k9j5t5p4.ssl.hwcdn.net Open in urlscan Pro
69.16.175.42 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://storage.googleapis.com/reaganstarkyjs/fqH9HaA.html#rbAjsH.xjwf7sy2?fq7nMPcc6Vn6cxZmTcdcWscyc7s8Rjfkwcbbb4P
Effective URL:
https://k9j5t5p4.ssl.hwcdn.net/bing/search.html?cep=JeuSeqBkQTeZctoyeSQprCp5p-8VZ5x9KNcp73zxAj7luZCaw40HVEyoOQ4lSXsdq0arcB4tGBV...
Submission Tags: https://phish.report @phish_report Search All
Submission: On November 07 via api (November 7th 2022, 9:11:33 pm UTC) from FI — Scanned from FI

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 6 countries across 9 domains to perform 10 HTTP transactions. The main IP is 69.16.175.42, located in United States and belongs to STACKPATH-CDN, US. The main domain is k9j5t5p4.ssl.hwcdn.net. The Cisco Umbrella rank of the primary domain is 638921.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on December 22nd 2021. Valid for: a year.

This is the only time k9j5t5p4.ssl.hwcdn.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	142.250.181.240 142.250.181.240	15169 (GOOGLE) (GOOGLE)
1 1	82.81.85.250 82.81.85.250	8551 (BEZEQ-INT...) (BEZEQ-INTERNATIONAL-AS Bezeqint Internet Backbone)
1	5.9.200.36 5.9.200.36	24940 (HETZNER-AS) (HETZNER-AS)
3	172.67.146.238 172.67.146.238	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.21.74.141 104.21.74.141	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	34.91.218.141 34.91.218.141	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	94.237.103.119 94.237.103.119	202053 (UPCLOUD) (UPCLOUD)
1 1	18.156.93.177 18.156.93.177	16509 (AMAZON-02) (AMAZON-02)
2	69.16.175.42 69.16.175.42	20446 (STACKPATH...) (STACKPATH-CDN)
10	7

1 142.250.181.240 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f16.1e100.net

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 82.81.85.250 (Jerusalem, Israel) 1 redirects

ASN8551 (BEZEQ-INTERNATIONAL-AS Bezeqint Internet Backbone, IL)
PTR: bzq-82-81-85-250.red.bezeqint.net

dischargebackhanded.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 5.9.200.36 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.36.200.9.5.clients.your-server.de

leafrisingstar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.67.146.238 (United States)

ASN13335 (CLOUDFLARENET, US)

lynku.jukminung.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.74.141 (Shahr, Iran, Islamic Republic Of)

ASN13335 (CLOUDFLARENET, US)

cdn.addlnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.91.218.141 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 141.218.91.34.bc.googleusercontent.com

track.adclickbyte.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.237.103.119 (Finland)

ASN202053 (UPCLOUD, FI)
PTR: 94-237-103-119.de-fra1.upcloud.host

1d6cd5e0413.999traffic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.156.93.177 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-93-177.eu-central-1.compute.amazonaws.com

optiestrycended.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.16.175.42 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: hwcdn.net

k9j5t5p4.ssl.hwcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	jukminung.com lynku.jukminung.com	23 KB
2	hwcdn.net k9j5t5p4.ssl.hwcdn.net — Cisco Umbrella Rank: 638921	12 KB
1	optiestrycended.com 1 redirects optiestrycended.com — Cisco Umbrella Rank: 203974	1 KB
1	999traffic.com 1d6cd5e0413.999traffic.com	1 KB
1	adclickbyte.com 1 redirects track.adclickbyte.com — Cisco Umbrella Rank: 116927	343 B
1	addlnk.com cdn.addlnk.com — Cisco Umbrella Rank: 239576	1 KB
1	leafrisingstar.com leafrisingstar.com	450 B
1	dischargebackhanded.com 1 redirects dischargebackhanded.com — Cisco Umbrella Rank: 920995	303 B
1	googleapis.com storage.googleapis.com — Cisco Umbrella Rank: 652	699 B
10	9

	Domain	Requested by
3	lynku.jukminung.com	leafrisingstar.com storage.googleapis.com lynku.jukminung.com
2	k9j5t5p4.ssl.hwcdn.net	k9j5t5p4.ssl.hwcdn.net
1	optiestrycended.com	1 redirects
1	1d6cd5e0413.999traffic.com	lynku.jukminung.com
1	track.adclickbyte.com	1 redirects
1	cdn.addlnk.com	lynku.jukminung.com
1	leafrisingstar.com	storage.googleapis.com
1	dischargebackhanded.com	1 redirects
1	storage.googleapis.com
10	9

This site contains no links.

Subject Issuer	Validity	Valid
storage.googleapis.com GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
leafrisingstar.com Sectigo RSA Domain Validation Secure Server CA	`2021-12-29` - `2023-01-13`	a year	crt.sh
*.jukminung.com E1	`2022-09-19` - `2022-12-18`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-15` - `2023-05-15`	a year	crt.sh
*.999traffic.com R3	`2022-09-09` - `2022-12-08`	3 months	crt.sh
*.ssl.hwcdn.net Sectigo RSA Domain Validation Secure Server CA	`2021-12-22` - `2023-01-19`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://k9j5t5p4.ssl.hwcdn.net/bing/search.html?cep=JeuSeqBkQTeZctoyeSQprCp5p-8VZ5x9KNcp73zxAj7luZCaw40HVEyoOQ4lSXsdq0arcB4tGBVXAk_cSqXT68licy2qezLYPaoU7iQZQELf-XZC3cnTSXoR3QS_jWsltc7lGHRMhtMl55vl1CW2fw2hWcRT0oDjz53T3KiHWgEBjl4C7bO7hIEZ3ZxvgRJNUrpck7IMtUVSoFesXBTVn7tCPuodvsIMOQhdyhvEGuV2-NMF0bCqCfW84a_PX2Sre5iFBpUj20fcCydaBqJAW5-vLgIFP6Wz3EtWftl4sSWiLlnR4pvNHbRQm0FAeU0ptgs1SewXLz2P9VTeZdbHIQAgjZzdOmSzuyIhdY2mdN9S1Nd8s1ctVzQJ76KTq6fbn3QXUSavrwfYmIFUBcqvH21k5-Dwhngz4zW7ZT2Bz390lsNlyf_VM7TrnXNJ69oxGYbuSRQ8ew7F_5yQtB2bjw&lptoken=163b6721859a72e58956&c2=5971&c1=5wu0syb2789sjqp1aeco4c44g%2C16628380%2C5%2C5971
Frame ID: 3B5759A13E384C49D01A8D9060079CD7
Requests: 7 HTTP requests in this frame

Frame: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1667851200
Frame ID: D5003EC335CA588BBB79DC24DCE8117D
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Search To Win

Page URL History Show full URLs

https://storage.googleapis.com/reaganstarkyjs/fqH9HaA.html Page URL
http://dischargebackhanded.com/anchorrbAjsH.xjwf7sy2?fq7nMPcc6Vn6cxZmTcdcWscyc7s8Rjfkwcbbb4P HTTP 302
https://leafrisingstar.com/17615862d7c15071800/QGVQeEoULSeb~bqKWtqREZlf6gD4x2k-w14F2ZEg/NhBeS7XPgS7aFOW... Page URL
https://lynku.jukminung.com/rc/9e8aef8068?affclick=1301155908&pubid=690063 Page URL
https://track.adclickbyte.com/click?pid=943&offer_id=2261226&sub1=pub3ba5a02f0acb470fbfc8d51c6f7e126c&sub2... HTTP 302
https://1d6cd5e0413.999traffic.com/?p=5971&media_type=mainstream&click_id=636974805a03df00019ca605&pi=943-690063 Page URL
https://optiestrycended.com/bf0465cf-e980-478d-87f2-27d14b1b731e?c2=5971&c1=5wu0syb2789sjqp1aeco4c44g,16... HTTP 302
https://k9j5t5p4.ssl.hwcdn.net/bing/search.html?cep=JeuSeqBkQTeZctoyeSQprCp5p-8VZ5x9KNcp73zxAj7luZCaw40HVEy... Page URL

Page Statistics

10
Requests

90 %
HTTPS

0 %
IPv6

9
Domains

9
Subdomains

7
IPs

6
Countries

39 kB
Transfer

75 kB
Size

9
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://storage.googleapis.com/reaganstarkyjs/fqH9HaA.html Page URL
http://dischargebackhanded.com/anchorrbAjsH.xjwf7sy2?fq7nMPcc6Vn6cxZmTcdcWscyc7s8Rjfkwcbbb4P HTTP 302
https://leafrisingstar.com/17615862d7c15071800/QGVQeEoULSeb~bqKWtqREZlf6gD4x2k-w14F2ZEg/NhBeS7XPgS7aFOWRB4J4hN8eq26jbPg8nVA/3fepKSn9bdkU Page URL
https://lynku.jukminung.com/rc/9e8aef8068?affclick=1301155908&pubid=690063 Page URL
https://track.adclickbyte.com/click?pid=943&offer_id=2261226&sub1=pub3ba5a02f0acb470fbfc8d51c6f7e126c&sub2=690063 HTTP 302
https://1d6cd5e0413.999traffic.com/?p=5971&media_type=mainstream&click_id=636974805a03df00019ca605&pi=943-690063 Page URL
https://optiestrycended.com/bf0465cf-e980-478d-87f2-27d14b1b731e?c2=5971&c1=5wu0syb2789sjqp1aeco4c44g,16628380,5,5971 HTTP 302
https://k9j5t5p4.ssl.hwcdn.net/bing/search.html?cep=JeuSeqBkQTeZctoyeSQprCp5p-8VZ5x9KNcp73zxAj7luZCaw40HVEyoOQ4lSXsdq0arcB4tGBVXAk_cSqXT68licy2qezLYPaoU7iQZQELf-XZC3cnTSXoR3QS_jWsltc7lGHRMhtMl55vl1CW2fw2hWcRT0oDjz53T3KiHWgEBjl4C7bO7hIEZ3ZxvgRJNUrpck7IMtUVSoFesXBTVn7tCPuodvsIMOQhdyhvEGuV2-NMF0bCqCfW84a_PX2Sre5iFBpUj20fcCydaBqJAW5-vLgIFP6Wz3EtWftl4sSWiLlnR4pvNHbRQm0FAeU0ptgs1SewXLz2P9VTeZdbHIQAgjZzdOmSzuyIhdY2mdN9S1Nd8s1ctVzQJ76KTq6fbn3QXUSavrwfYmIFUBcqvH21k5-Dwhngz4zW7ZT2Bz390lsNlyf_VM7TrnXNJ69oxGYbuSRQ8ew7F_5yQtB2bjw&lptoken=163b6721859a72e58956&c2=5971&c1=5wu0syb2789sjqp1aeco4c44g%2C16628380%2C5%2C5971 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

http://dischargebackhanded.com/anchorrbAjsH.xjwf7sy2?fq7nMPcc6Vn6cxZmTcdcWscyc7s8Rjfkwcbbb4P HTTP 302
https://leafrisingstar.com/17615862d7c15071800/QGVQeEoULSeb~bqKWtqREZlf6gD4x2k-w14F2ZEg/NhBeS7XPgS7aFOWRB4J4hN8eq26jbPg8nVA/3fepKSn9bdkU

Request Chain 5

https://track.adclickbyte.com/click?pid=943&offer_id=2261226&sub1=pub3ba5a02f0acb470fbfc8d51c6f7e126c&sub2=690063 HTTP 302
https://1d6cd5e0413.999traffic.com/?p=5971&media_type=mainstream&click_id=636974805a03df00019ca605&pi=943-690063

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	fqH9HaA.html storage.googleapis.com/reaganstarkyjs/	117 B 699 B	499ms 60ms	Document text/html	142.250.181.240 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://storage.googleapis.com/reaganstarkyjs/fqH9HaA.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.181.240 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f16.1e100.net Software UploadServer / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers accept-ranges bytes age 575 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" cache-control public, max-age=3600 content-length 117 content-type text/html date Mon, 07 Nov 2022 21:01:48 GMT etag "8b91320949ba565a91951a397b8a7554" expires Mon, 07 Nov 2022 22:01:48 GMT last-modified Mon, 27 Jun 2022 08:45:29 GMT server UploadServer x-goog-generation 1656319529407368 x-goog-hash crc32c=JgA0VQ== md5=i5EyCUm6VlqRlRo5e4p1VA== x-goog-metageneration 2 x-goog-storage-class STANDARD x-goog-stored-content-encoding identity x-goog-stored-content-length 117 x-guploader-uploadid ADPycdtuv4A-sMY_hAjxy35VEuACT58qUEJ2tIItPgYDYgjN6BF3IJ5b9Qsuu8Q3X3FwZ6FVeljBAWqvfBOkLPJQWt6xA-QbzkH0
GET H/1.1	200 OK	3fepKSn9bdkU leafrisingstar.com/17615862d7c15071800/QGVQeEoULSeb~bqKWtqREZlf6gD4x2k-w14F2ZEg/NhBeS7XPgS7aFOWRB4J4hN8eq26jbPg8nVA/ Redirect Chain http://dischargebackhanded.com/anchorrbAjsH.xjwf7sy2?fq7nMPcc6Vn6cxZmTcdcWscyc7s8Rjfkwcbbb4P https://leafrisingstar.com/17615862d7c15071800/QGVQeEoULSeb~bqKWtqREZlf6gD4x2k-w14F2ZEg/NhBeS7XPgS7aFOWRB4J4hN8eq26jbPg8nVA/3fepKSn9bdkU	137 B 450 B	2647ms 458ms	Document text/html	5.9.200.36 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://leafrisingstar.com/17615862d7c15071800/QGVQeEoULSeb~bqKWtqREZlf6gD4x2k-w14F2ZEg/NhBeS7XPgS7aFOWRB4J4hN8eq26jbPg8nVA/3fepKSn9bdkU Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/reaganstarkyjs/fqH9HaA.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 5.9.200.36 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.36.200.9.5.clients.your-server.de Software Apache / Resource Hash Request headers Referer https://storage.googleapis.com/reaganstarkyjs/fqH9HaA.html#rbAjsH.xjwf7sy2?fq7nMPcc6Vn6cxZmTcdcWscyc7s8Rjfkwcbbb4P Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers Connection close Content-Length 137 Content-Type text/html; charset=UTF-8 Date Mon, 07 Nov 2022 21:11:26 GMT Server Apache Redirect headers Connection close Content-Length 0 Content-Type text/html; charset=UTF-8 Date Mon, 07 Nov 2022 20:58:50 GMT Location https://leafrisingstar.com/17615862d7c15071800/QGVQeEoULSeb%7EbqKWtqREZlf6gD4x2k-w14F2ZEg/NhBeS7XPgS7aFOWRB4J4hN8eq26jbPg8nVA/3fepKSn9bdkU Server Apache
GET H2	200	9e8aef8068 Show response lynku.jukminung.com/rc/	3 KB 2 KB	721ms 224ms	Document text/html	172.67.146.238 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://lynku.jukminung.com/rc/9e8aef8068?affclick=1301155908&pubid=690063 Requested by Host: leafrisingstar.com URL: https://leafrisingstar.com/17615862d7c15071800/QGVQeEoULSeb~bqKWtqREZlf6gD4x2k-w14F2ZEg/NhBeS7XPgS7aFOWRB4J4hN8eq26jbPg8nVA/3fepKSn9bdkU Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.146.238 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7d7db3de47892b8863f6083796c7943e622347a0d3cee7a73f7a53bb081ffb8f` Request headers Referer https://leafrisingstar.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 76690fbcb831b33f-PRG content-encoding br content-language en-us content-type text/html; charset=utf-8 date Mon, 07 Nov 2022 21:11:27 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nUnxrWrk5uHVYJOaESwA5fFQQWSkIMpM8v%2B85%2BUvreLQeRmhHQ%2FiNq0o2K6ClvhL114GgiNuPu1M0jAqCg9ecSY5U0GosAq3qn2nw%2B3bikxITw6pby0mKoffbDS84%2FZyZVf0fgWN"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding, Accept-Language, Cookie
GET H2	200	redirect.css cdn.addlnk.com/	1 KB 1 KB	540ms 79ms	Stylesheet text/css	104.21.74.141 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.addlnk.com/redirect.css Requested by Host: lynku.jukminung.com URL: https://lynku.jukminung.com/rc/9e8aef8068?affclick=1301155908&pubid=690063 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.74.141 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1` Request headers accept-language fi-FI,fi;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers date Mon, 07 Nov 2022 21:11:28 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-amz-request-id 30DM0QBBQ1SYZJ3D age 4267 cf-polished origSize=1680 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-amz-id-2 0c/jqrRsGyTAXKJHjmeUVyqOQTHXf2AQQmTtcUlyzSdYmZOMFXrrD9gs07XPGuYURarVLc/cyiw= cf-bgj minify last-modified Wed, 13 Mar 2019 00:03:12 GMT server cloudflare etag W/"3ae56d32551602b41f9046c14d1cfde2" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zjoPTkPjdm0GhZXxUrxANvt62IhxKS9NpTC7VWI8zstAJHv5z0sW7F8%2BMc85t0WUH0SDcjikURrTxgzvtzCQcPGO96zEiT6Tv%2FvhcVMgq2M9CoC8xga%2ByTYw12%2FElCoZog%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cf-ray 76690fc1083db391-PRG
GET H2	200	invisible.js lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/ Frame D500	34 KB 14 KB	77ms 76ms	Script application/javascript	172.67.146.238 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1667851200 Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/reaganstarkyjs/fqH9HaA.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.146.238 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language fi-FI,fi;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers date Mon, 07 Nov 2022 21:11:28 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary accept-encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kaF4rB1QLa%2Bn%2Bm6hVuqnBu7kPx2Ngd5H%2FJ9kXZ7xAdZX02MSyG6y9IOPysqtamR2aeGB9%2FqkOzauNp%2B0%2FE3GLSxAIQn%2F8qC1d48wA%2BknqVU0M3bQ29x0nKz3p6hR9yLKQD5ADVzu"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=14400, public x-control-type-options nosniff cf-ray 76690fc1d8fdb33f-PRG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	/ Show response 1d6cd5e0413.999traffic.com/ Redirect Chain https://track.adclickbyte.com/click?pid=943&offer_id=2261226&sub1=pub3ba5a02f0acb470fbfc8d51c6f7e126c&sub2=690063 https://1d6cd5e0413.999traffic.com/?p=5971&media_type=mainstream&click_id=636974805a03df00019ca605&pi=943-690063	931 B 1 KB	195ms 77ms	Document text/html	94.237.103.119 UPCLOUD
General Check archive.org Show headers Download Go to Full URL https://1d6cd5e0413.999traffic.com/?p=5971&media_type=mainstream&click_id=636974805a03df00019ca605&pi=943-690063 Requested by Host: lynku.jukminung.com URL: https://lynku.jukminung.com/rc/9e8aef8068?affclick=1301155908&pubid=690063 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 94.237.103.119 , Finland, ASN202053 (UPCLOUD, FI), Reverse DNS 94-237-103-119.de-fra1.upcloud.host Software / Resource Hash `1c8b7d3dec5a184a31fc975db6ec7a474df4884bc93dd5569baae338dde62ae9` Request headers Referer https://lynku.jukminung.com/rc/9e8aef8068?affclick=1301155908&pubid=690063 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers cache-control no-store, no-cache, must-revalidate post-check=0, pre-check=0 content-encoding gzip content-type text/html; charset=UTF-8 date Mon, 07 Nov 2022 21:11:28 GMT expires Mon, 7 Nov 2022 21:11:28 GMT last-modified Mon, 7 Nov 2022 21:11:28 GMT pragma no-cache vary Accept-Encoding x-robots-tag noindex, nofollow Redirect headers access-control-allow-origin * content-length 0 date Mon, 07 Nov 2022 21:11:28 GMT location https://1d6cd5e0413.999traffic.com/?p=5971&media_type=mainstream&click_id=636974805a03df00019ca605&pi=943-690063 server nginx x-adjust-use-original-forwarded-for 1
GET H2	200	pica.js lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/ Frame D500	16 KB 7 KB	75ms 75ms	Other application/javascript	172.67.146.238 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/pica.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.146.238 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language fi-FI,fi;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers date Mon, 07 Nov 2022 21:11:28 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary accept-encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6H0m6jd5EB4k2TT4PLXjjQS%2BvI72zIBchDN05KOC4Mvqqv%2BNJRVdcg95z7W%2Brjox1E7pI6WA9qkeidq067CnhIx5V1pFiBuyOsazQRAyANK8l06U%2F7fJnzcTy%2FEXSHHkfiT3L92G"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=14400, public x-control-type-options nosniff cf-ray 76690fc27a3cb33f-PRG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
POST		76690fbcb831b33f lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/cv/result/ Frame D500	0 0

GET H/1.1	200 OK	Primary Request search.html Show response k9j5t5p4.ssl.hwcdn.net/bing/ Redirect Chain https://optiestrycended.com/bf0465cf-e980-478d-87f2-27d14b1b731e?c2=5971&c1=5wu0syb2789sjqp1aeco4c44g,16628380,5,5971 https://k9j5t5p4.ssl.hwcdn.net/bing/search.html?cep=JeuSeqBkQTeZctoyeSQprCp5p-8VZ5x9KNcp73zxAj7luZCaw40HVEyoOQ4lSXsdq0arcB4tGBVXAk_cSqXT68licy2qezLYPaoU7iQZQELf-XZC3cnTSXoR3QS_jWsltc7lGHRMhtMl55vl1...	12 KB 4 KB	162ms 37ms	Document text/html	69.16.175.42 STACKPATH-CDN
General Check archive.org Show headers Download Go to Full URL https://k9j5t5p4.ssl.hwcdn.net/bing/search.html?cep=JeuSeqBkQTeZctoyeSQprCp5p-8VZ5x9KNcp73zxAj7luZCaw40HVEyoOQ4lSXsdq0arcB4tGBVXAk_cSqXT68licy2qezLYPaoU7iQZQELf-XZC3cnTSXoR3QS_jWsltc7lGHRMhtMl55vl1CW2fw2hWcRT0oDjz53T3KiHWgEBjl4C7bO7hIEZ3ZxvgRJNUrpck7IMtUVSoFesXBTVn7tCPuodvsIMOQhdyhvEGuV2-NMF0bCqCfW84a_PX2Sre5iFBpUj20fcCydaBqJAW5-vLgIFP6Wz3EtWftl4sSWiLlnR4pvNHbRQm0FAeU0ptgs1SewXLz2P9VTeZdbHIQAgjZzdOmSzuyIhdY2mdN9S1Nd8s1ctVzQJ76KTq6fbn3QXUSavrwfYmIFUBcqvH21k5-Dwhngz4zW7ZT2Bz390lsNlyf_VM7TrnXNJ69oxGYbuSRQ8ew7F_5yQtB2bjw&lptoken=163b6721859a72e58956&c2=5971&c1=5wu0syb2789sjqp1aeco4c44g%2C16628380%2C5%2C5971 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US), Reverse DNS hwcdn.net Software WasabiS3/7.7.900-2022-08-19-6bff245bcf (head04) / Resource Hash `2e0c77e31bf6fbe26c768a1a2f887ea01a8d5ee3c73b5aa5a3067c35ff79e69b` Request headers Referer https://1d6cd5e0413.999traffic.com/?p=5971&media_type=mainstream&click_id=636974805a03df00019ca605&pi=943-690063 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers Accept-Ranges bytes Access-Control-Allow-Origin * Cache-Control max-age=31536000 Connection Keep-Alive Content-Encoding gzip Content-Length 3825 Content-Type text/html Date Mon, 07 Nov 2022 21:11:29 GMT ETag "353efcbbb0d9f329fcb72d951e78b0af" Last-Modified Tue, 13 Sep 2022 07:52:04 GMT Server WasabiS3/7.7.900-2022-08-19-6bff245bcf (head04) X-HW 1667855489.dop228.sk1.t,1667855489.cds227.sk1.shn,1667855489.dop228.sk1.t,1667855489.cds231.sk1.c x-amz-id-2 1Ej5xyfBqGmENCTJLfWzHu+TEyx/gDfpUdxMR62kNQYGsjcr2pzBRmOFZ997iklNgKIrpx1qXKAx x-amz-request-id BFB971400E16BED6 Redirect headers cache-control no-store, no-cache, pre-check=0, post-check=0 content-length 0 date Mon, 07 Nov 2022 21:11:29 GMT expires Thu, 01 Jan 1970 00:00:00 GMT location https://k9j5t5p4.ssl.hwcdn.net/bing/search.html?cep=JeuSeqBkQTeZctoyeSQprCp5p-8VZ5x9KNcp73zxAj7luZCaw40HVEyoOQ4lSXsdq0arcB4tGBVXAk_cSqXT68licy2qezLYPaoU7iQZQELf-XZC3cnTSXoR3QS_jWsltc7lGHRMhtMl55vl1CW2fw2hWcRT0oDjz53T3KiHWgEBjl4C7bO7hIEZ3ZxvgRJNUrpck7IMtUVSoFesXBTVn7tCPuodvsIMOQhdyhvEGuV2-NMF0bCqCfW84a_PX2Sre5iFBpUj20fcCydaBqJAW5-vLgIFP6Wz3EtWftl4sSWiLlnR4pvNHbRQm0FAeU0ptgs1SewXLz2P9VTeZdbHIQAgjZzdOmSzuyIhdY2mdN9S1Nd8s1ctVzQJ76KTq6fbn3QXUSavrwfYmIFUBcqvH21k5-Dwhngz4zW7ZT2Bz390lsNlyf_VM7TrnXNJ69oxGYbuSRQ8ew7F_5yQtB2bjw&lptoken=163b6721859a72e58956&c2=5971&c1=5wu0syb2789sjqp1aeco4c44g%2C16628380%2C5%2C5971 pragma no-cache server nginx
GET H/1.1	200 OK	blogo.png k9j5t5p4.ssl.hwcdn.net/bing/	7 KB 8 KB	38ms 37ms	Image image/png	69.16.175.42 STACKPATH-CDN
General Check archive.org Show headers Download Go to Show image Full URL https://k9j5t5p4.ssl.hwcdn.net/bing/blogo.png Requested by Host: k9j5t5p4.ssl.hwcdn.net URL: https://k9j5t5p4.ssl.hwcdn.net/bing/search.html?cep=JeuSeqBkQTeZctoyeSQprCp5p-8VZ5x9KNcp73zxAj7luZCaw40HVEyoOQ4lSXsdq0arcB4tGBVXAk_cSqXT68licy2qezLYPaoU7iQZQELf-XZC3cnTSXoR3QS_jWsltc7lGHRMhtMl55vl1CW2fw2hWcRT0oDjz53T3KiHWgEBjl4C7bO7hIEZ3ZxvgRJNUrpck7IMtUVSoFesXBTVn7tCPuodvsIMOQhdyhvEGuV2-NMF0bCqCfW84a_PX2Sre5iFBpUj20fcCydaBqJAW5-vLgIFP6Wz3EtWftl4sSWiLlnR4pvNHbRQm0FAeU0ptgs1SewXLz2P9VTeZdbHIQAgjZzdOmSzuyIhdY2mdN9S1Nd8s1ctVzQJ76KTq6fbn3QXUSavrwfYmIFUBcqvH21k5-Dwhngz4zW7ZT2Bz390lsNlyf_VM7TrnXNJ69oxGYbuSRQ8ew7F_5yQtB2bjw&lptoken=163b6721859a72e58956&c2=5971&c1=5wu0syb2789sjqp1aeco4c44g%2C16628380%2C5%2C5971 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US), Reverse DNS hwcdn.net Software WasabiS3/7.7.900-2022-08-19-6bff245bcf (head17) / Resource Hash `f1f97ddb28a4925de8234dd9a91b0cd8d5e8d050e2a2f5993ecffc278e733c37` Request headers accept-language fi-FI,fi;q=0.9 Referer https://k9j5t5p4.ssl.hwcdn.net/bing/search.html?cep=JeuSeqBkQTeZctoyeSQprCp5p-8VZ5x9KNcp73zxAj7luZCaw40HVEyoOQ4lSXsdq0arcB4tGBVXAk_cSqXT68licy2qezLYPaoU7iQZQELf-XZC3cnTSXoR3QS_jWsltc7lGHRMhtMl55vl1CW2fw2hWcRT0oDjz53T3KiHWgEBjl4C7bO7hIEZ3ZxvgRJNUrpck7IMtUVSoFesXBTVn7tCPuodvsIMOQhdyhvEGuV2-NMF0bCqCfW84a_PX2Sre5iFBpUj20fcCydaBqJAW5-vLgIFP6Wz3EtWftl4sSWiLlnR4pvNHbRQm0FAeU0ptgs1SewXLz2P9VTeZdbHIQAgjZzdOmSzuyIhdY2mdN9S1Nd8s1ctVzQJ76KTq6fbn3QXUSavrwfYmIFUBcqvH21k5-Dwhngz4zW7ZT2Bz390lsNlyf_VM7TrnXNJ69oxGYbuSRQ8ew7F_5yQtB2bjw&lptoken=163b6721859a72e58956&c2=5971&c1=5wu0syb2789sjqp1aeco4c44g%2C16628380%2C5%2C5971 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Mon, 07 Nov 2022 21:11:29 GMT Last-Modified Mon, 12 Sep 2022 17:52:53 GMT Server WasabiS3/7.7.900-2022-08-19-6bff245bcf (head17) x-amz-request-id D8E3D71BEDAC8449 ETag "0cf8d7eff944be4c1291e59790d6f38c" X-HW 1667855489.dop228.sk1.t,1667855489.cds227.sk1.shn,1667855489.dop228.sk1.t,1667855489.cds233.sk1.c Content-Type image/png Access-Control-Allow-Origin * Cache-Control max-age=31536000 Connection Keep-Alive Accept-Ranges bytes Content-Length 7676 x-amz-id-2 +nK8+QUPvy+bc6t3weGl8RMUqn9yqTLhZY5omr88YW5Cgbkpup07w9rSKxF9pAOPFMFKqRSq+JK1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: lynku.jukminung.com
URL: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/cv/result/76690fbcb831b33f

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
leafrisingstar.com/	1970-01-20 08:00:47	Name: uid15295 Value: 1301155908-20221107161126-cc439fec01c97da5f7f167a6a2e63952-
lynku.jukminung.com/	1970-01-20 07:27:40	Name: AWSALB Value: vw9cMK1MlsX4cjM6N6d/unuZBsYGHjzlTjf4W7/Ijy/bz+/Iza2RHEufKi+3o1Ais9aVAkR8TyId99MXYU+R0U+CFOIAi29tDI1xCBuC7Yoe0J3rC+0SCWA+N+AP
track.adclickbyte.com/	1970-01-20 16:03:11	Name: afclick Value: 636974805a03df00019ca605
track.adclickbyte.com/	1970-01-20 16:03:11	Name: afoffers Value: {"2261226":1667855488}
.1d6cd5e0413.999traffic.com/	1970-01-20 07:17:36	Name: rts-trck Value: 1
.999traffic.com/	1970-01-20 16:53:35	Name: t-uuid Value: 5wu0syb2k9v7exjs36uwwck4w
.999traffic.com/	1970-01-20 07:17:35	Name: traffic-back Value: ok
.optiestrycended.com/	1970-01-20 07:19:01	Name: bf0465cf-e980-478d-87f2-27d14b1b731e-v4 Value: w92oObIxf3Yf8fiGrBBRMJ2Wc7eilHbvdYUZ4SkPZnk
.optiestrycended.com/	1970-01-20 07:19:01	Name: cep-v4 Value: hGs1goQHAoNBOoucqIrWQMgbeQcUuWMxfBt6QOIbzUcnl92G_Tz6jyUbqEC0WQUuRehK23ZTvGQkwlVFV2SEkK7ffltp9CeBxFZpQb1VD4Ze0EA9KnHTimkcOIX7BI55R3AJnVicZyWrPt-Ib79813VAj_9zfSdFOHPj6W07s0lb0URVBeDrYqSKoUCfeGpI_xZigit6Vv4_mkZk60pMpIWww0DMh5HCmBX3jg0qCWZ4sgnpsQ9HXN7oAt9AFMb9HnLyySVd_C4j2lij2W2UmG0Embes_0FAOiyfv_YwODjkxI9uq1xLJ3EGJmBsYNevIz8qdB2oFJDt-hHO37b0X1oqElFcsQ60-kReobWWfnXbJ10Pbjh0i45L1CNMSzdH-v1I1kG3tjL5bbybalcYqWCFV1PiHuZ6gAveDJ0x7jZWceuNZDrRG5xx-CCA1cJYKcQTCDnVB3TkWmmrktfCow

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1d6cd5e0413.999traffic.com
cdn.addlnk.com
dischargebackhanded.com
k9j5t5p4.ssl.hwcdn.net
leafrisingstar.com
lynku.jukminung.com
optiestrycended.com
storage.googleapis.com
track.adclickbyte.com
lynku.jukminung.com
104.21.74.141
142.250.181.240
172.67.146.238
18.156.93.177
34.91.218.141
5.9.200.36
69.16.175.42
82.81.85.250
94.237.103.119
1c8b7d3dec5a184a31fc975db6ec7a474df4884bc93dd5569baae338dde62ae9
2e0c77e31bf6fbe26c768a1a2f887ea01a8d5ee3c73b5aa5a3067c35ff79e69b
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1
7d7db3de47892b8863f6083796c7943e622347a0d3cee7a73f7a53bb081ffb8f
f1f97ddb28a4925de8234dd9a91b0cd8d5e8d050e2a2f5993ecffc278e733c37

k9j5t5p4.ssl.hwcdn.net Open in urlscan Pro 69.16.175.42 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

10 Requests

90 %HTTPS

0 %IPv6

9 Domains

9 Subdomains

7 IPs

6 Countries

39 kBTransfer

75 kBSize

9 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

9 Cookies

Indicators

k9j5t5p4.ssl.hwcdn.net Open in urlscan Pro
69.16.175.42 Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

90 %
HTTPS

0 %
IPv6

9
Domains

9
Subdomains

7
IPs

6
Countries

39 kB
Transfer

75 kB
Size

9
Cookies

10 HTTP transactions
0 data transactions