xs.2042g.xyz Open in urlscan Pro
172.247.238.13  Public Scan

4 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response xs.2042g.xyz/	15 KB 4 KB	2610ms 154ms	Document text/html	172.247.238.13 CNSERVERS
General Check archive.org Show headers Download Go to Full URL https://xs.2042g.xyz/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 172.247.238.13 , United States, ASN40065 (CNSERVERS, US), Reverse DNS Software tydcdn / ThinkPHP Resource Hash e35e3cfeb27720c9d6353d864b5bc2303fcc42eac8d534bbd6afdb1790c7b6f6 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers Cache-control private Connection keep-alive Content-Encoding gzip Content-Length 4094 Content-Type text/html; charset=utf-8 Date Fri, 17 May 2024 22:43:43 GMT Server tydcdn Upgrade h2 Vary Accept-Encoding X-Cache-Status HIT X-Powered-By ThinkPHP
GET H2	200	jquery.min.js Show response lf6-cdn-tos.bytecdntp.com/cdn/expire-1-y/jquery/2.1.4/	82 KB 30 KB	2157ms 310ms	Script application/javascript	2409:8c20:8ab1:22:1::f4 CMNET-JIANGSU-AP ...
General Check archive.org Show headers Download Go to Full URL https://lf6-cdn-tos.bytecdntp.com/cdn/expire-1-y/jquery/2.1.4/jquery.min.js Requested by Host: xs.2042g.xyz URL: https://xs.2042g.xyz/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2409:8c20:8ab1:22:1::f4 , China, ASN56046 (CMNET-JIANGSU-AP China Mobile communications corporation, CN), Reverse DNS Software TLB / Resource Hash 22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://xs.2042g.xyz/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 25 Mar 2024 09:22:53 GMT content-encoding gzip x-tt-trace-tag id=06;cdn-cache=hit;type=static x-tt-trace-id 00-2403251722539546BBEDF7747A0E4424-4E18B6325EF95A8E-00 age 4627253 x-link-via yanccm31:443;hzmp63:443; x-cache-status HIT from KS-CLOUD-HZ-MP-63-20, HIT from KS-CLOUD-YANC-CM-31-05 server-timing inner; dur=8 content-length 29593 last-modified Wed, 26 Jan 2022 04:19:43 GMT server TLB x-tt-logid 202403251722539546BBEDF7747A0E4424 etag W/"61f0cbdf-1499c" vary Accept-Encoding content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 x-tt-trace-host 01e04126959f8e82e7e956e3965118f29f250134704eb1d05505623ac54a3a1e9e5c37b5d7b68c7115c960dac4d4f6a538dda9c881d7bbf5d2f5e86a164ee3bd7d38eb898e7216ff1c5b029a2c51045e8f8057159a03c48b37ba254915699d76ee08960894e465775b6edf322b5e4a78e3 x-response-cinfo 2a02:6ea0:c71b:0:1012:5cbd:2349:3271 accept-ranges bytes x-response-cache edge_hit timing-allow-origin * x-cdn-request-id d8e59e850db500f171721667ebcabf74 expires Tue, 25 Mar 2025 09:22:53 GMT
GET H/1.1	200 OK	h.js Show response qz101.oss-cn-beijing.aliyuncs.com/	2 KB 1 KB	557ms 186ms	Script application/javascript	59.110.191.8 ALIBABA-CN-NET Ha...
General Check archive.org Show headers Download Go to Full URL https://qz101.oss-cn-beijing.aliyuncs.com/h.js Requested by Host: xs.2042g.xyz URL: https://xs.2042g.xyz/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 59.110.191.8 Beijing, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN), Reverse DNS Software AliyunOSS / Resource Hash 6b7c9fd67eb8aac06e5632cd5c89d42dd59f9b8d4a3a07db85a95073ebf82f31 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://xs.2042g.xyz/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Fri, 17 May 2024 22:43:44 GMT Content-Encoding gzip x-oss-request-id 6647DDA07FFDC2313262FB28 Content-MD5 Fs6zHTZBYai5x+Kvh6vgHQ== Transfer-Encoding chunked Content-Disposition attachment Connection keep-alive x-oss-object-type Normal Last-Modified Fri, 17 May 2024 15:48:57 GMT Server AliyunOSS Vary Accept-Encoding Content-Type application/javascript x-oss-ec 0048-00000113 x-oss-force-download true x-oss-storage-class Standard x-oss-hash-crc64ecma 744812298038810331 x-oss-server-time 2
GET H/1.1	200 OK	1.css fe.2042f.xyz/xs/	12 KB 4 KB	1443ms 156ms	Stylesheet text/css	172.247.238.2 CNSERVERS
General Check archive.org Show headers Download Go to Full URL https://fe.2042f.xyz/xs/1.css Requested by Host: xs.2042g.xyz URL: https://xs.2042g.xyz/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 172.247.238.2 , United States, ASN40065 (CNSERVERS, US), Reverse DNS Software tydcdn / Resource Hash 6040893f9491126668160ad30af8af0bf6eb9cbf93d0bd8f0be1cb9bf6cca171 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://xs.2042g.xyz/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Fri, 17 May 2024 22:43:47 GMT Content-Encoding gzip Last-Modified Fri, 22 Sep 2023 16:48:36 GMT Server tydcdn ETag "2fbe-605f561312100-gzip" X-Cache-Status HIT Vary Accept-Encoding Upgrade h2 Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 3300
GET H/1.1	200 OK	pfnav.js Show response fe.2042f.xyz/xs/	498 B 463 B	156ms 156ms	Script application/javascript	172.247.238.2 CNSERVERS
General Check archive.org Show headers Download Go to Full URL https://fe.2042f.xyz/xs/pfnav.js Requested by Host: qz101.oss-cn-beijing.aliyuncs.com URL: https://qz101.oss-cn-beijing.aliyuncs.com/h.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 172.247.238.2 , United States, ASN40065 (CNSERVERS, US), Reverse DNS Software tydcdn / Resource Hash 9baaf9e8cdcdc8c4e0edf684105983139e400a5e8ebc4d5f3b4427777e5c3ab4 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://xs.2042g.xyz/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform "Win32" Response headers Date Fri, 17 May 2024 22:43:47 GMT Content-Encoding gzip Last-Modified Sat, 07 Oct 2023 19:15:56 GMT Server tydcdn ETag "1f2-607252fb77300-gzip" X-Cache-Status HIT Vary Accept-Encoding Upgrade h2 Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 127
GET H/1.1	200 OK	hf.js Show response fe.2042f.xyz/xs/	1 KB 1016 B	155ms 154ms	Script application/javascript	172.247.238.2 CNSERVERS
General Check archive.org Show headers Download Go to Full URL https://fe.2042f.xyz/xs/hf.js Requested by Host: qz101.oss-cn-beijing.aliyuncs.com URL: https://qz101.oss-cn-beijing.aliyuncs.com/h.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 172.247.238.2 , United States, ASN40065 (CNSERVERS, US), Reverse DNS Software tydcdn / Resource Hash b3aedeee8e08d41c83a9e6ffb26b59e43b84accff05644cb1fd625d96d902071 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://xs.2042g.xyz/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform "Win32" Response headers Date Fri, 17 May 2024 22:43:47 GMT Content-Encoding gzip Last-Modified Fri, 24 Nov 2023 16:18:28 GMT Server tydcdn ETag "5d6-60ae84d6ddd00-gzip" X-Cache-Status HIT Vary Accept-Encoding Upgrade h2 Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 680
GET H/1.1	200 OK	mh.js Show response fe.2042f.xyz/	13 KB 5 KB	171ms 171ms	Script application/javascript	172.247.238.2 CNSERVERS
General Check archive.org Show headers Download Go to Full URL https://fe.2042f.xyz/mh.js Requested by Host: qz101.oss-cn-beijing.aliyuncs.com URL: https://qz101.oss-cn-beijing.aliyuncs.com/h.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 172.247.238.2 , United States, ASN40065 (CNSERVERS, US), Reverse DNS Software tydcdn / Resource Hash ef6be40091978a2e8051b046385666133e7360762517a1ca57769684c3e71805 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://xs.2042g.xyz/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Fri, 17 May 2024 22:43:48 GMT Content-Encoding gzip Last-Modified Fri, 17 May 2024 18:03:51 GMT Server tydcdn ETag "3597-618aa2c988b15-gzip" X-Cache-Status HIT Vary Accept-Encoding Upgrade h2 Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 5103
GET H/1.1	200 OK	tg.js Show response fe.2042f.xyz/xs/	20 B 302 B	327ms 154ms	Script application/javascript	172.247.238.2 CNSERVERS
General Check archive.org Show headers Download Go to Full URL https://fe.2042f.xyz/xs/tg.js Requested by Host: qz101.oss-cn-beijing.aliyuncs.com URL: https://qz101.oss-cn-beijing.aliyuncs.com/h.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 172.247.238.2 , United States, ASN40065 (CNSERVERS, US), Reverse DNS Software tydcdn / Resource Hash 04b15b96773c39eacdd4ff687f89710a8b0e27c702628e75f0a36e73ac18411e Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://xs.2042g.xyz/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform "Win32" Response headers Date Fri, 17 May 2024 22:43:48 GMT Last-Modified Fri, 10 May 2024 13:54:35 GMT Server tydcdn ETag "14-61819e03f86a6" X-Cache-Status HIT Upgrade h2 Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 20
GET H2	200	54c59a704ec4337a226cfb39ebe3d603f543fdc6.gif article.biliimg.com/bfs/article/	197 KB 198 KB	689ms 20ms	Image image/gif	163.181.157.118 TAOBAO Zhejiang T...
General Check archive.org Show headers Download Go to Show image Full URL https://article.biliimg.com/bfs/article/54c59a704ec4337a226cfb39ebe3d603f543fdc6.gif Requested by Host: xs.2042g.xyz URL: https://xs.2042g.xyz/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 163.181.157.118 , United States, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN), Reverse DNS Software Tengine / Resource Hash 77b4a3185b5372725e4b75fda40c4a0fb07d6bc1b20bb77cc45573685c376326 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 10 May 2024 07:11:59 GMT x-amz-version-id v1.0.0 via cache5.l2us1[0,0,200-0,H], cache16.l2us1[1,0], ens-cache11.de7[0,11,200-0,H], ens-cache9.de7[13,0] content-md5 PK7mEo5Ghf3VROGLJ7m6ng== x-amz-request-id 1715325119710133544 age 660708 x-swift-cachetime 30980486 x-cache HIT TCP_HIT dirn:2:568817605 x-hyper-traffic-cache-state miss cross-origin-resource-policy cross-origin x-swift-savetime Thu, 16 May 2024 17:30:34 GMT content-length 201938 code 200 last-modified Wed, 13 Sep 2023 07:38:59 GMT server Tengine x-bili-trace-id 3338b869675cc9583cbd0b7e0f663dc8 etag 3caee6128e4685fdd544e18b27b9ba9e vary Accept-Encoding,Origin,X1-Bilispy-Color access-control-allow-methods GET, POST, OPTIONS content-type image/gif access-control-allow-origin * ali-swift-global-savetime 1715325120 access-control-expose-headers Content-Length,X-Cache-Webcdn,Content-Type,Content-Length,Content-Md5,X-Bili-Trace-Id cache-control max-age=31536000 access-control-allow-credentials true timing-allow-origin * access-control-allow-headers Origin,No-Cache,X-Requested-With,If-Modified-Since,Pragma,Last-Modified,Cache-Control,Expires,Content-Type,Access-Control-Allow-Credentials,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Cache-Webcdn,X-Bilibili-Key-Real-Ip,X-Upos-Auth,Range eagleid a3b5839d17159858288592474e x-cache-webcdn AL expires Sat, 10 May 2025 15:11:59 GMT
GET H/1.1	200 OK	tg.js Show response fe.2042f.xyz/qz/	97 B 450 B	155ms 155ms	Script application/javascript	172.247.238.2 CNSERVERS
General Check archive.org Show headers Download Go to Full URL https://fe.2042f.xyz/qz/tg.js Requested by Host: qz101.oss-cn-beijing.aliyuncs.com URL: https://qz101.oss-cn-beijing.aliyuncs.com/h.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 172.247.238.2 , United States, ASN40065 (CNSERVERS, US), Reverse DNS Software tydcdn / Resource Hash 0f4b4b600524b66a2d26b4af767d8e03b6bfc4fb6c2c65bed511dc32b61cd96c Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://xs.2042g.xyz/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform "Win32" Response headers Date Fri, 17 May 2024 22:43:48 GMT Content-Encoding gzip Last-Modified Wed, 15 May 2024 15:43:42 GMT Server tydcdn ETag "61-6187ffbaba728-gzip" X-Cache-Status HIT Vary Accept-Encoding Upgrade h2 Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 115
GET DATA	200 OK	truncated /	395 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 92171aae14141f60adc9ab3b5b6c3b04f6185c7a0a62a78098694cf8a98c0af9 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Content-Type image/png
GET H/1.1	200 OK	foot.js Show response fe.2042f.xyz/xs/	11 KB 4 KB	161ms 161ms	Script application/javascript	172.247.238.2 CNSERVERS
General Check archive.org Show headers Download Go to Full URL https://fe.2042f.xyz/xs/foot.js Requested by Host: qz101.oss-cn-beijing.aliyuncs.com URL: https://qz101.oss-cn-beijing.aliyuncs.com/h.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 172.247.238.2 , United States, ASN40065 (CNSERVERS, US), Reverse DNS Software tydcdn / Resource Hash 5d74ed01c7ec6fd6e1a61a64c51ee3e0949d74f46216c6a9528ca60ad463d00b Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://xs.2042g.xyz/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform "Win32" Response headers Date Fri, 17 May 2024 22:43:48 GMT Content-Encoding gzip Last-Modified Fri, 03 May 2024 17:34:45 GMT Server tydcdn ETag "2da6-6179022bad9eb-gzip" X-Cache-Status HIT Vary Accept-Encoding Upgrade h2 Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 3386
GET H/1.1	200 OK	hm.js Show response hm.baidu.com/	29 KB 12 KB	1097ms 375ms	Script application/javascript	111.45.3.198 CMNET-GUANGDONG-A...
General Check archive.org Show headers Download Go to Full URL https://hm.baidu.com/hm.js?dde230ce88227723d36a5d09f6825d68 Requested by Host: fe.2042f.xyz URL: https://fe.2042f.xyz/xs/foot.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 111.45.3.198 , China, ASN56040 (CMNET-GUANGDONG-AP China Mobile communications corporation, CN), Reverse DNS Software apache / Resource Hash 13c2dd8e11008b81335c6951fc49da3d949a1904d64ada00257ba924f0ce2d72 Security Headers Name Value Strict-Transport-Security max-age=172800 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://xs.2042g.xyz/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Fri, 17 May 2024 22:43:49 GMT Content-Encoding gzip Strict-Transport-Security max-age=172800 Server apache Etag 47c84768be125989ec12d68136910cbb P3p CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type application/javascript Cache-Control max-age=0, must-revalidate Content-Length 11256
GET H/1.1	200 OK	6355 Show response 186355mg.7qo2met.com/sc/	10 KB 11 KB	1293ms 268ms	Script text/javascript	119.13.80.235 HWCLOUDS-AS-AP HU...
General Check archive.org Show headers Download Go to Full URL https://186355mg.7qo2met.com:8003/sc/6355?n=ksqmqtzb Requested by Host: xs.2042g.xyz URL: https://xs.2042g.xyz/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 119.13.80.235 Hong Kong, Hong Kong, ASN136907 (HWCLOUDS-AS-AP HUAWEI CLOUDS, HK), Reverse DNS ecs-119-13-80-235.compute.hwclouds-dns.com Software nginx/1.18.0 / PHP/5.6.31 Resource Hash 782b6544141e3c561ea6e30401c318658f02bc8bb0678fa45ceb341924b98fd8 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://xs.2042g.xyz/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Pragma max-age=1800 Date Fri, 17 May 2024 22:43:49 GMT Server nginx/1.18.0 X-Powered-By PHP/5.6.31 Transfer-Encoding chunked P3P CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Access-Control-Allow-Origin * Content-Type text/javascript; charset=utf-8 Cache-Control max-age=1800 Connection keep-alive
GET H/1.1	200 OK	6354 Show response 186354mg.7qo2met.com/sc/	10 KB 11 KB	1206ms 305ms	Script text/javascript	119.13.80.235 HWCLOUDS-AS-AP HU...
General Check archive.org Show headers Download Go to Full URL https://186354mg.7qo2met.com:8003/sc/6354?n=vfkilfnj Requested by Host: xs.2042g.xyz URL: https://xs.2042g.xyz/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 119.13.80.235 Hong Kong, Hong Kong, ASN136907 (HWCLOUDS-AS-AP HUAWEI CLOUDS, HK), Reverse DNS ecs-119-13-80-235.compute.hwclouds-dns.com Software nginx/1.18.0 / PHP/5.6.31 Resource Hash 46ee5eb953c644cf899a659b41931e741c6a053578a14e7724c5aff99e9f48fd Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://xs.2042g.xyz/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Pragma max-age=1800 Date Fri, 17 May 2024 22:43:49 GMT Server nginx/1.18.0 X-Powered-By PHP/5.6.31 Transfer-Encoding chunked P3P CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Access-Control-Allow-Origin * Content-Type text/javascript; charset=utf-8 Cache-Control max-age=1800 Connection keep-alive
GET H/1.1	200 OK	hm.gif hm.baidu.com/	43 B 299 B	379ms 379ms	Image image/gif	111.45.3.198 CMNET-GUANGDONG-A...
General Check archive.org Show headers Download Go to Show image Full URL https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=de-de&lo=0&rnd=219870012&si=dde230ce88227723d36a5d09f6825d68&v=1.3.0&lv=1&sn=17390&r=0&ww=1600&u=https%3A%2F%2Fxs.2042g.xyz%2F&tt=%E6%A9%98%E5%AD%90%E5%B0%8F%E8%AF%B4 Requested by Host: xs.2042g.xyz URL: https://xs.2042g.xyz/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 111.45.3.198 , China, ASN56040 (CMNET-GUANGDONG-AP China Mobile communications corporation, CN), Reverse DNS Software apache / Resource Hash cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda Security Headers Name Value Strict-Transport-Security max-age=172800 X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://xs.2042g.xyz/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Pragma no-cache Date Fri, 17 May 2024 22:43:50 GMT Strict-Transport-Security max-age=172800 X-Content-Type-Options nosniff Server apache Content-Type image/gif Cache-Control private, max-age=0, no-cache Content-Length 43
GET H2	200	favicon.ico lf1-cdn-tos.bytegoofy.com/goofy/ies/douyin_web/public/	4 KB 5 KB	409ms 43ms	Other image/vnd.microsoft.icon	2404:2280:193:0:3::3fa TAOBAO Zhejiang T...
General Check archive.org Show headers Download Go to Full URL https://lf1-cdn-tos.bytegoofy.com/goofy/ies/douyin_web/public/favicon.ico Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2404:2280:193:0:3::3fa , Singapore, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN), Reverse DNS Software Tengine / Resource Hash e67348e3ab54fa207e1ce4be78e8399d1b73a794d819a17d8656ea2b17a1109d Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://xs.2042g.xyz/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 28 Aug 2023 11:15:57 GMT via cache26.l2de2[0,5,200-0,H], cache9.l2de2[6,0], cache8.ru5[0,0,200-0,H], cache11.ru5[0,0] x-tt-trace-tag id=03;cdn-cache=hit;type=static content-md5 +DEduFnSXikmTiPbb+pWYw== age 22764472 x-swift-cachetime 25310867 x-cache HIT TCP_MEM_HIT dirn:-2:-2 x-tos-storage-class STANDARD server-timing cdn-cache;desc=HIT,edge;dur=0 x-swift-savetime Wed, 08 Nov 2023 12:28:11 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 4286 x-tos-request-id c4bcedec81eddac964ec81ed-a909bea x-tos-response-time Mon, 28 Aug 2023 11:15:57 GMT last-modified Mon, 07 Aug 2023 07:49:22 GMT server Tengine x-tt-logid 2023082819155713B8CEEFD34FFC2E30CA etag "f8311db859d25e29264e23db6fea5663" ali-swift-global-savetime 1693221358 content-type image/vnd.microsoft.icon access-control-allow-origin * cache-control max-age=31536000 x-server goofy x-tt-trace-host 0136c9da2e43f4b4394587f5784a4f1c9f65867dc6b0fd70785e538565c6b7365dfb14a9e31fa8922cdf3a6b9c7514b60248b011e555cf0e06cb52596a8f52719b56f058931c423b707508f3177baadb7c7e39c1704b1aeb2b1e6969c670cdaadd access-control-request-methods OPTIONS, HEAD, GET accept-ranges bytes x-response-cache edge_hit timing-allow-origin * eagleid a3b5009f17159858307621354e

185 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery string| H0ST number| csscache function| qzload function| loadScript function| mhcb string| __html1 function| xs_hf number| _start string| copy_text string| copy_alert string| blink_text function| copyLink string| mh_full string| __HOST1 string| __HOST2 string| mb_host string| Link2 string| Link3 string| uuHOST string| uhsot1 string| BHOST string| ky1113 string| tyc12 object| bjhlink object| yjhost string| __HOST_yj number| seed boolean| _r string| my23204 string| __MH__ object| myhost2 object| myhost string| __HOST_my object| llcpa_arr object| cap9_arr object| ptgg_arr object| hhas_cpa number| _r3 number| _r4 string| Lk1 string| xs_zb string| AS_cpa string| Link1 string| HS_cpa string| QZ_cpa string| cpa9253 string| zu_cpa string| cpa9251 string| cpa1072 string| jk_cpa string| lz_cpa string| cpa9252 string| GG_cpa string| pt_cpa string| TK_cpa string| LL_cpa string| F2_cpa string| LL_cpa2 string| LL_cpa3 string| F2_pt string| QZ_cpa2 string| TK_cpa2 string| cpa1071 string| TZ_cpa string| TZ_cpa2 string| Link4 string| Link5 string| Link6 string| Link7 string| Link8 string| Link9 string| Link0 string| Link10 string| Link11 string| Link12 string| Link13 string| Link14 string| Link15 string| Link16 string| Link17 string| Link18 string| Link19 string| Link20 string| Link21 string| Link22 string| Link23 string| Link24 string| Link25 string| Link26 string| Link27 string| Link28 string| Link29 string| Link30 string| lk2 string| lk3 string| lk4 string| lk5 string| lk6 string| lk7 string| lk8 string| lk9 string| lk0 string| lk11 string| lk12 string| lk13 string| lk14 string| lk15 string| lk16 string| lk17 string| lk18 string| lk19 string| lks0 string| lks1 string| lks2 string| lks3 string| lks4 string| lks5 string| lks6 string| lks7 string| lks8 string| lks9 string| lks10 string| lks11 string| lks12 string| lks13 string| lks14 string| lks15 string| lks16 string| lks17 string| lks18 string| lks19 string| lks20 string| qz0 string| qz1 string| qz2 string| qz3 string| qz4 string| qz5 string| qz6 string| qz7 string| qz8 string| qz9 string| qz10 string| qz11 string| qz12 string| qz13 string| qz14 string| qz15 string| qz16 string| qz17 string| qz18 string| qz19 string| qz20 string| qz21 string| qz22 string| qz23 string| qz24 object| qz25 object| qz26 object| qz27 string| qz28 string| qz29 string| ppgg_spk1_pic string| ppgg_spk1_link string| lzjk_spk1_link string| ppgg_spk1_text string| ylg_jklz function| qzspk string| AI_PRE string| AI_PRE2 string| x object| _hmt function| insert_tj number| _ssec boolean| isRead number| vfkilfnj_is_ws object| yc9jn6ipp number| vfkilfnj_is_kk number| ksqmqtzb_is_ws object| 2dro1je number| ksqmqtzb_is_kk boolean| _bdhm_loaded_dde230ce88227723d36a5d09f6825d68 object| mini_tangram_log_ogcxkx

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.hm.baidu.com/	1970-01-21 06:15:45	Name: HMACCOUNT_BFESS Value: AC80C262DEAD9529
			.xs.2042g.xyz/	1970-01-21 05:25:21	Name: Hm_lvt_dde230ce88227723d36a5d09f6825d68 Value: 1715985830
			.xs.2042g.xyz/	1969-12-31 23:59:59	Name: Hm_lpvt_dde230ce88227723d36a5d09f6825d68 Value: 1715985830

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://qz101.oss-cn-beijing.aliyuncs.com/h.js(Line 5) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://fe.2042f.xyz/xs/pfnav.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://qz101.oss-cn-beijing.aliyuncs.com/h.js(Line 5) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://fe.2042f.xyz/xs/hf.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://qz101.oss-cn-beijing.aliyuncs.com/h.js(Line 5) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://fe.2042f.xyz/xs/tg.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://qz101.oss-cn-beijing.aliyuncs.com/h.js(Line 5) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://fe.2042f.xyz/qz/tg.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://qz101.oss-cn-beijing.aliyuncs.com/h.js(Line 5) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://fe.2042f.xyz/xs/foot.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
other	warning	URL: https://xs.2042g.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://xs.2042g.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

186354mg.7qo2met.com
186355mg.7qo2met.com
article.biliimg.com
fe.2042f.xyz
hm.baidu.com
lf1-cdn-tos.bytegoofy.com
lf6-cdn-tos.bytecdntp.com
qz101.oss-cn-beijing.aliyuncs.com
xs.2042g.xyz
111.45.3.198
119.13.80.235
163.181.157.118
172.247.238.13
172.247.238.2
2404:2280:193:0:3::3fa
2409:8c20:8ab1:22:1::f4
59.110.191.8
04b15b96773c39eacdd4ff687f89710a8b0e27c702628e75f0a36e73ac18411e
0f4b4b600524b66a2d26b4af767d8e03b6bfc4fb6c2c65bed511dc32b61cd96c
13c2dd8e11008b81335c6951fc49da3d949a1904d64ada00257ba924f0ce2d72
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
46ee5eb953c644cf899a659b41931e741c6a053578a14e7724c5aff99e9f48fd
5d74ed01c7ec6fd6e1a61a64c51ee3e0949d74f46216c6a9528ca60ad463d00b
6040893f9491126668160ad30af8af0bf6eb9cbf93d0bd8f0be1cb9bf6cca171
6b7c9fd67eb8aac06e5632cd5c89d42dd59f9b8d4a3a07db85a95073ebf82f31
77b4a3185b5372725e4b75fda40c4a0fb07d6bc1b20bb77cc45573685c376326
782b6544141e3c561ea6e30401c318658f02bc8bb0678fa45ceb341924b98fd8
92171aae14141f60adc9ab3b5b6c3b04f6185c7a0a62a78098694cf8a98c0af9
9baaf9e8cdcdc8c4e0edf684105983139e400a5e8ebc4d5f3b4427777e5c3ab4
b3aedeee8e08d41c83a9e6ffb26b59e43b84accff05644cb1fd625d96d902071
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
e35e3cfeb27720c9d6353d864b5bc2303fcc42eac8d534bbd6afdb1790c7b6f6
e67348e3ab54fa207e1ce4be78e8399d1b73a794d819a17d8656ea2b17a1109d
ef6be40091978a2e8051b046385666133e7360762517a1ca57769684c3e71805