wxllq.gz01.bdysite.com Open in urlscan Pro
240e:ff:e020:33:0:ff:b017:67bf Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://ncov2019.cloud/
Effective URL:
http://wxllq.gz01.bdysite.com/gotopc.html
Submission: On May 29 via api (May 29th 2020, 12:52:25 pm UTC) from BE

Summary HTTP 16 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 7 IPs in 2 countries across 4 domains to perform 16 HTTP transactions. The main IP is 240e:ff:e020:33:0:ff:b017:67bf, located in China and belongs to CT-GUANGZHOU-IDC CHINANET Guangdong province network, CN. The main domain is wxllq.gz01.bdysite.com.

This is the only time wxllq.gz01.bdysite.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	103.121.92.140 103.121.92.140	136160 (BSYNTCL-A...) (BSYNTCL-AS-AP Beijing Shijihulian Yuntong Network Technology Co.)
3	240e:ff:e020:... 240e:ff:e020:33:0:ff:b017:67bf	58466 (CT-GUANGZ...) (CT-GUANGZHOU-IDC CHINANET Guangdong province network)
2	240e:83:205:8... 240e:83:205:88:0:ff:b0bc:12d	23724 (CHINANET-...) (CHINANET-IDC-BJ-AP IDC)
2	120.222.213.209 120.222.213.209	24444 (CMNET-V4S...) (CMNET-V4SHANDONG-AS-AP Shandong Mobile Communication Company Limited)
4	101.89.124.234 101.89.124.234	4812 (CHINANET-...) (CHINANET-SH-AP China Telecom (Group))
2	2401:b180:200... 2401:b180:2000:20::23	37963 (CNNIC-ALI...) (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.)
1	104.192.108.21 104.192.108.21	55992 (QIHOO Bei...) (QIHOO Beijing Qihu Technology Company Limited)
16	7

2 103.121.92.140 (China)

ASN136160 (BSYNTCL-AS-AP Beijing Shijihulian Yuntong Network Technology Co., Ltd., CN)

ncov2019.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 240e:ff:e020:33:0:ff:b017:67bf (China)

ASN58466 (CT-GUANGZHOU-IDC CHINANET Guangdong province network, CN)

wxllq.gz01.bdysite.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 240e:83:205:88:0:ff:b0bc:12d (China)

ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN)

liulanqi.bj01.bdysite.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 120.222.213.209 (China)

ASN24444 (CMNET-V4SHANDONG-AS-AP Shandong Mobile Communication Company Limited, CN)

liulanqi.bj01.bdysite.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 101.89.124.234 (China)

ASN4812 (CHINANET-SH-AP China Telecom (Group), CN)

s95.cnzz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.cnzz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s23.cnzz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2401:b180:2000:20::23 (China)

ASN37963 (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN)

z4.cnzz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
z5.cnzz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.192.108.21 (United States)

ASN55992 (QIHOO Beijing Qihu Technology Company Limited, CN)

dl.360safe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	bdysite.com wxllq.gz01.bdysite.com liulanqi.bj01.bdysite.com	134 KB
6	cnzz.com s95.cnzz.com c.cnzz.com z4.cnzz.com s23.cnzz.com z5.cnzz.com	11 KB
2	ncov2019.cloud ncov2019.cloud	1 KB
1	360safe.com dl.360safe.com
16	4

	Domain	Requested by
4	liulanqi.bj01.bdysite.com	wxllq.gz01.bdysite.com
3	wxllq.gz01.bdysite.com	ncov2019.cloud wxllq.gz01.bdysite.com
2	c.cnzz.com	s95.cnzz.com s23.cnzz.com
2	ncov2019.cloud	ncov2019.cloud
1	z5.cnzz.com	wxllq.gz01.bdysite.com
1	dl.360safe.com	wxllq.gz01.bdysite.com
1	s23.cnzz.com	wxllq.gz01.bdysite.com
1	z4.cnzz.com	wxllq.gz01.bdysite.com
1	s95.cnzz.com	wxllq.gz01.bdysite.com
16	9

This site contains links to these domains. Also see Links.

Domain
192.168.0.1
192.168.1.1
www.cnzz.com

Subject Issuer	Validity	Valid
*.cnzz.com GlobalSign Organization Validation CA - SHA256 - G2	`2020-02-04` - `2021-02-04`	a year	crt.sh

This page contains 2 frames:

Primary Page: http://wxllq.gz01.bdysite.com/gotopc.html
Frame ID: 0507594524B8381FB1CF26547E2F8A9A
Requests: 14 HTTP requests in this frame

Frame: http://dl.360safe.com/netunion/20140425/360safe+251289+n7ddbb65c96.exe
Frame ID: BC9668E81CA2552A7E7C45251F6236A2
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://ncov2019.cloud/ Page URL
http://wxllq.gz01.bdysite.com/gotopc.html Page URL

Detected technologies

Windows Server (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

IIS (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

Page Statistics

16
Requests

31 %
HTTPS

43 %
IPv6

4
Domains

9
Subdomains

7
IPs

2
Countries

147 kB
Transfer

160 kB
Size

0
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: http://192.168.0.1/
Title: 192.168.0.1

Search URL Search Domain Scan URL

URL: http://192.168.1.1/
Title: 192.168.1.1

Search URL Search Domain Scan URL

URL: https://www.cnzz.com/stat/website.php?web_id=1254433810
Title: 站长统计

Search URL Search Domain Scan URL

URL: https://www.cnzz.com/stat/website.php?web_id=1276082832
Title: 站长统计

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://ncov2019.cloud/ Page URL
http://wxllq.gz01.bdysite.com/gotopc.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response ncov2019.cloud/	91 B 480 B	2472ms 630ms	Document text/html	103.121.92.140 BSYNTCL-AS-AP Bei...
General Check archive.org Show headers Download Go to Full URL http://ncov2019.cloud/ Protocol HTTP/1.1 Server 103.121.92.140 , China, ASN136160 (BSYNTCL-AS-AP Beijing Shijihulian Yuntong Network Technology Co., Ltd., CN), Reverse DNS Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `78fef8a399b2a3d0f210c3e9037b79735d28383c97a6ad937517866d6ac815a2` Request headers Host ncov2019.cloud Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type text/html Content-Encoding gzip Last-Modified Sun, 22 Mar 2020 15:09:52 GMT Accept-Ranges bytes ETag "5e4641f05b0d61:0" Vary Accept-Encoding Server Microsoft-IIS/8.5 X-Powered-By ASP.NET Date Fri, 29 May 2020 12:51:04 GMT Content-Length 187
GET H/1.1	200 OK	goto.js Show response ncov2019.cloud/	1 KB 990 B	332ms 332ms	Script application/javascript	103.121.92.140 BSYNTCL-AS-AP Bei...
General Check archive.org Show headers Download Go to Full URL http://ncov2019.cloud/goto.js Requested by Host: ncov2019.cloud URL: http://ncov2019.cloud/ Protocol HTTP/1.1 Server 103.121.92.140 , China, ASN136160 (BSYNTCL-AS-AP Beijing Shijihulian Yuntong Network Technology Co., Ltd., CN), Reverse DNS Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `e428238c8cb72e44ec6d063f53b9e20920486d00f5806c2039a7c55732eeca82` Request headers Referer http://ncov2019.cloud/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 29 May 2020 12:51:04 GMT Content-Encoding gzip Last-Modified Fri, 10 Jan 2020 05:59:45 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag "6c991287bc7d51:0" Vary Accept-Encoding Content-Type application/javascript Accept-Ranges bytes Content-Length 684
GET H/1.1	200 OK	Primary Request Cookie set gotopc.html Show response wxllq.gz01.bdysite.com/	4 KB 2 KB	4175ms 1934ms	Document text/html	240e:ff:e020:33:0:ff:b017:67bf CT-GUANGZHOU-IDC ...
General Check archive.org Show headers Download Go to Full URL http://wxllq.gz01.bdysite.com/gotopc.html Requested by Host: ncov2019.cloud URL: http://ncov2019.cloud/goto.js Protocol HTTP/1.1 Server 240e:ff:e020:33:0:ff:b017:67bf , China, ASN58466 (CT-GUANGZHOU-IDC CHINANET Guangdong province network, CN), Reverse DNS Software openresty / Resource Hash `76003c4e9328106fb6745d83e94d8a13656f1e301f181ee921a880032f7dc76e` Request headers Host wxllq.gz01.bdysite.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer http://ncov2019.cloud/ Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer http://ncov2019.cloud/ Response headers Server openresty Date Fri, 29 May 2020 12:52:04 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive Last-Modified Tue, 05 May 2020 10:40:46 GMT Vary Accept-Encoding ETag W/"5eb142ae-e82" Content-Encoding gzip Set-Cookie BAEID=C2A81CBB6EEE3BDF4918E6386747D9BE; expires=Sat, 29-May-21 12:52:04 GMT; max-age=31536000; path=/; version=1
GET H/1.1	200 OK	goto.js Show response wxllq.gz01.bdysite.com/	1 KB 1 KB	287ms 286ms	Script application/javascript	240e:ff:e020:33:0:ff:b017:67bf CT-GUANGZHOU-IDC ...
General Check archive.org Show headers Download Go to Full URL http://wxllq.gz01.bdysite.com/goto.js Requested by Host: wxllq.gz01.bdysite.com URL: http://wxllq.gz01.bdysite.com/gotopc.html Protocol HTTP/1.1 Server 240e:ff:e020:33:0:ff:b017:67bf , China, ASN58466 (CT-GUANGZHOU-IDC CHINANET Guangdong province network, CN), Reverse DNS Software openresty / Resource Hash `2bd907d420a4ab5b3455ed79b0c89d4cf54241d0ea18dd38f24131c6ac1de05e` Request headers Referer http://wxllq.gz01.bdysite.com/gotopc.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 29 May 2020 12:52:05 GMT Last-Modified Fri, 05 Jul 2019 02:37:51 GMT Server openresty ETag "5d1eb7ff-460" Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 1120
GET H/1.1	200 OK	2.jpg liulanqi.bj01.bdysite.com/pic/	27 KB 28 KB	888ms 267ms	Image image/jpeg	240e:83:205:88:0:ff:b0bc:12d CHINANET-IDC-BJ-A...
General Check archive.org Show headers Download Go to Show image Full URL http://liulanqi.bj01.bdysite.com/pic/2.jpg Requested by Host: wxllq.gz01.bdysite.com URL: http://wxllq.gz01.bdysite.com/gotopc.html Protocol HTTP/1.1 Server 240e:83:205:88:0:ff:b0bc:12d , China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN), Reverse DNS Software openresty / Resource Hash `09a47e303a29d37249377e762cc636239b5dfd24a5ff9e7a4a20e8f5a76da9c1` Request headers Referer http://wxllq.gz01.bdysite.com/gotopc.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 29 May 2020 12:52:05 GMT Last-Modified Sat, 29 Feb 2020 12:57:02 GMT Server openresty ETag "5e5a5f9e-6d9b" Content-Type image/jpeg Connection keep-alive Accept-Ranges bytes Content-Length 28059
GET H/1.1	200 OK	2-2.jpg liulanqi.bj01.bdysite.com/pic/	22 KB 22 KB	720ms 327ms	Image image/jpeg	240e:83:205:88:0:ff:b0bc:12d CHINANET-IDC-BJ-A...
General Check archive.org Show headers Download Go to Show image Full URL http://liulanqi.bj01.bdysite.com/pic/2-2.jpg Requested by Host: wxllq.gz01.bdysite.com URL: http://wxllq.gz01.bdysite.com/gotopc.html Protocol HTTP/1.1 Server 240e:83:205:88:0:ff:b0bc:12d , China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN), Reverse DNS Software openresty / Resource Hash `c154505bfbe11cb832ccdec8952202cca437956c78568fcbd2ea585b816bc0f0` Request headers Referer http://wxllq.gz01.bdysite.com/gotopc.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 29 May 2020 12:52:05 GMT Last-Modified Sat, 29 Feb 2020 12:57:02 GMT Server openresty ETag "5e5a5f9e-56ce" Content-Type image/jpeg Connection keep-alive Accept-Ranges bytes Content-Length 22222
GET H/1.1	200 OK	kuaishou.png liulanqi.bj01.bdysite.com/pic/	11 KB 11 KB	969ms 569ms	Image image/png	120.222.213.209 CMNET-V4SHANDONG-...
General Check archive.org Show headers Download Go to Show image Full URL http://liulanqi.bj01.bdysite.com/pic/kuaishou.png Requested by Host: wxllq.gz01.bdysite.com URL: http://wxllq.gz01.bdysite.com/gotopc.html Protocol HTTP/1.1 Server 120.222.213.209 , China, ASN24444 (CMNET-V4SHANDONG-AS-AP Shandong Mobile Communication Company Limited, CN), Reverse DNS Software openresty / Resource Hash `9f32ddfe0c9315c45615cef343d590260dabcff5e1b4832add4e0715709e77c5` Request headers Referer http://wxllq.gz01.bdysite.com/gotopc.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 29 May 2020 12:52:06 GMT Last-Modified Wed, 15 Apr 2020 09:30:42 GMT Server openresty ETag "5e96d442-2a04" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 10756
GET H/1.1	200 OK	douyin.jpg liulanqi.bj01.bdysite.com/pic/	69 KB 69 KB	848ms 448ms	Image image/jpeg	120.222.213.209 CMNET-V4SHANDONG-...
General Check archive.org Show headers Download Go to Show image Full URL http://liulanqi.bj01.bdysite.com/pic/douyin.jpg Requested by Host: wxllq.gz01.bdysite.com URL: http://wxllq.gz01.bdysite.com/gotopc.html Protocol HTTP/1.1 Server 120.222.213.209 , China, ASN24444 (CMNET-V4SHANDONG-AS-AP Shandong Mobile Communication Company Limited, CN), Reverse DNS Software openresty / Resource Hash `4acf631693b8ed95e482e866ace749a8955282375d6147dedfdf2ddae8bd3b19` Request headers Referer http://wxllq.gz01.bdysite.com/gotopc.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 29 May 2020 12:52:05 GMT Last-Modified Thu, 26 Mar 2020 06:21:08 GMT Server openresty ETag "5e7c49d4-11455" Content-Type image/jpeg Connection keep-alive Accept-Ranges bytes Content-Length 70741
GET H2	200	z_stat.php Show response s95.cnzz.com/	12 KB 4 KB	807ms 256ms	Script application/javascript	101.89.124.234 CHINANET-SH-AP Ch...
General Check archive.org Show headers Download Go to Full URL https://s95.cnzz.com/z_stat.php?id=1254433810&web_id=1254433810 Requested by Host: wxllq.gz01.bdysite.com URL: http://wxllq.gz01.bdysite.com/gotopc.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 101.89.124.234 , China, ASN4812 (CHINANET-SH-AP China Telecom (Group), CN), Reverse DNS Software Tengine / PHP/5.5.25 Resource Hash `bcec170160ee1ff40b6a845ee4398768ecb72f2b6ef152bfb353bf817066d534` Request headers Referer http://wxllq.gz01.bdysite.com/gotopc.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 29 May 2020 12:09:30 GMT content-encoding gzip age 2555 x-powered-by PHP/5.5.25 x-cache HIT TCP_MEM_HIT dirn:13:767865379 status 200 x-swift-cachetime 5212 x-swift-savetime Fri, 29 May 2020 12:12:38 GMT content-length 4080 last-modified Fri, 29 May 2020 12:09:30 GMT server Tengine vary Accept-Encoding ali-swift-global-savetime 1570554476 content-type application/javascript via cache72.l2cn2302[0,200-0,H], cache66.l2cn2302[0,0], cache20.cn1401[0,200-0,H], cache12.cn1401[1,0] cache-control max-age=5400,s-maxage=5400 timing-allow-origin * eagleid 65597c2015907567259284963e
GET H/1.1	200 OK	apk.html Show response wxllq.gz01.bdysite.com/ Frame BC96	601 B 836 B	1085ms 1084ms	Document text/html	240e:ff:e020:33:0:ff:b017:67bf CT-GUANGZHOU-IDC ...
General Check archive.org Show headers Download Go to Full URL http://wxllq.gz01.bdysite.com/apk.html Requested by Host: wxllq.gz01.bdysite.com URL: http://wxllq.gz01.bdysite.com/gotopc.html Protocol HTTP/1.1 Server 240e:ff:e020:33:0:ff:b017:67bf , China, ASN58466 (CT-GUANGZHOU-IDC CHINANET Guangdong province network, CN), Reverse DNS Software openresty / Resource Hash `7ccdd1ca2762ce9200fb640e34c9ef80ccdbbbecd40b6a418ccaac1490e9a4bc` Request headers Host wxllq.gz01.bdysite.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer http://wxllq.gz01.bdysite.com/gotopc.html Accept-Encoding gzip, deflate Accept-Language en-US Cookie BAEID=C2A81CBB6EEE3BDF4918E6386747D9BE Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer http://wxllq.gz01.bdysite.com/gotopc.html Response headers Server openresty Date Fri, 29 May 2020 12:52:06 GMT Content-Type text/html Content-Length 601 Connection keep-alive Last-Modified Mon, 04 May 2020 12:53:16 GMT ETag "5eb0103c-259" Accept-Ranges bytes
GET H2	200	core.php Show response c.cnzz.com/	969 B 902 B	260ms 258ms	Script application/javascript	101.89.124.234 CHINANET-SH-AP Ch...
General Check archive.org Show headers Download Go to Full URL https://c.cnzz.com/core.php?web_id=1254433810&t=z Requested by Host: s95.cnzz.com URL: https://s95.cnzz.com/z_stat.php?id=1254433810&web_id=1254433810 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 101.89.124.234 , China, ASN4812 (CHINANET-SH-AP China Telecom (Group), CN), Reverse DNS Software Tengine / PHP/5.5.25 Resource Hash `6121add11dee18e5c3dadde31ba25e71854993ff6ea2848da8592c7dd790d134` Request headers Referer http://wxllq.gz01.bdysite.com/gotopc.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Fri, 29 May 2020 12:42:25 GMT content-encoding gzip age 581 x-powered-by PHP/5.5.25 x-cache HIT TCP_MEM_HIT dirn:-2:-2 status 200 x-swift-cachetime 885 x-swift-savetime Fri, 29 May 2020 12:42:40 GMT content-length 619 last-modified Fri, 29 May 2020 12:42:25 GMT server Tengine vary Accept-Encoding ali-swift-global-savetime 1570554261 content-type application/javascript via cache74.l2cn2302[0,200-0,H], cache3.l2cn2302[0,0], cache19.cn1401[0,200-0,H], cache12.cn1401[2,0] timing-allow-origin * eagleid 65597c2015907567262076217e expires Fri, 29 May 2020 12:57:25 GMT
GET H2	200	stat.htm z4.cnzz.com/	2 B 112 B	2769ms 1975ms	Image text/html	2401:b180:2000:20::23 CNNIC-ALIBABA-CN-...
General Check archive.org Show headers Download Go to Show image Full URL https://z4.cnzz.com/stat.htm?id=1254433810&r=http%3A%2F%2Fncov2019.cloud%2F&lg=en-us&ntime=none&cnzz_eid=2080877938-1590754170-null&showp=1600x1200&p=http%3A%2F%2Fwxllq.gz01.bdysite.com%2Fgotopc.html&t=%E6%8A%96%E9%9F%B3%E5%BF%AB%E6%89%8B%E7%A6%8F%E5%88%A9%EF%BC%8C%E6%8A%96%E9%9F%B3%E5%8F%B7%EF%BC%9A228822%EF%BC%9B%E5%BF%AB%E6%89%8B%E5%8F%B7%EF%BC%9A999123456&umuuid=172607d552ac6-023604c6a4619e-1b396256-1d4c00-172607d552b393&h=1&rnd=2013975099 Requested by Host: wxllq.gz01.bdysite.com URL: http://wxllq.gz01.bdysite.com/gotopc.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2401:b180:2000:20::23 , China, ASN37963 (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN), Reverse DNS Software nginx / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer http://wxllq.gz01.bdysite.com/gotopc.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 date Fri, 29 May 2020 12:52:08 GMT content-encoding gzip server nginx vary Accept-Encoding content-type text/html; charset=utf-8
GET H/1.1	200 OK	z_stat.php Show response s23.cnzz.com/	12 KB 5 KB	514ms 480ms	Script application/javascript	101.89.124.234 CHINANET-SH-AP Ch...
General Check archive.org Show headers Download Go to Full URL http://s23.cnzz.com/z_stat.php?id=1276082832 Requested by Host: wxllq.gz01.bdysite.com URL: http://wxllq.gz01.bdysite.com/gotopc.html Protocol HTTP/1.1 Server 101.89.124.234 , China, ASN4812 (CHINANET-SH-AP China Telecom (Group), CN), Reverse DNS Software Tengine / PHP/5.5.25 Resource Hash `38d4fc1545bae0993dd9fa5e19fc70f1ac7478fec7d1522dd003c0e8e8edaced` Request headers Referer http://wxllq.gz01.bdysite.com/gotopc.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers Date Fri, 29 May 2020 12:32:35 GMT Content-Encoding gzip Age 1171 X-Powered-By PHP/5.5.25 X-Cache HIT TCP_MEM_HIT dirn:-2:-2 X-Swift-CacheTime 5066 Connection keep-alive Content-Length 4079 Last-Modified Fri, 29 May 2020 12:32:35 GMT Server Tengine Vary Accept-Encoding Ali-Swift-Global-Savetime 1565857824 Content-Type application/javascript Via cache37.l2cn1807[0,200-0,H], cache46.l2cn1807[1,0], cache13.cn1401[0,200-0,H], cache12.cn1401[1,0] Cache-Control max-age=5400,s-maxage=5400 Timing-Allow-Origin * EagleId 65597c2015907567267288673e X-Swift-SaveTime Fri, 29 May 2020 12:38:09 GMT
