paper.tuisec.win Open in urlscan Pro
2400:cb00:2048:1::681b:9c27 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://paper.tuisec.win/detail/14728affe24c59d
Submission: On August 22 via manual (August 22nd 2018, 5:01:28 pm UTC) from BR

Summary HTTP 18 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 18 HTTP transactions. The main IP is 2400:cb00:2048:1::681b:9c27, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is paper.tuisec.win.
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on August 7th 2018. Valid for: 6 months.

This is the only time paper.tuisec.win was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
16	2400:cb00:204... 2400:cb00:2048:1::681b:9c27	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	183.131.207.78 183.131.207.78	136190 (CHINATELE...) (CHINATELECOM-YUNNAN-DALI-MAN DaLi)
18	2

16 2400:cb00:2048:1::681b:9c27 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

paper.tuisec.win	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.tuisec.win	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 183.131.207.78 (Jinhua, China)

ASN136190 (CHINATELECOM-YUNNAN-DALI-MAN DaLi, CN)

js.users.51.la	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ia.51.la	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	tuisec.win paper.tuisec.win cdn.tuisec.win	222 KB
2	51.la js.users.51.la ia.51.la	3 KB
18	2

	Domain	Requested by
10	paper.tuisec.win	paper.tuisec.win
6	cdn.tuisec.win	paper.tuisec.win
1	ia.51.la	paper.tuisec.win
1	js.users.51.la	paper.tuisec.win
18	4

This site contains links to these domains. Also see Links.

Domain
github.com
www.cobaltstrike.com
www.fileseek.ca
varaneckas.com
www.luteam.com
www.51.la

Subject Issuer	Validity	Valid
sni178209.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-08-07` - `2019-02-13`	6 months	crt.sh
*.users.51.la GlobalSign Domain Validation CA - SHA256 - G2	`2018-01-15` - `2021-03-19`	3 years	crt.sh
*.51.la GlobalSign Domain Validation CA - SHA256 - G2	`2018-01-15` - `2021-04-15`	3 years	crt.sh

This page contains 1 frames:

Primary Page: https://paper.tuisec.win/detail/14728affe24c59d
Frame ID: 570DBBCF975A351DAA1AB5FD8194285F
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js/i
env /^jQuery$/i

Page Statistics

18
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

4
Subdomains

2
IPs

2
Countries

226 kB
Transfer

370 kB
Size

0
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://github.com/sensepost/reGeorg
Title: reGeorg

Search URL Search Domain Scan URL

URL: https://www.cobaltstrike.com/trial
Title: https://www.cobaltstrike.com/trial

Search URL Search Domain Scan URL

URL: https://www.cobaltstrike.com/download
Title: https://www.cobaltstrike.com/download

Search URL Search Domain Scan URL

URL: https://www.fileseek.ca/
Title: FileSeek

Search URL Search Domain Scan URL

URL: http://varaneckas.com/jad/
Title: jad

Search URL Search Domain Scan URL

URL: http://www.luteam.com/wp-content/uploads/2016/10/cs1.png

Search URL Search Domain Scan URL

URL: http://www.luteam.com/wp-content/uploads/2016/10/cs2.png

Search URL Search Domain Scan URL

URL: http://www.luteam.com/wp-content/uploads/2016/10/cs3.png

Search URL Search Domain Scan URL

URL: http://www.luteam.com/wp-content/uploads/2016/10/cs4.png

Search URL Search Domain Scan URL

URL: http://www.luteam.com/wp-content/uploads/2016/10/cs5.png

Search URL Search Domain Scan URL

URL: http://www.luteam.com/wp-content/uploads/2016/10/cs6.png

Search URL Search Domain Scan URL

URL: https://www.51.la/?comId=19225774
Title: 51La

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request 14728affe24c59d Show response paper.tuisec.win/detail/	9 KB 5 KB	548ms 520ms	Document text/html	2400:cb00:2048:1::681b:9c27 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://paper.tuisec.win/detail/14728affe24c59d Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2400:cb00:2048:1::681b:9c27 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `bfc416481197c6e094fbdc47aa42c3928c8eee212faa7e411fe7a18861e408f4` Request headers :method GET :authority paper.tuisec.win :scheme https :path /detail/14728affe24c59d pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 accept-encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id 570DBBCF975A351DAA1AB5FD8194285F Response headers status 200 date Wed, 22 Aug 2018 17:01:16 GMT content-type text/html; charset=utf-8 set-cookie __cfduid=dec865510bab01bfc0952b0bba9e903ff1534957275; expires=Thu, 22-Aug-19 17:01:15 GMT; path=/; domain=.tuisec.win; HttpOnly vary Accept-Encoding expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 44e6e67ea9946451-FRA content-encoding gzip
GET H2	200	highlight.min.js Show response paper.tuisec.win/static/js/	45 KB 20 KB	14ms 11ms	Script application/javascript	2400:cb00:2048:1::681b:9c27 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://paper.tuisec.win/static/js/highlight.min.js Requested by Host: paper.tuisec.win URL: https://paper.tuisec.win/detail/14728affe24c59d Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2400:cb00:2048:1::681b:9c27 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `fc17e22241e51e856285975ce9316e8fb3262744d6716b0c5e4783170862d33c` Request headers :path /static/js/highlight.min.js pragma no-cache cookie __cfduid=dec865510bab01bfc0952b0bba9e903ff1534957275 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept / cache-control no-cache :authority paper.tuisec.win referer https://paper.tuisec.win/detail/14728affe24c59d :scheme https :method GET Referer https://paper.tuisec.win/detail/14728affe24c59d User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 22 Aug 2018 17:01:16 GMT content-encoding gzip cf-cache-status HIT last-modified Wed, 10 Jan 2018 14:39:36 GMT server cloudflare etag W/"5a5625a8-b3b3" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript status 200 cache-control public, max-age=2678400 cf-ray 44e6e681fc156451-FRA expires Sat, 22 Sep 2018 17:01:16 GMT
GET H2	200	base.css paper.tuisec.win/static/anf/	4 KB 1 KB	19ms 17ms	Stylesheet text/css	2400:cb00:2048:1::681b:9c27 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://paper.tuisec.win/static/anf/base.css Requested by Host: paper.tuisec.win URL: https://paper.tuisec.win/detail/14728affe24c59d Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2400:cb00:2048:1::681b:9c27 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `30195aa50bda764384901170225112240897b9627a64e025041130d1f4fd5520` Request headers :path /static/anf/base.css pragma no-cache cookie __cfduid=dec865510bab01bfc0952b0bba9e903ff1534957275 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority paper.tuisec.win referer https://paper.tuisec.win/detail/14728affe24c59d :scheme https :method GET Referer https://paper.tuisec.win/detail/14728affe24c59d User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 22 Aug 2018 17:01:16 GMT content-encoding gzip cf-cache-status HIT cf-bgj minify server cloudflare etag W/"596f26a2-116b" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css status 200 cache-control public, max-age=2678400 cf-polished origSize=4459 last-modified Wed, 19 Jul 2017 09:30:10 GMT cf-ray 44e6e681fc176451-FRA expires Sat, 22 Sep 2018 17:01:16 GMT
GET H2	200	theme.css paper.tuisec.win/static/anf/	55 KB 10 KB	18ms 16ms	Stylesheet text/css	2400:cb00:2048:1::681b:9c27 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://paper.tuisec.win/static/anf/theme.css Requested by Host: paper.tuisec.win URL: https://paper.tuisec.win/detail/14728affe24c59d Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2400:cb00:2048:1::681b:9c27 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `86418ad4afb6e0ecc3e04bf5adb7c1c3ecc30635876eaf1411efd699297829a7` Request headers :path /static/anf/theme.css pragma no-cache cookie __cfduid=dec865510bab01bfc0952b0bba9e903ff1534957275 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority paper.tuisec.win referer https://paper.tuisec.win/detail/14728affe24c59d :scheme https :method GET Referer https://paper.tuisec.win/detail/14728affe24c59d User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 22 Aug 2018 17:01:16 GMT content-encoding gzip cf-cache-status HIT cf-bgj minify server cloudflare etag W/"596f26a2-1072a" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css status 200 cache-control public, max-age=2678400 cf-polished origSize=67370 last-modified Wed, 19 Jul 2017 09:30:10 GMT cf-ray 44e6e681fc186451-FRA expires Sat, 22 Sep 2018 17:01:16 GMT
GET H2	200	no.css paper.tuisec.win/static/css/	4 KB 1 KB	12ms 10ms	Stylesheet text/css	2400:cb00:2048:1::681b:9c27 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://paper.tuisec.win/static/css/no.css Requested by Host: paper.tuisec.win URL: https://paper.tuisec.win/detail/14728affe24c59d Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2400:cb00:2048:1::681b:9c27 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `6534ab6fc087b538af9a72e2fe16062bac5ee8b1fb80bcd795fd84f6cf50c91f` Request headers :path /static/css/no.css pragma no-cache cookie __cfduid=dec865510bab01bfc0952b0bba9e903ff1534957275 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority paper.tuisec.win referer https://paper.tuisec.win/detail/14728affe24c59d :scheme https :method GET Referer https://paper.tuisec.win/detail/14728affe24c59d User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 22 Aug 2018 17:01:16 GMT content-encoding gzip cf-cache-status HIT cf-bgj minify server cloudflare etag W/"5ae9396f-14b7" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css status 200 cache-control public, max-age=2678400 cf-polished origSize=5303 last-modified Wed, 02 May 2018 04:07:11 GMT cf-ray 44e6e681fc196451-FRA expires Sat, 22 Sep 2018 17:01:16 GMT
GET H2	200	4240928722b0f09a7a8d745250efa4d4.jpg cdn.tuisec.win/full/upload/201808/	10 KB 10 KB	598ms 582ms	Image image/jpeg	2400:cb00:2048:1::681b:9c27 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.tuisec.win/full/upload/201808/4240928722b0f09a7a8d745250efa4d4.jpg Requested by Host: paper.tuisec.win URL: https://paper.tuisec.win/detail/14728affe24c59d Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2400:cb00:2048:1::681b:9c27 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `cf8e61987aa0eb5f627134a5a02b9c18085b4d9678f47c2316707f99b21f9aed` Request headers :path /full/upload/201808/4240928722b0f09a7a8d745250efa4d4.jpg pragma no-cache cookie __cfduid=dec865510bab01bfc0952b0bba9e903ff1534957275 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority cdn.tuisec.win referer https://paper.tuisec.win/detail/14728affe24c59d :scheme https :method GET Referer https://paper.tuisec.win/detail/14728affe24c59d User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 22 Aug 2018 17:01:17 GMT cf-cache-status MISS last-modified Thu, 09 Aug 2018 07:32:02 GMT server cloudflare etag "5b6bedf2-2668" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control public, max-age=31536000 accept-ranges bytes cf-ray 44e6e6823c536451-FRA content-length 9832 expires Thu, 22 Aug 2019 17:01:17 GMT
GET H2	200	e11e0d5efa3a221485d3a8b0b4117c48.jpg cdn.tuisec.win/full/upload/201808/	31 KB 31 KB	909ms 894ms	Image image/jpeg	2400:cb00:2048:1::681b:9c27 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.tuisec.win/full/upload/201808/e11e0d5efa3a221485d3a8b0b4117c48.jpg Requested by Host: paper.tuisec.win URL: https://paper.tuisec.win/detail/14728affe24c59d Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2400:cb00:2048:1::681b:9c27 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `73a9b08ddfa65fe6637eec8f4b67b2d5de674145c76f851dc71fa42e17a7bb99` Request headers :path /full/upload/201808/e11e0d5efa3a221485d3a8b0b4117c48.jpg pragma no-cache cookie __cfduid=dec865510bab01bfc0952b0bba9e903ff1534957275 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority cdn.tuisec.win referer https://paper.tuisec.win/detail/14728affe24c59d :scheme https :method GET Referer https://paper.tuisec.win/detail/14728affe24c59d User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 22 Aug 2018 17:01:17 GMT cf-cache-status MISS last-modified Thu, 09 Aug 2018 07:32:02 GMT server cloudflare etag "5b6bedf2-7d11" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control public, max-age=31536000 accept-ranges bytes cf-ray 44e6e6823c556451-FRA content-length 32017 expires Thu, 22 Aug 2019 17:01:17 GMT
GET H2	200	71265bc75eb78f4e12268bf194640ba3.jpg cdn.tuisec.win/full/upload/201808/	28 KB 28 KB	881ms 866ms	Image image/jpeg	2400:cb00:2048:1::681b:9c27 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.tuisec.win/full/upload/201808/71265bc75eb78f4e12268bf194640ba3.jpg Requested by Host: paper.tuisec.win URL: https://paper.tuisec.win/detail/14728affe24c59d Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2400:cb00:2048:1::681b:9c27 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `08e60ec546587daa7118dd0180579ec827fc73ea438edb366d2e21b68a51b72e` Request headers :path /full/upload/201808/71265bc75eb78f4e12268bf194640ba3.jpg pragma no-cache cookie __cfduid=dec865510bab01bfc0952b0bba9e903ff1534957275 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority cdn.tuisec.win referer https://paper.tuisec.win/detail/14728affe24c59d :scheme https :method GET Referer https://paper.tuisec.win/detail/14728affe24c59d User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 22 Aug 2018 17:01:17 GMT cf-cache-status MISS last-modified Thu, 09 Aug 2018 07:32:03 GMT server cloudflare etag "5b6bedf3-6fd7" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control public, max-age=31536000 accept-ranges bytes cf-ray 44e6e6823c576451-FRA content-length 28631 expires Thu, 22 Aug 2019 17:01:17 GMT
GET H2	200	7079ddf3ca1f15029f5efd11fda03e41.jpg cdn.tuisec.win/full/upload/201808/	10 KB 10 KB	538ms 523ms	Image image/jpeg	2400:cb00:2048:1::681b:9c27 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.tuisec.win/full/upload/201808/7079ddf3ca1f15029f5efd11fda03e41.jpg Requested by Host: paper.tuisec.win URL: https://paper.tuisec.win/detail/14728affe24c59d Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2400:cb00:2048:1::681b:9c27 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `86800aa1375d37e683e0fee8e481587939ca59351b05613565f806d13633ee2a` Request headers :path /full/upload/201808/7079ddf3ca1f15029f5efd11fda03e41.jpg pragma no-cache cookie __cfduid=dec865510bab01bfc0952b0bba9e903ff1534957275 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority cdn.tuisec.win referer https://paper.tuisec.win/detail/14728affe24c59d :scheme https :method GET Referer https://paper.tuisec.win/detail/14728affe24c59d User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 22 Aug 2018 17:01:17 GMT cf-cache-status MISS last-modified Thu, 09 Aug 2018 07:32:04 GMT server cloudflare etag "5b6bedf4-2785" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control public, max-age=31536000 accept-ranges bytes cf-ray 44e6e6823c596451-FRA content-length 10117 expires Thu, 22 Aug 2019 17:01:17 GMT
GET H2	200	89654f84c1376ce79a1be481cc655420.jpg cdn.tuisec.win/full/upload/201808/	11 KB 11 KB	544ms 529ms	Image image/jpeg	2400:cb00:2048:1::681b:9c27 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.tuisec.win/full/upload/201808/89654f84c1376ce79a1be481cc655420.jpg Requested by Host: paper.tuisec.win URL: https://paper.tuisec.win/detail/14728affe24c59d Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2400:cb00:2048:1::681b:9c27 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `9370ad1443ca8e38c3e69955ae4e02ff492b40fa3b231b1dae7321d85bc1c4ae` Request headers :path /full/upload/201808/89654f84c1376ce79a1be481cc655420.jpg pragma no-cache cookie __cfduid=dec865510bab01bfc0952b0bba9e903ff1534957275 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority cdn.tuisec.win referer https://paper.tuisec.win/detail/14728affe24c59d :scheme https :method GET Referer https://paper.tuisec.win/detail/14728affe24c59d User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 22 Aug 2018 17:01:17 GMT cf-cache-status MISS last-modified Thu, 09 Aug 2018 07:32:04 GMT server cloudflare etag "5b6bedf4-2d8f" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control public, max-age=31536000 accept-ranges bytes cf-ray 44e6e6823c5a6451-FRA content-length 11663 expires Thu, 22 Aug 2019 17:01:17 GMT
GET H2	200	c6899c17910b356f1dea6569643b8e1f.jpg cdn.tuisec.win/full/upload/201808/	54 KB 54 KB	1077ms 1061ms	Image image/jpeg	2400:cb00:2048:1::681b:9c27 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.tuisec.win/full/upload/201808/c6899c17910b356f1dea6569643b8e1f.jpg Requested by Host: paper.tuisec.win URL: https://paper.tuisec.win/detail/14728affe24c59d Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2400:cb00:2048:1::681b:9c27 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `120beb48ea23e7d2349aa614caf688ff79bb6d760a823b74708ce2e296be8e14` Request headers :path /full/upload/201808/c6899c17910b356f1dea6569643b8e1f.jpg pragma no-cache cookie __cfduid=dec865510bab01bfc0952b0bba9e903ff1534957275 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority cdn.tuisec.win referer https://paper.tuisec.win/detail/14728affe24c59d :scheme https :method GET Referer https://paper.tuisec.win/detail/14728affe24c59d User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 22 Aug 2018 17:01:17 GMT cf-cache-status MISS last-modified Thu, 09 Aug 2018 07:32:05 GMT server cloudflare etag "5b6bedf5-d8d7" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control public, max-age=31536000 accept-ranges bytes cf-ray 44e6e6823c5b6451-FRA content-length 55511 expires Thu, 22 Aug 2019 17:01:17 GMT
GET H2	200	jquery.min.js Show response paper.tuisec.win/static/anf/	84 KB 33 KB	25ms 23ms	Script application/javascript	2400:cb00:2048:1::681b:9c27 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://paper.tuisec.win/static/anf/jquery.min.js Requested by Host: paper.tuisec.win URL: https://paper.tuisec.win/detail/14728affe24c59d Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2400:cb00:2048:1::681b:9c27 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `2954921a29b75359c18ad9f244dfcc62d0725649e2d130934f8577052e0cb790` Request headers :path /static/anf/jquery.min.js pragma no-cache cookie __cfduid=dec865510bab01bfc0952b0bba9e903ff1534957275 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept / cache-control no-cache :authority paper.tuisec.win referer https://paper.tuisec.win/detail/14728affe24c59d :scheme https :method GET Referer https://paper.tuisec.win/detail/14728affe24c59d User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 22 Aug 2018 17:01:16 GMT content-encoding gzip cf-cache-status HIT last-modified Wed, 19 Jul 2017 09:30:10 GMT server cloudflare etag W/"596f26a2-14e7d" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript status 200 cache-control public, max-age=2678400 cf-ray 44e6e681fc1a6451-FRA expires Sat, 22 Sep 2018 17:01:16 GMT
GET H2	200	waves.min.js Show response paper.tuisec.win/static/anf/	4 KB 2 KB	12ms 10ms	Script application/javascript	2400:cb00:2048:1::681b:9c27 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://paper.tuisec.win/static/anf/waves.min.js Requested by Host: paper.tuisec.win URL: https://paper.tuisec.win/detail/14728affe24c59d Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2400:cb00:2048:1::681b:9c27 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `92f18637f6e7e3bd5249b98827dc8db480c2f79232fd35aac369c2d86ae3aaca` Request headers :path /static/anf/waves.min.js pragma no-cache cookie __cfduid=dec865510bab01bfc0952b0bba9e903ff1534957275 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept / cache-control no-cache :authority paper.tuisec.win referer https://paper.tuisec.win/detail/14728affe24c59d :scheme https :method GET Referer https://paper.tuisec.win/detail/14728affe24c59d User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 22 Aug 2018 17:01:16 GMT content-encoding gzip cf-cache-status HIT last-modified Wed, 19 Jul 2017 09:30:10 GMT server cloudflare etag W/"596f26a2-10c9" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript status 200 cache-control public, max-age=2678400 cf-ray 44e6e681fc1b6451-FRA expires Sat, 22 Sep 2018 17:01:16 GMT
GET H2	200	zoom.min.js Show response paper.tuisec.win/static/anf/	4 KB 1 KB	17ms 16ms	Script application/javascript	2400:cb00:2048:1::681b:9c27 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://paper.tuisec.win/static/anf/zoom.min.js Requested by Host: paper.tuisec.win URL: https://paper.tuisec.win/detail/14728affe24c59d Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2400:cb00:2048:1::681b:9c27 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `f67df2310cee066fb6c1c27c97ec5b5efc748a1523490060a8097f7ea918dfd2` Request headers :path /static/anf/zoom.min.js pragma no-cache cookie __cfduid=dec865510bab01bfc0952b0bba9e903ff1534957275 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept / cache-control no-cache :authority paper.tuisec.win referer https://paper.tuisec.win/detail/14728affe24c59d :scheme https :method GET Referer https://paper.tuisec.win/detail/14728affe24c59d User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 22 Aug 2018 17:01:16 GMT content-encoding gzip cf-cache-status HIT last-modified Wed, 19 Jul 2017 09:30:10 GMT server cloudflare etag W/"596f26a2-1073" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript status 200 cache-control public, max-age=2678400 cf-ray 44e6e681fc1c6451-FRA expires Sat, 22 Sep 2018 17:01:16 GMT
GET H2	200	skin.js Show response paper.tuisec.win/static/anf/	11 KB 3 KB	68ms 66ms	Script application/javascript	2400:cb00:2048:1::681b:9c27 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://paper.tuisec.win/static/anf/skin.js Requested by Host: paper.tuisec.win URL: https://paper.tuisec.win/detail/14728affe24c59d Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2400:cb00:2048:1::681b:9c27 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `c2c3b81effee550cc59bee0f835ab2b2c295766ed9d8551da53f53f207e83481` Request headers :path /static/anf/skin.js pragma no-cache cookie __cfduid=dec865510bab01bfc0952b0bba9e903ff1534957275 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept / cache-control no-cache :authority paper.tuisec.win referer https://paper.tuisec.win/detail/14728affe24c59d :scheme https :method GET Referer https://paper.tuisec.win/detail/14728affe24c59d User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 22 Aug 2018 17:01:16 GMT content-encoding gzip cf-cache-status HIT cf-bgj minify server cloudflare etag W/"596f26a2-4b44" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript status 200 cache-control public, max-age=2678400 cf-polished origSize=19268 last-modified Wed, 19 Jul 2017 09:30:10 GMT cf-ray 44e6e681fc1d6451-FRA expires Sat, 22 Sep 2018 17:01:16 GMT
GET H/1.1	200 OK	19225774.js Show response js.users.51.la/	5 KB 3 KB	1107ms 478ms	Script application/javascript	183.131.207.78 CHINATELECOM-YUNN...
General Check archive.org Show headers Download Go to Full URL https://js.users.51.la/19225774.js Requested by Host: paper.tuisec.win URL: https://paper.tuisec.win/detail/14728affe24c59d Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 183.131.207.78 Jinhua, China, ASN136190 (CHINATELECOM-YUNNAN-DALI-MAN DaLi, CN), Reverse DNS Software HuaweiCloudWAF / Resource Hash `e7a2c96d728130966cd599d741f229a61a842fa9f18447d7266a12633b3b0b94` Request headers Referer https://paper.tuisec.win/detail/14728affe24c59d User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 22 Aug 2018 17:01:17 GMT Content-Encoding gzip Last-Modified Thu, 15 Mar 2018 14:54:50 GMT Server HuaweiCloudWAF ETag "0195b916dbcd31:0" Vary Accept-Encoding Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 2497
GET H/1.1	200	go1 ia.51.la/	0 262 B	1033ms 362ms	Image application/octet-stream	183.131.207.78 CHINATELECOM-YUNN...
General Check archive.org Show headers Download Go to Show image Full URL https://ia.51.la/go1?id=19225774&rt=1534957277604&rl=16001200&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1534957277604&tt=Cobalt%2520Strike%25E7%25A0%25B4%25E8%25A7%25A3%25E8%25AF%25A6%25E7%25BB%2586%25E8%25AF%25B4%25E6%2598%258E&kw=&cu=https%253A%252F%252Fpaper.tuisec.win%252Fdetail%252F14728affe24c59d&pu= Requested by* Host: paper.tuisec.win URL: https://paper.tuisec.win/detail/14728affe24c59d Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 183.131.207.78 Jinhua, China, ASN136190 (CHINATELECOM-YUNNAN-DALI-MAN DaLi, CN), Reverse DNS Software HuaweiCloudWAF / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://paper.tuisec.win/detail/14728affe24c59d User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 22 Aug 2018 17:01:18 GMT Server HuaweiCloudWAF Connection keep-alive Content-Length 0 Content-Type application/octet-stream
GET H2	204	ga.php paper.tuisec.win/ga/	0 179 B	521ms 520ms	Image text/plain	2400:cb00:2048:1::681b:9c27 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://paper.tuisec.win/ga/ga.php?dt=Cobalt%20Strike%E7%A0%B4%E8%A7%A3%E8%AF%A6%E7%BB%86%E8%AF%B4%E6%98%8E&dr=&ul=en-US&sd=24-bit&sr=1600x1200&vp=1600x1200&z=1534957277607 Requested by Host: paper.tuisec.win URL: https://paper.tuisec.win/detail/14728affe24c59d Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2400:cb00:2048:1::681b:9c27 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / PHP/5.6.20 Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers :path /ga/ga.php?dt=Cobalt%20Strike%E7%A0%B4%E8%A7%A3%E8%AF%A6%E7%BB%86%E8%AF%B4%E6%98%8E&dr=&ul=en-US&sd=24-bit&sr=1600x1200&vp=1600x1200&z=1534957277607 pragma no-cache cookie __cfduid=dec865510bab01bfc0952b0bba9e903ff1534957275; __tins__19225774=%7B%22sid%22%3A%201534957277604%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201534959077604%7D; __51cke__=; __51laig__=1 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority paper.tuisec.win referer https://paper.tuisec.win/detail/14728affe24c59d :scheme https :method GET Referer https://paper.tuisec.win/detail/14728affe24c59d User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers pragma no-cache date Wed, 22 Aug 2018 17:01:18 GMT server cloudflare x-powered-by PHP/5.6.20 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" status 204 cache-control no-cache, max-age=0 set-cookie uuid=6868e9c6-b7c6-cb10-0151-12981e22bfc1; expires=Thu, 25-Apr-2030 14:21:17 GMT; Max-Age=368400000 cf-ray 44e6e6891a616451-FRA

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.tuisec.win
ia.51.la
js.users.51.la
paper.tuisec.win
183.131.207.78
2400:cb00:2048:1::681b:9c27
08e60ec546587daa7118dd0180579ec827fc73ea438edb366d2e21b68a51b72e
120beb48ea23e7d2349aa614caf688ff79bb6d760a823b74708ce2e296be8e14
2954921a29b75359c18ad9f244dfcc62d0725649e2d130934f8577052e0cb790
30195aa50bda764384901170225112240897b9627a64e025041130d1f4fd5520
6534ab6fc087b538af9a72e2fe16062bac5ee8b1fb80bcd795fd84f6cf50c91f
73a9b08ddfa65fe6637eec8f4b67b2d5de674145c76f851dc71fa42e17a7bb99
86418ad4afb6e0ecc3e04bf5adb7c1c3ecc30635876eaf1411efd699297829a7
86800aa1375d37e683e0fee8e481587939ca59351b05613565f806d13633ee2a
92f18637f6e7e3bd5249b98827dc8db480c2f79232fd35aac369c2d86ae3aaca
9370ad1443ca8e38c3e69955ae4e02ff492b40fa3b231b1dae7321d85bc1c4ae
bfc416481197c6e094fbdc47aa42c3928c8eee212faa7e411fe7a18861e408f4
c2c3b81effee550cc59bee0f835ab2b2c295766ed9d8551da53f53f207e83481
cf8e61987aa0eb5f627134a5a02b9c18085b4d9678f47c2316707f99b21f9aed
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7a2c96d728130966cd599d741f229a61a842fa9f18447d7266a12633b3b0b94
f67df2310cee066fb6c1c27c97ec5b5efc748a1523490060a8097f7ea918dfd2
fc17e22241e51e856285975ce9316e8fb3262744d6716b0c5e4783170862d33c

paper.tuisec.win Open in urlscan Pro 2400:cb00:2048:1::681b:9c27 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

18 Requests

100 %HTTPS

50 %IPv6

2 Domains

4 Subdomains

2 IPs

2 Countries

226 kBTransfer

370 kBSize

0 Cookies

12 Outgoing links

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

0 Cookies

Indicators

paper.tuisec.win Open in urlscan Pro
2400:cb00:2048:1::681b:9c27 Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

4
Subdomains

2
IPs

2
Countries

226 kB
Transfer

370 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions