protect-web.xyz
Open in
urlscan Pro
2606:4700:3036::6815:17eb
Public Scan
Effective URL: https://protect-web.xyz/ntn24/?lpkey=16e752a9129d582321&trk=festinus.xyz&bb=1&idp=755bb9b5fy4k1zqn273&push=1&t1=755&geo=...
Submission: On May 09 via manual from US — Scanned from FI
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 28th 2022. Valid for: a year.
This is the only time protect-web.xyz was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 95.217.27.6 95.217.27.6 | 24940 (HETZNER-AS) (HETZNER-AS) | |
3 | 2606:4700:303... 2606:4700:3036::6815:17eb | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a06:98c1:312... 2a06:98c1:3121::a | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 2 |
ASN24940 (HETZNER-AS, DE)
PTR: static.6.27.217.95.clients.your-server.de
festinus.xyz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
protect-web.xyz
protect-web.xyz |
15 KB |
1 |
upush.me
cdn.upush.me |
1 KB |
1 |
festinus.xyz
1 redirects
festinus.xyz |
447 B |
4 | 3 |
Domain | Requested by | |
---|---|---|
3 | protect-web.xyz |
protect-web.xyz
|
1 | cdn.upush.me |
protect-web.xyz
|
1 | festinus.xyz | 1 redirects |
4 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
festinus.xyz |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-04-28 - 2023-04-27 |
a year | crt.sh |
*.upush.me E1 |
2022-05-09 - 2022-08-07 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://protect-web.xyz/ntn24/?lpkey=16e752a9129d582321&trk=festinus.xyz&bb=1&idp=755bb9b5fy4k1zqn273&push=1&t1=755&geo=FI&uclick=fy4k1zqn&uclickhash=fy4k1zqn-fy4k1zqn-x98n-0-16du-fnb4wj-bz3z8n-d844c4&t2=92-1009631+2377741295
Frame ID: D1D88BB8DFD3D203C91D3940DD59A3BC
Requests: 4 HTTP requests in this frame
Screenshot
Page Title
Norton AntivirusPage URL History Show full URLs
-
https://festinus.xyz/click.php?key=tg2g03gf2txf35nvz6x2&source=1009631%2B2377741295&supply_id=92&...
HTTP 302
https://protect-web.xyz/ntn24/?lpkey=16e752a9129d582321&trk=festinus.xyz&bb=1&idp=755bb9b5fy4k1zqn27... Page URL
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://festinus.xyz/click.php?key=tg2g03gf2txf35nvz6x2&source=1009631%2B2377741295&supply_id=92&creative=470284&variation=2072059&age=2&supsrc=92-1009631%2B2377741295&format=push&type=mainstream
HTTP 302
https://protect-web.xyz/ntn24/?lpkey=16e752a9129d582321&trk=festinus.xyz&bb=1&idp=755bb9b5fy4k1zqn273&push=1&t1=755&geo=FI&uclick=fy4k1zqn&uclickhash=fy4k1zqn-fy4k1zqn-x98n-0-16du-fnb4wj-bz3z8n-d844c4&t2=92-1009631+2377741295 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
4 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
protect-web.xyz/ntn24/ Redirect Chain
|
12 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
protect-web.xyz/ntn24/css/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
protect-web.xyz/ntn24/img/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
87t9hp26579dg.js
cdn.upush.me/scripts/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
17 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails object| content object| popup object| popupBg object| popupBtn object| upushSettings string| bUrl object| isMobile function| pushAfterTimeout number| TIMEOUT_1_IN_SECONDS number| TIMEOUT_2_IN_SECONDS function| urlBase64ToUint8Array function| upushInit function| subscribe2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
festinus.xyz/ | Name: uclick Value: fy4k1zqn |
|
festinus.xyz/ | Name: uclickhash Value: fy4k1zqn-fy4k1zqn-x98n-0-16du-fnb4wj-bz3z8n-d844c4 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.upush.me
festinus.xyz
protect-web.xyz
2606:4700:3036::6815:17eb
2a06:98c1:3121::a
95.217.27.6
412da4b14d07393a9ab1ce667eaf115704196a30c441dc3b82d568ea73323b4a
595ce86576024ae55d2a19858c43698d8be01b858d2ea0c3871b7ead40380857
63c9af3ae454af7578329d94a13989b877c997936979b9718d83da92d58b36cc
737b4b6f5dd3de4eb8073c18336072db6bcc733585697bf61e29795d4b33130c