Report - raidawan.chat.ru

Report Overview

Visited public
2025-03-09 22:49:47
Tags
URL
raidawan.chat.ru
Finishing URL
raidawan.chat.ru/
IP / ASN
77.244.218.85
#50340 JSC Selectel
Title
Home Page of RaiDawan

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
raidawan.chat.ru	unknown	1996-11-05	2025-03-09	2025-03-09	2.0 kB	1.1 MB	77.244.218.85
inetlog.ru	unknown	2007-07-16	2012-09-30	2025-01-04	351 B	279 B	5.45.119.164
www.prchecker.info	unknown	2004-09-08	2017-01-29	2023-03-11	359 B	733 B	67.227.215.171
www.chat.ru	unknown	1996-11-05	2017-02-03	2025-03-06	720 B	1.1 MB	77.244.218.84
cdn-rtb.sape.ru	53547	2006-06-19	2014-10-06	2025-03-07	346 B	618 B	193.3.184.46
adexkrzepice.pl	unknown	unknown	No data	No data	362 B	0 B	0.0.0.0
www.ukrnames.com	unknown	2007-09-05	2014-10-14	2025-03-07	826 B	4.7 kB	91.231.84.4
www.cys.ru	unknown	2022-10-18	2012-05-23	2025-02-27	721 B	577 B	62.122.170.171
informer.gismeteo.ru	unknown	2000-12-18	2012-07-16	2025-03-04	364 B	4.0 kB	185.134.203.99
www.internetmap.info	unknown	2023-09-09	2017-02-05	2024-12-22	818 B	1.8 kB	188.114.97.1
www.akusherstvo.ru	631105	2003-02-09	2013-10-13	2023-11-16	372 B	179 B	95.213.130.245

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-03-09 22:49:27	high	77.244.218.85	Client IP	ET WEB_CLIENT Malicious Redirect 8x8 script tag
2025-03-09 22:49:27	high	77.244.218.85	Client IP	ET EXPLOIT_KIT Evil Redirector Leading to EK Jul 08
2025-03-09 22:49:27	high	77.244.218.85	Client IP	ET EXPLOIT_KIT Evil Redirector Leading to EK Dec 09

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-03-09	medium	adexkrzepice.pl	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	cdn-rtb.sape.ru/rtb-b/js/779/2/12779.js	ScriptElement	0 B	0001-01-01	2025-04-28
Pretty URL cdn-rtb.sape.ru/rtb-b/js/779/2/12779.js IP 193.3.184.46 ASN #50214 QWARTA LLC Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-04-28 06:10 Times Seen4561946 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (19)

URL IP Response Size

raidawan.chat.ru/

77.244.218.85

200 OK

6.0 kB

URL User Request GET
raidawan.chat.ru/
IP
77.244.218.85:80
ASN
#50340 JSC Selectel

File type
HTML document, Unicode text, UTF-8 text, with very long lines (6286), with no line terminators
Size
6.0 kB (5959 bytes)
Hash
b06c05dcd9c03d7d9e27ab418e14d9b9
486105518d37ca048ccd5718d17681777ccdd090
1db9cbde58d85e1797a7d451212088abd856d78f7e821843e2d472cdfdbdcb6f

Detections

NIDS	Severity	Alert
suricata	high	ET WEB_CLIENT Malicious Redirect 8x8 script tag
suricata	high	ET EXPLOIT_KIT Evil Redirector Leading to EK Jul 08
suricata	high	ET EXPLOIT_KIT Evil Redirector Leading to EK Dec 09

HTTP Headers

GET / HTTP/1.1
Host: raidawan.chat.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 09 Mar 2025 22:49:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive

adexkrzepice.pl/templates/beez5/q39yfkbg.php?id=8234511

0.0.0.0

0 B

URL GET
adexkrzepice.pl/templates/beez5/q39yfkbg.php?id=8234511
IP
0.0.0.0:0
ASN
#0

Requested by
http://raidawan.chat.ru/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /templates/beez5/q39yfkbg.php?id=8234511 HTTP/1.1
Host: adexkrzepice.pl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://raidawan.chat.ru/
Pragma: no-cache
Cache-Control: no-cache

www.ukrnames.com/banners/banner_88x31_01.gif

91.231.84.4

200 OK

533 B

URL GET
www.ukrnames.com/banners/banner_88x31_01.gif
IP
91.231.84.4:443
ASN
#197726 Ukrainian Internet Names Center LTD

Requested by
http://raidawan.chat.ru/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.ukrnames.com
FingerprintF2:9A:92:6E:39:C3:CC:AD:EB:14:83:4D:DB:78:F9:71:A5:BD:51:6E
ValidityWed, 12 Jun 2024 11:08:57 GMT - Sat, 12 Jul 2025 11:08:56 GMT

File type
GIF image data, version 89a, 88 x 31
Size
533 B (533 bytes)
Hash
85abe3661f5a094e3b91af40de6d224f
e13cf60f5d0d7434a3d6256d6f8bda322bfd6392
aa9e51f5415941bef0ab4471e3706248bdb49d0471cf0d1de16f187125c0396e

HTTP Headers

GET /banners/banner_88x31_01.gif HTTP/1.1
Host: www.ukrnames.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://raidawan.chat.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 09 Mar 2025 22:49:27 GMT
content-type: image/gif
content-length: 533
last-modified: Tue, 06 Apr 2021 19:27:50 GMT
etag: "606cb636-215"
x-frame-options: DENY
accept-ranges: bytes
X-Firefox-Spdy: h2

inetlog.ru/img/del.gif

5.45.119.164

200 OK

43 B

URL GET
inetlog.ru/img/del.gif
IP
5.45.119.164:80
ASN
#198068 P.a.g.m. Ou

Requested by
http://raidawan.chat.ru/

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

HTTP Headers

GET /img/del.gif HTTP/1.1
Host: inetlog.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://raidawan.chat.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Sun, 09 Mar 2025 22:49:27 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Fri, 13 Jan 2017 09:26:25 GMT
Connection: keep-alive
ETag: "58789d41-2b"
Accept-Ranges: bytes

www.cys.ru/button.png?url=raidawan.chat.ru

62.122.170.171

302 Found

0 B

URL GET
www.cys.ru/button.png?url=raidawan.chat.ru
IP
62.122.170.171:80
ASN
#50245 Serverel Inc.

Requested by
http://raidawan.chat.ru/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /button.png?url=raidawan.chat.ru HTTP/1.1
Host: www.cys.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://raidawan.chat.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.14.1
Date: Sun, 09 Mar 2025 22:49:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.2.24
Set-Cookie: PHPSESSID=5pocvk4gjhc8msvsi4b3s3knrd; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: http://www.cys.ru/site/index

www.prchecker.info/PR3_img.gif

67.227.215.171

200 OK

316 B

URL GET
www.prchecker.info/PR3_img.gif
IP
67.227.215.171:80
ASN
#32244 LIQUIDWEB

Requested by
http://raidawan.chat.ru/

File type
GIF image data, version 89a, 70 x 20
Size
316 B (316 bytes)
Hash
5dce160ba2860489d6d91fae46dd5c78
557b1af7fffacc0005a77838eaa0455505467dc1
1d54c05b30df95d2d79a8db7542ef2810b7afdb1b2682c1b65ed25f6703814a6

HTTP Headers

GET /PR3_img.gif HTTP/1.1
Host: www.prchecker.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://raidawan.chat.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 09 Mar 2025 22:49:28 GMT
Content-Type: image/gif
Content-Length: 316
Connection: keep-alive
Last-Modified: Fri, 25 Jun 2021 14:23:04 GMT
Expires: Thu, 08 May 2025 22:49:28 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Accept-Ranges: bytes

informer.gismeteo.ru/new/5053-9.GIF

185.134.203.99

200 OK

3.7 kB

URL GET
informer.gismeteo.ru/new/5053-9.GIF
IP
185.134.203.99:80
ASN
#203444 MapMakers Group Ltd

