aq.url.gz.cn - urlscan.io

Summary

This website contacted 3 IPs in 3 countries across 4 domains to perform 5 HTTP transactions. The main IP is 43.154.112.215, located in Hong Kong, Hong Kong and belongs to TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN. The main domain is aq.url.gz.cn.

This is the only time aq.url.gz.cn was scanned on urlscan.io!

urlscan.io Verdict: No classification

Downloads These files were downloaded by the website

Incomplete 23.07.28.rar 495 KB

Size: 495 KB (506787 bytes, 0% done)

Downloaded from: http://rxeggoh9l.hn-bkt.clouddn.com/23.07.28.rar

Domain & IP information

	IP Address	AS Autonomous System
3	43.154.112.215 43.154.112.215	132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building)
1	101.33.11.106 101.33.11.106	132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building)
1 1	120.79.101.41 120.79.101.41	37963 (ALIBABA-C...) (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.)
1	240e:96c:1100... 240e:96c:1100:5a01:3::3e6	() ()
5	3

3 43.154.112.215 (Hong Kong, Hong Kong)

ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)

aq.url.gz.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 101.33.11.106 (Frankfurt am Main, Germany)

ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)

pv.sohu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 120.79.101.41 (Shenzhen, China) 1 redirects

ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN)

i.51h.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 240e:96c:1100:5a01:3::3e6 (None, )

ASN- ()

rxeggoh9l.hn-bkt.clouddn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	url.gz.cn aq.url.gz.cn	90 KB
1	clouddn.com rxeggoh9l.hn-bkt.clouddn.com
1	51h.co 1 redirects i.51h.co	315 B
1	sohu.com pv.sohu.com — Cisco Umbrella Rank: 24476	309 B
5	4

	Domain	Requested by
3	aq.url.gz.cn	aq.url.gz.cn
1	rxeggoh9l.hn-bkt.clouddn.com	aq.url.gz.cn
1	i.51h.co	1 redirects
1	pv.sohu.com	aq.url.gz.cn
5	4

This site contains no links.

Subject Issuer	Validity	Valid
www.sohu.com DigiCert Secure Site CN CA G3	`2022-08-16` - `2023-09-03`	a year	crt.sh

This page contains 1 frames:

Frame: http://rxeggoh9l.hn-bkt.clouddn.com/23.07.28.rar
Frame ID: C848835A4F3109099E256D50919490DE
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

5
Requests

20 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

3
IPs

3
Countries

90 kB
Transfer

89 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3

https://i.51h.co/ceKv5 HTTP 302
http://rxeggoh9l.hn-bkt.clouddn.com/23.07.28.rar

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request 2q5 Show response aq.url.gz.cn/	3 KB 3 KB	1196ms 270ms	Document text/html	43.154.112.215 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL http://aq.url.gz.cn/2q5 Protocol HTTP/1.1 Server 43.154.112.215 Hong Kong, Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software Apache/2.4.46 (Unix) OpenSSL/1.0.2k-fips / PHP/7.2.21 Resource Hash `033c0206289f9935e573e2b95d062947f35db62036b793dad65f92ac151aff64` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Type text/html;charset=utf-8 Date Tue, 01 Aug 2023 02:54:42 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=65, max=64 Pragma no-cache Server Apache/2.4.46 (Unix) OpenSSL/1.0.2k-fips Transfer-Encoding chunked X-Powered-By PHP/7.2.21
GET H/1.1	200 OK	jquery.min.js Show response aq.url.gz.cn/js/	82 KB 83 KB	268ms 268ms	Script application/javascript	43.154.112.215 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL http://aq.url.gz.cn/js/jquery.min.js Requested by Host: aq.url.gz.cn URL: http://aq.url.gz.cn/2q5 Protocol HTTP/1.1 Server 43.154.112.215 Hong Kong, Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software Apache/2.4.46 (Unix) OpenSSL/1.0.2k-fips / Resource Hash `ab0d063b4ff2827192c0e44103d3091457a1d2374c3b6243721c5679bb61eae2` Request headers accept-language de-DE,de;q=0.9 Referer http://aq.url.gz.cn/2q5 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Date Tue, 01 Aug 2023 02:54:42 GMT Last-Modified Mon, 27 Feb 2023 02:30:50 GMT Server Apache/2.4.46 (Unix) OpenSSL/1.0.2k-fips ETag "14978-5f5a5447b29bd" Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=65, max=63 Content-Length 84344
GET H/1.1	200 OK	cityjson Show response pv.sohu.com/	72 B 309 B	1138ms 21ms	Script application/json	101.33.11.106 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://pv.sohu.com/cityjson?ie=utf-8 Requested by Host: aq.url.gz.cn URL: http://aq.url.gz.cn/2q5 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 101.33.11.106 Frankfurt am Main, Germany, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software OverSea_E0 / Resource Hash `f5d09365810dd11ef1204b35bfede3158a07d5592a9c9cfa449dd534f9964aa9` Request headers accept-language de-DE,de;q=0.9 Referer http://aq.url.gz.cn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Date Tue, 01 Aug 2023 02:54:43 GMT X-Cache-Lookup Return Directly Server OverSea_E0 Connection keep-alive X-NWS-LOG-UUID 12767753295937521964 Content-Length 72 Content-Type application/json;charset=utf-8
GET H/1.1	200 OK	2q5 Show response aq.url.gz.cn/	3 KB 3 KB	270ms 270ms	XHR text/html	43.154.112.215 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL http://aq.url.gz.cn/2q5?action=statistics&lid=9305&browser=Chrome&add=%E6%9C%AA%E7%9F%A5 Requested by Host: aq.url.gz.cn URL: http://aq.url.gz.cn/js/jquery.min.js Protocol HTTP/1.1 Server 43.154.112.215 Hong Kong, Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software Apache/2.4.46 (Unix) OpenSSL/1.0.2k-fips / PHP/7.2.21 Resource Hash `033c0206289f9935e573e2b95d062947f35db62036b793dad65f92ac151aff64` Request headers Accept / Referer http://aq.url.gz.cn/2q5 X-Requested-With XMLHttpRequest accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Pragma no-cache Date Tue, 01 Aug 2023 02:54:43 GMT Server Apache/2.4.46 (Unix) OpenSSL/1.0.2k-fips X-Powered-By PHP/7.2.21 Transfer-Encoding chunked Content-Type text/html;charset=utf-8 Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Keep-Alive timeout=65, max=62 Expires Thu, 19 Nov 1981 08:52:00 GMT
GET H/1.1	200 OK	23.07.28.rar rxeggoh9l.hn-bkt.clouddn.com/ Redirect Chain https://i.51h.co/ceKv5 http://rxeggoh9l.hn-bkt.clouddn.com/23.07.28.rar	0 0	2088ms 386ms	Document application/x-rar-compressed	240e:96c:1100:5a01:3::3e6
General Check archive.org Show headers Download Go to Full URL http://rxeggoh9l.hn-bkt.clouddn.com/23.07.28.rar Requested by Host: aq.url.gz.cn URL: http://aq.url.gz.cn/2q5 Protocol HTTP/1.1 Server 240e:96c:1100:5a01:3::3e6 -, , ASN (), Reverse DNS Software Tengine / Resource Hash Request headers Referer http://aq.url.gz.cn/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Accept-Ranges bytes Access-Control-Allow-Origin * Access-Control-Expose-Headers X-Log, X-Reqid Access-Control-Max-Age 2592000 Age 354732 Ali-Swift-Global-Savetime 1690503756 Cache-Control public, max-age=31536000 Connection keep-alive Content-Disposition inline; filename="23.07.28.rar"; filename=utf-8''23.07.28.rar Content-Length* 506787 Content-Md5 Xtfr+/YOaIJ0p/uvki8nLw== Content-Transfer-Encoding binary Content-Type application/x-rar-compressed Date Fri, 28 Jul 2023 00:22:36 GMT EagleId 65e21a9e16908584887562868e Etag "FnEgLwYi3-HqTQkLUHA7jJ5IV4UH" Last-Modified Fri, 28 Jul 2023 00:13:22 GMT Server Tengine Timing-Allow-Origin * Via cache48.l2cn1832[151,151,200-0,M], cache24.l2cn1832[152,0], vcache10.cn3775[0,28,200-0,H], vcache10.cn3775[31,0] X-Cache HIT TCP_HIT dirn:7:693001986 X-Log X-Log X-M-Log QNM:gzh128;SRCPROXY:gzh47;SRC:94;SRCPROXY:94;QNM3:104 X-M-Reqid Sf0AAA4qz6U14HUX X-Qiniu-Zone 2 X-Qnm-Cache Miss X-Reqid VDgAAADkfaU14HUX X-Svr IO X-Swift-CacheTime 2592000 X-Swift-SaveTime Fri, 28 Jul 2023 00:22:36 GMT Redirect headers content-language de-DE content-length 0 date Tue, 01 Aug 2023 02:54:46 GMT location http://rxeggoh9l.hn-bkt.clouddn.com/23.07.28.rar referrer-policy no-referrer-when-downgrade server nginx vary Origin Access-Control-Request-Method Access-Control-Request-Headers x-frame-options ALLOWALL

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			aq.url.gz.cn/	1969-12-31 23:59:59	Name: PHPSESSID Value: rhsr6bps0hbnqbp02rbga4d3ng
			i.51h.co/	1970-01-20 13:41:45	Name: 51DWZ_CODE_ceKv5 Value: 29321302963675232

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aq.url.gz.cn
i.51h.co
pv.sohu.com
rxeggoh9l.hn-bkt.clouddn.com
101.33.11.106
120.79.101.41
240e:96c:1100:5a01:3::3e6
43.154.112.215
033c0206289f9935e573e2b95d062947f35db62036b793dad65f92ac151aff64
ab0d063b4ff2827192c0e44103d3091457a1d2374c3b6243721c5679bb61eae2
f5d09365810dd11ef1204b35bfede3158a07d5592a9c9cfa449dd534f9964aa9

aq.url.gz.cn Open in urlscan Pro 43.154.112.215 Public Scan

Summary

urlscan.io Verdict: No classification

Downloads These files were downloaded by the website

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

5 Requests

20 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

3 IPs

3 Countries

90 kBTransfer

89 kBSize

2 Cookies

0 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

2 Cookies

Indicators

aq.url.gz.cn Open in urlscan Pro
43.154.112.215 Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

20 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

3
IPs

3
Countries

90 kB
Transfer

89 kB
Size

2
Cookies

5 HTTP transactions
0 data transactions