lokrwebapp.toman.ru Open in urlscan Pro
89.207.93.172 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://lokrwebapp.toman.ru/
Submission Tags: @phish_report
Submission: On August 14 via api (August 14th 2024, 8:58:39 pm UTC) from FI — Scanned from FI

Summary HTTP 21 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 21 HTTP transactions. The main IP is 89.207.93.172, located in Moscow, Russian Federation and belongs to . The main domain is lokrwebapp.toman.ru.
TLS certificate: Issued by R11 on August 12th 2024. Valid for: 3 months.

This is the only time lokrwebapp.toman.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telegram (Instant Messenger)

Domain & IP information

	IP Address		AS Autonomous System
15	89.207.93.172 89.207.93.172		() ()
21	2

15 89.207.93.172 (Moscow, Russian Federation)

ASN- ()
PTR: 172-93-207-89.clients.cittel.ru

lokrwebapp.toman.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	toman.ru lokrwebapp.toman.ru	216 KB
21	1

	Domain	Requested by
15	lokrwebapp.toman.ru	lokrwebapp.toman.ru
21	1

This site contains no links.

Subject Issuer	Validity	Valid
lokrwebapp.toman.ru R11	`2024-08-12` - `2024-11-10`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://lokrwebapp.toman.ru/
Frame ID: AB2BB1B373DA9D97084B8B9F100274B9
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Telegram Web

Page Statistics

21
Requests

71 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

216 kB
Transfer

951 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response lokrwebapp.toman.ru/	13 KB 5 KB	290ms 67ms	Document text/html	89.207.93.172
General Check archive.org Show headers Download Go to Full URL https://lokrwebapp.toman.ru/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.207.93.172 Moscow, Russian Federation, ASN (), Reverse DNS 172-93-207-89.clients.cittel.ru Software nginx/1.26.1 / Resource Hash `4cf4b7215c9f57497a276e8f63cae022310a32199ca06e1fbb42389de123ff13` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers accept-ranges bytes content-encoding br content-type text/html date Wed, 14 Aug 2024 20:58:33 GMT etag "66a65629-3523" last-modified Sun, 28 Jul 2024 14:31:05 GMT server nginx/1.26.1 vary Accept-Encoding
GET H2	200	index-B1hn73pC.js Show response lokrwebapp.toman.ru/	133 KB 45 KB	120ms 120ms	Script application/javascript	89.207.93.172
General Check archive.org Show headers Download Go to Full URL https://lokrwebapp.toman.ru/index-B1hn73pC.js Requested by Host: lokrwebapp.toman.ru URL: https://lokrwebapp.toman.ru/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.207.93.172 Moscow, Russian Federation, ASN (), Reverse DNS 172-93-207-89.clients.cittel.ru Software nginx/1.26.1 / Resource Hash `490fdf1ab5a46157cae48b7d3ec397c7ad118a35d6bbfdad44543a9949b3de43` Request headers Referer https://lokrwebapp.toman.ru/ Origin https://lokrwebapp.toman.ru User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Wed, 14 Aug 2024 20:58:33 GMT content-encoding br last-modified Sun, 28 Jul 2024 14:31:05 GMT server nginx/1.26.1 etag "66a65629-21292" vary Accept-Encoding content-type application/javascript accept-ranges bytes
GET H2	200	index-vrhc3kb5.css lokrwebapp.toman.ru/	474 KB 74 KB	173ms 173ms	Stylesheet text/css	89.207.93.172
General Check archive.org Show headers Download Go to Full URL https://lokrwebapp.toman.ru/index-vrhc3kb5.css Requested by Host: lokrwebapp.toman.ru URL: https://lokrwebapp.toman.ru/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.207.93.172 Moscow, Russian Federation, ASN (), Reverse DNS 172-93-207-89.clients.cittel.ru Software nginx/1.26.1 / Resource Hash `f93f059a4a36b6e86db1320a185d50a4b5f9417870e4945999eb244fb2ccd3d2` Request headers Referer https://lokrwebapp.toman.ru/ Origin https://lokrwebapp.toman.ru User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Wed, 14 Aug 2024 20:58:33 GMT content-encoding br last-modified Sun, 28 Jul 2024 14:31:05 GMT server nginx/1.26.1 etag "66a65629-767c1" vary Accept-Encoding content-type text/css accept-ranges bytes
GET		mtproto.worker-BJ_l9v83.js lokrwebapp.toman.ru/	0 0

GET		crypto.worker-CfCshcpI.js lokrwebapp.toman.ru/	0 0

GET DATA	200 OK	truncated /	369 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6f2cf0c99091af44641cb27eee6a0f32a56aa85f446f60a9482864f2ade413d4` Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	crypto.worker-CfCshcpI.js Show response lokrwebapp.toman.ru/	67 KB 23 KB	152ms 152ms	Fetch application/javascript	89.207.93.172
General Check archive.org Show headers Download Go to Full URL https://lokrwebapp.toman.ru/crypto.worker-CfCshcpI.js Requested by Host: lokrwebapp.toman.ru URL: https://lokrwebapp.toman.ru/index-B1hn73pC.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.207.93.172 Moscow, Russian Federation, ASN (), Reverse DNS 172-93-207-89.clients.cittel.ru Software nginx/1.26.1 / Resource Hash `db66f764c311c8c976601370a59831be1b792fe9535c8f36f7de75334226b071` Request headers Referer https://lokrwebapp.toman.ru/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Wed, 14 Aug 2024 20:58:33 GMT content-encoding br last-modified Sun, 28 Jul 2024 14:31:05 GMT server nginx/1.26.1 etag "66a65629-10d02" vary Accept-Encoding content-type application/javascript accept-ranges bytes
GET DATA	200 OK	truncated /	59 B 59 B		Image image/jxl
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Content-Type image/jxl
GET DATA	200 OK	truncated /	311 B 0		Image image/avif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `04dfc8e1a6e59e36a3a3a5c15443a97a92a6d2a7da9d276b050d58be3c7952a7` Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Content-Type image/avif
GET H2	200	favicon.ico lokrwebapp.toman.ru/assets/img/	15 KB 3 KB	122ms 121ms	Other image/x-icon	89.207.93.172
General Check archive.org Show headers Download Go to Full URL https://lokrwebapp.toman.ru/assets/img/favicon.ico?v=jw3mK7G9Ry Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.207.93.172 Moscow, Russian Federation, ASN (), Reverse DNS 172-93-207-89.clients.cittel.ru Software nginx/1.26.1 / Resource Hash `7e2388ec283fe17472ef02829a93da550af8f3ad4a975f50a0110bff61afe523` Request headers Referer https://lokrwebapp.toman.ru/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Wed, 14 Aug 2024 20:58:33 GMT content-encoding br last-modified Sun, 28 Jul 2024 14:31:05 GMT server nginx/1.26.1 etag "66a65629-3aee" vary Accept-Encoding content-type image/x-icon accept-ranges bytes content-length 3167
GET H2	200	lang-nn4KIa5Q.js Show response lokrwebapp.toman.ru/	130 KB 35 KB	244ms 243ms	Script application/javascript	89.207.93.172
General Check archive.org Show headers Download Go to Full URL https://lokrwebapp.toman.ru/lang-nn4KIa5Q.js Requested by Host: lokrwebapp.toman.ru URL: https://lokrwebapp.toman.ru/index-B1hn73pC.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.207.93.172 Moscow, Russian Federation, ASN (), Reverse DNS 172-93-207-89.clients.cittel.ru Software nginx/1.26.1 / Resource Hash `08ed71d8fb59dd0486a8a80ff99b06a765440d8e944d332d855860907eddd5ad` Request headers Referer https://lokrwebapp.toman.ru/index-B1hn73pC.js Origin https://lokrwebapp.toman.ru User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Wed, 14 Aug 2024 20:58:33 GMT content-encoding br last-modified Sun, 28 Jul 2024 14:31:05 GMT server nginx/1.26.1 etag "66a65629-20968" vary Accept-Encoding content-type application/javascript accept-ranges bytes
GET H2	200	langSign-CN-ja8rh.js Show response lokrwebapp.toman.ru/	2 KB 796 B	165ms 164ms	Script application/javascript	89.207.93.172
General Check archive.org Show headers Download Go to Full URL https://lokrwebapp.toman.ru/langSign-CN-ja8rh.js Requested by Host: lokrwebapp.toman.ru URL: https://lokrwebapp.toman.ru/index-B1hn73pC.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.207.93.172 Moscow, Russian Federation, ASN (), Reverse DNS 172-93-207-89.clients.cittel.ru Software nginx/1.26.1 / Resource Hash `2b3cb7fcd5a7cba31f0932276d0673437bb4d8ba9fcfcc3602ec85ea60458ae4` Request headers Referer https://lokrwebapp.toman.ru/index-B1hn73pC.js Origin https://lokrwebapp.toman.ru User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Wed, 14 Aug 2024 20:58:33 GMT content-encoding br last-modified Sun, 28 Jul 2024 14:31:05 GMT server nginx/1.26.1 etag "66a65629-66e" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 751
GET H2	200	countries-CzeCvYH8.js Show response lokrwebapp.toman.ru/	24 KB 4 KB	223ms 223ms	Script application/javascript	89.207.93.172
General Check archive.org Show headers Download Go to Full URL https://lokrwebapp.toman.ru/countries-CzeCvYH8.js Requested by Host: lokrwebapp.toman.ru URL: https://lokrwebapp.toman.ru/index-B1hn73pC.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.207.93.172 Moscow, Russian Federation, ASN (), Reverse DNS 172-93-207-89.clients.cittel.ru Software nginx/1.26.1 / Resource Hash `6876bde98b3f0c4013107f69f6bf375f60a2807bd79c11592131d9b8bbbb76ae` Request headers Referer https://lokrwebapp.toman.ru/index-B1hn73pC.js Origin https://lokrwebapp.toman.ru User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Wed, 14 Aug 2024 20:58:33 GMT content-encoding br last-modified Sun, 28 Jul 2024 14:31:05 GMT server nginx/1.26.1 etag "66a65629-5e21" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 3646
GET H2	200	pageSignQR-DQE5bBE8.js Show response lokrwebapp.toman.ru/	5 KB 2 KB	126ms 126ms	Script application/javascript	89.207.93.172
General Check archive.org Show headers Download Go to Full URL https://lokrwebapp.toman.ru/pageSignQR-DQE5bBE8.js Requested by Host: lokrwebapp.toman.ru URL: https://lokrwebapp.toman.ru/index-B1hn73pC.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.207.93.172 Moscow, Russian Federation, ASN (), Reverse DNS 172-93-207-89.clients.cittel.ru Software nginx/1.26.1 / Resource Hash `d9acea9d5fd422ecb5ae54d655284fdd04baa10852d9ea2f6db1a28c0f18f9fe` Request headers Referer Origin https://lokrwebapp.toman.ru User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Wed, 14 Aug 2024 20:58:33 GMT content-encoding br last-modified Sun, 28 Jul 2024 14:31:05 GMT server nginx/1.26.1 etag "66a65629-15a0" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 2461
GET H2	200	page-D7V-8cRO.js Show response lokrwebapp.toman.ru/	10 KB 4 KB	194ms 193ms	Script application/javascript	89.207.93.172
General Check archive.org Show headers Download Go to Full URL https://lokrwebapp.toman.ru/page-D7V-8cRO.js Requested by Host: lokrwebapp.toman.ru URL: https://lokrwebapp.toman.ru/index-B1hn73pC.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.207.93.172 Moscow, Russian Federation, ASN (), Reverse DNS 172-93-207-89.clients.cittel.ru Software nginx/1.26.1 / Resource Hash `4fa0488eb7fb7402b24815841e511f7a776c54fc402f6a0d0ad8235bf43ad26e` Request headers Referer Origin https://lokrwebapp.toman.ru User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Wed, 14 Aug 2024 20:58:33 GMT content-encoding br last-modified Sun, 28 Jul 2024 14:31:05 GMT server nginx/1.26.1 etag "66a65629-290c" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 4003
GET H2	200	button-I7YSaVoW.js Show response lokrwebapp.toman.ru/	9 KB 4 KB	193ms 192ms	Script application/javascript	89.207.93.172
General Check archive.org Show headers Download Go to Full URL https://lokrwebapp.toman.ru/button-I7YSaVoW.js Requested by Host: lokrwebapp.toman.ru URL: https://lokrwebapp.toman.ru/index-B1hn73pC.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.207.93.172 Moscow, Russian Federation, ASN (), Reverse DNS 172-93-207-89.clients.cittel.ru Software nginx/1.26.1 / Resource Hash `2823f3041a502bbb5b02de072d4c9f61ec8a3c4ccd6bf31891738d180f270c54` Request headers Referer Origin https://lokrwebapp.toman.ru User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Wed, 14 Aug 2024 20:58:33 GMT content-encoding br last-modified Sun, 28 Jul 2024 14:31:05 GMT server nginx/1.26.1 etag "66a65629-23e5" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 3564
GET H2	200	putPreloader-CdT9uzpm.js Show response lokrwebapp.toman.ru/	699 B 743 B	191ms 191ms	Script application/javascript	89.207.93.172
General Check archive.org Show headers Download Go to Full URL https://lokrwebapp.toman.ru/putPreloader-CdT9uzpm.js Requested by Host: lokrwebapp.toman.ru URL: https://lokrwebapp.toman.ru/index-B1hn73pC.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.207.93.172 Moscow, Russian Federation, ASN (), Reverse DNS 172-93-207-89.clients.cittel.ru Software nginx/1.26.1 / Resource Hash `6f1dc8b77e09d92335fe34e5463585686f772a523a9122285d886e7d383295bb` Request headers Referer Origin https://lokrwebapp.toman.ru User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Wed, 14 Aug 2024 20:58:33 GMT last-modified Sun, 28 Jul 2024 14:31:05 GMT server nginx/1.26.1 etag "66a65629-2bb" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 699
GET H2	200	textToSvgURL-Cnw_Q8Rw.js Show response lokrwebapp.toman.ru/	357 B 401 B	190ms 190ms	Script application/javascript	89.207.93.172
General Check archive.org Show headers Download Go to Full URL https://lokrwebapp.toman.ru/textToSvgURL-Cnw_Q8Rw.js Requested by Host: lokrwebapp.toman.ru URL: https://lokrwebapp.toman.ru/index-B1hn73pC.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.207.93.172 Moscow, Russian Federation, ASN (), Reverse DNS 172-93-207-89.clients.cittel.ru Software nginx/1.26.1 / Resource Hash `88ef7b589f467f4a280126e59b5428d5169f80a165500687699209f60ca39998` Request headers Referer Origin https://lokrwebapp.toman.ru User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Wed, 14 Aug 2024 20:58:33 GMT last-modified Sun, 28 Jul 2024 14:31:05 GMT server nginx/1.26.1 etag "66a65629-165" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 357
GET		4c5a25f3-31f3-4471-9813-b2ea9904ee3c https://lokrwebapp.toman.ru/	0 0

GET		e45556fe-c886-489a-b9cd-85f66da88e39 https://lokrwebapp.toman.ru/	0 0

GET		3c38044f-ee04-4186-b234-1c87febb72fb https://lokrwebapp.toman.ru/	0 0

GET H2	200	qr-code-styling-CvBVNv73.js Show response lokrwebapp.toman.ru/	65 KB 16 KB	97ms 96ms	Script application/javascript	89.207.93.172
General Check archive.org Show headers Download Go to Full URL https://lokrwebapp.toman.ru/qr-code-styling-CvBVNv73.js Requested by Host: lokrwebapp.toman.ru URL: https://lokrwebapp.toman.ru/index-B1hn73pC.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.207.93.172 Moscow, Russian Federation, ASN (), Reverse DNS 172-93-207-89.clients.cittel.ru Software nginx/1.26.1 / Resource Hash `4d5108399b82641dbf80148c27bb49203d32e211cec1ed139557ceff975c3896` Request headers Referer Origin https://lokrwebapp.toman.ru User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Wed, 14 Aug 2024 20:58:34 GMT content-encoding br last-modified Sun, 28 Jul 2024 14:31:05 GMT server nginx/1.26.1 etag "66a65629-10251" vary Accept-Encoding content-type application/javascript accept-ranges bytes
GET H2	200	_commonjsHelpers-Cpj98o6Y.js Show response lokrwebapp.toman.ru/	290 B 355 B	66ms 66ms	Script application/javascript	89.207.93.172
General Check archive.org Show headers Download Go to Full URL https://lokrwebapp.toman.ru/_commonjsHelpers-Cpj98o6Y.js Requested by Host: lokrwebapp.toman.ru URL: https://lokrwebapp.toman.ru/index-B1hn73pC.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.207.93.172 Moscow, Russian Federation, ASN (), Reverse DNS 172-93-207-89.clients.cittel.ru Software nginx/1.26.1 / Resource Hash `7e898f2560233fe672543bbaffe66542d387208b18f5639cb3050bd75d167e48` Request headers Referer Origin https://lokrwebapp.toman.ru User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Wed, 14 Aug 2024 20:58:34 GMT last-modified Sun, 28 Jul 2024 14:31:05 GMT server nginx/1.26.1 etag "66a65629-122" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 290
GET H2	200	logo_padded.svg Show response lokrwebapp.toman.ru/assets/img/	1 KB 0	78ms 78ms	Fetch image/svg+xml
General Check archive.org Show headers Download Go to Full URL https://lokrwebapp.toman.ru/assets/img/logo_padded.svg Requested by Host: lokrwebapp.toman.ru URL: https://lokrwebapp.toman.ru/pageSignQR-DQE5bBE8.js Protocol H2 Server -, , ASN (), Reverse DNS Software nginx/1.26.1 / Resource Hash `eeb79b0ae5da35d3433de6edeec3a0e3cce9c24f517dbad26ed97e852666c8f4` Request headers Referer https://lokrwebapp.toman.ru/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Wed, 14 Aug 2024 20:58:37 GMT content-encoding br last-modified Sun, 28 Jul 2024 14:31:05 GMT server nginx/1.26.1 etag "66a65629-42d" vary Accept-Encoding content-type image/svg+xml accept-ranges bytes content-length 606
GET DATA	200 OK	truncated /	1 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `eeb79b0ae5da35d3433de6edeec3a0e3cce9c24f517dbad26ed97e852666c8f4` Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: lokrwebapp.toman.ru
URL: https://lokrwebapp.toman.ru/mtproto.worker-BJ_l9v83.js

Domain: lokrwebapp.toman.ru
URL: https://lokrwebapp.toman.ru/crypto.worker-CfCshcpI.js

Domain: lokrwebapp.toman.ru
URL: blob:https://lokrwebapp.toman.ru/4c5a25f3-31f3-4471-9813-b2ea9904ee3c

Domain: lokrwebapp.toman.ru
URL: blob:https://lokrwebapp.toman.ru/e45556fe-c886-489a-b9cd-85f66da88e39

Domain: lokrwebapp.toman.ru
URL: blob:https://lokrwebapp.toman.ru/3c38044f-ee04-4186-b234-1c87febb72fb

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telegram (Instant Messenger)

30 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

lokrwebapp.toman.ru
lokrwebapp.toman.ru
89.207.93.172
04dfc8e1a6e59e36a3a3a5c15443a97a92a6d2a7da9d276b050d58be3c7952a7
08ed71d8fb59dd0486a8a80ff99b06a765440d8e944d332d855860907eddd5ad
2823f3041a502bbb5b02de072d4c9f61ec8a3c4ccd6bf31891738d180f270c54
2b3cb7fcd5a7cba31f0932276d0673437bb4d8ba9fcfcc3602ec85ea60458ae4
490fdf1ab5a46157cae48b7d3ec397c7ad118a35d6bbfdad44543a9949b3de43
4cf4b7215c9f57497a276e8f63cae022310a32199ca06e1fbb42389de123ff13
4d5108399b82641dbf80148c27bb49203d32e211cec1ed139557ceff975c3896
4fa0488eb7fb7402b24815841e511f7a776c54fc402f6a0d0ad8235bf43ad26e
6876bde98b3f0c4013107f69f6bf375f60a2807bd79c11592131d9b8bbbb76ae
6f1dc8b77e09d92335fe34e5463585686f772a523a9122285d886e7d383295bb
6f2cf0c99091af44641cb27eee6a0f32a56aa85f446f60a9482864f2ade413d4
7e2388ec283fe17472ef02829a93da550af8f3ad4a975f50a0110bff61afe523
7e898f2560233fe672543bbaffe66542d387208b18f5639cb3050bd75d167e48
88ef7b589f467f4a280126e59b5428d5169f80a165500687699209f60ca39998
d9acea9d5fd422ecb5ae54d655284fdd04baa10852d9ea2f6db1a28c0f18f9fe
db66f764c311c8c976601370a59831be1b792fe9535c8f36f7de75334226b071
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eeb79b0ae5da35d3433de6edeec3a0e3cce9c24f517dbad26ed97e852666c8f4
f93f059a4a36b6e86db1320a185d50a4b5f9417870e4945999eb244fb2ccd3d2

lokrwebapp.toman.ru Open in urlscan Pro 89.207.93.172 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

21 Requests

71 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

216 kBTransfer

951 kBSize

0 Cookies

0 Outgoing links

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

30 JavaScript Global Variables

0 Cookies

Indicators

lokrwebapp.toman.ru Open in urlscan Pro
89.207.93.172 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

71 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

216 kB
Transfer

951 kB
Size

0
Cookies

21 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!