cs95823.tw1.ru Open in urlscan Pro
2a03:6f00:1::5c35:6079 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://xn--z1aac.xn--p1ai/%D0%B0%D0%B5%D0%A3%D0%90
Effective URL:
https://cs95823.tw1.ru/home/colis-bill.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaX...
Submission: On July 01 via manual (July 1st 2024, 8:55:29 am UTC) from FR — Scanned from FR

Summary HTTP 4 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 4 HTTP transactions. The main IP is 2a03:6f00:1::5c35:6079, located in Russian Federation and belongs to TIMEWEB-AS, RU. The main domain is cs95823.tw1.ru.
TLS certificate: Issued by GlobalSign GCC R3 DV TLS CA 2020 on January 11th 2024. Valid for: a year.

This is the only time cs95823.tw1.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	188.134.87.62 188.134.87.62	41733 (ZTELECOM-AS) (ZTELECOM-AS)
1 5	2a03:6f00:1::... 2a03:6f00:1::5c35:6079	9123 (TIMEWEB-AS) (TIMEWEB-AS)
4	2

1 188.134.87.62 (St Petersburg, Russian Federation) 1 redirects

ASN41733 (ZTELECOM-AS, RU)
PTR: mail.progist.ru

xn--z1aac.xn--p1ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a03:6f00:1::5c35:6079 (Russian Federation) 1 redirects

ASN9123 (TIMEWEB-AS, RU)

cs95823.tw1.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	tw1.ru 1 redirects cs95823.tw1.ru	104 KB
1	1 redirects function sub() { [native code] }.	153 B
4	2

	Domain	Requested by
5	cs95823.tw1.ru	1 redirects cs95823.tw1.ru
1	xn--z1aac.xn--p1ai	1 redirects
4	2

This site contains no links.

Subject Issuer	Validity	Valid
*.tw1.ru GlobalSign GCC R3 DV TLS CA 2020	`2024-01-11` - `2025-02-11`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://cs95823.tw1.ru/home/colis-bill.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyNi4wLjAuMCBTYWZhcmkvNTM3LjM2MjAwMTo0MWQwOmQ6MzY0ZDo6NzIwMjQ6SnVsOk1vbg==
Frame ID: 8D2C8F088CD95B051C608210A5C2D656
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Livraison à domicile (2,99 EUR)

Page URL History Show full URLs

https://xn--z1aac.xn--p1ai/%D0%B0%D0%B5%D0%A3%D0%90 HTTP 302
https://cs95823.tw1.ru/home/ HTTP 302
https://cs95823.tw1.ru/home/colis-bill.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IH... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

4
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

104 kB
Transfer

287 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://xn--z1aac.xn--p1ai/%D0%B0%D0%B5%D0%A3%D0%90 HTTP 302
https://cs95823.tw1.ru/home/ HTTP 302
https://cs95823.tw1.ru/home/colis-bill.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyNi4wLjAuMCBTYWZhcmkvNTM3LjM2MjAwMTo0MWQwOmQ6MzY0ZDo6NzIwMjQ6SnVsOk1vbg== Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request colis-bill.php Show response cs95823.tw1.ru/home/ Redirect Chain https://xn--z1aac.xn--p1ai/%D0%B0%D0%B5%D0%A3%D0%90 https://cs95823.tw1.ru/home/ https://cs95823.tw1.ru/home/colis-bill.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyNi4wLjAuMCBTYWZhcmkvNTM3LjM2...	47 KB 24 KB	90ms 89ms	Document text/html	2a03:6f00:1::5c35:6079 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL https://cs95823.tw1.ru/home/colis-bill.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyNi4wLjAuMCBTYWZhcmkvNTM3LjM2MjAwMTo0MWQwOmQ6MzY0ZDo6NzIwMjQ6SnVsOk1vbg== Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:6f00:1::5c35:6079 , Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS Software nginx/1.24.0 / Resource Hash `0184b5135e1f7633c0cf2eef4b460bfcd79720a92815238a0bca4e3355f5df42` Request headers Accept-Language fr-FR,fr;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers cache-control no-store, no-cache, must-revalidate content-encoding gzip content-type text/html; charset=UTF-8 date Mon, 01 Jul 2024 08:55:24 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server nginx/1.24.0 vary Accept-Encoding Redirect headers cache-control no-store, no-cache, must-revalidate content-length 4 content-type text/html; charset=UTF-8 date Mon, 01 Jul 2024 08:55:24 GMT expires Thu, 19 Nov 1981 08:52:00 GMT location colis-bill.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyNi4wLjAuMCBTYWZhcmkvNTM3LjM2MjAwMTo0MWQwOmQ6MzY0ZDo6NzIwMjQ6SnVsOk1vbg== pragma no-cache server nginx/1.24.0
GET H2	200	jquery.min.js Show response cs95823.tw1.ru/home/colis_files/	86 KB 30 KB	71ms 69ms	Script application/x-javascript	2a03:6f00:1::5c35:6079 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL https://cs95823.tw1.ru/home/colis_files/jquery.min.js Requested by Host: cs95823.tw1.ru URL: https://cs95823.tw1.ru/home/colis-bill.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyNi4wLjAuMCBTYWZhcmkvNTM3LjM2MjAwMTo0MWQwOmQ6MzY0ZDo6NzIwMjQ6SnVsOk1vbg== Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:6f00:1::5c35:6079 , Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS Software nginx/1.24.0 / Resource Hash `2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://cs95823.tw1.ru/home/colis-bill.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyNi4wLjAuMCBTYWZhcmkvNTM3LjM2MjAwMTo0MWQwOmQ6MzY0ZDo6NzIwMjQ6SnVsOk1vbg== Accept-Language fr-FR,fr;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 01 Jul 2024 08:55:24 GMT content-encoding gzip last-modified Mon, 13 Feb 2023 19:19:26 GMT server nginx/1.24.0 etag W/"63ea8d3e-15851" vary Accept-Encoding content-type application/x-javascript cache-control max-age=31536000 expires Tue, 01 Jul 2025 08:55:24 GMT
GET H2	200	imask.min.js Show response cs95823.tw1.ru/home/colis_files/	45 KB 13 KB	134ms 133ms	Script application/x-javascript	2a03:6f00:1::5c35:6079 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL https://cs95823.tw1.ru/home/colis_files/imask.min.js Requested by Host: cs95823.tw1.ru URL: https://cs95823.tw1.ru/home/colis-bill.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyNi4wLjAuMCBTYWZhcmkvNTM3LjM2MjAwMTo0MWQwOmQ6MzY0ZDo6NzIwMjQ6SnVsOk1vbg== Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:6f00:1::5c35:6079 , Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS Software nginx/1.24.0 / Resource Hash `8b76b3502583edddf22df0b9c6ee640053a2cdfeaa113ceff3ea9b61d1f6410d` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://cs95823.tw1.ru/home/colis-bill.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyNi4wLjAuMCBTYWZhcmkvNTM3LjM2MjAwMTo0MWQwOmQ6MzY0ZDo6NzIwMjQ6SnVsOk1vbg== Accept-Language fr-FR,fr;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 01 Jul 2024 08:55:24 GMT content-encoding gzip last-modified Mon, 13 Feb 2023 19:19:26 GMT server nginx/1.24.0 etag W/"63ea8d3e-b217" vary Accept-Encoding content-type application/x-javascript cache-control max-age=31536000 expires Tue, 01 Jul 2025 08:55:24 GMT
GET H2	200	infos.js Show response cs95823.tw1.ru/home/colis_files/	95 KB 37 KB	134ms 134ms	Script application/x-javascript	2a03:6f00:1::5c35:6079 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL https://cs95823.tw1.ru/home/colis_files/infos.js Requested by Host: cs95823.tw1.ru URL: https://cs95823.tw1.ru/home/colis-bill.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyNi4wLjAuMCBTYWZhcmkvNTM3LjM2MjAwMTo0MWQwOmQ6MzY0ZDo6NzIwMjQ6SnVsOk1vbg== Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:6f00:1::5c35:6079 , Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS Software nginx/1.24.0 / Resource Hash `31d6c83c556571fbd4cbac36e0319c9d9b9d275fbe6c8156ce39bb4e878193f4` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://cs95823.tw1.ru/home/colis-bill.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyNi4wLjAuMCBTYWZhcmkvNTM3LjM2MjAwMTo0MWQwOmQ6MzY0ZDo6NzIwMjQ6SnVsOk1vbg== Accept-Language fr-FR,fr;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 01 Jul 2024 08:55:24 GMT content-encoding gzip last-modified Mon, 13 Feb 2023 19:19:26 GMT server nginx/1.24.0 etag W/"63ea8d3e-17a61" vary Accept-Encoding content-type application/x-javascript cache-control max-age=31536000 expires Tue, 01 Jul 2025 08:55:24 GMT
GET DATA	200 OK	truncated /	94 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `191fcd4752b98bbe7957d6d92cfe700d9e3ce74b5c4fab52805c9bd57502044e` Request headers Accept-Language fr-FR,fr;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d9046165110e4d6ca4aaf07a93390345eb3c0cc93ccb2a8430a1d182a1a50b0f` Request headers Accept-Language fr-FR,fr;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `4885e1135ac7023e42765162b7ca6567fab3cc286e7b0d4b7f6b88666e95e3c3` Request headers Accept-Language fr-FR,fr;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	11 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `613639a84569dfd0e90d6cfe6252ab11a33076a0ef44650a05cf7790876e97ca` Request headers Accept-Language fr-FR,fr;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/png

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			cs95823.tw1.ru/	1969-12-31 23:59:59	Name: PHPSESSID Value: 2a6a4c33a1ec46fff75660ef303059ab

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	warning	URL: https://cs95823.tw1.ru/home/colis-bill.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyNi4wLjAuMCBTYWZhcmkvNTM3LjM2MjAwMTo0MWQwOmQ6MzY0ZDo6NzIwMjQ6SnVsOk1vbg== Message: [DOM] Found 2 elements with non-unique id #tel: (More info: https://goo.gl/9p2vKq) %o %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cs95823.tw1.ru
xn--z1aac.xn--p1ai
188.134.87.62
2a03:6f00:1::5c35:6079
0184b5135e1f7633c0cf2eef4b460bfcd79720a92815238a0bca4e3355f5df42
191fcd4752b98bbe7957d6d92cfe700d9e3ce74b5c4fab52805c9bd57502044e
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a
31d6c83c556571fbd4cbac36e0319c9d9b9d275fbe6c8156ce39bb4e878193f4
4885e1135ac7023e42765162b7ca6567fab3cc286e7b0d4b7f6b88666e95e3c3
613639a84569dfd0e90d6cfe6252ab11a33076a0ef44650a05cf7790876e97ca
8b76b3502583edddf22df0b9c6ee640053a2cdfeaa113ceff3ea9b61d1f6410d
d9046165110e4d6ca4aaf07a93390345eb3c0cc93ccb2a8430a1d182a1a50b0f

cs95823.tw1.ru Open in urlscan Pro 2a03:6f00:1::5c35:6079 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

4 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

104 kBTransfer

287 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

cs95823.tw1.ru Open in urlscan Pro
2a03:6f00:1::5c35:6079 Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

104 kB
Transfer

287 kB
Size

1
Cookies

4 HTTP transactions
4 data transactions