protect-web.xyz - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 4 HTTP transactions. The main IP is 2606:4700:3036::6815:17eb, located in United States and belongs to CLOUDFLARENET, US. The main domain is protect-web.xyz.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 28th 2022. Valid for: a year.

This is the only time protect-web.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	95.217.27.6 95.217.27.6	24940 (HETZNER-AS) (HETZNER-AS)
3	2606:4700:303... 2606:4700:3036::6815:17eb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a06:98c1:312... 2a06:98c1:3121::a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2

1 95.217.27.6 (Helsinki, Finland) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.6.27.217.95.clients.your-server.de

festinus.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3036::6815:17eb (United States)

ASN13335 (CLOUDFLARENET, US)

protect-web.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3121::a (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.upush.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	protect-web.xyz protect-web.xyz	15 KB
1	upush.me cdn.upush.me	1 KB
1	festinus.xyz 1 redirects festinus.xyz	447 B
4	3

	Domain	Requested by
3	protect-web.xyz	protect-web.xyz
1	cdn.upush.me	protect-web.xyz
1	festinus.xyz	1 redirects
4	3

This site contains links to these domains. Also see Links.

Domain
festinus.xyz

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-04-28` - `2023-04-27`	a year	crt.sh
*.upush.me E1	`2022-05-09` - `2022-08-07`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://protect-web.xyz/ntn24/?lpkey=16e752a9129d582321&trk=festinus.xyz&bb=1&idp=755bb9b5fy4k1zqn273&push=1&t1=755&geo=FI&uclick=fy4k1zqn&uclickhash=fy4k1zqn-fy4k1zqn-x98n-0-16du-fnb4wj-bz3z8n-d844c4&t2=92-1009631+2377741295
Frame ID: D1D88BB8DFD3D203C91D3940DD59A3BC
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Norton Antivirus

Page URL History Show full URLs

https://festinus.xyz/click.php?key=tg2g03gf2txf35nvz6x2&source=1009631%2B2377741295&supply_id=92&... HTTP 302
https://protect-web.xyz/ntn24/?lpkey=16e752a9129d582321&trk=festinus.xyz&bb=1&idp=755bb9b5fy4k1zqn27... Page URL

Page Statistics

4
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

16 kB
Transfer

28 kB
Size

2
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://festinus.xyz/click.php?lp=1

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://festinus.xyz/click.php?key=tg2g03gf2txf35nvz6x2&source=1009631%2B2377741295&supply_id=92&creative=470284&variation=2072059&age=2&supsrc=92-1009631%2B2377741295&format=push&type=mainstream HTTP 302
https://protect-web.xyz/ntn24/?lpkey=16e752a9129d582321&trk=festinus.xyz&bb=1&idp=755bb9b5fy4k1zqn273&push=1&t1=755&geo=FI&uclick=fy4k1zqn&uclickhash=fy4k1zqn-fy4k1zqn-x98n-0-16du-fnb4wj-bz3z8n-d844c4&t2=92-1009631+2377741295 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response protect-web.xyz/ntn24/ Redirect Chain https://festinus.xyz/click.php?key=tg2g03gf2txf35nvz6x2&source=1009631%2B2377741295&supply_id=92&creative=470284&variation=2072059&age=2&supsrc=92-1009631%2B2377741295&format=push&type=mainstream https://protect-web.xyz/ntn24/?lpkey=16e752a9129d582321&trk=festinus.xyz&bb=1&idp=755bb9b5fy4k1zqn273&push=1&t1=755&geo=FI&uclick=fy4k1zqn&uclickhash=fy4k1zqn-fy4k1zqn-x98n-0-16du-fnb4wj-bz3z8n-d84...	12 KB 4 KB	308ms 130ms	Document text/html	2606:4700:3036::6815:17eb CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://protect-web.xyz/ntn24/?lpkey=16e752a9129d582321&trk=festinus.xyz&bb=1&idp=755bb9b5fy4k1zqn273&push=1&t1=755&geo=FI&uclick=fy4k1zqn&uclickhash=fy4k1zqn-fy4k1zqn-x98n-0-16du-fnb4wj-bz3z8n-d844c4&t2=92-1009631+2377741295 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::6815:17eb , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `63c9af3ae454af7578329d94a13989b877c997936979b9718d83da92d58b36cc` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 708cef60197c716e-DUS content-encoding br content-type text/html; charset=UTF-8 date Mon, 09 May 2022 19:45:21 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=81eDD6sORla7FVrwg4zaymNpyELN36ZZ%2Fx0HstFydn4MZuyT%2BTKg8NowsQ2JKe4oHtsU7kAODD3e1qtpr6WZGWaDKSWR4%2FSEgfEBih0NW93rOOc9GWadXZjKrZr80B5omzxOys63mAa1Fi4D3Yg%3D"}],"group":"cf-nel","max_age":604800} server cloudflare Redirect headers content-type text/html; charset=UTF-8 date Mon, 09 May 2022 19:45:21 GMT location https://protect-web.xyz/ntn24/?lpkey=16e752a9129d582321&trk=festinus.xyz&bb=1&idp=755bb9b5fy4k1zqn273&push=1&t1=755&geo=FI&uclick=fy4k1zqn&uclickhash=fy4k1zqn-fy4k1zqn-x98n-0-16du-fnb4wj-bz3z8n-d844c4&t2=92-1009631+2377741295 server nginx/1.18.0
GET H2	200	style.css protect-web.xyz/ntn24/css/	4 KB 1 KB	117ms 117ms	Stylesheet text/css	2606:4700:3036::6815:17eb CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://protect-web.xyz/ntn24/css/style.css?v=123 Requested by Host: protect-web.xyz URL: https://protect-web.xyz/ntn24/?lpkey=16e752a9129d582321&trk=festinus.xyz&bb=1&idp=755bb9b5fy4k1zqn273&push=1&t1=755&geo=FI&uclick=fy4k1zqn&uclickhash=fy4k1zqn-fy4k1zqn-x98n-0-16du-fnb4wj-bz3z8n-d844c4&t2=92-1009631+2377741295 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::6815:17eb , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `412da4b14d07393a9ab1ce667eaf115704196a30c441dc3b82d568ea73323b4a` Request headers accept-language fi-FI,fi;q=0.9 Referer https://protect-web.xyz/ntn24/?lpkey=16e752a9129d582321&trk=festinus.xyz&bb=1&idp=755bb9b5fy4k1zqn273&push=1&t1=755&geo=FI&uclick=fy4k1zqn&uclickhash=fy4k1zqn-fy4k1zqn-x98n-0-16du-fnb4wj-bz3z8n-d844c4&t2=92-1009631+2377741295 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Mon, 09 May 2022 19:45:22 GMT content-encoding br cf-cache-status HIT last-modified Fri, 11 Mar 2022 06:11:46 GMT server cloudflare etag W/"622ae822-f25" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p4ox7bPrpLW6yuJ5HB1PP4Cv85GQ9QJQmNVblG%2FHQxkMp5vNUsL98wZF%2F9oy625b%2FasdBoAqOnAqfZFWDq3N2rtWFBgR%2FEkq6%2BfkXGKHPGJH6AKkPLGNcSeTZkGP1irsmbKlc3XyiY%2BFO0hdsok%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 708cef613d00716e-DUS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	logo.png protect-web.xyz/ntn24/img/	9 KB 9 KB	115ms 115ms	Image image/png	2606:4700:3036::6815:17eb CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://protect-web.xyz/ntn24/img/logo.png Requested by Host: protect-web.xyz URL: https://protect-web.xyz/ntn24/?lpkey=16e752a9129d582321&trk=festinus.xyz&bb=1&idp=755bb9b5fy4k1zqn273&push=1&t1=755&geo=FI&uclick=fy4k1zqn&uclickhash=fy4k1zqn-fy4k1zqn-x98n-0-16du-fnb4wj-bz3z8n-d844c4&t2=92-1009631+2377741295 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::6815:17eb , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `595ce86576024ae55d2a19858c43698d8be01b858d2ea0c3871b7ead40380857` Request headers accept-language fi-FI,fi;q=0.9 Referer https://protect-web.xyz/ntn24/?lpkey=16e752a9129d582321&trk=festinus.xyz&bb=1&idp=755bb9b5fy4k1zqn273&push=1&t1=755&geo=FI&uclick=fy4k1zqn&uclickhash=fy4k1zqn-fy4k1zqn-x98n-0-16du-fnb4wj-bz3z8n-d844c4&t2=92-1009631+2377741295 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Mon, 09 May 2022 19:45:22 GMT cf-cache-status HIT last-modified Fri, 11 Mar 2022 06:11:47 GMT server cloudflare etag "622ae823-23d2" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dn7UrFpgpzBCwHHpX0pC4ucWRxOPKongSNh4X55Wlrm67HiARTTGXyEfIXXGEQWH5uSLk0EZC9oGI0mJuA8tAD%2BXhgH7qZGZ9JWcT0w8t0lIeSsS6JadllbsYVHN5DpO0eQqJVCgYwXAZVyx1tE%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 708cef613d04716e-DUS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 9170
GET H2	200	87t9hp26579dg.js Show response cdn.upush.me/scripts/	3 KB 1 KB	290ms 104ms	Script application/javascript	2a06:98c1:3121::a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.upush.me/scripts/87t9hp26579dg.js Requested by Host: protect-web.xyz URL: https://protect-web.xyz/ntn24/?lpkey=16e752a9129d582321&trk=festinus.xyz&bb=1&idp=755bb9b5fy4k1zqn273&push=1&t1=755&geo=FI&uclick=fy4k1zqn&uclickhash=fy4k1zqn-fy4k1zqn-x98n-0-16du-fnb4wj-bz3z8n-d844c4&t2=92-1009631+2377741295 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `737b4b6f5dd3de4eb8073c18336072db6bcc733585697bf61e29795d4b33130c` Request headers accept-language fi-FI,fi;q=0.9 Referer https://protect-web.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Mon, 09 May 2022 19:45:22 GMT content-encoding br cf-cache-status MISS last-modified Fri, 11 Mar 2022 07:01:37 GMT server cloudflare etag W/"622af3d1-a72" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fFsWqEacvOOXpBGN79H8zw8UEEqKMjnYRdKMB1PubDpZ4GC13GuUJEFVxFy3iojxWC8BMqGDILeqMdchsm2YGjFXFnV4af6qXhmbZndfEtcYZOt58AJ6G%2BMEdy24oaoEDxxpSxlreeMYNl8%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 708cef635e147a43-DUS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			festinus.xyz/	1970-01-20 02:56:51	Name: uclick Value: fy4k1zqn
			festinus.xyz/	1970-01-20 02:56:51	Name: uclickhash Value: fy4k1zqn-fy4k1zqn-x98n-0-16du-fnb4wj-bz3z8n-d844c4

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.upush.me
festinus.xyz
protect-web.xyz
2606:4700:3036::6815:17eb
2a06:98c1:3121::a
95.217.27.6
412da4b14d07393a9ab1ce667eaf115704196a30c441dc3b82d568ea73323b4a
595ce86576024ae55d2a19858c43698d8be01b858d2ea0c3871b7ead40380857
63c9af3ae454af7578329d94a13989b877c997936979b9718d83da92d58b36cc
737b4b6f5dd3de4eb8073c18336072db6bcc733585697bf61e29795d4b33130c

protect-web.xyz Open in urlscan Pro 2606:4700:3036::6815:17eb Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

4 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

2 IPs

2 Countries

16 kBTransfer

28 kBSize

2 Cookies

1 Outgoing links

Page URL History

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

2 Cookies

Indicators

protect-web.xyz Open in urlscan Pro
2606:4700:3036::6815:17eb Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

16 kB
Transfer

28 kB
Size

2
Cookies

4 HTTP transactions
0 data transactions