xingqitian2010.siguashui570.com Open in urlscan Pro
43.152.44.86 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://ch8m.com/
Effective URL:
https://xingqitian2010.siguashui570.com/xr_207238929_sign.apk
Submission: On June 03 via api (June 3rd 2024, 12:01:12 pm UTC) from US — Scanned from DE

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 4 countries across 5 domains to perform 18 HTTP transactions. The main IP is 43.152.44.86, located in Frankfurt am Main, Germany and belongs to ACE-AS-AP ACE, SG. The main domain is xingqitian2010.siguashui570.com.
TLS certificate: Issued by R3 on May 30th 2024. Valid for: 3 months.

This is the only time xingqitian2010.siguashui570.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	54.251.227.147 54.251.227.147	16509 (AMAZON-02) (AMAZON-02)
10	52.239.224.161 52.239.224.161	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 5	128.14.116.97 128.14.116.97	21859 (ZEN-ECN) (ZEN-ECN)
1 1	47.254.187.186 47.254.187.186	45102 (ALIBABA-C...) (ALIBABA-CN-NET Alibaba US Technology Co.)
2	43.152.44.86 43.152.44.86	139341 (ACE-AS-AP...) (ACE-AS-AP ACE)
18	4

1 54.251.227.147 (Singapore, Singapore) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-251-227-147.ap-southeast-1.compute.amazonaws.com

ch8m.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 52.239.224.161 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

051clj0531.z7.web.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 128.14.116.97 (Brazil) 1 redirects

ASN21859 (ZEN-ECN, US)

web.xl3s.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 47.254.187.186 (Frankfurt am Main, Germany) 1 redirects

ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN)

dldvcnzrk723.oss-accelerate.aliyuncs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 43.152.44.86 (Frankfurt am Main, Germany)

ASN139341 (ACE-AS-AP ACE, SG)

xingqitian2010.siguashui570.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	windows.net 051clj0531.z7.web.core.windows.net	397 KB
5	xl3s.com 1 redirects web.xl3s.com	3 KB
2	siguashui570.com xingqitian2010.siguashui570.com	3 KB
1	aliyuncs.com 1 redirects dldvcnzrk723.oss-accelerate.aliyuncs.com	238 B
1	ch8m.com 1 redirects ch8m.com	201 B
18	5

	Domain	Requested by
10	051clj0531.z7.web.core.windows.net	051clj0531.z7.web.core.windows.net
5	web.xl3s.com	1 redirects 051clj0531.z7.web.core.windows.net
2	xingqitian2010.siguashui570.com	051clj0531.z7.web.core.windows.net
1	dldvcnzrk723.oss-accelerate.aliyuncs.com	1 redirects
1	ch8m.com	1 redirects
18	5

This site contains no links.

Subject Issuer	Validity	Valid
*.web.core.windows.net Microsoft Azure RSA TLS Issuing CA 03	`2024-04-03` - `2025-03-29`	a year	crt.sh
xl3s.com R3	`2024-05-27` - `2024-08-25`	3 months	crt.sh
siguashui570.com R3	`2024-05-30` - `2024-08-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://xingqitian2010.siguashui570.com/xr_207238929_sign.apk
Frame ID: D96561DD136EFE44E022A0BFA0E8BC23
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

AccessDeny

Page URL History Show full URLs

https://ch8m.com/ HTTP 301
https://051clj0531.z7.web.core.windows.net/XR-S051.html?channelCode=pl68 Page URL
https://web.xl3s.com/page/lgp37cry/install/c/eyJjIjoicGw2OCIsIm0iOiJiWWFSWmdrekVQb0FBQUdQM2ZsdWRG... HTTP 302
https://dldvcnzrk723.oss-accelerate.aliyuncs.com/index.txt HTTP 302
https://xingqitian2010.siguashui570.com/xr_207238929_sign.apk Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

18
Requests

89 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

4
IPs

4
Countries

402 kB
Transfer

994 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ch8m.com/ HTTP 301
https://051clj0531.z7.web.core.windows.net/XR-S051.html?channelCode=pl68 Page URL
https://web.xl3s.com/page/lgp37cry/install/c/eyJjIjoicGw2OCIsIm0iOiJiWWFSWmdrekVQb0FBQUdQM2ZsdWRGMFI1Z2NxdnZjd1F5WVZGQUZyLXVkTHI3XzhncFhQUndMbXhnbTRpaU9JYnBtWEs5WWlXQ1ZTUEFtT3VFRVNrMU1DZDZwSyJ9?p=0 HTTP 302
https://dldvcnzrk723.oss-accelerate.aliyuncs.com/index.txt HTTP 302
https://xingqitian2010.siguashui570.com/xr_207238929_sign.apk Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://ch8m.com/ HTTP 301
https://051clj0531.z7.web.core.windows.net/XR-S051.html?channelCode=pl68

