::ffff:6894:3003 - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 4 domains to perform 2 HTTP transactions. The main IP is ::ffff:6894:3003, located in and belongs to . The main domain is ::ffff:6894:3003.

This is the only time ::ffff:6894:3003 was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	54.144.248.131 54.144.248.131	14618 (AMAZON-AES) (AMAZON-AES)
2 3	::ffff:6894:3003 ::ffff:6894:3003	() ()
1 1	35.190.91.50 35.190.91.50	15169 (GOOGLE) (GOOGLE)
1 1	34.117.93.76 34.117.93.76	15169 (GOOGLE) (GOOGLE)
1	199.255.138.67 199.255.138.67	31863 (DACEN-2) (DACEN-2)
2	2

1 54.144.248.131 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-144-248-131.compute-1.amazonaws.com

groove.groove.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 ::ffff:6894:3003 (None, ) 2 redirects

ASN- ()

::ffff:6894:3003	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.91.50 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 50.91.190.35.bc.googleusercontent.com

www.pq8trk-2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.93.76 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 76.93.117.34.bc.googleusercontent.com

www.wsclk-4.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.255.138.67 (Lenoir, United States)

ASN31863 (DACEN-2, US)
PTR: precedin-reacti.hugetender.com

www.kresnom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	kresnom.com www.kresnom.com
1	wsclk-4.com 1 redirects www.wsclk-4.com	419 B
1	pq8trk-2.com 1 redirects www.pq8trk-2.com	414 B
1	groove.co 1 redirects groove.groove.co	951 B
2	4

	Domain	Requested by
1	www.kresnom.com	::ffff:6894:3003
1	www.wsclk-4.com	1 redirects
1	www.pq8trk-2.com	1 redirects
1	groove.groove.co	1 redirects
2	4

This site contains no links.

Subject Issuer	Validity	Valid
kresnom.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-13` - `2022-06-24`	a year	crt.sh

This page contains 1 frames:

Frame: https://www.kresnom.com/62NCRRB/R7QS6JW/?sub1=4029f73938a0464bb83f935c5a767eab&sub2=670135&sub3=35_281427_2589830&sub4=2355_5678472_3168178_38&sub5=443647588
Frame ID: FC25B7CFFC7A5C05D9220791E84609D8
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://groove.groove.co/url/DidUuBF7w6VoREcncs6QtU8u-p4/aHR0cDovL1s6OmZmZmY6Njg5NDozMDAzXS9hbmNob3I= HTTP 302
http://[::ffff:6894:3003]/anchor HTTP 301
http://[::ffff:6894:3003]/anchor/ Page URL

Page Statistics

2
Requests

50 %
HTTPS

20 %
IPv6

4
Domains

4
Subdomains

2
IPs

2
Countries

1 kB
Transfer

1 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://groove.groove.co/url/DidUuBF7w6VoREcncs6QtU8u-p4/aHR0cDovL1s6OmZmZmY6Njg5NDozMDAzXS9hbmNob3I= HTTP 302
http://[::ffff:6894:3003]/anchor HTTP 301
http://[::ffff:6894:3003]/anchor/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://[::ffff:6894:3003]/Y00NTP?4Rqk8p8plsjZ5Z5XGxXz0TfFyRcz1Zf0CFKXqxhzpRzDpSbNxS~nQw9N97VrkHCNxKbC3qSNNSW8DJQyfJF7l2bYx51qGYHWtsFGV~cbbbclGnRzccMzczcx0M1cGcStcKc16F5fbgfcbbb4V HTTP 302
https://www.pq8trk-2.com/2CRJWCWGZ/3SBWGJF/?sub1=35_281427_2589830&sub2=2355_5678472_3168178_38&sub3=443647588&sub5=1fkyw8k HTTP 302
https://www.wsclk-4.com/cmp/Q92F33H8/77G3B/?__rpt=0&__po=1600&__ptid=ad112e8d0afe49cb9aa8f10dab916846&__rpa=0&__rc=1&sub1=35_281427_2589830&sub2=2355_5678472_3168178_38&sub3=443647588&sub4=&sub5=1fkyw8k&source_id=&__pcd=9 HTTP 302
https://www.kresnom.com/62NCRRB/R7QS6JW/?sub1=4029f73938a0464bb83f935c5a767eab&sub2=670135&sub3=35_281427_2589830&sub4=2355_5678472_3168178_38&sub5=443647588

