www.demizhe.com Open in urlscan Pro
116.207.118.53 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://nl63.com/dertyui989/jertyu/89/PvqDq929BSx_A_D_M1n_a.php
Effective URL:
https://www.demizhe.com/mi/nl63.com/
Submission Tags: threatshare
Submission: On April 27 via api (April 27th 2020, 2:00:20 am UTC) from US

Summary HTTP 13 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 13 HTTP transactions. The main IP is 116.207.118.53, located in China and belongs to CHINANET-BACKBONE No.31,Jin-rong Street, CN. The main domain is www.demizhe.com.
TLS certificate: Issued by Encryption Everywhere DV TLS CA - G1 on October 6th 2019. Valid for: a year.

This is the only time www.demizhe.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	124.156.141.134 124.156.141.134	132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building)
1 10	116.207.118.53 116.207.118.53	4134 (CHINANET-...) (CHINANET-BACKBONE No.31)
1	221.230.141.229 221.230.141.229	4134 (CHINANET-...) (CHINANET-BACKBONE No.31)
1	183.131.207.66 183.131.207.66	136190 (CHINATELE...) (CHINATELECOM-ZHEJIANG-JINHUA-IDC JINHUA)
13	4

2 124.156.141.134 (Hong Kong)

ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)

nl63.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 116.207.118.53 (China) 1 redirects

ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN)

www.demizhe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 221.230.141.229 (China)

ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN)

js.users.51.la	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 183.131.207.66 (China)

ASN136190 (CHINATELECOM-ZHEJIANG-JINHUA-IDC JINHUA, ZHEJIANG Province, P.R.China., CN)

ia.51.la	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	demizhe.com 1 redirects www.demizhe.com	66 KB
2	51.la js.users.51.la ia.51.la	3 KB
2	nl63.com nl63.com	2 KB
13	3

	Domain	Requested by
10	www.demizhe.com	1 redirects nl63.com www.demizhe.com
2	nl63.com	nl63.com
1	ia.51.la	www.demizhe.com
1	js.users.51.la	www.demizhe.com
13	4

This site contains links to these domains. Also see Links.

Domain
wpa.qq.com
www.aliyun.com
whois.aliyun.com
www.benmi.com
www.baidu.com
www.so.com
www.beian.miit.gov.cn

Subject Issuer	Validity	Valid
www.demizhe.com Encryption Everywhere DV TLS CA - G1	`2019-10-06` - `2020-10-05`	a year	crt.sh
*.users.51.la GlobalSign Domain Validation CA - SHA256 - G2	`2018-01-15` - `2021-03-19`	3 years	crt.sh
*.51.la GlobalSign Domain Validation CA - SHA256 - G2	`2018-01-15` - `2021-04-15`	3 years	crt.sh

This page contains 1 frames:

Primary Page: https://www.demizhe.com/mi/nl63.com/
Frame ID: 0922CFEDBCDF9CF44C53A935C77BE563
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://nl63.com/dertyui989/jertyu/89/PvqDq929BSx_A_D_M1n_a.php Page URL
http://nl63.com/index.html Page URL
http://www.demizhe.com/mi/nl63.com/ HTTP 301
https://www.demizhe.com/mi/nl63.com/ Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Windows Server (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

IIS (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

Page Statistics

13
Requests

85 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

70 kB
Transfer

69 kB
Size

0
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: http://wpa.qq.com/msgrd?v=3&uin=12440175&site=demizhe.com&menu=yes
Title: 已知晓，点此直接联系QQ-对话

Search URL Search Domain Scan URL

URL: https://www.aliyun.com/minisite/goods?userCode=8bnwk5la
Title: 云优惠券

Search URL Search Domain Scan URL

URL: https://whois.aliyun.com/whois/domain/nL63.com
Title: WHOIS信息查看

Search URL Search Domain Scan URL

URL: https://www.benmi.com/whoishistory/nL63.com.html
Title: 域名历史查询

Search URL Search Domain Scan URL

URL: https://www.baidu.com/s?word=nL63.com
Title: 百度搜索

Search URL Search Domain Scan URL

URL: http://www.so.com/s?q=nL63.com
Title: 360搜索

Search URL Search Domain Scan URL

URL: http://www.beian.miit.gov.cn/
Title: 鲁ICP备15007995号-2

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://nl63.com/dertyui989/jertyu/89/PvqDq929BSx_A_D_M1n_a.php Page URL
http://nl63.com/index.html Page URL
http://www.demizhe.com/mi/nl63.com/ HTTP 301
https://www.demizhe.com/mi/nl63.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	PvqDq929BSx_A_D_M1n_a.php nl63.com/dertyui989/jertyu/89/	253 B 622 B	4440ms 533ms	Document text/html	124.156.141.134 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL http://nl63.com/dertyui989/jertyu/89/PvqDq929BSx_A_D_M1n_a.php Protocol HTTP/1.1 Server 124.156.141.134 , Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software Microsoft-IIS/7.5 / ASP.NET Resource Hash Request headers Host nl63.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Content-Type text/html Content-Encoding gzip Last-Modified Thu, 11 Jan 2018 10:26:00 GMT Accept-Ranges bytes ETag "deeb3f93c68ad31:0" Vary Accept-Encoding Server Microsoft-IIS/7.5 X-Powered-By ASP.NET Date Mon, 27 Apr 2020 01:59:46 GMT Content-Length 328
GET H/1.1	200 OK	index.html Show response nl63.com/	907 B 1 KB	282ms 281ms	Document text/html	124.156.141.134 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL http://nl63.com/index.html Requested by Host: nl63.com URL: http://nl63.com/dertyui989/jertyu/89/PvqDq929BSx_A_D_M1n_a.php Protocol HTTP/1.1 Server 124.156.141.134 , Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software Microsoft-IIS/7.5 / ASP.NET Resource Hash `4296a763d1f2067b2b63dcafb760756a1544403ed1ad4e0d41f304574e552105` Request headers Host nl63.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer http://nl63.com/dertyui989/jertyu/89/PvqDq929BSx_A_D_M1n_a.php Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer http://nl63.com/dertyui989/jertyu/89/PvqDq929BSx_A_D_M1n_a.php Response headers Content-Type text/html Content-Encoding gzip Last-Modified Thu, 29 Aug 2019 10:34:12 GMT Accept-Ranges bytes ETag "26deba4c555ed51:0" Vary Accept-Encoding Server Microsoft-IIS/7.5 X-Powered-By ASP.NET Date Mon, 27 Apr 2020 01:59:46 GMT Content-Length 840
GET H2	200	Primary Request / Show response www.demizhe.com/mi/nl63.com/ Redirect Chain http://www.demizhe.com/mi/nl63.com/ https://www.demizhe.com/mi/nl63.com/	9 KB 9 KB	3649ms 953ms	Document text/html	116.207.118.53 CHINANET-BACKBONE...
General Check archive.org Show headers Download Go to Full URL https://www.demizhe.com/mi/nl63.com/ Requested by Host: nl63.com URL: http://nl63.com/dertyui989/jertyu/89/PvqDq929BSx_A_D_M1n_a.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 116.207.118.53 , China, ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN), Reverse DNS Software Tengine / ASP.NET Resource Hash `ae4a4033417fa8bbd649d7c801f446fd88c362218b650fa479d0a91b3a566755` Request headers :method GET :authority www.demizhe.com :scheme https :path /mi/nl63.com/ pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest document referer http://nl63.com/index.html accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer http://nl63.com/index.html Response headers status 200 server Tengine content-type text/html date Mon, 27 Apr 2020 01:59:51 GMT x-powered-by ASP.NET set-cookie ASPSESSIONIDCATQBSBT=FPAGJFKCFLKKIEEGHJNEHPCJ; path=/ cache-control private via cache28.l2nu16-1[31,0], kunlun8.cn1241[58,0] timing-allow-origin * eagleid 74cf71a615879527916397897e Redirect headers Server Tengine Date Mon, 27 Apr 2020 01:59:48 GMT Content-Type text/html Content-Length 278 Connection keep-alive Location https://www.demizhe.com/mi/nl63.com/ Via kunlun3.cn1241[,0] Timing-Allow-Origin * EagleId 74cf71a115879527880494190e
GET H2	200	v.css www.demizhe.com/js/img/	22 KB 23 KB	316ms 315ms	Stylesheet text/css	116.207.118.53 CHINANET-BACKBONE...
