ndh22h.guo6d9.com - urlscan.io

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 6 HTTP transactions. The main IP is 103.248.229.27, located in Singapore, Singapore and belongs to AKARI-NETWORKS-AS-AP Akari Networks, HK. The main domain is ndh22h.guo6d9.com.
TLS certificate: Issued by R11 on December 24th 2024. Valid for: 3 months.

This is the only time ndh22h.guo6d9.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3	103.248.229.27 103.248.229.27	38136 (AKARI-NET...) (AKARI-NETWORKS-AS-AP Akari Networks)
1	43.175.139.86 43.175.139.86	139341 (ACE-AS-AP...) (ACE-AS-AP ACE)
1	116.207.181.224 116.207.181.224	136191 (CHINATELE...) (CHINATELECOM-HUBEI-YICHANG-IDC YICHANG)
1	163.181.81.231 163.181.81.231	24429 (TAOBAO Zh...) (TAOBAO Zhejiang Taobao Network Co.)
6	4

3 103.248.229.27 (Singapore, Singapore)

ASN38136 (AKARI-NETWORKS-AS-AP Akari Networks, HK)

ndh22h.guo6d9.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 43.175.139.86 (Singapore)

ASN139341 (ACE-AS-AP ACE, SG)

web.cdn.openinstall.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 116.207.181.224 (China)

ASN136191 (CHINATELECOM-HUBEI-YICHANG-IDC YICHANG, Hubei Province, P.R.China., CN)

file.0731zhs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 163.181.81.231 (Singapore)

ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN)

web-w4r2uq.openinstall.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	guo6d9.com ndh22h.guo6d9.com	5 KB
1	openinstall.com web-w4r2uq.openinstall.com	1 KB
1	0731zhs.com file.0731zhs.com	589 KB
1	openinstall.io web.cdn.openinstall.io — Cisco Umbrella Rank: 303810	20 KB
6	4

	Domain	Requested by
3	ndh22h.guo6d9.com	ndh22h.guo6d9.com
1	web-w4r2uq.openinstall.com	web.cdn.openinstall.io
1	file.0731zhs.com
1	web.cdn.openinstall.io	ndh22h.guo6d9.com
6	4

This site contains no links.

Subject Issuer	Validity	Valid
ndh22h.guo6d9.com R11	`2024-12-24` - `2025-03-24`	3 months	crt.sh
*.cdn.openinstall.io Encryption Everywhere DV TLS CA - G1	`2024-09-05` - `2025-09-12`	a year	crt.sh
file.0731zhs.com R11	`2024-12-19` - `2025-03-19`	3 months	crt.sh
*.openinstall.com RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2024-05-10` - `2025-05-09`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://ndh22h.guo6d9.com/
Frame ID: CA9E7FDD408DFE72A8030E6C70FB682A
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

果冻视频

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

615 kB
Transfer

649 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
ndh22h.guo6d9.com/ 2 KB
1 KB 258ms
97ms Document
text/html 103.248.229.27
AKARI-NETWORKS-AS...

General

Check archive.org

Show headers Download Go to

Full URL

https://ndh22h.guo6d9.com/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

103.248.229.27 Singapore, Singapore, ASN38136 (AKARI-NETWORKS-AS-AP Akari Networks, HK),

Reverse DNS

Software

nginx /

Resource Hash

17dbf1c36826bdb53661f1cb3031cd2fe7d4e08cf75e037a992ae99ce03eaaf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-length: 1041
content-type: text/html
date: Tue, 24 Dec 2024 08:43:02 GMT
etag: W/"67592094-9a2"
last-modified: Wed, 11 Dec 2024 05:18:12 GMT
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cache: BYPASS

GET
H2 200 openinstall.js Show response
web.cdn.openinstall.io/ 47 KB
20 KB 39ms
5ms Script
application/javascript 43.175.139.86
ACE-AS-AP ACE

General

Check archive.org

Show headers Download Go to

Full URL: https://web.cdn.openinstall.io/openinstall.js
Requested by: Host: ndh22h.guo6d9.com
URL: https://ndh22h.guo6d9.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 43.175.139.86 , Singapore, ASN139341 (ACE-AS-AP ACE, SG),
Reverse DNS
Software: tencent-cos /
Resource Hash: cc057c6278e66b15450ad96f2ce1f7283b40a59620f6cd9ecd2d277a2ddd22bc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://ndh22h.guo6d9.com/

Response headers

cache-control: max-age=7200
x-nws-log-uuid: 17955620012206445555
content-encoding: gzip
x-cos-request-id: Njc2YTE2NjdfNGIzMjkyMWVfOTY5N19iYWRhMGU3
etag: "c3b756de1728004d8e01d61e427ee6e0"
x-cos-hash-crc64ecma: 13809107253179360257
accept-ranges: bytes
content-length: 19878
date: Tue, 24 Dec 2024 02:03:19 GMT
x-cache-lookup: Cache Hit
last-modified: Mon, 25 Nov 2024 09:30:42 GMT
content-type: application/javascript
server: tencent-cos

GET
H2 200 xdd.js Show response
ndh22h.guo6d9.com/ 2 KB
911 B 27ms
27ms Script
application/javascript 103.248.229.27
AKARI-NETWORKS-AS...

General

Check archive.org

Show headers Download Go to

Full URL: https://ndh22h.guo6d9.com/xdd.js
Requested by: Host: ndh22h.guo6d9.com
URL: https://ndh22h.guo6d9.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 103.248.229.27 Singapore, Singapore, ASN38136 (AKARI-NETWORKS-AS-AP Akari Networks, HK),
Reverse DNS
Software: nginx /
Resource Hash: 8fe9ff1665876b1ed48f2f6231508b6ab2b7727a6cb0c94ee64f0ce372346820

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://ndh22h.guo6d9.com/

Response headers

cache-control: max-age=43200
content-encoding: gzip
etag: W/"67651a7c-73d"
expires: Tue, 24 Dec 2024 19:41:37 GMT
x-cache: HIT, policy, disk
content-length: 750
date: Tue, 24 Dec 2024 07:41:37 GMT
content-type: application/javascript
last-modified: Tue, 24 Dec 2024 07:41:37 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 guodong_d.js
file.0731zhs.com/ 594 KB
589 KB 1724ms
1002ms Image
application/javascript 116.207.181.224
CHINATELECOM-HUBE...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://file.0731zhs.com/guodong_d.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 116.207.181.224 , China, ASN136191 (CHINATELECOM-HUBEI-YICHANG-IDC YICHANG, Hubei Province, P.R.China., CN),
Reverse DNS
Software: Byte-nginx /
Resource Hash: 8db4f6d871bfb3964d8859f9f80d59d330cc027e0f6eebdb44b9a3dbac6b96ab

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://ndh22h.guo6d9.com/

Response headers

x-request-ip: 37.19.201.137
x-request-id: 6dad19accc2a7d6741207251b8709edb
x-bdcdn-cache-status: TCP_HIT
content-encoding: gzip
etag: W/"6763b59b-948cf"
age: 345970
expires: Fri, 20 Dec 2024 20:36:53 GMT
date: Tue, 24 Dec 2024 08:43:03 GMT
content-type: application/javascript
last-modified: Thu, 19 Dec 2024 05:56:43 GMT
vary: Accept-Encoding
cache-control: max-age=43200
x-tt-trace-tag: id=5
via: bdengine-75f66ccb55-zknx4
content-length: 602496
x-response-cache: edge_hit
server: Byte-nginx
x-response-cinfo: 37.19.201.137

GET
H2 200 favicon.ico
ndh22h.guo6d9.com/ 2 KB
2 KB 8ms
7ms Other
text/html 103.248.229.27
AKARI-NETWORKS-AS...

General

Check archive.org

Show headers Download Go to

Full URL: https://ndh22h.guo6d9.com/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 103.248.229.27 Singapore, Singapore, ASN38136 (AKARI-NETWORKS-AS-AP Akari Networks, HK),
Reverse DNS
Software: nginx /
Resource Hash: 17dbf1c36826bdb53661f1cb3031cd2fe7d4e08cf75e037a992ae99ce03eaaf7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://ndh22h.guo6d9.com/

Response headers

etag: W/"67592094-9a2"
x-cache: HIT, policy, disk
content-length: 2466
date: Tue, 24 Dec 2024 07:52:08 GMT
content-type: text/html
last-modified: Tue, 24 Dec 2024 07:52:08 GMT
server: nginx
vary: Accept-Encoding

POST
H2 200 init2 Show response
web-w4r2uq.openinstall.com/web/w4r2uq/_/ 604 B
1 KB 460ms
422ms XHR
text/plain 163.181.81.231
TAOBAO Zhejiang T...

General

Check archive.org

Show headers Download Go to

Full URL: https://web-w4r2uq.openinstall.com/web/w4r2uq/_/init2?av=0&cv=0&hash=&sw=p6Cmpg&sh=p6Smpg&sp=1&li=p6GkuKehuKa4oQ
Requested by: Host: web.cdn.openinstall.io
URL: https://web.cdn.openinstall.io/openinstall.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 163.181.81.231 , Singapore, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),
Reverse DNS
Software: Tengine /
Resource Hash: 170a8dd2cdeb7253b7109e82df6c3ea74074e998d1b8339eb9f5bb8f1f8f8d20

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://ndh22h.guo6d9.com/

Response headers

timing-allow-origin: *
access-control-allow-credentials: true
via: cache21.sg12[413,0]
access-control-allow-origin: https://ndh22h.guo6d9.com
eagleid: a3b551a917350297825133716e
content-length: 604
date: Tue, 24 Dec 2024 08:43:02 GMT
content-type: text/plain
vary: Origin
server: Tengine

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

file.0731zhs.com
ndh22h.guo6d9.com
web-w4r2uq.openinstall.com
web.cdn.openinstall.io
103.248.229.27
116.207.181.224
163.181.81.231
43.175.139.86
170a8dd2cdeb7253b7109e82df6c3ea74074e998d1b8339eb9f5bb8f1f8f8d20
17dbf1c36826bdb53661f1cb3031cd2fe7d4e08cf75e037a992ae99ce03eaaf7
8db4f6d871bfb3964d8859f9f80d59d330cc027e0f6eebdb44b9a3dbac6b96ab
8fe9ff1665876b1ed48f2f6231508b6ab2b7727a6cb0c94ee64f0ce372346820
cc057c6278e66b15450ad96f2ce1f7283b40a59620f6cd9ecd2d277a2ddd22bc

ndh22h.guo6d9.com Open in urlscan Pro 103.248.229.27 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

6 Requests

100 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

615 kBTransfer

649 kBSize

0 Cookies

0 Outgoing links

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

ndh22h.guo6d9.com Open in urlscan Pro
103.248.229.27 Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

615 kB
Transfer

649 kB
Size

0
Cookies

6 HTTP transactions
0 data transactions