1d706b4e081.megatrffc.com

Summary

This website contacted 4 IPs in 3 countries across 5 domains to perform 6 HTTP transactions. The main IP is 94.237.103.119, located in Finland and belongs to UPCLOUD, FI. The main domain is 1d706b4e081.megatrffc.com.
TLS certificate: Issued by R3 on May 12th 2023. Valid for: 3 months.

This is the only time 1d706b4e081.megatrffc.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	5.44.252.61 5.44.252.61	3236 (SERVER se...) (SERVER server.ua)
1	65.98.95.68 65.98.95.68	25653 (FORTRESSITX) (FORTRESSITX)
1 4	2606:4700:303... 2606:4700:3032::6815:1cae	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:303... 2606:4700:3035::ac43:9efb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	94.237.103.119 94.237.103.119	202053 (UPCLOUD) (UPCLOUD)
6	4

1 5.44.252.61 (Ukraine) 1 redirects

ASN3236 (SERVER server.ua, UA)

asbelewort.michelleingah.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.98.95.68 (United States)

ASN25653 (FORTRESSITX, US)
PTR: mta02.enhumpacaryn.top

onlyfreedomforu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:3032::6815:1cae (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

lynku.jukminung.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3035::ac43:9efb (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.addlnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.237.103.119 (Finland)

ASN202053 (UPCLOUD, FI)
PTR: 94-237-103-119.de-fra1.upcloud.host

1d706b4e081.megatrffc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	jukminung.com 1 redirects lynku.jukminung.com	6 KB
1	megatrffc.com 1d706b4e081.megatrffc.com	175 B
1	addlnk.com cdn.addlnk.com — Cisco Umbrella Rank: 418120	1 KB
1	onlyfreedomforu.com onlyfreedomforu.com	450 B
1	michelleingah.com 1 redirects asbelewort.michelleingah.com	322 B
6	5

	Domain	Requested by
4	lynku.jukminung.com	1 redirects onlyfreedomforu.com lynku.jukminung.com
1	1d706b4e081.megatrffc.com	lynku.jukminung.com
1	cdn.addlnk.com	lynku.jukminung.com
1	onlyfreedomforu.com
1	asbelewort.michelleingah.com	1 redirects
6	5

This site contains no links.

Subject Issuer	Validity	Valid
onlyfreedomforu.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-23` - `2023-09-21`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-03-20` - `2024-03-18`	a year	crt.sh
addlnk.com GTS CA 1P5	`2023-06-13` - `2023-09-11`	3 months	crt.sh
*.megatrffc.com R3	`2023-05-12` - `2023-08-10`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://1d706b4e081.megatrffc.com/?p=4379&media_type=mainstream&sub_id=pube3ae58b3f3c048d9a336a96170f10d9d&pubid=690136&pi=690136
Frame ID: CE50F338A06588C23BE6C90FB5A12573
Requests: 4 HTTP requests in this frame

Frame: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6cdb09c9/invisible.js
Frame ID: 1FB13A6BDDE8DB123BCD7E73E8C5C772
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://asbelewort.michelleingah.com/t/rjphexaak/r5ecf281051x4611x84579x92876603x2522555x9734914878x3160909 HTTP 302
https://onlyfreedomforu.com/1761fa882882bf37800/426_150182_97548_1164/9090613_5552252/54723920 Page URL
https://lynku.jukminung.com/rc/9e8aef8068?affclick=1353046475&pubid=690136 Page URL
https://1d706b4e081.megatrffc.com/?p=4379&media_type=mainstream&sub_id=pube3ae58b3f3c048d9a336a96170f10d9d&pub... Page URL

Page Statistics

6
Requests

83 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

4
IPs

3
Countries

8 kB
Transfer

11 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://asbelewort.michelleingah.com/t/rjphexaak/r5ecf281051x4611x84579x92876603x2522555x9734914878x3160909 HTTP 302
https://onlyfreedomforu.com/1761fa882882bf37800/426_150182_97548_1164/9090613_5552252/54723920 Page URL
https://lynku.jukminung.com/rc/9e8aef8068?affclick=1353046475&pubid=690136 Page URL
https://1d706b4e081.megatrffc.com/?p=4379&media_type=mainstream&sub_id=pube3ae58b3f3c048d9a336a96170f10d9d&pubid=690136&pi=690136 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://asbelewort.michelleingah.com/t/rjphexaak/r5ecf281051x4611x84579x92876603x2522555x9734914878x3160909 HTTP 302
https://onlyfreedomforu.com/1761fa882882bf37800/426_150182_97548_1164/9090613_5552252/54723920

Request Chain 3

https://lynku.jukminung.com/cdn-cgi/challenge-platform/scripts/invisible.js HTTP 302
https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6cdb09c9/invisible.js

6 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

54723920
onlyfreedomforu.com/1761fa882882bf37800/426_150182_97548_1164/9090613_5552252/
Redirect Chain

http://asbelewort.michelleingah.com/t/rjphexaak/r5ecf281051x4611x84579x92876603x2522555x9734914878x3160909
https://onlyfreedomforu.com/1761fa882882bf37800/426_150182_97548_1164/9090613_5552252/54723920

137 B
450 B

1639ms
443ms

Document
text/html

65.98.95.68
FORTRESSITX

General

Check archive.org

Show headers Download Go to

Full URL: https://onlyfreedomforu.com/1761fa882882bf37800/426_150182_97548_1164/9090613_5552252/54723920
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 65.98.95.68 , United States, ASN25653 (FORTRESSITX, US),
Reverse DNS: mta02.enhumpacaryn.top
Software: Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: close
Content-Length: 137
Content-Type: text/html; charset=UTF-8
Date: Tue, 20 Jun 2023 01:42:16 GMT
Server: Apache

Redirect headers

Connection: Keep-Alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Tue, 20 Jun 2023 01:42:14 GMT
Keep-Alive: timeout=5, max=100
Location: https://onlyfreedomforu.com/1761fa882882bf37800/426_150182_97548_1164/9090613_5552252/54723920
Server: Apache
X-Powered-By: PHP/5.4.16

GET
H2 200 9e8aef8068 Show response
lynku.jukminung.com/rc/ 2 KB
2 KB 150ms
110ms Document
text/html 2606:4700:3032::6815:1cae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lynku.jukminung.com/rc/9e8aef8068?affclick=1353046475&pubid=690136
Requested by: Host: onlyfreedomforu.com
URL: https://onlyfreedomforu.com/1761fa882882bf37800/426_150182_97548_1164/9090613_5552252/54723920
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:1cae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7d22db498020a75ee67cd98fe98cfacfe052acd8c6ba315d1160fea674d8268c

Request headers

Referer: https://onlyfreedomforu.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7da05071ddb2190d-FRA
content-encoding: br
content-language: en-us
content-type: text/html; charset=utf-8
date: Tue, 20 Jun 2023 01:42:16 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lcbpsDAztGzbjV7K1H%2Fzfvo8K0Dc8bFexOkgCvN7UvwRCih8q8Z8QFV9FQANm7puHpalxHL5UOM8IlsgLQ%2FzJWkNCdFX11mK60D3e0uJRUURquUY8iZOU%2BwXUZuAEm%2Fxsf0VSM651AfPcauTZVT%2BGnXH"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding, Accept-Language, Cookie

GET
H2 200 redirect.css
cdn.addlnk.com/ 1 KB
1 KB 50ms
15ms Stylesheet
text/css 2606:4700:3035::ac43:9efb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.addlnk.com/redirect.css
Requested by: Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/rc/9e8aef8068?affclick=1353046475&pubid=690136
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:9efb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 01:42:16 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 595CTRW8VHXCQVR2
age: 3709
cf-polished: origSize=1680
alt-svc: h3=":443"; ma=86400
x-amz-id-2: oL/QL+U2SLwsfmrIshqQ4TmsOFUMvPMj/jMb9DZtiaP3fwytZ+A/ZaTo4yR4+3H0ipWJtvMmoQQ=
cf-bgj: minify
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
server: cloudflare
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hywCxsrwBq8CsTaLqoMjs2%2BvW4UxOJt8ErMwN5%2BdtzxWi%2FIbSloYamCphhU5WBLj6BMJAO3RGeW9%2FcbEJEWvQLRDjzF4rq%2BzSAyE63gT67n5XMhHSinU5fhmEB0csYmiP6cuIOj9BRP9nBCnmw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 7da05072cb9e3685-FRA

GET
H2

200

invisible.js Show response
lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6cdb09c9/ Frame 1FB1
Redirect Chain

https://lynku.jukminung.com/cdn-cgi/challenge-platform/scripts/invisible.js
https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6cdb09c9/invisible.js

7 KB
4 KB

10ms
10ms

Script
application/javascript

2606:4700:3032::6815:1cae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6cdb09c9/invisible.js

Protocol

H2

Server

2606:4700:3032::6815:1cae , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

664b7fd3b15f85587831dbe10ef6e64b214d1802bb14425ed07c83b0686a84e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 01:42:16 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XSPOkhUmpPaKn9gd59NiCeAk8ydffzzRd0YBHXvCwSp3ehqR6MZPYHIw6ZiTA5WsnUJDUPKmjNLx4PG5bkUOein0Zw29y2WHDCBwW5VmeIeX0QP60939MFAY%2BfdhrSvPcDYvkDP9WbziwGZ1mUQpCCd0"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 7da050730e66190d-FRA
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Tue, 20 Jun 2023 01:42:16 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8vjQtZCvZPImil7TUFMuqPBgwK2oQir3ozBdzQEXq6iSW08tV9tN4sTZ9zpI7fjl9fSw6%2FvMcpTE8rWdnq%2FjTgop9AOxTbEy3YExNBTKUn7C3edB78Z77PsL%2FzrMsF8CBfKD2uTqTyyr%2Fr6PHBVtLx1k"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/6cdb09c9/invisible.js
cache-control: max-age=300, public
cf-ray: 7da05072fe57190d-FRA
alt-svc: h3=":443"; ma=86400

POST
H3 200 7da05071ddb2190d
lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/cv/result/ Frame 1FB1 0
619 B 19ms
18ms XHR
text/plain 2606:4700:3032::6815:1cae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/cv/result/7da05071ddb2190d
Requested by: Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/cdn-cgi/challenge-platform/scripts/invisible.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:1cae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 20 Jun 2023 01:42:16 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ikfUNPp7o8p3hCVe5YLGG%2Fm3ziZSY1K3%2FM%2BQQHmFi9UKwJdZtimteBg6Y%2BoAaI8hiM9%2BC7hcohiPQnr0r1MWvAU8Nus5cuGUAtm9n5Dsls%2FRhX6tZY7UhHSFupzhPJDeYgje98zuWE5ZaMamps8fCEaL"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 7da05073ca1f92a2-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 404 Primary Request / Show response
1d706b4e081.megatrffc.com/ 22 B
175 B 97ms
50ms Document
text/html 94.237.103.119
UPCLOUD

General

Check archive.org

Show headers Download Go to

Full URL: https://1d706b4e081.megatrffc.com/?p=4379&media_type=mainstream&sub_id=pube3ae58b3f3c048d9a336a96170f10d9d&pubid=690136&pi=690136
Requested by: Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/rc/9e8aef8068?affclick=1353046475&pubid=690136
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.237.103.119 , Finland, ASN202053 (UPCLOUD, FI),
Reverse DNS: 94-237-103-119.de-fra1.upcloud.host
Software: /
Resource Hash: 9dfe96d8f9cf5eb5f22ad912e0c3cd98762ee7c119a7939635fa636a3b3333fc

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 20 Jun 2023 01:42:17 GMT
vary: Accept-Encoding

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
onlyfreedomforu.com/	1970-01-20 13:23:37	Name: uid15295 Value: 1353046475-20230619214216-0da879a5b1f9cfa2b8dcce9061c8403a-
lynku.jukminung.com/	1970-01-20 12:50:30	Name: AWSALB Value: uUgw5kLt3z+R4UywAYoBm+/n6iyWeBkS0bbgSFlB7XYVl3rwrusgJrAUs26PtQipIEzUHszSAkMXLo4+ZtpEJJXLR2gCYyV2BAFW0sVitsdx1J/lgz0CCK7GIh/c
.jukminung.com/	1970-01-20 12:40:27	Name: __cf_bm Value: GTIWUnqshRkvjKq_OTTJ0D4mWj3rqVy5y8MQSOX1fRo-1687225336-0-AfDVp882xxcZYVXbB8gE/igglioZ6oH+6CAbr2qWeS80Cjt4DNwzJJTFtsPlgxBklg==

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://1d706b4e081.megatrffc.com/?p=4379&media_type=mainstream&sub_id=pube3ae58b3f3c048d9a336a96170f10d9d&pubid=690136&pi=690136 Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1d706b4e081.megatrffc.com
asbelewort.michelleingah.com
cdn.addlnk.com
lynku.jukminung.com
onlyfreedomforu.com
2606:4700:3032::6815:1cae
2606:4700:3035::ac43:9efb
5.44.252.61
65.98.95.68
94.237.103.119
664b7fd3b15f85587831dbe10ef6e64b214d1802bb14425ed07c83b0686a84e0
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1
7d22db498020a75ee67cd98fe98cfacfe052acd8c6ba315d1160fea674d8268c
9dfe96d8f9cf5eb5f22ad912e0c3cd98762ee7c119a7939635fa636a3b3333fc

1d706b4e081.megatrffc.com Open in urlscan Pro 94.237.103.119 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

6 Requests

83 %HTTPS

40 %IPv6

5 Domains

5 Subdomains

4 IPs

3 Countries

8 kBTransfer

11 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

3 Cookies

1 Console Messages

Indicators

1d706b4e081.megatrffc.com Open in urlscan Pro
94.237.103.119 Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

83 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

4
IPs

3
Countries

8 kB
Transfer

11 kB
Size

3
Cookies

6 HTTP transactions
0 data transactions