2 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response [::ffff:6894:3003]/anchor/ Redirect Chain http://groove.groove.co/url/DidUuBF7w6VoREcncs6QtU8u-p4/aHR0cDovL1s6OmZmZmY6Njg5NDozMDAzXS9hbmNob3I= http://[::ffff:6894:3003]/anchor http://[::ffff:6894:3003]/anchor/	614 B 861 B	239ms 233ms	Document text/html	::ffff:6894:3003
General Check archive.org Show headers Download Go to Full URL http://[::ffff:6894:3003]/anchor/ Protocol HTTP/1.1 Server ::ffff:6894:3003 -, , ASN (), Reverse DNS Software Apache / Resource Hash `179480435f74026d8235d5038cf816c93f9655301a4667ec517347e569d45e6b` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Date Sun, 26 Dec 2021 08:35:12 GMT Server Apache Last-Modified Mon, 04 Oct 2021 10:30:54 GMT ETag "266-5cd84686ddc6f" Accept-Ranges bytes Content-Length 614 Connection close Content-Type text/html; charset=UTF-8 Redirect headers Date Sun, 26 Dec 2021 08:35:11 GMT Server Apache Location http://[::ffff:6894:3003]/anchor/ Content-Length 241 Connection close Content-Type text/html; charset=iso-8859-1
GET H/1.1	204 No Content	/ www.kresnom.com/62NCRRB/R7QS6JW/ Redirect Chain http://[::ffff:6894:3003]/Y00NTP?4Rqk8p8plsjZ5Z5XGxXz0TfFyRcz1Zf0CFKXqxhzpRzDpSbNxS~nQw9N97VrkHCNxKbC3qSNNSW8DJQyfJF7l2bYx51qGYHWtsFGV~cbbbclGnRzccMzczcx0M1cGcStcKc16F5fbgfcbbb4V https://www.pq8trk-2.com/2CRJWCWGZ/3SBWGJF/?sub1=35_281427_2589830&sub2=2355_5678472_3168178_38&sub3=443647588&sub5=1fkyw8k https://www.wsclk-4.com/cmp/Q92F33H8/77G3B/?__rpt=0&__po=1600&__ptid=ad112e8d0afe49cb9aa8f10dab916846&__rpa=0&__rc=1&sub1=35_281427_2589830&sub2=2355_5678472_3168178_38&sub3=443647588&sub4=&sub5=1f... https://www.kresnom.com/62NCRRB/R7QS6JW/?sub1=4029f73938a0464bb83f935c5a767eab&sub2=670135&sub3=35_281427_2589830&sub4=2355_5678472_3168178_38&sub5=443647588	0 0	867ms 176ms	Document text/plain	199.255.138.67 DACEN-2
General Check archive.org Show headers Download Go to Full URL https://www.kresnom.com/62NCRRB/R7QS6JW/?sub1=4029f73938a0464bb83f935c5a767eab&sub2=670135&sub3=35_281427_2589830&sub4=2355_5678472_3168178_38&sub5=443647588 Requested by Host: ::ffff:6894:3003 URL: http://[::ffff:6894:3003]/anchor/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 199.255.138.67 Lenoir, United States, ASN31863 (DACEN-2, US), Reverse DNS precedin-reacti.hugetender.com Software nginx / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer http://[::ffff:6894:3003]/anchor/#Y00NTP?4Rqk8p8plsjZ5Z5XGxXz0TfFyRcz1Zf0CFKXqxhzpRzDpSbNxS~nQw9N97VrkHCNxKbC3qSNNSW8DJQyfJF7l2bYx51qGYHWtsFGV~cbbbclGnRzccMzczcx0M1cGcStcKc16F5fbgfcbbb4V Response headers Server nginx Date Sun, 26 Dec 2021 08:35:14 GMT Vary Origin X-Eflow-Request-Id 850c8653-c72c-4b90-899e-0ed46c2caccf Redirect headers server nginx date Sun, 26 Dec 2021 08:35:13 GMT content-type text/html; charset=utf-8 content-length 196 location https://www.kresnom.com/62NCRRB/R7QS6JW/?sub1=4029f73938a0464bb83f935c5a767eab&sub2=670135&sub3=35_281427_2589830&sub4=2355_5678472_3168178_38&sub5=443647588 vary Origin x-eflow-request-id 6bf077dc-114e-4cfd-baa9-fb86c4f20f06 via 1.1 google alt-svc clear

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| getHash string| hashCode string| dom string| url

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.pq8trk-2.com/	1970-01-20 01:51:23	Name: uniqueClick_3SBWGJF Value: 73db5f90-d66a-473b-88e7-31371dc1e393:1640507713
www.wsclk-4.com/	1970-01-20 01:51:23	Name: uniqueClick_77G3B Value: 1b46c423-7545-47c5-8b9b-274b0d2f7726:1640507713
www.wsclk-4.com/	1970-01-20 01:51:23	Name: transaction_id Value: 4029f73938a0464bb83f935c5a767eab

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

groove.groove.co
www.kresnom.com
www.pq8trk-2.com
www.wsclk-4.com
199.255.138.67
34.117.93.76
35.190.91.50
54.144.248.131
::ffff:6894:3003
179480435f74026d8235d5038cf816c93f9655301a4667ec517347e569d45e6b

::ffff:6894:3003 Open in urlscan Pro ::ffff:6894:3003 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

2 Requests

50 %HTTPS

20 %IPv6

4 Domains

4 Subdomains

2 IPs

2 Countries

1 kBTransfer

1 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

3 Cookies

Indicators

::ffff:6894:3003 Open in urlscan Pro
::ffff:6894:3003 Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

50 %
HTTPS

20 %
IPv6

4
Domains

4
Subdomains

2
IPs

2
Countries

1 kB
Transfer

1 kB
Size

3
Cookies

2 HTTP transactions
0 data transactions