ch31748.tw1.ru Open in urlscan Pro
2a03:6f00:6:1::b972:f7e8 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://kit.do/alXw4a
Effective URL:
http://ch31748.tw1.ru/125Authentification.html
Submission Tags: @phish_report
Submission: On September 11 via api (September 11th 2023, 12:08:59 pm UTC) from FI — Scanned from FI

Summary HTTP 5 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 5 HTTP transactions. The main IP is 2a03:6f00:6:1::b972:f7e8, located in Warsaw, Poland and belongs to TIMEWEB-AS, RU. The main domain is ch31748.tw1.ru.

This is the only time ch31748.tw1.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3031::6815:258e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a03:6f00:6:1... 2a03:6f00:6:1::b972:f7e8	9123 (TIMEWEB-AS) (TIMEWEB-AS)
5	2

1 2606:4700:3031::6815:258e (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

kit.do	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:6f00:6:1::b972:f7e8 (Warsaw, Poland)

ASN9123 (TIMEWEB-AS, RU)

ch31748.tw1.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	tw1.ru ch31748.tw1.ru	39 KB
1	kit.do 1 redirects kit.do	1 KB
0	Failed function sub() { [native code] }. Failed
5	3

	Domain	Requested by
3	ch31748.tw1.ru	ch31748.tw1.ru
1	kit.do	1 redirects
0	dhhpefjklgkmgeafimnjhojgjamoafof Failed	ch31748.tw1.ru
0	fjoaledfpmneenckfbpdfhkmimnjocfa Failed	ch31748.tw1.ru
5	4

This site contains links to these domains. Also see Links.

Domain
extranet.ac-mayotte.fr
messagerie.ac-mayotte.fr

Subject Issuer	Validity	Valid

This page contains 2 frames:

Primary Page: http://ch31748.tw1.ru/125Authentification.html
Frame ID: 9521C2091672C4BC1F24D177E761AAFA
Requests: 9 HTTP requests in this frame

Frame: http://ch31748.tw1.ru/125Authentification_files/download-iframe-GC.html
Frame ID: 4FE44476C8F5FBF03A43348C8C2825E4
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Authentification

Page URL History Show full URLs

https://kit.do/alXw4a HTTP 302
http://ch31748.tw1.ru/125Authentification.html Page URL

Page Statistics

5
Requests

0 %
HTTPS

100 %
IPv6

3
Domains

4
Subdomains

2
IPs

2
Countries

39 kB
Transfer

94 kB
Size

4
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://extranet.ac-mayotte.fr/login/activation_cle.jsp
Title: activer ma clé

Search URL Search Domain Scan URL

URL: https://messagerie.ac-mayotte.fr/aida
Title: cliquez ce lien

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://kit.do/alXw4a HTTP 302
http://ch31748.tw1.ru/125Authentification.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
6 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request 125Authentification.html Show response ch31748.tw1.ru/ Redirect Chain https://kit.do/alXw4a http://ch31748.tw1.ru/125Authentification.html	59 KB 38 KB	141ms 49ms	Document text/html	2a03:6f00:6:1::b972:f7e8 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL http://ch31748.tw1.ru/125Authentification.html Protocol HTTP/1.1 Server 2a03:6f00:6:1::b972:f7e8 Warsaw, Poland, ASN9123 (TIMEWEB-AS, RU), Reverse DNS Software nginx/1.22.1 / Resource Hash `c2b47b917eee5c72d1245cf901dbf2913eb3d57e31db07108fad44ca7c292ee8` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 accept-language fi-FI,fi;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=utf-8 Date Mon, 11 Sep 2023 12:08:53 GMT ETag W/"eaa4-60511ed41e337" Last-Modified Mon, 11 Sep 2023 09:26:53 GMT Server nginx/1.22.1 Transfer-Encoding chunked Vary Accept-Encoding Redirect headers alt-svc h3=":443"; ma=86400 cache-control no-cache, private cf-cache-status DYNAMIC cf-ray 804fcc71893f4c7c-HEL content-type text/html; charset=UTF-8 date Mon, 11 Sep 2023 12:08:53 GMT location http://ch31748.tw1.ru/125Authentification.html nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gy7fEXMYrAC5LO9a5zgNoPtLgek1fIl9D8Pln6%2B1UDRaBL%2FhAwiH0eoQwaGkwANbu1%2FCG93IePGbZsnCs0bklP%2FOSgD15UPz5Rwc%2BLNo6HOrT1vdraJfUmimCoIk2uMMxzB3n%2Fc%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding,User-Agent x-powered-by PHP/7.2.34
GET H/1.1	200 OK	css ch31748.tw1.ru/125Authentification_files/	656 B 874 B	83ms 48ms	Stylesheet text/plain	2a03:6f00:6:1::b972:f7e8 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL http://ch31748.tw1.ru/125Authentification_files/css Requested by Host: ch31748.tw1.ru URL: http://ch31748.tw1.ru/125Authentification.html Protocol HTTP/1.1 Server 2a03:6f00:6:1::b972:f7e8 Warsaw, Poland, ASN9123 (TIMEWEB-AS, RU), Reverse DNS Software nginx/1.22.1 / Resource Hash `7d8874be11b33e1c104b4d84881b6dad69c87e06def0107abfe8bf9c53a45f0d` Request headers accept-language fi-FI,fi;q=0.9 Referer http://ch31748.tw1.ru/125Authentification.html User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Response headers Date Mon, 11 Sep 2023 12:08:54 GMT Last-Modified Mon, 11 Sep 2023 09:26:55 GMT Server nginx/1.22.1 Connection keep-alive Accept-Ranges bytes ETag "290-60511ed67ca58" Content-Length 656
GET DATA	200 OK	truncated /	25 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a0e585b3324d091e9591fdfb631b2d81f69680a04c482e9d6b7d39e4eb6278cd` Request headers accept-language fi-FI,fi;q=0.9 Referer http://ch31748.tw1.ru/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	3 KB 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `63ae340679d5af35ec862cc7cc430135ddb8b194f702e5505292c70a63a46d83` Request headers accept-language fi-FI,fi;q=0.9 Referer http://ch31748.tw1.ru/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Response headers Content-Type image/gif
GET DATA	200 OK	truncated /	3 KB 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `df1a98d6ee3b9578353f14046cccfdd676066bd87d793b766f634a185761802e` Request headers accept-language fi-FI,fi;q=0.9 Referer http://ch31748.tw1.ru/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Response headers Content-Type image/gif
GET DATA	200 OK	truncated /	2 KB 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `09966d1a1a6a6e10d0b016ce71ad623aab78b78cf7c9bca140e72c4d60bc3e0b` Request headers accept-language fi-FI,fi;q=0.9 Referer http://ch31748.tw1.ru/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Response headers Content-Type image/gif
GET		contentScript.bundle.css fjoaledfpmneenckfbpdfhkmimnjocfa/	0 0

GET H/1.1	200 OK	download-iframe-GC.html Show response ch31748.tw1.ru/125Authentification_files/ Frame 4FE4	341 B 599 B	49ms 49ms	Document text/html	2a03:6f00:6:1::b972:f7e8 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL http://ch31748.tw1.ru/125Authentification_files/download-iframe-GC.html Requested by Host: ch31748.tw1.ru URL: http://ch31748.tw1.ru/125Authentification.html Protocol HTTP/1.1 Server 2a03:6f00:6:1::b972:f7e8 Warsaw, Poland, ASN9123 (TIMEWEB-AS, RU), Reverse DNS Software nginx/1.22.1 / Resource Hash `5edccdb352fa8df20a15c2125f2e24c5d09ab15230a667c85d9f0b702eb59c25` Request headers Referer http://ch31748.tw1.ru/125Authentification.html Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 accept-language fi-FI,fi;q=0.9 Response headers Accept-Ranges bytes Connection keep-alive Content-Length 341 Content-Type text/html; charset=utf-8 Date Mon, 11 Sep 2023 12:08:54 GMT ETag "155-60511ed6549b8" Last-Modified Mon, 11 Sep 2023 09:26:55 GMT Server nginx/1.22.1
GET DATA	200 OK	truncated /	1 KB 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5b24b39536564664d3b3f8370c7f5eebdda366c5ea5ba7acee6a853e115fd4a7` Request headers accept-language fi-FI,fi;q=0.9 Referer http://ch31748.tw1.ru/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Response headers Content-Type image/gif
GET DATA	200 OK	truncated /	932 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `8c81b6cbb3ca90d967cf811099e7636d47bb122d2950ecfcb9e56f0713aeadeb` Request headers accept-language fi-FI,fi;q=0.9 Referer http://ch31748.tw1.ru/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Response headers Content-Type image/gif
GET		download-iframe.js dhhpefjklgkmgeafimnjhojgjamoafof/ Frame 4FE4	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fjoaledfpmneenckfbpdfhkmimnjocfa
URL: chrome-extension://fjoaledfpmneenckfbpdfhkmimnjocfa/contentScript.bundle.css

