natuscs2.pro Open in urlscan Pro
2606:4700:3030::ac43:8fad Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://natuscs2.pro/auth.php
Submission: On October 22 via manual (October 22nd 2023, 8:13:38 pm UTC) from US — Scanned from DE

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 18 HTTP transactions. The main IP is 2606:4700:3030::ac43:8fad, located in United States and belongs to CLOUDFLARENET, US. The main domain is natuscs2.pro.
TLS certificate: Issued by GTS CA 1P5 on October 22nd 2023. Valid for: 3 months.

This is the only time natuscs2.pro was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Steam (Gaming)

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700:303... 2606:4700:3030::ac43:8fad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
17	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	3

1 2606:4700:3030::ac43:8fad (United States)

ASN13335 (CLOUDFLARENET, US)

natuscs2.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

32kgireunapi.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	32kgireunapi.ru 32kgireunapi.ru	1 MB
1	natuscs2.pro natuscs2.pro	629 B
18	2

	Domain	Requested by
17	32kgireunapi.ru	natuscs2.pro 32kgireunapi.ru
1	natuscs2.pro
18	2

This site contains no links.

Subject Issuer	Validity	Valid
natuscs2.pro GTS CA 1P5	`2023-10-22` - `2024-01-20`	3 months	crt.sh
32kgireunapi.ru E1	`2023-08-28` - `2023-11-26`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://natuscs2.pro/auth.php
Frame ID: 06039476A832525B432826D346BF98AA
Requests: 1 HTTP requests in this frame

Frame: https://32kgireunapi.ru/6959f
Frame ID: 3A388E7A572F41C26B023AD1AD86CB77
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Steam Community

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

18
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

1047 kB
Transfer

2126 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request auth.php Show response natuscs2.pro/	266 B 629 B	437ms 143ms	Document text/html	2606:4700:3030::ac43:8fad CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://natuscs2.pro/auth.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::ac43:8fad , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7cccd41ea5c937b3e56ef23fed661692415a2bc75b38755aa6f748225378d322` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 81a466ce9cf02c01-FRA content-encoding br content-type text/html; charset=UTF-8 date Sun, 22 Oct 2023 20:13:33 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xkJzFHoEA2RKvwDSr0yh39Bxmny6y7ALPaQDWNeT%2B3xHto2pZ6eE0SqCH%2B5g%2FUlhVJeqT38UoPbJP06aYR2jY9S7gDh92ah%2FcoyvlRTUN%2ByucN6iE%2BPNfBpfbKnb%2FxxKXBlbyjxx6nmjF0g%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H2	200	6959f Show response 32kgireunapi.ru/ Frame 3A38	122 KB 11 KB	229ms 157ms	Document text/html	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://32kgireunapi.ru/6959f Requested by Host: natuscs2.pro URL: https://natuscs2.pro/auth.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e6573b8bea6f8a8b35c44ef24b462189289749a5b001337cfb105b208fbd363b` Request headers Referer https://natuscs2.pro/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 81a466d00ca39100-FRA content-encoding br content-type text/html; charset=UTF-8 date Sun, 22 Oct 2023 20:13:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BS%2BdqvKWUpmIOBXCFqxaj9btGxbM%2B%2FhPX4dmTbnPttAxJX1tEZ7BwI%2Fu0tqeLwkhAMf6iC0rc2qusz8BKu45C8xCeIe9ccHi23wH6b5P2iT3rGgs6Tb2yHrNZfBW75sneXcFYCuGdzzh0Xy8vJ0%3D"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H2	200	d4309e9.css 32kgireunapi.ru/61e38fe9d/cd9cc/ Frame 3A38	40 KB 13 KB	225ms 223ms	Stylesheet text/css	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://32kgireunapi.ru/61e38fe9d/cd9cc/d4309e9.css?v=PvoHwnj3JVHo Requested by Host: 32kgireunapi.ru URL: https://32kgireunapi.ru/6959f Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `cdbb154f026940905377a26616e9a2f2068b115ea4a7f6c1cd19f9ab1cd0e8ed` Request headers accept-language de-DE,de;q=0.9 Referer https://32kgireunapi.ru/6959f User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers date Sun, 22 Oct 2023 20:13:34 GMT content-encoding br cf-cache-status EXPIRED last-modified Sun, 22 Oct 2023 17:27:17 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2BanYuod%2FvFxb9fQe%2FI3Yj5qpm8SGx6583AQRcKO%2F%2BrWHyyDN36GKlVmeIkBovWbaRierVfEVjBrIr2gtYzOIFYbUCqNR0MjhFWvkwyYHcDWSOut6GKhBZ9JgFFIZC3l9twrAcQZU39Hbtt1FmI%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 81a466d10d8e9100-FRA alt-svc h3=":443"; ma=86400
GET H2	200	033fb8b.js Show response 32kgireunapi.ru/61e38fe9d/cd9cc/ Frame 3A38	93 KB 34 KB	286ms 285ms	Script text/javascript	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://32kgireunapi.ru/61e38fe9d/cd9cc/033fb8b.js?v=PvoHwnj3JVHo Requested by Host: 32kgireunapi.ru URL: https://32kgireunapi.ru/6959f Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `225edf54855697e6207ba9bded4d041d824e44c7c842f2803ede51764a9e54ab` Request headers accept-language de-DE,de;q=0.9 Referer https://32kgireunapi.ru/6959f User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers date Sun, 22 Oct 2023 20:13:34 GMT content-encoding br cf-cache-status EXPIRED last-modified Sun, 22 Oct 2023 17:27:17 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7o9cml9G6KEWKqvssCTfRKm2Hd1lpeHsspWFgABUVBoUymboeJCXWJ0uo8aUWyjF%2FZ4yYVvvcnfOV1wKll1m2zuy7OFLs4xg4%2BjyWOTiT9pfBcmfYaIUG90zL4iObdceAy2CWXerc%2FNGyHuEWzo%3D"}],"group":"cf-nel","max_age":604800} content-type text/javascript cache-control max-age=14400 cf-ray 81a466d10d929100-FRA alt-svc h3=":443"; ma=86400
GET H2	200	16a027b.js Show response 32kgireunapi.ru/61e38fe9d/cd9cc/ Frame 3A38	1 MB 459 KB	434ms 433ms	Script text/javascript	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://32kgireunapi.ru/61e38fe9d/cd9cc/16a027b.js?v=PvoHwnj3JVHo Requested by Host: 32kgireunapi.ru URL: https://32kgireunapi.ru/6959f Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `004d63b38765f73229a323a17bd93c12504e4fb2498c2302fe4b14e3ed65df8f` Request headers accept-language de-DE,de;q=0.9 Referer https://32kgireunapi.ru/6959f User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers date Sun, 22 Oct 2023 20:13:34 GMT content-encoding br cf-cache-status EXPIRED last-modified Sun, 22 Oct 2023 17:27:17 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tq6vRhNuSYogIpAyL9zBXGpvDtb7CqRNagGveMAJYT2HtLW5B7qDFNP5OXYdNiaXZ16lUmQX82Joe6kwDR6rmnjW6kDntfN2gQNLrFIQH0eSKpY1Uuvy%2FhKEkBr%2FUoHuSjBMnFyqz7%2FsvHdhyZM%3D"}],"group":"cf-nel","max_age":604800} content-type text/javascript cache-control max-age=14400 cf-ray 81a466d10d959100-FRA alt-svc h3=":443"; ma=86400
GET H2	200	f21ad02.png 32kgireunapi.ru/61e38fe9d/cd9cc/ Frame 3A38	974 B 1 KB	187ms 186ms	Image image/png	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://32kgireunapi.ru/61e38fe9d/cd9cc/f21ad02.png Requested by Host: 32kgireunapi.ru URL: https://32kgireunapi.ru/6959f Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ea0186384ec8ab876871fef3805e93baf432e8a2b2d79e00a7b2b332debec8f8` Request headers accept-language de-DE,de;q=0.9 Referer https://32kgireunapi.ru/6959f User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers date Sun, 22 Oct 2023 20:13:34 GMT cf-cache-status EXPIRED last-modified Sun, 22 Oct 2023 17:27:17 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RlL45dm5ZmMpJurb%2F9g7BpYFqKEzEeCw%2FR4iGLxGs%2FyffR9R9UrtdEJXV68lFAAtUyVozkjZnJ%2B5oS8vnnw2Ss8vj48hV4nbJs4CYyjEwJ6K9AZX7KI48WCeRExlKMGrnxJ4gZxrDamaT62PrjI%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 cf-ray 81a466d10d989100-FRA alt-svc h3=":443"; ma=86400
GET H2	200	3b64f30.png 32kgireunapi.ru/61e38fe9d/cd9cc/ Frame 3A38	4 KB 4 KB	376ms 375ms	Image image/png	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://32kgireunapi.ru/61e38fe9d/cd9cc/3b64f30.png Requested by Host: 32kgireunapi.ru URL: https://32kgireunapi.ru/6959f Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `75528994af768f57e6c99b5f43ba77647728a4407b50d6f5bce2e294ad829af3` Request headers accept-language de-DE,de;q=0.9 Referer https://32kgireunapi.ru/6959f User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers date Sun, 22 Oct 2023 20:13:34 GMT cf-cache-status EXPIRED last-modified Sun, 22 Oct 2023 17:27:18 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fKjSPP19%2FNVvt428jJos7jhJGntdmXYqgIG0b2dgrMOPvGCiPXTRU5bYiBB6t92aJwEr9Um0K1zsbA1Mq36rdXSv%2FjmpUUhlUAD%2FcVXBMv6T83I5vAAk7%2B5fDNld7hDlmEMk7hWWcYI%2FZJV7zto%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 cf-ray 81a466d10d9b9100-FRA alt-svc h3=":443"; ma=86400
GET H3	200	0aa6791.png 32kgireunapi.ru/61e38fe9d/cd9cc/ Frame 3A38	8 KB 9 KB	29ms 29ms	Image image/png	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://32kgireunapi.ru/61e38fe9d/cd9cc/0aa6791.png Requested by Host: 32kgireunapi.ru URL: https://32kgireunapi.ru/6959f Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d61204a8cdb32d521dfacb832e1a94cc49fab44d480d8ddb6ea603c45ce3b1d5` Request headers accept-language de-DE,de;q=0.9 Referer https://32kgireunapi.ru/6959f User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers date Sun, 22 Oct 2023 20:13:34 GMT cf-cache-status HIT last-modified Sun, 22 Oct 2023 19:06:30 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 4024 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M%2FSTa2X4RahhNdfmtg7dZP3V7r%2BuoDKBIZRsmYeoC6JbYlEWJKUqNnCCbC%2BzIC7%2FeJZiLVyPRnxEDwBRY8JWNzRb%2FCuCjyFWhvtjsyVsfTsjNWAEO4m6Cly%2FBkNmT3Ot38FAmIneTFAMdgq5SSQ%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 cf-ray 81a466d23e914daf-FRA alt-svc h3=":443"; ma=86400
