notes.valdikss.org.ru

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 2 HTTP transactions. The main IP is 2a02:e00:ffec:4b8::1, located in Germany and belongs to BKVG-AS, DE. The main domain is notes.valdikss.org.ru.
TLS certificate: Issued by R11 on July 7th 2024. Valid for: 3 months.

This is the only time notes.valdikss.org.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	193.124.113.96 193.124.113.96	48347 (MTW-AS) (MTW-AS)
2	2a02:e00:ffec... 2a02:e00:ffec:4b8::1	29141 (BKVG-AS) (BKVG-AS)
2	2

1 193.124.113.96 (Czech Republic) 1 redirects

ASN48347 (MTW-AS, RU)

derevenets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:e00:ffec:4b8::1 (Germany)

ASN29141 (BKVG-AS, DE)

notes.valdikss.org.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	org.ru notes.valdikss.org.ru	247 KB
1	derevenets.com 1 redirects derevenets.com	220 B
2	2

	Domain	Requested by
2	notes.valdikss.org.ru
1	derevenets.com	1 redirects
2	2

This site contains links to these domains. Also see Links.

Domain
crt.sh
testssl.sh
sslmate.com
github.com
datatracker.ietf.org
www.devever.net

Subject Issuer	Validity	Valid
notes.valdikss.org.ru R11	`2024-07-07` - `2024-10-05`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://notes.valdikss.org.ru/jabber.ru-mitm/
Frame ID: 6EAC3155129AF75D147142F8FDB33920
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Encrypted traffic interception on Hetzner and Linode targeting the largest Russian XMPP (Jabber) messaging service —

Page URL History Show full URLs

https://derevenets.com/ HTTP 302
https://notes.valdikss.org.ru/jabber.ru-mitm/ Page URL

Page Statistics

2
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

247 kB
Transfer

574 kB
Size

0
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://crt.sh/
Title: crt.sh certificate transparency database

Search URL Search Domain Scan URL

URL: https://crt.sh/?id=9997694704
Title: 03:f3:68:ee:36:30:80:6a:07:81:17:81:04:0c:e3:d9:10:b1

Search URL Search Domain Scan URL

URL: https://crt.sh/?id=10772470477
Title: 04:9c:2d:af:cc:61:88:d6:67:9f:8b:97:99:ce:ad:c9:b7:e0

Search URL Search Domain Scan URL

URL: https://crt.sh/?id=9181082748
Title: 03:43:75:1f:3d:80:20:7d:11:f5:61:98:5b:87:a7:37:81:c6

Search URL Search Domain Scan URL

URL: https://crt.sh/?id=9997621208
Title: 04:4c:1c:8a:f4:37:a0:5a:dd:83:9c:54:74:89:bd:b9:97:90

Search URL Search Domain Scan URL

URL: https://crt.sh/?id=9243798287
Title: 04:d1:d2:5d:09:95:48:9b:d6:14:cc:81:91:df:ac:7f:ec:c6

Search URL Search Domain Scan URL

URL: https://crt.sh/?id=9243917614
Title: 04:b7:85:83:9a:fd:df:81:26:48:5b:34:28:08:53:d9:e6:79

Search URL Search Domain Scan URL

URL: https://testssl.sh/
Title: testssl.sh

Search URL Search Domain Scan URL

URL: https://sslmate.com/certspotter/
Title: Cert Spotter

Search URL Search Domain Scan URL

URL: https://github.com/SSLMate/certspotter
Title: on github

Search URL Search Domain Scan URL

URL: https://datatracker.ietf.org/doc/rfc8657/
Title: Certification Authority Authorization (CAA) Record Extensions for Account URI and Automatic Certificate Management Environment (ACME) Method Binding (RFC 8657)

Search URL Search Domain Scan URL

URL: https://www.devever.net/~hl/xmpp-incident
Title: More recommendations from ACME developer Hugo Landau

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://derevenets.com/ HTTP 302
https://notes.valdikss.org.ru/jabber.ru-mitm/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response notes.valdikss.org.ru/jabber.ru-mitm/ Redirect Chain https://derevenets.com/ https://notes.valdikss.org.ru/jabber.ru-mitm/	358 KB 245 KB	199ms 85ms	Document text/html	2a02:e00:ffec:4b8::1 BKVG-AS
General Check archive.org Show headers Download Go to Full URL https://notes.valdikss.org.ru/jabber.ru-mitm/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a02:e00:ffec:4b8::1 , Germany, ASN29141 (BKVG-AS, DE), Reverse DNS Software nginx/1.22.1 / Resource Hash `209578ea4aa0f9aa3872d9300ec77b2b1c3bd9fa0825bb7fcedb8795d53d8a35` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers cache-control max-age=86400 public content-encoding gzip content-type text/html; charset=UTF-8 date Mon, 15 Jul 2024 12:30:30 GMT etag W/"65452b87-59997" expires Tue, 16 Jul 2024 12:30:30 GMT last-modified Fri, 03 Nov 2023 17:19:03 GMT server nginx/1.22.1 Redirect headers Connection keep-alive Content-Length 145 Content-Type text/html Date Mon, 15 Jul 2024 12:30:29 GMT Location https://notes.valdikss.org.ru/jabber.ru-mitm/ Server nginx/1.22.1
GET DATA	200 OK	truncated /	95 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `b31f8438223390558801fbd0f6f946e6ff7824d2c8b822fb4bad4b94d9545816` Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	119 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `9bc9fc51e93b9e778c924816721323de924206b269a589f149021f2840e01283` Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/png
GET H2	200	favicon.ico notes.valdikss.org.ru/jabber.ru-mitm/	1 KB 1 KB	68ms 68ms	Other image/x-icon	2a02:e00:ffec:4b8::1 BKVG-AS
General Check archive.org Show headers Download Go to Full URL https://notes.valdikss.org.ru/jabber.ru-mitm/favicon.ico Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a02:e00:ffec:4b8::1 , Germany, ASN29141 (BKVG-AS, DE), Reverse DNS Software nginx/1.22.1 / Resource Hash `2b0af9094caefcace64d7f845c52e8fe2919c910b73e7ef009cf8ae9b351baa0` Request headers Referer https://notes.valdikss.org.ru/jabber.ru-mitm/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Mon, 15 Jul 2024 12:30:30 GMT last-modified Sat, 21 Oct 2023 14:58:16 GMT server nginx/1.22.1 etag "6533e708-517" content-type image/x-icon cache-control max-age=31536000, public accept-ranges bytes content-length 1303 expires Tue, 15 Jul 2025 12:30:30 GMT

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

derevenets.com
notes.valdikss.org.ru
193.124.113.96
2a02:e00:ffec:4b8::1
209578ea4aa0f9aa3872d9300ec77b2b1c3bd9fa0825bb7fcedb8795d53d8a35
2b0af9094caefcace64d7f845c52e8fe2919c910b73e7ef009cf8ae9b351baa0
9bc9fc51e93b9e778c924816721323de924206b269a589f149021f2840e01283
b31f8438223390558801fbd0f6f946e6ff7824d2c8b822fb4bad4b94d9545816

notes.valdikss.org.ru Open in urlscan Pro 2a02:e00:ffec:4b8::1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

2 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

247 kBTransfer

574 kBSize

0 Cookies

12 Outgoing links

Page URL History

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

0 Cookies

Indicators

notes.valdikss.org.ru Open in urlscan Pro
2a02:e00:ffec:4b8::1 Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

247 kB
Transfer

574 kB
Size

0
Cookies

2 HTTP transactions
2 data transactions