urlscan.io logo urlscan.io
SecurityTrails logo

cq64841.tw1.ru Open in urlscan Pro
2a03:6f00:6:1::517:323d  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://t.ly/Jjvh
Effective URL: http://cq64841.tw1.ru/post%202/zip/d8c03d438e5c1f5/index.htm?particulier
Submission: On January 05 via manual from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 8 HTTP transactions. The main IP is 2a03:6f00:6:1::517:323d, located in Russian Federation and belongs to TIMEWEB-AS, RU. The main domain is cq64841.tw1.ru.
This is the only time cq64841.tw1.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Tracking (Transportation)

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:20:... 13335 (CLOUDFLAR...)
3 13.35.7.24 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 2001:4860:480... 15169 (GOOGLE)
1 13.35.7.94 16509 (AMAZON-02)
2 3 2a03:6f00:6:1... 9123 (TIMEWEB-AS)
8 6
1    2606:4700:20::681a:dc9 (United States)

ASN13335 (CLOUDFLARENET, US)
t.ly
3    13.35.7.24 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-7-24.tpe52.r.cloudfront.net
urlbit.co
1    2a00:1450:400d:80c::2008 (Ireland)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
1    13.35.7.94 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-7-94.tpe52.r.cloudfront.net
api.urlbit.co
3    2a03:6f00:6:1::517:323d (Russian Federation)

ASN9123 (TIMEWEB-AS, RU)
cq64841.tw1.ru
Apex Domain
Subdomains		 Transfer
4 urlbit.co
urlbit.co
api.urlbit.co
315 KB
3 tw1.ru
cq64841.tw1.ru
172 KB
1 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2124
342 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 123
76 KB
1 t.ly
t.ly — Cisco Umbrella Rank: 189781
1 KB
8 5
Domain Requested by
3 cq64841.tw1.ru 2 redirects urlbit.co
3 urlbit.co urlbit.co
1 api.urlbit.co urlbit.co
1 region1.google-analytics.com www.googletagmanager.com
1 www.googletagmanager.com urlbit.co
1 t.ly 1 redirects
8 6

This site contains links to these domains. Also see Links.

Domain
onlinesplm.temp.swtest.ru
online.citypaq.es
Subject Issuer Validity Valid
urlbit.co
Amazon		 2022-08-31 -
2023-09-29		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-11-28 -
2023-02-20		 3 months crt.sh
api.urlbit.co
Amazon		 2022-09-10 -
2023-10-09		 a year crt.sh

This page contains 1 frames:

Primary Page: http://cq64841.tw1.ru/post%202/zip/d8c03d438e5c1f5/index.htm?particulier
Frame ID: EB53861EA8C655A38A0D00E3B4F74054
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

البريد السعودي | سُبل

Page URL History Show full URLs

  1. https://t.ly/Jjvh HTTP 301
    https://urlbit.co/o5lWqn5U Page URL
  2. http://cq64841.tw1.ru//log/ HTTP 301
    http://cq64841.tw1.ru/post%202/zip/ HTTP 302
    http://cq64841.tw1.ru/post%202/zip/d8c03d438e5c1f5/index.htm?particulier Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

8
Requests

75 %
HTTPS

67 %
IPv6

5
Domains

6
Subdomains

6
IPs

3
Countries

585 kB
Transfer

2261 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://t.ly/Jjvh HTTP 301
    https://urlbit.co/o5lWqn5U Page URL
  2. http://cq64841.tw1.ru//log/ HTTP 301
    http://cq64841.tw1.ru/post%202/zip/ HTTP 302
    http://cq64841.tw1.ru/post%202/zip/d8c03d438e5c1f5/index.htm?particulier Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://t.ly/Jjvh HTTP 301
  • https://urlbit.co/o5lWqn5U

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
o5lWqn5U
urlbit.co/
Redirect Chain
  • https://t.ly/Jjvh
  • https://urlbit.co/o5lWqn5U
1 KB
952 B 		Document
General
Check archive.org
Download Go to
Full URL
https://urlbit.co/o5lWqn5U
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.7.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-7-24.tpe52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1248df75a1bfe292d3c29d769228cef68af56db15435b8a4dd2196716cf1569e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html
date
Thu, 05 Jan 2023 02:45:12 GMT
etag
W/"f74e65deeeb436d57ceb972ae7571907"
last-modified
Sun, 01 Jan 2023 17:25:47 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 0eec19f0f83d46f4558e6ef6f7b6d2c8.cloudfront.net (CloudFront)
x-amz-cf-id
DaJj9ayfqb78YpKR0IQWGHhrUmL9gqwYTWWp2I9QPu0MbwGIyTb8oQ==
x-amz-cf-pop
TPE52-C1
x-cache
Error from cloudfront

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7848e04eeb969ba0-FRA
content-type
text/html; charset=UTF-8
date
Thu, 05 Jan 2023 02:45:09 GMT
location
https://urlbit.co/o5lWqn5U
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tcS7dnt%2FwopHiI1tHO93%2FSTRq1Ic%2FqM9iGVkacpcMW8TNcb7fNwFl1AYdnRH0d1pfy7As09xgFD%2FT75So9hmUNDcM7tGsgTxpJ2deMaN5rgCYth5%2FzKocLlgWEI%2Bo88qSPY%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-whom
tly-2
x-xss-protection
1; mode=block
js
www.googletagmanager.com/gtag/ 		216 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-YNHG8YYX8Z
Requested by
Host: urlbit.co
URL: https://urlbit.co/o5lWqn5U
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80c::2008 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f1f6f8594f989aecb19795e9c5c7cf2eed4bf71be0174c2ff7957a657caca549
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://urlbit.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 05 Jan 2023 02:45:12 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
76872
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 05 Jan 2023 02:45:12 GMT
main.90e0dc67.js
urlbit.co/static/js/ 		1 MB
284 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://urlbit.co/static/js/main.90e0dc67.js
Requested by
Host: urlbit.co
URL: https://urlbit.co/o5lWqn5U
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.7.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-7-24.tpe52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ede10b6998e817f6004d6e8d004c0d2a02ccf467437daaa853a32c6dfcb6db41

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://urlbit.co/o5lWqn5U
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 05 Jan 2023 02:45:13 GMT
content-encoding
gzip
via
1.1 0eec19f0f83d46f4558e6ef6f7b6d2c8.cloudfront.net (CloudFront)
last-modified
Sun, 01 Jan 2023 17:25:47 GMT
server
AmazonS3
x-amz-cf-pop
TPE52-C1
etag
W/"8f2d5e87aacb873a29f292d1f8f6ec08"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
x-amz-cf-id
sYJd-yN4ouOxKF48N-CEA761zbiFm7_fg0Gj_SYUD_qosBLA2Kznfg==
main.06ffedac.css
urlbit.co/static/css/ 		256 KB
29 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://urlbit.co/static/css/main.06ffedac.css
Requested by
Host: urlbit.co
URL: https://urlbit.co/o5lWqn5U
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.7.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-7-24.tpe52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f5752aa19ce173c5cf0d68e5fe90bb5ebb8ccdb726669becd5e0fcdf837e52f8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://urlbit.co/o5lWqn5U
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 05 Jan 2023 02:45:13 GMT
content-encoding
gzip
via
1.1 0eec19f0f83d46f4558e6ef6f7b6d2c8.cloudfront.net (CloudFront)
last-modified
Sun, 01 Jan 2023 17:25:47 GMT
server
AmazonS3
x-amz-cf-pop
TPE52-C1
etag
W/"13130a46cfd2ee6799de8dbbaab069e7"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/css
x-amz-cf-id
PJme0nWLXRKi4AUBAOwHkdIo90n2RA7ezmu41-1W4Qw-Y2YfCKYMjA==
collect
region1.google-analytics.com/g/ 		0
342 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-YNHG8YYX8Z&gtm=2oebu0&_p=433344963&cid=1036647014.1672886712&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1672886712&sct=1&seg=0&dl=https%3A%2F%2Furlbit.co%2Fo5lWqn5U&dt=URLbit%20%7C%20Free%20URL%20shortener&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-YNHG8YYX8Z
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://urlbit.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Jan 2023 02:45:12 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://urlbit.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
o5lWqn5U
api.urlbit.co/v1/links/ 		252 B
648 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.urlbit.co/v1/links/o5lWqn5U
Requested by
Host: urlbit.co
URL: https://urlbit.co/static/js/main.90e0dc67.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.7.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-7-94.tpe52.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
application/json, text/plain, */*
Referer
https://urlbit.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 05 Jan 2023 02:45:16 GMT
via
1.1 3ca771a0548d551c8d486e8f6e0300c6.cloudfront.net (CloudFront)
x-amz-cf-pop
TPE52-C1
x-amzn-trace-id
Root=1-63b639bb-72611a9979d6825b1fcdd849;Sampled=0
x-amzn-requestid
a99517c2-47c5-4faf-9dce-70a2aca37de6
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
*
access-control-allow-credentials
true
x-amz-apigw-id
eP31RHMpIAMFg4Q=
content-length
252
x-amz-cf-id
HhWPhwVeHQs0Vw81Coo6aCYkggb7_eCmMufHa6ot6DmoVvN9VWmebw==
Primary Request index.htm
cq64841.tw1.ru/post%202/zip/d8c03d438e5c1f5/
Redirect Chain
  • http://cq64841.tw1.ru//log/
  • http://cq64841.tw1.ru/post%202/zip/
  • http://cq64841.tw1.ru/post%202/zip/d8c03d438e5c1f5/index.htm?particulier
609 KB
172 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://cq64841.tw1.ru/post%202/zip/d8c03d438e5c1f5/index.htm?particulier
Requested by
Host: urlbit.co
URL: https://urlbit.co/static/js/main.90e0dc67.js
Protocol
HTTP/1.1
Server
2a03:6f00:6:1::517:323d , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software
nginx/1.22.1 /
Resource Hash
b23edc97979f3f022cf59d755c9b930d738052e7d45b5397914f7c06aae04ff9

Request headers

Referer
https://urlbit.co/o5lWqn5U
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Thu, 05 Jan 2023 02:45:17 GMT
ETag
W/"98268-5f17b4a8703c6"
Last-Modified
Thu, 05 Jan 2023 02:45:17 GMT
Server
nginx/1.22.1
Transfer-Encoding
chunked
Vary
Accept-Encoding

Redirect headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Length
4
Content-Type
text/html; charset=UTF-8
Date
Thu, 05 Jan 2023 02:45:17 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Pragma
no-cache
Server
nginx/1.22.1
location
d8c03d438e5c1f5/index.htm?particulier#_d8c03d438e5c1f57c
collect
region1.google-analytics.com/g/ 		0
0
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
135b3e975a07622009b38d953e58526082588b1ad0795820c50af504742e1646

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://cq64841.tw1.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb74816a9aaed49f7b58ffbfead623f50686271a551d77a3ed95a56a56e40dbf

Request headers

Referer
http://cq64841.tw1.ru/
Origin
http://cq64841.tw1.ru
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9ae1e27e08b4bbc15557c0f5bbd97b4009eb86c85da9fb2be4c4085a5289182f

Request headers

Referer
http://cq64841.tw1.ru/
Origin
http://cq64841.tw1.ru
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/ 		23 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
08d179ba65eff490ecbd5798c7db36f8a49f7f15fbc67a8f8ca2fcf1403eb758

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://cq64841.tw1.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
984461e2d55896f29bb79d75b8ab42c1f8c4111bd2fb0c5f03dbc50d1b24b894

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://cq64841.tw1.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5d2fb215dbbcbfd1bd663a0cdeaf31c63abde8c6f20aa63551733ebc498bf605

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://cq64841.tw1.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
227501eae9911ee428c3a3f21efe4a0f2b5c7d1fe8dd5c2d7eafb34c4f2bfc36

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://cq64841.tw1.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
453da75faf5aa3acb24b4db2d1d29e0a09b5357f372ddc693b088d74fcb97d2e

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://cq64841.tw1.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
520e8f0fefdac80c13984ab106420d7f28c2a729ae3e79f1539b2dd4176cde2d

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://cq64841.tw1.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		825 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1bb2279aed6bc1438d2b17a5ffcbac9d37864582aedeeec8d301eab162b2c213

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://cq64841.tw1.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		549 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e298029630a2994690144a756709a06f8b3ed902440096ac7aec5b4cea285014

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://cq64841.tw1.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5fe03bfd95a2d4e640ed7d04dcb08ef991c327a5ab6f6fdb9eb06e1efc76af30

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://cq64841.tw1.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/png

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
region1.google-analytics.com
URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-YNHG8YYX8Z&gtm=2oebu0&_p=433344963&cid=1036647014.1672886712&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&sid=1672886712&sct=1&seg=0&dl=https%3A%2F%2Furlbit.co%2Fo5lWqn5U&dt=URLbit%20%7C%20Free%20URL%20shortener&_s=2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Tracking (Transportation)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange function| savepage_ShadowLoader function| isNumberKey

5 Cookies

Domain/Path Name / Value
t.ly/ Name: XSRF-TOKEN
Value: eyJpdiI6InlLaVR3S0RZZE5PQ0F6clhUMkdZaXc9PSIsInZhbHVlIjoiYXQvMTNqYWlzTXlmWW10ckhDRjhISEFjYnR4RlJVamF4NFRxRkxrbXdlTDB5b2pHOWxFd0JKV3VTVFRBV3BpV0lMVzhPa1ZSbDlYbXFUMlpuQSs3eEl4MUJzT1lnNEpYV2FTNkZ2cjdlQW1xMEtGd01RVFl0ZWV4SUxYbkhocmUiLCJtYWMiOiIyY2U3MDc4YjZkNGQxZjcxZWU0NTBkMGZhZTAzZWZhY2M3ODU1OGE3OTgzZmZiYmU0NTVmOTZkNmQ2NTk2Y2ZhIiwidGFnIjoiIn0%3D
t.ly/ Name: tly_session
Value: eyJpdiI6IitDUi9xMHhDTTYxcFJlTEhjeDBPaXc9PSIsInZhbHVlIjoiUGVkb0Rjc0dvbnJuSXoxd2pwSk0yNjFLaDdYVXFVaVg2bG1zcTBaVzlrZmMrK01aRStrcW1YTHNOZEpSNzFDK3VqOUMvVjA3ZkxmMjlLZTdPNm1DTk5TZXluVlREcGFyTWExdGlvSjNSVEJpaGxUR294ZEg1Ynp6Zjc5WTd6OTciLCJtYWMiOiI1ZDUxMmQ4MjgxYjRlNzU2ZDUxNmY5YzcxZGQzMTk1NDQzZDVkYmI4ZDllMWYxZmY0NWZkOTc5MjJlYWFhMGY3IiwidGFnIjoiIn0%3D
.urlbit.co/ Name: _ga
Value: GA1.1.1036647014.1672886712
cq64841.tw1.ru/ Name: PHPSESSID
Value: eb15886c797f80d5d3fac7fb10a00f63
.urlbit.co/ Name: _ga_YNHG8YYX8Z
Value: GS1.1.1672886712.1.0.1672886717.0.0.0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.urlbit.co
cq64841.tw1.ru
region1.google-analytics.com
t.ly
urlbit.co
www.googletagmanager.com
region1.google-analytics.com
13.35.7.24
13.35.7.94
2001:4860:4802:34::36
2606:4700:20::681a:dc9
2a00:1450:400d:80c::2008
2a03:6f00:6:1::517:323d
08d179ba65eff490ecbd5798c7db36f8a49f7f15fbc67a8f8ca2fcf1403eb758
1248df75a1bfe292d3c29d769228cef68af56db15435b8a4dd2196716cf1569e
135b3e975a07622009b38d953e58526082588b1ad0795820c50af504742e1646
1bb2279aed6bc1438d2b17a5ffcbac9d37864582aedeeec8d301eab162b2c213
227501eae9911ee428c3a3f21efe4a0f2b5c7d1fe8dd5c2d7eafb34c4f2bfc36
453da75faf5aa3acb24b4db2d1d29e0a09b5357f372ddc693b088d74fcb97d2e
520e8f0fefdac80c13984ab106420d7f28c2a729ae3e79f1539b2dd4176cde2d
5d2fb215dbbcbfd1bd663a0cdeaf31c63abde8c6f20aa63551733ebc498bf605
5fe03bfd95a2d4e640ed7d04dcb08ef991c327a5ab6f6fdb9eb06e1efc76af30
984461e2d55896f29bb79d75b8ab42c1f8c4111bd2fb0c5f03dbc50d1b24b894
9ae1e27e08b4bbc15557c0f5bbd97b4009eb86c85da9fb2be4c4085a5289182f
b23edc97979f3f022cf59d755c9b930d738052e7d45b5397914f7c06aae04ff9
bb74816a9aaed49f7b58ffbfead623f50686271a551d77a3ed95a56a56e40dbf
e298029630a2994690144a756709a06f8b3ed902440096ac7aec5b4cea285014
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ede10b6998e817f6004d6e8d004c0d2a02ccf467437daaa853a32c6dfcb6db41
f1f6f8594f989aecb19795e9c5c7cf2eed4bf71be0174c2ff7957a657caca549
f5752aa19ce173c5cf0d68e5fe90bb5ebb8ccdb726669becd5e0fcdf837e52f8