URL: https://mlv.nitronix.ru/
Submission Tags: phishingrod
Submission: On October 17 via api from DE — Scanned from DE

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 1 HTTP transactions. The main IP is 212.36.224.15, located in Russian Federation and belongs to RDTC-AS RDTC Autonomous System ISP at Novokuznetsk city, RU. The main domain is mlv.nitronix.ru.
TLS certificate: Issued by www.example.org on October 15th 2024. Valid for: 10 years.
This is the only time mlv.nitronix.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 212.36.224.15 29072 (RDTC-AS R...)
1 2
Apex Domain
Subdomains
Transfer
1 nitronix.ru
mlv.nitronix.ru
182 KB
1 1
Domain Requested by
1 mlv.nitronix.ru
1 1

This site contains links to these domains. Also see Links.

Domain
www.bunkerweb.io
Subject Issuer Validity Valid
www.example.org
www.example.org
2024-10-15 -
2034-10-13
10 years crt.sh

This page contains 1 frames:

Primary Page: https://mlv.nitronix.ru/
Frame ID: 69C5BF4F62B256C4EF4F16ABABF816E2
Requests: 4 HTTP requests in this frame

Screenshot

Page Title

403 - Forbidden

Page Statistics

1
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

274 kB
Transfer

277 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
mlv.nitronix.ru/
180 KB
182 KB
Document
General
Full URL
https://mlv.nitronix.ru/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.36.224.15 , Russian Federation, ASN29072 (RDTC-AS RDTC Autonomous System ISP at Novokuznetsk city, RU),
Reverse DNS
212-36-224-15.rdtc.ru
Software
/
Resource Hash
b7ec00d4b86fcb618798a3b97f398b03ea3902e4e1076ee4718566bf2245ba6b
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src http: https: 'unsafe-inline' 'strict-dynamic' 'nonce-tw7bIRDllJPnJ8d2'; style-src 'nonce-kHHy09iApciVWDVR'; frame-ancestors 'none'; base-uri 'none'; img-src 'self' data:; font-src 'self' data:; require-trusted-types-for 'script'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'none'; script-src http: https: 'unsafe-inline' 'strict-dynamic' 'nonce-tw7bIRDllJPnJ8d2'; style-src 'nonce-kHHy09iApciVWDVR'; frame-ancestors 'none'; base-uri 'none'; img-src 'self' data:; font-src 'self' data:; require-trusted-types-for 'script'; block-all-mixed-content; upgrade-insecure-requests;
content-type
text/html
date
Thu, 17 Oct 2024 03:33:46 GMT
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; layout-animation 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
truncated
/
26 KB
26 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e907fa050674784ded146c790edff846694b072c1f9898e94ad5c16624d69a04

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://mlv.nitronix.ru
Referer

Response headers

Content-Type
font/otf;charset=utf-8
truncated
/
5 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2034a2ed9b5ce00be8b2db669306faefa79d9061bd10d7a2af8ad6743d67d56d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/
67 KB
67 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b4da920fa50d874bce2cab0517e4732384a6eef8fe7e1e653d2befcb8aac1aa6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://mlv.nitronix.ru
Referer

Response headers

Content-Type
font/ttf;charset=utf-8

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

21 Console Messages

Source Level URL
Text
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'battery'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'document-domain'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'layout-animation'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'legacy-image-formats'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'navigation-override'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'speaker-selection'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'unoptimized-images'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'unsized-media'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'web-share'.
security warning
Message:
Error with Feature-Policy header: Some features are specified in both Feature-Policy and Permissions-Policy header: accelerometer, autoplay, camera, display-capture, encrypted-media, fullscreen, geolocation, gyroscope, magnetometer, microphone, midi, payment, picture-in-picture, publickey-credentials-get, usb, screen-wake-lock, xr-spatial-tracking. Values defined in Permissions-Policy header will be used.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'battery'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'navigation-override'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
network error URL: https://mlv.nitronix.ru/
Message:
Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; script-src http: https: 'unsafe-inline' 'strict-dynamic' 'nonce-tw7bIRDllJPnJ8d2'; style-src 'nonce-kHHy09iApciVWDVR'; frame-ancestors 'none'; base-uri 'none'; img-src 'self' data:; font-src 'self' data:; require-trusted-types-for 'script'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block