app-dhjvbl.junyaochaye.com Open in urlscan Pro
170.33.96.105 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://xpoplrl7.xyz/
Effective URL:
https://app-dhjvbl.junyaochaye.com/page/dhjvbl/install/c/eyJtIjoiX3pkYjJLeFVIZTBBQUFHRUhzVTBBZWhRMHNJdm1OYWFMNHYxWVpla29YQ1NxR2Y2Ml...
Submission: On October 28 via api (October 28th 2022, 1:25:57 pm UTC) from US — Scanned from US

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 4 countries across 5 domains to perform 15 HTTP transactions. The main IP is 170.33.96.105, located in Singapore and belongs to ASEPL-AS-AP Alibaba.com Singapore E-Commerce Private Limited, SG. The main domain is app-dhjvbl.junyaochaye.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on October 24th 2022. Valid for: a year.

This is the only time app-dhjvbl.junyaochaye.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Downloads These files were downloaded by the website

Incomplete 217224_sign.apk 53 MB

Size: 53 MB (55485221 bytes, 0% done)

Downloaded from: https://wasnfqjs20221028.oss-cn-shenzhen.aliyuncs.com/20221028/217224_sign.apk?OSSAccessKeyId=LTAI5tCWaZtZzv9Z3FYPNeay&Expires=1666963855&Signature=4i%2BFl28NpbxH1lN%2FGpP3NBTI0hE%3D

Domain & IP information

	IP Address	AS Autonomous System
1 1	45.207.36.174 45.207.36.174	133199 (SONDERCLO...) (SONDERCLOUDLIMITED-AS-AP SonderCloud Limited)
4	154.197.15.18 154.197.15.18	400618 (PRIME-SEC) (PRIME-SEC)
7	47.253.28.5 47.253.28.5	45102 (ALIBABA-C...) (ALIBABA-CN-NET Alibaba US Technology Co.)
1	154.82.120.144 154.82.120.144	399077 (TERAEXCH) (TERAEXCH)
1 2	170.33.96.105 170.33.96.105	134963 (ASEPL-AS-...) (ASEPL-AS-AP Alibaba.com Singapore E-Commerce Private Limited)
1 1	23.224.86.173 23.224.86.173	() ()
1	120.77.166.19 120.77.166.19	() ()
15	6

1 45.207.36.174 (Hong Kong) 1 redirects

ASN133199 (SONDERCLOUDLIMITED-AS-AP SonderCloud Limited, HK)

xpoplrl7.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 154.197.15.18 (Seychelles)

ASN400618 (PRIME-SEC, US)

xpoplrl7.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 47.253.28.5 (United States)

ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN)

amazon2as.oss-accelerate.aliyuncs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cloudto1.oss-accelerate.aliyuncs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 154.82.120.144 (Singapore)

ASN399077 (TERAEXCH, US)

sdk.szdaqi88.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 170.33.96.105 (Singapore) 1 redirects

ASN134963 (ASEPL-AS-AP Alibaba.com Singapore E-Commerce Private Limited, SG)

app-dhjvbl.junyaochaye.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.224.86.173 (None, ) 1 redirects

ASN- ()

d92707.ddosrbpp.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 120.77.166.19 (None, )

ASN- ()

wasnfqjs20221028.oss-cn-shenzhen.aliyuncs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	aliyuncs.com amazon2as.oss-accelerate.aliyuncs.com cloudto1.oss-accelerate.aliyuncs.com wasnfqjs20221028.oss-cn-shenzhen.aliyuncs.com	837 KB
5	xpoplrl7.xyz 1 redirects xpoplrl7.xyz	61 KB
2	junyaochaye.com sdk.junyaochaye.com Failed app-dhjvbl.junyaochaye.com	11 KB
1	ddosrbpp.cn 1 redirects d92707.ddosrbpp.cn	422 B
1	szdaqi88.com sdk.szdaqi88.com — Cisco Umbrella Rank: 936393	667 B
15	5

	Domain	Requested by
5	cloudto1.oss-accelerate.aliyuncs.com	xpoplrl7.xyz
5	xpoplrl7.xyz	1 redirects xpoplrl7.xyz
2	app-dhjvbl.junyaochaye.com	1 redirects xpoplrl7.xyz
2	amazon2as.oss-accelerate.aliyuncs.com	xpoplrl7.xyz
1	wasnfqjs20221028.oss-cn-shenzhen.aliyuncs.com	app-dhjvbl.junyaochaye.com
1	d92707.ddosrbpp.cn	1 redirects
1	sdk.szdaqi88.com	xpoplrl7.xyz
0	sdk.junyaochaye.com Failed	xpoplrl7.xyz
15	8

This site contains no links.

Subject Issuer	Validity	Valid
uftpzsl1.xyz R3	`2022-10-28` - `2023-01-26`	3 months	crt.sh
*.oss-us-east-1.aliyuncs.com GlobalSign Organization Validation CA - SHA256 - G2	`2022-01-20` - `2023-02-21`	a year	crt.sh
*.szdaqi88.com Sectigo RSA Domain Validation Secure Server CA	`2022-03-16` - `2023-03-16`	a year	crt.sh
*.junyaochaye.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-24` - `2023-10-24`	a year	crt.sh
*.oss-cn-shenzhen.aliyuncs.com GlobalSign Organization Validation CA - SHA256 - G2	`2022-01-20` - `2023-02-21`	a year	crt.sh

This page contains 1 frames:

Frame: https://wasnfqjs20221028.oss-cn-shenzhen.aliyuncs.com/20221028/217224_sign.apk?OSSAccessKeyId=LTAI5tCWaZtZzv9Z3FYPNeay&Expires=1666963855&Signature=4i%2BFl28NpbxH1lN%2FGpP3NBTI0hE%3D
Frame ID: 0D4041A1A98620C046A061FAA300481B
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://xpoplrl7.xyz/ HTTP 301
https://xpoplrl7.xyz/ Page URL
https://app-dhjvbl.junyaochaye.com/page/dhjvbl/install/c/eyJtIjoiX3pkYjJLeFVIZTBBQUFHRUhzVTBBZWhRMHNJdm1OYWFMNH... Page URL

Detected technologies

Clipboard.js (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

clipboard(?:-([\d.]+))?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

93 %
HTTPS

0 %
IPv6

5
Domains

8
Subdomains

6
IPs

4
Countries

910 kB
Transfer

995 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://xpoplrl7.xyz/ HTTP 301
https://xpoplrl7.xyz/ Page URL
https://app-dhjvbl.junyaochaye.com/page/dhjvbl/install/c/eyJtIjoiX3pkYjJLeFVIZTBBQUFHRUhzVTBBZWhRMHNJdm1OYWFMNHYxWVpla29YQ1NxR2Y2MlZCbU42d1JFM00ifQ==?p=0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://xpoplrl7.xyz/ HTTP 301
https://xpoplrl7.xyz/

Request Chain 13

https://app-dhjvbl.junyaochaye.com/page/dhjvbl/install/c/eyJtIjoiX3pkYjJLeFVIZTBBQUFHRUhzVTBBZWhRMHNJdm1OYWFMNHYxWVpla29YQ1NxR2Y2MlZCbU42d1JFM00ifQ==?p=0 HTTP 302
https://d92707.ddosrbpp.cn/Dos/d/c/5sppdN7ykEdG895G HTTP 302
https://wasnfqjs20221028.oss-cn-shenzhen.aliyuncs.com/20221028/217224_sign.apk?OSSAccessKeyId=LTAI5tCWaZtZzv9Z3FYPNeay&Expires=1666963855&Signature=4i%2BFl28NpbxH1lN%2FGpP3NBTI0hE%3D

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/ Show response
xpoplrl7.xyz/
Redirect Chain

http://xpoplrl7.xyz/
https://xpoplrl7.xyz/

6 KB
2 KB

1023ms
532ms

Document
text/html

154.197.15.18
PRIME-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://xpoplrl7.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

154.197.15.18 , Seychelles, ASN400618 (PRIME-SEC, US),

Reverse DNS

Software

CloudFlare /

Resource Hash

d1fa2a864010d7d034c071d51b60555253edf9f1b3443e6709d567ffd3f21484

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

content-encoding: gzip
content-type: text/html
date: Fri, 28 Oct 2022 13:25:47 GMT
etag: W/"635b57f6-18c8"
last-modified: Fri, 28 Oct 2022 04:17:58 GMT
server: CloudFlare
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cache-status: MISS

Redirect headers

Connection: keep-alive
Content-Length: 166
Content-Type: text/html
Date: Fri, 28 Oct 2022 13:25:46 GMT
Location: https://xpoplrl7.xyz/
Server: CloudFlare
X-Cache-Status: MISS

GET
H2 200 jquery-3.5.1.min.js Show response
xpoplrl7.xyz/js/ 87 KB
34 KB 610ms
609ms Script
application/javascript 154.197.15.18
PRIME-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://xpoplrl7.xyz/js/jquery-3.5.1.min.js

Requested by

Host: xpoplrl7.xyz
URL: https://xpoplrl7.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

154.197.15.18 , Seychelles, ASN400618 (PRIME-SEC, US),

Reverse DNS

Software

CloudFlare /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://xpoplrl7.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 13:25:48 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 28 Sep 2022 06:29:09 GMT
server: CloudFlare
etag: W/"6333e9b5-15d84"
x-cache-status: EXPIRED
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
expires: Sat, 29 Oct 2022 01:25:48 GMT

GET
H/1.1 200
OK first.gif
amazon2as.oss-accelerate.aliyuncs.com/images/ 468 KB
468 KB 494ms
289ms Image
image/gif 47.253.28.5
ALIBABA-CN-NET Al...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://amazon2as.oss-accelerate.aliyuncs.com/images/first.gif
Requested by: Host: xpoplrl7.xyz
URL: https://xpoplrl7.xyz/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 47.253.28.5 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software: AliyunOSS /
Resource Hash: f482f87bfe938e6ad011574862f681efb3ac56c84a4b1c8915f7cb1b97b23acd

Request headers

accept-language: en-US,en;q=0.9
Referer: https://xpoplrl7.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Fri, 28 Oct 2022 13:25:48 GMT
x-oss-request-id: 635BD85C275E053D6227B470
Content-MD5: ZDXeydih/YGya90IjUZLAA==
Content-Disposition: attachment
Connection: keep-alive
Content-Length: 479059
x-oss-object-type: Normal
Last-Modified: Fri, 14 Oct 2022 05:20:26 GMT
Server: AliyunOSS
ETag: "6435DEC9D8A1FD81B26BDD088D464B00"
Content-Type: image/gif
x-oss-force-download: true
x-oss-storage-class: Standard
Accept-Ranges: bytes
x-oss-hash-crc64ecma: 13370140012621051060
x-oss-server-time: 1

GET
H/1.1 200
OK 1_01.jpg
cloudto1.oss-accelerate.aliyuncs.com/images/ 22 KB
22 KB 484ms
320ms Image
image/jpeg 47.253.28.5
ALIBABA-CN-NET Al...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cloudto1.oss-accelerate.aliyuncs.com/images/1_01.jpg
Requested by: Host: xpoplrl7.xyz
URL: https://xpoplrl7.xyz/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 47.253.28.5 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software: AliyunOSS /
Resource Hash: 3d77977fc2d8d6101a2034261f2a5e6e6526b1e1ccedef80dadb8d49570c4c8a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://xpoplrl7.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Fri, 28 Oct 2022 13:25:49 GMT
x-oss-request-id: 635BD85D817FCEF3B769ABA3
Content-MD5: 0Z6MW5X7OjAhg7s7BZspqQ==
Content-Disposition: attachment
Connection: keep-alive
Content-Length: 22510
x-oss-object-type: Normal
Last-Modified: Wed, 26 Oct 2022 07:59:39 GMT
Server: AliyunOSS
ETag: "D19E8C5B95FB3A302183BB3B059B29A9"
Content-Type: image/jpeg
x-oss-force-download: true
x-oss-storage-class: Standard
Accept-Ranges: bytes
x-oss-hash-crc64ecma: 11484395209804515854
x-oss-server-time: 2

GET
H/1.1 200
OK 1_02.jpg
cloudto1.oss-accelerate.aliyuncs.com/images/ 64 KB
65 KB 481ms
317ms Image
image/jpeg 47.253.28.5
ALIBABA-CN-NET Al...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cloudto1.oss-accelerate.aliyuncs.com/images/1_02.jpg
Requested by: Host: xpoplrl7.xyz
URL: https://xpoplrl7.xyz/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 47.253.28.5 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software: AliyunOSS /
Resource Hash: 779101d05511ba1fc419b60c0a9786b62412ad5dac100045bf936428a28f52c7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://xpoplrl7.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Fri, 28 Oct 2022 13:25:49 GMT
x-oss-request-id: 635BD85DE0961E5009BB6945
Content-MD5: vjYrLXaos89w5jBwM7jqDg==
Content-Disposition: attachment
Connection: keep-alive
Content-Length: 65598
x-oss-object-type: Normal
Last-Modified: Wed, 26 Oct 2022 07:59:39 GMT
Server: AliyunOSS
ETag: "BE362B2D76A8B3CF70E6307033B8EA0E"
Content-Type: image/jpeg
x-oss-force-download: true
x-oss-storage-class: Standard
Accept-Ranges: bytes
x-oss-hash-crc64ecma: 17974093149542303241
x-oss-server-time: 3

GET
H/1.1 200
OK 1_03.jpg
amazon2as.oss-accelerate.aliyuncs.com/images/ 60 KB
60 KB 301ms
300ms Image
image/jpeg 47.253.28.5
ALIBABA-CN-NET Al...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://amazon2as.oss-accelerate.aliyuncs.com/images/1_03.jpg
Requested by: Host: xpoplrl7.xyz
URL: https://xpoplrl7.xyz/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 47.253.28.5 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software: AliyunOSS /
Resource Hash: f6974610b825bbeb24fb28c8d13c21aacb7e13c9ea0e14a4ff4bc1fc207e8a17

Request headers

accept-language: en-US,en;q=0.9
Referer: https://xpoplrl7.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Fri, 28 Oct 2022 13:25:48 GMT
x-oss-request-id: 635BD85C678B8EA9C503C6F8
Content-MD5: X3MqEgDT34TieJqnFCn6Jg==
Content-Disposition: attachment
Connection: keep-alive
Content-Length: 61234
x-oss-object-type: Normal
Last-Modified: Fri, 14 Oct 2022 05:20:26 GMT
Server: AliyunOSS
ETag: "5F732A1200D3DF84E2789AA71429FA26"
Content-Type: image/jpeg
x-oss-force-download: true
x-oss-storage-class: Standard
Accept-Ranges: bytes
x-oss-hash-crc64ecma: 11145496187367192358
x-oss-server-time: 1

GET
H/1.1 200
OK 1_04.jpg
cloudto1.oss-accelerate.aliyuncs.com/images/ 110 KB
110 KB 459ms
295ms Image
image/jpeg 47.253.28.5
ALIBABA-CN-NET Al...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cloudto1.oss-accelerate.aliyuncs.com/images/1_04.jpg
Requested by: Host: xpoplrl7.xyz
URL: https://xpoplrl7.xyz/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 47.253.28.5 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software: AliyunOSS /
Resource Hash: a8e55f1991be926559f45df5d6382d030ecc28ba863b4604d392b5e9f43a6d7c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://xpoplrl7.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Fri, 28 Oct 2022 13:25:49 GMT
x-oss-request-id: 635BD85DE2DC5AFC176937AF
Content-MD5: F0U8JXKIjb2WEn9SDENuew==
Content-Disposition: attachment
Connection: keep-alive
Content-Length: 112418
x-oss-object-type: Normal
Last-Modified: Wed, 26 Oct 2022 07:59:39 GMT
Server: AliyunOSS
ETag: "17453C2572888DBD96127F520C436E7B"
Content-Type: image/jpeg
x-oss-force-download: true
x-oss-storage-class: Standard
Accept-Ranges: bytes
x-oss-hash-crc64ecma: 11148527064803002549
x-oss-server-time: 2

GET
H2 200 clipboard.min.js Show response
xpoplrl7.xyz/js/ 11 KB
4 KB 539ms
538ms Script
application/javascript 154.197.15.18
PRIME-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://xpoplrl7.xyz/js/clipboard.min.js

Requested by

Host: xpoplrl7.xyz
URL: https://xpoplrl7.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

154.197.15.18 , Seychelles, ASN400618 (PRIME-SEC, US),

Reverse DNS

Software

CloudFlare /

Resource Hash

1626706afc88d95ebe1173b553ec732c6dc82a576989315fdf5e7779af738a44

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://xpoplrl7.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 13:25:48 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 28 Sep 2022 06:29:09 GMT
server: CloudFlare
etag: W/"6333e9b5-2a02"
x-cache-status: EXPIRED
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
expires: Sat, 29 Oct 2022 01:25:48 GMT

GET
H2 200 appinstall.js Show response
xpoplrl7.xyz/js/ 45 KB
21 KB 547ms
546ms Script
application/javascript 154.197.15.18
PRIME-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://xpoplrl7.xyz/js/appinstall.js

Requested by

Host: xpoplrl7.xyz
URL: https://xpoplrl7.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

154.197.15.18 , Seychelles, ASN400618 (PRIME-SEC, US),

Reverse DNS

Software

CloudFlare /

Resource Hash

a41d962b651290780e840c6af891a5b5bf63111a37ce0da79cff4702cb830ce2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://xpoplrl7.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 13:25:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 28 Sep 2022 06:29:09 GMT
server: CloudFlare
etag: W/"6333e9b5-b533"
x-cache-status: EXPIRED
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
expires: Sat, 29 Oct 2022 01:25:49 GMT

GET
H/1.1 200
OK kf.gif
cloudto1.oss-accelerate.aliyuncs.com/images/ 35 KB
35 KB 463ms
300ms Image
image/gif 47.253.28.5
ALIBABA-CN-NET Al...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cloudto1.oss-accelerate.aliyuncs.com/images/kf.gif
Requested by: Host: xpoplrl7.xyz
URL: https://xpoplrl7.xyz/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 47.253.28.5 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software: AliyunOSS /
Resource Hash: b3eff13e100d16ecb01ceba621a6b565388eddee002e835d4df01e6d5335a762

Request headers

accept-language: en-US,en;q=0.9
Referer: https://xpoplrl7.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Fri, 28 Oct 2022 13:25:49 GMT
x-oss-request-id: 635BD85D817FCEF3B769AB9F
Content-MD5: zlUSCIiBCadq3Wue4+41nQ==
Content-Disposition: attachment
Connection: keep-alive
Content-Length: 35475
x-oss-object-type: Normal
Last-Modified: Wed, 26 Oct 2022 07:59:39 GMT
Server: AliyunOSS
ETag: "CE551208888109A76ADD6B9EE3EE359D"
Content-Type: image/gif
x-oss-force-download: true
x-oss-storage-class: Standard
Accept-Ranges: bytes
x-oss-hash-crc64ecma: 15794380327613756080
x-oss-server-time: 2

GET
H/1.1 200
OK down.gif
cloudto1.oss-accelerate.aliyuncs.com/images/ 76 KB
76 KB 470ms
308ms Image
image/gif 47.253.28.5
ALIBABA-CN-NET Al...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cloudto1.oss-accelerate.aliyuncs.com/images/down.gif
Requested by: Host: xpoplrl7.xyz
URL: https://xpoplrl7.xyz/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 47.253.28.5 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software: AliyunOSS /
Resource Hash: a60ea3bb61d164a8b23876b80605519d9b53da334b665759d259ff7273bc0154

Request headers

accept-language: en-US,en;q=0.9
Referer: https://xpoplrl7.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Fri, 28 Oct 2022 13:25:49 GMT
x-oss-request-id: 635BD85DB561E20294440ABE
Content-MD5: EkxxRzRVsCQDGAKvaiMWuA==
Content-Disposition: attachment
Connection: keep-alive
Content-Length: 77483
x-oss-object-type: Normal
Last-Modified: Wed, 26 Oct 2022 07:59:39 GMT
Server: AliyunOSS
ETag: "124C71473455B024031802AF6A2316B8"
Content-Type: image/gif
x-oss-force-download: true
x-oss-storage-class: Standard
Accept-Ranges: bytes
x-oss-hash-crc64ecma: 15795341925344254905
x-oss-server-time: 2

POST
H2 200 init Show response
sdk.szdaqi88.com/web/dhjvbl/_/ 420 B
667 B 1335ms
302ms XHR
application/json 154.82.120.144
TERAEXCH

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.szdaqi88.com/web/dhjvbl/_/init?av=0&cv=0&hash=&sw=p6Cmpg&sh=p6Smpg&sp=1

Requested by

Host: xpoplrl7.xyz
URL: https://xpoplrl7.xyz/js/appinstall.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

154.82.120.144 , Singapore, ASN399077 (TERAEXCH, US),

Reverse DNS

Software

NgxFence /

Resource Hash

e953c154a8bd98da9076333d59ed238543ce1f39fb8225fd2ea2b941926a534e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload

Request headers

Referer: https://xpoplrl7.xyz/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 28 Oct 2022 13:25:51 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: br
server: NgxFence
vary: Origin
content-type: application/json;charset=utf-8
access-control-allow-origin: https://xpoplrl7.xyz
access-control-allow-credentials: true

POST clicked
sdk.junyaochaye.com/web/dhjvbl/_/ 0
0

GET
H2 200 Primary Request eyJtIjoiX3pkYjJLeFVIZTBBQUFHRUhzVTBBZWhRMHNJdm1OYWFMNHYxWVpla29YQ1NxR2Y2MlZCbU42d1JFM00ifQ== Show response
app-dhjvbl.junyaochaye.com/page/dhjvbl/install/c/ 11 KB
11 KB 330ms
138ms Document
text/html 170.33.96.105
ASEPL-AS-AP Aliba...

General

Check archive.org

Show headers Download Go to

Full URL

https://app-dhjvbl.junyaochaye.com/page/dhjvbl/install/c/eyJtIjoiX3pkYjJLeFVIZTBBQUFHRUhzVTBBZWhRMHNJdm1OYWFMNHYxWVpla29YQ1NxR2Y2MlZCbU42d1JFM00ifQ==?p=0

Requested by

Host: xpoplrl7.xyz
URL: https://xpoplrl7.xyz/js/appinstall.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.33.96.105 , Singapore, ASN134963 (ASEPL-AS-AP Alibaba.com Singapore E-Commerce Private Limited, SG),

Reverse DNS

Software

Tengine /

Resource Hash

fced5bbe9797ebba5c5f9d5d941ad3d2b09904e27343cf226ff078026aa7c519

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://xpoplrl7.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

content-type: text/html; charset=utf-8
date: Fri, 28 Oct 2022 13:25:52 GMT
server: Tengine
strict-transport-security: max-age=31536000

GET
H/1.1

200
OK

217224_sign.apk
wasnfqjs20221028.oss-cn-shenzhen.aliyuncs.com/20221028/
Redirect Chain

https://app-dhjvbl.junyaochaye.com/page/dhjvbl/install/c/eyJtIjoiX3pkYjJLeFVIZTBBQUFHRUhzVTBBZWhRMHNJdm1OYWFMNHYxWVpla29YQ1NxR2Y2MlZCbU42d1JFM00ifQ==?p=0
https://d92707.ddosrbpp.cn/Dos/d/c/5sppdN7ykEdG895G
https://wasnfqjs20221028.oss-cn-shenzhen.aliyuncs.com/20221028/217224_sign.apk?OSSAccessKeyId=LTAI5tCWaZtZzv9Z3FYPNeay&Expires=1666963855&Signature=4i%2BFl28NpbxH1lN%2FGpP3NBTI0hE%3D

0
0

1499ms
375ms

Document
application/vnd.android.package-archive

120.77.166.19

General

Check archive.org

Show headers Download Go to

Full URL: https://wasnfqjs20221028.oss-cn-shenzhen.aliyuncs.com/20221028/217224_sign.apk?OSSAccessKeyId=LTAI5tCWaZtZzv9Z3FYPNeay&Expires=1666963855&Signature=4i%2BFl28NpbxH1lN%2FGpP3NBTI0hE%3D
Requested by: Host: app-dhjvbl.junyaochaye.com
URL: https://app-dhjvbl.junyaochaye.com/page/dhjvbl/install/c/eyJtIjoiX3pkYjJLeFVIZTBBQUFHRUhzVTBBZWhRMHNJdm1OYWFMNHYxWVpla29YQ1NxR2Y2MlZCbU42d1JFM00ifQ==?p=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 120.77.166.19 -, , ASN (),
Reverse DNS
Software: AliyunOSS /
Resource Hash

Request headers

Referer: https://app-dhjvbl.junyaochaye.com/page/dhjvbl/install/c/eyJtIjoiX3pkYjJLeFVIZTBBQUFHRUhzVTBBZWhRMHNJdm1OYWFMNHYxWVpla29YQ1NxR2Y2MlZCbU42d1JFM00ifQ==?p=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Disposition: attachment
Content-Length: 55485221
Content-MD5: jqIK7XDuFImcWACSUMGR5Q==
Content-Type: application/vnd.android.package-archive
Date: Fri, 28 Oct 2022 13:25:57 GMT
ETag: "8EA20AED70EE14899C58009250C191E5"
Last-Modified: Fri, 28 Oct 2022 13:24:36 GMT
Server: AliyunOSS
x-oss-force-download: true
x-oss-hash-crc64ecma: 5206722918750162498
x-oss-object-type: Normal
x-oss-request-id: 635BD865D17D343033439DF8
x-oss-server-time: 3
x-oss-storage-class: Standard

Redirect headers

cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 no-cache
content-type: text/html; charset=UTF-8
date: Fri, 28 Oct 2022 13:25:55 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: https://wasnfqjs20221028.oss-cn-shenzhen.aliyuncs.com/20221028/217224_sign.apk?OSSAccessKeyId=LTAI5tCWaZtZzv9Z3FYPNeay&Expires=1666963855&Signature=4i%2BFl28NpbxH1lN%2FGpP3NBTI0hE%3D
pragma: no-cache
server: qq.com
strict-transport-security: max-age=31536000
x-cache-status: MISS

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: sdk.junyaochaye.com
URL: https://sdk.junyaochaye.com/web/dhjvbl/_/clicked?p=0&ref=https%3A%2F%2Fxpoplrl7.xyz%2F&ac=0&cc=0

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			app-dhjvbl.junyaochaye.com/	1970-01-20 07:04:09	Name: alicfw Value: 3496778422%7C2121589291%7C1328233473%7C1328234225
			app-dhjvbl.junyaochaye.com/	1970-01-20 07:04:09	Name: alicfw_gfver Value: v1.200309.1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

amazon2as.oss-accelerate.aliyuncs.com
app-dhjvbl.junyaochaye.com
cloudto1.oss-accelerate.aliyuncs.com
d92707.ddosrbpp.cn
sdk.junyaochaye.com
sdk.szdaqi88.com
wasnfqjs20221028.oss-cn-shenzhen.aliyuncs.com
xpoplrl7.xyz
sdk.junyaochaye.com
120.77.166.19
154.197.15.18
154.82.120.144
170.33.96.105
23.224.86.173
45.207.36.174
47.253.28.5
1626706afc88d95ebe1173b553ec732c6dc82a576989315fdf5e7779af738a44
3d77977fc2d8d6101a2034261f2a5e6e6526b1e1ccedef80dadb8d49570c4c8a
779101d05511ba1fc419b60c0a9786b62412ad5dac100045bf936428a28f52c7
a41d962b651290780e840c6af891a5b5bf63111a37ce0da79cff4702cb830ce2
a60ea3bb61d164a8b23876b80605519d9b53da334b665759d259ff7273bc0154
a8e55f1991be926559f45df5d6382d030ecc28ba863b4604d392b5e9f43a6d7c
b3eff13e100d16ecb01ceba621a6b565388eddee002e835d4df01e6d5335a762
d1fa2a864010d7d034c071d51b60555253edf9f1b3443e6709d567ffd3f21484
e953c154a8bd98da9076333d59ed238543ce1f39fb8225fd2ea2b941926a534e
f482f87bfe938e6ad011574862f681efb3ac56c84a4b1c8915f7cb1b97b23acd
f6974610b825bbeb24fb28c8d13c21aacb7e13c9ea0e14a4ff4bc1fc207e8a17
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fced5bbe9797ebba5c5f9d5d941ad3d2b09904e27343cf226ff078026aa7c519

app-dhjvbl.junyaochaye.com Open in urlscan Pro 170.33.96.105 Public Scan

Summary

urlscan.io Verdict: No classification

Downloads These files were downloaded by the website

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

93 %HTTPS

0 %IPv6

5 Domains

8 Subdomains

6 IPs

4 Countries

910 kBTransfer

995 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

2 Cookies

Security Headers

Indicators

app-dhjvbl.junyaochaye.com Open in urlscan Pro
170.33.96.105 Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

93 %
HTTPS

0 %
IPv6

5
Domains

8
Subdomains

6
IPs

4
Countries

910 kB
Transfer

995 kB
Size

2
Cookies

15 HTTP transactions
0 data transactions