ciat.xyz Open in urlscan Pro
91.224.22.173 Public Scan

URL:
http://ciat.xyz/
Submission: On August 22 via api (August 22nd 2020, 7:45:25 pm UTC) from DE

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 8 domains to perform 10 HTTP transactions. The main IP is 91.224.22.173, located in Russian Federation and belongs to AS-REG, RU. The main domain is ciat.xyz.

This is the only time ciat.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	91.224.22.173 91.224.22.173	197695 (AS-REG) (AS-REG)
1	2606:4700:303... 2606:4700:3036::681b:ad97	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.67.15.80 172.67.15.80	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.139.128.10 151.139.128.10	20446 (HIGHWINDS3) (HIGHWINDS3)
1	46.105.201.240 46.105.201.240	16276 (OVH) (OVH)
10	6

1 91.224.22.173 (Russian Federation)

ASN197695 (AS-REG, RU)
PTR: mskf22-173-v.komtet.ru

ciat.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3036::681b:ad97 (United States)

ASN13335 (CLOUDFLARENET, US)

fbpopr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.15.80 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn1.adcdnx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.128.10 (Dallas, United States)

ASN20446 (HIGHWINDS3, US)

cdn.popcash.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.105.201.240 (France)

ASN16276 (OVH, FR)

s10.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	histats.com s10.histats.com s4.histats.com Failed	5 KB
1	popcash.net cdn.popcash.net dcba.popcash.net Failed	36 KB
1	adcdnx.com cdn1.adcdnx.com	32 KB
1	fbpopr.com fbpopr.com	3 KB
1	ciat.xyz ciat.xyz	2 KB
0	mrxoyodeixpkyrzibr.bid Failed mrxoyodeixpkyrzibr.bid Failed
0	samtrg.com Failed samtrg.com Failed
0	Failed function sub() { [native code] }. Failed
10	8

	Domain	Requested by
1	s10.histats.com	ciat.xyz
1	cdn.popcash.net	ciat.xyz
1	cdn1.adcdnx.com	ciat.xyz
1	fbpopr.com	ciat.xyz
1	ciat.xyz
0	s4.histats.com Failed	s10.histats.com
0	dcba.popcash.net Failed	cdn.popcash.net
0	mrxoyodeixpkyrzibr.bid Failed	cdn1.adcdnx.com
0	samtrg.com Failed	fbpopr.com
0	xn--80appk.xn--p1acf Failed	ciat.xyz
10	10

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-07` - `2021-07-07`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://ciat.xyz/
Frame ID: 03186DA54001CC33A95219CBB78A219C
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

10
Requests

10 %
HTTPS

20 %
IPv6

8
Domains

10
Subdomains

6
IPs

3
Countries

78 kB
Transfer

216 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response ciat.xyz/	13 KB 2 KB	348ms 115ms	Document text/html	91.224.22.173 AS-REG
General Check archive.org Show headers Download Go to Full URL http://ciat.xyz/ Protocol HTTP/1.1 Server 91.224.22.173 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS mskf22-173-v.komtet.ru Software nginx/1.16.1 / PHP/5.4.16 Resource Hash `4e42baa181f4266471072fdc82629f0c6e8fed6cbb8805618a9bb914b3a759d8` Request headers Host ciat.xyz Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Server nginx/1.16.1 Date Sat, 22 Aug 2020 19:44:51 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive Vary Accept-Encoding X-Powered-By PHP/5.4.16 Content-Encoding gzip
GET H2	200	waWQiOjEwMjc0MjcsInNpZCI6MTA1MjMwMywid2lkIjoxMTk1NTQsInNyYyI6Mn0=eyJ.js Show response fbpopr.com/p/	5 KB 3 KB	57ms 35ms	Script application/javascript	2606:4700:3036::681b:ad97 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://fbpopr.com/p/waWQiOjEwMjc0MjcsInNpZCI6MTA1MjMwMywid2lkIjoxMTk1NTQsInNyYyI6Mn0=eyJ.js Requested by Host: ciat.xyz URL: http://ciat.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::681b:ad97 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `13bbe799d4fb1e484ad77ffa10efcc82fb8a22d50fda685f4d5dacf0f48a2ff3` Request headers Referer http://ciat.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 22 Aug 2020 19:44:51 GMT content-encoding br cf-cache-status HIT server cloudflare e-tag c47dff1f7a10fb4ad277fca9118ff620 age 2987 status 200 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin https://ciat.xyz cache-control max-age=14400 cf-ray 5c6f1740dac1177a-FRA cf-request-id 04b94cdc870000177a74bb3200000001
GET		fotorcreated.jpg xn--80appk.xn--p1acf/	0 0

GET H/1.1	200 OK	adp1v2.js Show response cdn1.adcdnx.com/	83 KB 32 KB	51ms 33ms	Script text/html	172.67.15.80 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://cdn1.adcdnx.com/adp1v2.js Requested by Host: ciat.xyz URL: http://ciat.xyz/ Protocol HTTP/1.1 Server 172.67.15.80 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `42abed760481ad5f3b73fb009f520c25a382ded9779ccaa68f23a484be242fe0` Request headers Referer http://ciat.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Sat, 22 Aug 2020 19:44:51 GMT Content-Encoding gzip CF-Cache-Status HIT Server cloudflare Age 7022 Vary Accept-Encoding Content-Type text/html;charset=UTF-8 Cache-Control max-age=7200 Transfer-Encoding chunked Connection keep-alive CF-RAY 5c6f1740ef971ede-AMS cf-request-id 04b94cdc9100001ede73334200000001
GET H/1.1	200 OK	show.js Show response cdn.popcash.net/	104 KB 36 KB	53ms 36ms	Script application/javascript	151.139.128.10 HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL http://cdn.popcash.net/show.js Requested by Host: ciat.xyz URL: http://ciat.xyz/ Protocol HTTP/1.1 Server 151.139.128.10 Dallas, United States, ASN20446 (HIGHWINDS3, US), Reverse DNS Software cloudflare / Resource Hash `68396427ddfdbfad80d1e0f6c38537a5e52994352b39cd3c4954546393d279ee` Request headers Referer http://ciat.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Sat, 22 Aug 2020 19:44:51 GMT Content-Encoding gzip CF-Cache-Status DYNAMIC Connection keep-alive Content-Length 36688 cf-request-id 049436ea240000cd9f2b398200000001 Last-Modified Wed, 29 Jul 2020 10:22:58 GMT Server cloudflare ETag W/"5f214e02-19fdf" Vary Accept-Encoding X-HW 1598125491.cds047.pa1.h2,1598125491.cds002.pa1.c Content-Type application/javascript Access-Control-Allow-Origin * Cache-Control max-age=2592000, public Accept-Ranges bytes CF-RAY 5c33c0f03fe2cd9f-CDG
GET H/1.1	200 OK	js15_as.js s10.histats.com/	11 KB 5 KB	49ms 32ms	Script text/javascript	46.105.201.240 OVH
General Check archive.org Show headers Download Go to Full URL http://s10.histats.com/js15_as.js Requested by Host: ciat.xyz URL: http://ciat.xyz/ Protocol HTTP/1.1 Server 46.105.201.240 , France, ASN16276 (OVH, FR), Reverse DNS Software / Resource Hash Request headers Referer http://ciat.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Sat, 22 Aug 2020 19:39:38 GMT Content-Encoding gzip Last-Modified Thu, 16 Apr 2020 10:44:16 GMT X-CDN-Pop-IP 137.74.120.32/27 ETag "-375139978" X-Cacheable Matched cache Vary Accept-Encoding X-IPLB-Instance 33187 Content-Type text/javascript X-CDN-Pop sbg Accept-Ranges bytes Content-Length 4547 X-Request-ID 630688640
GET		cuload samtrg.com/	0 0

GET		rci mrxoyodeixpkyrzibr.bid/	0 0

GET		znWaa3gu dcba.popcash.net/	0 0

GET		0.php s4.histats.com/stats/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: xn--80appk.xn--p1acf
URL: http://xn--80appk.xn--p1acf/fotorcreated.jpg

Domain: samtrg.com
URL: https://samtrg.com/cuload?a=1&e=aeyJwaWQiOjEwMjc0MjcsInNpZCI6MTA1MjMwMywid2lkIjoxMTk1NTQsImQiOiJjaWF0Lnh5eiIsImxpIjoxfQ==&tz=2&if=0

Domain: mrxoyodeixpkyrzibr.bid
URL: http://mrxoyodeixpkyrzibr.bid/rci

Domain: dcba.popcash.net
URL: https://dcba.popcash.net/znWaa3gu

Domain: s4.histats.com
URL: https://s4.histats.com/stats/0.php?4441218&@f16&@g1&@h1&@i1&@j1598125491437&@k0&@l1&@m&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@b1:-65953599&@b3:1598125491&@b4:js15_as.js&@b5:120&@a-_0.2.1&@vhttp%3A%2F%2Fciat.xyz%2F&@w

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: http://cdn.popcash.net/show.js(Line 4) Message: Popunder Script @ popunderjs.com
console-api	log	URL: http://cdn.popcash.net/show.js(Line 4) Message: Author: Phan Thanh Cong <contact@ptcong.com>
console-api	log	URL: http://cdn.popcash.net/show.js(Line 4) Message: Version: 2.11.15
console-api	log	URL: http://cdn.popcash.net/show.js(Line 4) Message: Release: 2020/1/2

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.popcash.net
cdn1.adcdnx.com
ciat.xyz
dcba.popcash.net
fbpopr.com
mrxoyodeixpkyrzibr.bid
s10.histats.com
s4.histats.com
samtrg.com
xn--80appk.xn--p1acf
dcba.popcash.net
mrxoyodeixpkyrzibr.bid
s4.histats.com
samtrg.com
xn--80appk.xn--p1acf
151.139.128.10
172.67.15.80
2606:4700:3036::681b:ad97
46.105.201.240
91.224.22.173
13bbe799d4fb1e484ad77ffa10efcc82fb8a22d50fda685f4d5dacf0f48a2ff3
42abed760481ad5f3b73fb009f520c25a382ded9779ccaa68f23a484be242fe0
4e42baa181f4266471072fdc82629f0c6e8fed6cbb8805618a9bb914b3a759d8
68396427ddfdbfad80d1e0f6c38537a5e52994352b39cd3c4954546393d279ee

ciat.xyz Open in urlscan Pro 91.224.22.173 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

10 Requests

10 %HTTPS

20 %IPv6

8 Domains

10 Subdomains

6 IPs

3 Countries

78 kBTransfer

216 kBSize

0 Cookies

0 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

0 Cookies

4 Console Messages

Indicators

ciat.xyz Open in urlscan Pro
91.224.22.173 Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

10 %
HTTPS

20 %
IPv6

8
Domains

10
Subdomains

6
IPs

3
Countries

78 kB
Transfer

216 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions