elp4scr9h.imwafhq7i.co Open in urlscan Pro
85.208.116.47 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://tangrenjie.tv/
Effective URL:
https://elp4scr9h.imwafhq7i.co:6252/aUsarXm09ucVJYS/index.html
Submission: On September 05 via manual (September 5th 2024, 11:38:23 am UTC) from SG — Scanned from SG

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 10 HTTP transactions. The main IP is 85.208.116.47, located in Los Angeles, United States and belongs to ENZUINC-, US. The main domain is elp4scr9h.imwafhq7i.co.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on August 26th 2024. Valid for: 3 months.

This is the only time elp4scr9h.imwafhq7i.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Downloads These files were downloaded by the website

Incomplete 2367.apk 21 MB

Size: 21 MB (22097688 bytes, 6% done)

Downloaded from: http://47.116.201.15/2367.apk

Domain & IP information

	IP Address	AS Autonomous System
1 1	85.208.118.63 85.208.118.63	18978 (ENZUINC-) (ENZUINC-)
9	85.208.116.47 85.208.116.47	18978 (ENZUINC-) (ENZUINC-)
1	47.116.201.15 47.116.201.15	37963 (ALIBABA-C...) (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.)
10	2

1 85.208.118.63 (Los Angeles, United States) 1 redirects

ASN18978 (ENZUINC-, US)
PTR: 63.118-208-85.rdns.scalabledns.com

tangrenjie.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 85.208.116.47 (Los Angeles, United States)

ASN18978 (ENZUINC-, US)
PTR: 47.116-208-85.rdns.scalabledns.com

elp4scr9h.imwafhq7i.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 47.116.201.15 (Shanghai, China)

ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN)

47.116.201.15	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	imwafhq7i.co elp4scr9h.imwafhq7i.co	332 KB
1	tangrenjie.tv 1 redirects tangrenjie.tv	398 B
10	2

	Domain	Requested by
9	elp4scr9h.imwafhq7i.co	elp4scr9h.imwafhq7i.co
1	tangrenjie.tv	1 redirects
10	2

This site contains no links.

Subject Issuer	Validity	Valid
*.imwafhq7i.co ZeroSSL RSA Domain Secure Site CA	`2024-08-26` - `2024-11-24`	3 months	crt.sh

This page contains 1 frames:

Frame: http://47.116.201.15/2367.apk
Frame ID: 67F771E90E912CDDD5821B22D6A786D5
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

她~趣视频

Page URL History Show full URLs

http://tangrenjie.tv/ HTTP 307
https://tangrenjie.tv/ HTTP 307
http://tangrenjie.tv/ HTTP 302
https://elp4scr9h.imwafhq7i.co:6252/aUsarXm09ucVJYS/index.html Page URL

Page Statistics

10
Requests

90 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

332 kB
Transfer

354 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://tangrenjie.tv/ HTTP 307
https://tangrenjie.tv/ HTTP 307
http://tangrenjie.tv/ HTTP 302
https://elp4scr9h.imwafhq7i.co:6252/aUsarXm09ucVJYS/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8

http://47.116.201.15/2367.apk HTTP 307
https://47.116.201.15/2367.apk HTTP 307
http://47.116.201.15/2367.apk

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request index.html Show response elp4scr9h.imwafhq7i.co/aUsarXm09ucVJYS/ Redirect Chain http://tangrenjie.tv/ https://tangrenjie.tv/ http://tangrenjie.tv/ https://elp4scr9h.imwafhq7i.co:6252/aUsarXm09ucVJYS/index.html	26 KB 21 KB	570ms 204ms	Document text/html	85.208.116.47 ENZUINC-
General Check archive.org Show headers Download Go to Full URL https://elp4scr9h.imwafhq7i.co:6252/aUsarXm09ucVJYS/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 85.208.116.47 Los Angeles, United States, ASN18978 (ENZUINC-, US), Reverse DNS 47.116-208-85.rdns.scalabledns.com Software Microsoft-IIS/10.0 / ASP.NET Resource Hash `8d55acd45267d8d2f9c958c0f649095942bd1a2f8a12901bc29e01ef9947f833` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers accept-ranges bytes content-encoding gzip content-length 21821 content-type text/html date Thu, 05 Sep 2024 11:38:16 GMT etag "9857d8674ab0d91:0" last-modified Thu, 06 Jul 2023 20:42:40 GMT server Microsoft-IIS/10.0 vary Accept-Encoding x-powered-by ASP.NET Redirect headers Cache-Control private Content-Length 179 Content-Type text/html; charset=utf-8 Date Thu, 05 Sep 2024 11:38:15 GMT Location https://elp4scr9h.imwafhq7i.co:6252/aUsarXm09ucVJYS/index.html Server Microsoft-IIS/10.0 X-AspNet-Version 4.0.30319 X-Powered-By ASP.NET
GET H2	200	mb_5.js Show response elp4scr9h.imwafhq7i.co/app/	17 KB 7 KB	175ms 175ms	Script application/javascript	85.208.116.47 ENZUINC-
General Check archive.org Show headers Download Go to Full URL https://elp4scr9h.imwafhq7i.co:6252/app/mb_5.js Requested by Host: elp4scr9h.imwafhq7i.co URL: https://elp4scr9h.imwafhq7i.co:6252/aUsarXm09ucVJYS/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 85.208.116.47 Los Angeles, United States, ASN18978 (ENZUINC-, US), Reverse DNS 47.116-208-85.rdns.scalabledns.com Software Microsoft-IIS/10.0 / ASP.NET Resource Hash `886b46689013afec63e5f1caa589cc101743f10a5afd3711223009b10fec0cf5` Request headers Referer https://elp4scr9h.imwafhq7i.co:6252/aUsarXm09ucVJYS/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Thu, 05 Sep 2024 11:38:16 GMT content-encoding gzip last-modified Thu, 05 Sep 2024 10:39:27 GMT server Microsoft-IIS/10.0 etag "80597fe17fffda1:0" x-powered-by ASP.NET vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 7018
GET H2	200	css.css elp4scr9h.imwafhq7i.co/aUsarXm09ucVJYS/	11 KB 2 KB	175ms 175ms	Stylesheet text/css	85.208.116.47 ENZUINC-
General Check archive.org Show headers Download Go to Full URL https://elp4scr9h.imwafhq7i.co:6252/aUsarXm09ucVJYS/css.css Requested by Host: elp4scr9h.imwafhq7i.co URL: https://elp4scr9h.imwafhq7i.co:6252/aUsarXm09ucVJYS/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 85.208.116.47 Los Angeles, United States, ASN18978 (ENZUINC-, US), Reverse DNS 47.116-208-85.rdns.scalabledns.com Software Microsoft-IIS/10.0 / ASP.NET Resource Hash `56c0bfe650faeba4d2db458b5ea79124ed4e451d6a0e7eee3b7c05782ce626dd` Request headers Referer https://elp4scr9h.imwafhq7i.co:6252/aUsarXm09ucVJYS/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Thu, 05 Sep 2024 11:38:16 GMT content-encoding gzip last-modified Thu, 06 Jul 2023 20:39:30 GMT server Microsoft-IIS/10.0 etag "9a6f3f649b0d91:0" x-powered-by ASP.NET vary Accept-Encoding content-type text/css accept-ranges bytes content-length 2099
GET H2	200	278949dfc4f962e81b8df57fd09aef89.pgs elp4scr9h.imwafhq7i.co/aUsarXm09ucVJYS/	17 KB 17 KB	185ms 184ms	Image image/jpeg	85.208.116.47 ENZUINC-
General Check archive.org Show headers Download Go to Show image Full URL https://elp4scr9h.imwafhq7i.co:6252/aUsarXm09ucVJYS/278949dfc4f962e81b8df57fd09aef89.pgs Requested by Host: elp4scr9h.imwafhq7i.co URL: https://elp4scr9h.imwafhq7i.co:6252/aUsarXm09ucVJYS/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 85.208.116.47 Los Angeles, United States, ASN18978 (ENZUINC-, US), Reverse DNS 47.116-208-85.rdns.scalabledns.com Software Microsoft-IIS/10.0 / ASP.NET Resource Hash `1b569d0dd9f2d4e4776ae9aed93532f3f585603971854ccf0f26c17bad2c327e` Request headers Referer https://elp4scr9h.imwafhq7i.co:6252/aUsarXm09ucVJYS/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Thu, 05 Sep 2024 11:38:16 GMT last-modified Thu, 06 Jul 2023 17:47:37 GMT server Microsoft-IIS/10.0 etag "6cf6c8f331b0d91:0" x-powered-by ASP.NET content-type image/jpeg accept-ranges bytes content-length 17412
GET H2	200	59a4190fa4bb0fe9424405ad2f3319f8.pgs elp4scr9h.imwafhq7i.co/aUsarXm09ucVJYS/	6 KB 6 KB	185ms 184ms	Image image/jpeg	85.208.116.47 ENZUINC-
General Check archive.org Show headers Download Go to Show image Full URL https://elp4scr9h.imwafhq7i.co:6252/aUsarXm09ucVJYS/59a4190fa4bb0fe9424405ad2f3319f8.pgs Requested by Host: elp4scr9h.imwafhq7i.co URL: https://elp4scr9h.imwafhq7i.co:6252/aUsarXm09ucVJYS/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 85.208.116.47 Los Angeles, United States, ASN18978 (ENZUINC-, US), Reverse DNS 47.116-208-85.rdns.scalabledns.com Software Microsoft-IIS/10.0 / ASP.NET Resource Hash `ac486ee06af7014431d1faee635a0307725cc0127c09b52bec51e18383d5b73d` Request headers Referer https://elp4scr9h.imwafhq7i.co:6252/aUsarXm09ucVJYS/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Thu, 05 Sep 2024 11:38:16 GMT last-modified Thu, 06 Jul 2023 17:39:12 GMT server Microsoft-IIS/10.0 etag "1959e4c630b0d91:0" x-powered-by ASP.NET content-type image/jpeg accept-ranges bytes content-length 6389
GET H2	200	f5dfd3dbde21bfac17bb17362c9e4209.pgs elp4scr9h.imwafhq7i.co/aUsarXm09ucVJYS/	80 KB 80 KB	187ms 187ms	Image image/jpeg	85.208.116.47 ENZUINC-
General Check archive.org Show headers Download Go to Show image Full URL https://elp4scr9h.imwafhq7i.co:6252/aUsarXm09ucVJYS/f5dfd3dbde21bfac17bb17362c9e4209.pgs Requested by Host: elp4scr9h.imwafhq7i.co URL: https://elp4scr9h.imwafhq7i.co:6252/aUsarXm09ucVJYS/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 85.208.116.47 Los Angeles, United States, ASN18978 (ENZUINC-, US), Reverse DNS 47.116-208-85.rdns.scalabledns.com Software Microsoft-IIS/10.0 / ASP.NET Resource Hash `56af4f154dc1f0cc455ea04d6c47894e8cabd6e5d737bb75b5885efb0b5afb73` Request headers Referer https://elp4scr9h.imwafhq7i.co:6252/aUsarXm09ucVJYS/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Thu, 05 Sep 2024 11:38:16 GMT last-modified Thu, 06 Jul 2023 17:39:54 GMT server Microsoft-IIS/10.0 etag "5074a0df30b0d91:0" x-powered-by ASP.NET content-type image/jpeg accept-ranges bytes content-length 82028
GET H2	200	e620ebb31c6c056498a5455de2ad0e77.pgs elp4scr9h.imwafhq7i.co/aUsarXm09ucVJYS/	82 KB 83 KB	552ms 552ms	Image image/jpeg	85.208.116.47 ENZUINC-
General Check archive.org Show headers Download Go to Show image Full URL https://elp4scr9h.imwafhq7i.co:6252/aUsarXm09ucVJYS/e620ebb31c6c056498a5455de2ad0e77.pgs Requested by Host: elp4scr9h.imwafhq7i.co URL: https://elp4scr9h.imwafhq7i.co:6252/aUsarXm09ucVJYS/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 85.208.116.47 Los Angeles, United States, ASN18978 (ENZUINC-, US), Reverse DNS 47.116-208-85.rdns.scalabledns.com Software Microsoft-IIS/10.0 / ASP.NET Resource Hash `ff3ce350a143bc8487865ece7b4d51529720fa342cd174fb4a5d9fc91edb7dc2` Request headers Referer https://elp4scr9h.imwafhq7i.co:6252/aUsarXm09ucVJYS/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Thu, 05 Sep 2024 11:38:16 GMT last-modified Thu, 06 Jul 2023 17:50:26 GMT server Microsoft-IIS/10.0 etag "05d465832b0d91:0" x-powered-by ASP.NET content-type image/jpeg accept-ranges bytes content-length 84351
GET H2	200	66296fcfd07e10baaae8e4541c76c108.pgs elp4scr9h.imwafhq7i.co/aUsarXm09ucVJYS/	114 KB 114 KB	372ms 372ms	Image image/jpeg	85.208.116.47 ENZUINC-
General Check archive.org Show headers Download Go to Show image Full URL https://elp4scr9h.imwafhq7i.co:6252/aUsarXm09ucVJYS/66296fcfd07e10baaae8e4541c76c108.pgs Requested by Host: elp4scr9h.imwafhq7i.co URL: https://elp4scr9h.imwafhq7i.co:6252/aUsarXm09ucVJYS/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 85.208.116.47 Los Angeles, United States, ASN18978 (ENZUINC-, US), Reverse DNS 47.116-208-85.rdns.scalabledns.com Software Microsoft-IIS/10.0 / ASP.NET Resource Hash `3ce011eb15f183fbc12d57b8980af88d28a3b37bd1c2f1ed235d878f98267db5` Request headers Referer https://elp4scr9h.imwafhq7i.co:6252/aUsarXm09ucVJYS/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Thu, 05 Sep 2024 11:38:16 GMT last-modified Thu, 06 Jul 2023 17:49:21 GMT server Microsoft-IIS/10.0 etag "a8939e3132b0d91:0" x-powered-by ASP.NET content-type image/jpeg accept-ranges bytes content-length 117035
GET H2	200	favicon.ico elp4scr9h.imwafhq7i.co/	429 B 540 B	185ms 184ms	Other text/html	85.208.116.47 ENZUINC-
General Check archive.org Show headers Download Go to Full URL https://elp4scr9h.imwafhq7i.co:6252/favicon.ico Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 85.208.116.47 Los Angeles, United States, ASN18978 (ENZUINC-, US), Reverse DNS 47.116-208-85.rdns.scalabledns.com Software Microsoft-IIS/10.0 / ASP.NET Resource Hash `a39d63b0f92de9b2a0254b7a4e640d897aab472c70ee0e262589dd71ff3865c8` Request headers Referer https://elp4scr9h.imwafhq7i.co:6252/aUsarXm09ucVJYS/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Thu, 05 Sep 2024 11:38:18 GMT content-encoding gzip last-modified Thu, 03 Dec 2015 08:47:48 GMT server Microsoft-IIS/10.0 etag "40835a49a72dd11:0" x-powered-by ASP.NET vary Accept-Encoding content-type text/html accept-ranges bytes content-length 436
GET H/1.1	200 OK	2367.apk 47.116.201.15/ Redirect Chain http://47.116.201.15/2367.apk https://47.116.201.15/2367.apk http://47.116.201.15/2367.apk	0 0	359ms 352ms	Document application/octet-stream	47.116.201.15 ALIBABA-CN-NET Ha...
General Check archive.org Show headers Download Go to Full URL http://47.116.201.15/2367.apk Requested by Host: elp4scr9h.imwafhq7i.co URL: https://elp4scr9h.imwafhq7i.co:6252/aUsarXm09ucVJYS/index.html Protocol HTTP/1.1 Server 47.116.201.15 Shanghai, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN), Reverse DNS Software nginx/1.9.11 / Resource Hash Request headers Referer https://elp4scr9h.imwafhq7i.co:6252/aUsarXm09ucVJYS/index.html Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Accept-Ranges bytes Connection keep-alive Content-Length 22097688 Content-Type application/octet-stream Date Thu, 05 Sep 2024 11:38:19 GMT ETag "66d99769-1512f18" Last-Modified Thu, 05 Sep 2024 11:35:05 GMT Server nginx/1.9.11 Redirect headers Location http://47.116.201.15/2367.apk Non-Authoritative-Reason HttpsUpgrades

Verdicts & Comments Add Verdict or Comment

30 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			tangrenjie.tv/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: o4vwtukdnusmz5xaybh2hfsf
			elp4scr9h.imwafhq7i.co/	1970-01-20 23:33:20	Name: s_a_mm Value: 60

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

elp4scr9h.imwafhq7i.co
tangrenjie.tv
47.116.201.15
85.208.116.47
85.208.118.63
1b569d0dd9f2d4e4776ae9aed93532f3f585603971854ccf0f26c17bad2c327e
3ce011eb15f183fbc12d57b8980af88d28a3b37bd1c2f1ed235d878f98267db5
56af4f154dc1f0cc455ea04d6c47894e8cabd6e5d737bb75b5885efb0b5afb73
56c0bfe650faeba4d2db458b5ea79124ed4e451d6a0e7eee3b7c05782ce626dd
886b46689013afec63e5f1caa589cc101743f10a5afd3711223009b10fec0cf5
8d55acd45267d8d2f9c958c0f649095942bd1a2f8a12901bc29e01ef9947f833
a39d63b0f92de9b2a0254b7a4e640d897aab472c70ee0e262589dd71ff3865c8
ac486ee06af7014431d1faee635a0307725cc0127c09b52bec51e18383d5b73d
ff3ce350a143bc8487865ece7b4d51529720fa342cd174fb4a5d9fc91edb7dc2

elp4scr9h.imwafhq7i.co Open in urlscan Pro 85.208.116.47 Public Scan

Summary

urlscan.io Verdict: No classification

Downloads These files were downloaded by the website

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

10 Requests

90 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

332 kBTransfer

354 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

30 JavaScript Global Variables

2 Cookies

Indicators

elp4scr9h.imwafhq7i.co Open in urlscan Pro
85.208.116.47 Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

90 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

332 kB
Transfer

354 kB
Size

2
Cookies

10 HTTP transactions
0 data transactions