urlscan.io logo urlscan.io
SecurityTrails logo

emag20.com Open in urlscan Pro
42.51.0.196  Public Scan

Go To Rescan Add Verdict Report
URL: https://emag20.com/
Submission: On December 16 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 4 HTTP transactions. The main IP is 42.51.0.196, located in China and belongs to FASTIDC Zhengzhou Fastidc Technology Co.,Ltd., CN. The main domain is emag20.com.
TLS certificate: Issued by E6 on December 15th 2024. Valid for: 3 months.
This is the only time emag20.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 42.51.0.196 56005 (FASTIDC Z...)
1 172.104.135.123 63949 (AKAMAI-LI...)
4 3
Domain Requested by
1 cn2ci1216.zz.xn--xhqy6bs81b9a0971b.com emag20.com
1 emag20.com
0 170.106.108.125 Failed cn2ci1216.zz.xn--xhqy6bs81b9a0971b.com
0 cn2ci1216.2ci.315tr.com Failed emag20.com
4 4

This site contains no links.

Subject Issuer Validity Valid
emag20.com
E6		 2024-12-15 -
2025-03-15		 3 months crt.sh
*.zz.xn--xhqy6bs81b9a0971b.com
E5		 2024-10-23 -
2025-01-21		 3 months crt.sh

This page contains 1 frames:

Frame: https://170.106.108.125:25698/kk1.html?2,ZW1hZzIwLmNvbS8=,1
Frame ID: 3A9C013BF8FB4F041A91E30C0CDD99E1
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

4
Requests

50 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

2 kB
Transfer

2 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
emag20.com/ 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://emag20.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
42.51.0.196 , China, ASN56005 (FASTIDC Zhengzhou Fastidc Technology Co.,Ltd., CN),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
f194526a4bca50bdca42f05b4dfc7adccea23516cea44426de36b37f33fd9b34

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
no-store, no-cache, must-revalidate, max-age=0
content-length
1291
content-type
text/html
date
Mon, 16 Dec 2024 20:45:57 GMT
etag
"675c53eb-50b"
expires
0
last-modified
Fri, 13 Dec 2024 15:34:03 GMT
pragma
no-cache
server
nginx/1.20.1
kk.js
cn2ci1216.zz.xn--xhqy6bs81b9a0971b.com/ 		344 B
679 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cn2ci1216.zz.xn--xhqy6bs81b9a0971b.com/kk.js?1,2,ZW1hZzIwLmNvbS8=,cn2ci1216
Requested by
Host: emag20.com
URL: https://emag20.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.104.135.123 Frankfurt am Main, Germany, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS
172-104-135-123.ip.linodeusercontent.com
Software
Microsoft-IIS/10.0 /
Resource Hash
0380a59812628b747092cbbcb315dfad4a79735443385b50ac1a059227a24d8b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://emag20.com/

Response headers

Cache-Control
max-age=0
X-NWS-LOG-UUID
10131007218327886460
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
344
Date
Mon, 16 Dec 2024 20:46:00 GMT
X-Cache-Lookup
Cache Miss
Content-Type
text/html
Server
Microsoft-IIS/10.0
kk.js
cn2ci1216.2ci.315tr.com/ 		0
0
kk1.html
170.106.108.125/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cn2ci1216.2ci.315tr.com
URL
https://cn2ci1216.2ci.315tr.com/kk.js?1,2,ZW1hZzIwLmNvbS8=,cn2ci1216
Domain
170.106.108.125
URL
https://170.106.108.125:25698/kk1.html?2,ZW1hZzIwLmNvbS8=,1

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| getRL string| zzSub object| j object| jj number| h number| jumpcdn object| a

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

170.106.108.125
cn2ci1216.2ci.315tr.com
cn2ci1216.zz.xn--xhqy6bs81b9a0971b.com
emag20.com
170.106.108.125
cn2ci1216.2ci.315tr.com
172.104.135.123
42.51.0.196
0380a59812628b747092cbbcb315dfad4a79735443385b50ac1a059227a24d8b
f194526a4bca50bdca42f05b4dfc7adccea23516cea44426de36b37f33fd9b34