GET H3	200	8a6993d.png 32kgireunapi.ru/61e38fe9d/cd9cc/ Frame 3A38	8 KB 8 KB	29ms 28ms	Image image/png	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://32kgireunapi.ru/61e38fe9d/cd9cc/8a6993d.png Requested by Host: 32kgireunapi.ru URL: https://32kgireunapi.ru/6959f Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `abde59562fe962e46637e0b060bb219f2389910cb40d570424a3a779e0be5654` Request headers accept-language de-DE,de;q=0.9 Referer https://32kgireunapi.ru/6959f User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers date Sun, 22 Oct 2023 20:13:34 GMT cf-cache-status HIT last-modified Sun, 22 Oct 2023 19:06:30 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 4024 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RlSqGfO0dY%2B9Hh8s0rTwc04p%2BhufHfR25b1ROqUovAPNLpzRG5yjOmAvFqLYA4Gl6YQGmaFxyTscPrxkQQS24rLuC98sevqci4Pci4RCbR%2Fn7z1Hk4zq2kKaPVcpDeIEMuUYWuIpVSTpRi2oCyk%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 cf-ray 81a466d36fbc4daf-FRA alt-svc h3=":443"; ma=86400
GET H3	200	183f53a.png 32kgireunapi.ru/61e38fe9d/cd9cc/ Frame 3A38	33 KB 34 KB	39ms 38ms	Image image/png	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://32kgireunapi.ru/61e38fe9d/cd9cc/183f53a.png Requested by Host: 32kgireunapi.ru URL: https://32kgireunapi.ru/6959f Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a058c4d21b7c62e48d8a53c38d325c759035d5627e8242c71a7648efb076b6af` Request headers accept-language de-DE,de;q=0.9 Referer https://32kgireunapi.ru/6959f User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers date Sun, 22 Oct 2023 20:13:34 GMT cf-cache-status HIT last-modified Sun, 22 Oct 2023 19:06:30 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 4024 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P3h4CybMNgNfs%2BkY%2Be5p84%2BPkadqfnCw85L26OEt98ks%2BE6D3MnBODFypodk5DXZq6loMKl69vpQ3BCQ9YEzp0uszGDCdqRkqB74nUFfRB%2FNEufPdLYARFjMPx4LZltKtjmLpx5zurVE3Hj8eww%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 cf-ray 81a466d26ebd4daf-FRA alt-svc h3=":443"; ma=86400
GET H3	200	cf46e72.png 32kgireunapi.ru/61e38fe9d/cd9cc/ Frame 3A38	990 B 1 KB	150ms 150ms	Image image/png	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://32kgireunapi.ru/61e38fe9d/cd9cc/cf46e72.png Requested by Host: 32kgireunapi.ru URL: https://32kgireunapi.ru/6959f Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `fee3eee4a7072d5f7963f6fbb2b08236ba5d0eacb85279dc32d58008a9a53cc3` Request headers accept-language de-DE,de;q=0.9 Referer https://32kgireunapi.ru/6959f User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers date Sun, 22 Oct 2023 20:13:34 GMT cf-cache-status EXPIRED last-modified Sun, 22 Oct 2023 18:09:18 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1%2B5elgRbXBqe3trUFE9WugDsSwVcjA9GD7zEMiYeUHR102jRik7DSrr4fHwqeX0QhtLh6r46lRU2d0U%2BQ9lO2yJQsf3kupOCvF6zYu9GvWVjxJMj7MkJpsj%2BuIX8gXdlWHHI3Obkz6I%2BsnHIhP4%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 cf-ray 81a466d39ff64daf-FRA alt-svc h3=":443"; ma=86400
GET H3	200	cb39de6.png 32kgireunapi.ru/61e38fe9d/cd9cc/ Frame 3A38	297 B 746 B	162ms 161ms	Image image/png	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://32kgireunapi.ru/61e38fe9d/cd9cc/cb39de6.png Requested by Host: 32kgireunapi.ru URL: https://32kgireunapi.ru/61e38fe9d/cd9cc/d4309e9.css?v=PvoHwnj3JVHo Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `124c479a3806c3fbf4a5df0a333735ffeff57c345a249d15b11f0782f5774a53` Request headers accept-language de-DE,de;q=0.9 Referer https://32kgireunapi.ru/61e38fe9d/cd9cc/d4309e9.css?v=PvoHwnj3JVHo User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers date Sun, 22 Oct 2023 20:13:35 GMT cf-cache-status EXPIRED last-modified Sun, 22 Oct 2023 18:09:18 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BsGSjCq4w%2FYLMDeBvfKtvncsD0xNyOK0ONS%2BYaK2xBsfE8pTDlsi0KrXq0%2B9XnY1D3HK1%2BstyKABIDufnNQkWmLNEFd78LRFh0E%2BaThiE16XAmN8l8pDbbYoJju7oCGOc33lytJ%2Bk2X7%2FXIIDtw%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 cf-ray 81a466d6bbe94daf-FRA alt-svc h3=":443"; ma=86400
GET DATA	200 OK	truncated / Frame 3A38	61 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `42c062de8dcd760b409c57fb256a68db9435008f1097d3940131ee0ac9a43d27` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers Content-Type image/gif
GET H3	200	6bc62cb.jpg 32kgireunapi.ru/61e38fe9d/cd9cc/ Frame 3A38	97 KB 98 KB	37ms 37ms	Image image/jpeg	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://32kgireunapi.ru/61e38fe9d/cd9cc/6bc62cb.jpg Requested by Host: 32kgireunapi.ru URL: https://32kgireunapi.ru/61e38fe9d/cd9cc/d4309e9.css?v=PvoHwnj3JVHo Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `bad2dbf3a714236e07c539242de2705139df7cb683a8783a56ed502e0719cfc9` Request headers accept-language de-DE,de;q=0.9 Referer https://32kgireunapi.ru/61e38fe9d/cd9cc/d4309e9.css?v=PvoHwnj3JVHo User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers date Sun, 22 Oct 2023 20:13:35 GMT cf-cache-status HIT last-modified Sun, 22 Oct 2023 19:52:27 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 1268 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NoEo7K8B5VehYAWIgshqVTJgiq2%2BOCd7jw7R8HWYMLAqyx6nrIOSrx5YFEtiNlfvm17FbYhP5ONb5hPFW22rMMt%2BEcBxUxb3Vi2GrRsx5J3ZJTtL9zp7wvRsJUfMCFmh6n1y%2FPoh1MwcAChWS9g%3D"}],"group":"cf-nel","max_age":604800} content-type image/jpeg cache-control max-age=14400 cf-ray 81a466d6bbea4daf-FRA alt-svc h3=":443"; ma=86400
GET H3	200	b1f7b51.woff2 32kgireunapi.ru/61e38fe9d/cd9cc/ Frame 3A38	15 KB 15 KB	412ms 412ms	Font application/octet-stream	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://32kgireunapi.ru/61e38fe9d/cd9cc/b1f7b51.woff2 Requested by Host: 32kgireunapi.ru URL: https://32kgireunapi.ru/61e38fe9d/cd9cc/d4309e9.css?v=PvoHwnj3JVHo Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4675a8ce063f9f5885a692f7a273acf7eeb800abca14aac75b6707b689532f04` Request headers Referer https://32kgireunapi.ru/61e38fe9d/cd9cc/d4309e9.css?v=PvoHwnj3JVHo Origin https://32kgireunapi.ru accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers date Sun, 22 Oct 2023 20:13:35 GMT cf-cache-status EXPIRED last-modified Sun, 22 Oct 2023 17:34:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fX6XyVFArrjALrELE6xAyjcHM9ZfmqtdrN1OAsGaIOFE7Lma%2BKBKjnXvmlenVesQge9cf6yWhGf08FZ%2BgLMFaOVhPU6U5pEWwcIHYzY9FDw4mejSag9Sbo%2FzhI6sdzpYN7ZWVbxCV6g7qrQQNGE%3D"}],"group":"cf-nel","max_age":604800} content-type application/octet-stream cache-control max-age=14400 cf-ray 81a466d6cbef4daf-FRA alt-svc h3=":443"; ma=86400
GET H3	200	d78f9b2.ttf 32kgireunapi.ru/61e38fe9d/cd9cc/ Frame 3A38	116 KB 116 KB	227ms 226ms	Font application/octet-stream	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://32kgireunapi.ru/61e38fe9d/cd9cc/d78f9b2.ttf Requested by Host: 32kgireunapi.ru URL: https://32kgireunapi.ru/61e38fe9d/cd9cc/d4309e9.css?v=PvoHwnj3JVHo Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6` Request headers Referer https://32kgireunapi.ru/61e38fe9d/cd9cc/d4309e9.css?v=PvoHwnj3JVHo Origin https://32kgireunapi.ru accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers date Sun, 22 Oct 2023 20:13:35 GMT cf-cache-status EXPIRED last-modified Sun, 22 Oct 2023 18:09:19 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qgEL5X7gDJMRI9F%2B2AzFTCWQn7wtdKRDJWDv14%2BjVWNpz0VIowcePz7AiwIEJSNTWHN0SrTDM0odHTtK%2F%2FXJZGDCtG0CvcT23Qs5TjnwaWUAGxkWt%2BMIQfuI5jqLScr06yJZZoJqAQxzOrekRYo%3D"}],"group":"cf-nel","max_age":604800} content-type application/octet-stream cache-control max-age=14400 cf-ray 81a466d6cbfb4daf-FRA alt-svc h3=":443"; ma=86400
GET H3	200	eba431f.ttf 32kgireunapi.ru/61e38fe9d/cd9cc/ Frame 3A38	120 KB 120 KB	211ms 210ms	Font application/octet-stream	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://32kgireunapi.ru/61e38fe9d/cd9cc/eba431f.ttf Requested by Host: 32kgireunapi.ru URL: https://32kgireunapi.ru/61e38fe9d/cd9cc/d4309e9.css?v=PvoHwnj3JVHo Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14` Request headers Referer https://32kgireunapi.ru/61e38fe9d/cd9cc/d4309e9.css?v=PvoHwnj3JVHo Origin https://32kgireunapi.ru accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers date Sun, 22 Oct 2023 20:13:35 GMT cf-cache-status EXPIRED last-modified Sun, 22 Oct 2023 18:09:19 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ne9RDp37YGOQsXs01kH3wKJPalxRvPQi5YGEdV8lbo4eYKs6%2BgsvJAXIvDkdJQxZOtOkq3VIw64DvUulCQNlutF%2B13XJuK87%2F%2F3wIa99FSqClMr06lMfIFmCg48Ck0TAx%2BNAy68%2FeElZD4OBZnc%3D"}],"group":"cf-nel","max_age":604800} content-type application/octet-stream cache-control max-age=14400 cf-ray 81a466d6cbff4daf-FRA alt-svc h3=":443"; ma=86400
GET H3	200	fa4d892.ttf 32kgireunapi.ru/61e38fe9d/cd9cc/ Frame 3A38	121 KB 122 KB	414ms 414ms	Font application/octet-stream	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://32kgireunapi.ru/61e38fe9d/cd9cc/fa4d892.ttf Requested by Host: 32kgireunapi.ru URL: https://32kgireunapi.ru/61e38fe9d/cd9cc/d4309e9.css?v=PvoHwnj3JVHo Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f` Request headers Referer https://32kgireunapi.ru/61e38fe9d/cd9cc/d4309e9.css?v=PvoHwnj3JVHo Origin https://32kgireunapi.ru accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers date Sun, 22 Oct 2023 20:13:35 GMT cf-cache-status EXPIRED last-modified Sun, 22 Oct 2023 17:34:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RUdZZYs%2By72s5MKMuhu27LmBqK3ce6uVuKuOQmkC5AZdDDhEt4QiG%2FHslZ8feddYVC46Gr6gNewi2mXFnpHVFvOsiIltgkZzlK6G5H1RcUYMPWD9arhWkoPL2T9BV8moEvfhnpCrJuHNMlK82dw%3D"}],"group":"cf-nel","max_age":604800} content-type application/octet-stream cache-control max-age=14400 cf-ray 81a466d6cc004daf-FRA alt-svc h3=":443"; ma=86400
POST H3	200	6959f Show response 32kgireunapi.ru/ Frame 3A38	74 B 487 B	731ms 731ms	XHR text/html	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://32kgireunapi.ru/6959f Requested by Host: 32kgireunapi.ru URL: https://32kgireunapi.ru/61e38fe9d/cd9cc/033fb8b.js?v=PvoHwnj3JVHo Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0e935de8497ddc6ec7968ee7b40445d0b1feaef8f7598a1706100a38c160dfc0` Request headers Accept / Referer https://32kgireunapi.ru/6959f X-Requested-With XMLHttpRequest accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers date Sun, 22 Oct 2023 20:13:36 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5h0ugD2v37Pje8c31qJGLpgmMizcVbyTvZwNnL2iS%2BM%2BAnRLzP6O4%2Bahp%2F01oCCbqAWu5xXXEf7YqstJ2p310VMQ6IYiOl%2BUVCgUt3XFDfis%2BVvhDlvCz%2BSe9zMiQG%2BwbhpfI63A5Ll7d2AoZQA%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cf-ray 81a466dae8de4daf-FRA alt-svc h3=":443"; ma=86400
GET DATA	200 OK	truncated / Frame 3A38	85 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `4a711f5cd03c09fd79ae2f19bb2f71168e71c18b7562626a1ae8d99ebc3212ff` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated / Frame 3A38	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6b16d47ad9dfa8f6e437e9ae7c2541ecd1602964cc3bde5fc53c54f18b8a464a` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated / Frame 3A38	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5080ab02d007ca2b89565c1806cfde170722a6161fc8a12c3cd521e222cecb5b` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers Content-Type image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Steam (Gaming)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

32kgireunapi.ru
natuscs2.pro
2606:4700:3030::ac43:8fad
2a06:98c1:3120::3
004d63b38765f73229a323a17bd93c12504e4fb2498c2302fe4b14e3ed65df8f
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f
0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6
0e935de8497ddc6ec7968ee7b40445d0b1feaef8f7598a1706100a38c160dfc0
124c479a3806c3fbf4a5df0a333735ffeff57c345a249d15b11f0782f5774a53
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14
225edf54855697e6207ba9bded4d041d824e44c7c842f2803ede51764a9e54ab
42c062de8dcd760b409c57fb256a68db9435008f1097d3940131ee0ac9a43d27
4675a8ce063f9f5885a692f7a273acf7eeb800abca14aac75b6707b689532f04
4a711f5cd03c09fd79ae2f19bb2f71168e71c18b7562626a1ae8d99ebc3212ff
5080ab02d007ca2b89565c1806cfde170722a6161fc8a12c3cd521e222cecb5b
6b16d47ad9dfa8f6e437e9ae7c2541ecd1602964cc3bde5fc53c54f18b8a464a
75528994af768f57e6c99b5f43ba77647728a4407b50d6f5bce2e294ad829af3
7cccd41ea5c937b3e56ef23fed661692415a2bc75b38755aa6f748225378d322
a058c4d21b7c62e48d8a53c38d325c759035d5627e8242c71a7648efb076b6af
abde59562fe962e46637e0b060bb219f2389910cb40d570424a3a779e0be5654
bad2dbf3a714236e07c539242de2705139df7cb683a8783a56ed502e0719cfc9
cdbb154f026940905377a26616e9a2f2068b115ea4a7f6c1cd19f9ab1cd0e8ed
d61204a8cdb32d521dfacb832e1a94cc49fab44d480d8ddb6ea603c45ce3b1d5
e6573b8bea6f8a8b35c44ef24b462189289749a5b001337cfb105b208fbd363b
ea0186384ec8ab876871fef3805e93baf432e8a2b2d79e00a7b2b332debec8f8
fee3eee4a7072d5f7963f6fbb2b08236ba5d0eacb85279dc32d58008a9a53cc3

natuscs2.pro Open in urlscan Pro 2606:4700:3030::ac43:8fad Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

18 Requests

100 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

3 IPs

1 Countries

1047 kBTransfer

2126 kBSize

0 Cookies

0 Outgoing links

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Indicators

natuscs2.pro Open in urlscan Pro
2606:4700:3030::ac43:8fad Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

1047 kB
Transfer

2126 kB
Size

0
Cookies

18 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!