swu.handyticket.link Open in urlscan Pro
35.157.98.170 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://swu.handyticket.link/
Submission: On October 29 via automatic, source certstream-suspicious (October 29th 2024, 12:34:55 am UTC) — Scanned from DE

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 1 countries across 4 domains to perform 10 HTTP transactions. The main IP is 35.157.98.170, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is swu.handyticket.link.
TLS certificate: Issued by Amazon RSA 2048 M02 on November 29th 2023. Valid for: a year.

This is the only time swu.handyticket.link was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
6	35.157.98.170 35.157.98.170	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
1	3.124.27.70 3.124.27.70	16509 (AMAZON-02) (AMAZON-02)
10	4

6 35.157.98.170 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-98-170.eu-central-1.compute.amazonaws.com

swu.handyticket.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.124.27.70 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-27-70.eu-central-1.compute.amazonaws.com

admin-api.beta.ump.world	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	handyticket.link swu.handyticket.link	2 MB
2	gstatic.com fonts.gstatic.com	36 KB
1	ump.world admin-api.beta.ump.world	599 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 30	1 KB
10	4

	Domain	Requested by
6	swu.handyticket.link	swu.handyticket.link
2	fonts.gstatic.com	fonts.googleapis.com
1	admin-api.beta.ump.world	swu.handyticket.link
1	fonts.googleapis.com	swu.handyticket.link
10	4

This site contains no links.

Subject Issuer	Validity	Valid
swu.handyticket.link Amazon RSA 2048 M02	`2023-11-29` - `2024-12-27`	a year	crt.sh
upload.video.google.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.gstatic.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
ump.world Amazon RSA 2048 M03	`2023-12-22` - `2025-01-20`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://swu.handyticket.link/
Frame ID: 9D9A7657A8BEEC3EF7636A8DD518D62F
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login | URpass

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

10
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

1
Countries

2286 kB
Transfer

15985 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
swu.handyticket.link/ 854 B
1018 B 117ms
11ms Document
text/html 35.157.98.170
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://swu.handyticket.link/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.98.170 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-98-170.eu-central-1.compute.amazonaws.com
Software: / Express
Resource Hash: 0dbfe8603e26c0e0d131f7f6d04c5d3d49affd927bb2ea1b7c0276ac00d4e422

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
content-length: 854
content-type: text/html; charset=UTF-8
date: Tue, 29 Oct 2024 00:34:50 GMT
etag: W/"356-q05ytLe1wLMIgVPh20P4awlYoc4"
vary: Accept-Encoding
x-powered-by: Express

GET
H2 200 css
fonts.googleapis.com/ 13 KB
1 KB 39ms
18ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto+Mono|Roboto+Slab|Roboto:300,400,500,700

Requested by

Host: swu.handyticket.link
URL: https://swu.handyticket.link/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fa541b20484682d86d38face139824921f72726b9d105f0e4ec2c56cab8f73be

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://swu.handyticket.link/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 00:34:50 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 29 Oct 2024 00:34:50 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Tue, 29 Oct 2024 00:28:13 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 bundle.js Show response
swu.handyticket.link/static/js/ 35 KB
7 KB 34ms
34ms Script
application/javascript 35.157.98.170
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://swu.handyticket.link/static/js/bundle.js
Requested by: Host: swu.handyticket.link
URL: https://swu.handyticket.link/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.98.170 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-98-170.eu-central-1.compute.amazonaws.com
Software: / Express
Resource Hash: 313cba1c0f9a5fb0d126ba2632dff50d412acc5b634bab9516aaf9c1c4aec5be

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://swu.handyticket.link/

Response headers

accept-ranges: bytes
content-encoding: gzip
date: Tue, 29 Oct 2024 00:34:50 GMT
etag: W/"8c46-lwl9vBC6roTs8V8ARfhbKRBc70Y"
content-type: application/javascript; charset=UTF-8
x-powered-by: Express
vary: Accept-Encoding

GET
H2 200 vendors~main.chunk.js Show response
swu.handyticket.link/static/js/ 11 MB
2 MB 35ms
35ms Script
application/javascript 35.157.98.170
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://swu.handyticket.link/static/js/vendors~main.chunk.js
Requested by: Host: swu.handyticket.link
URL: https://swu.handyticket.link/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.98.170 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-98-170.eu-central-1.compute.amazonaws.com
Software: / Express
Resource Hash: c25aa0efe4e19d1e306b63cdaf3368b3e59f882925a7780e06355f063e2a5dae

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://swu.handyticket.link/

Response headers

accept-ranges: bytes
content-encoding: gzip
date: Tue, 29 Oct 2024 00:34:50 GMT
etag: W/"b1ca52-VqHME+Z4Jthrns+Ls37WAlyKd/Q"
content-type: application/javascript; charset=UTF-8
x-powered-by: Express
vary: Accept-Encoding

GET
H2 200 main.chunk.js Show response
swu.handyticket.link/static/js/ 4 MB
305 KB 34ms
33ms Script
application/javascript 35.157.98.170
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://swu.handyticket.link/static/js/main.chunk.js
Requested by: Host: swu.handyticket.link
URL: https://swu.handyticket.link/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.98.170 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-98-170.eu-central-1.compute.amazonaws.com
Software: / Express
Resource Hash: 313dfee17d603ca63a6f5e8db4da36cb6ee5ab27885c912a29be5f80f0a17edf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://swu.handyticket.link/

Response headers

accept-ranges: bytes
content-encoding: gzip
date: Tue, 29 Oct 2024 00:34:50 GMT
etag: W/"461d60-hBLY76aTEiu0nk1grTgy+VECWPM"
content-type: application/javascript; charset=UTF-8
x-powered-by: Express
vary: Accept-Encoding

GET
H2 200 welcome.svg
swu.handyticket.link/static/ 29 KB
11 KB 12ms
11ms Image
image/svg+xml 35.157.98.170
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://swu.handyticket.link/static/welcome.svg
Requested by: Host: swu.handyticket.link
URL: https://swu.handyticket.link/welcome
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.98.170 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-98-170.eu-central-1.compute.amazonaws.com
Software: / Express
Resource Hash: e28fa7e22e1981bac8b4be6344b21fdd8d4a2eaeaddbfc79d4dc43fc91434772

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://swu.handyticket.link/welcome

Response headers

cache-control: public, max-age=0
content-encoding: gzip
etag: W/"73ff-18c1c3ac8c0"
accept-ranges: bytes
date: Tue, 29 Oct 2024 00:34:51 GMT
content-type: image/svg+xml
x-powered-by: Express
vary: Accept-Encoding
last-modified: Wed, 29 Nov 2023 17:57:43 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v32/ 18 KB
18 KB 23ms
6ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Mono|Roboto+Slab|Roboto:300,400,500,700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://swu.handyticket.link
Referer: https://fonts.googleapis.com/

Response headers

age: 547507
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 22 Oct 2025 16:29:44 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 22 Oct 2024 16:29:44 GMT
last-modified: Thu, 01 Aug 2024 20:41:24 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18536
x-xss-protection: 0
server: sffe

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v32/ 18 KB
18 KB 26ms
9ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Mono|Roboto+Slab|Roboto:300,400,500,700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://swu.handyticket.link
Referer: https://fonts.googleapis.com/

Response headers

age: 8550
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Tue, 28 Oct 2025 22:12:21 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 28 Oct 2024 22:12:21 GMT
last-modified: Thu, 01 Aug 2024 20:41:24 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18588
x-xss-protection: 0
server: sffe

GET
H2 200 names Show response
admin-api.beta.ump.world/api/v1/tenants/ 292 B
599 B 62ms
22ms XHR
application/json 3.124.27.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://admin-api.beta.ump.world/api/v1/tenants/names?page=0&size=1000&sort_by=NAME&direction=ASC

Requested by

Host: swu.handyticket.link
URL: https://swu.handyticket.link/static/js/vendors~main.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.124.27.70 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-124-27-70.eu-central-1.compute.amazonaws.com

Software

Resource Hash

615315493d9c8594369a01990058cdee5284db61009bbfc3040ceb3c5e0baec5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://swu.handyticket.link/

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
pragma: no-cache
x-content-type-options: nosniff
expires: 0
access-control-allow-origin: https://swu.handyticket.link
date: Tue, 29 Oct 2024 00:34:51 GMT
x-xss-protection: 1; mode=block
content-type: application/json
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
x-frame-options: DENY

GET
H2 200 favicon.ico
swu.handyticket.link/ 4 KB
1 KB 9ms
9ms Other
image/x-icon 35.157.98.170
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://swu.handyticket.link/favicon.ico
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.98.170 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-98-170.eu-central-1.compute.amazonaws.com
Software: / Express
Resource Hash: f6a68a5e875b505fffb1f78d5358adab3c59493d4e3f4395a620824c7fe9c48b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://swu.handyticket.link/welcome

Response headers

cache-control: public, max-age=0
content-encoding: gzip
etag: W/"10be-18c1c3ac8bc"
accept-ranges: bytes
date: Tue, 29 Oct 2024 00:34:51 GMT
content-type: image/x-icon
x-powered-by: Express
vary: Accept-Encoding
last-modified: Wed, 29 Nov 2023 17:57:43 GMT

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

admin-api.beta.ump.world
fonts.googleapis.com
fonts.gstatic.com
swu.handyticket.link
2a00:1450:4001:803::2003
2a00:1450:4001:831::200a
3.124.27.70
35.157.98.170
0dbfe8603e26c0e0d131f7f6d04c5d3d49affd927bb2ea1b7c0276ac00d4e422
313cba1c0f9a5fb0d126ba2632dff50d412acc5b634bab9516aaf9c1c4aec5be
313dfee17d603ca63a6f5e8db4da36cb6ee5ab27885c912a29be5f80f0a17edf
615315493d9c8594369a01990058cdee5284db61009bbfc3040ceb3c5e0baec5
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6
c25aa0efe4e19d1e306b63cdaf3368b3e59f882925a7780e06355f063e2a5dae
e28fa7e22e1981bac8b4be6344b21fdd8d4a2eaeaddbfc79d4dc43fc91434772
f6a68a5e875b505fffb1f78d5358adab3c59493d4e3f4395a620824c7fe9c48b
fa541b20484682d86d38face139824921f72726b9d105f0e4ec2c56cab8f73be

swu.handyticket.link Open in urlscan Pro 35.157.98.170 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

4 IPs

1 Countries

2286 kBTransfer

15985 kBSize

0 Cookies

0 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

0 Cookies

Indicators

swu.handyticket.link Open in urlscan Pro
35.157.98.170 Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

1
Countries

2286 kB
Transfer

15985 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions