www.xiangsusha.com
Open in
urlscan Pro
154.209.171.59
Malicious Activity!
Public Scan
Effective URL: http://www.xiangsusha.com/
Submission: On April 28 via automatic, source openphish
Summary
This is the only time www.xiangsusha.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Bet365 (Entertainment)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 3 | 154.209.171.59 154.209.171.59 | 133201 (COMING-AS...) (COMING-AS ABCDE GROUP COMPANY LIMITED) | |
7 | 2606:4700:303... 2606:4700:3034::6815:315f | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 103.235.46.191 103.235.46.191 | 55967 (BAIDU Bei...) (BAIDU Beijing Baidu Netcom Science and Technology Co.) | |
11 | 3 |
ASN133201 (COMING-AS ABCDE GROUP COMPANY LIMITED, HK)
xiangsusha.com | |
www.xiangsusha.com |
ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN)
hm.baidu.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
52xpj.net
www.52xpj.net |
963 KB |
3 |
xiangsusha.com
1 redirects
xiangsusha.com www.xiangsusha.com |
4 KB |
2 |
baidu.com
hm.baidu.com |
15 KB |
11 | 3 |
Domain | Requested by | |
---|---|---|
7 | www.52xpj.net |
www.xiangsusha.com
www.52xpj.net |
2 | hm.baidu.com |
www.52xpj.net
|
2 | www.xiangsusha.com |
www.xiangsusha.com
|
1 | xiangsusha.com | 1 redirects |
11 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-08-08 - 2021-08-08 |
a year | crt.sh |
baidu.com GlobalSign Organization Validation CA - SHA256 - G2 |
2020-10-20 - 2021-07-26 |
9 months | crt.sh |
This page contains 2 frames:
Primary Page:
http://www.xiangsusha.com/
Frame ID: 34358B60B4E79F35E8D953B86769F42C
Requests: 2 HTTP requests in this frame
Frame:
https://www.52xpj.net/
Frame ID: 61C292140CD7A29971CAC6501C1A2CBC
Requests: 9 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://xiangsusha.com/
HTTP 301
http://www.xiangsusha.com/ Page URL
Detected technologies
Windows Server (Operating Systems) ExpandDetected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
IIS (Web Servers) Expand
Detected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://xiangsusha.com/
HTTP 301
http://www.xiangsusha.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
/
www.xiangsusha.com/ Redirect Chain
|
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery1.js
www.xiangsusha.com/adjs/ |
1 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.52xpj.net/ Frame 61C2 |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
1.jpg
www.52xpj.net/images/ Frame 61C2 |
63 KB 63 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
2.jpg
www.52xpj.net/images/ Frame 61C2 |
193 KB 194 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
3.jpg
www.52xpj.net/images/ Frame 61C2 |
110 KB 110 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
4.jpg
www.52xpj.net/images/ Frame 61C2 |
319 KB 319 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
5.jpg
www.52xpj.net/images/ Frame 61C2 |
216 KB 216 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
6.jpg
www.52xpj.net/images/ Frame 61C2 |
57 KB 58 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hm.js
hm.baidu.com/ Frame 61C2 |
39 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hm.gif
hm.baidu.com/ Frame 61C2 |
43 B 299 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Bet365 (Entertainment)12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated string| V_PATH string| uu number| aa string| ss0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
hm.baidu.com
www.52xpj.net
www.xiangsusha.com
xiangsusha.com
103.235.46.191
154.209.171.59
2606:4700:3034::6815:315f
2b6ba4b082bca63300d972d45d03bcf7c52a87d7875dbe39655c18390abb8484
617b2deaf7b06ce00660756537416951afac13f56e051e40231e678dc6b3a5bd
6482cf9aa18a8afe5fb1cc2e1b086c439b11f19d9d041967d71b65e729281632
662e1ca0df46aeba0e6172fa49cd4d8549dace7b53307097dd0122523ea7b2b1
87812e3b57ec97b86169e9f62fd2ab8905cc3dd64657f8723c92a3df5abe7ac0
89e61094a3a8d9da28974449aa3c5c3ae5e9d5cd05bcfcddb60d46b0907de967
99a25812dd8465380e26bb078736368cad1c52c6705bf93b3da91209d01937a0
9bfb8eedb412acd31395ff299e588f312533b86145385721c3a9100f6e0efd6e
a576f2566a6b9532897e9e9911068e93d49edb07a0b9e4da3840494a2b8b3280
adbf082b80145449c5bbde5f1ccc3e850f1b08ec687a4d495b5ee969e6cbf2a9
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda