go.cityclub.finance - urlscan.io

Summary

This website contacted 2 IPs in 1 countries across 3 domains to perform 4 HTTP transactions. The main IP is 195.161.21.2, located in Ostrovnoy, Russian Federation and belongs to RTCOMM-AS, RU. The main domain is go.cityclub.finance.
TLS certificate: Issued by R3 on April 6th 2024. Valid for: 3 months.

This is the only time go.cityclub.finance was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2a00:f940:2:2... 2a00:f940:2:2:1:1:0:46	197695 (AS-REG) (AS-REG)
2	195.161.21.2 195.161.21.2	8342 (RTCOMM-AS) (RTCOMM-AS)
4	2

1 2a00:f940:2:2:1:1:0:46 (Russian Federation) 1 redirects

ASN197695 (AS-REG, RU)

krediti-zdes.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 195.161.21.2 (Ostrovnoy, Russian Federation)

ASN8342 (RTCOMM-AS, RU)
PTR: ns.roskazna.ru

go.cityclub.finance	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	cityclub.finance go.cityclub.finance	2 KB
1	krediti-zdes.ru 1 redirects krediti-zdes.ru	258 B
0	vtb.ru Failed cc.vtb.ru Failed
4	3

	Domain	Requested by
2	go.cityclub.finance	go.cityclub.finance
1	krediti-zdes.ru	1 redirects
0	cc.vtb.ru Failed	go.cityclub.finance
4	3

This site contains no links.

Subject Issuer	Validity	Valid
failover.go.cityclub.finance R3	`2024-04-06` - `2024-07-05`	3 months	crt.sh

This page contains 1 frames:

Frame: https://cc.vtb.ru/login/?utm_source=unicom24&utm_medium=cpa&utm_campaign=cpa_credcards_unicom24_15804_8q5Mr3&utm_content=69718cf111f0fa8facbf527b6a4bd3a8
Frame ID: 69177FD26E1AABFAB5B558D17B51E6A2
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://krediti-zdes.ru/vtb-kreditnaya HTTP 302
https://go.cityclub.finance/v2/click-B6rj6-W6JM0a-8V2Md-8b8183ea?tl=1&erid=LdtCKNoWF Page URL
https://go.cityclub.finance/v2/click-B6rj6-W6JM0a-8V2Md-8b8183ea?tl=1&erid=LdtCKNoWF&no_cookie=1&widht=1... Page URL

Page Statistics

4
Requests

50 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

2 kB
Transfer

10 kB
Size

12
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://krediti-zdes.ru/vtb-kreditnaya HTTP 302
https://go.cityclub.finance/v2/click-B6rj6-W6JM0a-8V2Md-8b8183ea?tl=1&erid=LdtCKNoWF Page URL
https://go.cityclub.finance/v2/click-B6rj6-W6JM0a-8V2Md-8b8183ea?tl=1&erid=LdtCKNoWF&no_cookie=1&widht=1600&height=1200&timezone=-120 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://krediti-zdes.ru/vtb-kreditnaya HTTP 302
https://go.cityclub.finance/v2/click-B6rj6-W6JM0a-8V2Md-8b8183ea?tl=1&erid=LdtCKNoWF

Request Chain 1

https://unicom24.ru/offer/rs/2y3t5vlo0y7ze/?partner=15804&sub_id1=8WVZ223pBhZFwGR&sub_id5=8q5Mr3 HTTP 302
https://cc.vtb.ru/login/?utm_source=unicom24&utm_medium=cpa&utm_campaign=cpa_credcards_unicom24_15804_8q5Mr3&utm_content=69718cf111f0fa8facbf527b6a4bd3a8

4 HTTP transactions
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	click-B6rj6-W6JM0a-8V2Md-8b8183ea go.cityclub.finance/v2/ Redirect Chain https://krediti-zdes.ru/vtb-kreditnaya https://go.cityclub.finance/v2/click-B6rj6-W6JM0a-8V2Md-8b8183ea?tl=1&erid=LdtCKNoWF	2 KB 1 KB	336ms 186ms	Document text/html	195.161.21.2 RTCOMM-AS
General Check archive.org Show headers Download Go to Full URL https://go.cityclub.finance/v2/click-B6rj6-W6JM0a-8V2Md-8b8183ea?tl=1&erid=LdtCKNoWF Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 195.161.21.2 Ostrovnoy, Russian Federation, ASN8342 (RTCOMM-AS, RU), Reverse DNS ns.roskazna.ru Software nginx / Resource Hash Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers cache-control no-store, no-cache, must-revalidate content-encoding gzip content-type text/html; charset=UTF-8 date Thu, 06 Jun 2024 07:55:26 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server nginx vary Accept-Encoding Redirect headers access-control-allow-origin * content-length 0 content-type text/html; charset=UTF-8 date Thu, 06 Jun 2024 07:55:26 GMT location https://go.cityclub.finance/v2/click-B6rj6-W6JM0a-8V2Md-8b8183ea?tl=1&erid=LdtCKNoWF server nginx x-powered-by PHP/7.4.33
GET H2	200	Primary Request click-B6rj6-W6JM0a-8V2Md-8b8183ea go.cityclub.finance/v2/	373 B 949 B	122ms 119ms	Document text/html	195.161.21.2 RTCOMM-AS
General Check archive.org Show headers Download Go to Full URL https://go.cityclub.finance/v2/click-B6rj6-W6JM0a-8V2Md-8b8183ea?tl=1&erid=LdtCKNoWF&no_cookie=1&widht=1600&height=1200&timezone=-120 Requested by Host: go.cityclub.finance URL: https://go.cityclub.finance/v2/click-B6rj6-W6JM0a-8V2Md-8b8183ea?tl=1&erid=LdtCKNoWF Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 195.161.21.2 Ostrovnoy, Russian Federation, ASN8342 (RTCOMM-AS, RU), Reverse DNS ns.roskazna.ru Software nginx / Resource Hash Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://go.cityclub.finance/v2/click-B6rj6-W6JM0a-8V2Md-8b8183ea?tl=1&erid=LdtCKNoWF Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers cache-control no-store, no-cache, must-revalidate content-encoding gzip content-type text/html; charset=UTF-8 date Thu, 06 Jun 2024 07:55:26 GMT expires Thu, 19 Nov 1981 08:52:00 GMT p3p policyref="/w3c/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA" pragma no-cache server nginx vary Accept-Encoding
GET		/ cc.vtb.ru/login/ Redirect Chain https://unicom24.ru/offer/rs/2y3t5vlo0y7ze/?partner=15804&sub_id1=8WVZ223pBhZFwGR&sub_id5=8q5Mr3 https://cc.vtb.ru/login/?utm_source=unicom24&utm_medium=cpa&utm_campaign=cpa_credcards_unicom24_15804_8q5Mr3&utm_content=69718cf111f0fa8facbf527b6a4bd3a8	0 0

GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	5 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	155 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `7808605ddd1f0eaa454aa444293d2f0260943e51e53838fca46506e6a69fe521` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers Content-Type image/png
GET		/ cc.vtb.ru/login/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cc.vtb.ru
URL: https://cc.vtb.ru/login/?utm_source=unicom24&utm_medium=cpa&utm_campaign=cpa_credcards_unicom24_15804_8q5Mr3&utm_content=69718cf111f0fa8facbf527b6a4bd3a8

Domain: cc.vtb.ru
URL: https://cc.vtb.ru/login/?utm_source=unicom24&utm_medium=cpa&utm_campaign=cpa_credcards_unicom24_15804_8q5Mr3&utm_content=69718cf111f0fa8facbf527b6a4bd3a8

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
krediti-zdes.ru/	1970-01-20 21:09:06	Name: qwerty_vtb-kreditnaya Value: 0
go.cityclub.finance/	1969-12-31 23:59:59	Name: PHPSESSID Value: 9783c331edbfd0530f5882142ff5d582
.cityclub.finance/	1970-01-21 05:53:16	Name: cnt Value: 909de4f975c4bc2347dab54dc672edf3
go.cityclub.finance/	1970-01-20 21:50:52	Name: skip_js_r Value: 1
go.cityclub.finance/	1970-01-21 06:43:40	Name: widht Value: 1600
go.cityclub.finance/	1970-01-21 06:43:40	Name: height Value: 1200
go.cityclub.finance/	1970-01-21 06:43:40	Name: timezone Value: -120
go.cityclub.finance/	1970-01-20 21:07:40	Name: init_referer Value: NNNNISfwfXxNN3pCl%2Fo2pFyW9oSZlv1YIQJklF%2B0GH4jgQPlFYKEGsVmPYKHFQKl8mpA0mYXXmW11f5Zlp5C0wZi1H5YmRiZl0iFGFaBGXxfmxiKm0%2FK0eLbXFxbljZPNNNNNNNVvk8%3D
.cityclub.finance/	1970-01-21 05:53:16	Name: pc Value: %19F%991%24%0ALji%06%B7%23M%5Bt0%CCK
unicom24.ru/	1969-12-31 23:59:59	Name: redirect_hash Value: 69718cf111f0fa8facbf527b6a4bd3a8
unicom24.ru/	1969-12-31 23:59:59	Name: rid Value: 102845236
unicom24.ru/	1970-01-21 01:35:30	Name: sessionid Value: az7jqg5f0w2278jtbfegmjahsfy5j1e3

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cc.vtb.ru
go.cityclub.finance
krediti-zdes.ru
cc.vtb.ru
195.161.21.2
2a00:f940:2:2:1:1:0:46
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747
7808605ddd1f0eaa454aa444293d2f0260943e51e53838fca46506e6a69fe521
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2

go.cityclub.finance Open in urlscan Pro 195.161.21.2 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

4 Requests

50 %HTTPS

50 %IPv6

3 Domains

3 Subdomains

2 IPs

1 Countries

2 kBTransfer

10 kBSize

12 Cookies

0 Outgoing links

Page URL History

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

12 Cookies

Indicators

go.cityclub.finance Open in urlscan Pro
195.161.21.2 Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

50 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

2 kB
Transfer

10 kB
Size

12
Cookies

4 HTTP transactions
3 data transactions