Requested by
http://raidawan.chat.ru/

File type
GIF image data, version 87a, 120 x 60
Size
3.7 kB (3744 bytes)
Hash
2481afc6ff2d9a033d3330e6e4d5222e
10cf6edf76b7f33cda87e87c90ba3bebbc7ec55f
6c4ea86767cfad5f97207e9808899b165f48a693a58ece10723ff4355a04a32a

HTTP Headers

GET /new/5053-9.GIF HTTP/1.1
Host: informer.gismeteo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://raidawan.chat.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 09 Mar 2025 22:49:27 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.45
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Server: gis

www.internetmap.info/images/88x31_ua.gif

188.114.97.1

301 Moved Permanently

0 B

URL GET
www.internetmap.info/images/88x31_ua.gif
IP
188.114.97.1:80
ASN
#13335 CLOUDFLARENET

Requested by
http://raidawan.chat.ru/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /images/88x31_ua.gif HTTP/1.1
Host: www.internetmap.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://raidawan.chat.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Sun, 09 Mar 2025 22:49:27 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 09 Mar 2025 23:49:27 GMT
Location: https://www.internetmap.info/images/88x31_ua.gif
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ADo212VbCFzKrY1EEOw%2FtLFpfzdvpAY2i6wAwHuK5YUjpFF8pTzMiC0hpZiJcNjkfRX5QAWB5%2BWXeWzfHZ4u79vR6JPEySjH8actgH4F7SA8qCvaQXmYqkdyxZ6O%2BA23bMOJK9CPJA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 91de202bfe82b521-OSL
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=523&min_rtt=523&rtt_var=261&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=369&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

raidawan.chat.ru/bg1.gif

77.244.218.85

302 Moved Temporarily

542 kB

URL GET
raidawan.chat.ru/bg1.gif
IP
77.244.218.85:80
ASN
#50340 JSC Selectel

Requested by
http://raidawan.chat.ru/

File type

Size
542 kB (542067 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /bg1.gif HTTP/1.1
Host: raidawan.chat.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://raidawan.chat.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.7.67
Date: Sun, 09 Mar 2025 22:49:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://www.chat.ru/system_missing.html

www.chat.ru/system_missing.html

77.244.218.84

200 OK

542 kB

URL GET
www.chat.ru/system_missing.html
IP
77.244.218.84:80
ASN
#50340 JSC Selectel

Requested by
http://raidawan.chat.ru/

File type
HTML document, Unicode text, UTF-8 text, with very long lines (51704)
Size
542 kB (542067 bytes)
Hash
f4a484a2eb5c9926c114ae1e65d1f724
b49060397cfc9bb7bc290a73017e2ce15fb609f4
bb176998212749f01f2363b4d13e4a315d7df892f8e1e7b222ad47fd0d3962d3

HTTP Headers

GET /system_missing.html HTTP/1.1
Host: www.chat.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://raidawan.chat.ru/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 09 Mar 2025 22:49:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3-7+squeeze19
Cache-Control: no-cache, must-revalidate
Content-Language: ru

raidawan.chat.ru/

0.0.0.0

0 B

URL User Request GET
raidawan.chat.ru/
IP
0.0.0.0:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET WEB_CLIENT Malicious Redirect 8x8 script tag
suricata	high	ET EXPLOIT_KIT Evil Redirector Leading to EK Jul 08
suricata	high	ET EXPLOIT_KIT Evil Redirector Leading to EK Dec 09

HTTP Headers

GET / HTTP/1.1
Host: raidawan.chat.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

cdn-rtb.sape.ru/rtb-b/js/779/2/12779.js

193.3.184.46

200 OK

0 B

URL GET
cdn-rtb.sape.ru/rtb-b/js/779/2/12779.js
IP
193.3.184.46:80
ASN
#50214 QWARTA LLC

Requested by
http://raidawan.chat.ru/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /rtb-b/js/779/2/12779.js HTTP/1.1
Host: cdn-rtb.sape.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://raidawan.chat.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Sun, 09 Mar 2025 22:49:27 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "d41d8cd98f00b204e9800998ecf8427e"
Last-Modified: Thu, 23 Mar 2023 09:03:17 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 182761A3A4F695D5
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 09 Mar 2025 23:49:27 GMT
Cache-Control: max-age=3600
X-Cache-Status: HIT
Accept-Ranges: bytes

www.cys.ru/site/index

62.122.170.171

404 Not Found

0 B

URL GET
www.cys.ru/site/index
IP
62.122.170.171:80
ASN
#50245 Serverel Inc.

Requested by
http://raidawan.chat.ru/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /site/index HTTP/1.1
Host: www.cys.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://raidawan.chat.ru/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.14.1
Date: Sun, 09 Mar 2025 22:49:27 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 169
Connection: keep-alive

www.akusherstvo.ru/lines/lineika/174019.gif

95.213.130.245

404 Not Found

0 B

URL GET
www.akusherstvo.ru/lines/lineika/174019.gif
IP
95.213.130.245:80
ASN
#50340 JSC Selectel

Requested by
http://raidawan.chat.ru/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /lines/lineika/174019.gif HTTP/1.1
Host: www.akusherstvo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://raidawan.chat.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 09 Mar 2025 22:49:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

www.internetmap.info/images/88x31_ua.gif

188.114.97.1

404 Not Found

0 B

URL GET
www.internetmap.info/images/88x31_ua.gif
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
http://raidawan.chat.ru/
Certificate
IssuerGoogle Trust Services
Subjectinternetmap.info
FingerprintE7:74:76:BB:51:61:2B:DE:87:A8:B1:EC:0C:EC:D9:82:DD:89:8E:29
ValiditySat, 15 Feb 2025 11:48:54 GMT - Fri, 16 May 2025 12:47:09 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /images/88x31_ua.gif HTTP/1.1
Host: www.internetmap.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://raidawan.chat.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Sun, 09 Mar 2025 22:49:28 GMT
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9ZAib4OMxwvo33fxI1p1T76s29t1scMA3Vw4VHRoqVpXj1uLaDTDxDvr4spohm8x2L7uxmwBp9V3jqUNLMSqDvedQ6znQXm2NHVemV2%2BlLEt80x%2F5uNQSXPBTEFXhK%2BnK%2Bc0LaCpqg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91de202c4b07b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=550&min_rtt=434&rtt_var=222&sent=8&recv=10&lost=0&retrans=0&sent_bytes=3213&recv_bytes=1093&delivery_rate=8134831&cwnd=254&unsent_bytes=0&cid=56047d1f272429f8&ts=675&x=0"
X-Firefox-Spdy: h2

raidawan.chat.ru/favicon.ico

77.244.218.85

302 Moved Temporarily

542 kB

URL GET
raidawan.chat.ru/favicon.ico
IP
77.244.218.85:80
ASN
#50340 JSC Selectel

Requested by
http://raidawan.chat.ru/

File type

Size
542 kB (542067 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: raidawan.chat.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://raidawan.chat.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.7.67
Date: Sun, 09 Mar 2025 22:49:28 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://www.chat.ru/system_missing.html

www.chat.ru/system_missing.html

77.244.218.84

200 OK

542 kB

URL GET
www.chat.ru/system_missing.html
IP
77.244.218.84:80
ASN
#50340 JSC Selectel

Requested by
http://raidawan.chat.ru/

File type
HTML document, Unicode text, UTF-8 text, with very long lines (51704)
Size
542 kB (542067 bytes)
Hash
f4a484a2eb5c9926c114ae1e65d1f724
b49060397cfc9bb7bc290a73017e2ce15fb609f4
bb176998212749f01f2363b4d13e4a315d7df892f8e1e7b222ad47fd0d3962d3

HTTP Headers

GET /system_missing.html HTTP/1.1
Host: www.chat.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://raidawan.chat.ru/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 09 Mar 2025 22:49:28 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3-7+squeeze19
Cache-Control: no-cache, must-revalidate
Content-Language: ru

raidawan.chat.ru/it-specialist.jpg

77.244.218.85

200 OK

23 kB

URL GET
raidawan.chat.ru/it-specialist.jpg
IP
77.244.218.85:80
ASN
#50340 JSC Selectel

Requested by
http://raidawan.chat.ru/

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2010:08:22 23:46:51], baseline, precision 8, 152x153, components 3
Size
23 kB (23141 bytes)
Hash
907660c18489b7cc133d327cc26d9b50
6ce7404072e108c27a2b9e79e583a02c69755e06
b3fd1407d0cd470b3019fbe256dde4513180c3ec5ea44256136207c784fc0272

HTTP Headers

GET /it-specialist.jpg HTTP/1.1
Host: raidawan.chat.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://raidawan.chat.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 09 Mar 2025 22:49:27 GMT
Content-Type: image/jpeg
Content-Length: 23141
Last-Modified: Sun, 29 Jan 2012 13:59:48 GMT
Connection: keep-alive
Accept-Ranges: bytes

www.ukrnames.com/banners/banner_88x31_01.gif

91.231.84.4

301 Moved Permanently

533 B

URL GET
www.ukrnames.com/banners/banner_88x31_01.gif
IP
91.231.84.4:80
ASN
#197726 Ukrainian Internet Names Center LTD

Requested by
http://raidawan.chat.ru/

File type

Size
533 B (533 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /banners/banner_88x31_01.gif HTTP/1.1
Host: www.ukrnames.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://raidawan.chat.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 09 Mar 2025 22:49:27 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.ukrnames.com/banners/banner_88x31_01.gif
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: frame-src 'self' blob: 'self' https://www.google.com.ua https://secure.wayforpay.com https://www.facebook.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://www.ukrnames.com https://bg.ukrnames.com https://cdn.ukrnames.ua https://apis.google.com https://accounts.google.com https://www.google.com https://embed.tawk.to https://cdn.datatables.net https://play.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' blob: 'self' https://www.ukrnames.com https://secure.wayforpay.com https://bg.ukrnames.com https://cdn.ukrnames.ua https://cdn.datatables.net https://embed.tawk.to https://cdn.jsdelivr.net https://ajax.googleapis.com https://www.googleadservices.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net  https://apis.google.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://googletagmanager.com https://maps.google.com https://maps.googleapis.com https://translate.google.com https://accounts.google.com https://play.google.com; style-src 'self' 'unsafe-inline' https://secure.wayforpay.com https://embed.tawk.to https://cdn.datatables.net https://bg.ukrnames.com https://cdn.ukrnames.ua https://accounts.google.com https://fonts.googleapis.com https://www.gstatic.com; font-src 'self' data: https://embed.tawk.to https://fonts.gstatic.com; img-src 'self' data: https://*.amazonaws.com https://embed.tawk.to https://cdn.datatables.net  https://cdn.ukrnames.ua https://bg.ukrnames.com https://www.facebook.com https://m.facebook.com https://connect.facebook.net https://*.gstatic.com https://www.google.com https://www.google.ru https://www.google.es https://www.google.fr https://www.google.nl https://www.google.kz https://www.google.by https://www.google.de https://www.google.pl https://www.google.ae https://www.google.md https://www.google.ca https://www.google.com.ua https://www.google.com.tr https://www.google.co.uk https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com blob: 'self' https://bg.ukrnames.com https://cdn.ukrnames.ua https://accounts.google.com; connect-src blob: 'self' wss://www.ukrnames.com wss://*.tawk.to https://www.facebook.com https://secure.wayforpay.com  https://*.tawk.to https://analytics.google.com https://stats.g.doubleclick.net
Permissions-Policy: accelerometer=(self), autoplay=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), encrypted-media=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), midi=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), xr-spatial-tracking=(self), clipboard-read=(self), clipboard-write=(self), gamepad=(self), hid=(self), idle-detection=(self), serial=(self), payment=*

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (19)

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET

IP