWyRT"}],"group":"cf-nel","max_age":604800} cf-ray 8d926f34199299f4-CDG alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=TCP&rtt=16227&sent=72&recv=19&lost=0&retrans=0&sent_bytes=75194&recv_bytes=2631&delivery_rate=640335&cwnd=134&unsent_bytes=25996&cid=682a96d285ee6475&ts=104&x=0" date Sun, 27 Oct 2024 11:44:28 GMT content-type text/css last-modified Fri, 25 Oct 2024 06:12:29 GMT vary Accept-Encoding server cloudflare
GET H3	200	tgLogo.26ae0d0bbbb63ca0b3de.png wherematalage.ru/static/media/	14 KB 15 KB	41ms 37ms	Image image/png	172.67.222.106 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://wherematalage.ru/static/media/tgLogo.26ae0d0bbbb63ca0b3de.png Requested by Host: wherematalage.ru URL: https://wherematalage.ru/static/css/main.afe8ddbc.css Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.222.106 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `efb4f7f3d1d776ff1a30ad143a0610500ce78fe6f016db6aff1eb2d88771c5fb` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://wherematalage.ru/static/css/main.afe8ddbc.css Response headers cf-cache-status REVALIDATED etag "671b36cd-38a7" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UMEIO0%2FIKjiP7aPQMAAgWnF0IgC7oG%2BXNP4l8HmUc9Rji8j1%2BAR7wWdtL%2Bpi%2BWbtcsDJUUf2P5CCTr%2BGz%2BYekFzpDr9mP6I%2BLJ%2BPJrJOPfJBy9l6pWs54wSrDhSpZHJG%2FzuH"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=11557&sent=13&recv=11&lost=0&retrans=0&sent_bytes=4267&recv_bytes=4843&delivery_rate=867&cwnd=12000&unsent_bytes=0&cid=bae1b93e9857ef37&ts=123&x=1", cfExtPri, cfHdrFlush;dur=0 date Sun, 27 Oct 2024 11:44:28 GMT content-type image/png last-modified Fri, 25 Oct 2024 06:12:29 GMT vary Accept-Encoding priority u=3,i cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8d926f34aae6dc86-FRA accept-ranges bytes content-length 14503 server cloudflare
GET H3	200	favicon.ico wherematalage.ru/	15 KB 4 KB	35ms 35ms	Other image/x-icon	172.67.222.106 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wherematalage.ru/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.222.106 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `009491a0b5cf1e0bfef19d4a9c05fab6a12f80979694c838f607786c3abec8cc` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://wherematalage.ru/static/js/main.e49056de.js Response headers server cloudflare cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding br cf-cache-status REVALIDATED etag W/"671b36bb-3c2e" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LgWIIQe2AHJlaH7dbxhCOoux9DAMk1fRdPezWx3E8YL0qdyWTbtmFA9eTq892VLWiDJ87YAgEC111N0bPiDRkgxrxFzphgxA5tdW0Be9kMI%2BGBq%2F8WpOgsZQDJyjx0tvnjif"}],"group":"cf-nel","max_age":604800} cf-ray 8d926f34db38dc86-FRA alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=10911&sent=26&recv=17&lost=0&retrans=0&sent_bytes=19784&recv_bytes=5101&delivery_rate=199790&cwnd=24000&unsent_bytes=0&cid=bae1b93e9857ef37&ts=147&x=1", cfExtPri, cfHdrFlush;dur=0 date Sun, 27 Oct 2024 11:44:28 GMT content-type image/x-icon last-modified Fri, 25 Oct 2024 06:12:11 GMT vary Accept-Encoding priority u=1,i

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telegram (Instant Messenger)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| webpackChunktg_thief

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

wherematalage.ru
172.67.222.106
2606:4700:3030::6815:4b6e
009491a0b5cf1e0bfef19d4a9c05fab6a12f80979694c838f607786c3abec8cc
2f9fc6eb65ad89b7fe8b83b948d0cf6d0707685a05f131b01b91676c85a4212a
68e1357ce3f6cd2aae9c8666d7a275fbf23565d423194cac45a6d6ab12420cf1
ed0b1f8a161fdc511cc243afc1436e515ac8de8672e775fb2a6e68b9d039c0c2
efb4f7f3d1d776ff1a30ad143a0610500ce78fe6f016db6aff1eb2d88771c5fb

wherematalage.ru Open in urlscan Pro 2606:4700:3030::6815:4b6e Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

5 Requests

100 %HTTPS

50 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

114 kBTransfer

317 kBSize

0 Cookies

0 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Indicators

wherematalage.ru Open in urlscan Pro
2606:4700:3030::6815:4b6e Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

50 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

114 kB
Transfer

317 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!