18 HTTP transactions
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	XR-S051.html Show response 051clj0531.z7.web.core.windows.net/ Redirect Chain https://ch8m.com/ https://051clj0531.z7.web.core.windows.net/XR-S051.html?channelCode=pl68	3 KB 3 KB	996ms 242ms	Document text/html	52.239.224.161 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://051clj0531.z7.web.core.windows.net/XR-S051.html?channelCode=pl68 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 52.239.224.161 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `3235fb2f284f40480fcd26c17c6a5e6c71e7c15573a2efc7bbe89a7f1ce6c085` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers Accept-Ranges bytes Content-Length 2999 Content-MD5 eYcsCvcKTeQMH8m8cmMv9A== Content-Type text/html Date Mon, 03 Jun 2024 12:01:00 GMT ETag "0x8DC813D2CE97FAE" Last-Modified Fri, 31 May 2024 06:44:52 GMT Server Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id fc412b5b-c01e-0000-26ad-b56e2b000000 x-ms-version 2018-03-28 Redirect headers cache-control no-store, no-cache, must-revalidate content-encoding gzip content-length 89 content-type text/html; charset=utf-8 date Mon, 03 Jun 2024 12:00:58 GMT edge edge-sg-8.high-performance.network location https://051clj0531.z7.web.core.windows.net/XR-S051.html?channelCode=pl68 server NB301 vary Accept-Encoding
GET H/1.1	200 OK	appinstall.js Show response 051clj0531.z7.web.core.windows.net/assets/js/	47 KB 48 KB	242ms 241ms	Script text/javascript	52.239.224.161 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://051clj0531.z7.web.core.windows.net/assets/js/appinstall.js Requested by Host: 051clj0531.z7.web.core.windows.net URL: https://051clj0531.z7.web.core.windows.net/XR-S051.html?channelCode=pl68 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 52.239.224.161 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `9fbcc22b36befe3d9919c8eef22e771732f28ad8de6da0c0fd504d78f81d321f` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://051clj0531.z7.web.core.windows.net/XR-S051.html?channelCode=pl68 Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Mon, 03 Jun 2024 12:01:00 GMT Last-Modified Fri, 31 May 2024 06:44:52 GMT Server Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 SxdcpYkzwVyPoud+lTtKag== ETag "0x8DC813D2CEDEBD8" Content-Type text/javascript x-ms-request-id fc412c16-c01e-0000-57ad-b56e2b000000 x-ms-version 2018-03-28 Accept-Ranges bytes Content-Length 48564
GET H/1.1	200 OK	qrcode.min.js Show response 051clj0531.z7.web.core.windows.net/assets/js/	19 KB 20 KB	972ms 241ms	Script text/javascript	52.239.224.161 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://051clj0531.z7.web.core.windows.net/assets/js/qrcode.min.js Requested by Host: 051clj0531.z7.web.core.windows.net URL: https://051clj0531.z7.web.core.windows.net/XR-S051.html?channelCode=pl68 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 52.239.224.161 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://051clj0531.z7.web.core.windows.net/XR-S051.html?channelCode=pl68 Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Mon, 03 Jun 2024 12:01:01 GMT Last-Modified Fri, 31 May 2024 06:44:52 GMT Server Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 UXtV02iM6e8QhaPZYyvLlw== ETag "0x8DC813D2D019803" Content-Type text/javascript x-ms-request-id fc412d8d-c01e-0000-40ad-b56e2b000000 x-ms-version 2018-03-28 Accept-Ranges bytes Content-Length 19927
GET H/1.1	200 OK	jquery-3.5.1.min.js Show response 051clj0531.z7.web.core.windows.net/assets/js/	87 KB 88 KB	973ms 242ms	Script text/javascript	52.239.224.161 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://051clj0531.z7.web.core.windows.net/assets/js/jquery-3.5.1.min.js Requested by Host: 051clj0531.z7.web.core.windows.net URL: https://051clj0531.z7.web.core.windows.net/XR-S051.html?channelCode=pl68 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 52.239.224.161 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://051clj0531.z7.web.core.windows.net/XR-S051.html?channelCode=pl68 Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Mon, 03 Jun 2024 12:01:01 GMT Last-Modified Fri, 31 May 2024 06:44:52 GMT Server Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 thqm4taNIbNUa1tBi/Dpww== ETag "0x8DC813D2D07FFAA" Content-Type text/javascript x-ms-request-id fc412d90-c01e-0000-43ad-b56e2b000000 x-ms-version 2018-03-28 Accept-Ranges bytes Content-Length 89478
GET H/1.1	200 OK	common-xr-flex-style.css 051clj0531.z7.web.core.windows.net/assets/css/	1 KB 2 KB	724ms 244ms	Stylesheet text/css	52.239.224.161 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://051clj0531.z7.web.core.windows.net/assets/css/common-xr-flex-style.css Requested by Host: 051clj0531.z7.web.core.windows.net URL: https://051clj0531.z7.web.core.windows.net/XR-S051.html?channelCode=pl68 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 52.239.224.161 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `0e6f50651fa352e6ea26e0d8826f094fd0efb47fbcd39eb37a8d59d720c2af10` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://051clj0531.z7.web.core.windows.net/XR-S051.html?channelCode=pl68 Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Mon, 03 Jun 2024 12:01:00 GMT Last-Modified Fri, 31 May 2024 06:44:52 GMT Server Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 KAQa5hr3FqnMnGO2nWcdcQ== ETag "0x8DC813D2CEA1BDC" Content-Type text/css x-ms-request-id fc412d26-c01e-0000-60ad-b56e2b000000 x-ms-version 2018-03-28 Accept-Ranges bytes Content-Length 1195
GET H/1.1	200 OK	qrcode.css 051clj0531.z7.web.core.windows.net/assets/css/	1 KB 1 KB	974ms 243ms	Stylesheet text/css	52.239.224.161 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://051clj0531.z7.web.core.windows.net/assets/css/qrcode.css Requested by Host: 051clj0531.z7.web.core.windows.net URL: https://051clj0531.z7.web.core.windows.net/XR-S051.html?channelCode=pl68 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 52.239.224.161 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `d28878eefb8903a0d72ae9d02f03d0b99a1434ee110c9e554700ecfb42b6e7c9` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://051clj0531.z7.web.core.windows.net/XR-S051.html?channelCode=pl68 Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Mon, 03 Jun 2024 12:01:01 GMT Last-Modified Fri, 31 May 2024 06:44:52 GMT Server Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 yozAO+dLcl6V9+Pr3RrY7Q== ETag "0x8DC813D2CEA90FA" Content-Type text/css x-ms-request-id f6775483-701e-0015-2aad-b57998000000 x-ms-version 2018-03-28 Accept-Ranges bytes Content-Length 1027
GET H/1.1	200 OK	img-header.js 051clj0531.z7.web.core.windows.net/assets/img/xr-s05/	88 KB 88 KB	991ms 245ms	Image text/javascript	52.239.224.161 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://051clj0531.z7.web.core.windows.net/assets/img/xr-s05/img-header.js Requested by Host: 051clj0531.z7.web.core.windows.net URL: https://051clj0531.z7.web.core.windows.net/XR-S051.html?channelCode=pl68 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 52.239.224.161 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `9a9fe93ab895ad12bc10042abf8e6445328564092d35fec8e31042b753ca27ab` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://051clj0531.z7.web.core.windows.net/XR-S051.html?channelCode=pl68 Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Mon, 03 Jun 2024 12:01:00 GMT Last-Modified Fri, 31 May 2024 06:44:53 GMT Server Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 3rEkdWMEcGzD5QbFZcB7Nw== ETag "0x8DC813D2D27DF15" Content-Type text/javascript x-ms-request-id dbe4e3e0-b01e-0078-2cad-b5cdd3000000 x-ms-version 2018-03-28 Accept-Ranges bytes Content-Length 89734
GET H/1.1	200 OK	img-c1.js 051clj0531.z7.web.core.windows.net/assets/img/xr-s05/	544 KB 0	545ms 260ms	Image text/javascript	52.239.224.161 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://051clj0531.z7.web.core.windows.net/assets/img/xr-s05/img-c1.js Requested by Host: 051clj0531.z7.web.core.windows.net URL: https://051clj0531.z7.web.core.windows.net/XR-S051.html?channelCode=pl68 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 52.239.224.161 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://051clj0531.z7.web.core.windows.net/XR-S051.html?channelCode=pl68 Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Mon, 03 Jun 2024 12:01:00 GMT Last-Modified Fri, 31 May 2024 06:44:53 GMT Server Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 BxOrkVPaVyqeyaxvyiZ4ww== ETag "0x8DC813D2D2BAF07" Content-Type text/javascript x-ms-request-id 7604455e-f01e-0079-28ad-b5920f000000 x-ms-version 2018-03-28 Accept-Ranges bytes Content-Length 905919
GET H/1.1	200 OK	img-c2.js 051clj0531.z7.web.core.windows.net/assets/img/xr-s05/	147 KB 147 KB	243ms 243ms	Image text/javascript	52.239.224.161 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://051clj0531.z7.web.core.windows.net/assets/img/xr-s05/img-c2.js Requested by Host: 051clj0531.z7.web.core.windows.net URL: https://051clj0531.z7.web.core.windows.net/XR-S051.html?channelCode=pl68 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 52.239.224.161 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `5df9a5c5c05801adfffded168675ed680d7f45332859b8490564a9e474feb43d` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://051clj0531.z7.web.core.windows.net/XR-S051.html?channelCode=pl68 Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Mon, 03 Jun 2024 12:01:01 GMT Last-Modified Fri, 31 May 2024 06:44:52 GMT Server Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 5rCKhdguld1ArhaHDBXhnQ== ETag "0x8DC813D2D208D25" Content-Type text/javascript x-ms-request-id fc412e77-c01e-0000-10ad-b56e2b000000 x-ms-version 2018-03-28 Accept-Ranges bytes Content-Length 150093
GET H/1.1	200 OK	img-footer.js 051clj0531.z7.web.core.windows.net/assets/img/xr-s05/	48 KB 0	3154ms 3154ms	Image text/javascript	52.239.224.161 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://051clj0531.z7.web.core.windows.net/assets/img/xr-s05/img-footer.js Requested by Host: 051clj0531.z7.web.core.windows.net URL: https://051clj0531.z7.web.core.windows.net/XR-S051.html?channelCode=pl68 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 52.239.224.161 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://051clj0531.z7.web.core.windows.net/XR-S051.html?channelCode=pl68 Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Mon, 03 Jun 2024 12:01:01 GMT Last-Modified Fri, 31 May 2024 06:44:53 GMT Server Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 WDtDKL2KuqVySuLUY+gaXg== ETag "0x8DC813D2D23C0F2" Content-Type text/javascript x-ms-request-id fc412e76-c01e-0000-0fad-b56e2b000000 x-ms-version 2018-03-28 Accept-Ranges bytes Content-Length 112703
POST H/1.1	200	init Show response web.xl3s.com/web/lgp37cry/pl68/	617 B 1 KB	1084ms 552ms	XHR application/json	128.14.116.97 ZEN-ECN
General Check archive.org Show headers Download Go to Full URL https://web.xl3s.com/web/lgp37cry/pl68/init?channelCode=pl68&av=0&cv=0&hash=&server=web.xl3s.com&sw=p6Cmpg&sh=p6Smpg&sp=1&li=p6GkuKehuKa4p6E Requested by Host: 051clj0531.z7.web.core.windows.net URL: https://051clj0531.z7.web.core.windows.net/assets/js/appinstall.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 128.14.116.97 , Brazil, ASN21859 (ZEN-ECN, US), Reverse DNS Software Tengine / Resource Hash `e53491824e89dd082ae44d048669501db447851ccda4a72ad1b9a668be57c51f` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-platform "Win32" Referer https://051clj0531.z7.web.core.windows.net/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers Date Mon, 03 Jun 2024 12:01:02 GMT Via cache9.l2hk3[2,0], cache6.br4[336,0] Server Tengine Vary Origin Content-Type application/json;charset=utf-8 Access-Control-Allow-Origin https://051clj0531.z7.web.core.windows.net Access-Control-Allow-Credentials true Connection keep-alive Timing-Allow-Origin * Content-Length 617 EagleId 800e749a17174160624176105e
GET DATA	200 OK	truncated /	85 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `4a711f5cd03c09fd79ae2f19bb2f71168e71c18b7562626a1ae8d99ebc3212ff` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated /	6 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `98d0e962e4b6360611552f664b16533f8de88cbef4e5c9084961a8d02d661b14` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers Content-Type image/png
POST H/1.1	200	eyJjIjoicGw2OCIsIm0iOiJ4ZHBqZHNrM3hPTUFBQUdQM2ZsdWRGcnVKYUxrODhDdW5KS252V0FZX214b0xuVzJRdDZFbHpIeVNFc0NyVTFvOFpLTlJ4c0pxVmU1ZmJuZUtYVl9hb1h5OE9ZMyJ9 web.xl3s.com/web/lgp37cry/pl68/clicked/c/	0 584 B	554ms 545ms	Ping text/plain	128.14.116.97 ZEN-ECN
General Check archive.org Show headers Download Go to Full URL https://web.xl3s.com/web/lgp37cry/pl68/clicked/c/eyJjIjoicGw2OCIsIm0iOiJ4ZHBqZHNrM3hPTUFBQUdQM2ZsdWRGcnVKYUxrODhDdW5KS252V0FZX214b0xuVzJRdDZFbHpIeVNFc0NyVTFvOFpLTlJ4c0pxVmU1ZmJuZUtYVl9hb1h5OE9ZMyJ9?p=0&ref=https%3A%2F%2F051clj0531.z7.web.core.windows.net%2FXR-S051.html%3FchannelCode%3Dpl68&ac=0&cc=0&channelCode=pl68 Requested by Host: 051clj0531.z7.web.core.windows.net URL: https://051clj0531.z7.web.core.windows.net/assets/js/appinstall.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 128.14.116.97 , Brazil, ASN21859 (ZEN-ECN, US), Reverse DNS Software Tengine / Resource Hash Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://051clj0531.z7.web.core.windows.net/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Mon, 03 Jun 2024 12:01:05 GMT Via cache26.l2hk3[3,0], cache6.br4[331,0] Server Tengine Vary Origin Access-Control-Allow-Origin https://051clj0531.z7.web.core.windows.net Access-Control-Allow-Credentials true Connection keep-alive Timing-Allow-Origin * Content-Length 0 EagleId 800e749a17174160649033221e
GET		eyJjIjoicGw2OCIsIm0iOiJiWWFSWmdrekVQb0FBQUdQM2ZsdWRGMFI1Z2NxdnZjd1F5WVZGQUZyLXVkTHI3XzhncFhQUndMbXhnbTRpaU9JYnBtWEs5WWlXQ1ZTUEFtT3VFRVNrMU1DZDZwSyJ9 web.xl3s.com/page/lgp37cry/install/c/	0 0

