k9j5t5p4.ssl.hwcdn.net Open in urlscan Pro
69.16.175.10 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://s3.amazonaws.com/ktdalbihtox/1753.html#qs=r-acacafdgckkiahfhfjjedafgkckabababadgaffaccacdckacigeacbdfhfacb
Effective URL:
https://k9j5t5p4.ssl.hwcdn.net/bing/search.html?cep=rLYp0kBC6IaBT60EYZCwrcB2rWfrM8tXdLeP5qeDJ7SNSySgtLcZ1IFD_HEqPB1CHnZRuF-iNr3...
Submission: On October 27 via api (October 27th 2022, 4:29:39 pm UTC) from US — Scanned from DE

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 6 countries across 8 domains to perform 10 HTTP transactions. The main IP is 69.16.175.10, located in United States and belongs to STACKPATH-CDN, US. The main domain is k9j5t5p4.ssl.hwcdn.net.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on December 22nd 2021. Valid for: a year.

This is the only time k9j5t5p4.ssl.hwcdn.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	52.217.11.78 52.217.11.78	16509 (AMAZON-02) (AMAZON-02)
1 1	78.138.127.114 78.138.127.114	29066 (VELIANET-...) (VELIANET-AS velia.net Internetdienste GmbH)
1	185.57.81.130 185.57.81.130	60118 (CYBERSMAR...) (CYBERSMARTSOLUTIONS-AS)
4	2606:4700:303... 2606:4700:3031::ac43:92ee	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:303... 2606:4700:3030::ac43:bfdd	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	34.147.12.223 34.147.12.223	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	94.237.99.118 94.237.99.118	202053 (UPCLOUD) (UPCLOUD)
1 1	18.156.93.177 18.156.93.177	16509 (AMAZON-02) (AMAZON-02)
2	69.16.175.10 69.16.175.10	20446 (STACKPATH...) (STACKPATH-CDN)
10	6

1 52.217.11.78 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 78.138.127.114 (Strasbourg, France) 1 redirects

ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE)
PTR: plexusmix.store

78.138.127.114	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.57.81.130 (Romania)

ASN60118 (CYBERSMARTSOLUTIONS-AS, RO)

creviceonion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:3031::ac43:92ee (United States)

ASN13335 (CLOUDFLARENET, US)

lynku.jukminung.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3030::ac43:bfdd (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.addlnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.147.12.223 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 223.12.147.34.bc.googleusercontent.com

track.adclickbyte.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.237.99.118 (Finland)

ASN202053 (UPCLOUD, FI)
PTR: 94-237-99-118.de-fra1.upcloud.host

1d6cd5e0413.999traffic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.156.93.177 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-93-177.eu-central-1.compute.amazonaws.com

optiestrycended.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.16.175.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: hwcdn.net

k9j5t5p4.ssl.hwcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	jukminung.com lynku.jukminung.com	26 KB
2	hwcdn.net k9j5t5p4.ssl.hwcdn.net	12 KB
1	optiestrycended.com 1 redirects optiestrycended.com — Cisco Umbrella Rank: 620972	1 KB
1	999traffic.com 1d6cd5e0413.999traffic.com	1 KB
1	adclickbyte.com 1 redirects track.adclickbyte.com — Cisco Umbrella Rank: 445651	312 B
1	addlnk.com cdn.addlnk.com — Cisco Umbrella Rank: 400192	1 KB
1	creviceonion.com creviceonion.com	450 B
1	amazonaws.com s3.amazonaws.com	511 B
10	8

	Domain	Requested by
4	lynku.jukminung.com	creviceonion.com s3.amazonaws.com lynku.jukminung.com
2	k9j5t5p4.ssl.hwcdn.net	k9j5t5p4.ssl.hwcdn.net
1	optiestrycended.com	1 redirects
1	1d6cd5e0413.999traffic.com	lynku.jukminung.com
1	track.adclickbyte.com	1 redirects
1	cdn.addlnk.com	lynku.jukminung.com
1	creviceonion.com	s3.amazonaws.com
1	s3.amazonaws.com
10	8

This site contains no links.

Subject Issuer	Validity	Valid
s3.amazonaws.com Amazon	`2022-04-01` - `2023-03-30`	a year	crt.sh
creviceonion.com Sectigo RSA Domain Validation Secure Server CA	`2021-11-08` - `2022-12-08`	a year	crt.sh
*.jukminung.com E1	`2022-09-19` - `2022-12-18`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-15` - `2023-05-15`	a year	crt.sh
*.999traffic.com R3	`2022-09-09` - `2022-12-08`	3 months	crt.sh
*.ssl.hwcdn.net Sectigo RSA Domain Validation Secure Server CA	`2021-12-22` - `2023-01-19`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://k9j5t5p4.ssl.hwcdn.net/bing/search.html?cep=rLYp0kBC6IaBT60EYZCwrcB2rWfrM8tXdLeP5qeDJ7SNSySgtLcZ1IFD_HEqPB1CHnZRuF-iNr3qJjRKlJl1wTfRY2cCkYaZicxMe4NiwuEywJIn6nnlFXH_kv44RU2WqhugrFvysGPZerZ_hnT0VfbzItorAj_8mQiIdwajs8eHgSWgxJvMop8Ltnrt2h0xAovxsr2l9oi9X4TlhNddeJ0scyIETBEAIptVRvnaw1RWv-8vOQpZyYO50uyxQQeYaKtunlelw2vElUu_pQDOsJlg6baV-7tBdTvA8QHsmHjOzBd5HYLzE80_HsXyjYjE3jJc_tLnJVTH_gyraJ-t9y8vR9qEZwaCrMsYdOcvL-_TQrf5jyn3oqUXuziDQT79w9eJPwfGY1gUE7o3QsrLQMoO4yhTfoXy53FKHyQzpu2u5N8fn32ObZAhsnQJjpPHcFyyJ8kULRIlha5p81bFLw&lptoken=165c66e7888b99ea7459&c2=5971&c1=5wpktt7ek3owdxh4tg5gks0sc%2C16628570%2C5%2C5971
Frame ID: 1A704AD014B392D6B449B92008EA77DF
Requests: 7 HTTP requests in this frame

Frame: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1666886400
Frame ID: 86743F2E7D2E88C1D9AB3E269836E8CB
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Search To Win

Page URL History Show full URLs

https://s3.amazonaws.com/ktdalbihtox/1753.html Page URL
http://78.138.127.114/qs=r-acacafdgckkiahfhfjjedafgkckabababadgaffaccacdckacigeacbdfhfacb HTTP 302
https://creviceonion.com/1761c09b831f94a8000/45919_64648832_11_1753_25/b3b3a8a2a7jzmE9z5LH3yUL7OEORi7... Page URL
https://lynku.jukminung.com/rc/9e8aef8068?affclick=1297605354&pubid=690110 Page URL
https://track.adclickbyte.com/click?pid=943&offer_id=2261226&sub1=pub400d225c06844cecaceff1d68c4d79b1&sub2... HTTP 302
https://1d6cd5e0413.999traffic.com/?p=5971&media_type=mainstream&click_id=635ab1eed1baf8000105cf1b&pi=943-690110 Page URL
https://optiestrycended.com/bf0465cf-e980-478d-87f2-27d14b1b731e?c2=5971&c1=5wpktt7ek3owdxh4tg5gks0sc,16... HTTP 302
https://k9j5t5p4.ssl.hwcdn.net/bing/search.html?cep=rLYp0kBC6IaBT60EYZCwrcB2rWfrM8tXdLeP5qeDJ7SNSySgtLcZ1IF... Page URL

Page Statistics

10
Requests

100 %
HTTPS

22 %
IPv6

8
Domains

8
Subdomains

6
IPs

6
Countries

41 kB
Transfer

90 kB
Size

10
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://s3.amazonaws.com/ktdalbihtox/1753.html Page URL
http://78.138.127.114/qs=r-acacafdgckkiahfhfjjedafgkckabababadgaffaccacdckacigeacbdfhfacb HTTP 302
https://creviceonion.com/1761c09b831f94a8000/45919_64648832_11_1753_25/b3b3a8a2a7jzmE9z5LH3yUL7OEORi7k1xx9/25 Page URL
https://lynku.jukminung.com/rc/9e8aef8068?affclick=1297605354&pubid=690110 Page URL
https://track.adclickbyte.com/click?pid=943&offer_id=2261226&sub1=pub400d225c06844cecaceff1d68c4d79b1&sub2=690110 HTTP 302
https://1d6cd5e0413.999traffic.com/?p=5971&media_type=mainstream&click_id=635ab1eed1baf8000105cf1b&pi=943-690110 Page URL
https://optiestrycended.com/bf0465cf-e980-478d-87f2-27d14b1b731e?c2=5971&c1=5wpktt7ek3owdxh4tg5gks0sc,16628570,5,5971 HTTP 302
https://k9j5t5p4.ssl.hwcdn.net/bing/search.html?cep=rLYp0kBC6IaBT60EYZCwrcB2rWfrM8tXdLeP5qeDJ7SNSySgtLcZ1IFD_HEqPB1CHnZRuF-iNr3qJjRKlJl1wTfRY2cCkYaZicxMe4NiwuEywJIn6nnlFXH_kv44RU2WqhugrFvysGPZerZ_hnT0VfbzItorAj_8mQiIdwajs8eHgSWgxJvMop8Ltnrt2h0xAovxsr2l9oi9X4TlhNddeJ0scyIETBEAIptVRvnaw1RWv-8vOQpZyYO50uyxQQeYaKtunlelw2vElUu_pQDOsJlg6baV-7tBdTvA8QHsmHjOzBd5HYLzE80_HsXyjYjE3jJc_tLnJVTH_gyraJ-t9y8vR9qEZwaCrMsYdOcvL-_TQrf5jyn3oqUXuziDQT79w9eJPwfGY1gUE7o3QsrLQMoO4yhTfoXy53FKHyQzpu2u5N8fn32ObZAhsnQJjpPHcFyyJ8kULRIlha5p81bFLw&lptoken=165c66e7888b99ea7459&c2=5971&c1=5wpktt7ek3owdxh4tg5gks0sc%2C16628570%2C5%2C5971 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

http://78.138.127.114/qs=r-acacafdgckkiahfhfjjedafgkckabababadgaffaccacdckacigeacbdfhfacb HTTP 302
https://creviceonion.com/1761c09b831f94a8000/45919_64648832_11_1753_25/b3b3a8a2a7jzmE9z5LH3yUL7OEORi7k1xx9/25

Request Chain 6

https://track.adclickbyte.com/click?pid=943&offer_id=2261226&sub1=pub400d225c06844cecaceff1d68c4d79b1&sub2=690110 HTTP 302
https://1d6cd5e0413.999traffic.com/?p=5971&media_type=mainstream&click_id=635ab1eed1baf8000105cf1b&pi=943-690110

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	1753.html s3.amazonaws.com/ktdalbihtox/	155 B 511 B	361ms 132ms	Document text/html	52.217.11.78 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://s3.amazonaws.com/ktdalbihtox/1753.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.217.11.78 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-1.amazonaws.com Software AmazonS3 / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Accept-Ranges bytes Content-Length 155 Content-Type text/html Date Thu, 27 Oct 2022 16:29:32 GMT ETag "47c4a761020d187c24e6b747d0fc544b" Last-Modified Thu, 27 Oct 2022 15:43:56 GMT Server AmazonS3 x-amz-id-2 BuCqZFmU5VzTAoh4TZoXbKPa6+AhziypnSXX7cnNNgd/SSYMdpekcO+ID1EVCshtCcecB6LYHQg= x-amz-request-id WZ6DY8D7CZHTYG27
GET H/1.1	200 OK	25 creviceonion.com/1761c09b831f94a8000/45919_64648832_11_1753_25/b3b3a8a2a7jzmE9z5LH3yUL7OEORi7k1xx9/ Redirect Chain http://78.138.127.114/qs=r-acacafdgckkiahfhfjjedafgkckabababadgaffaccacdckacigeacbdfhfacb https://creviceonion.com/1761c09b831f94a8000/45919_64648832_11_1753_25/b3b3a8a2a7jzmE9z5LH3yUL7OEORi7k1xx9/25	137 B 450 B	1510ms 440ms	Document text/html	185.57.81.130 CYBERSMARTSOLUTIO...
General Check archive.org Show headers Download Go to Full URL https://creviceonion.com/1761c09b831f94a8000/45919_64648832_11_1753_25/b3b3a8a2a7jzmE9z5LH3yUL7OEORi7k1xx9/25 Requested by Host: s3.amazonaws.com URL: https://s3.amazonaws.com/ktdalbihtox/1753.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 185.57.81.130 , Romania, ASN60118 (CYBERSMARTSOLUTIONS-AS, RO), Reverse DNS Software Apache / Resource Hash Request headers Referer https://s3.amazonaws.com/ktdalbihtox/1753.html#qs=r-acacafdgckkiahfhfjjedafgkckabababadgaffaccacdckacigeacbdfhfacb Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection close Content-Length 137 Content-Type text/html; charset=UTF-8 Date Thu, 27 Oct 2022 16:29:33 GMT Server Apache Redirect headers Connection Keep-Alive Content-Length 0 Content-Type text/html; charset=UTF-8 Date Thu, 27 Oct 2022 16:29:31 GMT Keep-Alive timeout=5, max=100 Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 X-Powered-By PHP/5.4.16 location https://creviceonion.com/1761c09b831f94a8000/45919_64648832_11_1753_25/b3b3a8a2a7jzmE9z5LH3yUL7OEORi7k1xx9/25
GET H2	200	9e8aef8068 Show response lynku.jukminung.com/rc/	3 KB 2 KB	202ms 119ms	Document text/html	2606:4700:3031::ac43:92ee CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://lynku.jukminung.com/rc/9e8aef8068?affclick=1297605354&pubid=690110 Requested by Host: creviceonion.com URL: https://creviceonion.com/1761c09b831f94a8000/45919_64648832_11_1753_25/b3b3a8a2a7jzmE9z5LH3yUL7OEORi7k1xx9/25 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::ac43:92ee , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `cb0c6d4977b82babe34a1d30b345cb9c62efe6fb7a11b984e74c82c09f146d18` Request headers Referer https://creviceonion.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 760ccfacb9be9a18-FRA content-encoding br content-language en-us content-type text/html; charset=utf-8 date Thu, 27 Oct 2022 16:29:33 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IoalITgkg0WePKdcf3xx%2FDIy7Ia%2FsAwFu%2F6ZUi%2Fe0nXJrJ8viIM20iRtDcu7CJbkM7lrA93BcfH9gu6R2IKf8T6na3Gh3G2bGkG2UARGNNkb0iQk5S4AraH6rPc5zPn%2FSZZo0CVCKhH1QO0P1MIHtgDB"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding, Accept-Language, Cookie
GET H2	200	redirect.css cdn.addlnk.com/	1 KB 1 KB	99ms 39ms	Stylesheet text/css	2606:4700:3030::ac43:bfdd CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.addlnk.com/redirect.css Requested by Host: lynku.jukminung.com URL: https://lynku.jukminung.com/rc/9e8aef8068?affclick=1297605354&pubid=690110 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::ac43:bfdd , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 27 Oct 2022 16:29:33 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-amz-request-id NG3WEQ5NJ4PQVZ4F age 5068 cf-polished origSize=1680 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-amz-id-2 QxX22n6jD9gBrjBZ6ohlWbPu+une0ezSYrlZ/gpY7cQk926tnR/U/t0VdL75pShx4aODRqNqN5k= cf-bgj minify last-modified Wed, 13 Mar 2019 00:03:12 GMT server cloudflare etag W/"3ae56d32551602b41f9046c14d1cfde2" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GiT80KnKFD5CX8v8zZo9J8n8V5x2oI4u79vDn3mbfMRN2Oy%2FlNI75WeVPYrtwP7cJlisVc2zMrm3DLJ2a%2BdbUEMc8jb5yl4jqYG3VGjq1AAIGfDAu7it43Wi1ed6%2FlWvxW1FbUCnRzlL7Iqhbw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cf-ray 760ccfaddf6cbb3d-FRA
GET H2	200	invisible.js Show response lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/ Frame 8674	40 KB 15 KB	36ms 35ms	Script application/javascript	2606:4700:3031::ac43:92ee CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1666886400 Requested by Host: s3.amazonaws.com URL: https://s3.amazonaws.com/ktdalbihtox/1753.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::ac43:92ee , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c902de753e77750ee472c20704639b4665a12e42a8432858da020c540c9fcc1b` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 27 Oct 2022 16:29:33 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary accept-encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yoMf59spTzDKwbH9cUWKr0lYjgQSxRUWjWvzMxQ2%2BbZCH1l1l0m5xUstWRsCvvouhmY2kQVCo7da4Az94HTncEgp%2B0VjZhAODrhyzLh3TRBPBr0f2jyexcwOBIQw8V4CcqTxtY2d1YKMlZALX5zBrGi1"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=14400, public x-control-type-options nosniff cf-ray 760ccfae2d119a18-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	pica.js lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/ Frame 8674	24 KB 8 KB	29ms 28ms	Other application/javascript	2606:4700:3031::ac43:92ee CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/pica.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::ac43:92ee , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 27 Oct 2022 16:29:33 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary accept-encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sx5%2F%2BC%2BggBZk7Q1dreDvfvsLMLYZiCzKAwYH2qK2mSukdI%2Bp7TRptf2%2BJ3KhinCRlgnQuBikpN6%2BzFPKEh1GOTkU3fejva7u7h03tr2NTwcdjwTTtsJ87%2Bg%2FRrbj36Ton9w%2FueUEWtgGF7%2F9EFgUoNsG"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=14400, public x-control-type-options nosniff cf-ray 760ccfae7dc49a18-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	/ 1d6cd5e0413.999traffic.com/ Redirect Chain https://track.adclickbyte.com/click?pid=943&offer_id=2261226&sub1=pub400d225c06844cecaceff1d68c4d79b1&sub2=690110 https://1d6cd5e0413.999traffic.com/?p=5971&media_type=mainstream&click_id=635ab1eed1baf8000105cf1b&pi=943-690110	931 B 1 KB	105ms 47ms	Document text/html	94.237.99.118 UPCLOUD
General Check archive.org Show headers Download Go to Full URL https://1d6cd5e0413.999traffic.com/?p=5971&media_type=mainstream&click_id=635ab1eed1baf8000105cf1b&pi=943-690110 Requested by Host: lynku.jukminung.com URL: https://lynku.jukminung.com/rc/9e8aef8068?affclick=1297605354&pubid=690110 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 94.237.99.118 , Finland, ASN202053 (UPCLOUD, FI), Reverse DNS 94-237-99-118.de-fra1.upcloud.host Software / Resource Hash Request headers Referer https://lynku.jukminung.com/rc/9e8aef8068?affclick=1297605354&pubid=690110 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control no-store, no-cache, must-revalidate post-check=0, pre-check=0 content-encoding gzip content-type text/html; charset=UTF-8 date Thu, 27 Oct 2022 16:29:34 GMT expires Thu, 27 Oct 2022 16:29:34 GMT last-modified Thu, 27 Oct 2022 16:29:34 GMT pragma no-cache vary Accept-Encoding x-robots-tag noindex, nofollow Redirect headers access-control-allow-origin * content-length 0 date Thu, 27 Oct 2022 16:29:34 GMT location https://1d6cd5e0413.999traffic.com/?p=5971&media_type=mainstream&click_id=635ab1eed1baf8000105cf1b&pi=943-690110 server nginx
POST H3	200	760ccfacb9be9a18 lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/cv/result/ Frame 8674	2 B 695 B	55ms 55ms	XHR text/plain	2606:4700:3031::ac43:92ee CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/cv/result/760ccfacb9be9a18 Requested by Host: lynku.jukminung.com URL: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1666886400 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:92ee , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Content-Type application/json Response headers date Thu, 27 Oct 2022 16:29:34 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iQyknyU4ichjqzbmzd9KLAjbkXcyMz3RV7RYL1yRN5NYWY0s8aaSoVyOaEd10ZfW2%2FDk54faqIH3yJjMNRGdiqm1MUiOtvO3dkV5Vmw3q0Vj8jvj675GUwO8BN9hr%2BYppn5kRL6TC0JUh%2FUBzriTnk7r"}],"group":"cf-nel","max_age":604800} content-type text/plain; charset=UTF-8 cf-ray 760ccfb0384d915c-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H/1.1	200 OK	Primary Request search.html Show response k9j5t5p4.ssl.hwcdn.net/bing/ Redirect Chain https://optiestrycended.com/bf0465cf-e980-478d-87f2-27d14b1b731e?c2=5971&c1=5wpktt7ek3owdxh4tg5gks0sc,16628570,5,5971 https://k9j5t5p4.ssl.hwcdn.net/bing/search.html?cep=rLYp0kBC6IaBT60EYZCwrcB2rWfrM8tXdLeP5qeDJ7SNSySgtLcZ1IFD_HEqPB1CHnZRuF-iNr3qJjRKlJl1wTfRY2cCkYaZicxMe4NiwuEywJIn6nnlFXH_kv44RU2WqhugrFvysGPZerZ_h...	12 KB 4 KB	131ms 35ms	Document text/html	69.16.175.10 STACKPATH-CDN
General Check archive.org Show headers Download Go to Full URL https://k9j5t5p4.ssl.hwcdn.net/bing/search.html?cep=rLYp0kBC6IaBT60EYZCwrcB2rWfrM8tXdLeP5qeDJ7SNSySgtLcZ1IFD_HEqPB1CHnZRuF-iNr3qJjRKlJl1wTfRY2cCkYaZicxMe4NiwuEywJIn6nnlFXH_kv44RU2WqhugrFvysGPZerZ_hnT0VfbzItorAj_8mQiIdwajs8eHgSWgxJvMop8Ltnrt2h0xAovxsr2l9oi9X4TlhNddeJ0scyIETBEAIptVRvnaw1RWv-8vOQpZyYO50uyxQQeYaKtunlelw2vElUu_pQDOsJlg6baV-7tBdTvA8QHsmHjOzBd5HYLzE80_HsXyjYjE3jJc_tLnJVTH_gyraJ-t9y8vR9qEZwaCrMsYdOcvL-_TQrf5jyn3oqUXuziDQT79w9eJPwfGY1gUE7o3QsrLQMoO4yhTfoXy53FKHyQzpu2u5N8fn32ObZAhsnQJjpPHcFyyJ8kULRIlha5p81bFLw&lptoken=165c66e7888b99ea7459&c2=5971&c1=5wpktt7ek3owdxh4tg5gks0sc%2C16628570%2C5%2C5971 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 69.16.175.10 , United States, ASN20446 (STACKPATH-CDN, US), Reverse DNS hwcdn.net Software WasabiS3/7.7.900-2022-08-19-6bff245bcf (head08) / Resource Hash `2e0c77e31bf6fbe26c768a1a2f887ea01a8d5ee3c73b5aa5a3067c35ff79e69b` Request headers Referer https://1d6cd5e0413.999traffic.com/?p=5971&media_type=mainstream&click_id=635ab1eed1baf8000105cf1b&pi=943-690110 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Accept-Ranges bytes Access-Control-Allow-Origin * Cache-Control max-age=31536000 Connection Keep-Alive Content-Encoding gzip Content-Length 3825 Content-Type text/html Date Thu, 27 Oct 2022 16:29:34 GMT ETag "353efcbbb0d9f329fcb72d951e78b0af" Last-Modified Tue, 13 Sep 2022 07:52:04 GMT Server WasabiS3/7.7.900-2022-08-19-6bff245bcf (head08) X-HW 1666888174.dop145.fr8.t,1666888174.cds235.fr8.shn,1666888174.dop145.fr8.t,1666888174.cds260.fr8.c x-amz-id-2 M7b/FgmEhH5i/mXvJwtheOjfToLa9RRWVpariiV7xr5ICb/LPX/11Ztmr1X/Pb43zp6hgbxzNTIG x-amz-request-id 87FE7268C94F109B Redirect headers cache-control no-store, no-cache, pre-check=0, post-check=0 content-length 0 date Thu, 27 Oct 2022 16:29:34 GMT expires Thu, 01 Jan 1970 00:00:00 GMT location https://k9j5t5p4.ssl.hwcdn.net/bing/search.html?cep=rLYp0kBC6IaBT60EYZCwrcB2rWfrM8tXdLeP5qeDJ7SNSySgtLcZ1IFD_HEqPB1CHnZRuF-iNr3qJjRKlJl1wTfRY2cCkYaZicxMe4NiwuEywJIn6nnlFXH_kv44RU2WqhugrFvysGPZerZ_hnT0VfbzItorAj_8mQiIdwajs8eHgSWgxJvMop8Ltnrt2h0xAovxsr2l9oi9X4TlhNddeJ0scyIETBEAIptVRvnaw1RWv-8vOQpZyYO50uyxQQeYaKtunlelw2vElUu_pQDOsJlg6baV-7tBdTvA8QHsmHjOzBd5HYLzE80_HsXyjYjE3jJc_tLnJVTH_gyraJ-t9y8vR9qEZwaCrMsYdOcvL-_TQrf5jyn3oqUXuziDQT79w9eJPwfGY1gUE7o3QsrLQMoO4yhTfoXy53FKHyQzpu2u5N8fn32ObZAhsnQJjpPHcFyyJ8kULRIlha5p81bFLw&lptoken=165c66e7888b99ea7459&c2=5971&c1=5wpktt7ek3owdxh4tg5gks0sc%2C16628570%2C5%2C5971 pragma no-cache server nginx
GET H/1.1	200 OK	blogo.png k9j5t5p4.ssl.hwcdn.net/bing/	7 KB 8 KB	25ms 25ms	Image image/png	69.16.175.10 STACKPATH-CDN
General Check archive.org Show headers Download Go to Show image Full URL https://k9j5t5p4.ssl.hwcdn.net/bing/blogo.png Requested by Host: k9j5t5p4.ssl.hwcdn.net URL: https://k9j5t5p4.ssl.hwcdn.net/bing/search.html?cep=rLYp0kBC6IaBT60EYZCwrcB2rWfrM8tXdLeP5qeDJ7SNSySgtLcZ1IFD_HEqPB1CHnZRuF-iNr3qJjRKlJl1wTfRY2cCkYaZicxMe4NiwuEywJIn6nnlFXH_kv44RU2WqhugrFvysGPZerZ_hnT0VfbzItorAj_8mQiIdwajs8eHgSWgxJvMop8Ltnrt2h0xAovxsr2l9oi9X4TlhNddeJ0scyIETBEAIptVRvnaw1RWv-8vOQpZyYO50uyxQQeYaKtunlelw2vElUu_pQDOsJlg6baV-7tBdTvA8QHsmHjOzBd5HYLzE80_HsXyjYjE3jJc_tLnJVTH_gyraJ-t9y8vR9qEZwaCrMsYdOcvL-_TQrf5jyn3oqUXuziDQT79w9eJPwfGY1gUE7o3QsrLQMoO4yhTfoXy53FKHyQzpu2u5N8fn32ObZAhsnQJjpPHcFyyJ8kULRIlha5p81bFLw&lptoken=165c66e7888b99ea7459&c2=5971&c1=5wpktt7ek3owdxh4tg5gks0sc%2C16628570%2C5%2C5971 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 69.16.175.10 , United States, ASN20446 (STACKPATH-CDN, US), Reverse DNS hwcdn.net Software WasabiS3/7.7.900-2022-08-19-6bff245bcf (head08) / Resource Hash `f1f97ddb28a4925de8234dd9a91b0cd8d5e8d050e2a2f5993ecffc278e733c37` Request headers accept-language de-DE,de;q=0.9 Referer https://k9j5t5p4.ssl.hwcdn.net/bing/search.html?cep=rLYp0kBC6IaBT60EYZCwrcB2rWfrM8tXdLeP5qeDJ7SNSySgtLcZ1IFD_HEqPB1CHnZRuF-iNr3qJjRKlJl1wTfRY2cCkYaZicxMe4NiwuEywJIn6nnlFXH_kv44RU2WqhugrFvysGPZerZ_hnT0VfbzItorAj_8mQiIdwajs8eHgSWgxJvMop8Ltnrt2h0xAovxsr2l9oi9X4TlhNddeJ0scyIETBEAIptVRvnaw1RWv-8vOQpZyYO50uyxQQeYaKtunlelw2vElUu_pQDOsJlg6baV-7tBdTvA8QHsmHjOzBd5HYLzE80_HsXyjYjE3jJc_tLnJVTH_gyraJ-t9y8vR9qEZwaCrMsYdOcvL-_TQrf5jyn3oqUXuziDQT79w9eJPwfGY1gUE7o3QsrLQMoO4yhTfoXy53FKHyQzpu2u5N8fn32ObZAhsnQJjpPHcFyyJ8kULRIlha5p81bFLw&lptoken=165c66e7888b99ea7459&c2=5971&c1=5wpktt7ek3owdxh4tg5gks0sc%2C16628570%2C5%2C5971 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Date Thu, 27 Oct 2022 16:29:34 GMT Last-Modified Mon, 12 Sep 2022 17:52:53 GMT Server WasabiS3/7.7.900-2022-08-19-6bff245bcf (head08) x-amz-request-id DED9A693E5FF917E ETag "0cf8d7eff944be4c1291e59790d6f38c" X-HW 1666888174.dop145.fr8.t,1666888174.cds235.fr8.shn,1666888174.dop145.fr8.t,1666888174.cds168.fr8.c Content-Type image/png Access-Control-Allow-Origin * Cache-Control max-age=31536000 Connection Keep-Alive Accept-Ranges bytes Content-Length 7676 x-amz-id-2 jdRlybmmR56kE0/2kHEEqiDpesiIwR9sgMYZ6Qt8N7SfJWm+Nhs1FFYXVT1OsnILDmANYGlNuKO5

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
creviceonion.com/	1970-01-20 07:44:40	Name: uid15295 Value: 1297605354-20221027122933-fa145996671fd0c5ac9ecd220de0f7b8-
lynku.jukminung.com/	1970-01-20 07:11:32	Name: AWSALB Value: 2yCDHPD/WvBJAysd7HawynWahtJXPAzGEAwuCgeHDVLBW70MWfdN3vVEB6Mgfx67dGxSQvA7wXUT5PrRhEC+BR9cZhiQyY4G3RA2XQfK+a1stkPZKIRRajAh7i5/
track.adclickbyte.com/	1970-01-20 15:47:04	Name: afclick Value: 635ab1eed1baf8000105cf1b
track.adclickbyte.com/	1970-01-20 15:47:04	Name: afoffers Value: {"2261226":1666888174}
.jukminung.com/	1970-01-20 07:01:29	Name: __cf_bm Value: onG.I3DW6iGfxH0j6WP0mFE1RAf_PkWtET4qISqxBe0-1666888174-0-AfuC76+mwPe3dpJvfNpfU62UETs2LVcqITFG6eESrKStrQnj45tyYLXK3niq0r7sav0PicUgZmjk4RgeIFvJPHgRchXtFzVeMfI7ZWu7ZKZ+3dsyETTIwCQViMkOISxIUA==
.1d6cd5e0413.999traffic.com/	1970-01-20 07:01:28	Name: rts-trck Value: 1
.999traffic.com/	1970-01-20 16:37:28	Name: t-uuid Value: 5wpktt7ex1184r1czmdz4wcwk
.999traffic.com/	1970-01-20 07:01:28	Name: traffic-back Value: ok
.optiestrycended.com/	1970-01-20 07:02:54	Name: bf0465cf-e980-478d-87f2-27d14b1b731e-v4 Value: lDXVhsvM6VUfRZX9MDHoANecJfh8gWrO0xVJ7eBiXPA
.optiestrycended.com/	1970-01-20 07:02:54	Name: cep-v4 Value: MEwQVqLmpPshTIyl2hTuy7bhb7u4nvMJAWLsXZvfgBimPHxfDFFMXC7hReEuhJ2kRdF4AQBxJXxnqXVLfR4wAc988iTG1MUsdmzzt4gV5Tl_NWp5Q0MhikwDslqqaaYU7OhIuHecJlgkLeFrJrs-hYOpSomQJebdoofkrhan9sp06EM-g7w7WaS2c1-yJykGtuNwh6lCxrAcvy2E8REaKZN1346eap87iQmRdx9yhp_LKCDGiE38ydr0N2lKNuF-lX68bzJvh7nadEazPA8l_DqDOaxKxm2mm_-vbEfddOcVYCLxiXI_ZszvojjarA8mX0BLgR7qFL-dafoHDy-KNCjRXll3vjHqvVuQLE4IHpktiE0QirY7n-NJraGP7L4fDMsekRjyF3-AJ_xp39ZX1bLwgBK2dasysKeuFQMEaqFyMStu_93gS3fnqGXHRC3gnL5446sZKPZlDHgWgWHUbw

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1d6cd5e0413.999traffic.com
cdn.addlnk.com
creviceonion.com
k9j5t5p4.ssl.hwcdn.net
lynku.jukminung.com
optiestrycended.com
s3.amazonaws.com
track.adclickbyte.com
18.156.93.177
185.57.81.130
2606:4700:3030::ac43:bfdd
2606:4700:3031::ac43:92ee
34.147.12.223
52.217.11.78
69.16.175.10
78.138.127.114
94.237.99.118
2e0c77e31bf6fbe26c768a1a2f887ea01a8d5ee3c73b5aa5a3067c35ff79e69b
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1
c902de753e77750ee472c20704639b4665a12e42a8432858da020c540c9fcc1b
cb0c6d4977b82babe34a1d30b345cb9c62efe6fb7a11b984e74c82c09f146d18
f1f97ddb28a4925de8234dd9a91b0cd8d5e8d050e2a2f5993ecffc278e733c37

k9j5t5p4.ssl.hwcdn.net Open in urlscan Pro 69.16.175.10 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

10 Requests

100 %HTTPS

22 %IPv6

8 Domains

8 Subdomains

6 IPs

6 Countries

41 kBTransfer

90 kBSize

10 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

10 Cookies

Indicators

k9j5t5p4.ssl.hwcdn.net Open in urlscan Pro
69.16.175.10 Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

22 %
IPv6

8
Domains

8
Subdomains

6
IPs

6
Countries

41 kB
Transfer

90 kB
Size

10
Cookies

10 HTTP transactions
0 data transactions