urlscan.io logo urlscan.io
SecurityTrails logo

nb137uv.00137rr.com Open in urlscan Pro
216.83.36.38  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://001hui.com/
Effective URL: https://nb137uv.00137rr.com/
Submission: On April 28 via api from BY — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 3 domains to perform 5 HTTP transactions. The main IP is 216.83.36.38, located in United States and belongs to CTGSERVERLIMITED-AS-AP CTG Server Limited, HK. The main domain is nb137uv.00137rr.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 21st 2024. Valid for: a year.
This is the only time nb137uv.00137rr.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 154.7.176.154 979 (NETLAB-SDN)
1 1 172.67.180.3 13335 (CLOUDFLAR...)
4 216.83.36.38 152194 (CTGSERVER...)
5 2
Apex Domain
Subdomains		 Transfer
4 00137rr.com
nb137uv.00137rr.com
20 KB
1 xiao55.top
dash.xiao55.top
576 B
1 001hui.com
001hui.com
557 B
5 3
Domain Requested by
4 nb137uv.00137rr.com 001hui.com
nb137uv.00137rr.com
1 dash.xiao55.top 1 redirects
1 001hui.com
5 3

This site contains no links.

Subject Issuer Validity Valid
*.00137rr.com
Sectigo RSA Domain Validation Secure Server CA		 2024-01-21 -
2025-02-20		 a year crt.sh

This page contains 1 frames:

Primary Page: https://nb137uv.00137rr.com/
Frame ID: 808F7205C209B8681BD0553CB9B4AC64
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

点击验证

Page URL History Show full URLs

  1. http://001hui.com/ HTTP 307
    https://001hui.com/ HTTP 307
    http://001hui.com/ Page URL
  2. https://dash.xiao55.top/?u=http://001hui.com/&p=/ HTTP 302
    https://nb137uv.00137rr.com/ Page URL

Page Statistics

5
Requests

80 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

21 kB
Transfer

40 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://001hui.com/ HTTP 307
    https://001hui.com/ HTTP 307
    http://001hui.com/ Page URL
  2. https://dash.xiao55.top/?u=http://001hui.com/&p=/ HTTP 302
    https://nb137uv.00137rr.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://001hui.com/ HTTP 307
  • https://001hui.com/ HTTP 307
  • http://001hui.com/

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
001hui.com/
Redirect Chain
  • http://001hui.com/
  • https://001hui.com/
  • http://001hui.com/
427 B
557 B 		Document
General
Check archive.org
Download Go to
Full URL
http://001hui.com/
Protocol
HTTP/1.1
Server
154.7.176.154 Los Angeles, United States, ASN979 (NETLAB-SDN, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Cache-Control
max-age=259200
Connection
close
Content-Length
427
Content-Type
text/html; charset=utf-8

Redirect headers

Location
http://001hui.com/
Non-Authoritative-Reason
HttpsUpgrades
Primary Request /
nb137uv.00137rr.com/
Redirect Chain
  • https://dash.xiao55.top/?u=http://001hui.com/&p=/
  • https://nb137uv.00137rr.com/
53 B
356 B 		Document
General
Check archive.org
Download Go to
Full URL
https://nb137uv.00137rr.com/
Requested by
Host: 001hui.com
URL: http://001hui.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.83.36.38 , United States, ASN152194 (CTGSERVERLIMITED-AS-AP CTG Server Limited, HK),
Reverse DNS
Software
tydcdn /
Resource Hash
d3c7b3b6f6eb70fcd93268c721514de6628e8ae32b002b65193e78d132d94151

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
http://001hui.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Date
Sun, 28 Apr 2024 02:04:13 GMT
Server
tydcdn
Transfer-Encoding
chunked

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
87b37aca4ffd1e59-FRA
content-type
text/html; charset=UTF-8
date
Sun, 28 Apr 2024 02:04:06 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
https://nb137uv.00137rr.com
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m1NeudgRIhwV%2FbXuec%2BrpvQNVRF53%2Fb62Keg2Tl2HcJRL4N0QnliWTzNtYmx9tW2IcinM%2FLtM%2B1Z%2BgaQsmnLUCwbhu%2FdtGuzZLkovbsuAugLgxrq7lntbnS2pDbpEhj0IqM%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
html.js
nb137uv.00137rr.com/_guard/ 		6 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nb137uv.00137rr.com/_guard/html.js?js=click_html
Requested by
Host: nb137uv.00137rr.com
URL: https://nb137uv.00137rr.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.83.36.38 , United States, ASN152194 (CTGSERVERLIMITED-AS-AP CTG Server Limited, HK),
Reverse DNS
Software
tydcdn /
Resource Hash
cdb84d5fdfdb9f53854245b2659960f40b8cf28c3609a8b17b864baf7be6e58c

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://nb137uv.00137rr.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sun, 28 Apr 2024 02:04:13 GMT
Server
tydcdn
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
application/javascript
click.js
nb137uv.00137rr.com/_guard/ 		34 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nb137uv.00137rr.com/_guard/click.js
Requested by
Host: nb137uv.00137rr.com
URL: https://nb137uv.00137rr.com/_guard/html.js?js=click_html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.83.36.38 , United States, ASN152194 (CTGSERVERLIMITED-AS-AP CTG Server Limited, HK),
Reverse DNS
Software
tydcdn /
Resource Hash
a28402422b1021f74f27e30d490cdbf2ecb87b90e0d390d2169a5d44e740ec34

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://nb137uv.00137rr.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sun, 28 Apr 2024 02:04:14 GMT
content-encoding
gzip
Server
tydcdn
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
application/javascript
favicon.ico
nb137uv.00137rr.com/ 		53 B
356 B 		Other
General
Check archive.org
Download Go to
Full URL
https://nb137uv.00137rr.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.83.36.38 , United States, ASN152194 (CTGSERVERLIMITED-AS-AP CTG Server Limited, HK),
Reverse DNS
Software
tydcdn /
Resource Hash
d3c7b3b6f6eb70fcd93268c721514de6628e8ae32b002b65193e78d132d94151

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://nb137uv.00137rr.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sun, 28 Apr 2024 02:04:16 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
tydcdn
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=utf-8

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| translations function| setLanguage string| _0xodu function| _0x25f1a1 function| _0x150a54 function| _0x4e4103 function| _0x377092 function| _0x3f1b3a function| _0x27afea function| _0x1df7 object| _0x378973 function| _0x535723 function| _0x162e8f function| gc function| _0x186bff function| _0x57d7 function| _0x55d209 function| _0x3b17de

2 Cookies

Domain/Path Name / Value
dash.xiao55.top/ Name: PHPSESSID
Value: cfe337ff6673c9f3149bfa920f16898e
nb137uv.00137rr.com/ Name: guard
Value: 24db805aSt8O

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

001hui.com
dash.xiao55.top
nb137uv.00137rr.com
154.7.176.154
172.67.180.3
216.83.36.38
a28402422b1021f74f27e30d490cdbf2ecb87b90e0d390d2169a5d44e740ec34
cdb84d5fdfdb9f53854245b2659960f40b8cf28c3609a8b17b864baf7be6e58c
d3c7b3b6f6eb70fcd93268c721514de6628e8ae32b002b65193e78d132d94151