urlscan.io logo urlscan.io
SecurityTrails logo

nitrowind.penghy.xyz Open in urlscan Pro
111.231.10.48  Public Scan

Go To Rescan Add Verdict Report
URL: https://nitrowind.penghy.xyz/
Submission Tags: phishingrod
Submission: On November 01 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 13 HTTP transactions. The main IP is 111.231.10.48, located in China and belongs to TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN. The main domain is nitrowind.penghy.xyz.
TLS certificate: Issued by Encryption Everywhere DV TLS CA - G2 on October 31st 2023. Valid for: a year.
This is the only time nitrowind.penghy.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
7 111.231.10.48 45090 (TENCENT-N...)
4 192.0.77.48 2635 (AUTOMATTIC)
13 3
Apex Domain
Subdomains		 Transfer
7 penghy.xyz
nitrowind.penghy.xyz
100 KB
4 w.org
s.w.org — Cisco Umbrella Rank: 2772
3 KB
0 Failed
function sub() { [native code] }. Failed
13 3
Domain Requested by
7 nitrowind.penghy.xyz nitrowind.penghy.xyz
4 s.w.org nitrowind.penghy.xyz
0 111.231.10.48 Failed nitrowind.penghy.xyz
13 3

This site contains no links.

Subject Issuer Validity Valid
nitrowind.penghy.xyz
Encryption Everywhere DV TLS CA - G2		 2023-10-31 -
2024-10-30		 a year crt.sh
*.w.org
Sectigo ECC Domain Validation Secure Server CA		 2022-12-06 -
2024-01-06		 a year crt.sh

This page contains 1 frames:

Primary Page: https://nitrowind.penghy.xyz/
Frame ID: B0F68567FCFAAA0444520F9D8B9C9349
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

wordpress

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/

Page Statistics

13
Requests

85 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

103 kB
Transfer

2514 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
nitrowind.penghy.xyz/ 		52 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://nitrowind.penghy.xyz/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
111.231.10.48 , China, ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN),
Reverse DNS
Software
nginx /
Resource Hash
fb71d8eefb7a3c6d12c421740f99f066c8913e6d6dfb702fdff410ebf176b405

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Wed, 01 Nov 2023 03:26:39 GMT
Link
<https://nitrowind.penghy.xyz/wp-json/>; rel="https://api.w.org/"
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding
style.min.css
nitrowind.penghy.xyz/wp-includes/blocks/cover/ 		16 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://nitrowind.penghy.xyz/wp-includes/blocks/cover/style.min.css?ver=6.3
Requested by
Host: nitrowind.penghy.xyz
URL: https://nitrowind.penghy.xyz/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
111.231.10.48 , China, ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN),
Reverse DNS
Software
nginx /
Resource Hash
bbc5c3ac23e7aa8868ccd7ead04b1c7865d2dc3ff14d17e2ecedf1f45523390c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nitrowind.penghy.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Wed, 01 Nov 2023 03:26:39 GMT
Content-Encoding
gzip
Last-Modified
Wed, 19 Jul 2023 11:13:55 GMT
Server
nginx
ETag
W/"64b7c573-4194"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
style.min.css
nitrowind.penghy.xyz/wp-includes/blocks/social-links/ 		10 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://nitrowind.penghy.xyz/wp-includes/blocks/social-links/style.min.css?ver=6.3
Requested by
Host: nitrowind.penghy.xyz
URL: https://nitrowind.penghy.xyz/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
111.231.10.48 , China, ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN),
Reverse DNS
Software
nginx /
Resource Hash
a05c1b4a0da521d08a4fd7c477f5da8bcd7691f8e69244ec265762ddf4dd03e9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nitrowind.penghy.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Wed, 01 Nov 2023 03:26:40 GMT
Content-Encoding
gzip
Last-Modified
Tue, 27 Jun 2023 14:24:19 GMT
Server
nginx
ETag
W/"649af113-26c9"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
style.css
nitrowind.penghy.xyz/wp-content/themes/bounds/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://nitrowind.penghy.xyz/wp-content/themes/bounds/style.css?ver=0.0.3
Requested by
Host: nitrowind.penghy.xyz
URL: https://nitrowind.penghy.xyz/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
111.231.10.48 , China, ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN),
Reverse DNS
Software
nginx /
Resource Hash
e2dfd28ec7460085b440a1188217e0ed17589b40751be8a123025f5995f670c6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nitrowind.penghy.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Wed, 01 Nov 2023 03:26:40 GMT
Content-Encoding
gzip
Last-Modified
Tue, 31 Oct 2023 14:27:28 GMT
Server
nginx
ETag
W/"65410ed0-b80"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
DALL%C2%B7E-2023-10-28-03.42.30-16-9-wide-format-photo-showcasing-a-realistic-dark-toned-forest-environment-reminiscent-of-a-scene-created-in-a-high-quality-game-engine.-Amidst-the-.png
nitrowind.penghy.xyz/wp-content/uploads/2023/11/ 		2 MB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nitrowind.penghy.xyz/wp-content/uploads/2023/11/DALL%C2%B7E-2023-10-28-03.42.30-16-9-wide-format-photo-showcasing-a-realistic-dark-toned-forest-environment-reminiscent-of-a-scene-created-in-a-high-quality-game-engine.-Amidst-the-.png
Requested by
Host: nitrowind.penghy.xyz
URL: https://nitrowind.penghy.xyz/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
111.231.10.48 , China, ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nitrowind.penghy.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Wed, 01 Nov 2023 03:26:40 GMT
Last-Modified
Tue, 31 Oct 2023 16:13:21 GMT
Server
nginx
ETag
"654127a1-31b718"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3258136
24bad6d5-380f-4bfc-babe-7c942f857d0a
https://nitrowind.penghy.xyz/ 		1 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://nitrowind.penghy.xyz/24bad6d5-380f-4bfc-babe-7c942f857d0a
Requested by
Host: nitrowind.penghy.xyz
URL: https://nitrowind.penghy.xyz/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Length
1245
Content-Type
text/javascript
image-from-rawpixel-id-9084949-jpeg.jpg
111.231.10.48/wp-content/themes/bounds/assets/images/ 		0
0
REM-VariableFont_wght.woff2
nitrowind.penghy.xyz/wp-content/themes/bounds/assets/fonts/REM/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://nitrowind.penghy.xyz/wp-content/themes/bounds/assets/fonts/REM/REM-VariableFont_wght.woff2
Requested by
Host: nitrowind.penghy.xyz
URL: https://nitrowind.penghy.xyz/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
111.231.10.48 , China, ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN),
Reverse DNS
Software
nginx /
Resource Hash
e0d83437cb48f0371bd8c2941d2a37b65da3435dfb72277eec31d8891c860f26

Request headers

Referer
https://nitrowind.penghy.xyz/
Origin
https://nitrowind.penghy.xyz
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Wed, 01 Nov 2023 03:26:40 GMT
Last-Modified
Tue, 31 Oct 2023 14:27:28 GMT
Server
nginx
ETag
"65410ed0-12de4"
Content-Type
font/woff2
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
77284
wp-emoji-release.min.js
nitrowind.penghy.xyz/wp-includes/js/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nitrowind.penghy.xyz/wp-includes/js/wp-emoji-release.min.js?ver=6.3
Requested by
Host: nitrowind.penghy.xyz
URL: https://nitrowind.penghy.xyz/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
111.231.10.48 , China, ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN),
Reverse DNS
Software
nginx /
Resource Hash
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nitrowind.penghy.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Wed, 01 Nov 2023 03:26:40 GMT
Content-Encoding
gzip
Last-Modified
Thu, 02 Feb 2023 00:53:25 GMT
Server
nginx
ETag
W/"63db0985-4904"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
1f534.svg
s.w.org/images/core/emoji/14.0.0/svg/ 		113 B
400 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.w.org/images/core/emoji/14.0.0/svg/1f534.svg
Requested by
Host: nitrowind.penghy.xyz
URL: https://nitrowind.penghy.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
s.w.org
Software
nginx /
Resource Hash
93f28a18a1df638b539f6bde99c048a50ad7b8a5643c6966a0546a0c50f7cace
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nitrowind.penghy.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Wed, 01 Nov 2023 03:26:40 GMT
x-content-type-options
nosniff
last-modified
Tue, 12 Apr 2022 03:47:26 GMT
server
nginx
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, HEAD
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=315360000
accept-ranges
bytes
content-length
113
expires
Thu, 31 Dec 2037 23:55:55 GMT
1f7e1.svg
s.w.org/images/core/emoji/14.0.0/svg/ 		113 B
399 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.w.org/images/core/emoji/14.0.0/svg/1f7e1.svg
Requested by
Host: nitrowind.penghy.xyz
URL: https://nitrowind.penghy.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
s.w.org
Software
nginx /
Resource Hash
35f13b37effb45365808667e08dec3034ca79d587a5343f665c5e53c29345907
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nitrowind.penghy.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Wed, 01 Nov 2023 03:26:40 GMT
x-content-type-options
nosniff
last-modified
Tue, 12 Apr 2022 03:47:50 GMT
server
nginx
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, HEAD
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=315360000
accept-ranges
bytes
content-length
113
expires
Thu, 31 Dec 2037 23:55:55 GMT
1f7e2.svg
s.w.org/images/core/emoji/14.0.0/svg/ 		113 B
399 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.w.org/images/core/emoji/14.0.0/svg/1f7e2.svg
Requested by
Host: nitrowind.penghy.xyz
URL: https://nitrowind.penghy.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
s.w.org
Software
nginx /
Resource Hash
66b1c8e22d1f5804ed048c6a1f5fe5d4210c274967d4f7f42e595851d6cd9f47
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nitrowind.penghy.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Wed, 01 Nov 2023 03:26:40 GMT
x-content-type-options
nosniff
last-modified
Tue, 12 Apr 2022 03:50:59 GMT
server
nginx
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, HEAD
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=315360000
accept-ranges
bytes
content-length
113
expires
Thu, 31 Dec 2037 23:55:55 GMT
1f44d.svg
s.w.org/images/core/emoji/14.0.0/svg/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.w.org/images/core/emoji/14.0.0/svg/1f44d.svg
Requested by
Host: nitrowind.penghy.xyz
URL: https://nitrowind.penghy.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
s.w.org
Software
nginx /
Resource Hash
0f2b2ef249afadcfcd3cd9e1dcc7ba612f595135cd70c6663267380ea4d3331e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nitrowind.penghy.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Wed, 01 Nov 2023 03:26:40 GMT
x-content-type-options
nosniff
last-modified
Tue, 12 Apr 2022 03:50:38 GMT
server
nginx
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
max-age=315360000
accept-ranges
bytes
content-length
1663
expires
Thu, 31 Dec 2037 23:55:55 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
111.231.10.48
URL
http://111.231.10.48/wp-content/themes/bounds/assets/images/image-from-rawpixel-id-9084949-jpeg.jpg

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| _wpemojiSettings object| twemoji object| wp

0 Cookies

3 Console Messages

Source Level URL
Text
security warning URL: https://nitrowind.penghy.xyz/
Message:
Mixed Content: The page at 'https://nitrowind.penghy.xyz/' was loaded over HTTPS, but requested an insecure element 'http://111.231.10.48/wp-content/themes/bounds/assets/images/image-from-rawpixel-id-9084949-jpeg.jpg'. This request was not upgraded to HTTPS because its URL's host is an IP address.
security warning URL: https://nitrowind.penghy.xyz/(Line 369)
Message:
Mixed Content: The page at 'https://nitrowind.penghy.xyz/' was loaded over HTTPS, but requested an insecure element 'http://111.231.10.48/wp-content/themes/bounds/assets/images/image-from-rawpixel-id-9084949-jpeg.jpg'. This request was not upgraded to HTTPS because its URL's host is an IP address.
security error URL: https://nitrowind.penghy.xyz/(Line 369)
Message:
Mixed Content: The page at 'https://nitrowind.penghy.xyz/' was loaded over HTTPS, but requested an insecure image 'http://111.231.10.48/wp-content/themes/bounds/assets/images/image-from-rawpixel-id-9084949-jpeg.jpg'. This request has been blocked; the content must be served over HTTPS.