4van.ru Open in urlscan Pro
2606:4700:3030::ac43:c658 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://4van.ru/cca5e2b3826c9d795a50c49679d13fb4
Effective URL:
https://4van.ru/cca5e2b3826c9d795a50c49679d13fb4
Submission: On January 29 via api (January 29th 2024, 8:41:01 pm UTC) from US — Scanned from US

Summary HTTP 21 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 21 HTTP transactions. The main IP is 2606:4700:3030::ac43:c658, located in United States and belongs to CLOUDFLARENET, US. The main domain is 4van.ru.
TLS certificate: Issued by GTS CA 1P5 on January 7th 2024. Valid for: 3 months.

This is the only time 4van.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telegram (Instant Messenger)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3037::6815:5a5a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	2606:4700:303... 2606:4700:3030::ac43:c658	13335 (CLOUDFLAR...) (CLOUDFLARENET)
21	2

1 2606:4700:3037::6815:5a5a (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

4van.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2606:4700:3030::ac43:c658 (United States)

ASN13335 (CLOUDFLARENET, US)

4van.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	4van.ru 1 redirects 4van.ru	236 KB
21	1

	Domain	Requested by
16	4van.ru	1 redirects 4van.ru
21	1

This site contains no links.

Subject Issuer	Validity	Valid
4van.ru GTS CA 1P5	`2024-01-07` - `2024-04-06`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://4van.ru/cca5e2b3826c9d795a50c49679d13fb4
Frame ID: 5C462E189636617E3B8637B1FD7A9E4D
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Web

Page URL History Show full URLs

http://4van.ru/cca5e2b3826c9d795a50c49679d13fb4 HTTP 301
https://4van.ru/cca5e2b3826c9d795a50c49679d13fb4 Page URL
https://4van.ru/cca5e2b3826c9d795a50c49679d13fb4 Page URL

Page Statistics

21
Requests

71 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

235 kB
Transfer

879 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://4van.ru/cca5e2b3826c9d795a50c49679d13fb4 HTTP 301
https://4van.ru/cca5e2b3826c9d795a50c49679d13fb4 Page URL
https://4van.ru/cca5e2b3826c9d795a50c49679d13fb4 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://4van.ru/cca5e2b3826c9d795a50c49679d13fb4 HTTP 301
https://4van.ru/cca5e2b3826c9d795a50c49679d13fb4

21 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	cca5e2b3826c9d795a50c49679d13fb4 4van.ru/ Redirect Chain http://4van.ru/cca5e2b3826c9d795a50c49679d13fb4 https://4van.ru/cca5e2b3826c9d795a50c49679d13fb4	13 KB 5 KB	853ms 783ms	Document text/html	2606:4700:3030::ac43:c658 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://4van.ru/cca5e2b3826c9d795a50c49679d13fb4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::ac43:c658 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 accept-language en-US,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 84d44af87d2d4bd2-BUF content-encoding br content-type text/html; charset=UTF-8 date Mon, 29 Jan 2024 20:40:54 GMT expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vvrt6cZrgwwSgmRBEd6JbhwZ7wOu4nzs4z8n9uIJnRI%2FnnGIiHLh5MY7I9uICiG9Wo%2BLeqYS%2BLFPzelh39yWVMoIAKcUJSxu6wl4LQt06paXLqxyUVGqdj35hpWhghxsnVI29ala"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding Redirect headers CF-RAY 84d44af7ccbb4bd5-BUF Cache-Control max-age=3600 Connection keep-alive Date Mon, 29 Jan 2024 20:40:53 GMT Expires Mon, 29 Jan 2024 21:40:53 GMT Location https://4van.ru/cca5e2b3826c9d795a50c49679d13fb4 NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FFnbWAqvqr63eoW72fBWUH%2F3euGw1o6wu3txPhc69%2B6FJ36Z7yYt2Qr7yrRIRLgIMzrddjMZvYTxoMFypDa3C9THva2btSw4scndxOsAc6MIe3Ui9Xg7nyAKTgsEP%2B50yY%2BjbTqh"}],"group":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked Vary Accept-Encoding alt-svc h3=":443"; ma=86400
GET H2	200	index-f4e30377.js 4van.ru/auth/	101 KB 36 KB	512ms 510ms	Script application/javascript	2606:4700:3030::ac43:c658 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://4van.ru/auth/index-f4e30377.js Requested by Host: 4van.ru URL: https://4van.ru/cca5e2b3826c9d795a50c49679d13fb4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::ac43:c658 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://4van.ru/cca5e2b3826c9d795a50c49679d13fb4 Origin https://4van.ru accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 20:40:55 GMT content-encoding br cf-cache-status MISS last-modified Thu, 28 Sep 2023 01:59:28 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"6514de00-194a9" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=01U%2BrQxn3Csn128Sp2A%2FHoAtsr7EO1k%2Fb1v%2BRW7Z%2BXU6SiiBpZEk8KX5IsWHwzbGzuGB5uc0G5HNQTeVOFArgqQqUASa5aULhi2PVePYA4zl2Li0g%2BkPs2eJCF3%2BOwHiyyLjNFhu"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=86400 cf-ray 84d44afd69114bd2-BUF alt-svc h3=":443"; ma=86400 expires Tue, 30 Jan 2024 20:40:54 GMT
GET		index-220aaf7e.css 4van.ru/auth/	0 0

GET H2	200	Primary Request cca5e2b3826c9d795a50c49679d13fb4 Show response 4van.ru/	13 KB 5 KB	601ms 601ms	Document text/html	2606:4700:3030::ac43:c658 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://4van.ru/cca5e2b3826c9d795a50c49679d13fb4 Requested by Host: 4van.ru URL: https://4van.ru/cca5e2b3826c9d795a50c49679d13fb4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::ac43:c658 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8c7d7666dabefef6d8dfa1e5e00d29a6fc470674d485508c709954d73a7079f6` Request headers Referer https://4van.ru/cca5e2b3826c9d795a50c49679d13fb4 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 accept-language en-US,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 84d44afda9344bd2-BUF content-encoding br content-type text/html; charset=UTF-8 date Mon, 29 Jan 2024 20:40:55 GMT expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4%2BJzbCzHscj9L93x7ZpPPXdcleUkHH3sbnfL6J29%2BXE4xdLkyvCWSYR2ipfSEUvMCZRH7Qd1d%2BZvUVav93acjKNq5IbKB3SfoTcHIODnGUamu%2B8lt7abZudzx13skeDOwF9y4qoV"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H3	200	index-f4e30377.js Show response 4van.ru/auth/	101 KB 36 KB	39ms 38ms	Script application/javascript	2606:4700:3030::ac43:c658 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://4van.ru/auth/index-f4e30377.js Requested by Host: 4van.ru URL: https://4van.ru/cca5e2b3826c9d795a50c49679d13fb4 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:c658 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0e2cae44aa0b417f66c4b6b0d03ee83ccfc40a9ed80667aebd28ee89849ad6f8` Request headers Referer https://4van.ru/cca5e2b3826c9d795a50c49679d13fb4 Origin https://4van.ru accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 20:40:55 GMT content-encoding br cf-cache-status HIT last-modified Thu, 28 Sep 2023 01:59:28 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 1 etag W/"6514de00-194a9" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C4otpiVaJsvD4clW4xG9FzflRmrxaQOv4RoBb%2ByJcAom%2B5Xbbkuk3YcB8qn63eGz1bNqdOCSAgLC1qaGwIFlfdwR7XeWiG2YzPtI7WjdWtZDG04z8K95YEQu9O9%2BisoMp01Qkl9s"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=86400 cf-ray 84d44b017bd74bd2-BUF alt-svc h3=":443"; ma=86400 expires Tue, 30 Jan 2024 20:40:54 GMT
GET H3	200	index-220aaf7e.css 4van.ru/auth/	397 KB 72 KB	204ms 203ms	Stylesheet text/css	2606:4700:3030::ac43:c658 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://4van.ru/auth/index-220aaf7e.css Requested by Host: 4van.ru URL: https://4van.ru/cca5e2b3826c9d795a50c49679d13fb4 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:c658 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `220aaf7ecb349275e87712148c3a60fe8bf438b430775494faf6f5d55c83c3ca` Request headers accept-language en-US,en;q=0.9 Referer https://4van.ru/cca5e2b3826c9d795a50c49679d13fb4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 20:40:55 GMT content-encoding br cf-cache-status HIT last-modified Thu, 28 Sep 2023 01:59:28 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 1 etag W/"6514de00-6346b" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jp%2FDnM%2F3NmEGObP58ElC%2Fcx7WGHSEKao8l9AAm4ni9aOvnXlx4aVA8aXhQupXM5aPeqTF4dSkTtoxMcqScdl3y8Ep0n26NUDW9l2ButcmPQTK2liG5vr0zALrU2l48LGrDeuA9Sc"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=86400 cf-ray 84d44b017bd94bd2-BUF alt-svc h3=":443"; ma=86400 expires Tue, 30 Jan 2024 20:40:54 GMT
GET		mtproto.worker-3c075898.js 4van.ru/auth/	0 0

GET		crypto.worker-9d5beacd.js 4van.ru/auth/	0 0

GET H3	200	crypto.worker-9d5beacd.js Show response 4van.ru/auth/	67 KB 24 KB	577ms 576ms	Fetch application/javascript	2606:4700:3030::ac43:c658 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://4van.ru/auth/crypto.worker-9d5beacd.js Requested by Host: 4van.ru URL: https://4van.ru/auth/index-f4e30377.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:c658 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `75b2b1645da9407793d922a19e00801b031593e54e1f9f8aa5644621daaeb495` Request headers accept-language en-US,en;q=0.9 Referer https://4van.ru/cca5e2b3826c9d795a50c49679d13fb4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 20:40:56 GMT content-encoding br cf-cache-status HIT last-modified Thu, 28 Sep 2023 01:59:28 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 1 etag W/"6514de00-10b3e" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r8qJKkgdprFCT%2Bx4V%2FZ7DCqy5B%2FdWft4OtwC1k%2B302D0nMBTRfjijaqs3Eu8qgpTNGXB18FG%2FRKpxGoQ3h40HhQ9h6OQ0Oc7A86yRgxQfqLjeYvGI13IM1st%2F8ocnMUin7vROfRx"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=86400 cf-ray 84d44b03bd264bd2-BUF alt-svc h3=":443"; ma=86400 expires Tue, 30 Jan 2024 20:40:55 GMT
GET H3	200	lang-c1c2a466.js Show response 4van.ru/auth/	76 KB 23 KB	457ms 456ms	Script application/javascript	2606:4700:3030::ac43:c658 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://4van.ru/auth/lang-c1c2a466.js Requested by Host: 4van.ru URL: https://4van.ru/auth/index-f4e30377.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:c658 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `11ca618d8837ebe9691487335a53e7d3fd5edc7428a56e3b8ceb2e9c200b77bd` Request headers Referer https://4van.ru/auth/index-f4e30377.js Origin https://4van.ru accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 20:40:56 GMT content-encoding br cf-cache-status MISS last-modified Thu, 28 Sep 2023 01:59:28 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"6514de00-12f67" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5n4sujHCbd70qVRtT3rU1rRj75xrjbgI6Q0QNbvo3HQNXMC3OksRGgkCRs46SmKHo3dXq6c2%2BnZ%2BZXkRi47o%2BA8T0j4roMNzjAvTdhHqjaxzV%2Bap5msLf4znj%2BIgNR0lsWI61eI6"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=86400 cf-ray 84d44b03fd864bd2-BUF alt-svc h3=":443"; ma=86400 expires Tue, 30 Jan 2024 20:40:55 GMT
GET H3	200	langSign-f5a5610c.js Show response 4van.ru/auth/	2 KB 1 KB	302ms 301ms	Script application/javascript	2606:4700:3030::ac43:c658 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://4van.ru/auth/langSign-f5a5610c.js Requested by Host: 4van.ru URL: https://4van.ru/auth/index-f4e30377.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:c658 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `76070b61f4b1a734176b561671a3fe24d21d383fe568e0b45f3acad2c016a4a2` Request headers Referer https://4van.ru/auth/index-f4e30377.js Origin https://4van.ru accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 20:40:55 GMT content-encoding br cf-cache-status REVALIDATED last-modified Thu, 28 Sep 2023 01:59:28 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"6514de00-669" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VhZpWquQ2O6TFCE1vLtOPdE8lhAlPENHe31qo%2FZN%2FBtCnHrMTgTT%2FFoCEd6nd%2BWbrJhh1LJ10og8mNOIb9ltvZ0JbBFK%2FFcMV8F21P01yMLVQD5G%2BQblVVnOLgNdLA0Ro4LRK3rN"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=86400 cf-ray 84d44b03fd874bd2-BUF alt-svc h3=":443"; ma=86400 expires Tue, 30 Jan 2024 20:40:55 GMT
GET H3	200	countries-5301fc59.js Show response 4van.ru/auth/	24 KB 4 KB	301ms 300ms	Script application/javascript	2606:4700:3030::ac43:c658 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://4van.ru/auth/countries-5301fc59.js Requested by Host: 4van.ru URL: https://4van.ru/auth/index-f4e30377.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:c658 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7b4921656e143af35794b7fc9d4d23580fa232ffcf179bc8569317e424032d80` Request headers Referer https://4van.ru/auth/index-f4e30377.js Origin https://4van.ru accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 20:40:55 GMT content-encoding br cf-cache-status MISS last-modified Thu, 28 Sep 2023 01:59:28 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"6514de00-5e21" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZrwErXddYQUiAgR33nJSmjMuyYnakBcTuMYQH1Fl0N0io8TNmMp%2FDoe5GY6lq5MjHsdF9T2dZ8%2FWCYApiPi6hswIiKoWqy9%2FhPtzsbW7SeXWRwDNnSXx2xfnf493kFvE6A5OgSQe"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=86400 cf-ray 84d44b03fd894bd2-BUF alt-svc h3=":443"; ma=86400 expires Tue, 30 Jan 2024 20:40:55 GMT
GET H3	200	pageSignQR-a7512de5.js Show response 4van.ru/auth/	5 KB 3 KB	523ms 522ms	Script application/javascript	2606:4700:3030::ac43:c658 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://4van.ru/auth/pageSignQR-a7512de5.js Requested by Host: 4van.ru URL: https://4van.ru/auth/index-f4e30377.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:c658 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `6c9845a3ba553f6e042a690214a12e7bcc596686b10f511c638c5d177cbc4f05` Request headers Referer Origin https://4van.ru accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 20:40:56 GMT content-encoding br cf-cache-status MISS last-modified Thu, 28 Sep 2023 01:59:28 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"6514de00-14e7" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UjrmXPpMhXaqXbv2S2iCixBhEJ0odQe6oXqcJUPTSTZXnfCwAjEVIYsYi1W8TQO68YGX01hUcebw3CkwdIm4NmB1uvCxjn7215wq67KH%2FQCwlyvZiQWLDT2tXH8b0C2PR%2FRvaKS5"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=86400 cf-ray 84d44b073f6f4bd2-BUF alt-svc h3=":443"; ma=86400 expires Tue, 30 Jan 2024 20:40:56 GMT
GET H3	200	page-2bc02b7f.js Show response 4van.ru/auth/	10 KB 4 KB	172ms 171ms	Script application/javascript	2606:4700:3030::ac43:c658 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://4van.ru/auth/page-2bc02b7f.js Requested by Host: 4van.ru URL: https://4van.ru/auth/index-f4e30377.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:c658 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9f4dba2a9d17f76bd9ee4c45c574f7aeae643cf90b7736a6cd6bb8bb987a2ff4` Request headers Referer Origin https://4van.ru accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 20:40:56 GMT content-encoding br cf-cache-status MISS last-modified Thu, 28 Sep 2023 01:59:28 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"6514de00-26c7" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=17BWAzjFU1oWt7LJfpE416OwcTIc7cQj1SNCwsul16RgxNf0crf0Kj4Kucz99G7elMhsZGaoenB8n4XazpPP3CUj8cz5FGlyLVQWNxhQ1sd4M7%2FRe0OjItLkJqywaWq7dcjgRerR"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=86400 cf-ray 84d44b074f714bd2-BUF alt-svc h3=":443"; ma=86400 expires Tue, 30 Jan 2024 20:40:56 GMT
GET H3	200	bytesCmp-33849f4a.js Show response 4van.ru/auth/	3 KB 2 KB	523ms 523ms	Script application/javascript	2606:4700:3030::ac43:c658 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://4van.ru/auth/bytesCmp-33849f4a.js Requested by Host: 4van.ru URL: https://4van.ru/auth/index-f4e30377.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:c658 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `619a25522f0cc792312457176406cd47fad0ad6659bf9606740d7ad50341ace7` Request headers Referer Origin https://4van.ru accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 20:40:56 GMT content-encoding br cf-cache-status MISS last-modified Thu, 28 Sep 2023 01:59:28 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"6514de00-d57" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lU4kEQElSxgpnQ2tOG9c%2FxwH1LcZJl8UUSGEZVjLjEEzJBwe20HU%2BoGR9P4%2BtJzn1Fni%2BH3nI3VCTAKLIdgvOLdGIpWhv657LCsB7Vof8JBQEaS6JFSVud%2BD8Xr6O1EChTzSw3qu"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=86400 cf-ray 84d44b074f734bd2-BUF alt-svc h3=":443"; ma=86400 expires Tue, 30 Jan 2024 20:40:56 GMT
GET H3	200	putPreloader-f1aca9bc.js Show response 4van.ru/auth/	697 B 895 B	535ms 535ms	Script application/javascript	2606:4700:3030::ac43:c658 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://4van.ru/auth/putPreloader-f1aca9bc.js Requested by Host: 4van.ru URL: https://4van.ru/auth/index-f4e30377.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:c658 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `81c729b08b379474a1ef86ec52925b727ce8adf2d3c2155af09043fe143f0596` Request headers Referer Origin https://4van.ru accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 20:40:56 GMT content-encoding br cf-cache-status MISS last-modified Thu, 28 Sep 2023 01:59:28 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"6514de00-2b9" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Oq2cfqGWOLn0%2BjTvOnpNaZ%2FXIc65z9lAE3SJFscHcgeqTywBn1F3yPLWlZ%2B7epv096IsWEF%2BY4vwrpcjcTDJH8CW7%2Fyhdxl2hpiosSLfc03khUCBZ3Ox%2BTA%2F6iboJ674ujGirpO2"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=86400 cf-ray 84d44b074f754bd2-BUF alt-svc h3=":443"; ma=86400 expires Tue, 30 Jan 2024 20:40:56 GMT
GET H3	200	qr-code-styling-c40cd486.js Show response 4van.ru/auth/	65 KB 17 KB	430ms 430ms	Script application/javascript	2606:4700:3030::ac43:c658 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://4van.ru/auth/qr-code-styling-c40cd486.js Requested by Host: 4van.ru URL: https://4van.ru/auth/pageSignQR-a7512de5.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:c658 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `48d812700c5555c6823724cb0ce93936e5067175e37a41b6f3edd1ceecea2bfc` Request headers Referer https://4van.ru/auth/pageSignQR-a7512de5.js Origin https://4van.ru accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 20:40:57 GMT content-encoding br cf-cache-status MISS last-modified Thu, 28 Sep 2023 01:59:28 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"6514de00-102e0" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MxeSqVaePt6ZF08PaPpGX8WB2tozdCXbWoQk8I2UYSBFLZOeZ9mzc3YFr%2BbyR91PtPjzbsAuVh84WL0DXsT1Fv3IWZwkJltVQrzDVSHI%2BXaK08egaTAmFfXemSAEDvVQgzykwXtK"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=86400 cf-ray 84d44b0aa9894bd2-BUF alt-svc h3=":443"; ma=86400 expires Tue, 30 Jan 2024 20:40:56 GMT
GET		52252922-9220-4177-8041-0359bb14b2b7 https://4van.ru/	0 0

GET		09056cf2-bc45-4ab3-83e0-1608cc486383 https://4van.ru/	0 0

GET		02baaae3-4287-4dff-969a-78236cf428fe https://4van.ru/	0 0

GET H3	200	logo_padded.svg Show response 4van.ru/auth/assets/img/	1 KB 1 KB	302ms 301ms	Fetch image/svg+xml	2606:4700:3030::ac43:c658 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://4van.ru/auth/assets/img/logo_padded.svg Requested by Host: 4van.ru URL: https://4van.ru/auth/pageSignQR-a7512de5.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:c658 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `eeb79b0ae5da35d3433de6edeec3a0e3cce9c24f517dbad26ed97e852666c8f4` Request headers accept-language en-US,en;q=0.9 Referer https://4van.ru/cca5e2b3826c9d795a50c49679d13fb4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 20:40:59 GMT content-encoding br cf-cache-status MISS last-modified Sun, 09 Jul 2023 15:42:08 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64aad550-42d" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uFK2PsVUeh%2BtVGT7zjcVBp6bf7OfE%2BEfTilXCxtjY09Q6y%2Fh10TqBGGSiovXvDoX58%2FhYxmXtLP%2BdvOlI7SMjz2rTbu1nT0RvL5Z8xwQNivQJJmPs4F6ZWTjMY2lzRrrGZNwrPzw"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=86400 cf-ray 84d44b1d0c444bd2-BUF alt-svc h3=":443"; ma=86400 expires Tue, 30 Jan 2024 20:40:59 GMT
GET DATA	200 OK	truncated /	1 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `eeb79b0ae5da35d3433de6edeec3a0e3cce9c24f517dbad26ed97e852666c8f4` Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: 4van.ru
URL: https://4van.ru/auth/index-220aaf7e.css

Domain: 4van.ru
URL: https://4van.ru/auth/mtproto.worker-3c075898.js

Domain: 4van.ru
URL: https://4van.ru/auth/crypto.worker-9d5beacd.js

Domain: 4van.ru
URL: blob:https://4van.ru/52252922-9220-4177-8041-0359bb14b2b7

Domain: 4van.ru
URL: blob:https://4van.ru/09056cf2-bc45-4ab3-83e0-1608cc486383

Domain: 4van.ru
URL: blob:https://4van.ru/02baaae3-4287-4dff-969a-78236cf428fe

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telegram (Instant Messenger)

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			4van.ru/	1969-12-31 23:59:59	Name: PHPSESSID Value: 7ivegtuh7nmjnt35fcuo5c6fnr

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

4van.ru
4van.ru
2606:4700:3030::ac43:c658
2606:4700:3037::6815:5a5a
0e2cae44aa0b417f66c4b6b0d03ee83ccfc40a9ed80667aebd28ee89849ad6f8
11ca618d8837ebe9691487335a53e7d3fd5edc7428a56e3b8ceb2e9c200b77bd
220aaf7ecb349275e87712148c3a60fe8bf438b430775494faf6f5d55c83c3ca
48d812700c5555c6823724cb0ce93936e5067175e37a41b6f3edd1ceecea2bfc
619a25522f0cc792312457176406cd47fad0ad6659bf9606740d7ad50341ace7
6c9845a3ba553f6e042a690214a12e7bcc596686b10f511c638c5d177cbc4f05
75b2b1645da9407793d922a19e00801b031593e54e1f9f8aa5644621daaeb495
76070b61f4b1a734176b561671a3fe24d21d383fe568e0b45f3acad2c016a4a2
7b4921656e143af35794b7fc9d4d23580fa232ffcf179bc8569317e424032d80
81c729b08b379474a1ef86ec52925b727ce8adf2d3c2155af09043fe143f0596
8c7d7666dabefef6d8dfa1e5e00d29a6fc470674d485508c709954d73a7079f6
9f4dba2a9d17f76bd9ee4c45c574f7aeae643cf90b7736a6cd6bb8bb987a2ff4
eeb79b0ae5da35d3433de6edeec3a0e3cce9c24f517dbad26ed97e852666c8f4

4van.ru Open in urlscan Pro 2606:4700:3030::ac43:c658 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

21 Requests

71 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

235 kBTransfer

879 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

26 JavaScript Global Variables

1 Cookies

Indicators

4van.ru Open in urlscan Pro
2606:4700:3030::ac43:c658 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

71 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

235 kB
Transfer

879 kB
Size

1
Cookies

21 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!