urlscan.io logo urlscan.io
SecurityTrails logo

www.sekuru.click Open in urlscan Pro
164.90.196.46  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://restorex.tech/
Effective URL: https://www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/?ip=217.114.218.27&lpkey=160f854d510f194d55&thjp=ZGFpbHlzZWFyY2huZXdz...
Submission: On May 31 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 3 countries across 9 domains to perform 18 HTTP transactions. The main IP is 164.90.196.46, located in Amsterdam, Netherlands and belongs to DIGITALOCEAN-ASN, US. The main domain is www.sekuru.click.
TLS certificate: Issued by R3 on May 10th 2023. Valid for: 3 months.
This is the only time www.sekuru.click was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 45.132.1.73 199785 (CHSN-AS)
1 185.177.94.194 39572 (ADVANCEDH...)
1 185.177.94.180 39572 (ADVANCEDH...)
8 185.177.94.42 39572 (ADVANCEDH...)
1 185.177.92.29 39572 (ADVANCEDH...)
1 1 164.90.194.65 14061 (DIGITALOC...)
1 2 195.201.221.45 24940 (HETZNER-AS)
3 164.90.196.46 14061 (DIGITALOC...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
18 9
2    45.132.1.73 (Frankfurt am Main, Germany)

ASN199785 (CHSN-AS, GB)
restorex.tech
1    185.177.94.194 (Amsterdam, Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
PTR: ip-185-177-94-194.ah-server.com
majormedialink.com
1    185.177.94.180 (Amsterdam, Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
PTR: ip-185-177-94-180.ah-server.com
au01.bid
8    185.177.94.42 (Amsterdam, Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
PTR: ip-185-177-94-42.ah-server.com
lan05.biz
1    185.177.92.29 (Amsterdam, Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
PTR: ip-185-177-92-29.ah-server.com
racetrack.top
1    164.90.194.65 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)
dm9.biz
2    195.201.221.45 (Gunzenhausen, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.45.221.201.195.clients.your-server.de
dailysearchnews.com
3    164.90.196.46 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)
www.sekuru.click
1    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
Apex Domain
Subdomains		 Transfer
8 lan05.biz
lan05.biz
50 KB
3 sekuru.click
www.sekuru.click
219 KB
2 dailysearchnews.com
dailysearchnews.com
609 B
2 restorex.tech
restorex.tech
1 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 199
27 KB
1 dm9.biz
dm9.biz — Cisco Umbrella Rank: 874435
492 B
1 racetrack.top
racetrack.top
65 KB
1 au01.bid
au01.bid
65 KB
1 majormedialink.com
majormedialink.com
15 KB
18 9
Domain Requested by
8 lan05.biz restorex.tech
lan05.biz
3 www.sekuru.click restorex.tech
www.sekuru.click
2 dailysearchnews.com 1 redirects www.sekuru.click
2 restorex.tech restorex.tech
1 cdnjs.cloudflare.com www.sekuru.click
1 dm9.biz 1 redirects
1 racetrack.top restorex.tech
1 au01.bid restorex.tech
1 majormedialink.com
18 9

This site contains no links.

Subject Issuer Validity Valid
restorex.tech
R3		 2023-05-31 -
2023-08-29		 3 months crt.sh
majorpushme1.com
R3		 2023-05-17 -
2023-08-15		 3 months crt.sh
0.allowww.com
R3		 2023-05-01 -
2023-07-30		 3 months crt.sh
0.lan04.biz
R3		 2023-04-05 -
2023-07-04		 3 months crt.sh
0.racetrack.top
R3		 2023-04-05 -
2023-07-04		 3 months crt.sh
www.mickeu.click
R3		 2023-05-10 -
2023-08-08		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-08-03 -
2023-08-02		 a year crt.sh
dailysearchnews.com
R3		 2023-05-14 -
2023-08-12		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/?ip=217.114.218.27&lpkey=160f854d510f194d55&thjp=ZGFpbHlzZWFyY2huZXdzLmNvbQ&uclick=c8a74psy&uclickhash=c8a74psy-c8a74psy-bzfn-uowj-oj52-2ta1wj-2txodz-d5bb16
Frame ID: CBA5A8892CD5F0146119DF14B863E9AC
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Turn On Antivirus Protection

Page URL History Show full URLs

  1. https://restorex.tech/ Page URL
  2. http://restorex.tech/ Page URL
  3. https://majormedialink.com/?p=ga4gmobwmy5gi3bpgq3tgny&sub1=%D1%81%D1%81%D1%81 Page URL
  4. https://au01.bid/go/mi4tgnbumy5dsmjzg4?subid1=%D1%81 Page URL
  5. https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh Page URL
  6. https://racetrack.top/go/gu4dmmjvgm5dcmzq Page URL
  7. https://dm9.biz/?auf=gjtggzjymi5dgmjxf4ytgmbphaxtezrxha2dcn3df4zdilzrgy4dknjrge3dkna&p=l&sub... HTTP 302
    https://dailysearchnews.com/click.php?key=wer6k43xdure203h0e41&clickid=730d2c97-1194-47c2-8df8-c15297c50... HTTP 302
    https://www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/?ip=217.114.218.27&lpkey=160f854d510f194d55&thjp=... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

18
Requests

94 %
HTTPS

11 %
IPv6

9
Domains

9
Subdomains

9
IPs

3
Countries

442 kB
Transfer

550 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://restorex.tech/ Page URL
  2. http://restorex.tech/ Page URL
  3. https://majormedialink.com/?p=ga4gmobwmy5gi3bpgq3tgny&sub1=%D1%81%D1%81%D1%81 Page URL
  4. https://au01.bid/go/mi4tgnbumy5dsmjzg4?subid1=%D1%81 Page URL
  5. https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh Page URL
  6. https://racetrack.top/go/gu4dmmjvgm5dcmzq Page URL
  7. https://dm9.biz/?auf=gjtggzjymi5dgmjxf4ytgmbphaxtezrxha2dcn3df4zdilzrgy4dknjrge3dkna&p=l&sub1=&sub2=&sub3=&sub4=&cpc=0&cpm=0 HTTP 302
    https://dailysearchnews.com/click.php?key=wer6k43xdure203h0e41&clickid=730d2c97-1194-47c2-8df8-c15297c50f08&cost=0.0061&feedid=feed9317&creative=0&site=2f78417c&age=0&hash=2f78417c&campaign=158846 HTTP 302
    https://www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/?ip=217.114.218.27&lpkey=160f854d510f194d55&thjp=ZGFpbHlzZWFyY2huZXdzLmNvbQ&uclick=c8a74psy&uclickhash=c8a74psy-c8a74psy-bzfn-uowj-oj52-2ta1wj-2txodz-d5bb16 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
restorex.tech/ 		917 B
687 B 		Document
General
Check archive.org
Download Go to
Full URL
https://restorex.tech/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
45.132.1.73 Frankfurt am Main, Germany, ASN199785 (CHSN-AS, GB),
Reverse DNS
Software
openresty / PHP/7.2.30
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Wed, 31 May 2023 05:40:52 GMT
Server
openresty
Transfer-Encoding
chunked
X-Powered-By
PHP/7.2.30
/
restorex.tech/ 		441 B
507 B 		Document
General
Check archive.org
Download Go to
Full URL
http://restorex.tech/
Requested by
Host: restorex.tech
URL: https://restorex.tech/
Protocol
HTTP/1.1
Server
45.132.1.73 Frankfurt am Main, Germany, ASN199785 (CHSN-AS, GB),
Reverse DNS
Software
openresty / PHP/7.2.30
Resource Hash
65c9b748de918d55759da17721cbe1b99d68482b5398f06a1ff0baaff41b746c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Wed, 31 May 2023 05:40:52 GMT
Server
openresty
Transfer-Encoding
chunked
X-Powered-By
PHP/7.2.30
/
majormedialink.com/ 		15 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://majormedialink.com/?p=ga4gmobwmy5gi3bpgq3tgny&sub1=%D1%81%D1%81%D1%81
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.177.94.194 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
ip-185-177-94-194.ah-server.com
Software
nginx /
Resource Hash
9cce02c3a35b9ad6c74f6d077c9764c32d1e11bf528e406869d4ff70852f8b8f
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://restorex.tech/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
content-security-policy
img-src https: data:; upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Wed, 31 May 2023 05:40:51 GMT
server
nginx
strict-transport-security
max-age=31536000
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8545f789d157443e285020e59d3ede5a7725a9ab6d03ebaa996ef57914d1685c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type
image/png
mi4tgnbumy5dsmjzg4
au01.bid/go/ 		64 KB
65 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://au01.bid/go/mi4tgnbumy5dsmjzg4?subid1=%D1%81
Requested by
Host: restorex.tech
URL: https://restorex.tech/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.177.94.180 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
ip-185-177-94-180.ah-server.com
Software
nginx /
Resource Hash
bed6943660a4142c53885d3338387ea35a5a3a34c07a7c0ddcd3dc6b3a0802d6
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://majormedialink.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
content-security-policy
img-src https: data:; upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Wed, 31 May 2023 05:40:52 GMT
server
nginx
strict-transport-security
max-age=31536000
truncated
/ 		20 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
349f4bc944f444e656ac165e19aa5c1920416170f0b24f75b02766a363888e93

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type
image/jpeg
/
lan05.biz/ 		11 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh
Requested by
Host: restorex.tech
URL: https://restorex.tech/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.177.94.42 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
ip-185-177-94-42.ah-server.com
Software
nginx /
Resource Hash
b73de4fb5bd6549ee0acf1393cabba644785979705fef3b0a25fab508f779b2e
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://au01.bid/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
content-security-policy
img-src https: data:; upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Wed, 31 May 2023 05:40:53 GMT
server
nginx
strict-transport-security
max-age=31536000
icon1.png
lan05.biz/img/25/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lan05.biz/img/25/icon1.png
Requested by
Host: lan05.biz
URL: https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.177.94.42 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
ip-185-177-94-42.ah-server.com
Software
nginx /
Resource Hash
0515ddd9185d263874e7b66bb6d521fcd63b857aac5fed51c08df98026dafe27
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Wed, 31 May 2023 05:40:53 GMT
strict-transport-security
max-age=31536000
content-security-policy
img-src https: data:; upgrade-insecure-requests
last-modified
Mon, 25 Nov 2019 14:45:00 GMT
server
nginx
etag
"5ddbe8ec-1c54"
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
content-length
7252
expires
Fri, 30 Jun 2023 05:40:53 GMT
icon2.png
lan05.biz/img/25/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lan05.biz/img/25/icon2.png
Requested by
Host: lan05.biz
URL: https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.177.94.42 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
ip-185-177-94-42.ah-server.com
Software
nginx /
Resource Hash
aab564e67c47df65ddcb9c4eaa62cd798a51624a3fded9f9b3a1197b460a79c2
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Wed, 31 May 2023 05:40:53 GMT
strict-transport-security
max-age=31536000
content-security-policy
img-src https: data:; upgrade-insecure-requests
last-modified
Mon, 25 Nov 2019 14:45:38 GMT
server
nginx
etag
"5ddbe912-11e0"
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
content-length
4576
expires
Fri, 30 Jun 2023 05:40:53 GMT
icon3.png
lan05.biz/img/25/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lan05.biz/img/25/icon3.png
Requested by
Host: lan05.biz
URL: https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.177.94.42 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
ip-185-177-94-42.ah-server.com
Software
nginx /
Resource Hash
ea3698c32039a115b03c2528cbb29c3ff97bbd49ad1345d5095e98d1fd0ea8ba
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Wed, 31 May 2023 05:40:53 GMT
strict-transport-security
max-age=31536000
content-security-policy
img-src https: data:; upgrade-insecure-requests
last-modified
Mon, 25 Nov 2019 14:45:43 GMT
server
nginx
etag
"5ddbe917-1ea7"
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
content-length
7847
expires
Fri, 30 Jun 2023 05:40:53 GMT
icon4.png
lan05.biz/img/25/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lan05.biz/img/25/icon4.png
Requested by
Host: lan05.biz
URL: https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.177.94.42 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
ip-185-177-94-42.ah-server.com
Software
nginx /
Resource Hash
c0af6cb2280bba97d235dfad7c72d22353a0d2cf277733ce9fc4701df7ed1d5f
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Wed, 31 May 2023 05:40:53 GMT
strict-transport-security
max-age=31536000
content-security-policy
img-src https: data:; upgrade-insecure-requests
last-modified
Mon, 25 Nov 2019 14:45:47 GMT
server
nginx
etag
"5ddbe91b-1b78"
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
content-length
7032
expires
Fri, 30 Jun 2023 05:40:53 GMT
icon5.png
lan05.biz/img/25/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lan05.biz/img/25/icon5.png
Requested by
Host: lan05.biz
URL: https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.177.94.42 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
ip-185-177-94-42.ah-server.com
Software
nginx /
Resource Hash
196083352a09a19cf2d4364e3ad406606fedb562f2096c1bef373ff2c485b503
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Wed, 31 May 2023 05:40:53 GMT
strict-transport-security
max-age=31536000
content-security-policy
img-src https: data:; upgrade-insecure-requests
last-modified
Mon, 25 Nov 2019 14:45:54 GMT
server
nginx
etag
"5ddbe922-cc0"
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
content-length
3264
expires
Fri, 30 Jun 2023 05:40:53 GMT
icon7.png
lan05.biz/img/25/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lan05.biz/img/25/icon7.png
Requested by
Host: lan05.biz
URL: https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.177.94.42 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
ip-185-177-94-42.ah-server.com
Software
nginx /
Resource Hash
e9c661cc8adbaa1b9cd4cf65f0ba93a1c24211cb5f94ed0950e0fbc973781718
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Wed, 31 May 2023 05:40:53 GMT
strict-transport-security
max-age=31536000
content-security-policy
img-src https: data:; upgrade-insecure-requests
last-modified
Mon, 25 Nov 2019 14:46:00 GMT
server
nginx
etag
"5ddbe928-cd3"
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
content-length
3283
expires
Fri, 30 Jun 2023 05:40:53 GMT
icon8.png
lan05.biz/img/25/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lan05.biz/img/25/icon8.png
Requested by
Host: lan05.biz
URL: https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.177.94.42 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
ip-185-177-94-42.ah-server.com
Software
nginx /
Resource Hash
3a7abff293d71fd8c5a58deacb964b50fe074a6f458575d37abbd367a3a930a1
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Wed, 31 May 2023 05:40:53 GMT
strict-transport-security
max-age=31536000
content-security-policy
img-src https: data:; upgrade-insecure-requests
last-modified
Mon, 25 Nov 2019 14:46:06 GMT
server
nginx
etag
"5ddbe92e-fe0"
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
content-length
4064
expires
Fri, 30 Jun 2023 05:40:53 GMT
gu4dmmjvgm5dcmzq
racetrack.top/go/ 		65 KB
65 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://racetrack.top/go/gu4dmmjvgm5dcmzq
Requested by
Host: restorex.tech
URL: https://restorex.tech/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.177.92.29 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
ip-185-177-92-29.ah-server.com
Software
nginx /
Resource Hash
260988c387344b8bb16ec9dde69ec1e3743eeb9d48be6f7addc974e90c87a6eb
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://lan05.biz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
content-security-policy
img-src https: data:; upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Wed, 31 May 2023 05:40:54 GMT
server
nginx
strict-transport-security
max-age=31536000
truncated
/ 		20 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
349f4bc944f444e656ac165e19aa5c1920416170f0b24f75b02766a363888e93

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type
image/jpeg
Primary Request /
www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/
Redirect Chain
  • https://dm9.biz/?auf=gjtggzjymi5dgmjxf4ytgmbphaxtezrxha2dcn3df4zdilzrgy4dknjrge3dkna&p=l&sub1=&sub2=&sub3=&sub4=&cpc=0&cpm=0
  • https://dailysearchnews.com/click.php?key=wer6k43xdure203h0e41&clickid=730d2c97-1194-47c2-8df8-c15297c50f08&cost=0.0061&feedid=feed9317&creative=0&site=2f78417c&age=0&hash=2f78417c&campaign=158846
  • https://www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/?ip=217.114.218.27&lpkey=160f854d510f194d55&thjp=ZGFpbHlzZWFyY2huZXdzLmNvbQ&uclick=c8a74psy&uclickhash=c8a74psy-c8a74psy-bzfn-uowj-oj52-2ta1wj-2t...
11 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/?ip=217.114.218.27&lpkey=160f854d510f194d55&thjp=ZGFpbHlzZWFyY2huZXdzLmNvbQ&uclick=c8a74psy&uclickhash=c8a74psy-c8a74psy-bzfn-uowj-oj52-2ta1wj-2txodz-d5bb16
Requested by
Host: restorex.tech
URL: https://restorex.tech/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
164.90.196.46 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
f89af9ffc77074abc4737828e94e6b863682ceb0dcfbd9d60fecd79571760351

Request headers

Referer
https://racetrack.top/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 31 May 2023 05:40:55 GMT
server
nginx
vary
Accept-Encoding

Redirect headers

content-type
text/html; charset=UTF-8
date
Wed, 31 May 2023 05:40:55 GMT
location
https://www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/?ip=217.114.218.27&lpkey=160f854d510f194d55&thjp=ZGFpbHlzZWFyY2huZXdzLmNvbQ&uclick=c8a74psy&uclickhash=c8a74psy-c8a74psy-bzfn-uowj-oj52-2ta1wj-2txodz-d5bb16
server
nginx/1.18.0
strict-transport-security
max-age=317.4000
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/ 		85 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js
Requested by
Host: www.sekuru.click
URL: https://www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/?ip=217.114.218.27&lpkey=160f854d510f194d55&thjp=ZGFpbHlzZWFyY2huZXdzLmNvbQ&uclick=c8a74psy&uclickhash=c8a74psy-c8a74psy-bzfn-uowj-oj52-2ta1wj-2txodz-d5bb16
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Wed, 31 May 2023 05:40:55 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
4706490
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
27433
last-modified
Mon, 04 May 2020 16:11:48 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec4-1538f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z85VWdLbTSzFDecVlEpeN1eidoI6XgPzW%2BCDzJKOLfY8zS%2FMIB5S9ix3GxOuxs3CkGiomglXioWdUnEQW%2FoX4wmJR8TaVScV8PxlJ3HTn7AqYDQ4xDGHWDeE3OUwhtKyT36RYQGzXZ7XBKB7Eo1Q4D1E"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7cfce286dc17363c-FRA
expires
Mon, 20 May 2024 05:40:55 GMT
logo.svg
www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/s/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/s/logo.svg
Requested by
Host: www.sekuru.click
URL: https://www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/?ip=217.114.218.27&lpkey=160f854d510f194d55&thjp=ZGFpbHlzZWFyY2huZXdzLmNvbQ&uclick=c8a74psy&uclickhash=c8a74psy-c8a74psy-bzfn-uowj-oj52-2ta1wj-2txodz-d5bb16
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
164.90.196.46 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
b06a086772e41e5c71e268946669ad339dd475cd64aa09c2cdcf0c0ad9cb1b49

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Wed, 31 May 2023 05:40:55 GMT
content-encoding
br
last-modified
Tue, 20 Dec 2022 17:31:19 GMT
server
nginx
etag
W/"926-5f045cdd0ba71"
vary
Accept-Encoding
content-type
image/svg+xml
box.png
www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/s/ 		214 KB
214 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/s/box.png
Requested by
Host: www.sekuru.click
URL: https://www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/?ip=217.114.218.27&lpkey=160f854d510f194d55&thjp=ZGFpbHlzZWFyY2huZXdzLmNvbQ&uclick=c8a74psy&uclickhash=c8a74psy-c8a74psy-bzfn-uowj-oj52-2ta1wj-2txodz-d5bb16
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
164.90.196.46 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
fae5426bccacee7bd12dc18b8320cc4a6a801ba598247d9a2987739629a29c02

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Wed, 31 May 2023 05:40:55 GMT
last-modified
Tue, 20 Dec 2022 17:31:20 GMT
server
nginx
accept-ranges
bytes
etag
"356f9-5f045cdd250b2"
content-length
218873
content-type
image/png
click.php
dailysearchnews.com/ 		0
143 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dailysearchnews.com/click.php?event10=1
Requested by
Host: www.sekuru.click
URL: https://www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/?ip=217.114.218.27&lpkey=160f854d510f194d55&thjp=ZGFpbHlzZWFyY2huZXdzLmNvbQ&uclick=c8a74psy&uclickhash=c8a74psy-c8a74psy-bzfn-uowj-oj52-2ta1wj-2txodz-d5bb16
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
195.201.221.45 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.45.221.201.195.clients.your-server.de
Software
nginx/1.18.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=317.4000

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Wed, 31 May 2023 05:40:55 GMT
strict-transport-security
max-age=317.4000
content-encoding
gzip
server
nginx/1.18.0
content-type
text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| $ function| jQuery function| _0x303225 function| _0xe1c7 function| _0x2b67 function| getURLParameter string| thjp object| pp function| exit_offer function| _0x219506

9 Cookies

Domain/Path Name / Value
restorex.tech/ Name: 2945af79a
Value: af79abbd7c8d
.majormedialink.com/ Name: uuid
Value: e6e722dc-a912-4472-bcfc-7e637f284bac
.au01.bid/ Name: uuid
Value: fcd8c206-1e19-4d07-8179-3ea02e277e57
.lan05.biz/ Name: uuid
Value: b2c3d009-b48f-40ce-bf49-11243c899fdf
.racetrack.top/ Name: uuid
Value: 3a517d37-96fe-4fcb-ad49-635b9b2fcf79
dm9.biz/ Name: uuid
Value: 9097e75e-a81a-4998-b7aa-06ba2d308a65
.dm9.biz/ Name: ccid
Value: %5B158846%5D
dailysearchnews.com/ Name: uclick
Value: c8a74psy
dailysearchnews.com/ Name: uclickhash
Value: c8a74psy-c8a74psy-bzfn-uowj-oj52-2ta1wj-2txodz-d5bb16

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

au01.bid
cdnjs.cloudflare.com
dailysearchnews.com
dm9.biz
lan05.biz
majormedialink.com
racetrack.top
restorex.tech
www.sekuru.click
164.90.194.65
164.90.196.46
185.177.92.29
185.177.94.180
185.177.94.194
185.177.94.42
195.201.221.45
2606:4700::6811:190e
45.132.1.73
0515ddd9185d263874e7b66bb6d521fcd63b857aac5fed51c08df98026dafe27
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
196083352a09a19cf2d4364e3ad406606fedb562f2096c1bef373ff2c485b503
260988c387344b8bb16ec9dde69ec1e3743eeb9d48be6f7addc974e90c87a6eb
349f4bc944f444e656ac165e19aa5c1920416170f0b24f75b02766a363888e93
3a7abff293d71fd8c5a58deacb964b50fe074a6f458575d37abbd367a3a930a1
65c9b748de918d55759da17721cbe1b99d68482b5398f06a1ff0baaff41b746c
8545f789d157443e285020e59d3ede5a7725a9ab6d03ebaa996ef57914d1685c
9cce02c3a35b9ad6c74f6d077c9764c32d1e11bf528e406869d4ff70852f8b8f
aab564e67c47df65ddcb9c4eaa62cd798a51624a3fded9f9b3a1197b460a79c2
b06a086772e41e5c71e268946669ad339dd475cd64aa09c2cdcf0c0ad9cb1b49
b73de4fb5bd6549ee0acf1393cabba644785979705fef3b0a25fab508f779b2e
bed6943660a4142c53885d3338387ea35a5a3a34c07a7c0ddcd3dc6b3a0802d6
c0af6cb2280bba97d235dfad7c72d22353a0d2cf277733ce9fc4701df7ed1d5f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9c661cc8adbaa1b9cd4cf65f0ba93a1c24211cb5f94ed0950e0fbc973781718
ea3698c32039a115b03c2528cbb29c3ff97bbd49ad1345d5095e98d1fd0ea8ba
f89af9ffc77074abc4737828e94e6b863682ceb0dcfbd9d60fecd79571760351
fae5426bccacee7bd12dc18b8320cc4a6a801ba598247d9a2987739629a29c02