jwvijnxshs.duckdns.org
91.204.226.171  Unlisted Scan Open in urlscan Pro

Internal
urlscan.io (IP) urlscan.io (Domain)
Effective Hostname
VirusTotal SecurityTrails crt.sh
Submitted URL
Google Safe Browsing Archive.org
Effective URL Pivot
Google Safe Browsing Archive.org
Effective IP
VirusTotal SecurityTrails Domaintools Censys
Go To Rescan
Add Verdict Report
Submitted URL:
https://t.co/MQN7PEGZn2 13yr old
Effective URL:
https://jwvijnxshs.duckdns.org/?tyhyfzy 2yr old
Submission: On November 21 via manual (November 21st 2024, 10:34:49 am UTC) from JP — Scanned from GB
Summary HTTP 3 Redirects  Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 4 domains to perform 3 HTTP transactions. The main IP is 91.204.226.171, located in Seoul, Korea, Republic Of and belongs to KIDC HDTIDC LIMITED, HK. The main domain is jwvijnxshs.duckdns.org. 2yr old
TLS certificate: Issued by E5 on November 21st 2024. Valid for: 3mo.
This is the only time jwvijnxshs.duckdns.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Downloads These files were downloaded by the website

Chrome_up1732156036129.apk 261 KB application/zip
By SHA256
Hatching Triage Joe Sandbox Cloud Intezer Analyze Abuse.ch URLhaus Abuse.ch MalwareBazaar VirusTotal Hybrid Analysis Google
MIME: Zip archive data, at least v2.0 to extract
Size: 261 KB (266922 bytes, 100% done)
Downloaded from: https://cvws.icloud-content.com/B/Af0EuTgWpFmatpizAFV4JbyCGRaWAfRSlrRzELSIKdZnY571fbYBaccN/Chrome_up1732156036129.apk?o=AqmizYalfRfu35XmqKqHpY8BHoTn_7tIVbrU2toKX2p6&v=1&x=3&a=CAogmVM7aE69-Xg4frwc9xGuEqKPcWhKETM-8QdFv2Y86O4SaxD2maTytDIY9vb_87QyIgEAUgSCGRaWWgQBaccNaiXytrCUgu-AX1Yxl4C2BCLtIRTzOCvFvHZdZeJ3oCq2s2SLNwOJciWfZaTWZet7wNA1XMTDo4MCN4VvZQKrWDhnAksqNeoeDkG2iDbP&e=1732188830&fl=&r=9ec11f15-70ca-4b63-bd7d-6d320fd35e67-1&k=M09nF93_LE9B3NNe5Zd-Rw&ckc=com.apple.clouddocs&ckz=com.apple.CloudDocs&p=122&s=myCbWNxTHqFARpZHuE0J01eS9CE

Domain & IP information

IP Address AS Autonomous System
1 162.159.140.229 162.159.140.229 13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1 91.204.226.166 91.204.226.166 205960 (KIDC HDTI...) (KIDC HDTIDC LIMITED)
1 91.204.226.171 91.204.226.171 205960 (KIDC HDTI...) (KIDC HDTIDC LIMITED)
1 2a01:b740:a41... 2a01:b740:a41:280::1:5 714 (APPLE-ENG...) (APPLE-ENGINEERING)
3 3
Apex Domain
Subdomains		 Transfer
1 icloud-content.com
cvws.icloud-content.com — Cisco Umbrella Rank: 25724 9yr old
1 duckdns.org
jwvijnxshs.duckdns.org 2yr old
1 KB
1 hvhrg.xyz 1 redirects
zmptwh.hvhrg.xyz 2yr old
244 B
1 t.co
t.co — Cisco Umbrella Rank: 904 13yr old
871 B
3 4
Domain Requested by
1 cvws.icloud-content.com t.co
1 jwvijnxshs.duckdns.org t.co
1 zmptwh.hvhrg.xyz 1 redirects
1 t.co
3 4

This site contains no links.

Subject Issuer Validity Valid
t.co
E5		 2024-09-28 -
2024-12-27		 3mo crt.sh
jwvijnxshs.duckdns.org
E5		 2024-11-21 -
2025-02-19		 3mo crt.sh
cvws.icloud-content.com
Apple Public Server RSA CA 1 - G1		 2024-11-11 -
2025-12-04		 1yr crt.sh

This page contains 1 frames:

Frame: https://cvws.icloud-content.com/B/Af0EuTgWpFmatpizAFV4JbyCGRaWAfRSlrRzELSIKdZnY571fbYBaccN/Chrome_up1732156036129.apk?o=AqmizYalfRfu35XmqKqHpY8BHoTn_7tIVbrU2toKX2p6&v=1&x=3&a=CAogmVM7aE69-Xg4frwc9xGuEqKPcWhKETM-8QdFv2Y86O4SaxD2maTytDIY9vb_87QyIgEAUgSCGRaWWgQBaccNaiXytrCUgu-AX1Yxl4C2BCLtIRTzOCvFvHZdZeJ3oCq2s2SLNwOJciWfZaTWZet7wNA1XMTDo4MCN4VvZQKrWDhnAksqNeoeDkG2iDbP&e=1732188830&fl=&r=9ec11f15-70ca-4b63-bd7d-6d320fd35e67-1&k=M09nF93_LE9B3NNe5Zd-Rw&ckc=com.apple.clouddocs&ckz=com.apple.CloudDocs&p=122&s=myCbWNxTHqFARpZHuE0J01eS9CE
Frame ID: CCD3555DC6CB16E8308295361C9167F2
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://t.co/MQN7PEGZn2 Page URL
  2. http://zmptwh.hvhrg.xyz/?lHZrP HTTP 307
    https://zmptwh.hvhrg.xyz/?lHZrP HTTP 307
    http://zmptwh.hvhrg.xyz/?lHZrP HTTP 301
    https://jwvijnxshs.duckdns.org/?tyhyfzy Page URL

Page Statistics

3
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

3
IPs

3
Countries

2 kB
Transfer

4 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://t.co/MQN7PEGZn2 Page URL
  2. http://zmptwh.hvhrg.xyz/?lHZrP HTTP 307
    https://zmptwh.hvhrg.xyz/?lHZrP HTTP 307
    http://zmptwh.hvhrg.xyz/?lHZrP HTTP 301
    https://jwvijnxshs.duckdns.org/?tyhyfzy Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions
0 data transactions

Method
Protocol		 Status Resource
Path		 Size
x-fer		 Time
Latency		 Type
MIME-Type		 IP
Location
GET
H2 		200
 MQN7PEGZn2 Show response
t.co/ 		284 B
871 B 		283ms
216ms 		Document
text/html		 162.159.140.229
CLOUDFLARENET
General
Check archive.org
Download Go to
Full URL
https://t.co/MQN7PEGZn2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.159.140.229 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare tsa_f /
Resource Hash
2999833a6fc11017c32e3eb100134061a5fbcf38e2628749fc8f0e407d14e205
Security Headers
Name Value
Content-Security-Policy referrer always;
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

cache-control
private,max-age=300
cf-cache-status
DYNAMIC
cf-ray
8e60078abf8bcd40-LHR
content-encoding
gzip
content-security-policy
referrer always;
content-type
text/html; charset=utf-8
date
Thu, 21 Nov 2024 10:34:49 GMT
expires
Thu, 21 Nov 2024 10:39:49 GMT
perf
7402827104
referrer-policy
unsafe-url
server
cloudflare tsa_f
strict-transport-security
max-age=0
vary
Origin
x-connection-hash
02179c2974ea6d732a575bcf9d067b0914ad84bf37272514b999b64e1aa4c9c3
x-response-time
119
x-transaction-id
ea3d162733715d17
x-xss-protection
0
GET
H2 		200
 Primary Request / Show response
jwvijnxshs.duckdns.org/
Redirect Chain
  • http://zmptwh.hvhrg.xyz/?lHZrP
  • https://zmptwh.hvhrg.xyz/?lHZrP
  • http://zmptwh.hvhrg.xyz/?lHZrP
  • https://jwvijnxshs.duckdns.org/?tyhyfzy
4 KB
1 KB 		948ms
257ms 		Document
text/html		 91.204.226.171
KIDC HDTIDC LIMITED
General
Check archive.org
Download Go to
Full URL
https://jwvijnxshs.duckdns.org/?tyhyfzy
Requested by
Host: t.co
URL: https://t.co/MQN7PEGZn2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
91.204.226.171 Seoul, Korea, Republic Of, ASN205960 (KIDC HDTIDC LIMITED, HK),
Reverse DNS
Software
Caddy /
Resource Hash
8b545f0789ecbebb0ff45ba074d8438c61fbf63aa5c3965aec5dc75aa96dad35

Request headers

Referer
https://t.co/MQN7PEGZn2
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000
cache-control
no-store
content-encoding
gzip
content-length
1216
content-type
text/html; charset=utf-8
date
Thu, 21 Nov 2024 10:34:51 GMT
server
Caddy
vary
Accept-Encoding

Redirect headers

Content-Encoding
gzip
Content-Length
98
Content-Type
text/html; charset=utf-8
Date
Thu, 21 Nov 2024 10:34:50 GMT
Location
https://jwvijnxshs.duckdns.org/?tyhyfzy
Server
Caddy
Vary
Accept-Encoding
GET
H/1.1 		200
OK 		Chrome_up1732156036129.apk
cvws.icloud-content.com/B/Af0EuTgWpFmatpizAFV4JbyCGRaWAfRSlrRzELSIKdZnY571fbYBaccN/ 		0
0 		575ms
513ms 		Document
application/octet-stream		 2a01:b740:a41:280::1:5
APPLE-ENGINEERING
General
Check archive.org
Download Go to
Full URL
https://cvws.icloud-content.com/B/Af0EuTgWpFmatpizAFV4JbyCGRaWAfRSlrRzELSIKdZnY571fbYBaccN/Chrome_up1732156036129.apk?o=AqmizYalfRfu35XmqKqHpY8BHoTn_7tIVbrU2toKX2p6&v=1&x=3&a=CAogmVM7aE69-Xg4frwc9xGuEqKPcWhKETM-8QdFv2Y86O4SaxD2maTytDIY9vb_87QyIgEAUgSCGRaWWgQBaccNaiXytrCUgu-AX1Yxl4C2BCLtIRTzOCvFvHZdZeJ3oCq2s2SLNwOJciWfZaTWZet7wNA1XMTDo4MCN4VvZQKrWDhnAksqNeoeDkG2iDbP&e=1732188830&fl=&r=9ec11f15-70ca-4b63-bd7d-6d320fd35e67-1&k=M09nF93_LE9B3NNe5Zd-Rw&ckc=com.apple.clouddocs&ckz=com.apple.CloudDocs&p=122&s=myCbWNxTHqFARpZHuE0J01eS9CE
Requested by
Host: t.co
URL: https://t.co/MQN7PEGZn2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a01:b740:a41:280::1:5 Frankfurt am Main, Germany, ASN714 (APPLE-ENGINEERING, US),
Reverse DNS
Software
AppleHttpServer/d2dcc6a0a5e3 /
Resource Hash

Request headers

Referer
https://jwvijnxshs.duckdns.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Credentials
false
Access-Control-Allow-Headers
Access-Control-Allow-Methods
GET,OPTIONS
Cache-Control
no-transform,private,max-age=2592000,s-maxage=2592000
Connection
keep-alive
Content-Disposition
attachment; filename="Chrome_up1732156036129.apk"
Content-Length
266922
Content-Type
application/octet-stream
Date
Thu, 21 Nov 2024 10:34:54 GMT
Last-Modified
Thu, 21 Nov 2024 10:34:53 GMT
Server
AppleHttpServer/d2dcc6a0a5e3
X-Apple-Request-UUID
9ec11f15-70ca-4b63-bd7d-6d320fd35e67-11732185293726
X-Responding-Instance
contentvendorws:305707202:fr02p04ic-qujn02070902:8402:2429B19:2429B19.0cacf06cc608

Verdicts & Comments Add Verdict or Comment

3 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

object| cvjisudj number| atgdswyan number| hleolialt

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path Expires Name / Value
.t.co/ 1970-01-21
10:39:59 		Name: muc
Value: 959b4768-9734-4ac8-8ba5-5b83376d63de
.t.co/ 1970-01-21
01:09:47 		Name: __cf_bm
Value: 2LqTzcW4LmiI57mLE2Es6sDLLLUPCnW7KrUtgELfFaM-1732185289-1.0.1.1-0oEzMhAI2cHTYnUHF31LlpcN3AqnC57zGEac9WK_8HTs56nMcOsN0a1n4KFsZnQ2hhbJnu.lcSFbc_6XPgUhEw

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source Level URL
Text
security error URL: https://t.co/MQN7PEGZn2
Message:
Unrecognized Content-Security-Policy directive 'referrer'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy referrer always;
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cvws.icloud-content.com
jwvijnxshs.duckdns.org
t.co
zmptwh.hvhrg.xyz
162.159.140.229
2a01:b740:a41:280::1:5
91.204.226.166
91.204.226.171
2999833a6fc11017c32e3eb100134061a5fbcf38e2628749fc8f0e407d14e205
8b545f0789ecbebb0ff45ba074d8438c61fbf63aa5c3965aec5dc75aa96dad35