d1yla3e7fuq29s.cloudfront.net

Summary

This website contacted 2 IPs in 1 countries across 3 domains to perform 6 HTTP transactions. The main IP is 2600:9000:26dd:fa00:14:9fbe:0:21, located in United States and belongs to AMAZON-02, US. The main domain is d1yla3e7fuq29s.cloudfront.net.
TLS certificate: Issued by Amazon RSA 2048 M01 on October 10th 2023. Valid for: a year.

This is the only time d1yla3e7fuq29s.cloudfront.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	172.67.163.243 172.67.163.243	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	2606:4700:303... 2606:4700:3032::6815:208b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2600:9000:26d... 2600:9000:26dd:fa00:14:9fbe:0:21	16509 (AMAZON-02) (AMAZON-02)
6	2

1 172.67.163.243 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

waa.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3032::6815:208b (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

tz5li1id.clmon.click	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:26dd:fa00:14:9fbe:0:21 (United States)

ASN16509 (AMAZON-02, US)

d1yla3e7fuq29s.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	cloudfront.net d1yla3e7fuq29s.cloudfront.net	89 KB
2	clmon.click 2 redirects tz5li1id.clmon.click	888 B
1	waa.ai 1 redirects waa.ai	484 B
6	3

	Domain	Requested by
5	d1yla3e7fuq29s.cloudfront.net	d1yla3e7fuq29s.cloudfront.net
2	tz5li1id.clmon.click	2 redirects
1	waa.ai	1 redirects
6	3

This site contains no links.

Subject Issuer	Validity	Valid
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://d1yla3e7fuq29s.cloudfront.net/?ch9WIUCLd=z9bN77ufm&gyIaoyY=50&t2oE=BhhgKWpJ8&hqktsw4EKm=XAtxv4fEV7&OYyU5ga=U5
Frame ID: CD8FED9489FDFED3ABA221076686EC6E
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://waa.ai/czfY?_=%20wumib HTTP 307
https://waa.ai/czfY?_=%20wumib HTTP 302
http://tz5li1id.clmon.click/J8qSqUugy HTTP 307
https://tz5li1id.clmon.click/J8qSqUugy HTTP 302
https://d1yla3e7fuq29s.cloudfront.net/SqUug HTTP 307
http://tz5li1id.clmon.click/J8qSqUugy HTTP 307
https://tz5li1id.clmon.click/J8qSqUugy HTTP 302
https://d1yla3e7fuq29s.cloudfront.net/SqUug Page URL
https://d1yla3e7fuq29s.cloudfront.net/?ch9WIUCLd=z9bN77ufm&gyIaoyY=50&t2oE=BhhgKWpJ8&hqktsw4EKm=XAtxv4fEV7&OYyU5ga=U5 Page URL

Page Statistics

6
Requests

83 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

89 kB
Transfer

206 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://waa.ai/czfY?_=%20wumib HTTP 307
https://waa.ai/czfY?_=%20wumib HTTP 302
http://tz5li1id.clmon.click/J8qSqUugy HTTP 307
https://tz5li1id.clmon.click/J8qSqUugy HTTP 302
https://d1yla3e7fuq29s.cloudfront.net/SqUug HTTP 307
http://tz5li1id.clmon.click/J8qSqUugy HTTP 307
https://tz5li1id.clmon.click/J8qSqUugy HTTP 302
https://d1yla3e7fuq29s.cloudfront.net/SqUug Page URL
https://d1yla3e7fuq29s.cloudfront.net/?ch9WIUCLd=z9bN77ufm&gyIaoyY=50&t2oE=BhhgKWpJ8&hqktsw4EKm=XAtxv4fEV7&OYyU5ga=U5 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://waa.ai/czfY?_=%20wumib HTTP 307
https://waa.ai/czfY?_=%20wumib HTTP 302
http://tz5li1id.clmon.click/J8qSqUugy HTTP 307
https://tz5li1id.clmon.click/J8qSqUugy HTTP 302
https://d1yla3e7fuq29s.cloudfront.net/SqUug HTTP 307
http://tz5li1id.clmon.click/J8qSqUugy HTTP 307
https://tz5li1id.clmon.click/J8qSqUugy HTTP 302
https://d1yla3e7fuq29s.cloudfront.net/SqUug

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	404	SqUug Show response d1yla3e7fuq29s.cloudfront.net/ Redirect Chain http://waa.ai/czfY?_=%20wumib https://waa.ai/czfY?_=%20wumib http://tz5li1id.clmon.click/J8qSqUugy https://tz5li1id.clmon.click/J8qSqUugy https://d1yla3e7fuq29s.cloudfront.net/SqUug http://tz5li1id.clmon.click/J8qSqUugy https://tz5li1id.clmon.click/J8qSqUugy https://d1yla3e7fuq29s.cloudfront.net/SqUug	2 KB 1 KB	505ms 505ms	Document text/html	2600:9000:26dd:fa00:14:9fbe:0:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d1yla3e7fuq29s.cloudfront.net/SqUug Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:26dd:fa00:14:9fbe:0:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Apache/2.4.38 (Debian) / Resource Hash `e577d3361623ad8531f04bce00cc976811fb5d53db4b50161751dba1aefbbe6b` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers access-control-allow-origin * content-encoding gzip content-type text/html; charset=GBK date Wed, 24 Jul 2024 13:14:35 GMT server Apache/2.4.38 (Debian) vary Accept-Encoding via 1.1 2d6460135a39e6ca82c7d39b6b2befc2.cloudfront.net (CloudFront) x-amz-cf-id X3RltCZGxRvXnKvw8uc9srjpGLA8jglWBLGig7IJXymx4OeLxDJMeQ== x-amz-cf-pop BOS50-P3 x-cache Error from cloudfront Redirect headers alt-svc h3=":443"; ma=86400 cf-cache-status BYPASS cf-ray 8a842c8ddfba7486-MIA content-type text/html; charset=utf-8 cross-origin-opener-policy same-origin date Wed, 24 Jul 2024 13:14:34 GMT location https://d1yla3e7fuq29s.cloudfront.net/SqUug nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} referrer-policy same-origin report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2gKqKzUqhfrOFS2p0miqueQHGu%2FiFf7YJtbJEeVv996ScH%2B7hhyPt5CP6m59Q5sjKLNA%2Bb8tGDXVmPMIQg2fMqOH8w7BIkIGaWTFAYFJ8CMpY9I%2B2bcOm5XJFSBH5vXapNJHg1CyyepBVRyvSq1Chmef4Q%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary origin, Accept-Encoding x-content-type-options nosniff x-frame-options DENY
GET H2	200	1gBWBlA5I0U.js Show response d1yla3e7fuq29s.cloudfront.net/images/_uywb/	63 KB 31 KB	886ms 886ms	Script text/javascript	2600:9000:26dd:fa00:14:9fbe:0:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d1yla3e7fuq29s.cloudfront.net/images/_uywb/1gBWBlA5I0U.js Requested by Host: d1yla3e7fuq29s.cloudfront.net URL: https://d1yla3e7fuq29s.cloudfront.net/SqUug Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:26dd:fa00:14:9fbe:0:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Apache/2.4.38 (Debian) / Resource Hash `f7bbb80fae1544bff568346ee52f8bac2f5d648b7608ef1aa523d767b34e68ef` Request headers Referer https://d1yla3e7fuq29s.cloudfront.net/SqUug User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Wed, 24 Jul 2024 13:14:36 GMT content-encoding gzip via 1.1 2d6460135a39e6ca82c7d39b6b2befc2.cloudfront.net (CloudFront) last-modified Mon, 22 Jul 2024 08:51:37 GMT server Apache/2.4.38 (Debian) x-amz-cf-pop BOS50-P3 vary Accept-Encoding x-cache Miss from cloudfront content-type text/javascript;charset=UTF-8 cache-control public, max-age=31536000 x-amz-cf-id j-tKsk0w3G0n0G-WfzPClg6sEGLZy7n4NJ8AJkMYoVs83hSnRPt7Yw== expires Thu, 24 Jul 2025 13:14:36 GMT
GET H2	404	favicon.ico d1yla3e7fuq29s.cloudfront.net/	0 281 B	720ms 719ms	Other text/html	2600:9000:26dd:fa00:14:9fbe:0:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d1yla3e7fuq29s.cloudfront.net/favicon.ico Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:26dd:fa00:14:9fbe:0:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Apache/2.4.38 (Debian) / PHP/7.6.7 Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://d1yla3e7fuq29s.cloudfront.net/SqUug User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Wed, 24 Jul 2024 13:14:37 GMT via 1.1 2d6460135a39e6ca82c7d39b6b2befc2.cloudfront.net (CloudFront) server Apache/2.4.38 (Debian) x-amz-cf-pop BOS50-P3 x-powered-by PHP/7.6.7 x-cache Error from cloudfront content-type text/html; charset=UTF-8 access-control-allow-origin * content-length 0 x-amz-cf-id smUHlgjalgnr5_I6Gamd--Z_rXlBQXpnlRqasR6sXcs54O3auMlvOg==
GET H2	200	Primary Request / Show response d1yla3e7fuq29s.cloudfront.net/	79 KB 56 KB	2040ms 2039ms	Document text/html	2600:9000:26dd:fa00:14:9fbe:0:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d1yla3e7fuq29s.cloudfront.net/?ch9WIUCLd=z9bN77ufm&gyIaoyY=50&t2oE=BhhgKWpJ8&hqktsw4EKm=XAtxv4fEV7&OYyU5ga=U5 Requested by Host: d1yla3e7fuq29s.cloudfront.net URL: https://d1yla3e7fuq29s.cloudfront.net/SqUug Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:26dd:fa00:14:9fbe:0:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Apache/2.4.38 (Debian) / Resource Hash `471ade04da886acc15ed52525142e5d6b6e6bafd0c8bd7039faae57ba934cb31` Request headers Referer https://d1yla3e7fuq29s.cloudfront.net/SqUug Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers cache-control private, max-age=900 content-encoding gzip content-type text/html; charset=UTF-8 date Wed, 24 Jul 2024 13:14:38 GMT edge-control no-store, bypass-cache server Apache/2.4.38 (Debian) vary Accept-Encoding via 1.1 2d6460135a39e6ca82c7d39b6b2befc2.cloudfront.net (CloudFront) x-amz-cf-id p_2ZUBdBmZlQKw2PPOEMh5Z_tbrRDsAXSooRQ2DLqN-4YPDDZezeAw== x-amz-cf-pop BOS50-P3 x-cache Miss from cloudfront
GET H2	200	1gBWBlA5I0U.js Show response d1yla3e7fuq29s.cloudfront.net/images/_uywb/	63 KB 0	0ms 0ms	Script text/javascript	2600:9000:26dd:fa00:14:9fbe:0:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d1yla3e7fuq29s.cloudfront.net/images/_uywb/1gBWBlA5I0U.js Requested by Host: d1yla3e7fuq29s.cloudfront.net URL: https://d1yla3e7fuq29s.cloudfront.net/?ch9WIUCLd=z9bN77ufm&gyIaoyY=50&t2oE=BhhgKWpJ8&hqktsw4EKm=XAtxv4fEV7&OYyU5ga=U5 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:26dd:fa00:14:9fbe:0:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Apache/2.4.38 (Debian) / Resource Hash `f7bbb80fae1544bff568346ee52f8bac2f5d648b7608ef1aa523d767b34e68ef` Request headers Referer https://d1yla3e7fuq29s.cloudfront.net/?ch9WIUCLd=z9bN77ufm&gyIaoyY=50&t2oE=BhhgKWpJ8&hqktsw4EKm=XAtxv4fEV7&OYyU5ga=U5 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Wed, 24 Jul 2024 13:14:36 GMT content-encoding gzip via 1.1 2d6460135a39e6ca82c7d39b6b2befc2.cloudfront.net (CloudFront) last-modified Mon, 22 Jul 2024 08:51:37 GMT server Apache/2.4.38 (Debian) x-amz-cf-pop BOS50-P3 vary Accept-Encoding x-cache Miss from cloudfront content-type text/javascript;charset=UTF-8 cache-control public, max-age=31536000 x-amz-cf-id j-tKsk0w3G0n0G-WfzPClg6sEGLZy7n4NJ8AJkMYoVs83hSnRPt7Yw== expires Thu, 24 Jul 2025 13:14:36 GMT
GET		blank.gif d1yla3e7fuq29s.cloudfront.net/images/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: d1yla3e7fuq29s.cloudfront.net
URL: https://d1yla3e7fuq29s.cloudfront.net/images/blank.gif

Verdicts & Comments Add Verdict or Comment

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			d1yla3e7fuq29s.cloudfront.net/	1969-12-31 23:59:59	Name: sessid Value: 1

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://d1yla3e7fuq29s.cloudfront.net/SqUug Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://d1yla3e7fuq29s.cloudfront.net/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

d1yla3e7fuq29s.cloudfront.net
tz5li1id.clmon.click
waa.ai
d1yla3e7fuq29s.cloudfront.net
172.67.163.243
2600:9000:26dd:fa00:14:9fbe:0:21
2606:4700:3032::6815:208b
471ade04da886acc15ed52525142e5d6b6e6bafd0c8bd7039faae57ba934cb31
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e577d3361623ad8531f04bce00cc976811fb5d53db4b50161751dba1aefbbe6b
f7bbb80fae1544bff568346ee52f8bac2f5d648b7608ef1aa523d767b34e68ef

d1yla3e7fuq29s.cloudfront.net Open in urlscan Pro 2600:9000:26dd:fa00:14:9fbe:0:21 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

6 Requests

83 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

2 IPs

1 Countries

89 kBTransfer

206 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

32 JavaScript Global Variables

1 Cookies

2 Console Messages

Indicators

d1yla3e7fuq29s.cloudfront.net Open in urlscan Pro
2600:9000:26dd:fa00:14:9fbe:0:21 Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

83 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

89 kB
Transfer

206 kB
Size

1
Cookies

6 HTTP transactions
0 data transactions