General Check archive.org Show headers Download Go to Full URL https://www.demizhe.com/js/img/v.css Requested by Host: www.demizhe.com URL: https://www.demizhe.com/mi/nl63.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 116.207.118.53 , China, ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN), Reverse DNS Software Tengine / ASP.NET Resource Hash `2a0058a5548455e06f30d1f36da22dde53e907ff99d2a3716075df15412ab348` Request headers Referer https://www.demizhe.com/mi/nl63.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 25 Apr 2020 15:03:34 GMT via cache47.l2cn2270[0,304-0,H], cache20.l2cn2270[1,0], kunlun1.cn1241[0,200-0,H], kunlun8.cn1241[1,0] age 125778 x-powered-by ASP.NET x-cache HIT TCP_HIT dirn:10:12930985 status 200 x-swift-cachetime 86400 x-swift-savetime Sun, 26 Apr 2020 03:54:40 GMT content-length 22976 last-modified Mon, 30 Dec 2019 13:39:53 GMT server Tengine etag "5e3ad19d16bfd51:49f" ali-swift-global-savetime 1585552197 content-type text/css cache-control max-age=86401 accept-ranges bytes timing-allow-origin * eagleid 74cf71a615879527920158803e expires Sun, 26 Apr 2020 15:03:35 GMT
GET H2	200	j.js Show response www.demizhe.com/js/	7 KB 7 KB	579ms 578ms	Script application/x-javascript	116.207.118.53 CHINANET-BACKBONE...
General Check archive.org Show headers Download Go to Full URL https://www.demizhe.com/js/j.js Requested by Host: www.demizhe.com URL: https://www.demizhe.com/mi/nl63.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 116.207.118.53 , China, ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN), Reverse DNS Software Tengine / ASP.NET Resource Hash `cd49190d94dc97376915e1d783d0db5ebd8ebe0edf7071d6659d3b617b1d96bf` Request headers Referer https://www.demizhe.com/mi/nl63.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 26 Apr 2020 10:35:45 GMT via cache21.l2cn1837[43,304-0,H], cache53.l2cn1837[70,0], kunlun1.cn1241[0,200-0,H], kunlun8.cn1241[1,0] age 55447 x-powered-by ASP.NET x-cache HIT TCP_HIT dirn:11:289322762 status 200 x-swift-cachetime 86400 x-swift-savetime Sun, 26 Apr 2020 10:35:45 GMT content-length 7269 last-modified Thu, 10 Oct 2019 03:00:49 GMT server Tengine etag "52f389eb167fd51:49f" ali-swift-global-savetime 1585492509 content-type application/x-javascript cache-control max-age=86400 accept-ranges bytes timing-allow-origin * eagleid 74cf71a615879527920168809e expires Sat, 25 Apr 2020 04:37:38 GMT
GET H2	200	qq.gif www.demizhe.com/js/img/	1 KB 2 KB	605ms 605ms	Image image/gif	116.207.118.53 CHINANET-BACKBONE...
General Check archive.org Show headers Download Go to Show image Full URL https://www.demizhe.com/js/img/qq.gif Requested by Host: www.demizhe.com URL: https://www.demizhe.com/mi/nl63.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 116.207.118.53 , China, ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN), Reverse DNS Software Tengine / ASP.NET Resource Hash `47ce96ab37e81abcf6926d1d7e3efac8cdf658cb440d9806e0220d27b42aab54` Request headers Referer https://www.demizhe.com/mi/nl63.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 26 Apr 2020 13:16:41 GMT via cache11.l2cn1837[0,304-0,H], cache11.l2cn1837[1,0], kunlun3.cn1241[0,200-0,H], kunlun8.cn1241[2,0] age 45791 x-powered-by ASP.NET x-cache HIT TCP_HIT dirn:10:217810946 status 200 x-swift-cachetime 43200 x-swift-savetime Sun, 26 Apr 2020 15:25:21 GMT content-length 1282 last-modified Fri, 04 Oct 2019 04:59:28 GMT server Tengine etag "21c2480707ad51:49f" ali-swift-global-savetime 1585509055 content-type image/gif cache-control max-age=43200 accept-ranges bytes timing-allow-origin * eagleid 74cf71a615879527928893010e expires Mon, 27 Apr 2020 01:16:41 GMT
GET H2	200	logo.png www.demizhe.com/js/img/	10 KB 10 KB	602ms 601ms	Image image/png	116.207.118.53 CHINANET-BACKBONE...
General Check archive.org Show headers Download Go to Show image Full URL https://www.demizhe.com/js/img/logo.png Requested by Host: www.demizhe.com URL: https://www.demizhe.com/mi/nl63.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 116.207.118.53 , China, ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN), Reverse DNS Software Tengine / ASP.NET Resource Hash `dded9bc4681282ca12cc46439b1da1312357f0ba0e44968736456310397bfee3` Request headers Referer https://www.demizhe.com/mi/nl63.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 26 Apr 2020 09:39:18 GMT via cache61.l2cn2270[0,304-0,H], cache35.l2cn2270[1,0], kunlun2.cn1241[0,200-0,H], kunlun8.cn1241[2,0] age 58834 x-powered-by ASP.NET x-cache HIT TCP_HIT dirn:11:676026419 status 200 x-swift-cachetime 43200 x-swift-savetime Sun, 26 Apr 2020 14:57:28 GMT content-length 9978 last-modified Tue, 08 Oct 2019 02:08:47 GMT server Tengine etag "d8e2a9517d7dd51:49f" ali-swift-global-savetime 1585509055 content-type image/png cache-control max-age=43200 accept-ranges bytes timing-allow-origin * eagleid 74cf71a615879527928893011e expires Sun, 26 Apr 2020 21:39:18 GMT
GET H2	200	qq.png www.demizhe.com/js/img/	685 B 919 B	605ms 604ms	Image image/png	116.207.118.53 CHINANET-BACKBONE...
General Check archive.org Show headers Download Go to Show image Full URL https://www.demizhe.com/js/img/qq.png Requested by Host: www.demizhe.com URL: https://www.demizhe.com/mi/nl63.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 116.207.118.53 , China, ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN), Reverse DNS Software Tengine / ASP.NET Resource Hash `55b6b1c59401a1f1472c049930a287b89d7ab5c50f8c71cba6e992f21c404b94` Request headers Referer https://www.demizhe.com/mi/nl63.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 26 Apr 2020 13:16:41 GMT via cache22.l2cn1837[0,304-0,H], cache11.l2cn1837[1,0], kunlun3.cn1241[0,200-0,H], kunlun8.cn1241[2,0] age 45791 x-powered-by ASP.NET x-cache HIT TCP_HIT dirn:11:193588945 status 200 x-swift-cachetime 43200 x-swift-savetime Sun, 26 Apr 2020 15:25:21 GMT content-length 685 last-modified Sat, 05 Oct 2019 06:49:29 GMT server Tengine etag "63cf7d9497bd51:49f" ali-swift-global-savetime 1585509056 content-type image/png cache-control max-age=43200 accept-ranges bytes timing-allow-origin * eagleid 74cf71a615879527928893013e expires Mon, 27 Apr 2020 01:16:41 GMT
GET H2	200	5.svg www.demizhe.com/pic/v/	2 KB 3 KB	628ms 627ms	Image image/svg+xml	116.207.118.53 CHINANET-BACKBONE...
General Check archive.org Show headers Download Go to Show image Full URL https://www.demizhe.com/pic/v/5.svg Requested by Host: www.demizhe.com URL: https://www.demizhe.com/mi/nl63.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 116.207.118.53 , China, ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN), Reverse DNS Software Tengine / ASP.NET Resource Hash `f7dc7e5ddd734a4f2823231633c4de4742473e96ba0a97600305a722bca837d7` Request headers Referer https://www.demizhe.com/mi/nl63.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Mon, 27 Apr 2020 01:59:52 GMT via cache17.l2nu16-1[7,0], kunlun8.cn1241[32,0] last-modified Sun, 13 Oct 2019 08:09:26 GMT server Tengine x-powered-by ASP.NET etag "285f84879d81d51:49f" content-type image/svg+xml status 200 accept-ranges bytes timing-allow-origin * content-length 2351 eagleid 74cf71a615879527928893014e
GET H2	200	6.png www.demizhe.com/pic/	10 KB 11 KB	619ms 618ms	Image image/png	116.207.118.53 CHINANET-BACKBONE...
General Check archive.org Show headers Download Go to Show image Full URL https://www.demizhe.com/pic/6.png Requested by Host: www.demizhe.com URL: https://www.demizhe.com/mi/nl63.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 116.207.118.53 , China, ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN), Reverse DNS Software Tengine / ASP.NET Resource Hash `8ef810e4f5a5ecbc333e6cf8a166251987d7e05fc340c8ece6675f7128209967` Request headers Referer https://www.demizhe.com/mi/nl63.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 26 Apr 2020 13:16:41 GMT via cache79.l2cn1837[0,304-0,H], cache66.l2cn1837[1,0], kunlun1.cn1241[0,200-0,H], kunlun8.cn1241[3,0] age 45791 x-powered-by ASP.NET x-cache HIT TCP_HIT dirn:0:92195464 status 200 x-swift-cachetime 43200 x-swift-savetime Sun, 26 Apr 2020 15:25:21 GMT content-length 10686 last-modified Fri, 29 Sep 2017 03:02:00 GMT server Tengine etag "85d99a51cf38d31:49f" ali-swift-global-savetime 1585499873 content-type image/png cache-control max-age=43200 accept-ranges bytes timing-allow-origin * eagleid 74cf71a615879527928893017e expires Mon, 27 Apr 2020 01:16:41 GMT
GET H/1.1	200 OK	19176309.js Show response js.users.51.la/	5 KB 3 KB	276ms 275ms	Script application/javascript	221.230.141.229 CHINANET-BACKBONE...
