urlscan.io logo urlscan.io
SecurityTrails logo

www.sekuru.click Open in urlscan Pro
164.90.196.46  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://kredyt-k137.shop/
Effective URL: https://www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/?ip=37.58.58.243&lpkey=16a1855409ca558125&thjp=ZGFpbHlzZWFyY2huZXdzLm...
Submission: On May 26 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 4 countries across 9 domains to perform 18 HTTP transactions. The main IP is 164.90.196.46, located in Amsterdam, Netherlands and belongs to DIGITALOCEAN-ASN, US. The main domain is www.sekuru.click.
TLS certificate: Issued by R3 on May 10th 2023. Valid for: 3 months.
This is the only time www.sekuru.click was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 94.142.138.16 211409 (GALAXY-AS)
1 185.177.94.194 39572 (ADVANCEDH...)
1 185.177.94.180 39572 (ADVANCEDH...)
8 185.177.94.42 39572 (ADVANCEDH...)
1 185.177.92.29 39572 (ADVANCEDH...)
1 1 164.90.194.65 14061 (DIGITALOC...)
1 2 195.201.221.45 24940 (HETZNER-AS)
3 164.90.196.46 14061 (DIGITALOC...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
18 9
2    94.142.138.16 (Moscow Oblast, Russian Federation)

ASN211409 (GALAXY-AS, RU)
kredyt-k137.shop
1    185.177.94.194 (Amsterdam, Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
PTR: ip-185-177-94-194.ah-server.com
majormedialink.com
1    185.177.94.180 (Amsterdam, Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
PTR: ip-185-177-94-180.ah-server.com
au01.bid
8    185.177.94.42 (Amsterdam, Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
PTR: ip-185-177-94-42.ah-server.com
lan05.biz
1    185.177.92.29 (Amsterdam, Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
PTR: ip-185-177-92-29.ah-server.com
racetrack.top
1    164.90.194.65 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)
dm9.biz
2    195.201.221.45 (Gunzenhausen, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.45.221.201.195.clients.your-server.de
dailysearchnews.com
3    164.90.196.46 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)
www.sekuru.click
1    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
Apex Domain
Subdomains		 Transfer
8 lan05.biz
lan05.biz
50 KB
3 sekuru.click
www.sekuru.click
219 KB
2 dailysearchnews.com
dailysearchnews.com
608 B
2 kredyt-k137.shop
kredyt-k137.shop
1 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 199
27 KB
1 dm9.biz
dm9.biz — Cisco Umbrella Rank: 874435
493 B
1 racetrack.top
racetrack.top
65 KB
1 au01.bid
au01.bid
65 KB
1 majormedialink.com
majormedialink.com
15 KB
18 9
Domain Requested by
8 lan05.biz kredyt-k137.shop
lan05.biz
3 www.sekuru.click kredyt-k137.shop
www.sekuru.click
2 dailysearchnews.com 1 redirects www.sekuru.click
2 kredyt-k137.shop kredyt-k137.shop
1 cdnjs.cloudflare.com www.sekuru.click
1 dm9.biz 1 redirects
1 racetrack.top kredyt-k137.shop
1 au01.bid kredyt-k137.shop
1 majormedialink.com
18 9

This site contains no links.

Subject Issuer Validity Valid
kredyt-k137.shop
R3		 2023-05-26 -
2023-08-24		 3 months crt.sh
majorpushme1.com
R3		 2023-05-17 -
2023-08-15		 3 months crt.sh
0.allowww.com
R3		 2023-05-01 -
2023-07-30		 3 months crt.sh
0.lan04.biz
R3		 2023-04-05 -
2023-07-04		 3 months crt.sh
0.racetrack.top
R3		 2023-04-05 -
2023-07-04		 3 months crt.sh
www.mickeu.click
R3		 2023-05-10 -
2023-08-08		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-08-03 -
2023-08-02		 a year crt.sh
dailysearchnews.com
R3		 2023-05-14 -
2023-08-12		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/?ip=37.58.58.243&lpkey=16a1855409ca558125&thjp=ZGFpbHlzZWFyY2huZXdzLmNvbQ&uclick=tlikkta7&uclickhash=tlikkta7-tlikkta7-bzfn-uowj-oj52-2ta1wj-2txodz-f84d18
Frame ID: 16DB7BAB535D846B23B21AC1A36B1E4F
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Turn On Antivirus Protection

Page URL History Show full URLs

  1. https://kredyt-k137.shop/ Page URL
  2. http://kredyt-k137.shop/ Page URL
  3. https://majormedialink.com/?p=ga4gmobwmy5gi3bpgq3tgny&sub1=%D1%81%D1%81%D1%81 Page URL
  4. https://au01.bid/go/mi4tgnbumy5dsmjzg4?subid1=%D1%81 Page URL
  5. https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh Page URL
  6. https://racetrack.top/go/gu4dmmjvgm5dcmzq Page URL
  7. https://dm9.biz/?auf=gi3dkmtfmi5dgmjxf4ytgmbphaxtezrxha2dcn3df4zdilzrgy4dkmbzguzdena&p=l&sub... HTTP 302
    https://dailysearchnews.com/click.php?key=wer6k43xdure203h0e41&clickid=5c435de6-e533-440d-bba3-3584d7aaa... HTTP 302
    https://www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/?ip=37.58.58.243&lpkey=16a1855409ca558125&thjp=ZG... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

18
Requests

94 %
HTTPS

11 %
IPv6

9
Domains

9
Subdomains

9
IPs

4
Countries

442 kB
Transfer

550 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://kredyt-k137.shop/ Page URL
  2. http://kredyt-k137.shop/ Page URL
  3. https://majormedialink.com/?p=ga4gmobwmy5gi3bpgq3tgny&sub1=%D1%81%D1%81%D1%81 Page URL
  4. https://au01.bid/go/mi4tgnbumy5dsmjzg4?subid1=%D1%81 Page URL
  5. https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh Page URL
  6. https://racetrack.top/go/gu4dmmjvgm5dcmzq Page URL
  7. https://dm9.biz/?auf=gi3dkmtfmi5dgmjxf4ytgmbphaxtezrxha2dcn3df4zdilzrgy4dkmbzguzdena&p=l&sub1=&sub2=&sub3=&sub4=&cpc=0&cpm=0 HTTP 302
    https://dailysearchnews.com/click.php?key=wer6k43xdure203h0e41&clickid=5c435de6-e533-440d-bba3-3584d7aaa534&cost=0.0061&feedid=feed9317&creative=0&site=2f78417c&age=0&hash=2f78417c&campaign=158846 HTTP 302
    https://www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/?ip=37.58.58.243&lpkey=16a1855409ca558125&thjp=ZGFpbHlzZWFyY2huZXdzLmNvbQ&uclick=tlikkta7&uclickhash=tlikkta7-tlikkta7-bzfn-uowj-oj52-2ta1wj-2txodz-f84d18 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
kredyt-k137.shop/ 		923 B
692 B 		Document
General
Check archive.org
Download Go to
Full URL
https://kredyt-k137.shop/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
94.142.138.16 Moscow Oblast, Russian Federation, ASN211409 (GALAXY-AS, RU),
Reverse DNS
Software
openresty / PHP/7.2.30
Resource Hash
e20ad890cc966436102a9118d4363cdf2d0bbdc8843ebc5f92fabf70359fa93e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Fri, 26 May 2023 10:00:23 GMT
Server
openresty
Transfer-Encoding
chunked
X-Powered-By
PHP/7.2.30
/
kredyt-k137.shop/ 		441 B
507 B 		Document
General
Check archive.org
Download Go to
Full URL
http://kredyt-k137.shop/
Requested by
Host: kredyt-k137.shop
URL: https://kredyt-k137.shop/
Protocol
HTTP/1.1
Server
94.142.138.16 Moscow Oblast, Russian Federation, ASN211409 (GALAXY-AS, RU),
Reverse DNS
Software
openresty / PHP/7.2.30
Resource Hash
65c9b748de918d55759da17721cbe1b99d68482b5398f06a1ff0baaff41b746c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Fri, 26 May 2023 10:00:23 GMT
Server
openresty
Transfer-Encoding
chunked
X-Powered-By
PHP/7.2.30
/
majormedialink.com/ 		15 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://majormedialink.com/?p=ga4gmobwmy5gi3bpgq3tgny&sub1=%D1%81%D1%81%D1%81
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.177.94.194 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
ip-185-177-94-194.ah-server.com
Software
nginx /
Resource Hash
9934813187967303182f77031d7590a6f73ffd55d353edc85ab65d11e86c8dc5
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://kredyt-k137.shop/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
content-security-policy
img-src https: data:; upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Fri, 26 May 2023 10:00:22 GMT
server
nginx
strict-transport-security
max-age=31536000
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8545f789d157443e285020e59d3ede5a7725a9ab6d03ebaa996ef57914d1685c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type
image/png
mi4tgnbumy5dsmjzg4
au01.bid/go/ 		64 KB
65 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://au01.bid/go/mi4tgnbumy5dsmjzg4?subid1=%D1%81
Requested by
Host: kredyt-k137.shop
URL: https://kredyt-k137.shop/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.177.94.180 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
ip-185-177-94-180.ah-server.com
Software
nginx /
Resource Hash
5d87d8bd6e87f3bb53523bf02d552c73962433a5c90c0cbf900ce6f5baa2b316
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://majormedialink.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
content-security-policy
img-src https: data:; upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Fri, 26 May 2023 10:00:24 GMT
server
nginx
strict-transport-security
max-age=31536000
truncated
/ 		20 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
349f4bc944f444e656ac165e19aa5c1920416170f0b24f75b02766a363888e93

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type
image/jpeg
/
lan05.biz/ 		11 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh
Requested by
Host: kredyt-k137.shop
URL: https://kredyt-k137.shop/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.177.94.42 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
ip-185-177-94-42.ah-server.com
Software
nginx /
Resource Hash
6677a678047f31bdaa404bd9edcf7f2488d006c0cfee7949d0a025761b885da1
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://au01.bid/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
content-security-policy
img-src https: data:; upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Fri, 26 May 2023 10:00:24 GMT
server
nginx
strict-transport-security
max-age=31536000
icon1.png
lan05.biz/img/25/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lan05.biz/img/25/icon1.png
Requested by
Host: lan05.biz
URL: https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.177.94.42 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
ip-185-177-94-42.ah-server.com
Software
nginx /
Resource Hash
0515ddd9185d263874e7b66bb6d521fcd63b857aac5fed51c08df98026dafe27
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 26 May 2023 10:00:24 GMT
strict-transport-security
max-age=31536000
content-security-policy
img-src https: data:; upgrade-insecure-requests
last-modified
Mon, 25 Nov 2019 14:45:00 GMT
server
nginx
etag
"5ddbe8ec-1c54"
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
content-length
7252
expires
Sun, 25 Jun 2023 10:00:24 GMT
icon2.png
lan05.biz/img/25/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lan05.biz/img/25/icon2.png
Requested by
Host: lan05.biz
URL: https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.177.94.42 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
ip-185-177-94-42.ah-server.com
Software
nginx /
Resource Hash
aab564e67c47df65ddcb9c4eaa62cd798a51624a3fded9f9b3a1197b460a79c2
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 26 May 2023 10:00:24 GMT
strict-transport-security
max-age=31536000
content-security-policy
img-src https: data:; upgrade-insecure-requests
last-modified
Mon, 25 Nov 2019 14:45:38 GMT
server
nginx
etag
"5ddbe912-11e0"
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
content-length
4576
expires
Sun, 25 Jun 2023 10:00:24 GMT
icon3.png
lan05.biz/img/25/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lan05.biz/img/25/icon3.png
Requested by
Host: lan05.biz
URL: https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.177.94.42 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
ip-185-177-94-42.ah-server.com
Software
nginx /
Resource Hash
ea3698c32039a115b03c2528cbb29c3ff97bbd49ad1345d5095e98d1fd0ea8ba
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 26 May 2023 10:00:24 GMT
strict-transport-security
max-age=31536000
content-security-policy
img-src https: data:; upgrade-insecure-requests
last-modified
Mon, 25 Nov 2019 14:45:43 GMT
server
nginx
etag
"5ddbe917-1ea7"
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
content-length
7847
expires
Sun, 25 Jun 2023 10:00:24 GMT
icon4.png
lan05.biz/img/25/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lan05.biz/img/25/icon4.png
Requested by
Host: lan05.biz
URL: https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.177.94.42 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
ip-185-177-94-42.ah-server.com
Software
nginx /
Resource Hash
c0af6cb2280bba97d235dfad7c72d22353a0d2cf277733ce9fc4701df7ed1d5f
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 26 May 2023 10:00:24 GMT
strict-transport-security
max-age=31536000
content-security-policy
img-src https: data:; upgrade-insecure-requests
last-modified
Mon, 25 Nov 2019 14:45:47 GMT
server
nginx
etag
"5ddbe91b-1b78"
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
content-length
7032
expires
Sun, 25 Jun 2023 10:00:24 GMT
icon5.png
lan05.biz/img/25/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lan05.biz/img/25/icon5.png
Requested by
Host: lan05.biz
URL: https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.177.94.42 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
ip-185-177-94-42.ah-server.com
Software
nginx /
Resource Hash
196083352a09a19cf2d4364e3ad406606fedb562f2096c1bef373ff2c485b503
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 26 May 2023 10:00:24 GMT
strict-transport-security
max-age=31536000
content-security-policy
img-src https: data:; upgrade-insecure-requests
last-modified
Mon, 25 Nov 2019 14:45:54 GMT
server
nginx
etag
"5ddbe922-cc0"
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
content-length
3264
expires
Sun, 25 Jun 2023 10:00:24 GMT
icon7.png
lan05.biz/img/25/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lan05.biz/img/25/icon7.png
Requested by
Host: lan05.biz
URL: https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.177.94.42 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
ip-185-177-94-42.ah-server.com
Software
nginx /
Resource Hash
e9c661cc8adbaa1b9cd4cf65f0ba93a1c24211cb5f94ed0950e0fbc973781718
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 26 May 2023 10:00:24 GMT
strict-transport-security
max-age=31536000
content-security-policy
img-src https: data:; upgrade-insecure-requests
last-modified
Mon, 25 Nov 2019 14:46:00 GMT
server
nginx
etag
"5ddbe928-cd3"
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
content-length
3283
expires
Sun, 25 Jun 2023 10:00:24 GMT
icon8.png
lan05.biz/img/25/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lan05.biz/img/25/icon8.png
Requested by
Host: lan05.biz
URL: https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.177.94.42 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
ip-185-177-94-42.ah-server.com
Software
nginx /
Resource Hash
3a7abff293d71fd8c5a58deacb964b50fe074a6f458575d37abbd367a3a930a1
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://lan05.biz/?p=gntdoobvmm5gi3bpgy3toni&sub1=hhh
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 26 May 2023 10:00:24 GMT
strict-transport-security
max-age=31536000
content-security-policy
img-src https: data:; upgrade-insecure-requests
last-modified
Mon, 25 Nov 2019 14:46:06 GMT
server
nginx
etag
"5ddbe92e-fe0"
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
content-length
4064
expires
Sun, 25 Jun 2023 10:00:24 GMT
gu4dmmjvgm5dcmzq
racetrack.top/go/ 		65 KB
65 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://racetrack.top/go/gu4dmmjvgm5dcmzq
Requested by
Host: kredyt-k137.shop
URL: https://kredyt-k137.shop/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.177.92.29 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
ip-185-177-92-29.ah-server.com
Software
nginx /
Resource Hash
a1799375088afb81766b45df03ec99ca6d6395a4e185299e566e226654835354
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://lan05.biz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
content-security-policy
img-src https: data:; upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Fri, 26 May 2023 10:00:24 GMT
server
nginx
strict-transport-security
max-age=31536000
truncated
/ 		20 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
349f4bc944f444e656ac165e19aa5c1920416170f0b24f75b02766a363888e93

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type
image/jpeg
Primary Request /
www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/
Redirect Chain
  • https://dm9.biz/?auf=gi3dkmtfmi5dgmjxf4ytgmbphaxtezrxha2dcn3df4zdilzrgy4dkmbzguzdena&p=l&sub1=&sub2=&sub3=&sub4=&cpc=0&cpm=0
  • https://dailysearchnews.com/click.php?key=wer6k43xdure203h0e41&clickid=5c435de6-e533-440d-bba3-3584d7aaa534&cost=0.0061&feedid=feed9317&creative=0&site=2f78417c&age=0&hash=2f78417c&campaign=158846
  • https://www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/?ip=37.58.58.243&lpkey=16a1855409ca558125&thjp=ZGFpbHlzZWFyY2huZXdzLmNvbQ&uclick=tlikkta7&uclickhash=tlikkta7-tlikkta7-bzfn-uowj-oj52-2ta1wj-2txo...
11 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/?ip=37.58.58.243&lpkey=16a1855409ca558125&thjp=ZGFpbHlzZWFyY2huZXdzLmNvbQ&uclick=tlikkta7&uclickhash=tlikkta7-tlikkta7-bzfn-uowj-oj52-2ta1wj-2txodz-f84d18
Requested by
Host: kredyt-k137.shop
URL: https://kredyt-k137.shop/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
164.90.196.46 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
f89af9ffc77074abc4737828e94e6b863682ceb0dcfbd9d60fecd79571760351

Request headers

Referer
https://racetrack.top/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 26 May 2023 10:00:26 GMT
server
nginx
vary
Accept-Encoding

Redirect headers

content-type
text/html; charset=UTF-8
date
Fri, 26 May 2023 10:00:25 GMT
location
https://www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/?ip=37.58.58.243&lpkey=16a1855409ca558125&thjp=ZGFpbHlzZWFyY2huZXdzLmNvbQ&uclick=tlikkta7&uclickhash=tlikkta7-tlikkta7-bzfn-uowj-oj52-2ta1wj-2txodz-f84d18
server
nginx/1.18.0
strict-transport-security
max-age=317.4000
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/ 		85 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js
Requested by
Host: www.sekuru.click
URL: https://www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/?ip=37.58.58.243&lpkey=16a1855409ca558125&thjp=ZGFpbHlzZWFyY2huZXdzLmNvbQ&uclick=tlikkta7&uclickhash=tlikkta7-tlikkta7-bzfn-uowj-oj52-2ta1wj-2txodz-f84d18
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 26 May 2023 10:00:26 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
62102
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
27433
last-modified
Mon, 04 May 2020 16:11:48 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec4-1538f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kKfaWjhb34kbFiFEJukaYX2kBTNGYedcVZLuny8BSHzmf%2BW3kjUA3q2hpc6PfkaqVpbFyOtEmDE3Dd9c2X1wK54s%2BUNsvYvEJDFI6ddeDuHNkzldVau37geTFtQJwMSR8ZgZdTXFlqRyxL2bF4U76TPx"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7cd52bcd58a51db3-FRA
expires
Wed, 15 May 2024 10:00:26 GMT
logo.svg
www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/s/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/s/logo.svg
Requested by
Host: www.sekuru.click
URL: https://www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/?ip=37.58.58.243&lpkey=16a1855409ca558125&thjp=ZGFpbHlzZWFyY2huZXdzLmNvbQ&uclick=tlikkta7&uclickhash=tlikkta7-tlikkta7-bzfn-uowj-oj52-2ta1wj-2txodz-f84d18
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
164.90.196.46 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
b06a086772e41e5c71e268946669ad339dd475cd64aa09c2cdcf0c0ad9cb1b49

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 26 May 2023 10:00:26 GMT
content-encoding
br
last-modified
Tue, 20 Dec 2022 17:31:19 GMT
server
nginx
etag
W/"926-5f045cdd0ba71"
vary
Accept-Encoding
content-type
image/svg+xml
box.png
www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/s/ 		214 KB
214 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/s/box.png
Requested by
Host: www.sekuru.click
URL: https://www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/?ip=37.58.58.243&lpkey=16a1855409ca558125&thjp=ZGFpbHlzZWFyY2huZXdzLmNvbQ&uclick=tlikkta7&uclickhash=tlikkta7-tlikkta7-bzfn-uowj-oj52-2ta1wj-2txodz-f84d18
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
164.90.196.46 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
fae5426bccacee7bd12dc18b8320cc4a6a801ba598247d9a2987739629a29c02

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 26 May 2023 10:00:26 GMT
last-modified
Tue, 20 Dec 2022 17:31:20 GMT
server
nginx
accept-ranges
bytes
etag
"356f9-5f045cdd250b2"
content-length
218873
content-type
image/png
click.php
dailysearchnews.com/ 		0
143 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dailysearchnews.com/click.php?event10=1
Requested by
Host: www.sekuru.click
URL: https://www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/?ip=37.58.58.243&lpkey=16a1855409ca558125&thjp=ZGFpbHlzZWFyY2huZXdzLmNvbQ&uclick=tlikkta7&uclickhash=tlikkta7-tlikkta7-bzfn-uowj-oj52-2ta1wj-2txodz-f84d18
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
195.201.221.45 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.45.221.201.195.clients.your-server.de
Software
nginx/1.18.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=317.4000

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 26 May 2023 10:00:26 GMT
strict-transport-security
max-age=317.4000
content-encoding
gzip
server
nginx/1.18.0
content-type
text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| $ function| jQuery function| _0x303225 function| _0xe1c7 function| _0x2b67 function| getURLParameter string| thjp object| pp function| exit_offer function| _0x219506

9 Cookies

Domain/Path Name / Value
kredyt-k137.shop/ Name: 6eb5271a3
Value: 271a3b04b4e8
.majormedialink.com/ Name: uuid
Value: 36970d3f-be27-408e-a87f-0f59061b1b88
.au01.bid/ Name: uuid
Value: aa9c4dfd-9a93-419a-8e8a-686e7597c40b
.lan05.biz/ Name: uuid
Value: 6ce67ac6-55c6-4ff2-9b48-479f8762d001
.racetrack.top/ Name: uuid
Value: 7caa2f1a-d0a4-4a36-9712-bf572e431906
dm9.biz/ Name: uuid
Value: 0649ee52-9a96-4aea-8039-a74b1b2d03f1
.dm9.biz/ Name: ccid
Value: %5B158846%5D
dailysearchnews.com/ Name: uclick
Value: tlikkta7
dailysearchnews.com/ Name: uclickhash
Value: tlikkta7-tlikkta7-bzfn-uowj-oj52-2ta1wj-2txodz-f84d18

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

au01.bid
cdnjs.cloudflare.com
dailysearchnews.com
dm9.biz
kredyt-k137.shop
lan05.biz
majormedialink.com
racetrack.top
www.sekuru.click
164.90.194.65
164.90.196.46
185.177.92.29
185.177.94.180
185.177.94.194
185.177.94.42
195.201.221.45
2606:4700::6811:190e
94.142.138.16
0515ddd9185d263874e7b66bb6d521fcd63b857aac5fed51c08df98026dafe27
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
196083352a09a19cf2d4364e3ad406606fedb562f2096c1bef373ff2c485b503
349f4bc944f444e656ac165e19aa5c1920416170f0b24f75b02766a363888e93
3a7abff293d71fd8c5a58deacb964b50fe074a6f458575d37abbd367a3a930a1
5d87d8bd6e87f3bb53523bf02d552c73962433a5c90c0cbf900ce6f5baa2b316
65c9b748de918d55759da17721cbe1b99d68482b5398f06a1ff0baaff41b746c
6677a678047f31bdaa404bd9edcf7f2488d006c0cfee7949d0a025761b885da1
8545f789d157443e285020e59d3ede5a7725a9ab6d03ebaa996ef57914d1685c
9934813187967303182f77031d7590a6f73ffd55d353edc85ab65d11e86c8dc5
a1799375088afb81766b45df03ec99ca6d6395a4e185299e566e226654835354
aab564e67c47df65ddcb9c4eaa62cd798a51624a3fded9f9b3a1197b460a79c2
b06a086772e41e5c71e268946669ad339dd475cd64aa09c2cdcf0c0ad9cb1b49
c0af6cb2280bba97d235dfad7c72d22353a0d2cf277733ce9fc4701df7ed1d5f
e20ad890cc966436102a9118d4363cdf2d0bbdc8843ebc5f92fabf70359fa93e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9c661cc8adbaa1b9cd4cf65f0ba93a1c24211cb5f94ed0950e0fbc973781718
ea3698c32039a115b03c2528cbb29c3ff97bbd49ad1345d5095e98d1fd0ea8ba
f89af9ffc77074abc4737828e94e6b863682ceb0dcfbd9d60fecd79571760351
fae5426bccacee7bd12dc18b8320cc4a6a801ba598247d9a2987739629a29c02