urlscan.io logo urlscan.io
SecurityTrails logo

datazest.cbg.ru Open in urlscan Pro
2606:4700:3036::ac43:a750  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://zayedllaw.com/drIxq
Effective URL: https://datazest.cbg.ru/TwYrg/
Submission: On August 23 via manual from MX — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 7 domains to perform 4 HTTP transactions. The main IP is 2606:4700:3036::ac43:a750, located in United States and belongs to CLOUDFLARENET, US. The main domain is datazest.cbg.ru.
TLS certificate: Issued by WE1 on July 26th 2024. Valid for: 3 months.
This is the only time datazest.cbg.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Google (Online)

Domain & IP information

IP Address AS Autonomous System
7 7 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 208.75.122.11 40444 (ASN-CC)
1 209.126.11.252 40021 (NL-811-40021)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
2 2606:4700:303... 13335 (CLOUDFLAR...)
1 2607:f8b0:400... 15169 (GOOGLE)
4 4
7    2606:4700:3034::6815:2547 (United States)

ASN13335 (CLOUDFLARENET, US)
zayedllaw.com
1    2606:4700:3036::ac43:db13 (United States)

ASN13335 (CLOUDFLARENET, US)
mcelwalns.com
1    208.75.122.11 (United States)

ASN40444 (ASN-CC, US)
PTR: rs6.net
janu48fbb.cc.rs6.net
1    209.126.11.252 (St Louis, United States)

ASN40021 (NL-811-40021, US)
PTR: alltunesrecordlabel.com
jlu1yw5y1fc0lmn.bentglasssdesign.com
1    2606:4700:3033::6815:49eb (United States)

ASN13335 (CLOUDFLARENET, US)
accountingfileencryptedmessageaddedum.officeviewencryptedfile.workers.dev
2    2606:4700:3036::ac43:a750 (United States)

ASN13335 (CLOUDFLARENET, US)
datazest.cbg.ru
1    2607:f8b0:4006:821::2001 (United States)

ASN15169 (GOOGLE, US)
blogger.googleusercontent.com
Domain Requested by
7 zayedllaw.com 7 redirects
2 datazest.cbg.ru jlu1yw5y1fc0lmn.bentglasssdesign.com
1 blogger.googleusercontent.com datazest.cbg.ru
1 accountingfileencryptedmessageaddedum.officeviewencryptedfile.workers.dev 1 redirects
1 jlu1yw5y1fc0lmn.bentglasssdesign.com
1 janu48fbb.cc.rs6.net 1 redirects
1 mcelwalns.com 1 redirects
4 7

This site contains no links.

Subject Issuer Validity Valid
*.bentglasssdesign.com
*.bentglasssdesign.com		 2023-11-10 -
2024-11-09		 a year crt.sh
datazest.cbg.ru
WE1		 2024-07-26 -
2024-10-24		 3 months crt.sh
*.googleusercontent.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://datazest.cbg.ru/TwYrg/
Frame ID: AB04B5A8B8D7C620CAE5DF1F2D9F8F02
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Delightful River

Page URL History Show full URLs

  1. https://zayedllaw.com/drIxq HTTP 301
    https://zayedllaw.com/mbMID HTTP 301
    https://zayedllaw.com/ofKbp HTTP 301
    https://mcelwalns.com/gFcfs HTTP 301
    https://zayedllaw.com/JMtTa HTTP 301
    https://zayedllaw.com/kWHfs HTTP 301
    https://zayedllaw.com/KpuZI HTTP 301
    https://zayedllaw.com/CJaAo HTTP 301
    https://janu48fbb.cc.rs6.net/tn.jsp?f=001o_Z0Y3q525iSCO6jf-k07LBGj6bH8DqX7V9G7rY9SBBCcGCEecebp9DviHT8LvDM... HTTP 302
    http://jlu1yw5y1fc0lmn.bentglasssdesign.com/ HTTP 307
    https://jlu1yw5y1fc0lmn.bentglasssdesign.com/ Page URL
  2. https://accountingfileencryptedmessageaddedum.officeviewencryptedfile.workers.dev// HTTP 301
    https://datazest.cbg.ru/TwYrg/ Page URL

Page Statistics

4
Requests

75 %
HTTPS

71 %
IPv6

7
Domains

7
Subdomains

4
IPs

1
Countries

100 kB
Transfer

115 kB
Size

10
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://zayedllaw.com/drIxq HTTP 301
    https://zayedllaw.com/mbMID HTTP 301
    https://zayedllaw.com/ofKbp HTTP 301
    https://mcelwalns.com/gFcfs HTTP 301
    https://zayedllaw.com/JMtTa HTTP 301
    https://zayedllaw.com/kWHfs HTTP 301
    https://zayedllaw.com/KpuZI HTTP 301
    https://zayedllaw.com/CJaAo HTTP 301
    https://janu48fbb.cc.rs6.net/tn.jsp?f=001o_Z0Y3q525iSCO6jf-k07LBGj6bH8DqX7V9G7rY9SBBCcGCEecebp9DviHT8LvDM89dMizGNvXdcXveiYzHTcPt8tk5YtYt4aDbdr4Jmx72isRK9dVWHIlxWdmRH9Zf9rkCqEzuj1VHQ2D8hyT1RPtledaDFV4qB9myJhbWBOuty1E474lIXUg==&c=60goC7OH4_yqgVXH1HDGF0AAiYY4q3CvViYCwUiR4W8c4gPt6ouihA==&ch=VVHS_OTJm8Tmm5xzmuj5zgeZ9bIkjqlcMy1AGcI03OhTdaCPNrTI0A== HTTP 302
    http://jlu1yw5y1fc0lmn.bentglasssdesign.com/ HTTP 307
    https://jlu1yw5y1fc0lmn.bentglasssdesign.com/ Page URL
  2. https://accountingfileencryptedmessageaddedum.officeviewencryptedfile.workers.dev// HTTP 301
    https://datazest.cbg.ru/TwYrg/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://zayedllaw.com/drIxq HTTP 301
  • https://zayedllaw.com/mbMID HTTP 301
  • https://zayedllaw.com/ofKbp HTTP 301
  • https://mcelwalns.com/gFcfs HTTP 301
  • https://zayedllaw.com/JMtTa HTTP 301
  • https://zayedllaw.com/kWHfs HTTP 301
  • https://zayedllaw.com/KpuZI HTTP 301
  • https://zayedllaw.com/CJaAo HTTP 301
  • https://janu48fbb.cc.rs6.net/tn.jsp?f=001o_Z0Y3q525iSCO6jf-k07LBGj6bH8DqX7V9G7rY9SBBCcGCEecebp9DviHT8LvDM89dMizGNvXdcXveiYzHTcPt8tk5YtYt4aDbdr4Jmx72isRK9dVWHIlxWdmRH9Zf9rkCqEzuj1VHQ2D8hyT1RPtledaDFV4qB9myJhbWBOuty1E474lIXUg==&c=60goC7OH4_yqgVXH1HDGF0AAiYY4q3CvViYCwUiR4W8c4gPt6ouihA==&ch=VVHS_OTJm8Tmm5xzmuj5zgeZ9bIkjqlcMy1AGcI03OhTdaCPNrTI0A== HTTP 302
  • http://jlu1yw5y1fc0lmn.bentglasssdesign.com/ HTTP 307
  • https://jlu1yw5y1fc0lmn.bentglasssdesign.com/

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
jlu1yw5y1fc0lmn.bentglasssdesign.com/
Redirect Chain
  • https://zayedllaw.com/drIxq
  • https://zayedllaw.com/mbMID
  • https://zayedllaw.com/ofKbp
  • https://mcelwalns.com/gFcfs
  • https://zayedllaw.com/JMtTa
  • https://zayedllaw.com/kWHfs
  • https://zayedllaw.com/KpuZI
  • https://zayedllaw.com/CJaAo
  • https://janu48fbb.cc.rs6.net/tn.jsp?f=001o_Z0Y3q525iSCO6jf-k07LBGj6bH8DqX7V9G7rY9SBBCcGCEecebp9DviHT8LvDM89dMizGNvXdcXveiYzHTcPt8tk5YtYt4aDbdr4Jmx72isRK9dVWHIlxWdmRH9Zf9rkCqEzuj1VHQ2D8hyT1RPtledaDF...
  • http://jlu1yw5y1fc0lmn.bentglasssdesign.com/
  • https://jlu1yw5y1fc0lmn.bentglasssdesign.com/
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://jlu1yw5y1fc0lmn.bentglasssdesign.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
209.126.11.252 St Louis, United States, ASN40021 (NL-811-40021, US),
Reverse DNS
alltunesrecordlabel.com
Software
Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Fri, 23 Aug 2024 07:42:14 GMT
Keep-Alive
timeout=5, max=100
Server
Apache
Transfer-Encoding
chunked

Redirect headers

Location
https://jlu1yw5y1fc0lmn.bentglasssdesign.com/
Non-Authoritative-Reason
HttpsUpgrades
Primary Request /
datazest.cbg.ru/TwYrg/
Redirect Chain
  • https://accountingfileencryptedmessageaddedum.officeviewencryptedfile.workers.dev//
  • https://datazest.cbg.ru/TwYrg/
19 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://datazest.cbg.ru/TwYrg/
Requested by
Host: jlu1yw5y1fc0lmn.bentglasssdesign.com
URL: https://jlu1yw5y1fc0lmn.bentglasssdesign.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:a750 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
05552a36e3be67a6471081f7e74737cab0d79658802270a169cc21a13d2ee59d

Request headers

Referer
https://jlu1yw5y1fc0lmn.bentglasssdesign.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8b797705eee40f71-EWR
content-encoding
br
content-type
text/html
date
Fri, 23 Aug 2024 07:42:16 GMT
last-modified
Fri, 02 Aug 2024 01:09:03 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FPHKi%2F6FurbkNvaNiz%2F%2BpGx58FnEkTGrcpyeQybEnJQH9KWcmdn41Fe6wrOHHkIQ7bD%2BA6VqFe%2FBsxKLaZeKjyPPJNbU8zQ5NG8kPhDY8iEeZWAnBt6FlY050BRUYXjpYUWBbw8HeRQbBM79D1g%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-ray
8b7976fe9ed641ba-EWR
content-length
0
date
Fri, 23 Aug 2024 07:42:14 GMT
location
https://datazest.cbg.ru/TwYrg/#=
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jyc2%2FYagucsyHjIY12I%2FAdJJskyMInvz7laSTAi8DHG246GZpw3i5kTmsFCzaetzDZXxgLdUfCtJI5sou7SdxA1YAvwfWghCEDLoLKuSSM5l1XTDKOz3ZZny7ORRvye%2FxREsWA45iaisJC%2FKfoyw8r%2BzVKkUeZj57Z1FsEc%2BfFbVayC7nE357vtWu0%2BFKgqOR%2FFkx%2FJChdrYLNo2kkAE2ZWFM2%2FTVOVa"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
truncated
/ 		8 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
93eb80dc01e920eaa7f23f998f67e5a5fc55e02b8e66bd3d8f5fef097d88565f

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
userinter.png
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdrhY6zM7txEf61nPO67_Cl7rOyCGsyEb9GaIEqe3M-p-yN2nJeBUGCXkDygK7t8xYVcKwSgu4v0_u6EZF5srUh16p0vNl1K8hBeBV8dg-KcOpt7y8vrkamMOU2HxW0STp0JDEp21FWuCWxDXZ... 		86 KB
86 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdrhY6zM7txEf61nPO67_Cl7rOyCGsyEb9GaIEqe3M-p-yN2nJeBUGCXkDygK7t8xYVcKwSgu4v0_u6EZF5srUh16p0vNl1K8hBeBV8dg-KcOpt7y8vrkamMOU2HxW0STp0JDEp21FWuCWxDXZX0EtxoLPSBWR6WwhXZglXIvWXbh24ojuyofD6htY8D4/s3396/userinter.png
Requested by
Host: datazest.cbg.ru
URL: https://datazest.cbg.ru/TwYrg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
fbbbc78e85dfa4f2b390e6dc2f3850d0f5247d16b5fd525093331572aa79ae84
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://datazest.cbg.ru/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 23 Aug 2024 07:42:16 GMT
x-content-type-options
nosniff
server
fife
etag
"v367e"
vary
Origin
content-type
image/png
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
content-disposition
inline;filename="userinter.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
87859
x-xss-protection
0
expires
Sat, 24 Aug 2024 07:42:16 GMT
favicon.ico
datazest.cbg.ru/ 		1 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://datazest.cbg.ru/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:a750 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
679e7e62b81267c93d0778083ae0fd0efe24172ff0ac581835b54165b3d9ed43

Request headers

Referer
https://datazest.cbg.ru/TwYrg/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Aug 2024 07:42:17 GMT
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nO3x8GiOiaU3yCQKjhgWMWFRQCwzDYyJu4gI%2BYK4QpNYXMFM3iEQf0az2m89t0rjEAHbP4JZq12h0kRniayHK9sRO94NUmW4dWwyW43%2FUkXkuSBt0uOMAp%2BUi%2FhM4ihjGx2ag5hzAwZsdzNSETg%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
private, no-cache, max-age=0
cf-ray
8b79770b69960f71-EWR
alt-svc
h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Google (Online)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| generateRandomTitle function| loadCaptcha function| verifyCaptcha function| onCheckboxClick

10 Cookies

Domain/Path Name / Value
zayedllaw.com/ Name: PHPSESSID
Value: 11cc281721a98a042137e7dd25d41643
zayedllaw.com/ Name: short_43
Value: 1
zayedllaw.com/ Name: short_42
Value: 1
zayedllaw.com/ Name: short_40
Value: 1
mcelwalns.com/ Name: PHPSESSID
Value: 07ecb7e0cfb35b02f3ba6738cf671c8f
mcelwalns.com/ Name: short_30
Value: 1
zayedllaw.com/ Name: short_39
Value: 1
zayedllaw.com/ Name: short_38
Value: 1
zayedllaw.com/ Name: short_37
Value: 1
zayedllaw.com/ Name: short_36
Value: 1

1 Console Messages

Source Level URL
Text
network error URL: https://datazest.cbg.ru/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()