app.nihaocloud.com
Open in
urlscan Pro
52.213.131.210
Malicious Activity!
Public Scan
Submission: On November 17 via manual from US
Summary
TLS certificate: Issued by Amazon on April 4th 2020. Valid for: a year.
This is the only time app.nihaocloud.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Office 365 (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
19 | 52.213.131.210 52.213.131.210 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 13.35.193.108 13.35.193.108 | 16509 (AMAZON-02) (AMAZON-02) | |
11 | 104.18.70.113 104.18.70.113 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 143.204.170.7 143.204.170.7 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 104.16.51.111 104.16.51.111 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 15.165.116.74 15.165.116.74 | 16509 (AMAZON-02) (AMAZON-02) | |
36 | 7 |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-213-131-210.eu-west-1.compute.amazonaws.com
app.nihaocloud.com |
ASN16509 (AMAZON-02, US)
PTR: server-13-35-193-108.lhr62.r.cloudfront.net
tag.getdrip.com |
ASN16509 (AMAZON-02, US)
PTR: server-143-204-170-7.lhr50.r.cloudfront.net
api.getdrip.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-15-165-116-74.ap-northeast-2.compute.amazonaws.com
dash.sesamedisk.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
nihaocloud.com
app.nihaocloud.com |
2 MB |
11 |
zdassets.com
static.zdassets.com ekr.zdassets.com |
570 KB |
2 |
zendesk.com
nihaocloud.zendesk.com |
2 KB |
2 |
getdrip.com
tag.getdrip.com api.getdrip.com |
28 KB |
1 |
sesamedisk.com
dash.sesamedisk.com |
346 B |
36 | 5 |
Domain | Requested by | |
---|---|---|
19 | app.nihaocloud.com |
app.nihaocloud.com
|
10 | static.zdassets.com |
app.nihaocloud.com
static.zdassets.com |
2 | nihaocloud.zendesk.com |
static.zdassets.com
|
1 | dash.sesamedisk.com |
app.nihaocloud.com
|
1 | api.getdrip.com |
tag.getdrip.com
|
1 | ekr.zdassets.com |
static.zdassets.com
|
1 | tag.getdrip.com |
app.nihaocloud.com
|
36 | 7 |
This site contains links to these domains. Also see Links.
Domain |
---|
dash.sesamedisk.com |
catsaccessories.trade |
facebook.com |
twitter.com |
instagram.com |
pinterest.com |
linkedin.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.nihaocloud.com Amazon |
2020-04-04 - 2021-05-04 |
a year | crt.sh |
*.getdrip.com Amazon |
2020-03-27 - 2021-04-27 |
a year | crt.sh |
ssl911790.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2020-10-28 - 2021-05-06 |
6 months | crt.sh |
nihaocloud.zendesk.com Cloudflare Inc ECC CA-3 |
2020-07-06 - 2021-07-06 |
a year | crt.sh |
*.sesamedisk.com Amazon |
2020-05-22 - 2021-06-22 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://app.nihaocloud.com/f/4e5b445b7bf94efdbbd4/
Frame ID: 0A5891BED4257517420E00091DF0CB54
Requests: 27 HTTP requests in this frame
Frame:
https://static.zdassets.com/web_widget/latest/preload.89e8fa00d52db4002839.js
Frame ID: 3EC4036FE0A2A4A46C5C4E4EC92EB89C
Requests: 10 HTTP requests in this frame
7 Outgoing links
These are links going to different origins than the main page.
Title: You are at NiHao Cloud
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
36 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
app.nihaocloud.com/f/4e5b445b7bf94efdbbd4/ |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fontawesome-all.min.css
app.nihaocloud.com/media/fontawesome/css/ |
54 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
iconfont.css
app.nihaocloud.com/media/css/sf_font3/ |
4 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
seafile-ui.css
app.nihaocloud.com/media/css/ |
276 KB 55 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
seahub_react.css
app.nihaocloud.com/media/css/ |
22 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sharedFileViewPDF.css
app.nihaocloud.com/media/assets/frontend/css/ |
7 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
djangojs.js
app.nihaocloud.com/media/assets/scripts/i18n/en/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
drip.js
app.nihaocloud.com/media/js/ |
334 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bundle.common.js
app.nihaocloud.com/media/assets/frontend/commons/ |
2 MB 610 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sharedFileViewPDF.js
app.nihaocloud.com/media/assets/frontend/js/ |
146 KB 46 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pdf.min.js
app.nihaocloud.com/media/js/pdf/ |
305 KB 99 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
viewer.js
app.nihaocloud.com/media/js/pdf/ |
447 KB 108 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
7296023.js
tag.getdrip.com/ |
86 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
asset_composer.js
static.zdassets.com/ekr/ |
24 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
91e1a6ed-adbf-489a-8a80-ab895596a1b2
ekr.zdassets.com/compose/ |
948 B 873 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
visit
api.getdrip.com/client/events/ |
84 B 837 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mylogo.png
app.nihaocloud.com/media/custom/ |
11 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
locale.properties
app.nihaocloud.com/media/js/pdf/locale/ |
5 KB 6 KB |
XHR
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 2 KB |
Font
application/x-font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
app.nihaocloud.com/api2/account/info/ |
58 B 913 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
preload.89e8fa00d52db4002839.js
static.zdassets.com/web_widget/latest/ Frame 3EC4 |
61 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
web_widget.ba9a857f2bb01785a8d1.chunk.js
static.zdassets.com/web_widget/latest/lazy/ Frame 3EC4 |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendors~web_widget.ca239eb7094b76c34e1a.chunk.js
static.zdassets.com/web_widget/latest/ Frame 3EC4 |
1 MB 282 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
web_widget.a0b820f476a5e554b222.chunk.js
static.zdassets.com/web_widget/latest/ Frame 3EC4 |
854 KB 165 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chat-sdk.cec40ba63b2a85de0a9c.chunk.js
static.zdassets.com/web_widget/latest/ Frame 3EC4 |
257 KB 50 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
talk-sdk.a78cdd8b4495e55b4f0a.chunk.js
static.zdassets.com/web_widget/latest/ Frame 3EC4 |
57 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
config
nihaocloud.zendesk.com/embeddable/ |
871 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
en-us-json.cc8e73e5fe307bb27426.chunk.js
static.zdassets.com/web_widget/latest/locales/ Frame 3EC4 |
25 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
framework-boot.4150fe4046b180ebb0a4.chunk.js
static.zdassets.com/web_widget/latest/lazy/ Frame 3EC4 |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
embeddable_blip
nihaocloud.zendesk.com/ Frame 3EC4 |
0 640 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
viewer.properties
app.nihaocloud.com/media/js/pdf/locale/en-US/ |
11 KB 11 KB |
XHR
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-solid-900.woff2
app.nihaocloud.com/media/fontawesome/webfonts/ |
73 KB 73 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
dash.sesamedisk.com/ads/ |
128 B 346 B |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chat-incoming-message-notification.mp3
static.zdassets.com/web_widget/static/ Frame 3EC4 |
19 KB 20 KB |
Media
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pdf.worker.min.js
app.nihaocloud.com/media/js/pdf/ |
733 KB 250 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
You%20have%20a%20new%20fax%20document.pdf
app.nihaocloud.com/seafhttp/files/6db60459-5fe1-403d-8bcd-eda18b8b2a41/ |
447 KB 449 KB |
Fetch
application/pdf |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
3250a31f-abac-4d09-af9d-dee9e52808e9
https://app.nihaocloud.com/ |
8 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Office 365 (Online)43 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes object| app object| django function| pluralidx function| gettext function| ngettext function| gettext_noop function| pgettext function| npgettext function| interpolate function| get_format object| _dcq object| _dcs function| zEmbed function| zE object| zEWebpackACJsonp function| setImmediate function| clearImmediate boolean| zEACLoaded object| _dcfg object| dripIntlTelInputGlobals object| _dc undefined| Drip_728222446 function| webpackJsonp object| shared object| regeneratorRuntime string| sf_file_url string| sf_pdfworkerjs_url string| sf_pdf_images_path string| sf_pdf_cmaps_path boolean| _pdfjsCompatibilityChecked object| core object| pdfjsLib object| pdfjs-dist/build/pdf object| PDFViewerApplication function| PDFViewerApplicationOptions function| $zopim4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
app.nihaocloud.com/ | Name: AWSALB Value: +ZbuqzI3fX2mTDskYSZ1C+Q7fx2K8IhhzabLYuy7yRvx8vl/+3fzojRaW7T8HuVUoYqDSj6HRJFaziwSfer640XOEEN0eUfytao+pSCrjAHO2HCmbWv9IMOODVeY |
|
.nihaocloud.com/ | Name: _drip_client_7296023 Value: vid%253Db348999d39b149d68a77096fbf8ba354%2526pageViews%253D1%2526sessionPageCount%253D1%2526lastVisitedAt%253D1605642764113%2526weeklySessionCount%253D1%2526lastSessionAt%253D1605642764113 |
|
app.nihaocloud.com/ | Name: AWSALBCORS Value: rVA38IVy3NW9z3suncJHeLcz3IeD0YHktfCe578fn3s6LZz0W6Or7O43thbZhw7KxDqhH0XP3Bka3nenM42b3PvvSj0Jfnnah8FDdiVpPCJ5I7heog+w+GmA2tXy |
|
app.nihaocloud.com/ | Name: sfcsrftoken Value: LKh52xqNkbzMRakSc9CgdF6d4WH7ik8kZ9H1VmQjfiYe3v2lgiWgO1tZfmiSO1KL |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.getdrip.com
app.nihaocloud.com
dash.sesamedisk.com
ekr.zdassets.com
nihaocloud.zendesk.com
static.zdassets.com
tag.getdrip.com
104.16.51.111
104.18.70.113
13.35.193.108
143.204.170.7
15.165.116.74
52.213.131.210
00433b92f8d09981b08fa8ca1bc0f42b0069ea985f105084f1d51dabbed13c47
0368b35ca6ff92e65883e77487b12d0cd0706ee9e43ba156b182352d7d10cab5
03e01d6c6cce9e157da19d9aa55f5e5ef7298653cec8bc28b4d6df99cc4aeb8d
131532196aa7ed1b3297470718e88474f72b07b582c4908a23ddb1acdef09445
18de581bd77efb79ba5e91d2df6e24dad88e007108c5c0c7f013530741aa0c53
2625fa53bbd1f4db9b79a873fd4e6a3cdbc5f8a471be59b553358818f395602e
2b630cb34cb8e3ed49ce8b8a66b649900c38fda808dd43453eab2029830dc258
2cb659ac428a22cb41adcf41d57f4deb085ef66eb46801dbcb99728b4b3df84a
2ed71e1f481e357fa6c05a6cadebf603eb7848134db62c433cc0e1a55c7d257d
3e7bd9e03c9cecd2e565dcbc60cee32497392bb3fe21ba3f179cebd931b59747
49c0d14db1d617f5a8b0ebb4a177bc8d6424e890b05a275b304dcbc3d0558b87
52b970231b6acd054a470b232aec5aee2493e1a4fc07a54557cc524f11343c2e
58912e61e24cc6b172aa0392b5a9e8a76278b1dfb0f4d6149dd377d1705160b5
5991a85568c553f8faf24407b27015791a41a241a133f1cae46d976f4a825647
6092029fecc148c5d2c3ec3c3e1d4a7f9fa47d655fbd1fb22ed22596816adc14
68da8a70462d5e435e5c6f7730e1717eeeecbfd7be9c0892a2531c56ca6a7077
70eee5ff7f3a5fafb954ee8aa46517def0d4e43cec31d8828bf806bdda3c1f58
728f5e8eeaac39b21a6b5241a4da5ad6f155c8483c5ce65392382f68e6f28c69
7d71c98732bf05bc5e35ff66203fd19d6777abc5ab5a76c17288bf57de7372dd
8231103d519b2db6114b40807697ff8a7443f6ec6e939c8cb9cb4f5dee7348b2
911245e9a32d617b8b908d8e742522fa9ed193aae41570cdb80b263517e453cb
97e5b0b6cfc2ba9815028429c069631ba12b294aa7419d1ea130accd0adc2d46
b7626527d7c6d3b2ed4f88055cfeb23eee5a1ce3fa760b12d5c24492e6e3c081
b8882e31b1407e6da2e2dda44ffa9f1c1a9298059f7203c5fa7d50bee4899783
bc1b576b3e7c0796f0e1c7fdcb47ca0ca0f9f0c0af12f7f0ffc629265daab4f7
bf756904f4b2832e736d3089f62fca7b9c61b2bfccf21467eca810cb531e7104
c74880adbd43c1ea181ae8b64d01fbfee7e6a7b7d4874ed14df0442756475590
d2b0ff5ddbbd938218df4828de9183ab4a6b3c0aa130c3eef395c4ac7cd78cd2
dad3c5897f73ceba05ef0f4ff931bffb8074a33b91139df625b91d9ea65d983b
dbff0849bc109eee7f9b7b1fe12e40fc8add21823b2f1fb600b37f620cbd7862
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e535828bad569d8e3007f11666f5096685548c95fa7125070dcd1d5ad1c7f414
e8e9751b8c7e9fd302cdb5c9763aab7e13b3912be4557b299beda9d0da00d67f
e9c3cd1280c7a20443423c15f4aeed569874a0bb072d8f65e6aab9146c6c04b8
eb4b7a1be5f80c37ac74daa6f20b193b24414f23da856ad2560a0053e65a2cb7
eeb17a45a48aca1d7adbcf04de155dcd0b47cb36ad036310446bb471fea9aaa3
f18c486a80175cf02fee0e05c2b4acd86c04cdbaecec61c1ef91f920509b5efe