tonic.eygenci.com Open in urlscan Pro
188.114.96.3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://track.health.healthlink-test.ch/t/eqk75x08e/r5c2a471051x478x84579x45871703x1265555x7082228119x6494019
Effective URL:
https://tonic.eygenci.com/rc/a91581ead4?affclick=64890cf8cbd35600013e525b&pubid=503
Submission: On June 14 via api (June 14th 2023, 12:42:35 am UTC) from JP — Scanned from PL

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 4 countries across 9 domains to perform 14 HTTP transactions. The main IP is 188.114.96.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is tonic.eygenci.com.
TLS certificate: Issued by E1 on May 21st 2023. Valid for: 3 months.

This is the only time tonic.eygenci.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	5.187.52.246 5.187.52.246	197155 (ARTNET) (ARTNET)
1	155.94.219.251 155.94.219.251	8100 (ASN-QUADR...) (ASN-QUADRANET-GLOBAL)
1 4	172.67.146.238 172.67.146.238	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.67.158.251 172.67.158.251	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	67.212.184.146 67.212.184.146	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
2 3	51.68.85.158 51.68.85.158	16276 (OVH) (OVH)
1 1	34.90.46.36 34.90.46.36	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 5	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	6

1 5.187.52.246 (Poland) 1 redirects

ASN197155 (ARTNET, PL)
PTR: d52246.artnet.gda.pl

track.health.healthlink-test.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 155.94.219.251 (Miami, United States)

ASN8100 (ASN-QUADRANET-GLOBAL, US)
PTR: ns1.miami-servers.com

theshiningtree.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.67.146.238 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

lynku.jukminung.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.158.251 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.addlnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 67.212.184.146 (United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi

rezi.turetou.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.68.85.158 (France) 2 redirects

ASN16276 (OVH, FR)

www.turbotrck.art	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.90.46.36 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 36.46.90.34.bc.googleusercontent.com

admoustache.media-412.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 188.114.96.3 (Amsterdam, Netherlands) 1 redirects

ASN13335 (CLOUDFLARENET, US)

tonic.eygenci.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
armorads.aftrad-visit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	eygenci.com 1 redirects tonic.eygenci.com	6 KB
4	jukminung.com 1 redirects lynku.jukminung.com	6 KB
3	turbotrck.art 2 redirects www.turbotrck.art	5 KB
3	turetou.com rezi.turetou.com	5 KB
2	addlnk.com cdn.addlnk.com — Cisco Umbrella Rank: 446257	2 KB
1	aftrad-visit.com armorads.aftrad-visit.com — Cisco Umbrella Rank: 211873	397 B
1	media-412.com 1 redirects admoustache.media-412.com	271 B
1	theshiningtree.com theshiningtree.com	450 B
1	healthlink-test.ch 1 redirects track.health.healthlink-test.ch	320 B
14	9

	Domain	Requested by
4	tonic.eygenci.com	1 redirects www.turbotrck.art tonic.eygenci.com
4	lynku.jukminung.com	1 redirects theshiningtree.com lynku.jukminung.com
3	www.turbotrck.art	2 redirects rezi.turetou.com
3	rezi.turetou.com	lynku.jukminung.com rezi.turetou.com
2	cdn.addlnk.com	lynku.jukminung.com tonic.eygenci.com
1	armorads.aftrad-visit.com	tonic.eygenci.com
1	admoustache.media-412.com	1 redirects
1	theshiningtree.com
1	track.health.healthlink-test.ch	1 redirects
14	9

This site contains no links.

Subject Issuer	Validity	Valid
theshiningtree.com Sectigo RSA Domain Validation Secure Server CA	`2022-11-16` - `2023-12-16`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-03-20` - `2024-03-18`	a year	crt.sh
addlnk.com GTS CA 1P5	`2023-06-13` - `2023-09-11`	3 months	crt.sh
rezi.turetou.com R3	`2023-04-17` - `2023-07-16`	3 months	crt.sh
www.turbotrck.art R3	`2023-04-29` - `2023-07-28`	3 months	crt.sh
eygenci.com E1	`2023-05-21` - `2023-08-19`	3 months	crt.sh
aftrad-visit.com GTS CA 1P5	`2023-04-16` - `2023-07-15`	3 months	crt.sh

This page contains 3 frames:

Frame: https://armorads.aftrad-visit.com/track/smartlink?smartlink_id=6&publisher_id=22&network_id=1&click_id=pub8e178feb63b6452ca278fa333579500d&sub_source=503
Frame ID: 3CF0B1A65289A087E962AA7AAA77FB47
Requests: 10 HTTP requests in this frame

Frame: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6cdb09c9/invisible.js
Frame ID: C3E144603B427C16C83E1A60EE0DBB6B
Requests: 2 HTTP requests in this frame

Frame: https://tonic.eygenci.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6cdb09c9/invisible.js
Frame ID: 3A2CF4900BF47C629F30D05DBC30D4A0
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://track.health.healthlink-test.ch/t/eqk75x08e/r5c2a471051x478x84579x45871703x1265555x7082228119x6494019 HTTP 302
https://theshiningtree.com/176468423b34feb3800/946_150174_97548_874/9104946_5555621/53346740 Page URL
https://lynku.jukminung.com/rc/9e8aef8068?affclick=1351292228&pubid=690416 Page URL
https://rezi.turetou.com/?utm_medium=a2cfa69ba839c785a0b2d69b87f85a6e6ca0d8bb&utm_campaign=mainstream... Page URL
https://rezi.turetou.com/?utm_term=7244335730615386154 Page URL
https://rezi.turetou.com/proc.php?0466c2b07ebc2946e857dbb962e422fdf3ea592e Page URL
https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7244335730615386154&website... Page URL
https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7244335730615386154&website... HTTP 302
https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7244335730615386154&website... HTTP 302
https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=33000d3f4d7805da81f7f9e207b16380... HTTP 302
https://tonic.eygenci.com/rc/a91581ead4?affclick=64890cf8cbd35600013e525b&pubid=503 Page URL

Page Statistics

14
Requests

86 %
HTTPS

0 %
IPv6

9
Domains

9
Subdomains

6
IPs

4
Countries

25 kB
Transfer

37 kB
Size

8
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://track.health.healthlink-test.ch/t/eqk75x08e/r5c2a471051x478x84579x45871703x1265555x7082228119x6494019 HTTP 302
https://theshiningtree.com/176468423b34feb3800/946_150174_97548_874/9104946_5555621/53346740 Page URL
https://lynku.jukminung.com/rc/9e8aef8068?affclick=1351292228&pubid=690416 Page URL
https://rezi.turetou.com/?utm_medium=a2cfa69ba839c785a0b2d69b87f85a6e6ca0d8bb&utm_campaign=mainstream_redirect&1=caf2c4c2&cid=pube098ae42db8a4b1db1402526af4f67ce&2=690416 Page URL
https://rezi.turetou.com/?utm_term=7244335730615386154 Page URL
https://rezi.turetou.com/proc.php?0466c2b07ebc2946e857dbb962e422fdf3ea592e Page URL
https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7244335730615386154&website=13260-d1f8b31e-d82d53ee&placement=13260 Page URL
https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7244335730615386154&website=13260-d1f8b31e-d82d53ee&placement=13260&eyeg=76da1e2dc0d18d3bbf899ce4ff0f1ffa&eyer=0.12124178313391609&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=rezi.turetou.com HTTP 302
https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7244335730615386154&website=13260-d1f8b31e-d82d53ee&placement=13260&eyeg=3&eyer=0.12124178313391609&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=rezi.turetou.com HTTP 302
https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=33000d3f4d7805da81f7f9e207b163802e82a0614-202306-flb*5564921-b2be6*M7244335730615386154*sl_5564921-b2be6*6da431c25ce6fb2ad69be4cbecd05a2916603018*13260-d1f8b31e-d82d53ee*13260 HTTP 302
https://tonic.eygenci.com/rc/a91581ead4?affclick=64890cf8cbd35600013e525b&pubid=503 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://track.health.healthlink-test.ch/t/eqk75x08e/r5c2a471051x478x84579x45871703x1265555x7082228119x6494019 HTTP 302
https://theshiningtree.com/176468423b34feb3800/946_150174_97548_874/9104946_5555621/53346740

Request Chain 3

https://lynku.jukminung.com/cdn-cgi/challenge-platform/scripts/invisible.js HTTP 302
https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6cdb09c9/invisible.js

Request Chain 10

https://tonic.eygenci.com/cdn-cgi/challenge-platform/scripts/invisible.js HTTP 302
https://tonic.eygenci.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6cdb09c9/invisible.js

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

53346740
theshiningtree.com/176468423b34feb3800/946_150174_97548_874/9104946_5555621/
Redirect Chain

http://track.health.healthlink-test.ch/t/eqk75x08e/r5c2a471051x478x84579x45871703x1265555x7082228119x6494019
https://theshiningtree.com/176468423b34feb3800/946_150174_97548_874/9104946_5555621/53346740

137 B
450 B

1242ms
449ms

Document
text/html

155.94.219.251
ASN-QUADRANET-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL: https://theshiningtree.com/176468423b34feb3800/946_150174_97548_874/9104946_5555621/53346740
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 155.94.219.251 Miami, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS: ns1.miami-servers.com
Software: Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: pl-PL,pl;q=0.9

Response headers

Connection: close
Content-Length: 137
Content-Type: text/html; charset=UTF-8
Date: Wed, 14 Jun 2023 00:42:30 GMT
Server: Apache

Redirect headers

Connection: Keep-Alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Wed, 14 Jun 2023 00:42:29 GMT
Keep-Alive: timeout=5, max=100
Location: https://theshiningtree.com/176468423b34feb3800/946_150174_97548_874/9104946_5555621/53346740
Server: Apache
X-Powered-By: PHP/5.4.16

GET
H2 200 9e8aef8068 Show response
lynku.jukminung.com/rc/ 2 KB
2 KB 230ms
161ms Document
text/html 172.67.146.238
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lynku.jukminung.com/rc/9e8aef8068?affclick=1351292228&pubid=690416
Requested by: Host: theshiningtree.com
URL: https://theshiningtree.com/176468423b34feb3800/946_150174_97548_874/9104946_5555621/53346740
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.146.238 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe5a2e012ec7898469cb1fa7ce801a9abb1a9b4875ea201c06504dced46af189

Request headers

Referer: https://theshiningtree.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: pl-PL,pl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7d6e88a50c1434c8-WAW
content-encoding: br
content-language: en-us
content-type: text/html; charset=utf-8
date: Wed, 14 Jun 2023 00:42:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VCjV8gL%2BNaSzgyTamTb%2B9WX3UhaOszenbjIKBOcJLaA11fzFYwbsVGM5jE%2FdnBQAR%2F9qyxyNT4aLemEHJXV1w8u%2FcCib80QYfs927ywE2k9UWYbEntHgG8CNmtqu80ZYIll12ioQ"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding, Accept-Language, Cookie

GET
H2 200 redirect.css
cdn.addlnk.com/ 1 KB
1019 B 99ms
33ms Stylesheet
text/css 172.67.158.251
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.addlnk.com/redirect.css
Requested by: Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/rc/9e8aef8068?affclick=1351292228&pubid=690416
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.158.251 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language: pl-PL,pl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 00:42:30 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 8N170743W1JPC8PY
age: 5553
cf-polished: origSize=1680
alt-svc: h3=":443"; ma=86400
x-amz-id-2: g8bv3HSjzvK1zFu3fQIv4Bg3LSBTlFToQhd22E6lzHJOMhd7HAd0OjEQSg/Dtn/qj1l1vnKpjeI=
cf-bgj: minify
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
server: cloudflare
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GMcX5b5AI9xDsKN%2FIdiRZYSHTcqqfkekRN%2BcZRlQ1m%2BXGGUtPwoRrw9h7VtzwdUhe6l1x5RhbHHIMC7sxDesdh2bXZP4%2FQNIdab4K5j5lDj5MiiDDH6MJ%2FMV5NrdwYmHNA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 7d6e88a6790235c6-WAW

GET
H3

200

invisible.js Show response
lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6cdb09c9/ Frame C3E1
Redirect Chain

https://lynku.jukminung.com/cdn-cgi/challenge-platform/scripts/invisible.js
https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6cdb09c9/invisible.js

7 KB
4 KB

32ms
32ms

Script
application/javascript

172.67.146.238
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6cdb09c9/invisible.js

Protocol

Server

172.67.146.238 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f870b389b26b893a8850d461f8bc032574e41f8086c7d3c8e46fece1334a2987

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: pl-PL,pl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 00:42:30 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bf8JZOz%2Ba%2F0r6zutNt0cq6ccCtGkvV6eaRImr8%2Bl6zhHimp56wIopnZNGBL1GiQViZ0HK5UNMBkJUn%2BoPzJlUf5qBfIg09nD8LIk2dHGbs9NgPekV6mO17giBQFtycBs%2Ff2QWhTZ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 7d6e88a70f26f2b8-WAW
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Wed, 14 Jun 2023 00:42:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WglUDWgdLHE4HanA60zDUKt6X%2Bk9ilocsGOdPoj1gGYETiDL0hvbTeywW829lKdHxFRJ3glD9SeG%2FBICj0tsonMoMTJbDVWWadKquPqRFuk9c7EydeKbaQUed1FVxBHmSQQDmloq"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/6cdb09c9/invisible.js
cache-control: max-age=300, public
cf-ray: 7d6e88a6dc9a34c8-WAW
alt-svc: h3=":443"; ma=86400

POST
H3 200 7d6e88a50c1434c8
lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/cv/result/ Frame C3E1 0
565 B 46ms
46ms XHR
text/plain 172.67.146.238
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/cv/result/7d6e88a50c1434c8
Requested by: Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/cdn-cgi/challenge-platform/scripts/invisible.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.146.238 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer
accept-language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 14 Jun 2023 00:42:31 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R4HASx%2BdSi6v6o8PojwVLqrQwejhiR3OVULr3rDzZeZ9OlrZgoE9ouYq1aGM25FD%2FcBFCxayJepaupfWKvYTz8010ineoPmadVKXxLPZYhlm2tRmw%2F0eQD9oh17NSoOUtt44GLNu"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 7d6e88a80f39f2b8-WAW
alt-svc: h3=":443"; ma=86400

GET
H2 200 /
rezi.turetou.com/ 1 KB
1 KB 450ms
142ms Document
text/html 67.212.184.146
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://rezi.turetou.com/?utm_medium=a2cfa69ba839c785a0b2d69b87f85a6e6ca0d8bb&utm_campaign=mainstream_redirect&1=caf2c4c2&cid=pube098ae42db8a4b1db1402526af4f67ce&2=690416
Requested by: Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/rc/9e8aef8068?affclick=1351292228&pubid=690416
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.212.184.146 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS: server04.com-2.mobi
Software: nginx / PHP/8.2.0
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: pl-PL,pl;q=0.9

Response headers

accept-ch: Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 14 Jun 2023 00:42:31 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://rezi.turetou.com/?utm_term=7244335730615386154
pragma: no-cache
server: nginx
vary: Accept-Encoding
x-powered-by: PHP/8.2.0

GET
H2 200 / Show response
rezi.turetou.com/ 8 KB
3 KB 149ms
149ms Document
text/html 67.212.184.146
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://rezi.turetou.com/?utm_term=7244335730615386154
Requested by: Host: rezi.turetou.com
URL: https://rezi.turetou.com/?utm_medium=a2cfa69ba839c785a0b2d69b87f85a6e6ca0d8bb&utm_campaign=mainstream_redirect&1=caf2c4c2&cid=pube098ae42db8a4b1db1402526af4f67ce&2=690416
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.212.184.146 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS: server04.com-2.mobi
Software: nginx / PHP/8.2.0
Resource Hash: c5806eb1df84909451dfbe3037b03d5df5b119ad93cca7809226b3383f404226

Request headers

Referer: https://rezi.turetou.com/?utm_medium=a2cfa69ba839c785a0b2d69b87f85a6e6ca0d8bb&utm_campaign=mainstream_redirect&1=caf2c4c2&cid=pube098ae42db8a4b1db1402526af4f67ce&2=690416
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: pl-PL,pl;q=0.9

Response headers

accept-ch: Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 14 Jun 2023 00:42:31 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
server: nginx
vary: Accept-Encoding
x-powered-by: PHP/8.2.0

GET
H2 200 proc.php
rezi.turetou.com/ 1 KB
1 KB 145ms
144ms Document
text/html 67.212.184.146
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://rezi.turetou.com/proc.php?0466c2b07ebc2946e857dbb962e422fdf3ea592e
Requested by: Host: rezi.turetou.com
URL: https://rezi.turetou.com/?utm_term=7244335730615386154
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.212.184.146 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS: server04.com-2.mobi
Software: nginx / PHP/8.2.0
Resource Hash

Request headers

Referer: https://rezi.turetou.com/?utm_term=7244335730615386154
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: pl-PL,pl;q=0.9

Response headers

accept-ch: Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 14 Jun 2023 00:42:31 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7244335730615386154&website=13260-d1f8b31e-d82d53ee&placement=13260
pragma: no-cache
server: nginx
vary: Accept-Encoding
x-powered-by: PHP/8.2.0

GET
H/1.1 200
OK /
www.turbotrck.art/ 4 KB
4 KB 201ms
48ms Document
text/html 51.68.85.158
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7244335730615386154&website=13260-d1f8b31e-d82d53ee&placement=13260
Requested by: Host: rezi.turetou.com
URL: https://rezi.turetou.com/proc.php?0466c2b07ebc2946e857dbb962e422fdf3ea592e
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.68.85.158 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://rezi.turetou.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: pl-PL,pl;q=0.9

Response headers

Accept-CH: Sec-CH-UA-Platform-Version
Cache-Control: no-transform
Connection: keep-alive
Content-Type: text/html
Date: Wed, 14 Jun 2023 00:42:32 GMT
Transfer-Encoding: chunked

GET
H2

200

Primary Request a91581ead4 Show response
tonic.eygenci.com/rc/
Redirect Chain

https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7244335730615386154&website=13260-d1f8b31e-d82d53ee&placement=13260&eyeg=76da1e2dc0d18d3bbf899ce4ff0f1ffa&eyer=0.121241783...
https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7244335730615386154&website=13260-d1f8b31e-d82d53ee&placement=13260&eyeg=3&eyer=0.12124178313391609&eyei=0&eyew=1600&eyeh=...
https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=33000d3f4d7805da81f7f9e207b163802e82a0614-202306-flb*5564921-b2be6*M7244335730615386154*sl_5564921-b2be6*6da431c25ce6fb...
https://tonic.eygenci.com/rc/a91581ead4?affclick=64890cf8cbd35600013e525b&pubid=503

2 KB
2 KB

254ms
186ms

Document
text/html

188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tonic.eygenci.com/rc/a91581ead4?affclick=64890cf8cbd35600013e525b&pubid=503
Requested by: Host: www.turbotrck.art
URL: https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7244335730615386154&website=13260-d1f8b31e-d82d53ee&placement=13260
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 36aacf67080aa2fc13f4f2cb0e2c6c774cf61fc83a5de58cf2ac02b0a9a84997

Request headers

Referer: https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7244335730615386154&website=13260-d1f8b31e-d82d53ee&placement=13260
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: pl-PL,pl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7d6e88b23af1bf60-WAW
content-encoding: br
content-language: en-us
content-type: text/html; charset=utf-8
date: Wed, 14 Jun 2023 00:42:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DFIdnYb6u2ClMBNYmbQ5XFYiVPz9m4tViHXOyM%2B%2BCys2HxX5YnIH0vHj1a5HSsiC66HT%2FJXm9zSMAbDQj53g7BDBENJ9cJuqITpMdiV5v1%2B6hjSowdj9j5fOG9Tu3Ra%2FAl8Mhg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding, Accept-Language, Cookie

Redirect headers

access-control-allow-origin: *
content-length: 0
date: Wed, 14 Jun 2023 00:42:32 GMT
location: https://tonic.eygenci.com/rc/a91581ead4?affclick=64890cf8cbd35600013e525b&pubid=503
referer
referrer-policy: no-referrer
server: nginx
x-adjust-use-original-forwarded-for: 1

GET
H2 200 redirect.css
cdn.addlnk.com/ 1 KB
701 B 31ms
31ms Stylesheet
text/css 172.67.158.251
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.addlnk.com/redirect.css
Requested by: Host: tonic.eygenci.com
URL: https://tonic.eygenci.com/rc/a91581ead4?affclick=64890cf8cbd35600013e525b&pubid=503
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.158.251 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language: pl-PL,pl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 00:42:32 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 8N170743W1JPC8PY
age: 5555
cf-polished: origSize=1680
alt-svc: h3=":443"; ma=86400
x-amz-id-2: g8bv3HSjzvK1zFu3fQIv4Bg3LSBTlFToQhd22E6lzHJOMhd7HAd0OjEQSg/Dtn/qj1l1vnKpjeI=
cf-bgj: minify
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
server: cloudflare
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UYiTBHhdeDRDovW1mCesoBqYKfih%2FXiZ6ZHw6GHblW5HfmYeVGvie9hGRwq%2B0Wj8JmgqEJ4oIuNeCQqR%2FSEvWwhS39jSGOxVldqJdFL6mvSsI%2B2mg%2BS60srTFYowFVQKBg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 7d6e88b36c2b35c6-WAW

GET
H2

200

invisible.js Show response
tonic.eygenci.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6cdb09c9/ Frame 3A2C
Redirect Chain

https://tonic.eygenci.com/cdn-cgi/challenge-platform/scripts/invisible.js
https://tonic.eygenci.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6cdb09c9/invisible.js

7 KB
4 KB

31ms
30ms

Script
application/javascript

188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tonic.eygenci.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6cdb09c9/invisible.js

Protocol

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd28106cf52882c8d9c753625a5cda107dc47fb0313b5f862677fb2f575418d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: pl-PL,pl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 00:42:32 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yPQ2ZSLz6z8Lhxsz6KHxjhT0EBeZ5ygGLuPUxg2MAUKrxJad%2F2xq%2F2zAsbY9z4XxLQHcCEv8H%2Bc5FT7a2LFZoimffxk5opLERCSSUiyIbdGgym8eEhsnlAZd%2FsawlGraWl%2BmIw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 7d6e88b3db5bbf60-WAW
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Wed, 14 Jun 2023 00:42:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vk%2Bp8h6xFLmnIb8dgtXhhxYlNjLAKKp6jaXDLSsfrz1CxWn67HlrMQDVrskh2McfrnfUgS%2FlBwJRY26dcI2a6EQq7YngMO2nPee8Aik%2FIUzKRtJIwimPnWTsLkNqqHbseemnjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/6cdb09c9/invisible.js
access-control-allow-origin: *
cache-control: max-age=300, public
cf-ray: 7d6e88b3ab50bf60-WAW
alt-svc: h3=":443"; ma=86400

POST
H3 200 7d6e88b23af1bf60
tonic.eygenci.com/cdn-cgi/challenge-platform/h/g/cv/result/ Frame 3A2C 0
600 B 36ms
36ms XHR
text/plain 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tonic.eygenci.com/cdn-cgi/challenge-platform/h/g/cv/result/7d6e88b23af1bf60
Requested by: Host: tonic.eygenci.com
URL: https://tonic.eygenci.com/cdn-cgi/challenge-platform/scripts/invisible.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer
accept-language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 14 Jun 2023 00:42:33 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PmageSj4LvTKUKtl39ABLcvQXccnmTIWH1d5WPZyCigghBWt2vxfMeWEuDyt%2FGiCM7qAYc6iqsnELj3tyvWRS91rdgk0yuKZ29DtazoFIsZwXYCLJZY7Vj9aFbT2%2Fl0dK2vhHg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 7d6e88b4cba93563-WAW
alt-svc: h3=":443"; ma=86400

GET
H2 200 smartlink Show response
armorads.aftrad-visit.com/track/ 0
397 B 160ms
95ms Document
text/plain 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://armorads.aftrad-visit.com/track/smartlink?smartlink_id=6&publisher_id=22&network_id=1&click_id=pub8e178feb63b6452ca278fa333579500d&sub_source=503
Requested by: Host: tonic.eygenci.com
URL: https://tonic.eygenci.com/rc/a91581ead4?affclick=64890cf8cbd35600013e525b&pubid=503
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: pl-PL,pl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7d6e88b5290934bc-WAW
content-length: 0
date: Wed, 14 Jun 2023 00:42:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pLUltdePDeWFI%2BZ4llbWyxxzc7wpJbiRA3OERDEspjTJqFdm8ecfh8%2Fs1KbrLRF782ZtvCrKSFXZ%2B8Ni0qJV3edinFeUYFs4N4YLGsQmGzd3N63rYqiJSDuc8TiPMY13jp1qeepUPKJwny1%2B"}],"group":"cf-nel","max_age":604800}
server: cloudflare

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
theshiningtree.com/	1970-01-20 13:14:55	Name: uid15295 Value: 1351292228-20230613204230-80d84a77d8dcfb4279ed48830cf573d2-
lynku.jukminung.com/	1970-01-20 12:41:48	Name: AWSALB Value: UzMl1LqftdQ8nJCD2mPBWWRSsj23FSwN4mRirUn+oQXPWsguaukpmYBnojfgohSt/pbm8ryIJw4X1OvVcTdGz/c9WxuyQhORntZthxXNjF5nbpCKaxQaI47FqJNU
.jukminung.com/	1970-01-20 12:31:45	Name: __cf_bm Value: K3RG4.tZ77PEbcdzTkNTDE2daMFJPg9YlFwL9PEjHc8-1686703351-0-AaChRuj8RmHxWy0y2s0bAvp9XTJspW+H6uV5rzGI7xtVU2QfIonv99QzvxXE1KCd1g==
rezi.turetou.com/	1970-01-20 21:17:19	Name: u Value: 7be68267a622c64007f844ede585826d
rezi.turetou.com/	1969-12-31 23:59:59	Name: split Value: b
admoustache.media-412.com/	1970-01-20 21:17:19	Name: afclick Value: 64890cf8cbd35600013e525b
tonic.eygenci.com/	1970-01-20 12:41:48	Name: AWSALB Value: eOIwYOEX5rUg7Eoz5G57jLQ69o/UHvxSEJeE1eYvFwdmdjGoLpEppnlOi/OT8xOUd/3linIiOghExpll2R5nJJr4PEXkUPHmVes+e7EGF9+ar0uhJy4vnRDmrmrB
.eygenci.com/	1970-01-20 12:31:45	Name: __cf_bm Value: 5SiUfcj8Z.LFk0nepup0x04E0VunOp8OxszJYJmEgkg-1686703353-0-AY+EqiAluyzgt0WbZeq1ibtpmR9C005Iys4mm8baKEt7/bkN/RBhLuaABP2kya5OGg==

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

admoustache.media-412.com
armorads.aftrad-visit.com
cdn.addlnk.com
lynku.jukminung.com
rezi.turetou.com
theshiningtree.com
tonic.eygenci.com
track.health.healthlink-test.ch
www.turbotrck.art
155.94.219.251
172.67.146.238
172.67.158.251
188.114.96.3
34.90.46.36
5.187.52.246
51.68.85.158
67.212.184.146
36aacf67080aa2fc13f4f2cb0e2c6c774cf61fc83a5de58cf2ac02b0a9a84997
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1
c5806eb1df84909451dfbe3037b03d5df5b119ad93cca7809226b3383f404226
cd28106cf52882c8d9c753625a5cda107dc47fb0313b5f862677fb2f575418d2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f870b389b26b893a8850d461f8bc032574e41f8086c7d3c8e46fece1334a2987
fe5a2e012ec7898469cb1fa7ce801a9abb1a9b4875ea201c06504dced46af189

tonic.eygenci.com Open in urlscan Pro 188.114.96.3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

14 Requests

86 %HTTPS

0 %IPv6

9 Domains

9 Subdomains

6 IPs

4 Countries

25 kBTransfer

37 kBSize

8 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

8 Cookies

Indicators

tonic.eygenci.com Open in urlscan Pro
188.114.96.3 Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

86 %
HTTPS

0 %
IPv6

9
Domains

9
Subdomains

6
IPs

4
Countries

25 kB
Transfer

37 kB
Size

8
Cookies

14 HTTP transactions
0 data transactions