www.todayhotties.ru Open in urlscan Pro
178.162.199.80 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://bit.ly/3N6xdGR?438246e2a4d5dca0076047c689e79818
Effective URL:
http://www.todayhotties.ru/s/5af3ff4b5a898?s=123
Submission: On March 24 via api (March 24th 2022, 4:51:49 am UTC) from BE — Scanned from DE

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 5 domains to perform 9 HTTP transactions. The main IP is 178.162.199.80, located in Germany and belongs to LEASEWEB-DE-FRA-10, DE. The main domain is www.todayhotties.ru.

This is the only time www.todayhotties.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	67.199.248.11 67.199.248.11	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 2	2606:4700:303... 2606:4700:3032::6815:120b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	185.36.100.24 185.36.100.24	62403 (DISKGROUP) (DISKGROUP)
7	178.162.199.80 178.162.199.80	28753 (LEASEWEB-...) (LEASEWEB-DE-FRA-10)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	3

1 67.199.248.11 (United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: bit.ly

bit.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3032::6815:120b (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

expressdeliveryparcel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.36.100.24 (Haarlem, Netherlands) 1 redirects

ASN62403 (DISKGROUP, VG)

onlinedates.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 178.162.199.80 (Germany)

ASN28753 (LEASEWEB-DE-FRA-10, DE)

www.todayhotties.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	todayhotties.ru www.todayhotties.ru	463 KB
2	expressdeliveryparcel.com 1 redirects expressdeliveryparcel.com	1 KB
1	bootstrapcdn.com stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2181	7 KB
1	onlinedates.ru 1 redirects onlinedates.ru	267 B
1	bit.ly 1 redirects bit.ly — Cisco Umbrella Rank: 3926	314 B
9	5

	Domain	Requested by
7	www.todayhotties.ru	www.todayhotties.ru
2	expressdeliveryparcel.com	1 redirects
1	stackpath.bootstrapcdn.com	www.todayhotties.ru
1	onlinedates.ru	1 redirects
1	bit.ly	1 redirects
9	5

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-03-21` - `2023-03-21`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://www.todayhotties.ru/s/5af3ff4b5a898?s=123
Frame ID: 0B6ADEAE888567F644A10AFB5BE88C59
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

der Internet-Anschluss

Page URL History Show full URLs

https://bit.ly/3N6xdGR?438246e2a4d5dca0076047c689e79818 HTTP 301
http://expressdeliveryparcel.com/parosmia/significatrix_lecithality.html HTTP 301
https://expressdeliveryparcel.com/parosmia/significatrix_lecithality.html Page URL
http://onlinedates.ru/?land=92414 HTTP 302
http://www.todayhotties.ru/s/5af3ff4b5a898?s=123 Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

22 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

3
IPs

3
Countries

471 kB
Transfer

498 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://bit.ly/3N6xdGR?438246e2a4d5dca0076047c689e79818 HTTP 301
http://expressdeliveryparcel.com/parosmia/significatrix_lecithality.html HTTP 301
https://expressdeliveryparcel.com/parosmia/significatrix_lecithality.html Page URL
http://onlinedates.ru/?land=92414 HTTP 302
http://www.todayhotties.ru/s/5af3ff4b5a898?s=123 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://bit.ly/3N6xdGR?438246e2a4d5dca0076047c689e79818 HTTP 301
http://expressdeliveryparcel.com/parosmia/significatrix_lecithality.html HTTP 301
https://expressdeliveryparcel.com/parosmia/significatrix_lecithality.html

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

significatrix_lecithality.html Show response
expressdeliveryparcel.com/parosmia/
Redirect Chain

https://bit.ly/3N6xdGR?438246e2a4d5dca0076047c689e79818
http://expressdeliveryparcel.com/parosmia/significatrix_lecithality.html
https://expressdeliveryparcel.com/parosmia/significatrix_lecithality.html

104 B
697 B

95ms
61ms

Document
text/html

2606:4700:3032::6815:120b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://expressdeliveryparcel.com/parosmia/significatrix_lecithality.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:120b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1d469443d3672141b3c548881e86c8cbce6f45d012a77c292f434b5db903e483

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Thu, 24 Mar 2022 04:51:43 GMT
content-type: text/html
last-modified: Fri, 21 Jan 2022 23:03:03 GMT
content-security-policy: upgrade-insecure-requests
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MkzMivnWNCaiN0npOB94ccwgKNqjJPyxobQoGtgfqhwXBgsHTMU4W53424e0bXtP6Sg4NhoLmuDe1r3b9KPoVelV43DxbElbJBB23tgDyHjBRdTUfAsKaicRGEWHgzHt4j57XSl6sc%2FFSw%2BwXnxYnC9KikcVxDNZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6f0ccb158ddc9b8c-FRA
content-encoding: br

Redirect headers

Date: Thu, 24 Mar 2022 04:51:43 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
location: https://expressdeliveryparcel.com/parosmia/significatrix_lecithality.html
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qMmkfr78TzWA28KLhtQ7XfF%2Bas4a4fI%2BDAobv9s%2FQVFqYgXO6BLLKyGMaeADVg1RBEqAi1p80O5mFzIagoDuA0SJwrB04JD%2BZf3rG%2BzvbCsq89oAN%2BseF6ggb8EapsXzIcvyN8GKLNVN7S0wpm0oIVwH2cy%2BsbfN"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 6f0ccb14ff389bc5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1

200
OK

Primary Request 5af3ff4b5a898 Show response
www.todayhotties.ru/s/
Redirect Chain

http://onlinedates.ru/?land=92414
http://www.todayhotties.ru/s/5af3ff4b5a898?s=123

9 KB
3 KB

1924ms
1848ms

Document
text/html

178.162.199.80
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL: http://www.todayhotties.ru/s/5af3ff4b5a898?s=123
Protocol: HTTP/1.1
Server: 178.162.199.80 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS
Software: openresty/1.19.3.1 /
Resource Hash: 7c5c4caae215491b077c9504ceb05fc413a99524f2f7264727dfe140109fc0d7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://expressdeliveryparcel.com/parosmia/significatrix_lecithality.html

Response headers

Server: openresty/1.19.3.1
Date: Thu, 24 Mar 2022 04:51:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

Redirect headers

Server: nginx
Date: Thu, 24 Mar 2022 04:51:43 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=60
X-Powered-By: PHP/5.6.40
Location: http://www.todayhotties.ru/s/5af3ff4b5a898?s=123

GET
H/1.1 200
OK style.css
www.todayhotties.ru/bundle/302/assets/css/ 2 KB
2 KB 21ms
20ms Stylesheet
text/css 178.162.199.80
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL: http://www.todayhotties.ru/bundle/302/assets/css/style.css
Requested by: Host: www.todayhotties.ru
URL: http://www.todayhotties.ru/s/5af3ff4b5a898?s=123
Protocol: HTTP/1.1
Server: 178.162.199.80 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS
Software: openresty/1.19.3.1 /
Resource Hash: bc7da3819f5351addb3853324860e2ba01a074bd8d4bdc61b177403da5a67742

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.todayhotties.ru/s/5af3ff4b5a898?s=123
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 24 Mar 2022 04:51:45 GMT
Last-Modified: Wed, 25 Mar 2020 15:01:27 GMT
Server: openresty/1.19.3.1
ETag: "5e7b7247-790"
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1936

GET
H2 200 font-awesome.min.css
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/ 30 KB
7 KB 66ms
27ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: www.todayhotties.ru
URL: http://www.todayhotties.ru/s/5af3ff4b5a898?s=123

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.todayhotties.ru/
Origin: http://www.todayhotties.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 04:51:45 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 723
access-control-allow-origin: *
cdn-cachedat: 11/15/2021 21:49:00
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn-proxyver: 1.0
timing-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: aacc4820f9831e8125129eabea6deca2
cf-ray: 6f0ccb23bd699bfa-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H/1.1 200
OK jquery.js Show response
www.todayhotties.ru/bundle/302/assets/js/ 84 KB
84 KB 39ms
20ms Script
application/javascript 178.162.199.80
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL: http://www.todayhotties.ru/bundle/302/assets/js/jquery.js
Requested by: Host: www.todayhotties.ru
URL: http://www.todayhotties.ru/s/5af3ff4b5a898?s=123
Protocol: HTTP/1.1
Server: 178.162.199.80 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS
Software: openresty/1.19.3.1 /
Resource Hash: 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.todayhotties.ru/s/5af3ff4b5a898?s=123
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 24 Mar 2022 04:51:45 GMT
Last-Modified: Wed, 25 Mar 2020 15:01:27 GMT
Server: openresty/1.19.3.1
ETag: "5e7b7247-14e4a"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 85578

GET
H/1.1 200
OK functions.js Show response
www.todayhotties.ru/bundle/302/assets/js/ 1 KB
1 KB 40ms
20ms Script
application/javascript 178.162.199.80
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL: http://www.todayhotties.ru/bundle/302/assets/js/functions.js
Requested by: Host: www.todayhotties.ru
URL: http://www.todayhotties.ru/s/5af3ff4b5a898?s=123
Protocol: HTTP/1.1
Server: 178.162.199.80 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS
Software: openresty/1.19.3.1 /
Resource Hash: bcc57d3a442a70e9352320038b7dec514b03520e7b1c6c8645cf2ac8d7578723

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.todayhotties.ru/s/5af3ff4b5a898?s=123
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 24 Mar 2022 04:51:45 GMT
Last-Modified: Wed, 25 Mar 2020 15:01:27 GMT
Server: openresty/1.19.3.1
ETag: "5e7b7247-43d"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1085

GET
H/1.1 200
OK click.js Show response
www.todayhotties.ru/js/ 4 KB
4 KB 117ms
96ms Script
application/javascript 178.162.199.80
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL: http://www.todayhotties.ru/js/click.js
Requested by: Host: www.todayhotties.ru
URL: http://www.todayhotties.ru/s/5af3ff4b5a898?s=123
Protocol: HTTP/1.1
Server: 178.162.199.80 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS
Software: openresty/1.19.3.1 /
Resource Hash: 8abe2a77b34ca2d18a92f3c8619e5315bc86526b2cd0a6a5e219c566d39681bb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.todayhotties.ru/s/5af3ff4b5a898?s=123
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 24 Mar 2022 04:51:45 GMT
Last-Modified: Wed, 16 Mar 2022 14:34:51 GMT
Server: openresty/1.19.3.1
ETag: "6231f58b-109f"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4255

GET
H/1.1 200
OK body.jpg
www.todayhotties.ru/bundle/302/assets/img/ 338 KB
338 KB 20ms
20ms Image
image/jpeg 178.162.199.80
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.todayhotties.ru/bundle/302/assets/img/body.jpg
Requested by: Host: www.todayhotties.ru
URL: http://www.todayhotties.ru/bundle/302/assets/css/style.css
Protocol: HTTP/1.1
Server: 178.162.199.80 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS
Software: openresty/1.19.3.1 /
Resource Hash: a97b3a6a51a87af2cf849ac895c62960a6a15e0c41e6b9a4b4316aac4a3f7d24

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.todayhotties.ru/bundle/302/assets/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 24 Mar 2022 04:51:45 GMT
Last-Modified: Wed, 25 Mar 2020 15:01:27 GMT
Server: openresty/1.19.3.1
ETag: "5e7b7247-54747"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 345927

GET
H/1.1 200
OK fp2.min.js Show response
www.todayhotties.ru/js/ 30 KB
30 KB 65ms
65ms Script
application/javascript 178.162.199.80
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL: http://www.todayhotties.ru/js/fp2.min.js
Requested by: Host: www.todayhotties.ru
URL: http://www.todayhotties.ru/js/click.js
Protocol: HTTP/1.1
Server: 178.162.199.80 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS
Software: openresty/1.19.3.1 /
Resource Hash: 6e1bf43d1d49858aacd5de53b32b551732bca4b2a46b1f808eb6d6d0f2b70c0e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.todayhotties.ru/s/5af3ff4b5a898
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 24 Mar 2022 04:51:46 GMT
Last-Modified: Wed, 16 Mar 2022 14:34:51 GMT
Server: openresty/1.19.3.1
ETag: "6231f58b-77dd"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 30685

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Scam (Online)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.bit.ly/	1970-01-20 06:07:29	Name: _bit Value: m2o4PH-220bd6ee5191f0c125-002
			.todayhotties.ru/	1970-01-21 04:05:05	Name: SID Value: a813d5eb38a1f973f56567b834908225

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: http://www.todayhotties.ru/s/5af3ff4b5a898?s=123(Line 6) Message: The value "false" for key "user-scalable" is invalid, and has been ignored.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bit.ly
expressdeliveryparcel.com
onlinedates.ru
stackpath.bootstrapcdn.com
www.todayhotties.ru
178.162.199.80
185.36.100.24
2606:4700:3032::6815:120b
2606:4700::6812:bcf
67.199.248.11
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
1d469443d3672141b3c548881e86c8cbce6f45d012a77c292f434b5db903e483
6e1bf43d1d49858aacd5de53b32b551732bca4b2a46b1f808eb6d6d0f2b70c0e
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7c5c4caae215491b077c9504ceb05fc413a99524f2f7264727dfe140109fc0d7
8abe2a77b34ca2d18a92f3c8619e5315bc86526b2cd0a6a5e219c566d39681bb
a97b3a6a51a87af2cf849ac895c62960a6a15e0c41e6b9a4b4316aac4a3f7d24
bc7da3819f5351addb3853324860e2ba01a074bd8d4bdc61b177403da5a67742
bcc57d3a442a70e9352320038b7dec514b03520e7b1c6c8645cf2ac8d7578723

www.todayhotties.ru Open in urlscan Pro 178.162.199.80 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

22 %HTTPS

40 %IPv6

5 Domains

5 Subdomains

3 IPs

3 Countries

471 kBTransfer

498 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

2 Cookies

1 Console Messages

Security Headers

Indicators

www.todayhotties.ru Open in urlscan Pro
178.162.199.80 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

22 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

3
IPs

3
Countries

471 kB
Transfer

498 kB
Size

2
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!