Domain: dhhpefjklgkmgeafimnjhojgjamoafof
URL: chrome-extension://dhhpefjklgkmgeafimnjhojgjamoafof/download-iframe.js

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| savepage_ShadowLoader

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.kit.do/	1970-01-20 14:40:41	Name: XSRF-TOKEN Value: eyJpdiI6InNOOTZrZXpBUXVzcUphWXM2aDJQdnc9PSIsInZhbHVlIjoienRHeDh1eG1LM1dZUDJ5R25yLzIxVlNNYzZIcDdETkxQaDhtN2JTNFRYUWVyRnFPa1pxYkRBdWY4bWE1bThPeiIsIm1hYyI6ImYzMDJlNGI2Zjk1OWZiYmZmMTE2NDMwZjc4NTdmNGRiZTdlZmE0NDY5Y2YzMmUyZDdkODg4MTZlMzAxNjBjMzAifQ%3D%3D
.kit.do/	1970-01-20 14:40:41	Name: kitdo_session Value: eyJpdiI6IkNuTHNQaFdNREdma1NOR21nMGhPZkE9PSIsInZhbHVlIjoiVm1JU2RPOXZuQVF6ZndJb2dkdm1NSlNlSXhtdkxBMklYbkhwTi9vRWNMdmpSb0dUZEJ4ZkZCSEZoOFAveTJnbSIsIm1hYyI6ImFhYTVmYzE5ZmM0MjY0M2UyMzZlYTlkMTcyZmVlYjM0MGE2ZDVhMzQ0ODViOGU5OGM5OTYyNTM1NmE1NzMwMDEifQ%3D%3D
.kit.do/	1970-01-21 00:16:34	Name: utid Value: eyJpdiI6IkhITmxhdmNwTjlnUDIyem44NTdhUVE9PSIsInZhbHVlIjoiVUQ5eURIZUdvZDVCbFRQRlJLSXdrZVpCK0M5NXhYNXdrQ3Zzd3EvZ0I2az0iLCJtYWMiOiJmM2QyN2RhMDAyNmY5YzEzYTBmZmExNzliY2QwZGEyZTVhYTQ2MDVlZDhhNmNhYTFhZjAwMDQ2YjE4NTA3YWM2In0%3D
.kit.do/	1970-01-20 23:27:36	Name: locale Value: en

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: chrome-extension://fjoaledfpmneenckfbpdfhkmimnjocfa/contentScript.bundle.css Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network	error	URL: chrome-extension://dhhpefjklgkmgeafimnjhojgjamoafof/download-iframe.js Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ch31748.tw1.ru
dhhpefjklgkmgeafimnjhojgjamoafof
fjoaledfpmneenckfbpdfhkmimnjocfa
kit.do
dhhpefjklgkmgeafimnjhojgjamoafof
fjoaledfpmneenckfbpdfhkmimnjocfa
2606:4700:3031::6815:258e
2a03:6f00:6:1::b972:f7e8
09966d1a1a6a6e10d0b016ce71ad623aab78b78cf7c9bca140e72c4d60bc3e0b
5b24b39536564664d3b3f8370c7f5eebdda366c5ea5ba7acee6a853e115fd4a7
5edccdb352fa8df20a15c2125f2e24c5d09ab15230a667c85d9f0b702eb59c25
63ae340679d5af35ec862cc7cc430135ddb8b194f702e5505292c70a63a46d83
7d8874be11b33e1c104b4d84881b6dad69c87e06def0107abfe8bf9c53a45f0d
8c81b6cbb3ca90d967cf811099e7636d47bb122d2950ecfcb9e56f0713aeadeb
a0e585b3324d091e9591fdfb631b2d81f69680a04c482e9d6b7d39e4eb6278cd
c2b47b917eee5c72d1245cf901dbf2913eb3d57e31db07108fad44ca7c292ee8
df1a98d6ee3b9578353f14046cccfdd676066bd87d793b766f634a185761802e

ch31748.tw1.ru Open in urlscan Pro 2a03:6f00:6:1::b972:f7e8 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

5 Requests

0 %HTTPS

100 %IPv6

3 Domains

4 Subdomains

2 IPs

2 Countries

39 kBTransfer

94 kBSize

4 Cookies

2 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

4 Cookies

2 Console Messages

Indicators

ch31748.tw1.ru Open in urlscan Pro
2a03:6f00:6:1::b972:f7e8 Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

0 %
HTTPS

100 %
IPv6

3
Domains

4
Subdomains

2
IPs

2
Countries

39 kB
Transfer

94 kB
Size

4
Cookies

5 HTTP transactions
6 data transactions