General Check archive.org Show headers Download Go to Full URL https://js.users.51.la/19176309.js Requested by Host: www.demizhe.com URL: https://www.demizhe.com/mi/nl63.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 221.230.141.229 , China, ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN), Reverse DNS Software nginx/1.14.0 / Resource Hash `52dbea22b0edbbfea60f90661fa0f7c2b2f0d2edaffe13bee5a8961c46fadcd1` Request headers Referer https://www.demizhe.com/mi/nl63.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-id 19176309 Date Mon, 27 Apr 2020 01:59:52 GMT Content-Encoding gzip Age 69089 Transfer-Encoding chunked X-Via 1.1 PSzjzssxfo165:0 (Cdn Cache Server V2.0)[0 200 0], 1.1 tdx116:1 (Cdn Cache Server V2.0)[40 200 2], 1.1 dianxin209:9 (Cdn Cache Server V2.0)[0 200 0] Content-Disposition inline;filename=f.txt Connection keep-alive Request-Id 00000170BDCB1FEF9053267B2C863FF3 x-reserved amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc id-2 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSCjkKJUY/SZTrqK7Pq702xI0/GX/LbM Last-Modified Thu Aug 16 16:19:47 CST 2018 Server nginx/1.14.0 ETag "f1b7d5ccf2dda62ec14d3a0a919f9ea8" Vary Accept-Encoding Content-Type application/javascript;charset=UTF-8 version-id G001116541D1B588FFFF900B007C532C
GET H2	200	ajax.asp Show response www.demizhe.com/js/	3 B 143 B	1617ms 1616ms	XHR text/html	116.207.118.53 CHINANET-BACKBONE...
General Check archive.org Show headers Download Go to Full URL https://www.demizhe.com/js/ajax.asp?action=hits&id=12815 Requested by Host: www.demizhe.com URL: https://www.demizhe.com/js/j.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 116.207.118.53 , China, ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN), Reverse DNS Software Tengine / ASP.NET Resource Hash `48f89b630677c2cbb70e2ba05bf7a3633294e368a45bdc2c7df9d832f9e0c941` Request headers Referer https://www.demizhe.com/mi/nl63.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Mon, 27 Apr 2020 01:59:53 GMT via cache28.l2nu16-1[8,0], kunlun8.cn1241[35,0] server Tengine x-powered-by ASP.NET content-type text/html; Charset=gbk status 200 cache-control private timing-allow-origin * eagleid 74cf71a615879527938905308e
GET H/1.1	200	go1 ia.51.la/	0 256 B	835ms 284ms	Image application/octet-stream	183.131.207.66 CHINATELECOM-ZHEJ...
General Check archive.org Show headers Download Go to Show image Full URL https://ia.51.la/go1?id=19176309&rt=1587952792448&rl=16001200&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=nL63.com%252C%25E5%258A%25AA%25E5%258A%259B63%25E3%2580%2581%25E5%2586%259C%25E6%259E%2597%25E3%2580%2581%25E8%2583%25BD%25E5%258A%259B%25E3%2580%2581%25E5%2586%259C%25E5%258E%2586%25E3%2580%2581%25E5%25B9%25B4%25E9%25BE%2584%25E3%2580%2581%25E8%2583%25BD%25E9%2587%258F%25E3%2580%2581%25E5%25B9%25B4&ing=1&ekc=&sid=1587952792448&tt=nL63.com%2520%25E5%259F%259F%25E5%2590%258D%25E6%25AD%25A3%25E5%259C%25A8%25E5%2587%25BA%25E5%2594%25AE%25E6%258B%258D%25E5%258D%2596%25E4%25B8%25AD-%25E5%258A%25AA%25E5%258A%259B63%25E3%2580%2581%25E5%2586%259C%25E6%259E%2597%25E3%2580%2581%25E8%2583%25BD%25E5%258A%259B%25E3%2580%2581%25E5%2586%259C%25E5%258E%2586%25E3%2580%2581%25E5%25B9%25B4%25E9%25BE%2584%25E3%2580%2581%25E8%2583%25BD%25E9%2587%258F%25E3%2580%2581%25E5%25B9%25B4%25E8%25BD%25AE%25E3%2580%2581%25E7%2589%259B%25E9%2583%258E&kw=nL63.com%252C%25E5%258A%25AA%25E5%258A%259B63%25E3%2580%2581%25E5%2586%259C%25E6%259E%2597%25E3%2580%2581%25E8%2583%25BD%25E5%258A%259B%25E3%2580%2581%25E5%2586%259C%25E5%258E%2586%25E3%2580%2581%25E5%25B9%25B4%25E9%25BE%2584%25E3%2580%2581%25E8%2583%25BD%25E9%2587%258F%25E3%2580%2581%25E5%25B9%25B4%25E8%25BD%25AE%25E3%2580%2581%25E7%2589%259B%25E9%2583%258E&cu=https%253A%252F%252Fwww.demizhe.com%252Fmi%252Fnl63.com%252F&pu=http%253A%252F%252Fnl63.com%252Findex.html Requested by* Host: www.demizhe.com URL: https://www.demizhe.com/mi/nl63.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 183.131.207.66 , China, ASN136190 (CHINATELECOM-ZHEJIANG-JINHUA-IDC JINHUA, ZHEJIANG Province, P.R.China., CN), Reverse DNS Software CloudWAF / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://www.demizhe.com/mi/nl63.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 27 Apr 2020 01:59:53 GMT Server CloudWAF Connection keep-alive Content-Length 0 Content-Type application/octet-stream

Verdicts & Comments Add Verdict or Comment

42 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ia.51.la
js.users.51.la
nl63.com
www.demizhe.com
116.207.118.53
124.156.141.134
183.131.207.66
221.230.141.229
2a0058a5548455e06f30d1f36da22dde53e907ff99d2a3716075df15412ab348
4296a763d1f2067b2b63dcafb760756a1544403ed1ad4e0d41f304574e552105
47ce96ab37e81abcf6926d1d7e3efac8cdf658cb440d9806e0220d27b42aab54
48f89b630677c2cbb70e2ba05bf7a3633294e368a45bdc2c7df9d832f9e0c941
52dbea22b0edbbfea60f90661fa0f7c2b2f0d2edaffe13bee5a8961c46fadcd1
55b6b1c59401a1f1472c049930a287b89d7ab5c50f8c71cba6e992f21c404b94
8ef810e4f5a5ecbc333e6cf8a166251987d7e05fc340c8ece6675f7128209967
ae4a4033417fa8bbd649d7c801f446fd88c362218b650fa479d0a91b3a566755
cd49190d94dc97376915e1d783d0db5ebd8ebe0edf7071d6659d3b617b1d96bf
dded9bc4681282ca12cc46439b1da1312357f0ba0e44968736456310397bfee3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f7dc7e5ddd734a4f2823231633c4de4742473e96ba0a97600305a722bca837d7

www.demizhe.com Open in urlscan Pro 116.207.118.53 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

85 %HTTPS

0 %IPv6

3 Domains

4 Subdomains

4 IPs

2 Countries

70 kBTransfer

69 kBSize

0 Cookies

7 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

42 JavaScript Global Variables

0 Cookies

Indicators

www.demizhe.com Open in urlscan Pro
116.207.118.53 Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

85 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

70 kB
Transfer

69 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions