urlscan.io logo urlscan.io
SecurityTrails logo

a.xy58a3.work Open in urlscan Pro
172.67.190.28  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://2az.cc/
Effective URL: https://a.xy58a3.work/app/cos1?code=600538&userKey=daded4d53fea25e71582aa4bcaed3345&t=1711572238398
Submission: On March 27 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 10 HTTP transactions. The main IP is 172.67.190.28, located in United States and belongs to CLOUDFLARENET, US. The main domain is a.xy58a3.work.
TLS certificate: Issued by E1 on March 13th 2024. Valid for: 3 months.
This is the only time a.xy58a3.work was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 172.67.155.7 13335 (CLOUDFLAR...)
1 2 2606:4700:303... 13335 (CLOUDFLAR...)
2 39.156.66.111 9808 (CHINAMOBI...)
1 7 172.67.190.28 13335 (CLOUDFLAR...)
10 4
Apex Domain
Subdomains		 Transfer
5 ah7rn8.work
a.ah7rn8.work
277 KB
4 xy58a3.work
a.xy58a3.work
274 KB
2 baidu.com
libs.baidu.com — Cisco Umbrella Rank: 186453
www.baidu.com — Cisco Umbrella Rank: 4174 Failed
29 KB
1 2az.cc
2az.cc
463 B
10 4
Domain Requested by
5 a.ah7rn8.work 2 redirects a.ah7rn8.work
4 a.xy58a3.work a.ah7rn8.work
2 libs.baidu.com a.ah7rn8.work
a.xy58a3.work
1 2az.cc 1 redirects
0 www.baidu.com Failed a.ah7rn8.work
10 5

This site contains no links.

Subject Issuer Validity Valid
a.ah7rn8.work
GTS CA 1P5		 2024-03-13 -
2024-06-11		 3 months crt.sh
baidu.com
GlobalSign RSA OV SSL CA 2018		 2023-07-06 -
2024-08-06		 a year crt.sh
a.xy58a3.work
E1		 2024-03-13 -
2024-06-11		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://a.xy58a3.work/app/cos1?code=600538&userKey=daded4d53fea25e71582aa4bcaed3345&t=1711572238398
Frame ID: F7FDBEA7036F8A0AD819B2865F392506
Requests: 8 HTTP requests in this frame

Frame: https://a.ah7rn8.work/cdn-cgi/challenge-platform/h/g/scripts/jsd/dc6b543c1346/main.js
Frame ID: C7F24B939DA7542891DEB7322D101E5B
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

正在进入

Page URL History Show full URLs

  1. https://2az.cc/ HTTP 302
    http://a.ah7rn8.work/a/600538?xBbj HTTP 307
    https://a.ah7rn8.work/a/600538?xBbj HTTP 302
    https://a.ah7rn8.work/app/a?code=600538 Page URL
  2. http://a.xy58a3.work/app/cos1?code=600538&userKey=daded4d53fea25e71582aa4bcaed3345&t=1711572238398 HTTP 307
    https://a.xy58a3.work/app/cos1?code=600538&userKey=daded4d53fea25e71582aa4bcaed3345&t=1711572238398 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

50 %
HTTPS

25 %
IPv6

4
Domains

5
Subdomains

4
IPs

2
Countries

579 kB
Transfer

848 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://2az.cc/ HTTP 302
    http://a.ah7rn8.work/a/600538?xBbj HTTP 307
    https://a.ah7rn8.work/a/600538?xBbj HTTP 302
    https://a.ah7rn8.work/app/a?code=600538 Page URL
  2. http://a.xy58a3.work/app/cos1?code=600538&userKey=daded4d53fea25e71582aa4bcaed3345&t=1711572238398 HTTP 307
    https://a.xy58a3.work/app/cos1?code=600538&userKey=daded4d53fea25e71582aa4bcaed3345&t=1711572238398 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://2az.cc/ HTTP 302
  • http://a.ah7rn8.work/a/600538?xBbj HTTP 307
  • https://a.ah7rn8.work/a/600538?xBbj HTTP 302
  • https://a.ah7rn8.work/app/a?code=600538
Request Chain 2
  • http://a.xy58a3.work/cosfile/domain.js?t=Wed%20Mar%2027%202024%2010:43:57%20GMT-1000%20(Hawaii-Aleutian%20Standard%20Time) HTTP 307
  • https://a.xy58a3.work/cosfile/domain.js?t=Wed%20Mar%2027%202024%2010:43:57%20GMT-1000%20(Hawaii-Aleutian%20Standard%20Time)
Request Chain 3
  • https://a.ah7rn8.work/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://a.ah7rn8.work/cdn-cgi/challenge-platform/h/g/scripts/jsd/dc6b543c1346/main.js
Request Chain 5
  • http://www.baidu.com/s?wd=ispc HTTP 307
  • https://www.baidu.com/s?wd=ispc
Request Chain 6
  • http://a.xy58a3.work/app/entIncrease?name=a.ah7rn8.work HTTP 307
  • https://a.xy58a3.work/app/entIncrease?name=a.ah7rn8.work
Request Chain 7
  • http://a.xy58a3.work/app/getIP?code=600538&t=1711572237861 HTTP 307
  • https://a.xy58a3.work/app/getIP?code=600538&t=1711572237861

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
a
a.ah7rn8.work/app/
Redirect Chain
  • https://2az.cc/
  • http://a.ah7rn8.work/a/600538?xBbj
  • https://a.ah7rn8.work/a/600538?xBbj
  • https://a.ah7rn8.work/app/a?code=600538
368 KB
272 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://a.ah7rn8.work/app/a?code=600538
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:be1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4d83f697c9df073652752932452c0002964f3abaf59da2a198f74f649ffbdfd5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
en-US,en;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
86b2371d5c898dcd-MIA
content-encoding
br
content-language
en-US
content-type
text/html;charset=UTF-8
date
Wed, 27 Mar 2024 20:43:54 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0KUUFFspumj7YeHLm8dOfsBsliB6r0HaoVvenomLNwr04IpREoC5r6GgQsIqghha748Ons5yJyi%2F3peXjL0pLXmjjTQxVJLnWMaSLXz7qf20wYD0gTeS1ou%2BRfqQ92BO3wq2%2FgR8rmi%2Btsee"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding Origin Access-Control-Request-Method Access-Control-Request-Headers
x-cache
MISS
x-content-type-options
nosniff
x-xss-protection
1; mode=block

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
86b23719defa8dcd-MIA
content-language
en-US
content-length
0
date
Wed, 27 Mar 2024 20:43:53 GMT
location
/app/a?code=600538
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QCPpSUtB95nWDk37OtSpSc62cCiPAceZ1fjNs%2F6mVD60bh6BGsu0u9veZ9S0FAWyM3RdjeTSihAX4U92FPQhKSJcXQCmJk5t3lz1RVFWL09nEle8ouD2OIQQFJT3hAnyToTi6mwsDYtz5jzk"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
x-cache
MISS
x-content-type-options
nosniff
x-xss-protection
1; mode=block
jquery.min.js
libs.baidu.com/jquery/2.0.0/ 		81 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://libs.baidu.com/jquery/2.0.0/jquery.min.js
Requested by
Host: a.ah7rn8.work
URL: https://a.ah7rn8.work/app/a?code=600538
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
39.156.66.111 , China, ASN9808 (CHINAMOBILE-CN China Mobile Communications Group Co., Ltd., CN),
Reverse DNS
Software
Apache /
Resource Hash
91e8044a4b1bfce3c131d5579965a9808b42cdb9a350a53928d54cd35d6c1451
Security Headers
Name Value
Strict-Transport-Security max-age=87600

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://a.ah7rn8.work/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 27 Mar 2024 20:43:56 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=87600
Last-Modified
Wed, 07 Jan 2015 09:16:30 GMT
Server
Apache
Vary
Accept-Encoding
Transfer-Encoding
chunked
P3p
CP=" OTI DSP COR IVA OUR IND COM "
Content-Type
application/x-javascript
Cache-Control
max-age=2592000
Connection
keep-alive
Expires
Fri, 26 Apr 2024 20:43:56 GMT
domain.js
a.xy58a3.work/cosfile/
Redirect Chain
  • http://a.xy58a3.work/cosfile/domain.js?t=Wed%20Mar%2027%202024%2010:43:57%20GMT-1000%20(Hawaii-Aleutian%20Standard%20Time)
  • https://a.xy58a3.work/cosfile/domain.js?t=Wed%20Mar%2027%202024%2010:43:57%20GMT-1000%20(Hawaii-Aleutian%20Standard%20Time)
16 B
533 B 		Script
General
Check archive.org
Download Go to
Full URL
https://a.xy58a3.work/cosfile/domain.js?t=Wed%20Mar%2027%202024%2010:43:57%20GMT-1000%20(Hawaii-Aleutian%20Standard%20Time)
Requested by
Host: a.ah7rn8.work
URL: https://a.ah7rn8.work/app/a?code=600538
Protocol
H3
Server
172.67.190.28 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
189baf52c43c82e4091fa540d7c2abefad23363d81746a89912e0e61b08a13b1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

date
Wed, 27 Mar 2024 20:43:57 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cache
MISS
alt-svc
h3=":443"; ma=86400
content-length
16
x-xss-protection
1; mode=block
last-modified
Fri, 26 Jan 2024 17:34:10 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H7jpG%2BVHWfdPM5Tzxq1YzGLDik4UdbFmjFIvaP4KvIPCe3Az5Mrh5tPMj3wCQ92iNlscLIGeIYYwAX9JlmeCkmO5CPTEflGNADQXAjIRhvhBZ95DuuBZDSapfYXMXDR6"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
86b2373358cedad1-MIA

Redirect headers

Location
https://a.xy58a3.work/cosfile/domain.js?t=Wed%20Mar%2027%202024%2010:43:57%20GMT-1000%20(Hawaii-Aleutian%20Standard%20Time)
Non-Authoritative-Reason
DNS
Cross-Origin-Resource-Policy
Cross-Origin
main.js
a.ah7rn8.work/cdn-cgi/challenge-platform/h/g/scripts/jsd/dc6b543c1346/ Frame C7F2
Redirect Chain
  • https://a.ah7rn8.work/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://a.ah7rn8.work/cdn-cgi/challenge-platform/h/g/scripts/jsd/dc6b543c1346/main.js
8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.ah7rn8.work/cdn-cgi/challenge-platform/h/g/scripts/jsd/dc6b543c1346/main.js
Requested by
Host: a.ah7rn8.work
URL: https://a.ah7rn8.work/app/a?code=600538
Protocol
H3
Server
172.67.190.28 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b7aa5ffa81b90c3c34dd59f33470f24aa78ff09b8d389acf7ae22dedbc61c9d9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

date
Wed, 27 Mar 2024 20:43:57 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aX4OhXn2UuX5MVkV2rjgr9fDbCk3DzX%2BnnAPqtxgVDNK66MWcyrnyR%2Fexy%2FoP0rtqIWXrthylDagb5VlcETyF7rp8AObHyHQnVstAJqGBS%2FE7hu6qhKu7%2BkIn9a3cCmm"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
86b237321a485c6d-MIA
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Wed, 27 Mar 2024 20:43:57 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u4F6C5Gxp74bwed%2F%2BWjsd6i%2F6okeazkyYDST9jJssO%2Fubd7jwP%2FhxIReLXIAF1xoZB3Oex9XB6j5hbxd%2BZ8jNQkHbExlG37cS6XbFrNppyQD7YfYBRzfxLFuzWcIL%2FST"}],"group":"cf-nel","max_age":604800}
location
/cdn-cgi/challenge-platform/h/g/scripts/jsd/dc6b543c1346/main.js
access-control-allow-origin
*
cache-control
max-age=300, public
cf-ray
86b23731d9a65c6d-MIA
alt-svc
h3=":443"; ma=86400
content-length
0
86b2371d5c898dcd
a.ah7rn8.work/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame C7F2 		0
584 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://a.ah7rn8.work/cdn-cgi/challenge-platform/h/g/jsd/r/86b2371d5c898dcd
Requested by
Host: a.ah7rn8.work
URL: https://a.ah7rn8.work/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.190.28 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 27 Mar 2024 20:43:57 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aJ1i%2BxG%2BxRvY8FOn%2BW1sRpoLxfmxFtIYOTVIHGcaOcW98znLiCibjxmDbie2TmDUy2%2F16mP51a8%2BhvtljfAkPFc%2F3VjEqksPy0ojkh49AiDLpw1JR9qGb3K5azHms0rb"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
86b23732dbd95c6d-MIA
alt-svc
h3=":443"; ma=86400
s
www.baidu.com/
Redirect Chain
  • http://www.baidu.com/s?wd=ispc
  • https://www.baidu.com/s?wd=ispc
0
0
entIncrease
a.xy58a3.work/app/
Redirect Chain
  • http://a.xy58a3.work/app/entIncrease?name=a.ah7rn8.work
  • https://a.xy58a3.work/app/entIncrease?name=a.ah7rn8.work
33 B
528 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://a.xy58a3.work/app/entIncrease?name=a.ah7rn8.work
Protocol
H3
Server
172.67.190.28 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

date
Wed, 27 Mar 2024 20:43:58 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-cache
MISS
content-type
application/json
access-control-allow-origin
null
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jS54RtZBAl48ONlimPK5yqepXWdkdIIYthjMow2M3ALALt18VVVz0zpKUKbDkIsgv64GaOvotxBFSXma8eXwp%2FBhUgYsOSh8Vh9qbcr7yJgU0%2BSyKTjaKIbjolFEzCmK"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
86b237373ce5257d-MIA
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block

Redirect headers

Location
https://a.xy58a3.work/app/entIncrease?name=a.ah7rn8.work
Non-Authoritative-Reason
DNS
Access-Control-Allow-Origin
https://a.ah7rn8.work
Access-Control-Allow-Credentials
true
Cross-Origin-Resource-Policy
Cross-Origin
getIP
a.xy58a3.work/app/
Redirect Chain
  • http://a.xy58a3.work/app/getIP?code=600538&t=1711572237861
  • https://a.xy58a3.work/app/getIP?code=600538&t=1711572237861
256 B
702 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://a.xy58a3.work/app/getIP?code=600538&t=1711572237861
Protocol
H3
Server
172.67.190.28 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

date
Wed, 27 Mar 2024 20:43:58 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-cache
MISS
content-type
text/plain;charset=UTF-8
access-control-allow-origin
null
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LUTGu%2Fxg8GEYMvq%2B4Kehlrj9wR7m7MQAcnAPcJ5qbqXKXjdmV%2B%2BGnZddE6ib2fykLlf9azC17MLSRqkmuNB2zddom7kOytgiyGwhnHuC%2FO8Z8Zar0euN%2FDW5RVD%2BzFO5"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
86b23736cf66dad1-MIA
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block

Redirect headers

Location
https://a.xy58a3.work/app/getIP?code=600538&t=1711572237861
Non-Authoritative-Reason
DNS
Access-Control-Allow-Origin
https://a.ah7rn8.work
Access-Control-Allow-Credentials
true
Cross-Origin-Resource-Policy
Cross-Origin
Primary Request cos1
a.xy58a3.work/app/
Redirect Chain
  • http://a.xy58a3.work/app/cos1?code=600538&userKey=daded4d53fea25e71582aa4bcaed3345&t=1711572238398
  • https://a.xy58a3.work/app/cos1?code=600538&userKey=daded4d53fea25e71582aa4bcaed3345&t=1711572238398
371 KB
272 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://a.xy58a3.work/app/cos1?code=600538&userKey=daded4d53fea25e71582aa4bcaed3345&t=1711572238398
Requested by
Host: a.ah7rn8.work
URL: https://a.ah7rn8.work/app/a?code=600538
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.190.28 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
00152f781ed40b3d2e662e60db57b50cd0bfb410a0e7d3e17d59218efce844d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
86b2373aab3c3359-MIA
content-encoding
br
content-language
en-US
content-type
text/html;charset=UTF-8
date
Wed, 27 Mar 2024 20:43:59 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fL5XNXZ9qjzTBZ7QkGedqXJyucmLn1M58Tt0jZzcQZgSe%2FMn39p7%2BpZi%2BVgoku6o%2FtF4Nm4bQJAQgRwnmLWae3jBhsT7EkBMQdXCDGhCF343RcneNv5mI3eIU8vNtzBA"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding Origin Access-Control-Request-Method Access-Control-Request-Headers
x-cache
MISS
x-content-type-options
nosniff
x-xss-protection
1; mode=block

Redirect headers

Location
https://a.xy58a3.work/app/cos1?code=600538&userKey=daded4d53fea25e71582aa4bcaed3345&t=1711572238398
Non-Authoritative-Reason
HttpsUpgrades
jquery.min.js
libs.baidu.com/jquery/2.0.0/ 		20 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://libs.baidu.com/jquery/2.0.0/jquery.min.js
Requested by
Host: a.xy58a3.work
URL: https://a.xy58a3.work/app/cos1?code=600538&userKey=daded4d53fea25e71582aa4bcaed3345&t=1711572238398
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
39.156.66.111 , China, ASN9808 (CHINAMOBILE-CN China Mobile Communications Group Co., Ltd., CN),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=87600

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://a.xy58a3.work/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 27 Mar 2024 20:44:00 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=87600
Last-Modified
Wed, 07 Jan 2015 09:16:30 GMT
Server
Apache
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=2592000
Connection
keep-alive
Expires
Fri, 26 Apr 2024 20:44:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.baidu.com
URL
https://www.baidu.com/s?wd=ispc

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onpagereveal

2 Cookies

Domain/Path Name / Value
.baidu.com/ Name: BAIDUID_BFESS
Value: B2BCB1BA9600A464F6AF5C043B32CE3A:FG=1
.a.ah7rn8.work/ Name: cf_clearance
Value: GHSTJpS6s2gI5cTIEjw8MstrVvo5.yYdhkX2xkygzms-1711572237-1.0.1.1-EyCNZcP21FiutgBeEXVY0jL7zp8kqTE8wFa01m92K.Ahsk1OKPy_wE51UZQFOIi98ZHuKydJlgFhfBeabbTzRQ

4 Console Messages

Source Level URL
Text
other warning URL: https://a.ah7rn8.work/app/a?code=600538
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
security warning URL: https://a.ah7rn8.work/app/a?code=600538(Line 90)
Message:
Mixed Content: The page at 'https://a.ah7rn8.work/app/a?code=600538' was loaded over HTTPS, but requested an insecure script 'http://a.xy58a3.work/cosfile/domain.js?t=Wed%20Mar%2027%202024%2010:43:57%20GMT-1000%20(Hawaii-Aleutian%20Standard%20Time)'. This content should also be served over HTTPS.
security warning URL: https://libs.baidu.com/jquery/2.0.0/jquery.min.js(Line 5)
Message:
Mixed Content: The page at 'https://a.ah7rn8.work/app/a?code=600538' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://a.xy58a3.work/app/entIncrease?name=a.ah7rn8.work'. This content should also be served over HTTPS.
security warning URL: https://libs.baidu.com/jquery/2.0.0/jquery.min.js(Line 5)
Message:
Mixed Content: The page at 'https://a.ah7rn8.work/app/a?code=600538' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://a.xy58a3.work/app/getIP?code=600538&t=1711572237861'. This content should also be served over HTTPS.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block