urlscan.io logo urlscan.io
SecurityTrails logo

app.xybpay.cn Open in urlscan Pro
38.6.179.110  Public Scan

Go To Rescan Add Verdict Report
URL: https://app.xybpay.cn/
Submission: On August 30 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 13 HTTP transactions. The main IP is 38.6.179.110, located in United States and belongs to CNSERVERS, US. The main domain is app.xybpay.cn.
TLS certificate: Issued by R3 on August 30th 2023. Valid for: 3 months.
This is the only time app.xybpay.cn was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
11 38.6.179.110 40065 (CNSERVERS)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
13 3
Apex Domain
Subdomains		 Transfer
11 xybpay.cn
app.xybpay.cn
h5.xybpay.cn Failed
418 KB
1 loli.net
i.loli.net — Cisco Umbrella Rank: 289256
171 KB
13 2
Domain Requested by
11 app.xybpay.cn app.xybpay.cn
1 i.loli.net app.xybpay.cn
0 h5.xybpay.cn Failed app.xybpay.cn
13 3

This site contains links to these domains. Also see Links.

Domain
h5.xybpay.cn
Subject Issuer Validity Valid
app.xybpay.cn
R3		 2023-08-30 -
2023-11-28		 3 months crt.sh
loli.net
Cloudflare Inc ECC CA-3		 2023-04-05 -
2024-04-04		 a year crt.sh

This page contains 1 frames:

Primary Page: https://app.xybpay.cn/
Frame ID: F9773987B62987CA2C8D698B78891960
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

通讯io软件app下载

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • ([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

92 %
HTTPS

50 %
IPv6

2
Domains

3
Subdomains

3
IPs

1
Countries

589 kB
Transfer

1534 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
app.xybpay.cn/ 		3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.xybpay.cn/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
38.6.179.110 , United States, ASN40065 (CNSERVERS, US),
Reverse DNS
Software
cdn /
Resource Hash
6bf316be0bde62bb2d02de7f5dacd9c7494af718c211d24e9dbd10a14200f6d7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

content-encoding
gzip
content-type
text/html
date
Wed, 30 Aug 2023 04:38:13 GMT
etag
W/"64eebe5c-cdc"
last-modified
Wed, 30 Aug 2023 03:58:20 GMT
server
cdn
strict-transport-security
max-age=31536000
vary
Accept-Encoding Accept-Encoding
x-cache-status
MISS
bootstrap.min.css
app.xybpay.cn/css/ 		107 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.xybpay.cn/css/bootstrap.min.css
Requested by
Host: app.xybpay.cn
URL: https://app.xybpay.cn/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
38.6.179.110 , United States, ASN40065 (CNSERVERS, US),
Reverse DNS
Software
cdn /
Resource Hash
a450eca70487c28f8891219c0ceabe936807f82c3a8f4385880dd897286b98fb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://app.xybpay.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Wed, 30 Aug 2023 04:38:13 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
last-modified
Tue, 02 Apr 2019 14:08:20 GMT
server
cdn
etag
W/"5ca36cd4-1ac23"
x-cache-status
HIT
vary
Accept-Encoding, Accept-Encoding
content-type
text/css
cache-control
max-age=43200
expires
Wed, 30 Aug 2023 15:48:30 GMT
plugins.css
app.xybpay.cn/css/ 		217 KB
46 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.xybpay.cn/css/plugins.css
Requested by
Host: app.xybpay.cn
URL: https://app.xybpay.cn/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
38.6.179.110 , United States, ASN40065 (CNSERVERS, US),
Reverse DNS
Software
cdn /
Resource Hash
dcc264a5f9b8ddcfaf4391c027c833d648d948d7444653431cbdb46a0e57525a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://app.xybpay.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Wed, 30 Aug 2023 04:38:13 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
last-modified
Tue, 02 Apr 2019 14:08:20 GMT
server
cdn
etag
W/"5ca36cd4-362f4"
x-cache-status
HIT
vary
Accept-Encoding, Accept-Encoding
content-type
text/css
cache-control
max-age=43200
expires
Wed, 30 Aug 2023 15:48:30 GMT
main.css
app.xybpay.cn/css/ 		77 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.xybpay.cn/css/main.css
Requested by
Host: app.xybpay.cn
URL: https://app.xybpay.cn/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
38.6.179.110 , United States, ASN40065 (CNSERVERS, US),
Reverse DNS
Software
cdn /
Resource Hash
0be2c8df39f15d49aecd9e4f19918296a8514fb0826ad8e59944ce24b1e2a299
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://app.xybpay.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Wed, 30 Aug 2023 04:38:13 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
last-modified
Tue, 02 Apr 2019 14:08:20 GMT
server
cdn
etag
W/"5ca36cd4-13323"
x-cache-status
HIT
vary
Accept-Encoding, Accept-Encoding
content-type
text/css
cache-control
max-age=43200
expires
Wed, 30 Aug 2023 15:48:30 GMT
themes.css
app.xybpay.cn/css/ 		3 KB
837 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.xybpay.cn/css/themes.css
Requested by
Host: app.xybpay.cn
URL: https://app.xybpay.cn/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
38.6.179.110 , United States, ASN40065 (CNSERVERS, US),
Reverse DNS
Software
cdn /
Resource Hash
da8c1eed518af8fcdbd83c976814acbc065be3d0c3dbe0f9da7e5148051e72d7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://app.xybpay.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Wed, 30 Aug 2023 04:38:13 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
last-modified
Tue, 02 Apr 2019 14:08:20 GMT
server
cdn
etag
W/"5ca36cd4-b6f"
x-cache-status
MISS
vary
Accept-Encoding, Accept-Encoding
content-type
text/css
cache-control
max-age=43200
expires
Wed, 30 Aug 2023 16:38:13 GMT
modernizr-3.3.1.min.js
app.xybpay.cn/js/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.xybpay.cn/js/modernizr-3.3.1.min.js
Requested by
Host: app.xybpay.cn
URL: https://app.xybpay.cn/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
38.6.179.110 , United States, ASN40065 (CNSERVERS, US),
Reverse DNS
Software
cdn /
Resource Hash
147b08aa6afaa0b704ebedb56d0b146a7e33600a971e5d20773b3371db70be11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://app.xybpay.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Wed, 30 Aug 2023 04:38:13 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
last-modified
Tue, 02 Apr 2019 14:08:20 GMT
server
cdn
etag
W/"5ca36cd4-5f6"
x-cache-status
HIT
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
max-age=43200
expires
Wed, 30 Aug 2023 15:48:30 GMT
5ca36dc719ebf.png
i.loli.net/2019/04/02/ 		170 KB
171 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.loli.net/2019/04/02/5ca36dc719ebf.png
Requested by
Host: app.xybpay.cn
URL: https://app.xybpay.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4528 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afea919f327f1c3952f93f05e0127784f6005444ed758373c55a40bfef8c394c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://app.xybpay.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Wed, 30 Aug 2023 04:38:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-custom-job
If you see this, please contact admin@loli.net for a job
alt-svc
h3=":443"; ma=86400
content-length
174590
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 02 Apr 2019 14:12:23 GMT
server
cloudflare
etag
"5ca36dc7-2a9fe"
x-frame-options
SAMEORIGIN
vary
Accept, Accept-Encoding
content-type
image/png
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4cGUgrnKRXtwoVcpRa0say9cDHCfH8SZxxfcTyfnmrlIh8o5rZzi%2FfMijRDAaa2JELm48eZcgI9vjKDdL7kh1D9fJAJNzv%2FOwhHumxvBJlSnvHcZWempx3d4v0XMqFZMAShIrocF4AM%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7fea57d33cb64bc9-BUF
jquery-2.2.4.min.js
app.xybpay.cn/js/ 		84 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.xybpay.cn/js/jquery-2.2.4.min.js
Requested by
Host: app.xybpay.cn
URL: https://app.xybpay.cn/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
38.6.179.110 , United States, ASN40065 (CNSERVERS, US),
Reverse DNS
Software
cdn /
Resource Hash
fdce77a6d0053f32d231518a84a71bcab5c86045ed52369da00b89d4284aef46
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://app.xybpay.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Wed, 30 Aug 2023 04:38:14 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
last-modified
Tue, 02 Apr 2019 14:08:20 GMT
server
cdn
etag
W/"5ca36cd4-14e49"
x-cache-status
MISS
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
max-age=43200
expires
Wed, 30 Aug 2023 16:38:14 GMT
bootstrap.min.js
app.xybpay.cn/js/ 		36 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.xybpay.cn/js/bootstrap.min.js
Requested by
Host: app.xybpay.cn
URL: https://app.xybpay.cn/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
38.6.179.110 , United States, ASN40065 (CNSERVERS, US),
Reverse DNS
Software
cdn /
Resource Hash
ba871c19af9d130c378c049cf86abaebbf9419b6bd744656508703c37286340b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://app.xybpay.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Wed, 30 Aug 2023 04:38:14 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
last-modified
Tue, 02 Apr 2019 14:08:20 GMT
server
cdn
etag
W/"5ca36cd4-91d2"
x-cache-status
HIT
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
max-age=43200
expires
Wed, 30 Aug 2023 15:48:31 GMT
plugins.js
app.xybpay.cn/js/ 		781 KB
267 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.xybpay.cn/js/plugins.js
Requested by
Host: app.xybpay.cn
URL: https://app.xybpay.cn/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
38.6.179.110 , United States, ASN40065 (CNSERVERS, US),
Reverse DNS
Software
cdn /
Resource Hash
a8c4ecbd5094aacb414e50ca892869eccfb16ca68151f8b707d1a60f7b560405
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://app.xybpay.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Wed, 30 Aug 2023 04:38:14 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
last-modified
Tue, 02 Apr 2019 14:08:20 GMT
server
cdn
etag
W/"5ca36cd4-c351c"
x-cache-status
MISS
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
max-age=43200
expires
Wed, 30 Aug 2023 16:38:14 GMT
app.js
app.xybpay.cn/js/ 		27 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.xybpay.cn/js/app.js
Requested by
Host: app.xybpay.cn
URL: https://app.xybpay.cn/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
38.6.179.110 , United States, ASN40065 (CNSERVERS, US),
Reverse DNS
Software
cdn /
Resource Hash
40764f9681dd28b859b677f9bd9a4a5f0a4e4d16860f81b42c9caa6af43e7bbf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://app.xybpay.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Wed, 30 Aug 2023 04:38:14 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
last-modified
Tue, 02 Apr 2019 14:08:20 GMT
server
cdn
etag
W/"5ca36cd4-6bb6"
x-cache-status
MISS
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
max-age=43200
expires
Wed, 30 Aug 2023 16:38:14 GMT
readyDashboard.js
app.xybpay.cn/js/ 		27 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.xybpay.cn/js/readyDashboard.js
Requested by
Host: app.xybpay.cn
URL: https://app.xybpay.cn/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
38.6.179.110 , United States, ASN40065 (CNSERVERS, US),
Reverse DNS
Software
cdn /
Resource Hash
40764f9681dd28b859b677f9bd9a4a5f0a4e4d16860f81b42c9caa6af43e7bbf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://app.xybpay.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Wed, 30 Aug 2023 04:38:14 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
last-modified
Tue, 02 Apr 2019 14:08:20 GMT
server
cdn
etag
W/"5ca36cd4-6bb6"
x-cache-status
HIT
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
max-age=43200
expires
Wed, 30 Aug 2023 15:48:31 GMT
/
h5.xybpay.cn/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
h5.xybpay.cn
URL
http://h5.xybpay.cn:7001/

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| Modernizr function| $ function| jQuery function| _typeof function| moment function| Dropzone function| Slider function| Cookies object| App

0 Cookies

1 Console Messages

Source Level URL
Text
security error URL: https://app.xybpay.cn/
Message:
Mixed Content: The page at 'https://app.xybpay.cn/' was loaded over HTTPS, but requested an insecure script 'http://h5.xybpay.cn:7001/'. This request has been blocked; the content must be served over HTTPS.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000