Submitted URL: https://bitly.com/33HMZTh
Effective URL: https://blog.lllgw.cn/.well-known/acme-challenge/content2/currency.php?learn=99pxa9vvybsh90hg&minute=group&wife=sign
Submission: On December 07 via manual from IN

Summary

This website contacted 2 IPs in 2 countries across 5 domains to perform 10 HTTP transactions. The main IP is 103.45.187.170, located in China and belongs to CHINANET-LIAONING-DALIAN-MAN CHINANET Liaoning province Dalian MAN network, CN. The main domain is blog.lllgw.cn.
TLS certificate: Issued by Let's Encrypt Authority X3 on December 1st 2020. Valid for: 3 months.
This is the only time blog.lllgw.cn was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 67.199.248.15 396982 (GOOGLE-PR...)
2 103.45.187.170 134762 (CHINANET-...)
10 2
Apex Domain
Subdomains
Transfer
2 lllgw.cn
blog.lllgw.cn
1 KB
1 bitly.com
bitly.com
332 B
0 cloudflare.com Failed
cdnjs.cloudflare.com Failed
0 googleapis.com Failed
fonts.googleapis.com Failed
0 hypo-news.com Failed
hypo-news.com Failed
10 5
Domain Requested by
2 blog.lllgw.cn blog.lllgw.cn
1 bitly.com 1 redirects
0 cdnjs.cloudflare.com Failed blog.lllgw.cn
0 fonts.googleapis.com Failed blog.lllgw.cn
0 hypo-news.com Failed blog.lllgw.cn
10 5

This site contains no links.

Subject Issuer Validity Valid
blog.lllgw.cn
Let's Encrypt Authority X3
2020-12-01 -
2021-03-01
3 months crt.sh

This page contains 1 frames:

Primary Page: https://blog.lllgw.cn/.well-known/acme-challenge/content2/currency.php?learn=99pxa9vvybsh90hg&minute=group&wife=sign
Frame ID: 068F6DC6551441CD0BA6B88127219A99
Requests: 10 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://bitly.com/33HMZTh HTTP 301
    https://blog.lllgw.cn/.well-known/acme-challenge/content2/currency.php?afternoon=1ph1dexp1ug0u0&th... Page URL
  2. https://blog.lllgw.cn/.well-known/acme-challenge/content2/currency.php?learn=99pxa9vvybsh90hg&minu... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

10
Requests

20 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

2
IPs

2
Countries

1 kB
Transfer

89 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://bitly.com/33HMZTh HTTP 301
    https://blog.lllgw.cn/.well-known/acme-challenge/content2/currency.php?afternoon=1ph1dexp1ug0u0&theres=heart&mary=deep Page URL
  2. https://blog.lllgw.cn/.well-known/acme-challenge/content2/currency.php?learn=99pxa9vvybsh90hg&minute=group&wife=sign Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://bitly.com/33HMZTh HTTP 301
  • https://blog.lllgw.cn/.well-known/acme-challenge/content2/currency.php?afternoon=1ph1dexp1ug0u0&theres=heart&mary=deep

10 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
currency.php
blog.lllgw.cn/.well-known/acme-challenge/content2/
Redirect Chain
  • https://bitly.com/33HMZTh
  • https://blog.lllgw.cn/.well-known/acme-challenge/content2/currency.php?afternoon=1ph1dexp1ug0u0&theres=heart&mary=deep
3 KB
1 KB
Document
General
Full URL
https://blog.lllgw.cn/.well-known/acme-challenge/content2/currency.php?afternoon=1ph1dexp1ug0u0&theres=heart&mary=deep
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.45.187.170 , China, ASN134762 (CHINANET-LIAONING-DALIAN-MAN CHINANET Liaoning province Dalian MAN network, CN),
Reverse DNS
Software
nginx /
Resource Hash
9524a098570e231f49330697898470feee1a6a55dd019fb3c3b616434e2e5ed9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:method
GET
:authority
blog.lllgw.cn
:scheme
https
:path
/.well-known/acme-challenge/content2/currency.php?afternoon=1ph1dexp1ug0u0&theres=heart&mary=deep
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

server
nginx
date
Mon, 07 Dec 2020 10:00:19 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
set-cookie
X_CACHE_KEY=18451467fcb93f0b250fe76ac903dae8; path=/; Expires=Fri, 31-Dec-9999 23:59:59 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip

Redirect headers

server
nginx
date
Mon, 07 Dec 2020 10:00:17 GMT
content-type
text/html; charset=utf-8
content-length
213
cache-control
private, max-age=90
content-security-policy
referrer always;
location
https://blog.lllgw.cn/.well-known/acme-challenge/content2/currency.php?afternoon=1ph1dexp1ug0u0&theres=heart&mary=deep
referrer-policy
unsafe-url
set-cookie
_bit=kb7a0h-9a4abd2c8762c79e0f-00G; Domain=bitly.com; Expires=Sat, 05 Jun 2021 10:00:17 GMT
strict-transport-security
max-age=31536000
via
1.1 google
alt-svc
clear
Primary Request currency.php
blog.lllgw.cn/.well-known/acme-challenge/content2/
86 KB
0
Document
General
Full URL
https://blog.lllgw.cn/.well-known/acme-challenge/content2/currency.php?learn=99pxa9vvybsh90hg&minute=group&wife=sign
Requested by
Host: blog.lllgw.cn
URL: https://blog.lllgw.cn/.well-known/acme-challenge/content2/currency.php?afternoon=1ph1dexp1ug0u0&theres=heart&mary=deep
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.45.187.170 , China, ASN134762 (CHINANET-LIAONING-DALIAN-MAN CHINANET Liaoning province Dalian MAN network, CN),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:method
GET
:authority
blog.lllgw.cn
:scheme
https
:path
/.well-known/acme-challenge/content2/currency.php?learn=99pxa9vvybsh90hg&minute=group&wife=sign
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://blog.lllgw.cn/.well-known/acme-challenge/content2/currency.php?afternoon=1ph1dexp1ug0u0&theres=heart&mary=deep
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
X_CACHE_KEY=18451467fcb93f0b250fe76ac903dae8
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://blog.lllgw.cn/.well-known/acme-challenge/content2/currency.php?afternoon=1ph1dexp1ug0u0&theres=heart&mary=deep

Response headers

server
nginx
date
Mon, 07 Dec 2020 10:00:35 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
strict-transport-security
max-age=31536000
content-encoding
gzip
backday.js
hypo-news.com/html/en/images/3/
0
0

css
fonts.googleapis.com/
0
0

jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/
0
0

theme_hmtd1s.css
hypo-news.com/html/en/images/3/
0
0

sharetab.png
hypo-news.com/html/en/images/3/
0
0

sharedesk.png
hypo-news.com/html/en/images/3/
0
0

Rich.jpg
hypo-news.com/html/en/images/3/
0
0

ukplusjim.jpg
hypo-news.com/html/en/images/3/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
hypo-news.com
URL
https://hypo-news.com/html/en/images/3/backday.js
Domain
fonts.googleapis.com
URL
https://fonts.googleapis.com/css?family=Open+Sans+Condensed:700|Open+Sans:400,600,700&subset=latin-ext
Domain
cdnjs.cloudflare.com
URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
Domain
hypo-news.com
URL
https://hypo-news.com/html/en/images/3/theme_hmtd1s.css
Domain
hypo-news.com
URL
https://hypo-news.com/html/en/images/3/sharetab.png
Domain
hypo-news.com
URL
https://hypo-news.com/html/en/images/3/sharedesk.png
Domain
hypo-news.com
URL
https://hypo-news.com/html/en/images/3/Rich.jpg
Domain
hypo-news.com
URL
https://hypo-news.com/html/en/images/3/ukplusjim.jpg

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated

1 Cookies

Domain/Path Name / Value
blog.lllgw.cn/ Name: X_CACHE_KEY
Value: 18451467fcb93f0b250fe76ac903dae8

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bitly.com
blog.lllgw.cn
cdnjs.cloudflare.com
fonts.googleapis.com
hypo-news.com
cdnjs.cloudflare.com
fonts.googleapis.com
hypo-news.com
103.45.187.170
67.199.248.15
9524a098570e231f49330697898470feee1a6a55dd019fb3c3b616434e2e5ed9