300w.netwin.cn - urlscan.io

Summary

This website contacted 3 IPs in 2 countries across 5 domains to perform 5 HTTP transactions. The main IP is 61.170.80.226, located in China and belongs to CHINANET-SH-AP China Telecom Group, CN. The main domain is 300w.netwin.cn.
TLS certificate: Issued by GeoTrust CN RSA CA G1 on September 25th 2023. Valid for: a year.

This is the only time 300w.netwin.cn was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	206.238.115.123 206.238.115.123	399077 (TERAEXCH) (TERAEXCH)
2 2	39.105.18.168 39.105.18.168	37963 (ALIBABA-C...) (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.)
2	61.170.80.226 61.170.80.226	4812 (CHINANET-...) (CHINANET-SH-AP China Telecom Group)
1	47.92.17.75 47.92.17.75	37963 (ALIBABA-C...) (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.)
5	3

2 206.238.115.123 (Singapore, Singapore)

ASN399077 (TERAEXCH, US)

5489456.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
5465715.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 39.105.18.168 (Beijing, China) 2 redirects

ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN)

login.t.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 61.170.80.226 (China)

ASN4812 (CHINANET-SH-AP China Telecom Group, CN)
PTR: 226.80.170.61.broad.xw.sh.dynamic.163data.com.cn

300w.netwin.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 47.92.17.75 (Beijing, China)

ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN)

fer-shell.oss-cn-zhangjiakou.aliyuncs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	netwin.cn 300w.netwin.cn	1 KB
2	t.cn 2 redirects login.t.cn	328 B
1	5465715.com 5465715.com
1	aliyuncs.com fer-shell.oss-cn-zhangjiakou.aliyuncs.com	12 KB
1	5489456.com 5489456.com	336 B
5	5

	Domain	Requested by
2	300w.netwin.cn	5489456.com
2	login.t.cn	2 redirects
1	5465715.com	fer-shell.oss-cn-zhangjiakou.aliyuncs.com
1	fer-shell.oss-cn-zhangjiakou.aliyuncs.com	300w.netwin.cn
1	5489456.com
5	5

This site contains no links.

Subject Issuer	Validity	Valid
5489456.com R10	`2024-06-22` - `2024-09-20`	3 months	crt.sh
*.netwin.cn GeoTrust CN RSA CA G1	`2023-09-25` - `2024-10-24`	a year	crt.sh
cn-zhangjiakou.oss.aliyuncs.com GlobalSign Organization Validation CA - SHA256 - G3	`2024-02-19` - `2024-11-13`	9 months	crt.sh
5465715.com R10	`2024-06-22` - `2024-09-20`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://300w.netwin.cn/277t39483ufjfie.html?hh=KDAJLKDAA
Frame ID: 96009BCDE55643E610954FF3102987C2
Requests: 4 HTTP requests in this frame

Frame: https://5465715.com/
Frame ID: FBB51E6B3E73EE269B89D36A23E09588
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

腾讯微保

Page URL History Show full URLs

https://5489456.com/ Page URL
http://login.t.cn/A6QfvgUJ HTTP 307
https://login.t.cn/A6QfvgUJ HTTP 302
https://300w.netwin.cn/277t39483ufjfie.html?hh=KDAJLKDAA HTTP 307
http://login.t.cn/A6QfvgUJ HTTP 302
https://300w.netwin.cn/277t39483ufjfie.html?hh=KDAJLKDAA Page URL

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

3
IPs

2
Countries

14 kB
Transfer

45 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://5489456.com/ Page URL
http://login.t.cn/A6QfvgUJ HTTP 307
https://login.t.cn/A6QfvgUJ HTTP 302
https://300w.netwin.cn/277t39483ufjfie.html?hh=KDAJLKDAA HTTP 307
http://login.t.cn/A6QfvgUJ HTTP 302
https://300w.netwin.cn/277t39483ufjfie.html?hh=KDAJLKDAA Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 /
5489456.com/ 183 B
336 B 171ms
40ms Document
text/html 206.238.115.123
TERAEXCH

General

Check archive.org

Show headers Download Go to

Full URL

https://5489456.com/

Protocol

H2

Security

TLS 1.3, , AES_256_GCM

Server

206.238.115.123 Singapore, Singapore, ASN399077 (TERAEXCH, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: en-SG,en;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
content-length: 183
content-type: text/html
date: Tue, 25 Jun 2024 01:18:01 GMT
etag: "66766c82-b7"
last-modified: Sat, 22 Jun 2024 06:17:38 GMT
server: nginx
strict-transport-security: max-age=31536000

GET
H2

200

Primary Request 277t39483ufjfie.html Show response
300w.netwin.cn/
Redirect Chain

http://login.t.cn/A6QfvgUJ
https://login.t.cn/A6QfvgUJ
https://300w.netwin.cn/277t39483ufjfie.html?hh=KDAJLKDAA
http://login.t.cn/A6QfvgUJ
https://300w.netwin.cn/277t39483ufjfie.html?hh=KDAJLKDAA

125 B
706 B

432ms
430ms

Document
text/html

61.170.80.226
CHINANET-SH-AP Ch...

General

Check archive.org

Show headers Download Go to

Full URL: https://300w.netwin.cn/277t39483ufjfie.html?hh=KDAJLKDAA
Requested by: Host: 5489456.com
URL: https://5489456.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 61.170.80.226 , China, ASN4812 (CHINANET-SH-AP China Telecom Group, CN),
Reverse DNS: 226.80.170.61.broad.xw.sh.dynamic.163data.com.cn
Software: Tengine /
Resource Hash: e5e3be76cfd6ae544e45eb0f5ba09e8abd36b949dd0c837a13a8adfeb810c322

Request headers

Accept-Language: en-SG,en;q=0.9;q=0.9
Referer: https://5489456.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-origin: *
ali-swift-global-savetime: 1719278284
cache-control: no-store
content-length: 125
content-md5: HGK2kSKY11HwripB4jMPtg==
content-type: text/html
date: Tue, 25 Jun 2024 01:18:04 GMT
eagleid: 3daa502717192782848977106e
etag: "1C62B6912298D751F0AE2A41E2330FB6"
last-modified: Sun, 16 Jun 2024 10:44:07 GMT
server: Tengine
timing-allow-origin: *
via: cache58.l2cn1827[63,63,200-0,M], cache46.l2cn1827[64,0], cache46.l2cn1827[64,0], vcache18.cn6012[75,74,200-0,M], vcache19.cn6012[83,0]
x-cache: MISS TCP_MISS dirn:-2:-2
x-oss-cdn-auth: success
x-oss-hash-crc64ecma: 4220336498519265613
x-oss-object-type: Normal
x-oss-request-id: 667A1ACCD6639A3239178BEB
x-oss-server-time: 3
x-oss-storage-class: Standard
x-swift-cachetime: 0
x-swift-savetime: Tue, 25 Jun 2024 01:18:04 GMT

Redirect headers

Connection: keep-alive
Content-Length: 238
Content-Type: text/html;charset=UTF-8
Date: Tue, 25 Jun 2024 01:18:04 GMT
Location: https://300w.netwin.cn/277t39483ufjfie.html?hh=KDAJLKDAA
Server: nginx

GET
H/1.1 200
OK index.js Show response
fer-shell.oss-cn-zhangjiakou.aliyuncs.com/ 45 KB
12 KB 4632ms
3496ms Script
application/javascript 47.92.17.75
ALIBABA-CN-NET Ha...

General

Check archive.org

Show headers Download Go to

Full URL: https://fer-shell.oss-cn-zhangjiakou.aliyuncs.com/index.js
Requested by: Host: 300w.netwin.cn
URL: https://300w.netwin.cn/277t39483ufjfie.html?hh=KDAJLKDAA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 47.92.17.75 Beijing, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software: AliyunOSS /
Resource Hash: 9750e0bb6a265a013e5dc11f87d961e1fdca434d6fc3a2c4ec14ae3d5ef5aefc

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://300w.netwin.cn/
Accept-Language: en-SG,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 25 Jun 2024 01:18:09 GMT
Content-Encoding: gzip
x-oss-request-id: 667A1AD157C68C393210758A
Content-MD5: kKpuFoE3fa8E+M3sigrP6w==
Transfer-Encoding: chunked
Content-Disposition: attachment
Connection: keep-alive
x-oss-object-type: Normal
Last-Modified: Mon, 24 Jun 2024 10:52:50 GMT
Server: AliyunOSS
Vary: Accept-Encoding
Content-Type: application/javascript
x-oss-ec: 0048-00000113
x-oss-force-download: true
x-oss-storage-class: Standard
x-oss-hash-crc64ecma: 8025430035215483993
x-oss-server-time: 18

GET
H2 200 /
5465715.com/ Frame FBB5 0
0 129ms
40ms Document
text/html 206.238.115.123
TERAEXCH

General

Check archive.org

Show headers Download Go to

Full URL

https://5465715.com/

Requested by

Host: fer-shell.oss-cn-zhangjiakou.aliyuncs.com
URL: https://fer-shell.oss-cn-zhangjiakou.aliyuncs.com/index.js

Protocol

H2

Security

TLS 1.3, , AES_256_GCM

Server

206.238.115.123 Singapore, Singapore, ASN399077 (TERAEXCH, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: en-SG,en;q=0.9;q=0.9
Referer: https://300w.netwin.cn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
content-length: 184
content-type: text/html
date: Tue, 25 Jun 2024 01:18:11 GMT
etag: "665ed441-b8"
last-modified: Tue, 04 Jun 2024 08:45:53 GMT
server: nginx
strict-transport-security: max-age=31536000

GET
H2 404 favicon.ico
300w.netwin.cn/ 372 B
694 B 582ms
581ms Other
application/xml 61.170.80.226
CHINANET-SH-AP Ch...

General

Check archive.org

Show headers Download Go to

Full URL: https://300w.netwin.cn/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 61.170.80.226 , China, ASN4812 (CHINANET-SH-AP China Telecom Group, CN),
Reverse DNS: 226.80.170.61.broad.xw.sh.dynamic.163data.com.cn
Software: Tengine /
Resource Hash: c57df6b5c117f853204f7ad63888cd4b435d432dc45cd43d79665d31df4ee4df

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://300w.netwin.cn/277t39483ufjfie.html?hh=KDAJLKDAA
Accept-Language: en-SG,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 01:18:12 GMT
via: cache9.l2cn1827[141,141,404-1280,M], cache61.l2cn1827[143,0], cache61.l2cn1827[143,0], vcache4.cn6012[233,232,404-1280,M], vcache19.cn6012[234,0]
x-oss-request-id: 667A1AD44E41B03332902171
x-swift-error: orig response 4XX error
x-swift-cachetime: 1
x-cache: MISS TCP_MISS dirn:-2:-2
x-oss-cdn-auth: success
x-swift-savetime: Tue, 25 Jun 2024 01:18:12 GMT
content-length: 372
server: Tengine
ali-swift-global-savetime: 1719278292
x-oss-ec: 0026-00000001
content-type: application/xml
access-control-allow-origin: *
timing-allow-origin: *
eagleid: 3daa502717192782922471168e
x-oss-server-time: 3

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://300w.netwin.cn/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

300w.netwin.cn
5465715.com
5489456.com
fer-shell.oss-cn-zhangjiakou.aliyuncs.com
login.t.cn
206.238.115.123
39.105.18.168
47.92.17.75
61.170.80.226
9750e0bb6a265a013e5dc11f87d961e1fdca434d6fc3a2c4ec14ae3d5ef5aefc
c57df6b5c117f853204f7ad63888cd4b435d432dc45cd43d79665d31df4ee4df
e5e3be76cfd6ae544e45eb0f5ba09e8abd36b949dd0c837a13a8adfeb810c322

300w.netwin.cn Open in urlscan Pro 61.170.80.226 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

5 Requests

100 %HTTPS

0 %IPv6

5 Domains

5 Subdomains

3 IPs

2 Countries

14 kBTransfer

45 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

0 Cookies

1 Console Messages

Security Headers

Indicators

300w.netwin.cn Open in urlscan Pro
61.170.80.226 Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

3
IPs

2
Countries

14 kB
Transfer

45 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions