urlscan.io logo urlscan.io
SecurityTrails logo

a06khqp.nodfeetzone.live Open in urlscan Pro
185.155.184.55  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://cs2.exchange/
Effective URL: https://a06khqp.nodfeetzone.live/apbrmqux/?u=pqhk60a&o=3awgwfu&f=1&sid=t1~iz04g5tnoduk4camuqvjjdud&fp=NfZLVH63VEaeycNpMUCzmA%3D%3D
Submission Tags: phishingrod
Submission: On February 24 via api from DE — Scanned from GE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 8 HTTP transactions. The main IP is 185.155.184.55, located in and belongs to . The main domain is a06khqp.nodfeetzone.live.
TLS certificate: Issued by R3 on February 23rd 2024. Valid for: 3 months.
This is the only time a06khqp.nodfeetzone.live was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 104.21.40.52 13335 (CLOUDFLAR...)
1 172.217.16.202 15169 (GOOGLE)
1 185.155.184.32 6898 (AS-6898 C...)
1 185.155.184.55 ()
8 5
Apex Domain
Subdomains		 Transfer
4 cs2.exchange
cs2.exchange
10 KB
1 nodfeetzone.live
a06khqp.nodfeetzone.live
2 KB
1 mybigwinningzone.life
mybigwinningzone.life
60 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 32
1 KB
8 4
Domain Requested by
4 cs2.exchange cs2.exchange
1 a06khqp.nodfeetzone.live mybigwinningzone.life
a06khqp.nodfeetzone.live
1 mybigwinningzone.life cs2.exchange
1 fonts.googleapis.com cs2.exchange
8 4

This site contains no links.

Subject Issuer Validity Valid
cs2.exchange
GTS CA 1P5		 2024-01-09 -
2024-04-08		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2024-02-05 -
2024-04-29		 3 months crt.sh
mybigwinningzone.life
R3		 2024-02-04 -
2024-05-04		 3 months crt.sh
nodfeetzone.live
R3		 2024-02-23 -
2024-05-23		 3 months crt.sh

This page contains 1 frames:

Frame: https://a06khqp.nodfeetzone.live/web/?sid=t1~iz04g5tnoduk4camuqvjjdud
Frame ID: A99568F34A9031C6B388AB95DC1B0B17
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://cs2.exchange/ Page URL
  2. https://mybigwinningzone.life/?u=pqhk60a&o=3awgwfu Page URL
  3. https://a06khqp.nodfeetzone.live/apbrmqux/?u=pqhk60a&o=3awgwfu&f=1&sid=t1~iz04g5tnoduk4camuqvjjdud&fp=NfZLVH6... Page URL

Page Statistics

8
Requests

88 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

73 kB
Transfer

83 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://cs2.exchange/ Page URL
  2. https://mybigwinningzone.life/?u=pqhk60a&o=3awgwfu Page URL
  3. https://a06khqp.nodfeetzone.live/apbrmqux/?u=pqhk60a&o=3awgwfu&f=1&sid=t1~iz04g5tnoduk4camuqvjjdud&fp=NfZLVH63VEaeycNpMUCzmA%3D%3D Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
cs2.exchange/ 		16 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cs2.exchange/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.40.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a8a8c9abe3b61e8fe5a28059c75c9d7e32b4b6225b0691eaa0d9092acc09975c
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
ka-GE,ka;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
85a6481ccfba2dc5-TBS
content-encoding
br
content-language
en-US
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'
content-type
text/html;charset=UTF-8
date
Sat, 24 Feb 2024 08:19:06 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
same-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ETcNs4SKjlJvnM1dTyEur8bWP4Bomq8Ndf2JOz8UJur9zIqvi6s%2F48v3WS9dgonnjItsh3gV9zxQg81JZ7GIovnxQMgU1p%2BM4%2FLggf696oPToKLXKkVyVQzgHnWqIus%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-cache
HIT
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
css
fonts.googleapis.com/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Source+Sans+Pro&display=swap
Requested by
Host: cs2.exchange
URL: https://cs2.exchange/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.202 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f202.1e100.net
Software
ESF /
Resource Hash
3845d7a96aff3c44841ce546930e30c6083a6a89ae841e27099d7d9f9f72cba0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
ka-GE,ka;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 24 Feb 2024 08:19:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 24 Feb 2024 07:04:02 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 24 Feb 2024 08:19:06 GMT
gulp.js
cs2.exchange/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cs2.exchange/gulp.js
Requested by
Host: cs2.exchange
URL: https://cs2.exchange/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.40.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c7621a16e89118c056647f266a278a50f2c6147172fff7dc932c6b7c4c6eb40
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cs2.exchange/
accept-language
ka-GE,ka;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
viewport-width
1600

Response headers

date
Sat, 24 Feb 2024 08:19:07 GMT
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'
x-content-type-options
nosniff
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
x-cache
MISS
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j8B2tqMXG5vvdIZPdQQeCSr41L6T4e3hoSPxt%2F5L2Y6waOwsInbnVcTCY329GdGS1%2FpIFHoKDgj%2FdEz7MVpQ%2BufYRn8ygyY%2BKd4uIvOiSuoadVOC7KQAlKhH6Slzmyw%3D"}],"group":"cf-nel","max_age":604800}
cache-control
private
cf-ray
85a6481e69942dc5-TBS
email-decode.min.js
cs2.exchange/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cs2.exchange/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: cs2.exchange
URL: https://cs2.exchange/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.40.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://cs2.exchange/
accept-language
ka-GE,ka;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
viewport-width
1600

Response headers

date
Sat, 24 Feb 2024 08:19:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 20 Feb 2024 15:59:51 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"65d4cc77-4d7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q%2BsePHftX2WoRmQIJs1TJBPEof14RuxSNV9QthWMN6YtQm50VM6XwL2O%2BgDMFMMj4jDnn1fJm%2FURQO%2FV13LXbjGf1uDbpDaRS%2F%2FbMgNRHdZumzk6AzsS4iIAo2zwB%2FU%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-frame-options
DENY
cache-control
max-age=172800, public
cf-ray
85a6481e69952dc5-TBS
expires
Mon, 26 Feb 2024 08:19:06 GMT
gulp.js
cs2.exchange/ 		225 B
743 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cs2.exchange/gulp.js?_1778491231540161
Requested by
Host: cs2.exchange
URL: https://cs2.exchange/gulp.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.40.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cs2.exchange/
accept-language
ka-GE,ka;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
viewport-width
1600
Content-Type
application/json

Response headers

date
Sat, 24 Feb 2024 08:19:09 GMT
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uJJHQQ2i7dwgzutWIkNrhHE%2FuHeZ%2BNTf71ybQECy8SNBXeq6GXhmVjHjvBQEy7PxO0rDt403tWPHhRVcxn4Ezfljh%2Bz2TufY98taeWGycvBedDbLavUoXFBBdOHXnp4%3D"}],"group":"cf-nel","max_age":604800}
cache-control
private
cf-ray
85a6482748d82dd1-TBS
/
mybigwinningzone.life/ 		60 KB
60 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://mybigwinningzone.life/?u=pqhk60a&o=3awgwfu
Requested by
Host: cs2.exchange
URL: https://cs2.exchange/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
185.155.184.32 , Switzerland, ASN6898 (AS-6898 C41.CH SAGL - LUGANO Data Center, CH),
Reverse DNS
Software
nginx /
Resource Hash
c66ac1ad6b6410fb09a26697c8d5b3d99aa171e77ccfc288745cc054148a8c99

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
ka-GE,ka;q=0.9

Response headers

Cache-Control
no-transform
Connection
keep-alive
Content-Length
61515
Content-Type
text/html
Date
Sat, 24 Feb 2024 08:19:10 GMT
Server
nginx
cache-control
private
Primary Request /
a06khqp.nodfeetzone.live/apbrmqux/ 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://a06khqp.nodfeetzone.live/apbrmqux/?u=pqhk60a&o=3awgwfu&f=1&sid=t1~iz04g5tnoduk4camuqvjjdud&fp=NfZLVH63VEaeycNpMUCzmA%3D%3D
Requested by
Host: mybigwinningzone.life
URL: https://mybigwinningzone.life/?u=pqhk60a&o=3awgwfu
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server
185.155.184.55 -, , ASN (),
Reverse DNS
Software
openresty /
Resource Hash

Request headers

Referer
https://mybigwinningzone.life/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
ka-GE,ka;q=0.9

Response headers

Connection
keep-alive
Content-Length
1496
Content-Type
text/html
Date
Sat, 24 Feb 2024 08:19:11 GMT
Server
openresty
cache-control
private
/
a06khqp.nodfeetzone.live/web/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
a06khqp.nodfeetzone.live
URL
https://a06khqp.nodfeetzone.live/web/?sid=t1~iz04g5tnoduk4camuqvjjdud

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Domain/Path Name / Value
cs2.exchange/ Name: ivuxwgfw_s
Value: U2hpdmElMjBUYW5kYXZhJTIwU3RvdHJhbSUyMEx5cmljcyUyMEluJTIwVGVsdWd1JTIwV29yZA==
mybigwinningzone.life/ Name: sid
Value: t1~iz04g5tnoduk4camuqvjjdud
mybigwinningzone.life/ Name: p1
Value: https://nodfeetzone.live/apbrmqux/
mybigwinningzone.life/ Name: s1
Value: thj8bjvvin81frhc

1 Console Messages

Source Level URL
Text
network error URL: https://cs2.exchange/gulp.js?_1778491231540161
Message:
Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block