POST H/1.1	200	eyJjIjoicGw2OCIsIm0iOiJ4ZHBqZHNrM3hPTUFBQUdQM2ZsdWRGcnVKYUxrODhDdW5KS252V0FZX214b0xuVzJRdDZFbHpIeVNFc0NyVTFvOFpLTlJ4c0pxVmU1ZmJuZUtYVl9hb1h5OE9ZMyJ9 web.xl3s.com/web/lgp37cry/pl68/clicked/c/	0 585 B	1005ms 561ms	Ping text/plain	128.14.116.97 ZEN-ECN
General Check archive.org Show headers Download Go to Full URL https://web.xl3s.com/web/lgp37cry/pl68/clicked/c/eyJjIjoicGw2OCIsIm0iOiJ4ZHBqZHNrM3hPTUFBQUdQM2ZsdWRGcnVKYUxrODhDdW5KS252V0FZX214b0xuVzJRdDZFbHpIeVNFc0NyVTFvOFpLTlJ4c0pxVmU1ZmJuZUtYVl9hb1h5OE9ZMyJ9?p=0&ref=https%3A%2F%2F051clj0531.z7.web.core.windows.net%2FXR-S051.html%3FchannelCode%3Dpl68&ac=1&cc=1&channelCode=pl68 Requested by Host: 051clj0531.z7.web.core.windows.net URL: https://051clj0531.z7.web.core.windows.net/assets/js/appinstall.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 128.14.116.97 , Brazil, ASN21859 (ZEN-ECN, US), Reverse DNS Software Tengine / Resource Hash Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://051clj0531.z7.web.core.windows.net/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Mon, 03 Jun 2024 12:01:05 GMT Via cache20.l2hk3[4,0], cache18.br4[335,0] Server Tengine Vary Origin Access-Control-Allow-Origin https://051clj0531.z7.web.core.windows.net Access-Control-Allow-Credentials true Connection keep-alive Timing-Allow-Origin * Content-Length 0 EagleId 800e74a617174160653434472e
GET		eyJjIjoicGw2OCIsIm0iOiJiWWFSWmdrekVQb0FBQUdQM2ZsdWRGMFI1Z2NxdnZjd1F5WVZGQUZyLXVkTHI3XzhncFhQUndMbXhnbTRpaU9JYnBtWEs5WWlXQ1ZTUEFtT3VFRVNrMU1DZDZwSyJ9 web.xl3s.com/page/lgp37cry/install/c/	0 0

POST H/1.1	200	eyJjIjoicGw2OCIsIm0iOiJ4ZHBqZHNrM3hPTUFBQUdQM2ZsdWRGcnVKYUxrODhDdW5KS252V0FZX214b0xuVzJRdDZFbHpIeVNFc0NyVTFvOFpLTlJ4c0pxVmU1ZmJuZUtYVl9hb1h5OE9ZMyJ9 web.xl3s.com/web/lgp37cry/pl68/clicked/c/	0 585 B	997ms 551ms	Ping text/plain	128.14.116.97 ZEN-ECN
General Check archive.org Show headers Download Go to Full URL https://web.xl3s.com/web/lgp37cry/pl68/clicked/c/eyJjIjoicGw2OCIsIm0iOiJ4ZHBqZHNrM3hPTUFBQUdQM2ZsdWRGcnVKYUxrODhDdW5KS252V0FZX214b0xuVzJRdDZFbHpIeVNFc0NyVTFvOFpLTlJ4c0pxVmU1ZmJuZUtYVl9hb1h5OE9ZMyJ9?p=0&ref=https%3A%2F%2F051clj0531.z7.web.core.windows.net%2FXR-S051.html%3FchannelCode%3Dpl68&ac=1&cc=1&channelCode=pl68 Requested by Host: 051clj0531.z7.web.core.windows.net URL: https://051clj0531.z7.web.core.windows.net/assets/js/appinstall.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 128.14.116.97 , Brazil, ASN21859 (ZEN-ECN, US), Reverse DNS Software Tengine / Resource Hash Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://051clj0531.z7.web.core.windows.net/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Mon, 03 Jun 2024 12:01:05 GMT Via cache12.l2hk3[3,0], cache16.br4[329,0] Server Tengine Vary Origin Access-Control-Allow-Origin https://051clj0531.z7.web.core.windows.net Access-Control-Allow-Credentials true Connection keep-alive Timing-Allow-Origin * Content-Length 0 EagleId 800e74a417174160653432834e
GET H/1.1	567 Unknown Status	Primary Request xr_207238929_sign.apk Show response xingqitian2010.siguashui570.com/ Redirect Chain https://web.xl3s.com/page/lgp37cry/install/c/eyJjIjoicGw2OCIsIm0iOiJiWWFSWmdrekVQb0FBQUdQM2ZsdWRGMFI1Z2NxdnZjd1F5WVZGQUZyLXVkTHI3XzhncFhQUndMbXhnbTRpaU9JYnBtWEs5WWlXQ1ZTUEFtT3VFRVNrMU1DZDZwSyJ9?p=0 https://dldvcnzrk723.oss-accelerate.aliyuncs.com/index.txt https://xingqitian2010.siguashui570.com/xr_207238929_sign.apk	1 KB 1 KB	103ms 19ms	Document text/html	43.152.44.86 ACE-AS-AP ACE
General Check archive.org Show headers Download Go to Full URL https://xingqitian2010.siguashui570.com/xr_207238929_sign.apk Requested by Host: 051clj0531.z7.web.core.windows.net URL: https://051clj0531.z7.web.core.windows.net/assets/js/appinstall.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 43.152.44.86 Frankfurt am Main, Germany, ASN139341 (ACE-AS-AP ACE, SG), Reverse DNS Software EdgeOne_SS_OC / Resource Hash `e62fe143b99b2b3f44da08ae8986bbea15906def68f52c835dba297441fc7e84` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://051clj0531.z7.web.core.windows.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers Connection close Content-Length 1224 Date Mon, 03 Jun 2024 12:01:06 GMT EO-LOG-UUID 2194147631925705763 Server EdgeOne_SS_OC content-type text/html; charset=UTF-8 Redirect headers Connection keep-alive Content-Length 0 Date Mon, 03 Jun 2024 12:01:06 GMT Location https://xingqitian2010.siguashui570.com/xr_207238929_sign.apk Server AliyunOSS x-oss-request-id 665DB08299D9D6353A8A33D7
GET H/1.1	567 Unknown Status	favicon.ico xingqitian2010.siguashui570.com/	1 KB 1 KB	91ms 20ms	Other text/html	43.152.44.86 ACE-AS-AP ACE
General Check archive.org Show headers Download Go to Full URL https://xingqitian2010.siguashui570.com/favicon.ico Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 43.152.44.86 Frankfurt am Main, Germany, ASN139341 (ACE-AS-AP ACE, SG), Reverse DNS Software EdgeOne_SS_OC / Resource Hash `a89c5d599ab0b181f8bf2e14f0304950ff2e29b7d11ffa3515a58baea177381a` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://xingqitian2010.siguashui570.com/xr_207238929_sign.apk Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Mon, 03 Jun 2024 12:01:06 GMT EO-LOG-UUID 5353173004169906675 Server EdgeOne_SS_OC Connection close Content-Length 1224 content-type text/html; charset=UTF-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: web.xl3s.com
URL: https://web.xl3s.com/page/lgp37cry/install/c/eyJjIjoicGw2OCIsIm0iOiJiWWFSWmdrekVQb0FBQUdQM2ZsdWRGMFI1Z2NxdnZjd1F5WVZGQUZyLXVkTHI3XzhncFhQUndMbXhnbTRpaU9JYnBtWEs5WWlXQ1ZTUEFtT3VFRVNrMU1DZDZwSyJ9?p=0

Domain: web.xl3s.com
URL: https://web.xl3s.com/page/lgp37cry/install/c/eyJjIjoicGw2OCIsIm0iOiJiWWFSWmdrekVQb0FBQUdQM2ZsdWRGMFI1Z2NxdnZjd1F5WVZGQUZyLXVkTHI3XzhncFhQUndMbXhnbTRpaU9JYnBtWEs5WWlXQ1ZTUEFtT3VFRVNrMU1DZDZwSyJ9?p=0

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| changeLang

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://xingqitian2010.siguashui570.com/xr_207238929_sign.apk Message: Failed to load resource: the server responded with a status of 567 (Unknown Status)
network	error	URL: https://xingqitian2010.siguashui570.com/favicon.ico Message: Failed to load resource: the server responded with a status of 567 (Unknown Status)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

051clj0531.z7.web.core.windows.net
ch8m.com
dldvcnzrk723.oss-accelerate.aliyuncs.com
web.xl3s.com
xingqitian2010.siguashui570.com
web.xl3s.com
128.14.116.97
43.152.44.86
47.254.187.186
52.239.224.161
54.251.227.147
0e6f50651fa352e6ea26e0d8826f094fd0efb47fbcd39eb37a8d59d720c2af10
3235fb2f284f40480fcd26c17c6a5e6c71e7c15573a2efc7bbe89a7f1ce6c085
4a711f5cd03c09fd79ae2f19bb2f71168e71c18b7562626a1ae8d99ebc3212ff
5df9a5c5c05801adfffded168675ed680d7f45332859b8490564a9e474feb43d
98d0e962e4b6360611552f664b16533f8de88cbef4e5c9084961a8d02d661b14
9a9fe93ab895ad12bc10042abf8e6445328564092d35fec8e31042b753ca27ab
9fbcc22b36befe3d9919c8eef22e771732f28ad8de6da0c0fd504d78f81d321f
a89c5d599ab0b181f8bf2e14f0304950ff2e29b7d11ffa3515a58baea177381a
c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36
d28878eefb8903a0d72ae9d02f03d0b99a1434ee110c9e554700ecfb42b6e7c9
e53491824e89dd082ae44d048669501db447851ccda4a72ad1b9a668be57c51f
e62fe143b99b2b3f44da08ae8986bbea15906def68f52c835dba297441fc7e84
f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b

xingqitian2010.siguashui570.com Open in urlscan Pro 43.152.44.86 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

89 %HTTPS

0 %IPv6

5 Domains

5 Subdomains

4 IPs

4 Countries

402 kBTransfer

994 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

xingqitian2010.siguashui570.com Open in urlscan Pro
43.152.44.86 Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

89 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

4
IPs

4
Countries

402 kB
Transfer

994 kB
Size

0
Cookies

18 HTTP transactions
2 data transactions