ca70724.tw1.ru Open in urlscan Pro
2a03:6f00:6:1::b972:f57c Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://ca70724.tw1.ru/
Submission: On November 24 via manual (November 24th 2022, 6:14:27 pm UTC) from US — Scanned from DE

Summary HTTP 31 Redirects Links 24 Behaviour Indicators

Summary

This website contacted 9 IPs in 3 countries across 9 domains to perform 31 HTTP transactions. The main IP is 2a03:6f00:6:1::b972:f57c, located in Russian Federation and belongs to TIMEWEB-AS, RU. The main domain is ca70724.tw1.ru.

This is the only time ca70724.tw1.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Crypto (Crypto Exchange)

Domain & IP information

	IP Address	AS Autonomous System
12	2a03:6f00:6:1... 2a03:6f00:6:1::b972:f57c	9123 (TIMEWEB-AS) (TIMEWEB-AS)
1	2a02:6ea0:c70... 2a02:6ea0:c700::21	60068 (CDN77 ^_^) (CDN77 ^_^)
3	2606:2800:134... 2606:2800:134:fa2:1627:1fe:edb:1665	15133 (EDGECAST) (EDGECAST)
1	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
1	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
1	3.71.216.112 3.71.216.112	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:7::... 2606:4700:7::a29f:9804	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a02:6ea0:c70... 2a02:6ea0:c700::19	60068 (CDN77 ^_^) (CDN77 ^_^)
31	9

12 2a03:6f00:6:1::b972:f57c (Russian Federation)

ASN9123 (TIMEWEB-AS, RU)

ca70724.tw1.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6ea0:c700::21 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

www.smartsuppchat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:2800:134:fa2:1627:1fe:edb:1665 (United States)

ASN15133 (EDGECAST, US)

pbs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn0.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

static.blockgeeks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.71.216.112 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-71-216-112.eu-central-1.compute.amazonaws.com

bootstrap.smartsuppchat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:7::a29f:9804 (United States)

ASN13335 (CLOUDFLARENET, US)

glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:6ea0:c700::19 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

widget-v2.smartsuppcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
translations.smartsuppcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	tw1.ru ca70724.tw1.ru	9 MB
5	smartsuppcdn.com widget-v2.smartsuppcdn.com — Cisco Umbrella Rank: 47375 translations.smartsuppcdn.com	176 KB
3	twimg.com pbs.twimg.com — Cisco Umbrella Rank: 706	65 KB
2	medium.com glyph.medium.com — Cisco Umbrella Rank: 20862	37 KB
2	smartsuppchat.com www.smartsuppchat.com — Cisco Umbrella Rank: 46717 bootstrap.smartsuppchat.com — Cisco Umbrella Rank: 43126	6 KB
1	blockgeeks.com static.blockgeeks.com
1	gstatic.com encrypted-tbn0.gstatic.com	8 KB
0	musk-airdrop.org Failed musk-airdrop.org Failed
0	gain-x2.com Failed gain-x2.com Failed
31	9

	Domain	Requested by
12	ca70724.tw1.ru	ca70724.tw1.ru
4	widget-v2.smartsuppcdn.com	www.smartsuppchat.com
3	pbs.twimg.com	ca70724.tw1.ru
2	glyph.medium.com	ca70724.tw1.ru
1	translations.smartsuppcdn.com	widget-v2.smartsuppcdn.com
1	bootstrap.smartsuppchat.com	www.smartsuppchat.com
1	static.blockgeeks.com	ca70724.tw1.ru
1	encrypted-tbn0.gstatic.com	ca70724.tw1.ru
1	www.smartsuppchat.com	ca70724.tw1.ru
0	musk-airdrop.org Failed	ca70724.tw1.ru
0	gain-x2.com Failed	ca70724.tw1.ru
31	11

This site contains links to these domains. Also see Links.

Domain
medium.com
twitter.com
blog.bolt.io

Subject Issuer	Validity	Valid
*.smartsuppchat.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-12-01` - `2022-12-29`	a year	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-06` - `2023-11-06`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
static.blockgeeks.com SSL.com RSA SSL subCA	`2020-04-03` - `2021-07-02`	a year	crt.sh
medium.com Cloudflare Inc ECC CA-3	`2022-10-24` - `2023-01-22`	3 months	crt.sh
*.smartsuppcdn.com RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-10-19` - `2023-11-19`	a year	crt.sh

This page contains 2 frames:

Primary Page: http://ca70724.tw1.ru/
Frame ID: 4B37BAEA4078501F2DB8A365AC3A93EE
Requests: 32 HTTP requests in this frame

Frame: https://widget-v2.smartsuppcdn.com/static/js/runtime-main.ae11910a.js
Frame ID: 01E3D46BD96DD2655C0E26107E49D4EF
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Elon Musk — Official ETH and BTC Giveaway - Medium

Detected technologies

Medium (Blogs) Expand

Overall confidence: 100%
Detected patterns

medium\.com

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Page Statistics

31
Requests

42 %
HTTPS

75 %
IPv6

9
Domains

11
Subdomains

9
IPs

3
Countries

9721 kB
Transfer

10814 kB
Size

2
Cookies

24 Outgoing links

These are links going to different origins than the main page.

URL: https://medium.com/policy/f03bf92035c9
Title: here

Search URL Search Domain Scan URL

URL: https://medium.com/
Title: Homepage

Search URL Search Domain Scan URL

URL: https://medium.com/membership?source=upgrade_membership---nav_full
Title: About membership

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?redirect=https%3A%2F%2Fmedium.com%2F%40%2F&source=--------------------------nav_reg&operation=login
Title: Sign in

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?redirect=https%3A%2F%2Fmedium.com%2F%40%2F&source=--------------------------nav_reg&operation=register
Title: Get started

Search URL Search Domain Scan URL

URL: https://twitter.com/elonmusk

Search URL Search Domain Scan URL

URL: https://blog.bolt.io/what-cracking-open-a-sonos-one-tells-us-about-the-sonos-ipo-dcab49155643?source=placement_card_footer_grid---------0-14

Search URL Search Domain Scan URL

URL: https://blog.bolt.io/@BenEinstein

Search URL Search Domain Scan URL

URL: https://blog.bolt.io/@BenEinstein?source=placement_card_footer_grid---------0-14
Title: Ben Einstein

Search URL Search Domain Scan URL

URL: https://medium.com/personal-growth/the-most-important-skill-nobody-taught-you-9b162377ab77?source=placement_card_footer_grid---------1-14

Search URL Search Domain Scan URL

URL: https://medium.com/@ztrana

Search URL Search Domain Scan URL

URL: https://medium.com/@ztrana?source=placement_card_footer_grid---------1-14
Title: Zat Rana

Search URL Search Domain Scan URL

URL: https://medium.com/s/futurehuman/survival-of-the-richest-9ef6cddd0cc1?source=placement_card_footer_grid---------2-14

Search URL Search Domain Scan URL

URL: https://medium.com/@rushkoff

Search URL Search Domain Scan URL

URL: https://medium.com/@rushkoff?source=placement_card_footer_grid---------2-14
Title: douglas rushkoff

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?&source=--------------------------nav_reg&operation=login
Title: Sign in

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?&source=--------------------------nav_reg&operation=register
Title: Get started

Search URL Search Domain Scan URL

URL: https://medium.com/@cryptorand

Search URL Search Domain Scan URL

URL: https://medium.com/@AleksandarSvetski

Search URL Search Domain Scan URL

URL: https://medium.com/@crpto3332
Title: Digital Asset Investor

Search URL Search Domain Scan URL

URL: https://medium.com/@e434534egwer
Title: var d = new Date(); var month=new Array("Jan","Feb","Mar","Apr","May","June","July","Aug","Sept","Oct","Nov","Dec"); document.write(month[d.getMonth()]+" " +d.getDate());Nov 24 document.write(TODAY);

Search URL Search Domain Scan URL

URL: https://medium.com/@NateRubenRDM

Search URL Search Domain Scan URL

URL: https://medium.com/@ThisIsKlinger

Search URL Search Domain Scan URL

URL: https://medium.com/@joshuaburns

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

31 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
ca70724.tw1.ru/ 238 KB
56 KB 171ms
93ms Document
text/html 2a03:6f00:6:1::b972:f57c
TIMEWEB-AS

General

			Domain/Path	Expires	Name / Value
			ca70724.tw1.ru/	1970-01-20 12:03:58	Name: ssupp.vid Value: viDyH1aUZ6FVM
			ca70724.tw1.ru/	1970-01-20 12:03:58	Name: ssupp.visits Value: 1

Source	Level	URL Text
network	error	URL: https://gain-x2.com/data/jquery-3.4.1.min.js Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://musk-airdrop.org/files/0_jTL6h8JXKd29jdTx.jpg Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://musk-airdrop.org/files/1_U3yrRtqWkn2cCwLnYCxN-w.jpg Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://musk-airdrop.org/files/1_U3yrRtqWkn2cCwLnYCxN-w1.jpg Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://musk-airdrop.org/files/1_U3yrRtqWkn2cCwLnYCxN-w2.jpg Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://pbs.twimg.com/profile_images/945578325023473664/Pr1CzJSm_400x400.jpg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://static.blockgeeks.com/wp-content/uploads/2020/05/Nick-Chong_avatar_1590116314-200x200.jpg Message: Failed to load resource: the server responded with a status of 404 ()

ca70724.tw1.ru Open in urlscan Pro 2a03:6f00:6:1::b972:f57c Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

31 Requests

42 %HTTPS

75 %IPv6

9 Domains

11 Subdomains

9 IPs

3 Countries

9721 kBTransfer

10814 kBSize

2 Cookies

24 Outgoing links

Redirected requests

31 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

ca70724.tw1.ru Open in urlscan Pro
2a03:6f00:6:1::b972:f57c Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

31
Requests

42 %
HTTPS

75 %
IPv6

9
Domains

11
Subdomains

9
IPs

3
Countries

9721 kB
Transfer

10814 kB
Size

2
Cookies

31 HTTP transactions
5 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!