a06khqp.nodfeetzone.live
Open in
urlscan Pro
185.155.184.55
Public Scan
Effective URL: https://a06khqp.nodfeetzone.live/apbrmqux/?u=pqhk60a&o=3awgwfu&f=1&sid=t1~iz04g5tnoduk4camuqvjjdud&fp=NfZLVH63VEaeycNpMUCzmA%3D%3D
Submission Tags: phishingrod
Submission: On February 24 via api from DE — Scanned from GE
Summary
TLS certificate: Issued by R3 on February 23rd 2024. Valid for: 3 months.
This is the only time a06khqp.nodfeetzone.live was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 104.21.40.52 104.21.40.52 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 172.217.16.202 172.217.16.202 | 15169 (GOOGLE) (GOOGLE) | |
1 | 185.155.184.32 185.155.184.32 | 6898 (AS-6898 C...) (AS-6898 C41.CH SAGL - LUGANO Data Center) | |
1 | 185.155.184.55 185.155.184.55 | () () | |
8 | 5 |
ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f202.1e100.net
fonts.googleapis.com |
ASN6898 (AS-6898 C41.CH SAGL - LUGANO Data Center, CH)
mybigwinningzone.life |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
cs2.exchange
cs2.exchange |
10 KB |
1 |
nodfeetzone.live
a06khqp.nodfeetzone.live |
2 KB |
1 |
mybigwinningzone.life
mybigwinningzone.life |
60 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 32 |
1 KB |
8 | 4 |
Domain | Requested by | |
---|---|---|
4 | cs2.exchange |
cs2.exchange
|
1 | a06khqp.nodfeetzone.live |
mybigwinningzone.life
a06khqp.nodfeetzone.live |
1 | mybigwinningzone.life |
cs2.exchange
|
1 | fonts.googleapis.com |
cs2.exchange
|
8 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
cs2.exchange GTS CA 1P5 |
2024-01-09 - 2024-04-08 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2024-02-05 - 2024-04-29 |
3 months | crt.sh |
mybigwinningzone.life R3 |
2024-02-04 - 2024-05-04 |
3 months | crt.sh |
nodfeetzone.live R3 |
2024-02-23 - 2024-05-23 |
3 months | crt.sh |
This page contains 1 frames:
Frame:
https://a06khqp.nodfeetzone.live/web/?sid=t1~iz04g5tnoduk4camuqvjjdud
Frame ID: A99568F34A9031C6B388AB95DC1B0B17
Requests: 8 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://cs2.exchange/ Page URL
- https://mybigwinningzone.life/?u=pqhk60a&o=3awgwfu Page URL
- https://a06khqp.nodfeetzone.live/apbrmqux/?u=pqhk60a&o=3awgwfu&f=1&sid=t1~iz04g5tnoduk4camuqvjjdud&fp=NfZLVH6... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://cs2.exchange/ Page URL
- https://mybigwinningzone.life/?u=pqhk60a&o=3awgwfu Page URL
- https://a06khqp.nodfeetzone.live/apbrmqux/?u=pqhk60a&o=3awgwfu&f=1&sid=t1~iz04g5tnoduk4camuqvjjdud&fp=NfZLVH63VEaeycNpMUCzmA%3D%3D Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
cs2.exchange/ |
16 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gulp.js
cs2.exchange/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
email-decode.min.js
cs2.exchange/cdn-cgi/scripts/5c5dd728/cloudflare-static/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
PATCH H3 |
gulp.js
cs2.exchange/ |
225 B 743 B |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
mybigwinningzone.life/ |
60 KB 60 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
a06khqp.nodfeetzone.live/apbrmqux/ |
1 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
a06khqp.nodfeetzone.live/web/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- a06khqp.nodfeetzone.live
- URL
- https://a06khqp.nodfeetzone.live/web/?sid=t1~iz04g5tnoduk4camuqvjjdud
Verdicts & Comments Add Verdict or Comment
0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
cs2.exchange/ | Name: ivuxwgfw_s Value: U2hpdmElMjBUYW5kYXZhJTIwU3RvdHJhbSUyMEx5cmljcyUyMEluJTIwVGVsdWd1JTIwV29yZA== |
|
mybigwinningzone.life/ | Name: sid Value: t1~iz04g5tnoduk4camuqvjjdud |
|
mybigwinningzone.life/ | Name: p1 Value: https://nodfeetzone.live/apbrmqux/ |
|
mybigwinningzone.life/ | Name: s1 Value: thj8bjvvin81frhc |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src 'self' http: https: data: blob: 'unsafe-inline' |
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
a06khqp.nodfeetzone.live
cs2.exchange
fonts.googleapis.com
mybigwinningzone.life
a06khqp.nodfeetzone.live
104.21.40.52
172.217.16.202
185.155.184.32
185.155.184.55
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
3845d7a96aff3c44841ce546930e30c6083a6a89ae841e27099d7d9f9f72cba0
7c7621a16e89118c056647f266a278a50f2c6147172fff7dc932c6b7c4c6eb40
a8a8c9abe3b61e8fe5a28059c75c9d7e32b4b6225b0691eaa0d9092acc09975c
c66ac1ad6b6410fb09a26697c8d5b3d99aa171e77ccfc288745cc054148a8c99