GET H/1.1	200 OK	360safe+251289+n7ddbb65c96.exe dl.360safe.com/netunion/20140425/ Frame BC96	0 0	908ms 349ms	Document application/octet-stream	104.192.108.21 QIHOO Beijing Qih...
General Check archive.org Show headers Download Go to Full URL http://dl.360safe.com/netunion/20140425/360safe+251289+n7ddbb65c96.exe Requested by Host: wxllq.gz01.bdysite.com URL: http://wxllq.gz01.bdysite.com/apk.html Protocol HTTP/1.1 Server 104.192.108.21 , United States, ASN55992 (QIHOO Beijing Qihu Technology Company Limited, CN), Reverse DNS Software nginx / Resource Hash Request headers Host dl.360safe.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer http://wxllq.gz01.bdysite.com/apk.html Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer http://wxllq.gz01.bdysite.com/apk.html Response headers Server nginx Date Fri, 29 May 2020 12:52:07 GMT Content-Type application/octet-stream Content-Length 90427024 Last-Modified Fri, 08 May 2020 08:48:27 GMT Connection close Expires Fri, 29 May 2020 20:52:07 GMT Cache-Control max-age=28800 Accept-Ranges bytes
GET H2	200	core.php Show response c.cnzz.com/	969 B 879 B	259ms 258ms	Script application/javascript	101.89.124.234 CHINANET-SH-AP Ch...
General Check archive.org Show headers Download Go to Full URL https://c.cnzz.com/core.php?web_id=1276082832&t=z Requested by Host: s23.cnzz.com URL: http://s23.cnzz.com/z_stat.php?id=1276082832 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 101.89.124.234 , China, ASN4812 (CHINANET-SH-AP China Telecom (Group), CN), Reverse DNS Software Tengine / PHP/5.5.25 Resource Hash `c3e5c85d059df961a01d4700dc8ec680ddd25b6cf1ce9bb3e7b3a3ac2b193979` Request headers Referer http://wxllq.gz01.bdysite.com/gotopc.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Fri, 29 May 2020 12:41:48 GMT content-encoding gzip age 619 x-powered-by PHP/5.5.25 x-cache HIT TCP_MEM_HIT dirn:-2:-2 status 200 x-swift-cachetime 892 x-swift-savetime Fri, 29 May 2020 12:41:56 GMT content-length 620 last-modified Fri, 29 May 2020 12:41:48 GMT server Tengine vary Accept-Encoding ali-swift-global-savetime 1575905940 content-type application/javascript via cache8.l2cn2302[0,200-0,H], cache6.l2cn2302[0,0], cache6.cn1401[0,200-0,H], cache12.cn1401[3,0] timing-allow-origin * eagleid 65597c2015907567270051957e expires Fri, 29 May 2020 12:56:48 GMT
GET H2	200	stat.htm z5.cnzz.com/	2 B 46 B	1971ms 1787ms	Image text/html	2401:b180:2000:20::23 CNNIC-ALIBABA-CN-...
General Check archive.org Show headers Download Go to Show image Full URL https://z5.cnzz.com/stat.htm?id=1276082832&r=http%3A%2F%2Fncov2019.cloud%2F&lg=en-us&ntime=none&cnzz_eid=1368908384-1590755555-null&showp=1600x1200&p=http%3A%2F%2Fwxllq.gz01.bdysite.com%2Fgotopc.html&t=%E6%8A%96%E9%9F%B3%E5%BF%AB%E6%89%8B%E7%A6%8F%E5%88%A9%EF%BC%8C%E6%8A%96%E9%9F%B3%E5%8F%B7%EF%BC%9A228822%EF%BC%9B%E5%BF%AB%E6%89%8B%E5%8F%B7%EF%BC%9A999123456&umuuid=172607d552ac6-023604c6a4619e-1b396256-1d4c00-172607d552b393&h=1&rnd=1250483153 Requested by Host: wxllq.gz01.bdysite.com URL: http://wxllq.gz01.bdysite.com/gotopc.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2401:b180:2000:20::23 , China, ASN37963 (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN), Reverse DNS Software nginx / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer http://wxllq.gz01.bdysite.com/gotopc.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 date Fri, 29 May 2020 12:52:08 GMT content-encoding gzip server nginx vary Accept-Encoding content-type text/html; charset=utf-8

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

c.cnzz.com
dl.360safe.com
liulanqi.bj01.bdysite.com
ncov2019.cloud
s23.cnzz.com
s95.cnzz.com
wxllq.gz01.bdysite.com
z4.cnzz.com
z5.cnzz.com
101.89.124.234
103.121.92.140
104.192.108.21
120.222.213.209
2401:b180:2000:20::23
240e:83:205:88:0:ff:b0bc:12d
240e:ff:e020:33:0:ff:b017:67bf
09a47e303a29d37249377e762cc636239b5dfd24a5ff9e7a4a20e8f5a76da9c1
2bd907d420a4ab5b3455ed79b0c89d4cf54241d0ea18dd38f24131c6ac1de05e
38d4fc1545bae0993dd9fa5e19fc70f1ac7478fec7d1522dd003c0e8e8edaced
4acf631693b8ed95e482e866ace749a8955282375d6147dedfdf2ddae8bd3b19
6121add11dee18e5c3dadde31ba25e71854993ff6ea2848da8592c7dd790d134
76003c4e9328106fb6745d83e94d8a13656f1e301f181ee921a880032f7dc76e
78fef8a399b2a3d0f210c3e9037b79735d28383c97a6ad937517866d6ac815a2
7ccdd1ca2762ce9200fb640e34c9ef80ccdbbbecd40b6a418ccaac1490e9a4bc
9f32ddfe0c9315c45615cef343d590260dabcff5e1b4832add4e0715709e77c5
bcec170160ee1ff40b6a845ee4398768ecb72f2b6ef152bfb353bf817066d534
c154505bfbe11cb832ccdec8952202cca437956c78568fcbd2ea585b816bc0f0
c3e5c85d059df961a01d4700dc8ec680ddd25b6cf1ce9bb3e7b3a3ac2b193979
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e428238c8cb72e44ec6d063f53b9e20920486d00f5806c2039a7c55732eeca82

wxllq.gz01.bdysite.com Open in urlscan Pro 240e:ff:e020:33:0:ff:b017:67bf Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

31 %HTTPS

43 %IPv6

4 Domains

9 Subdomains

7 IPs

2 Countries

147 kBTransfer

160 kBSize

0 Cookies

4 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

0 Cookies

Indicators

wxllq.gz01.bdysite.com Open in urlscan Pro
240e:ff:e020:33:0:ff:b017:67bf Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

31 %
HTTPS

43 %
IPv6

4
Domains

9
Subdomains

7
IPs

2
Countries

147 kB
Transfer

160 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions