5221kefu43.live Open in urlscan Pro
212.24.127.30 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://5221kefu43.live/
Effective URL:
https://5221kefu43.live/kf.html
Submission: On May 10 via api (May 10th 2024, 10:57:26 am UTC) from BE — Scanned from DE

Summary HTTP 7 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 212.24.127.30, located in Frankfurt (Oder), Germany and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is 5221kefu43.live.
TLS certificate: Issued by R3 on April 18th 2024. Valid for: 3 months.

This is the only time 5221kefu43.live was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	212.24.127.30 212.24.127.30	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1	23.97.64.154 23.97.64.154	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
7	3

4 212.24.127.30 (Frankfurt (Oder), Germany)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

5221kefu43.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.97.64.154 (Hong Kong, Hong Kong)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

txtd.eiwasevipmvdtj.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	5221kefu43.live 5221kefu43.live	7 KB
1	eiwasevipmvdtj.xyz txtd.eiwasevipmvdtj.xyz
7	2

	Domain	Requested by
4	5221kefu43.live	5221kefu43.live
1	txtd.eiwasevipmvdtj.xyz	5221kefu43.live
7	2

This site contains no links.

Subject Issuer	Validity	Valid
5221kefu43.live R3	`2024-04-18` - `2024-07-17`	3 months	crt.sh
xnfq.eiwasevipmvdtj.xyz R3	`2024-04-11` - `2024-07-10`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://5221kefu43.live/kf.html
Frame ID: 0BD608DB06E3188E143A645695738017
Requests: 7 HTTP requests in this frame

Frame: https://txtd.eiwasevipmvdtj.xyz/index?key=3661de64c6f499551d4833661d47e8f4&sa=803697818ad7a280dd0071a2006e9625
Frame ID: 57EA4A4F59D3FA61B5850AAD39BB1D9C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

欢迎光临 welcome

Page URL History Show full URLs

http://5221kefu43.live/ HTTP 307
https://5221kefu43.live/ Page URL
https://5221kefu43.live/kf.html Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

7
Requests

71 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

11 kB
Transfer

16 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://5221kefu43.live/ HTTP 307
https://5221kefu43.live/ Page URL
https://5221kefu43.live/kf.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://5221kefu43.live/ HTTP 307
https://5221kefu43.live/

7 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

/ Show response
5221kefu43.live/
Redirect Chain

http://5221kefu43.live/
https://5221kefu43.live/

10 KB
6 KB

1858ms
681ms

Document
text/html

212.24.127.30
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://5221kefu43.live/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.24.127.30 Frankfurt (Oder), Germany, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

**** /

Resource Hash

18b1107314ac04675ae0a6d28bf9ba5eab9cfc4f4d7c07d68de361d5b6aa9a80

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; preload

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Fri, 10 May 2024 10:57:17 GMT
ETag: W/"62fc2bb8-28f8"
Last-Modified: Tue, 16 Aug 2022 23:43:52 GMT
Server: ****
Strict-Transport-Security: max-age=0; preload
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Cache: BYPASS
X-Request-Id: c195b3cf2ff67e411fd5693c7c6eb70c

Redirect headers

Location: https://5221kefu43.live/
Non-Authoritative-Reason: HttpsUpgrades

GET
H/1.1 404
Not Found qqapi.js
5221kefu43.live/js/ 0
0 715ms
714ms Script
text/html 212.24.127.30
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://5221kefu43.live/js/qqapi.js?_bid=152

Requested by

Host: 5221kefu43.live
URL: https://5221kefu43.live/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.24.127.30 Frankfurt (Oder), Germany, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

**** /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://5221kefu43.live/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 10 May 2024 10:57:18 GMT
Strict-Transport-Security: max-age=0; preload
Server: ****
X-Cache: MISS
Content-Type: text/html
Connection: keep-alive
Content-Length: 548
X-Request-Id: 2fd398f78c58a8ca3a3b7a91c8fb9eb4

GET
H/1.1 502
Bad Gateway jquery.min.js
5221kefu43.live/js/ 0
0 3617ms
3210ms Script
text/html 212.24.127.30
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://5221kefu43.live/js/jquery.min.js

Requested by

Host: 5221kefu43.live
URL: https://5221kefu43.live/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.24.127.30 Frankfurt (Oder), Germany, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

**** /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://5221kefu43.live/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 10 May 2024 10:57:20 GMT
Strict-Transport-Security: max-age=0; preload
Server: ****
Transfer-Encoding: chunked
X-Cache: MISS
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Request-Id: c763e4fbdb4eefa52de5a69a7fdd76fc

GET
DATA 200
OK truncated
/ 5 KB
5 KB Font
application/octet-stream

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b3b812720c532be020fff8ed451ce81c5bdcad52993cf88b0e0385fbdae1b2bd

Request headers

Referer
Origin: https://5221kefu43.live
Accept-Language: de-DE,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: application/octet-stream

GET favicon.ico
5221kefu43.live/ 0
0

GET
H/1.1 200
OK Primary Request kf.html Show response
5221kefu43.live/ 978 B
1 KB 360ms
358ms Document
text/html 212.24.127.30
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://5221kefu43.live/kf.html

Requested by

Host: 5221kefu43.live
URL: https://5221kefu43.live/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.24.127.30 Frankfurt (Oder), Germany, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

**** /

Resource Hash

6ab094ec288198362feb37175504be3a898d2fba165ee2cc49a03e0b04589f57

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; preload

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://5221kefu43.live/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Length: 978
Content-Type: text/html
Date: Fri, 10 May 2024 10:57:22 GMT
ETag: "6638e58d-3d2"
Last-Modified: Mon, 06 May 2024 14:13:33 GMT
Server: ****
Strict-Transport-Security: max-age=0; preload
X-Cache: BYPASS
X-Request-Id: b8f2ac634ebe070cc011a849f35b6719

GET
H/1.1 200
OK index
txtd.eiwasevipmvdtj.xyz/ Frame 57EA 0
0 1255ms
241ms Document
text/html 23.97.64.154
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://txtd.eiwasevipmvdtj.xyz/index?key=3661de64c6f499551d4833661d47e8f4&sa=803697818ad7a280dd0071a2006e9625
Requested by: Host: 5221kefu43.live
URL: https://5221kefu43.live/kf.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.97.64.154 Hong Kong, Hong Kong, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://5221kefu43.live/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Length: 771
Content-Type: text/html; charset=utf-8
Date: Fri, 10 May 2024 10:57:23 GMT
ETag: "663adc7a-303"
Last-Modified: Wed, 08 May 2024 01:59:22 GMT
Server: nginx
Vary: Accept-Encoding
X-Cache-Status: HIT

GET favicon.ico
5221kefu43.live/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: 5221kefu43.live
URL: https://5221kefu43.live/favicon.ico

Domain: 5221kefu43.live
URL: https://5221kefu43.live/favicon.ico

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			5221kefu43.live/	1969-12-31 23:59:59	Name: session_sslproxy_server Value: 0ddf2323-7b73-462d67b3479416f29dc25703d161c6667e48

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://5221kefu43.live/js/qqapi.js?_bid=152 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://5221kefu43.live/js/jquery.min.js Message: Failed to load resource: the server responded with a status of 502 (Bad Gateway)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5221kefu43.live
txtd.eiwasevipmvdtj.xyz
5221kefu43.live
212.24.127.30
23.97.64.154
18b1107314ac04675ae0a6d28bf9ba5eab9cfc4f4d7c07d68de361d5b6aa9a80
6ab094ec288198362feb37175504be3a898d2fba165ee2cc49a03e0b04589f57
b3b812720c532be020fff8ed451ce81c5bdcad52993cf88b0e0385fbdae1b2bd

5221kefu43.live Open in urlscan Pro 212.24.127.30 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

71 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

11 kBTransfer

16 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

1 Cookies

2 Console Messages

Security Headers

Indicators

5221kefu43.live Open in urlscan Pro
212.24.127.30 Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

71 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

11 kB
Transfer

16 kB
Size

1
Cookies

7 HTTP transactions
1 data transactions