stub.linktothesafeplayer.click Open in urlscan Pro
3.144.207.224 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://youtihe.com/
Effective URL:
https://stub.linktothesafeplayer.click/kruy?fhst=2r2EPjwMddYzkJcZL0vmUVYvwuG-44bhCpZPyU9wjgc.&&cid=zrca750b42cb0411eeba4e0a7f1e64b7db19...
Submission: On February 14 via api (February 14th 2024, 6:46:44 am UTC) from SG — Scanned from SG

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 6 domains to perform 11 HTTP transactions. The main IP is 3.144.207.224, located in Columbus, United States and belongs to AMAZON-02, US. The main domain is stub.linktothesafeplayer.click.
TLS certificate: Issued by R3 on January 27th 2024. Valid for: 3 months.

This is the only time stub.linktothesafeplayer.click was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Apple Software Update (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	46.8.8.100 46.8.8.100	60592 (GRANSY Gr...) (GRANSY Gransy s.r.o. gransy.com)
2	44.210.224.67 44.210.224.67	14618 (AMAZON-AES) (AMAZON-AES)
2 2	137.74.180.226 137.74.180.226	16276 (OVH) (OVH)
1	3.144.207.224 3.144.207.224	16509 (AMAZON-02) (AMAZON-02)
1	172.253.118.95 172.253.118.95	15169 (GOOGLE) (GOOGLE)
7	13.33.100.120 13.33.100.120	16509 (AMAZON-02) (AMAZON-02)
11	4

1 46.8.8.100 (Prague, Czech Republic) 1 redirects

ASN60592 (GRANSY Gransy s.r.o. gransy.com, CZ)

youtihe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.210.224.67 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-210-224-67.compute-1.amazonaws.com

junon-amn.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 137.74.180.226 (France) 2 redirects

ASN16276 (OVH, FR)
PTR: ip226.ip-137-74-180.eu

kr1.admedit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.144.207.224 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-144-207-224.us-east-2.compute.amazonaws.com

stub.linktothesafeplayer.click	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.253.118.95 (United States)

ASN15169 (GOOGLE, US)
PTR: sl-in-f95.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 13.33.100.120 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-100-120.sin2.r.cloudfront.net

dlmn5z55ga5wj.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	cloudfront.net dlmn5z55ga5wj.cloudfront.net	2 MB
2	admedit.net 2 redirects kr1.admedit.net	757 B
2	junon-amn.info junon-amn.info — Cisco Umbrella Rank: 314554	3 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 48	1017 B
1	linktothesafeplayer.click stub.linktothesafeplayer.click	4 KB
1	youtihe.com 1 redirects youtihe.com	300 B
11	6

	Domain	Requested by
7	dlmn5z55ga5wj.cloudfront.net	stub.linktothesafeplayer.click
2	kr1.admedit.net	2 redirects
2	junon-amn.info	junon-amn.info
1	fonts.googleapis.com	stub.linktothesafeplayer.click
1	stub.linktothesafeplayer.click	junon-amn.info
1	youtihe.com	1 redirects
11	6

This site contains no links.

Subject Issuer	Validity	Valid
junon-amn.info Amazon RSA 2048 M02	`2024-01-23` - `2025-02-20`	a year	crt.sh
stub.linktothesafeplayer.click R3	`2024-01-27` - `2024-04-26`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://stub.linktothesafeplayer.click/kruy?fhst=2r2EPjwMddYzkJcZL0vmUVYvwuG-44bhCpZPyU9wjgc.&&cid=zrca750b42cb0411eeba4e0a7f1e64b7db19ba53e49ad24e0eb509cc4c5451efe207995090354578fa0a&sid=alpha-key-1o94lqm626
Frame ID: 44B930EE9491759CD9F36AED53649322
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

SpaceTab

Page URL History Show full URLs

http://youtihe.com/ HTTP 301
https://junon-amn.info/zclkvisitor/ca750b42-cb04-11ee-ba4e-0a7f1e64b7db/b71e37a0-18cb-11ea-9f38-0a1... Page URL
https://junon-amn.info/zclkredirect?visitid=ca750b42-cb04-11ee-ba4e-0a7f1e64b7db&type=js&browserWid... Page URL
https://kr1.admedit.net/advertise/?adown=831&cmp=3207&ctrack=zrca750b42cb0411eeba4e0a7f1e64b7db19ba5... HTTP 302
https://kr1.admedit.net/advertise/refine.php?adown=831&ptrack=alpha-key-1o94lqm626&ctrack=zrca750b42... HTTP 302
https://stub.linktothesafeplayer.click/kruy?fhst=2r2EPjwMddYzkJcZL0vmUVYvwuG-44bhCpZPyU9wjgc.&&cid=zrca750b42cb0411... Page URL

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

11
Requests

100 %
HTTPS

0 %
IPv6

6
Domains

6
Subdomains

4
IPs

3
Countries

2346 kB
Transfer

2355 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://youtihe.com/ HTTP 301
https://junon-amn.info/zclkvisitor/ca750b42-cb04-11ee-ba4e-0a7f1e64b7db/b71e37a0-18cb-11ea-9f38-0a157bfa6bfc?campaignid=9741d9b0-c03c-11ee-a2d9-0a4ababc2193 Page URL
https://junon-amn.info/zclkredirect?visitid=ca750b42-cb04-11ee-ba4e-0a7f1e64b7db&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected%20%20%20%20%20%20%20%20=false&usingEventListener=true Page URL
https://kr1.admedit.net/advertise/?adown=831&cmp=3207&ctrack=zrca750b42cb0411eeba4e0a7f1e64b7db19ba53e49ad24e0eb509cc4c5451efe207995090354578fa0a&ptrack=alpha-key-1o94lqm626 HTTP 302
https://kr1.admedit.net/advertise/refine.php?adown=831&ptrack=alpha-key-1o94lqm626&ctrack=zrca750b42cb0411eeba4e0a7f1e64b7db19ba53e49ad24e0eb509cc4c5451efe207995090354578fa0a&cmp=3207&t=1707893195&rh=7&avs=avs3&utm_src=7&sids=3 HTTP 302
https://stub.linktothesafeplayer.click/kruy?fhst=2r2EPjwMddYzkJcZL0vmUVYvwuG-44bhCpZPyU9wjgc.&&cid=zrca750b42cb0411eeba4e0a7f1e64b7db19ba53e49ad24e0eb509cc4c5451efe207995090354578fa0a&sid=alpha-key-1o94lqm626 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://youtihe.com/ HTTP 301
https://junon-amn.info/zclkvisitor/ca750b42-cb04-11ee-ba4e-0a7f1e64b7db/b71e37a0-18cb-11ea-9f38-0a157bfa6bfc?campaignid=9741d9b0-c03c-11ee-a2d9-0a4ababc2193

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

b71e37a0-18cb-11ea-9f38-0a157bfa6bfc Show response
junon-amn.info/zclkvisitor/ca750b42-cb04-11ee-ba4e-0a7f1e64b7db/
Redirect Chain

http://youtihe.com/
https://junon-amn.info/zclkvisitor/ca750b42-cb04-11ee-ba4e-0a7f1e64b7db/b71e37a0-18cb-11ea-9f38-0a157bfa6bfc?campaignid=9741d9b0-c03c-11ee-a2d9-0a4ababc2193

2 KB
2 KB

763ms
249ms

Document
text/html

44.210.224.67
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://junon-amn.info/zclkvisitor/ca750b42-cb04-11ee-ba4e-0a7f1e64b7db/b71e37a0-18cb-11ea-9f38-0a157bfa6bfc?campaignid=9741d9b0-c03c-11ee-a2d9-0a4ababc2193

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.210.224.67 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-210-224-67.compute-1.amazonaws.com

Software

UsMPsuao /

Resource Hash

bcd760955c9734b3abfc4ef92006ad01f7cc1e373ef6b280080f7f8bbaecfe38

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

access-control-allow-headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: *
cache-control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
content-type: text/html;charset=UTF-8
date: Wed, 14 Feb 2024 06:46:33 GMT
server: UsMPsuao
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-webkit-csp: default-src 'self'; script-src 'self' 'unsafe-inline'

Redirect headers

Content-Length: 191
Content-Type: text/html; charset=utf-8
Date: Wed, 14 Feb 2024 06:46:33 GMT
Location: https://junon-amn.info/zclkvisitor/ca750b42-cb04-11ee-ba4e-0a7f1e64b7db/b71e37a0-18cb-11ea-9f38-0a157bfa6bfc?campaignid=9741d9b0-c03c-11ee-a2d9-0a4ababc2193

GET
H2 200 zclkredirect
junon-amn.info/ 528 B
1000 B 510ms
509ms Document
text/html 44.210.224.67
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://junon-amn.info/zclkredirect?visitid=ca750b42-cb04-11ee-ba4e-0a7f1e64b7db&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected%20%20%20%20%20%20%20%20=false&usingEventListener=true

Requested by

Host: junon-amn.info
URL: https://junon-amn.info/zclkvisitor/ca750b42-cb04-11ee-ba4e-0a7f1e64b7db/b71e37a0-18cb-11ea-9f38-0a157bfa6bfc?campaignid=9741d9b0-c03c-11ee-a2d9-0a4ababc2193

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.210.224.67 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-210-224-67.compute-1.amazonaws.com

Software

WMdtWqRq /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Referer: https://junon-amn.info/zclkvisitor/ca750b42-cb04-11ee-ba4e-0a7f1e64b7db/b71e37a0-18cb-11ea-9f38-0a157bfa6bfc?campaignid=9741d9b0-c03c-11ee-a2d9-0a4ababc2193
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

access-control-allow-headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: *
cache-control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
content-type: text/html;charset=UTF-8
date: Wed, 14 Feb 2024 06:46:34 GMT
redirected: JS
server: WMdtWqRq
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-webkit-csp: default-src 'self'; script-src 'self' 'unsafe-inline'

GET
H/1.1

200
OK

Primary Request kruy Show response
stub.linktothesafeplayer.click/
Redirect Chain

https://kr1.admedit.net/advertise/?adown=831&cmp=3207&ctrack=zrca750b42cb0411eeba4e0a7f1e64b7db19ba53e49ad24e0eb509cc4c5451efe207995090354578fa0a&ptrack=alpha-key-1o94lqm626
https://kr1.admedit.net/advertise/refine.php?adown=831&ptrack=alpha-key-1o94lqm626&ctrack=zrca750b42cb0411eeba4e0a7f1e64b7db19ba53e49ad24e0eb509cc4c5451efe207995090354578fa0a&cmp=3207&t=1707893195&...
https://stub.linktothesafeplayer.click/kruy?fhst=2r2EPjwMddYzkJcZL0vmUVYvwuG-44bhCpZPyU9wjgc.&&cid=zrca750b42cb0411eeba4e0a7f1e64b7db19ba53e49ad24e0eb509cc4c5451efe207995090354578fa0a&sid=alpha-key...

18 KB
4 KB

1047ms
264ms

Document
text/html

3.144.207.224
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://stub.linktothesafeplayer.click/kruy?fhst=2r2EPjwMddYzkJcZL0vmUVYvwuG-44bhCpZPyU9wjgc.&&cid=zrca750b42cb0411eeba4e0a7f1e64b7db19ba53e49ad24e0eb509cc4c5451efe207995090354578fa0a&sid=alpha-key-1o94lqm626
Requested by: Host: junon-amn.info
URL: https://junon-amn.info/zclkredirect?visitid=ca750b42-cb04-11ee-ba4e-0a7f1e64b7db&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected%20%20%20%20%20%20%20%20=false&usingEventListener=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 3.144.207.224 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-144-207-224.us-east-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 6014f37d6930e6f82b8f98e19e6155e81e6ae341c1dd6bd3283b5886c2383b31

Request headers

Referer: https://junon-amn.info/zclkredirect?visitid=ca750b42-cb04-11ee-ba4e-0a7f1e64b7db&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected%20%20%20%20%20%20%20%20=false&usingEventListener=true
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 14 Feb 2024 06:46:36 GMT
Server: nginx
Transfer-Encoding: chunked

Redirect headers

Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Wed, 14 Feb 2024 06:46:35 GMT
Location: https://stub.linktothesafeplayer.click/kruy?fhst=2r2EPjwMddYzkJcZL0vmUVYvwuG-44bhCpZPyU9wjgc.&&cid=zrca750b42cb0411eeba4e0a7f1e64b7db19ba53e49ad24e0eb509cc4c5451efe207995090354578fa0a&sid=alpha-key-1o94lqm626
Server: nginx
Transfer-Encoding: chunked

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
1017 B 356ms
23ms Stylesheet
text/css 172.253.118.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto&display=swap

Requested by

Host: stub.linktothesafeplayer.click
URL: https://stub.linktothesafeplayer.click/kruy?fhst=2r2EPjwMddYzkJcZL0vmUVYvwuG-44bhCpZPyU9wjgc.&&cid=zrca750b42cb0411eeba4e0a7f1e64b7db19ba53e49ad24e0eb509cc4c5451efe207995090354578fa0a&sid=alpha-key-1o94lqm626

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.118.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f95.1e100.net

Software

ESF /

Resource Hash

838e680ca964a26c94665951577f3f0902ef54de2ee063d3465f22945dc44afa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://stub.linktothesafeplayer.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 14 Feb 2024 06:46:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 14 Feb 2024 05:29:40 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 14 Feb 2024 06:46:36 GMT

GET
H2 200 logo.png
dlmn5z55ga5wj.cloudfront.net/lps/spacetab/ 23 KB
23 KB 581ms
59ms Image
image/png 13.33.100.120
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dlmn5z55ga5wj.cloudfront.net/lps/spacetab/logo.png
Requested by: Host: stub.linktothesafeplayer.click
URL: https://stub.linktothesafeplayer.click/kruy?fhst=2r2EPjwMddYzkJcZL0vmUVYvwuG-44bhCpZPyU9wjgc.&&cid=zrca750b42cb0411eeba4e0a7f1e64b7db19ba53e49ad24e0eb509cc4c5451efe207995090354578fa0a&sid=alpha-key-1o94lqm626
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.100.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-100-120.sin2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 56cf391cd84bd42a8ff3065b6b0009242b99f6ad9fcd849b0f2bd71583a32e60

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://stub.linktothesafeplayer.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 09:19:32 GMT
via: 1.1 4187f012ebd71eb85a8870ea46453784.cloudfront.net (CloudFront)
last-modified: Tue, 28 Mar 2023 11:57:37 GMT
server: AmazonS3
x-amz-cf-pop: SIN2-P2
age: 77225
etag: "bdb0034434780d0429f015e00ba76855"
x-amz-meta-origin-date-iso8601: 2023-03-28T11:49:48.720Z
x-amz-server-side-encryption: AES256
content-type: image/png
x-cache: Hit from cloudfront
accept-ranges: bytes
content-length: 23058
x-amz-cf-id: J6H-3F0_2slJdAASBMr_3B0dZGpZErS8uxFB_R_qeoxO7QJoRb0ymQ==

GET
H2 200 store.png
dlmn5z55ga5wj.cloudfront.net/lps/spacetab/ 10 KB
10 KB 543ms
22ms Image
image/png 13.33.100.120
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dlmn5z55ga5wj.cloudfront.net/lps/spacetab/store.png
Requested by: Host: stub.linktothesafeplayer.click
URL: https://stub.linktothesafeplayer.click/kruy?fhst=2r2EPjwMddYzkJcZL0vmUVYvwuG-44bhCpZPyU9wjgc.&&cid=zrca750b42cb0411eeba4e0a7f1e64b7db19ba53e49ad24e0eb509cc4c5451efe207995090354578fa0a&sid=alpha-key-1o94lqm626
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.100.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-100-120.sin2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 98ac999ce8b3550b3ced5ce7692cd90b3938675cf2a5126617999ea6fda1376c

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://stub.linktothesafeplayer.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 02:55:33 GMT
via: 1.1 4187f012ebd71eb85a8870ea46453784.cloudfront.net (CloudFront)
last-modified: Tue, 28 Mar 2023 11:57:37 GMT
server: AmazonS3
x-amz-cf-pop: SIN2-P2
age: 13865
x-amz-server-side-encryption: AES256
x-amz-meta-origin-date-iso8601: 2023-03-28T11:49:48.700Z
vary: Accept-Encoding
etag: "d554d50717e1911ec4a4d561feec8eeb"
content-type: image/png
x-cache: Hit from cloudfront
accept-ranges: bytes
content-length: 9996
x-amz-cf-id: uCtStBjwXak-KUhSWhXzNyuZKO3JZOPeklao0ZFl6NStHWJEm4bfmA==

GET
H2 200 arrow__blue.png
dlmn5z55ga5wj.cloudfront.net/lps/flash_mac/images/ 2 KB
3 KB 1420ms
917ms Image
image/png 13.33.100.120
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dlmn5z55ga5wj.cloudfront.net/lps/flash_mac/images/arrow__blue.png
Requested by: Host: stub.linktothesafeplayer.click
URL: https://stub.linktothesafeplayer.click/kruy?fhst=2r2EPjwMddYzkJcZL0vmUVYvwuG-44bhCpZPyU9wjgc.&&cid=zrca750b42cb0411eeba4e0a7f1e64b7db19ba53e49ad24e0eb509cc4c5451efe207995090354578fa0a&sid=alpha-key-1o94lqm626
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.100.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-100-120.sin2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5bbee510c3b5965532d53185cadd47753740b6445f2b9bded3849424fcd2661a

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://stub.linktothesafeplayer.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 06:46:37 GMT
via: 1.1 4187f012ebd71eb85a8870ea46453784.cloudfront.net (CloudFront)
last-modified: Wed, 30 May 2018 18:11:30 GMT
server: AmazonS3
x-amz-cf-pop: SIN2-P2
age: 2245
etag: "6d26faedbdd557f7dcd86e9060de347f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2266
x-amz-cf-id: i-X3A99b_EwBPiB9qBT57aA_8BKhA7JwDPtKq-AFyA2l0hmFdmuxTw==

GET
H2 200 pattern__safari1.jpg
dlmn5z55ga5wj.cloudfront.net/lps/flash_mac/images/ 25 KB
25 KB 1455ms
953ms Image
image/jpeg 13.33.100.120
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dlmn5z55ga5wj.cloudfront.net/lps/flash_mac/images/pattern__safari1.jpg
Requested by: Host: stub.linktothesafeplayer.click
URL: https://stub.linktothesafeplayer.click/kruy?fhst=2r2EPjwMddYzkJcZL0vmUVYvwuG-44bhCpZPyU9wjgc.&&cid=zrca750b42cb0411eeba4e0a7f1e64b7db19ba53e49ad24e0eb509cc4c5451efe207995090354578fa0a&sid=alpha-key-1o94lqm626
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.100.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-100-120.sin2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7b4d70d5fb64a31f115e1e853b7272e1415ffec2234e78e00847350c23d607fe

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://stub.linktothesafeplayer.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 06:46:37 GMT
via: 1.1 4187f012ebd71eb85a8870ea46453784.cloudfront.net (CloudFront)
last-modified: Wed, 30 May 2018 18:11:28 GMT
server: AmazonS3
x-amz-cf-pop: SIN2-P2
age: 2245
etag: "918dfef192de7b99284e969e75d6cc29"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 25293
x-amz-cf-id: 0Kzzf91qmuaGffpjwl1aR-YZUqzh_ApZ-oaSCzpLOpNDGt1pZ-OhSQ==

GET
H2 200 pattern__safari-arrow.png
dlmn5z55ga5wj.cloudfront.net/lps/flash_mac/images/ 3 KB
4 KB 522ms
21ms Image
image/png 13.33.100.120
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dlmn5z55ga5wj.cloudfront.net/lps/flash_mac/images/pattern__safari-arrow.png
Requested by: Host: stub.linktothesafeplayer.click
URL: https://stub.linktothesafeplayer.click/kruy?fhst=2r2EPjwMddYzkJcZL0vmUVYvwuG-44bhCpZPyU9wjgc.&&cid=zrca750b42cb0411eeba4e0a7f1e64b7db19ba53e49ad24e0eb509cc4c5451efe207995090354578fa0a&sid=alpha-key-1o94lqm626
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.100.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-100-120.sin2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7c48ecdfda540af22ecb4d9638c8c0082e401cc4b45aa2df46c976ec80d38c12

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://stub.linktothesafeplayer.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 04:13:48 GMT
via: 1.1 4187f012ebd71eb85a8870ea46453784.cloudfront.net (CloudFront)
last-modified: Wed, 30 May 2018 18:10:05 GMT
server: AmazonS3
x-amz-cf-pop: SIN2-P2
age: 9170
etag: "496171f7f5272b0c3b8ae1d526110caf"
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 3478
x-amz-cf-id: 8r6IXueoccIxkCCfOzAYHluGZp-pc9-bqxLuFW1rTS5PxlPpdCS3xg==

GET
H2 200 back.jpg
dlmn5z55ga5wj.cloudfront.net/lps/spacetab/ 2 MB
2 MB 186ms
23ms Image
image/jpeg 13.33.100.120
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dlmn5z55ga5wj.cloudfront.net/lps/spacetab/back.jpg
Requested by: Host: stub.linktothesafeplayer.click
URL: https://stub.linktothesafeplayer.click/kruy?fhst=2r2EPjwMddYzkJcZL0vmUVYvwuG-44bhCpZPyU9wjgc.&&cid=zrca750b42cb0411eeba4e0a7f1e64b7db19ba53e49ad24e0eb509cc4c5451efe207995090354578fa0a&sid=alpha-key-1o94lqm626
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.100.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-100-120.sin2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: aa5f0a09e04cc268d773bc13764aa13b3eacfd04249033a84a037916e6df27ea

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://stub.linktothesafeplayer.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 09:19:33 GMT
via: 1.1 4187f012ebd71eb85a8870ea46453784.cloudfront.net (CloudFront)
last-modified: Tue, 28 Mar 2023 11:57:38 GMT
server: AmazonS3
x-amz-cf-pop: SIN2-P2
age: 77225
etag: "7587bf76efb7e2a66f3c8c1817c2ce38"
x-amz-meta-origin-date-iso8601: 2023-03-28T11:49:49.013Z
x-amz-server-side-encryption: AES256
content-type: image/jpeg
x-cache: Hit from cloudfront
accept-ranges: bytes
content-length: 2324270
x-amz-cf-id: n6Dyc_Y6hYLd-v_4syby10TXbsUuxUyqboswVAhGLXdjJlH_Fv0cGg==

GET
H2 200 download_arrow.png
dlmn5z55ga5wj.cloudfront.net/lps/download_ext/images/ 173 B
541 B 176ms
19ms Image
image/png 13.33.100.120
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dlmn5z55ga5wj.cloudfront.net/lps/download_ext/images/download_arrow.png
Requested by: Host: stub.linktothesafeplayer.click
URL: https://stub.linktothesafeplayer.click/kruy?fhst=2r2EPjwMddYzkJcZL0vmUVYvwuG-44bhCpZPyU9wjgc.&&cid=zrca750b42cb0411eeba4e0a7f1e64b7db19ba53e49ad24e0eb509cc4c5451efe207995090354578fa0a&sid=alpha-key-1o94lqm626
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.100.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-100-120.sin2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8e32d99e816a42958b9473f470a2600963602981007576d85220044e6137965b

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://stub.linktothesafeplayer.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 09:19:33 GMT
via: 1.1 4187f012ebd71eb85a8870ea46453784.cloudfront.net (CloudFront)
last-modified: Thu, 20 Aug 2020 10:15:02 GMT
server: AmazonS3
x-amz-cf-pop: SIN2-P2
age: 77225
etag: "551bb1d3f364bc5fd05bf6e99b16bfc0"
x-amz-meta-origin-date-iso8601: 2020-08-20T10:08:40.000Z
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 173
x-amz-cf-id: nR08VJFM3QKQJJK6XAkRdf-c_8YDOgf2N1YW680ezUOzMqTiYLk6FQ==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Apple Software Update (Online)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| hide_download function| showStep function| fillProgressBar function| addEvent

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
stub.linktothesafeplayer.click/	1970-01-20 18:24:54	Name: channel Value: kra_ChextSpaceT_allg
stub.linktothesafeplayer.click/	1970-01-20 18:24:54	Name: dist_id Value: 8893
stub.linktothesafeplayer.click/	1970-01-20 18:24:54	Name: lp_id Value: 3447

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dlmn5z55ga5wj.cloudfront.net
fonts.googleapis.com
junon-amn.info
kr1.admedit.net
stub.linktothesafeplayer.click
youtihe.com
13.33.100.120
137.74.180.226
172.253.118.95
3.144.207.224
44.210.224.67
46.8.8.100
56cf391cd84bd42a8ff3065b6b0009242b99f6ad9fcd849b0f2bd71583a32e60
5bbee510c3b5965532d53185cadd47753740b6445f2b9bded3849424fcd2661a
6014f37d6930e6f82b8f98e19e6155e81e6ae341c1dd6bd3283b5886c2383b31
7b4d70d5fb64a31f115e1e853b7272e1415ffec2234e78e00847350c23d607fe
7c48ecdfda540af22ecb4d9638c8c0082e401cc4b45aa2df46c976ec80d38c12
838e680ca964a26c94665951577f3f0902ef54de2ee063d3465f22945dc44afa
8e32d99e816a42958b9473f470a2600963602981007576d85220044e6137965b
98ac999ce8b3550b3ced5ce7692cd90b3938675cf2a5126617999ea6fda1376c
aa5f0a09e04cc268d773bc13764aa13b3eacfd04249033a84a037916e6df27ea
bcd760955c9734b3abfc4ef92006ad01f7cc1e373ef6b280080f7f8bbaecfe38

stub.linktothesafeplayer.click Open in urlscan Pro 3.144.207.224 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

11 Requests

100 %HTTPS

0 %IPv6

6 Domains

6 Subdomains

4 IPs

3 Countries

2346 kBTransfer

2355 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

3 Cookies

Security Headers

Indicators

stub.linktothesafeplayer.click Open in urlscan Pro
3.144.207.224 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

0 %
IPv6

6
Domains

6
Subdomains

4
IPs

3
Countries

2346 kB
Transfer

2355 kB
Size

3
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!