Report Overview
Visitedpublic
2026-02-28 17:32:41
Tags
Submit Tags
URL
klopk.com
Finishing URL
www.klook.com/?aid=45505&aff_adid=768219&aff_pid=&aff_sid=&utm_medium=affiliate-alwayson&utm_source=non-network&utm_campaign=45505&utm_term=&utm_content=&aff_klick_id=123557542836-45505-768219-d61d2e7
IP / ASN
162.255.119.253
Title
klook.com
Detections
urlquery
0
Network Intrusion Detection
6
Threat Detection Systems
3
Host Summary
| Host | Rank | Registered | First Seen | Last Seen | Sent | Received | IP | Fingerprints |
|---|---|---|---|---|---|---|---|---|
affiliate.klook.com | 549353 | 2005-11-15 | 2016-05-17 | 2026-02-26 | 552 B | 1.7 kB |  104.18.31.170 |  |
ct.captcha-delivery.com | 125224 | 2019-12-23 | 2020-02-05 | 2026-02-26 | 414 B | 16 kB | 18.65.39.35 |    |
geo.captcha-delivery.com 2 alert(s) on this Host | 76095 | 2019-12-23 | 2020-03-18 | 2026-02-26 | 2.9 kB | 912 kB |  13.50.6.43 | |
static.captcha-delivery.com | 167473 | 2019-12-23 | 2020-05-12 | 2026-02-26 | 3.2 kB | 46 kB | 52.84.50.64 | |
klopk.com 8 alert(s) on this Host | unknown | unknown | No data | No data | 872 B | 1.1 kB | 0.0.0.0 |  |
www.klook.com | 12347 | 2005-11-15 | 2017-02-06 | 2026-02-23 | 1.7 kB | 3.5 kB | 104.18.31.170 |  |
href.li 1 alert(s) on this Host | 30988 | unknown | 2012-05-22 | 2026-02-26 | 569 B | 1.1 kB | 192.0.78.26 | |
Cloudflare (CDN)
Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.Amazon S3 (CDN)
Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.Amazon Web Services (PaaS)
Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.Amazon CloudFront (CDN)
Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.Nginx (Web servers, Reverse proxies)
Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.DataDome (Security)
DataDome is a cybersecurity platform that specialises in bot protection and mitigation, offering advanced solutions to safeguard websites and mobile applications against malicious bot traffic, credential stuffing, scraping, and other automated threats.Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
| Timestamp | Severity | Source IP | Destination IP | Alert |
|---|---|---|---|---|
| low | Client IP | 192.0.78.26 | ETPRO INFO Referer Obfuscation/Hiding Service Domain (href .li in TLS SNI) | |
| low | Client IP | 192.0.78.26 | ETPRO INFO Referer Obfuscation/Hiding Service Domain (href .li in TLS SNI) | |
| high | 162.255.119.253 | Client IP | ETPRO HUNTING Suspicious Redirect Attempting to Hide Referer | |
| low | 162.255.119.253 | Client IP | ET INFO Namecheap URL Forward | |
| high | 162.255.119.253 | Client IP | ETPRO HUNTING Suspicious Redirect Attempting to Hide Referer | |
| low | 162.255.119.253 | Client IP | ET INFO Namecheap URL Forward |
Threat Detection Systems
| Detection System | Indicator | Verdict | Alert |
|---|---|---|---|
| Nextron YARA rules | geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMA-4lyY9JfI-EAW1oqmg==&cid=gzP0aOewHtQ6xL4Rl91oBqkmECDT6a0qXZ2Mc0_zBNFiF4Xlxb8o8pqDuKYQIJzwZmhoMP3G2JEsACdDNiv3QLONcg0~Z7i1CnLyWd7gTufAK5y6vi_F6PUPaJAGccp7&referer=https%3A%2F%2Fwww.klook.com%2F%3Faid%3D45505%26aff_adid%3D768219%26aff_pid%3D%26aff_sid%3D%26utm_medium%3Daffiliate-alwayson%26utm_source%3Dnon-network%26utm_campaign%3D45505%26utm_term%3D%26utm_content%3D%26aff_klick_id%3D123557542836-45505-768219-d61d2e7&hash=1A2CDFCDF412CD9D3C93BB2E078906&t=fe&s=37675&e=c8e4912710dc044bdd276b84482c556ba8ae28f0162cbe0bd34443a656c8bfcf3e459341ac53e123be694bdfd6aaa643&ir=20&dm=dc_ir&b=1731402 | malware | Code and strings of plugins from the Tetris framework loaded by Swid |
| Nextron YARA rules | geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMA-4lyY9JfI-EAW1oqmg%3D%3D&hash=1A2CDFCDF412CD9D3C93BB2E078906&cid=f59b~UeyTjzTMcPXimGlZictdRNs9~8o1~XZPWbB3WZ_kzhwu1KomTeIJzv01H61brWcwgXXGgGO19izBfRyhA_PegY~WLt9CAt7HKlm_1moak9nPWiptrK_K7S9J4NA&referer=https%3A%2F%2Fwww.klook.com%2F%3Faid%3D45505%26aff_adid%3D768219%26aff_pid%3D%26aff_sid%3D%26utm_medium%3Daffiliate-alwayson%26utm_source%3Dnon-network%26utm_campaign%3D45505%26utm_term%3D%26utm_content%3D%26aff_klick_id%3D123557542836-45505-768219-d61d2e7&s=37675&e=d96ef6d09b11500e33a875b2e54b7a9b3e81a2b1bddd8b1600a3a452de6454339d8f13307274b4b4a89eb0e8dd64749e&b=1731402&dm=cd | malware | Code and strings of plugins from the Tetris framework loaded by Swid |
| DigiCert UltraDNS | href.li | malicious | Sinkholed |
JavaScript (5)
No JavaScripts
HTTP Transactions (15)
| URL | IP | Response | Size |
|---|