8515757tkxii.dwz38.cc

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 6 HTTP transactions. The main IP is 119.42.146.186, located in Hong Kong and belongs to NETSEC-HK Netsec Limited, HK. The main domain is 8515757tkxii.dwz38.cc.
TLS certificate: Issued by R11 on July 24th 2024. Valid for: 3 months.

This is the only time 8515757tkxii.dwz38.cc was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	61.170.80.227 61.170.80.227	4812 (CHINANET-...) (CHINANET-SH-AP China Telecom Group)
3	119.42.146.186 119.42.146.186	45753 (NETSEC-HK...) (NETSEC-HK Netsec Limited)
6	3

2 61.170.80.227 (China)

ASN4812 (CHINANET-SH-AP China Telecom Group, CN)
PTR: 227.80.170.61.broad.xw.sh.dynamic.163data.com.cn

cyyqxoss.nmgcyy.com.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 119.42.146.186 (Hong Kong)

ASN45753 (NETSEC-HK Netsec Limited, HK)

dwz.ldfh.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
8515757tkxii.dwz38.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	ldfh.net dwz.ldfh.net	3 KB
2	nmgcyy.com.cn cyyqxoss.nmgcyy.com.cn	2 KB
1	dwz38.cc 8515757tkxii.dwz38.cc ltsoz8dmllgn.dwz38.cc Failed	894 B
6	3

	Domain	Requested by
2	dwz.ldfh.net	cyyqxoss.nmgcyy.com.cn dwz.ldfh.net
2	cyyqxoss.nmgcyy.com.cn
1	8515757tkxii.dwz38.cc	dwz.ldfh.net
0	ltsoz8dmllgn.dwz38.cc Failed	8515757tkxii.dwz38.cc
6	4

This site contains no links.

Subject Issuer	Validity	Valid
*.nmgcyy.com.cn RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2023-10-19` - `2024-10-19`	a year	crt.sh
dwz.ldfh.net R10	`2024-08-20` - `2024-11-18`	3 months	crt.sh
*.dwz40.cc R11	`2024-07-24` - `2024-10-22`	3 months	crt.sh

This page contains 1 frames:

Frame: https://ltsoz8dmllgn.dwz38.cc/cos/zR4Ujf/*/%5E%5E%5E%5E%5E_*%5E%5E%5E%5E%5E%5E_%5E%5E%5E_%5E_%5E_%5E_%5E_1724407350/
Frame ID: 582989E0B88DFC66F9B51AC8FA3EA1B4
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

检测中...

Page URL History Show full URLs

https://cyyqxoss.nmgcyy.com.cn/20240711/5223347333324337838038851445943319014577542220.xml?_w,v=xst&f=YsQNm... Page URL
https://8515757tkxii.dwz38.cc/cos/zR4Ujf Page URL

Page Statistics

6
Requests

83 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

7 kB
Transfer

8 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://cyyqxoss.nmgcyy.com.cn/20240711/5223347333324337838038851445943319014577542220.xml?_w,v=xst&f=YsQNm32O6t&avh=fjf&id=54437 Page URL
https://8515757tkxii.dwz38.cc/cos/zR4Ujf Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

http://ltsoz8dmllgn.dwz38.cc/cos/zR4Ujf/*/%5E%5E%5E%5E%5E_*%5E%5E%5E%5E%5E%5E_%5E%5E%5E_%5E_%5E_%5E_%5E_1724407350/ HTTP 307
https://ltsoz8dmllgn.dwz38.cc/cos/zR4Ujf/*/%5E%5E%5E%5E%5E_*%5E%5E%5E%5E%5E%5E_%5E%5E%5E_%5E_%5E_%5E_%5E_1724407350/

6 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 5223347333324337838038851445943319014577542220.xml Show response
cyyqxoss.nmgcyy.com.cn/20240711/ 1 KB
2 KB 1522ms
319ms Document
application/xml 61.170.80.227
CHINANET-SH-AP Ch...

General

Check archive.org

Show headers Download Go to

Full URL: https://cyyqxoss.nmgcyy.com.cn/20240711/5223347333324337838038851445943319014577542220.xml?_w,v=xst&f=YsQNm32O6t&avh=fjf&id=54437
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 61.170.80.227 , China, ASN4812 (CHINANET-SH-AP China Telecom Group, CN),
Reverse DNS: 227.80.170.61.broad.xw.sh.dynamic.163data.com.cn
Software: Tengine /
Resource Hash: 1f5224be0f0efc933ea9d1baca4cf7eca13d15e89e841e06fe39139b054c684e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-methods: GET, POST, PUT, DELETE, HEAD
access-control-allow-origin: *
access-control-expose-headers: ETag, x-oss-request-id
access-control-max-age: 3600
age: 1538
ali-swift-global-savetime: 1724405808
content-length: 1154
content-md5: +c2tu6H03+YBa3v3iHQ98g==
content-type: application/xml
date: Fri, 23 Aug 2024 09:36:48 GMT
eagleid: 3daa501d17244073465814988e
etag: "F9CDADBBA1F4DFE6016B7BF788743DF2"
last-modified: Thu, 11 Jul 2024 15:21:49 GMT
server: Tengine
timing-allow-origin: *
via: cache12.l2cn2656[0,0,304-0,H], cache34.l2cn2656[1,0], vcache16.cn6012[38,44,200-0,H], vcache9.cn6012[47,0]
x-cache: HIT TCP_REFRESH_HIT dirn:10:251791743
x-oss-cdn-auth: success
x-oss-hash-crc64ecma: 5778302665607688047
x-oss-object-type: Normal
x-oss-request-id: 66C8583021E847373279938C
x-oss-server-time: 2
x-oss-storage-class: Standard
x-swift-cachetime: 3600
x-swift-savetime: Fri, 23 Aug 2024 10:02:26 GMT

GET
H2 200 url.js Show response
dwz.ldfh.net/ 5 KB
3 KB 1142ms
220ms Script
application/javascript 119.42.146.186
NETSEC-HK Netsec ...

General

Check archive.org

Show headers Download Go to

Full URL

https://dwz.ldfh.net/url.js?v=1

Requested by

Host: cyyqxoss.nmgcyy.com.cn
URL: https://cyyqxoss.nmgcyy.com.cn/20240711/5223347333324337838038851445943319014577542220.xml?_w,v=xst&f=YsQNm32O6t&avh=fjf&id=54437

Protocol

H2

Security

TLS 1.3, , AES_256_GCM

Server

119.42.146.186 , Hong Kong, ASN45753 (NETSEC-HK Netsec Limited, HK),

Reverse DNS

Software

nginx /

Resource Hash

4201db407cbeb9c96c5720789170b883721cd54a7acb26ebbf46a6deb58e3d00

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://cyyqxoss.nmgcyy.com.cn/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 10:02:27 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 22 May 2024 09:00:12 GMT
server: nginx
etag: W/"664db41c-15bf"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
cache-control: max-age=43200
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
expires: Fri, 23 Aug 2024 22:02:27 GMT

GET
H2 404 favicon.ico
cyyqxoss.nmgcyy.com.cn/ 374 B
690 B 445ms
445ms Other
application/xml 61.170.80.227
CHINANET-SH-AP Ch...

General

Check archive.org

Show headers Download Go to

Full URL: https://cyyqxoss.nmgcyy.com.cn/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 61.170.80.227 , China, ASN4812 (CHINANET-SH-AP China Telecom Group, CN),
Reverse DNS: 227.80.170.61.broad.xw.sh.dynamic.163data.com.cn
Software: Tengine /
Resource Hash: 0c24dbf571b4801a27f5899f0f4d6bdee04914f0c1d916064edfd1601bc88e70

Request headers

Referer: https://cyyqxoss.nmgcyy.com.cn/20240711/5223347333324337838038851445943319014577542220.xml?_w,v=xst&f=YsQNm32O6t&avh=fjf&id=54437
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 10:02:28 GMT
via: cache49.l2cn3130[85,85,404-1280,M], cache22.l2cn3130[86,0], vcache3.cn6012[176,175,404-1280,M], vcache9.cn6012[178,0]
x-oss-request-id: 66C85E3459F22D3731A5119B
x-swift-error: orig response 4XX error
x-swift-cachetime: 1
x-cache: MISS TCP_MISS dirn:-2:-2
x-oss-cdn-auth: success
x-swift-savetime: Fri, 23 Aug 2024 10:02:28 GMT
content-length: 374
server: Tengine
ali-swift-global-savetime: 1724407348
x-oss-ec: 0026-00000001
content-type: application/xml
access-control-allow-origin: *
timing-allow-origin: *
eagleid: 3daa501d17244073480823419e
x-oss-server-time: 0

GET
H2 200 url.php
dwz.ldfh.net/ 40 B
383 B 606ms
203ms XHR
text/html 119.42.146.186
NETSEC-HK Netsec ...

General

Check archive.org

Show headers Download Go to

Full URL

https://dwz.ldfh.net/url.php?_w,v=xst&f=YsQNm32O6t&avh=fjf&id=54437

Requested by

Host: dwz.ldfh.net
URL: https://dwz.ldfh.net/url.js?v=1

Protocol

H2

Security

TLS 1.3, , AES_256_GCM

Server

119.42.146.186 , Hong Kong, ASN45753 (NETSEC-HK Netsec Limited, HK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://cyyqxoss.nmgcyy.com.cn/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 10:02:29 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H2 200 Primary Request zR4Ujf Show response
8515757tkxii.dwz38.cc/cos/ 940 B
894 B 919ms
240ms Document
text/html 119.42.146.186
NETSEC-HK Netsec ...

General

Check archive.org

Show headers Download Go to

Full URL

https://8515757tkxii.dwz38.cc/cos/zR4Ujf

Requested by

Host: dwz.ldfh.net
URL: https://dwz.ldfh.net/url.js?v=1

Protocol

H2

Security

TLS 1.3, , AES_256_GCM

Server

119.42.146.186 , Hong Kong, ASN45753 (NETSEC-HK Netsec Limited, HK),

Reverse DNS

Software

nginx /

Resource Hash

f4635fa4cf63da89fdcb5428a9d0fe5805e2c4fcdee321b0fd0b5c8cad633617

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://cyyqxoss.nmgcyy.com.cn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 23 Aug 2024 10:02:30 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding

GET

/
ltsoz8dmllgn.dwz38.cc/cos/zR4Ujf/*/%5E%5E%5E%5E%5E_*%5E%5E%5E%5E%5E%5E_%5E%5E%5E_%5E_%5E_%5E_%5E_1724407350/
Redirect Chain

http://ltsoz8dmllgn.dwz38.cc/cos/zR4Ujf/*/%5E%5E%5E%5E%5E_*%5E%5E%5E%5E%5E%5E_%5E%5E%5E_%5E_%5E_%5E_%5E_1724407350/
https://ltsoz8dmllgn.dwz38.cc/cos/zR4Ujf/*/%5E%5E%5E%5E%5E_*%5E%5E%5E%5E%5E%5E_%5E%5E%5E_%5E_%5E_%5E_%5E_1724407350/

0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ltsoz8dmllgn.dwz38.cc
URL: https://ltsoz8dmllgn.dwz38.cc/cos/zR4Ujf/*/%5E%5E%5E%5E%5E_*%5E%5E%5E%5E%5E%5E_%5E%5E%5E_%5E_%5E_%5E_%5E_1724407350/

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			8515757tkxii.dwz38.cc/	1969-12-31 23:59:59	Name: PHPSESSID Value: iacb7lmqrkrtp429en357g6a88
			8515757tkxii.dwz38.cc/	1970-01-20 23:10:12	Name: mysid Value: 5e3a1c98a321f0c1cd86d873a72aac1e

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cyyqxoss.nmgcyy.com.cn/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

8515757tkxii.dwz38.cc
cyyqxoss.nmgcyy.com.cn
dwz.ldfh.net
ltsoz8dmllgn.dwz38.cc
ltsoz8dmllgn.dwz38.cc
119.42.146.186
61.170.80.227
0c24dbf571b4801a27f5899f0f4d6bdee04914f0c1d916064edfd1601bc88e70
1f5224be0f0efc933ea9d1baca4cf7eca13d15e89e841e06fe39139b054c684e
4201db407cbeb9c96c5720789170b883721cd54a7acb26ebbf46a6deb58e3d00
f4635fa4cf63da89fdcb5428a9d0fe5805e2c4fcdee321b0fd0b5c8cad633617

8515757tkxii.dwz38.cc Open in urlscan Pro 119.42.146.186 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

6 Requests

83 %HTTPS

0 %IPv6

3 Domains

4 Subdomains

3 IPs

2 Countries

7 kBTransfer

8 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

2 Cookies

1 Console Messages

Indicators

8515757tkxii.dwz38.cc Open in urlscan Pro
119.42.146.186 Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

83 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

7 kB
Transfer

8 kB
Size

2
Cookies

6 HTTP transactions
0 data transactions