xzsjdklasjdwqopeiwfsa.top
Open in
urlscan Pro
46.8.121.241
Public Scan
URL:
http://xzsjdklasjdwqopeiwfsa.top/
Submission Tags: @ecarlesi threat #malware Search All
Submission: On August 12 via api from AU — Scanned from AU
Submission Tags: @ecarlesi threat #malware Search All
Submission: On August 12 via api from AU — Scanned from AU
Summary
This website contacted 4 IPs
in 3 countries
across 6 domains to perform 19 HTTP transactions.
The main IP is 46.8.121.241, located in
Frankfurt am Main, Germany and
belongs to BGPNETPTELTD-AS-AP BGPNET PTE. LTD., SG.
The main domain is xzsjdklasjdwqopeiwfsa.top.
This is the only time xzsjdklasjdwqopeiwfsa.top was scanned on urlscan.io!
This is the only time xzsjdklasjdwqopeiwfsa.top was scanned on urlscan.io!
urlscan.io Verdict: No classification
Downloads These files were downloaded by the website
Size: 38 MB (40101295 bytes, 0% done)
Downloaded from: https://pppcbxad-kduxyqka-bfilhspyxe.cn-shenzhen.fcapp.run/huaxin-p8YYu-ve2ae055b.apk?t=1691837557115
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 15 | 46.8.121.241 46.8.121.241 | 141883 (BGPNETPTE...) (BGPNETPTELTD-AS-AP BGPNET PTE. LTD.) | |
| 1 | 116.153.64.158 116.153.64.158 | 4837 (CHINA169-...) (CHINA169-BACKBONE CHINA UNICOM China169 Backbone) | |
| 1 3 | 170.33.96.105 170.33.96.105 | 134963 (ASEPL-AS-...) (ASEPL-AS-AP Alibaba.com Singapore E-Commerce Private Limited) | |
| 1 1 | 161.117.243.47 161.117.243.47 | 45102 (ALIBABA-C...) (ALIBABA-CN-NET Alibaba US Technology Co.) | |
| 1 | 120.78.115.43 120.78.115.43 | () () | |
| 19 | 4 |
15
46.8.121.241
(Frankfurt am Main, Germany)
ASN141883 (BGPNETPTELTD-AS-AP BGPNET PTE. LTD., SG)
ASN141883 (BGPNETPTELTD-AS-AP BGPNET PTE. LTD., SG)
| xzsjdklasjdwqopeiwfsa.top |
1
116.153.64.158
(China)
ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN)
ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN)
| cdn.bootcdn.net |
3
170.33.96.105
(Singapore)
ASN134963 (ASEPL-AS-AP Alibaba.com Singapore E-Commerce Private Limited, SG)
ASN134963 (ASEPL-AS-AP Alibaba.com Singapore E-Commerce Private Limited, SG)
| sdk.zgbxxffww.com | |
| sdk.renrenjihua.com | |
| app-oc53tl.renrenjihua.com |
1
161.117.243.47
(Singapore)
ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN)
ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN)
| ztdmoevc.oss-accelerate.aliyuncs.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 15 |
xzsjdklasjdwqopeiwfsa.top
xzsjdklasjdwqopeiwfsa.top |
845 KB |
| 2 |
renrenjihua.com
1 redirects
sdk.renrenjihua.com — Cisco Umbrella Rank: 688844 app-oc53tl.renrenjihua.com |
435 B |
| 1 |
fcapp.run
pppcbxad-kduxyqka-bfilhspyxe.cn-shenzhen.fcapp.run |
|
| 1 |
aliyuncs.com
1 redirects
ztdmoevc.oss-accelerate.aliyuncs.com |
278 B |
| 1 |
zgbxxffww.com
sdk.zgbxxffww.com |
744 B |
| 1 |
bootcdn.net
cdn.bootcdn.net — Cisco Umbrella Rank: 106334 |
35 KB |
| 19 | 6 |
| Domain | Requested by | |
|---|---|---|
| 15 | xzsjdklasjdwqopeiwfsa.top |
xzsjdklasjdwqopeiwfsa.top
|
| 1 | pppcbxad-kduxyqka-bfilhspyxe.cn-shenzhen.fcapp.run |
xzsjdklasjdwqopeiwfsa.top
|
| 1 | ztdmoevc.oss-accelerate.aliyuncs.com | 1 redirects |
| 1 | app-oc53tl.renrenjihua.com | 1 redirects |
| 1 | sdk.renrenjihua.com |
xzsjdklasjdwqopeiwfsa.top
|
| 1 | sdk.zgbxxffww.com |
xzsjdklasjdwqopeiwfsa.top
|
| 1 | cdn.bootcdn.net |
xzsjdklasjdwqopeiwfsa.top
|
| 19 | 7 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| media.tyi21.win |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| cdn.bootcdn.net R3 |
2023-05-31 - 2023-08-29 |
3 months | crt.sh |
| *.zgbxxffww.com Sectigo RSA Domain Validation Secure Server CA |
2023-03-14 - 2024-03-13 |
a year | crt.sh |
| *.renrenjihua.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-31 - 2024-07-30 |
a year | crt.sh |
| *.fcapp.run GlobalSign Organization Validation CA - SHA256 - G2 |
2022-10-25 - 2023-11-14 |
a year | crt.sh |
This page contains 1 frames:
Frame:
https://pppcbxad-kduxyqka-bfilhspyxe.cn-shenzhen.fcapp.run/huaxin-p8YYu-ve2ae055b.apk?t=1691837557115
Frame ID: AFF2D4CBB9792AE00714718DF4DFBF1A
Requests: 19 HTTP requests in this frame
1 Outgoing links
These are links going to different origins than the main page.
URL: https://media.tyi21.win/standalone.html?appId=6fa5a9d5d8194df5b7bbde612bfd0091
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 17- https://app-oc53tl.renrenjihua.com/page/oc53tl/install/c/eyJtIjoiRUFGdzlGdTl6OHdBQUFHSjZXQmhxelQzaWRaUmRwRXBTdHM4WHlZZXlETkp5YjNWN0RiTWpTLTV6SzVXV3o4In0=?p=0 HTTP 302
- https://ztdmoevc.oss-accelerate.aliyuncs.com/p8YYu.html HTTP 302
- https://pppcbxad-kduxyqka-bfilhspyxe.cn-shenzhen.fcapp.run/huaxin-p8YYu-ve2ae055b.apk?t=1691837557115
19 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
/
xzsjdklasjdwqopeiwfsa.top/ |
4 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
reset.css
xzsjdklasjdwqopeiwfsa.top/css/ |
1 KB 937 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
style.css
xzsjdklasjdwqopeiwfsa.top/css/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
cdn.bootcdn.net/ajax/libs/jquery/3.5.1/ |
87 KB 35 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bg1.jpg
xzsjdklasjdwqopeiwfsa.top/images/ |
79 KB 79 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bg2.jpg
xzsjdklasjdwqopeiwfsa.top/images/ |
259 KB 259 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bg3.jpg
xzsjdklasjdwqopeiwfsa.top/images/ |
331 KB 331 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo.png
xzsjdklasjdwqopeiwfsa.top/images/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
kefu.png
xzsjdklasjdwqopeiwfsa.top/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
title3.png
xzsjdklasjdwqopeiwfsa.top/images/ |
130 KB 130 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
aixin.png
xzsjdklasjdwqopeiwfsa.top/images/ |
479 B 808 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
android.png
xzsjdklasjdwqopeiwfsa.top/images/ |
486 B 815 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ios.png
xzsjdklasjdwqopeiwfsa.top/images/ |
482 B 811 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
footer.png
xzsjdklasjdwqopeiwfsa.top/images/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
appinstall.js
xzsjdklasjdwqopeiwfsa.top/ |
46 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
aixin.png
xzsjdklasjdwqopeiwfsa.top/images/ |
479 B 808 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
init
sdk.zgbxxffww.com/web/oc53tl/_/ |
523 B 744 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
eyJtIjoibVFLaENSSXB2bE1BQUFHSjZXQmhxOGNZQ3N2Z0c2cGZ4a2ZuaXk4R1ZYNmcwZ3pqQVFXS1BUc0pNbTljZWRJIn0=
sdk.renrenjihua.com/web/oc53tl/_/clicked/c/ |
0 278 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
huaxin-p8YYu-ve2ae055b.apk
pppcbxad-kduxyqka-bfilhspyxe.cn-shenzhen.fcapp.run/ Redirect Chain
|
0 0 |
Document
application/vnd.android.package-archive |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| AppInstall object| data0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
app-oc53tl.renrenjihua.com
cdn.bootcdn.net
pppcbxad-kduxyqka-bfilhspyxe.cn-shenzhen.fcapp.run
sdk.renrenjihua.com
sdk.zgbxxffww.com
xzsjdklasjdwqopeiwfsa.top
ztdmoevc.oss-accelerate.aliyuncs.com
116.153.64.158
120.78.115.43
161.117.243.47
170.33.96.105
46.8.121.241
1ec4722332f294f4697f3b3859214a2a20900dbc2739cff39a3bf68aded7ce32
26213cbdb5f1639877fc95d3368a45bcdb5355d4a2324f5c6b140d97a5e0d6b1
41ebd2d88a2c35d6fb78602766400a8dfa7227552bb13b04da004365148b201a
53711a672c648472e8dc69189cc058def5f78773ced3604606b2222d252521fd
56848cec2f732d983bcb2680d29aeb8ec172181a148dbec26bfe0e82c688fc17
63bbd64ac12203404984348ca6a377f53cd448bc42a879036ab0c5c6fcfae846
6870c7e0a59524d0e413a31c0fdbb462ae6211a6549f835ad7678f6ff4fc1ba7
7642e87b8017e4bbd8d27212d5b7de4ca14f81d5b1470f41296c36dea74b8fb2
7eded748802e6e1df8650b77098c327ce4cd8fd3fcb2e1ed886ad219669c7c2d
8a28e0f121fe92d9879f732bb36ef19e4328b1855802f59714a87d75a1a5f8fe
992c9ad08689ec6123a4b1ffc50423e6ebbf9c14b1cc43c70875a7839dc7e0c4
a39e0ee4fb62878fb7054b94dbfe2397aa67e1c9cb00c9fb1fbe0170839c6372
c480e4efcce2926e0f66e20ba04af8c09cfde48f28287689958430afcc21900e
d3edd8f0b1d578b29862811d55db25a225096ad191e88573e8868cc5931ba0f4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f06e7d26ae9a23e8b87641b052b7dffe977af642619c827a33c04ab869397a59
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d