gfwannacheatla2024.click Open in urlscan Pro
2606:4700:3034::6815:3add Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://elliotx0p.coicalarchonewc.ru.com/i-ft2xR30zW_JsgKffRJH-bbqqAX5ezUGAc0yarGyvdGyGcw8QjyEa3mDe1aew-cQ5o3-CbTviaSUM-aCAGgAzNIOFB7RNvB...
Effective URL:
https://gfwannacheatla2024.click/?s1=ser1&i_3=dmFuLmFzc2NoZS5kYXZ5QGhvdG1haWwuY29t
Submission: On November 09 via api (November 9th 2024, 3:28:47 am UTC) from BE — Scanned from DE

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 8 HTTP transactions. The main IP is 2606:4700:3034::6815:3add, located in United States and belongs to CLOUDFLARENET, US. The main domain is gfwannacheatla2024.click.
TLS certificate: Issued by WE1 on September 23rd 2024. Valid for: 3 months.

This is the only time gfwannacheatla2024.click was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	2606:4700:303... 2606:4700:3032::6815:19f2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:303... 2606:4700:3034::6815:3add	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	4

2 2606:4700:3032::6815:19f2 (United States)

ASN13335 (CLOUDFLARENET, US)

elliotx0p.coicalarchonewc.ru.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3034::6815:3add (United States)

ASN13335 (CLOUDFLARENET, US)

gfwannacheatla2024.click	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

svntrk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	ru.com elliotx0p.coicalarchonewc.ru.com	2 KB
1	svntrk.com svntrk.com — Cisco Umbrella Rank: 898194	651 B
1	gfwannacheatla2024.click gfwannacheatla2024.click	4 KB
8	3

	Domain	Requested by
2	elliotx0p.coicalarchonewc.ru.com
1	svntrk.com	gfwannacheatla2024.click
1	gfwannacheatla2024.click	elliotx0p.coicalarchonewc.ru.com gfwannacheatla2024.click
8	3

This site contains no links.

Subject Issuer	Validity	Valid
coicalarchonewc.ru.com WE1	`2024-10-27` - `2025-01-25`	3 months	crt.sh
gfwannacheatla2024.click WE1	`2024-09-23` - `2024-12-22`	3 months	crt.sh
svntrk.com Cloudflare Inc ECC CA-3	`2023-12-28` - `2024-12-27`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://gfwannacheatla2024.click/?s1=ser1&i_3=dmFuLmFzc2NoZS5kYXZ5QGhvdG1haWwuY29t
Frame ID: E94F7C999E3F1DD63C6FDC527B735BA3
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

WARNUNG

Page URL History Show full URLs

https://elliotx0p.coicalarchonewc.ru.com/i-ft2xR30zW_JsgKffRJH-bbqqAX5ezUGAc0yarGyvdGyGcw8QjyEa3mDe1aew-cQ5o3-CbTviaS... Page URL
https://gfwannacheatla2024.click/?s1=ser1&i_3=dmFuLmFzc2NoZS5kYXZ5QGhvdG1haWwuY29t Page URL

Detected technologies

Laravel (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

Page Statistics

8
Requests

50 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

6 kB
Transfer

9 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://elliotx0p.coicalarchonewc.ru.com/i-ft2xR30zW_JsgKffRJH-bbqqAX5ezUGAc0yarGyvdGyGcw8QjyEa3mDe1aew-cQ5o3-CbTviaSUM-aCAGgAzNIOFB7RNvBj6JYl_G776HxMVejey481A Page URL
https://gfwannacheatla2024.click/?s1=ser1&i_3=dmFuLmFzc2NoZS5kYXZ5QGhvdG1haWwuY29t Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	i-ft2xR30zW_JsgKffRJH-bbqqAX5ezUGAc0yarGyvdGyGcw8QjyEa3mDe1aew-cQ5o3-CbTviaSUM-aCAGgAzNIOFB7RNvBj6JYl_G776HxMVejey481A Show response elliotx0p.coicalarchonewc.ru.com/	336 B 983 B	98ms 75ms	Document text/html	2606:4700:3032::6815:19f2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://elliotx0p.coicalarchonewc.ru.com/i-ft2xR30zW_JsgKffRJH-bbqqAX5ezUGAc0yarGyvdGyGcw8QjyEa3mDe1aew-cQ5o3-CbTviaSUM-aCAGgAzNIOFB7RNvBj6JYl_G776HxMVejey481A Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:19f2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/5.4.16 Resource Hash `2a3c9f2c47afe4bbe651cd87e877623ae89e90b49224b9704a9028205e7bf99c` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8dfab6a199c4d2bb-FRA content-encoding zstd content-type text/html; charset=UTF-8 date Sat, 09 Nov 2024 03:28:33 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} priority u=0,i report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9leFe63p2SVLGz9sPKtCBWlAPAy02C1GnvCbU7cOZFos6Z75n2Vxhc1LS%2BRREfaJmQMpYwGaJAwG1V4m%2FtjZTWSPivwpJQ42y4plEeNXolQx70kAfA308DTqzWZB7bLUnrF7pbG8pk6fDY9yApX9f08n4tmOsDwhPmRRe4qDtg%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare server-timing cfL4;desc="?proto=QUIC&rtt=9473&sent=13&recv=10&lost=0&retrans=0&sent_bytes=4188&recv_bytes=4533&delivery_rate=896&cwnd=12000&unsent_bytes=0&cid=757cd9b60d1e8563&ts=81&x=1" cfExtPri cfHdrFlush;dur=0 x-powered-by PHP/5.4.16
GET H3	200	favicon.ico elliotx0p.coicalarchonewc.ru.com/	296 B 949 B	86ms 86ms	Other text/html	2606:4700:3032::6815:19f2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://elliotx0p.coicalarchonewc.ru.com/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:19f2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/5.4.16 Resource Hash `8563ee4afe4e2eda78c84c70fd20af7daee86a142a742871b87715c11974012b` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://elliotx0p.coicalarchonewc.ru.com/i-ft2xR30zW_JsgKffRJH-bbqqAX5ezUGAc0yarGyvdGyGcw8QjyEa3mDe1aew-cQ5o3-CbTviaSUM-aCAGgAzNIOFB7RNvBj6JYl_G776HxMVejey481A Response headers server cloudflare cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding zstd cf-cache-status MISS report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vUdnDWrbpZj6opJQVISXgUXXg489cPpgSnUSprGjZPBqNJc5v3W0VeXczJtP9JGxXfSIndbhiv1tafHVOfAYj4j9hMR%2BcGmrpIOvHYhFasMhBDCMD8C%2BFgUZUEDZPAcNFOTeb5LMsZYui2Ua6o0c8PBuligmZJvQlEko%2FrrFbw%3D%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8dfab6a24abbd2bb-FRA alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=9052&sent=16&recv=12&lost=0&retrans=0&sent_bytes=5242&recv_bytes=5036&delivery_rate=168753&cwnd=12000&unsent_bytes=0&cid=757cd9b60d1e8563&ts=200&x=1", cfExtPri, cfHdrFlush;dur=0 date Sat, 09 Nov 2024 03:28:33 GMT content-type text/html; charset=UTF-8 x-powered-by PHP/5.4.16 vary Accept-Encoding last-modified Sat, 09 Nov 2024 03:28:33 GMT priority u=1,i
GET H3	200	Primary Request / Show response gfwannacheatla2024.click/	8 KB 4 KB	370ms 339ms	Document text/html	2606:4700:3034::6815:3add CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://gfwannacheatla2024.click/?s1=ser1&i_3=dmFuLmFzc2NoZS5kYXZ5QGhvdG1haWwuY29t Requested by Host: elliotx0p.coicalarchonewc.ru.com URL: https://elliotx0p.coicalarchonewc.ru.com/i-ft2xR30zW_JsgKffRJH-bbqqAX5ezUGAc0yarGyvdGyGcw8QjyEa3mDe1aew-cQ5o3-CbTviaSUM-aCAGgAzNIOFB7RNvBj6JYl_G776HxMVejey481A Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:3add , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ba588294948a7f48ad7ccff037cb277faa3b29bc863ac33b40bef11c65a321bd` Request headers Referer https://elliotx0p.coicalarchonewc.ru.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=86400 cache-control no-cache, private cf-cache-status DYNAMIC cf-ray 8dfab6a8c9f44d56-FRA content-encoding zstd content-type text/html; charset=UTF-8 date Sat, 09 Nov 2024 03:28:35 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L71mf9qVz2nwjWP2UFmcale9oZkIzplHaQM86aiBi2b7rGOsho4tLK6DC1xmp7tScFay%2B%2Bra616Pa7I%2BXDUdtnn79fICSs9CCNxSw4zYPXZmugQkYpAeXBMhdGZrhHGThgDApJ7zMUdsq%2BuPdbax5cL2jjmUuEo%3D"}],"group":"cf-nel","max_age":604800} server cloudflare server-timing cfL4;desc="?proto=QUIC&rtt=18636&sent=12&recv=11&lost=0&retrans=0&sent_bytes=4206&recv_bytes=5722&delivery_rate=625&cwnd=12000&unsent_bytes=0&cid=ef84c38498aa7345&ts=365&x=1" cfHdrFlush;dur=0 vary accept-encoding
GET H2	200	ser1_672ed6e2e5ca2.js Show response svntrk.com/assets/	0 651 B	859ms 233ms	Script text/javascript	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://svntrk.com/assets/ser1_672ed6e2e5ca2.js Requested by Host: gfwannacheatla2024.click URL: https://gfwannacheatla2024.click/?s1=ser1&i_3=dmFuLmFzc2NoZS5kYXZ5QGhvdG1haWwuY29t Protocol H2 Security TLS 1.3, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://gfwannacheatla2024.click/ Response headers cache-control no-cache, private nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding zstd cf-cache-status BYPASS report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eQpTGCR07IuSl0BXfmScTqyxO2bvtBp%2BtDKx498e9X95NaiSNt2GCCkQ6%2F6q453m1vTMu5lc6L4IRkSKNh7FjcZKUtgDAZjvYNgExZRwsRI5FLSUIuOcj3Ms92lb"}],"group":"cf-nel","max_age":604800} cf-ray 8dfab6aeed5892b9-FRA alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=TCP&rtt=6186&sent=8&recv=13&lost=0&retrans=0&sent_bytes=3743&recv_bytes=2196&delivery_rate=553896&cwnd=246&unsent_bytes=0&cid=2c790f38c5adb2a5&ts=242&x=0" date Sat, 09 Nov 2024 03:28:35 GMT content-type text/javascript; charset=UTF-8 vary Accept-Encoding server cloudflare
GET		fp.v3.646d4b3deea4287def3fdfc18906bcc7.js gfwannacheatla2024.click/scripts/	0 0

GET		vendor.b84f61508d3ab31bb11cedb0f59a50f1.css gfwannacheatla2024.click/landings/11de/fonts/	0 0

GET		vendor.28283434543cac946c1427e1ce70d8b3.js gfwannacheatla2024.click/landings/11de/js/	0 0

GET		red_logo.png gfwannacheatla2024.click/landings/11de/img/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: gfwannacheatla2024.click
URL: https://gfwannacheatla2024.click/scripts/fp.v3.646d4b3deea4287def3fdfc18906bcc7.js

Domain: gfwannacheatla2024.click
URL: https://gfwannacheatla2024.click/landings/11de/fonts/vendor.b84f61508d3ab31bb11cedb0f59a50f1.css

Domain: gfwannacheatla2024.click
URL: https://gfwannacheatla2024.click/landings/11de/js/vendor.28283434543cac946c1427e1ce70d8b3.js

Domain: gfwannacheatla2024.click
URL: https://gfwannacheatla2024.click/landings/11de/img/red_logo.png

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
gfwannacheatla2024.click/	1970-01-21 00:52:10	Name: XSRF-TOKEN Value: eyJpdiI6IklUaFNTN2ZaQkplTTBUcjdnTEg0cFE9PSIsInZhbHVlIjoiYzg1LzVYVXRzZHdHdnhvdzNKZEc3UUUxRVVLOHVoTlFKemsvT2dnMm5tSlRNQmY2T3Y2QjMzZEFZOFFxazVveSIsIm1hYyI6ImVmNDMwZTVjMjBlMzUwMzhmZTYyYmU5N2FhN2RiZjU3ODBlMTYwZGNjMDVjYzA2YmZkZGUyNzZjMDQ5MmMzM2YifQ%3D%3D
gfwannacheatla2024.click/	1970-01-21 00:52:10	Name: laravel_session Value: eyJpdiI6Iit1RXR5QzRZZmw1M2tBZ2dBNStiTWc9PSIsInZhbHVlIjoiQUo1UjNKcHo1RXVDeWJrOEtrdG5KUjBHOUl4THIwYTFJaW5CWEhGbzFxVUZUMXhvdHd2eEFmSUpnYlArcHZtWiIsIm1hYyI6IjVlOWVjMjE5NzdiMDFiZGJkOGY3NWJlZDQ1ZDY5N2ZmZGU4MGFhODQzNmFmMWIyN2E4YTFmYWQ4NWE1MWZjODIifQ%3D%3D
gfwannacheatla2024.click/	1969-12-31 23:59:59	Name: SRVNAME Value: w2
svntrk.com/	1969-12-31 23:59:59	Name: svnimp Value: 672ed6e3ca317

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

elliotx0p.coicalarchonewc.ru.com
gfwannacheatla2024.click
svntrk.com
gfwannacheatla2024.click
188.114.96.3
2606:4700:3032::6815:19f2
2606:4700:3034::6815:3add
2a3c9f2c47afe4bbe651cd87e877623ae89e90b49224b9704a9028205e7bf99c
8563ee4afe4e2eda78c84c70fd20af7daee86a142a742871b87715c11974012b
ba588294948a7f48ad7ccff037cb277faa3b29bc863ac33b40bef11c65a321bd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

gfwannacheatla2024.click Open in urlscan Pro 2606:4700:3034::6815:3add Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

8 Requests

50 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

4 IPs

2 Countries

6 kBTransfer

9 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

4 Cookies

Indicators

gfwannacheatla2024.click Open in urlscan Pro
2606:4700:3034::6815:3add Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

50 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

6 kB
Transfer

9 kB
Size

4
Cookies

8 HTTP transactions
0 data transactions