record.xebeqawu.rest

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 3 HTTP transactions. The main IP is 104.21.83.229, located in United States and belongs to CLOUDFLARENET, US. The main domain is record.xebeqawu.rest.
TLS certificate: Issued by R3 on September 3rd 2021. Valid for: 3 months.

This is the only time record.xebeqawu.rest was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.21.83.229 104.21.83.229	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	31.222.66.68 31.222.66.68	12678 (BADOO-U) (BADOO-U)
1	51.178.104.33 51.178.104.33	16276 (OVH) (OVH)
3	3

1 104.21.83.229 (United States)

ASN13335 (CLOUDFLARENET, US)

record.xebeqawu.rest	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 31.222.66.68 (United Kingdom)

ASN12678 (BADOO-U, CY)

pd1eu.badoocdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.178.104.33 (France)

ASN16276 (OVH, FR)
PTR: varnish04-ovh.cdn.city-news.ovh

3.citynews-agrigentonotizie.stgy.ovh	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	stgy.ovh 3.citynews-agrigentonotizie.stgy.ovh	66 KB
1	badoocdn.com pd1eu.badoocdn.com	7 KB
1	xebeqawu.rest record.xebeqawu.rest	6 KB
3	3

	Domain	Requested by
1	3.citynews-agrigentonotizie.stgy.ovh	record.xebeqawu.rest
1	pd1eu.badoocdn.com	record.xebeqawu.rest
1	record.xebeqawu.rest
3	3

This site contains no links.

Subject Issuer	Validity	Valid
*.xebeqawu.rest R3	`2021-09-03` - `2021-12-02`	3 months	crt.sh
*.badoocdn.com R3	`2021-10-05` - `2022-01-03`	3 months	crt.sh
admin.citynews.strategy.it R3	`2021-08-15` - `2021-11-13`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://record.xebeqawu.rest/
Frame ID: FC79A71EFD473AB057BAE5AB283C61D4
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Raffadali dieci persone sottoposte al DASPO

Page Statistics

3
Requests

67 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

79 kB
Transfer

89 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
record.xebeqawu.rest/ 18 KB
6 KB 135ms
99ms Document
text/html 104.21.83.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://record.xebeqawu.rest/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.83.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5cb030223d0803cc3b4a19e16ceb4b477cda2e4e8cdb6c01263ec9588fc32270

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Thu, 28 Oct 2021 13:37:48 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bln8arl5sAMCGn%2BbYmaa3voWBI7Fj6cPMux9QGme5AauFJeRzoGfiz2aadg1a%2FRn3wQFcGMP3xvipzflpMIOXWHWhLpRuXTrulgYyXD89NOkWqRFsjjF8bOu4XlcjjNhM4TBiDRVlg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6a548f976d064132-PRG
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H/1.1 200
OK sz___size__.jpg
pd1eu.badoocdn.com/p51/50234/7/9/0/201298279/d1311754/t1485854659/c_WdT0YnM37etfJYTZKUPI8UJWLg.Xb-150gNAhl-7IOEpbAWqcSy8Hw/1311754019/dfs_190x190/ 6 KB
7 KB 157ms
112ms Image
image/webp 31.222.66.68
BADOO-U

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pd1eu.badoocdn.com/p51/50234/7/9/0/201298279/d1311754/t1485854659/c_WdT0YnM37etfJYTZKUPI8UJWLg.Xb-150gNAhl-7IOEpbAWqcSy8Hw/1311754019/dfs_190x190/sz___size__.jpg?jpegq=80&wp=1&h=DuD

Requested by

Host: record.xebeqawu.rest
URL: https://record.xebeqawu.rest/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

31.222.66.68 , United Kingdom, ASN12678 (BADOO-U, CY),

Reverse DNS

Software

nginx /

Resource Hash

17300017834ab5919e36bef886bd12427b23aad535ff9c46c4a173d1d276f454

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://record.xebeqawu.rest/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Thu, 28 Oct 2021 13:37:48 GMT
X-Content-Type-Options: nosniff
X-Coca-Served-By: p51m/cache0p0
Access-Control-Max-Age: 3600
Connection: keep-alive
X-Photo-Modifiers: fmt=webp, img_size=360, fit=190/190, pixelize=, blur=, crop=,-,, downscale=1, progressive=0, inter=cubic, webpq=80, jpegq=80
Vary: Accept
Content-Length: 5994
X-XSS-Protection: 0
X-Coca-Proxy-Host: n/a
Server: nginx
X-PR-Bypass: bypass_default
X-Frame-Options: deny
ETag: "589057c3-c4eb"
Strict-Transport-Security: max-age=31536000; preload
Access-Control-Allow-Methods: GET, POST, OPTIONS, HEAD
Content-Type: image/webp
Access-Control-Allow-Origin: https://badoo.com
Access-Control-Expose-Headers: Content-Type, X-Requested-With, Origin, X-Webapp-Build, X-Use-Session-Cookie, X-User-Agent, X-User-id, X-App-Version, X-Message-type, X-Desktop-web, X-Coca-Proxy-Host, X-Coca-Served-By, X-DPhotos-Mtime, X-Photo-Modifiers, X-Pingback
Cache-Control: max-age=31536000, no-transform
Access-Control-Allow-Credentials: true
Content-Security-Policy: default-src 'self'
Timing-Allow-Origin: https://badoo.com
Access-Control-Allow-Headers: Content-Type, X-Requested-With, Origin, X-Webapp-Build, X-Use-Session-Cookie, X-User-Agent, X-User-id, X-App-Version, X-Message-type, X-Desktop-web, X-Coca-Proxy-Host, X-Coca-Served-By, X-DPhotos-Mtime, X-Photo-Modifiers, X-Pingback
Expires: Fri, 28 Oct 2022 13:37:48 GMT

GET
H2 200 silvio-mattarella-2.jpg
3.citynews-agrigentonotizie.stgy.ovh/~media/original-hi/38836242185101/ 65 KB
66 KB 112ms
73ms Image
image/jpeg 51.178.104.33
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://3.citynews-agrigentonotizie.stgy.ovh/~media/original-hi/38836242185101/silvio-mattarella-2.jpg

Requested by

Host: record.xebeqawu.rest
URL: https://record.xebeqawu.rest/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

51.178.104.33 , France, ASN16276 (OVH, FR),

Reverse DNS

varnish04-ovh.cdn.city-news.ovh

Software

nginx /

Resource Hash

e7338d43db9f6916c9e9d58b4fcbbac91d39384dc2e291b84be100d9261ef7a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://record.xebeqawu.rest/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 13:37:48 GMT
via: 1.1 varnish (Varnish/6.6)
x-content-type-options: nosniff
age: 0
x-varnish-beresp: 200
x-ua-device: pc
content-disposition: inline; filename="silvio mattarella-2.jpg"
remote-ip: 216.131.114.187
content-length: 66633
last-modified: Thu, 25 Oct 2018 21:35:06 GMT
server: nginx
x-varnsih-cache: MISS
etag: "5bd2370a-10449"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-varnish: 420951245
vary: User-Agent
cache-control: public, max-age=31536000, post-check=31536000, pre-check=31536000
x-varnish-backend: kpn232
accept-ranges: bytes
content-type: image/jpeg
server-hostname: varnish04-ovh
expires: Fri, 28 Oct 2022 13:37:48 GMT

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			record.xebeqawu.rest/	1969-12-31 23:59:59	Name: ch1c Value: b
			3.citynews-agrigentonotizie.stgy.ovh/	1970-01-19 22:17:08	Name: __cc Value: DE

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://record.xebeqawu.rest/ Message: Mixed Content: The page at 'https://record.xebeqawu.rest/' was loaded over HTTPS, but requested an insecure element 'http://3.citynews-agrigentonotizie.stgy.ovh/~media/original-hi/38836242185101/silvio-mattarella-2.jpg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://record.xebeqawu.rest/ Message: Mixed Content: The page at 'https://record.xebeqawu.rest/' was loaded over HTTPS, but requested an insecure element 'http://3.citynews-agrigentonotizie.stgy.ovh/~media/original-hi/38836242185101/silvio-mattarella-2.jpg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3.citynews-agrigentonotizie.stgy.ovh
pd1eu.badoocdn.com
record.xebeqawu.rest
104.21.83.229
31.222.66.68
51.178.104.33
17300017834ab5919e36bef886bd12427b23aad535ff9c46c4a173d1d276f454
5cb030223d0803cc3b4a19e16ceb4b477cda2e4e8cdb6c01263ec9588fc32270
e7338d43db9f6916c9e9d58b4fcbbac91d39384dc2e291b84be100d9261ef7a1

record.xebeqawu.rest Open in urlscan Pro 104.21.83.229 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

3 Requests

67 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

79 kBTransfer

89 kBSize

2 Cookies

0 Outgoing links

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

2 Cookies

2 Console Messages

Indicators

record.xebeqawu.rest Open in urlscan Pro
104.21.83.229 Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

67 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

79 kB
Transfer

89 kB
Size

2
Cookies

3 HTTP transactions
0 data transactions