urlscan.io logo urlscan.io
SecurityTrails logo

ml666.zhouqiaoying01.cn Open in urlscan Pro
163.181.42.177  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://capb.site/
Effective URL: https://ml666.zhouqiaoying01.cn/success/demaxy/ns/zz.html?channelCode=nszb1119
Submission: On December 01 via api from SG — Scanned from SG
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 4 countries across 7 domains to perform 15 HTTP transactions. The main IP is 163.181.42.177, located in Singapore and belongs to TAOBAO Zhejiang Taobao Network Co.,Ltd, CN. The main domain is ml666.zhouqiaoying01.cn.
TLS certificate: Issued by R3 on November 21st 2023. Valid for: 3 months.
This is the only time ml666.zhouqiaoying01.cn was scanned on urlscan.io!

urlscan.io Verdict: No classification

Downloads These files were downloaded by the website

32252699.apk 40 MB application/zip
MIME: Zip archive data, at least v2.0 to extract
Size: 40 MB (42301759 bytes, 100% done)
Downloaded from: https://onebag.hzbtkj.com/32252699.apk

Domain & IP information

IP Address AS Autonomous System
1 107.148.132.247 398823 (PEG-LA)
1 163.181.42.177 24429 (TAOBAO Zh...)
1 47.75.19.45 45102 (ALIBABA-C...)
4 47.101.83.165 37963 (ALIBABA-C...)
3 161.117.242.80 45102 (ALIBABA-C...)
2 103.235.46.191 55967 (BAIDU Bei...)
1 3 170.33.13.110 134963 (ASEPL-AS-...)
1 1 202.95.7.160 4808 (CHINA169-...)
1 163.181.42.182 24429 (TAOBAO Zh...)
15 8
1    107.148.132.247 (United States)

ASN398823 (PEG-LA, US)
capb.site
1    163.181.42.177 (Singapore)

ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN)
ml666.zhouqiaoying01.cn
1    47.75.19.45 (Hong Kong, Hong Kong)

ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN)
xt-ym.oss-cn-hongkong.aliyuncs.com
4    47.101.83.165 (Shanghai, China)

ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN)
sh-xintaio.oss-cn-shanghai.aliyuncs.com
3    161.117.242.80 (Singapore)

ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN)
sh-xintaio.oss-accelerate.aliyuncs.com
2    103.235.46.191 (Hong Kong)

ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN)
hm.baidu.com
3    170.33.13.110 (Singapore)

ASN134963 (ASEPL-AS-AP Alibaba Cloud Singapore Private Limited, SG)
sdksdk.renrenjihua.com
1    202.95.7.160 (Singapore)

ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN)
g1124.wwookapp.top
1    163.181.42.182 (Singapore)

ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN)
onebag.hzbtkj.com
Domain Requested by
4 sh-xintaio.oss-cn-shanghai.aliyuncs.com xt-ym.oss-cn-hongkong.aliyuncs.com
3 sdksdk.renrenjihua.com 1 redirects sh-xintaio.oss-accelerate.aliyuncs.com
3 sh-xintaio.oss-accelerate.aliyuncs.com xt-ym.oss-cn-hongkong.aliyuncs.com
2 hm.baidu.com ml666.zhouqiaoying01.cn
1 onebag.hzbtkj.com sh-xintaio.oss-accelerate.aliyuncs.com
1 g1124.wwookapp.top 1 redirects
1 xt-ym.oss-cn-hongkong.aliyuncs.com ml666.zhouqiaoying01.cn
1 ml666.zhouqiaoying01.cn capb.site
1 capb.site
15 9

This site contains no links.

Subject Issuer Validity Valid
ml666.zhouqiaoying01.cn
R3		 2023-11-21 -
2024-02-19		 3 months crt.sh
oss-cn-hongkong.aliyuncs.com
GlobalSign Organization Validation CA - SHA256 - G3		 2023-07-07 -
2024-05-24		 a year crt.sh
*.oss-cn-hangzhou.aliyuncs.com
GlobalSign Organization Validation CA - SHA256 - G3		 2023-07-07 -
2024-03-18		 8 months crt.sh
ap-southeast-1.oss.aliyuncs.com
GlobalSign Organization Validation CA - SHA256 - G3		 2023-09-14 -
2024-10-15		 a year crt.sh
baidu.com
GlobalSign RSA OV SSL CA 2018		 2023-07-06 -
2024-08-06		 a year crt.sh
*.renrenjihua.com
Sectigo RSA Domain Validation Secure Server CA		 2023-07-31 -
2024-07-30		 a year crt.sh
onebag.hzbtkj.com
R3		 2023-11-17 -
2024-02-15		 3 months crt.sh

This page contains 1 frames:

Frame: https://onebag.hzbtkj.com/32252699.apk
Frame ID: 09ED746DAA68907B52172A10131F3837
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://capb.site/ Page URL
  2. https://ml666.zhouqiaoying01.cn/success/demaxy/ns/zz.html?channelCode=nszb1119 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css
Overall confidence: 100%
Detected patterns
  • hm\.baidu\.com/hm\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

93 %
HTTPS

0 %
IPv6

7
Domains

9
Subdomains

8
IPs

4
Countries

987 kB
Transfer

1085 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://capb.site/ Page URL
  2. https://ml666.zhouqiaoying01.cn/success/demaxy/ns/zz.html?channelCode=nszb1119 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13
  • https://sdksdk.renrenjihua.com/page/kn0b2v/install/c/eyJjIjoibnN6YjExMTkiLCJtIjoiaFgxQWxMNVZhM2tBQUFHTUpzSDNCeEtoN2tGMGljYzBBZS05Umt6aUEtVzJhdlE4WlZGdTdqV19RZ1QwN2NyYm16WlhoRmV5OTV5dm9Ed0dqTzF4XzNxSkJXV2hMTTF6dF9wamdHUXgwd3MifQ==?p=0 HTTP 302
  • https://g1124.wwookapp.top/ApkDLD/dld/appcode/Qux1cEy5JP2GQyLS HTTP 302
  • https://onebag.hzbtkj.com/32252699.apk

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
capb.site/ 		266 B
444 B 		Document
General
Check archive.org
Download Go to
Full URL
http://capb.site/
Protocol
HTTP/1.1
Server
107.148.132.247 , United States, ASN398823 (PEG-LA, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
zh-SG,zh;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Fri, 01 Dec 2023 19:01:32 GMT
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding
Primary Request zz.html
ml666.zhouqiaoying01.cn/success/demaxy/ns/ 		349 B
880 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ml666.zhouqiaoying01.cn/success/demaxy/ns/zz.html?channelCode=nszb1119
Requested by
Host: capb.site
URL: http://capb.site/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
163.181.42.177 , Singapore, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),
Reverse DNS
Software
Tengine /
Resource Hash
7799edda02619ffe2624ad01a8098abf6b6cc00a552f568054c1f93c8297e581

Request headers

Referer
http://capb.site/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
zh-SG,zh;q=0.9

Response headers

Age
885426
Ali-Swift-Global-Savetime
1700571866
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Tue, 21 Nov 2023 13:02:12 GMT
ETag
W/"6559fa61-175"
EagleId
a3b52a9617014572928106233e
Last-Modified
Sun, 19 Nov 2023 12:06:57 GMT
Server
Tengine
Timing-Allow-Origin
*
Transfer-Encoding
chunked
Vary
Accept-Encoding
Via
cache16.l2sg3[0,0,200-0,H], cache26.l2sg3[3,0], cache4.sg8[0,0,200-0,H], cache2.sg8[2,0]
X-Cache
HIT TCP_HIT dirn:13:96208993
X-Swift-CacheTime
2588105
X-Swift-SaveTime
Tue, 21 Nov 2023 14:09:21 GMT
ds.js
xt-ym.oss-cn-hongkong.aliyuncs.com/ds/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://xt-ym.oss-cn-hongkong.aliyuncs.com/ds/ds.js
Requested by
Host: ml666.zhouqiaoying01.cn
URL: https://ml666.zhouqiaoying01.cn/success/demaxy/ns/zz.html?channelCode=nszb1119
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.75.19.45 Hong Kong, Hong Kong, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash
ed03855fab3c593a0487d218ca944c73f2c33055bd4e5127432b0e162d504d1f

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://ml666.zhouqiaoying01.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date
Fri, 01 Dec 2023 19:01:32 GMT
Content-Encoding
gzip
x-oss-request-id
656A2D8C84CC8A3731E2CEEA
Content-MD5
ivHzUphjsz6vRNzz00WHWA==
Transfer-Encoding
chunked
Content-Disposition
attachment
Connection
keep-alive
x-oss-object-type
Normal
Last-Modified
Sun, 06 Aug 2023 09:32:41 GMT
Server
AliyunOSS
Vary
Accept-Encoding
Content-Type
application/javascript
x-oss-ec
0048-00000113
x-oss-force-download
true
x-oss-storage-class
Standard
x-oss-hash-crc64ecma
5044418397394001000
x-oss-server-time
2
sty.css
sh-xintaio.oss-cn-shanghai.aliyuncs.com/xintiao/hhloding/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sh-xintaio.oss-cn-shanghai.aliyuncs.com/xintiao/hhloding/sty.css
Requested by
Host: xt-ym.oss-cn-hongkong.aliyuncs.com
URL: https://xt-ym.oss-cn-hongkong.aliyuncs.com/ds/ds.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.101.83.165 Shanghai, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash
ef7d40311f0722368db1284d0465f0d6ca194b8ead8a64df1bb1488abfb88c63

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://ml666.zhouqiaoying01.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date
Fri, 01 Dec 2023 19:01:34 GMT
Content-Encoding
gzip
x-oss-request-id
656A2D8E7D26723436377F9C
Content-MD5
cOD+mBr01bmYgrQBE1a5Uw==
Transfer-Encoding
chunked
Content-Disposition
attachment
Connection
keep-alive
x-oss-object-type
Normal
Last-Modified
Sun, 06 Aug 2023 09:10:38 GMT
Server
AliyunOSS
Vary
Accept-Encoding
Content-Type
text/css
x-oss-ec
0048-00000113
x-oss-force-download
true
x-oss-storage-class
Standard
x-oss-hash-crc64ecma
18134244448772857081
x-oss-server-time
2
jquery-2.2.4.min.js
sh-xintaio.oss-accelerate.aliyuncs.com/xintiao/xinjs/images/ 		84 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sh-xintaio.oss-accelerate.aliyuncs.com/xintiao/xinjs/images/jquery-2.2.4.min.js
Requested by
Host: xt-ym.oss-cn-hongkong.aliyuncs.com
URL: https://xt-ym.oss-cn-hongkong.aliyuncs.com/ds/ds.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
161.117.242.80 , Singapore, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

Referer
https://ml666.zhouqiaoying01.cn/
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Fri, 01 Dec 2023 19:01:33 GMT
Content-Encoding
gzip
x-oss-request-id
656A2D8D524894A7A957A684
Content-MD5
L2sRp+kUcY4CkEEOhTZv6Q==
Transfer-Encoding
chunked
Content-Disposition
attachment
Connection
keep-alive
x-oss-object-type
Normal
Last-Modified
Mon, 20 Feb 2023 04:46:49 GMT
Server
AliyunOSS
Vary
Accept-Encoding
Content-Type
application/javascript
x-oss-ec
0048-00000113
x-oss-force-download
true
x-oss-storage-class
Standard
x-oss-hash-crc64ecma
16200118577543649759
x-oss-server-time
2
appinstall.js
sh-xintaio.oss-accelerate.aliyuncs.com/xintiao/xinjs/js/ 		46 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sh-xintaio.oss-accelerate.aliyuncs.com/xintiao/xinjs/js/appinstall.js
Requested by
Host: xt-ym.oss-cn-hongkong.aliyuncs.com
URL: https://xt-ym.oss-cn-hongkong.aliyuncs.com/ds/ds.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
161.117.242.80 , Singapore, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash
7c9895f2e57140b2a429c2b5df1eb51b2c0bf49f56365e198fb20a92fe79c1dd

Request headers

Referer
https://ml666.zhouqiaoying01.cn/
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Fri, 01 Dec 2023 19:01:33 GMT
Content-Encoding
gzip
x-oss-request-id
656A2D8D54CE568C95DEB1F3
Content-MD5
ihSRM2DNifCBLqSXHfWhaw==
Transfer-Encoding
chunked
Content-Disposition
attachment
Connection
keep-alive
x-oss-object-type
Normal
Last-Modified
Fri, 20 Oct 2023 17:52:42 GMT
Server
AliyunOSS
Vary
Accept-Encoding
Content-Type
application/javascript
x-oss-ec
0048-00000113
x-oss-force-download
true
x-oss-storage-class
Standard
x-oss-hash-crc64ecma
347442768461482610
x-oss-server-time
2
banner2.png
sh-xintaio.oss-cn-shanghai.aliyuncs.com/xintiao/hhloding/ 		112 KB
112 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sh-xintaio.oss-cn-shanghai.aliyuncs.com/xintiao/hhloding/banner2.png
Requested by
Host: xt-ym.oss-cn-hongkong.aliyuncs.com
URL: https://xt-ym.oss-cn-hongkong.aliyuncs.com/ds/ds.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.101.83.165 Shanghai, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash
e95f3ad2665611bc49364312b6340d2b16cf04ddc19dee3ae8fa6ffaadfe5a66

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://ml666.zhouqiaoying01.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date
Fri, 01 Dec 2023 19:01:34 GMT
x-oss-request-id
656A2D8E37CC343737F7F730
Content-MD5
IzkZemi8iYliIwxOQJl7eg==
Content-Disposition
attachment
Connection
keep-alive
Content-Length
114342
x-oss-object-type
Normal
Last-Modified
Sun, 06 Aug 2023 09:10:39 GMT
Server
AliyunOSS
ETag
"2339197A68BC898962230C4E40997B7A"
Content-Type
image/png
x-oss-ec
0048-00000103
x-oss-force-download
true
x-oss-storage-class
Standard
Accept-Ranges
bytes
x-oss-hash-crc64ecma
10131628678191492947
x-oss-server-time
2
ezgif-4-7d24a95ea9.gif
sh-xintaio.oss-cn-shanghai.aliyuncs.com/xintiao/hhloding/ 		730 KB
731 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sh-xintaio.oss-cn-shanghai.aliyuncs.com/xintiao/hhloding/ezgif-4-7d24a95ea9.gif
Requested by
Host: xt-ym.oss-cn-hongkong.aliyuncs.com
URL: https://xt-ym.oss-cn-hongkong.aliyuncs.com/ds/ds.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.101.83.165 Shanghai, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash
e9ed5173ec7d1af566c5916ce564b4becc9128f8e6be048d63b3777e19cbea4b

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://ml666.zhouqiaoying01.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date
Fri, 01 Dec 2023 19:01:34 GMT
x-oss-request-id
656A2D8E7D267234362E829C
Content-MD5
ICkZa/aog25mp20mPDRmpQ==
Content-Disposition
attachment
Connection
keep-alive
Content-Length
747499
x-oss-object-type
Normal
Last-Modified
Wed, 09 Aug 2023 04:49:49 GMT
Server
AliyunOSS
ETag
"2029196BF6A8836E66A76D263C3466A5"
Content-Type
image/gif
x-oss-ec
0048-00000103
x-oss-force-download
true
x-oss-storage-class
Standard
Accept-Ranges
bytes
x-oss-hash-crc64ecma
10402898747964800688
x-oss-server-time
2
foot2.gif
sh-xintaio.oss-cn-shanghai.aliyuncs.com/xintiao/hhloding/ 		77 KB
78 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sh-xintaio.oss-cn-shanghai.aliyuncs.com/xintiao/hhloding/foot2.gif
Requested by
Host: xt-ym.oss-cn-hongkong.aliyuncs.com
URL: https://xt-ym.oss-cn-hongkong.aliyuncs.com/ds/ds.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.101.83.165 Shanghai, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash
4057793685b3cdf830e3328568c386202843bfc5b6c395b57cfd59642c70f02d

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://ml666.zhouqiaoying01.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date
Fri, 01 Dec 2023 19:01:34 GMT
x-oss-request-id
656A2D8E177724323163080A
Content-MD5
8ciuKsfnIk95aKddMtDMVg==
Content-Disposition
attachment
Connection
keep-alive
Content-Length
78823
x-oss-object-type
Normal
Last-Modified
Sun, 06 Aug 2023 09:10:39 GMT
Server
AliyunOSS
ETag
"F1C8AE2AC7E7224F7968A75D32D0CC56"
Content-Type
image/gif
x-oss-ec
0048-00000103
x-oss-force-download
true
x-oss-storage-class
Standard
Accept-Ranges
bytes
x-oss-hash-crc64ecma
12875625880565219581
x-oss-server-time
2
xz.js
sh-xintaio.oss-accelerate.aliyuncs.com/xintiao/xinjs/js/ 		320 B
881 B 		Script
General
Check archive.org
Download Go to
Full URL
https://sh-xintaio.oss-accelerate.aliyuncs.com/xintiao/xinjs/js/xz.js
Requested by
Host: xt-ym.oss-cn-hongkong.aliyuncs.com
URL: https://xt-ym.oss-cn-hongkong.aliyuncs.com/ds/ds.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
161.117.242.80 , Singapore, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash
71b0757fd7c3ddc14b730d3817d2ff4b7bde4dee05103b3e653b45f1acfee35a

Request headers

Referer
https://ml666.zhouqiaoying01.cn/
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Fri, 01 Dec 2023 19:01:33 GMT
x-oss-request-id
656A2D8D524894A7A957A682
Content-MD5
oUqW375AKGDYXef5KqUGzA==
Content-Disposition
attachment
Connection
keep-alive
Content-Length
320
x-oss-object-type
Normal
Last-Modified
Fri, 20 Oct 2023 18:01:39 GMT
Server
AliyunOSS
ETag
"A14A96DFBE402860D85DE7F92AA506CC"
Content-Type
application/javascript
x-oss-ec
0048-00000113
x-oss-force-download
true
x-oss-storage-class
Standard
Accept-Ranges
bytes
x-oss-hash-crc64ecma
12955678223125022613
x-oss-server-time
2
hm.js
hm.baidu.com/ 		29 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hm.baidu.com/hm.js?eac78278b0633e24bd607ccaeae7471c
Requested by
Host: ml666.zhouqiaoying01.cn
URL: https://ml666.zhouqiaoying01.cn/success/demaxy/ns/zz.html?channelCode=nszb1119
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
3932011d1aaa80db2642505a40664d3804ca6d7077989adfed9a4c9ca5a3b3c3
Security Headers
Name Value
Strict-Transport-Security max-age=172800

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://ml666.zhouqiaoying01.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date
Fri, 01 Dec 2023 19:01:34 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=172800
Server
apache
Etag
e7e6fc2096424062d36f4848179bb200
P3p
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type
application/javascript
Cache-Control
max-age=0, must-revalidate
Content-Length
11260
init
sdksdk.renrenjihua.com/web/kn0b2v/nszb111/ 		694 B
961 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdksdk.renrenjihua.com/web/kn0b2v/nszb111/init?channelCode=nszb1119&av=0&cv=0&hash=&server=https%3A%2F%2Fsdksdk.renrenjihua.com&sw=p6Cmpg&sh=p6Smpg&sp=1
Requested by
Host: sh-xintaio.oss-accelerate.aliyuncs.com
URL: https://sh-xintaio.oss-accelerate.aliyuncs.com/xintiao/xinjs/js/appinstall.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
170.33.13.110 , Singapore, ASN134963 (ASEPL-AS-AP Alibaba Cloud Singapore Private Limited, SG),
Reverse DNS
Software
NgxFence /
Resource Hash
2d0bbef4191035e7392300e37c03687ba97764556b55d0b8638d239d82e4d12d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload

Request headers

Referer
https://ml666.zhouqiaoying01.cn/
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 01 Dec 2023 19:01:35 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-encoding
br
server
NgxFence
vary
Origin
content-type
application/json;charset=utf-8
access-control-allow-origin
https://ml666.zhouqiaoying01.cn
access-control-allow-credentials
true
hm.gif
hm.baidu.com/ 		43 B
299 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=1136204709&si=eac78278b0633e24bd607ccaeae7471c&su=http%3A%2F%2Fcapb.site%2F&v=1.3.0&lv=1&sn=37625&r=0&ww=1600&u=https%3A%2F%2Fml666.zhouqiaoying01.cn%2Fsuccess%2Fdemaxy%2Fns%2Fzz.html%3FchannelCode%3Dnszb1119
Requested by
Host: ml666.zhouqiaoying01.cn
URL: https://ml666.zhouqiaoying01.cn/success/demaxy/ns/zz.html?channelCode=nszb1119
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=172800
X-Content-Type-Options nosniff

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://ml666.zhouqiaoying01.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 01 Dec 2023 19:01:34 GMT
Strict-Transport-Security
max-age=172800
X-Content-Type-Options
nosniff
Server
apache
Content-Type
image/gif
Cache-Control
private, max-age=0, no-cache
Content-Length
43
eyJjIjoibnN6YjExMTkiLCJtIjoidnotQzQ3TXl2dU1BQUFHTUpzSDNDQkNuU3JYdDkya2pEaWZnS2tSVnFlYlRmX1FoY245dkVqWmZLMG8yWVZSZ2J1c09KeWE3ZEZHdkVrNFVIaUpOdlk2eVY5bnVnWm5vTWlXSEpVNUp0Rm8ifQ==
sdksdk.renrenjihua.com/web/kn0b2v/nszb111/clicked/c/ 		0
372 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://sdksdk.renrenjihua.com/web/kn0b2v/nszb111/clicked/c/eyJjIjoibnN6YjExMTkiLCJtIjoidnotQzQ3TXl2dU1BQUFHTUpzSDNDQkNuU3JYdDkya2pEaWZnS2tSVnFlYlRmX1FoY245dkVqWmZLMG8yWVZSZ2J1c09KeWE3ZEZHdkVrNFVIaUpOdlk2eVY5bnVnWm5vTWlXSEpVNUp0Rm8ifQ==?p=0&ref=https%3A%2F%2Fml666.zhouqiaoying01.cn%2Fsuccess%2Fdemaxy%2Fns%2Fzz.html%3FchannelCode%3Dnszb1119&ac=0&cc=0&channelCode=nszb1119
Requested by
Host: sh-xintaio.oss-accelerate.aliyuncs.com
URL: https://sh-xintaio.oss-accelerate.aliyuncs.com/xintiao/xinjs/js/appinstall.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
170.33.13.110 , Singapore, ASN134963 (ASEPL-AS-AP Alibaba Cloud Singapore Private Limited, SG),
Reverse DNS
Software
NgxFence /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://ml666.zhouqiaoying01.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Fri, 01 Dec 2023 19:01:36 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
server
NgxFence
vary
Origin
access-control-allow-origin
https://ml666.zhouqiaoying01.cn
access-control-allow-credentials
true
accept-ranges
bytes
content-length
0
32252699.apk
onebag.hzbtkj.com/
Redirect Chain
  • https://sdksdk.renrenjihua.com/page/kn0b2v/install/c/eyJjIjoibnN6YjExMTkiLCJtIjoiaFgxQWxMNVZhM2tBQUFHTUpzSDNCeEtoN2tGMGljYzBBZS05Umt6aUEtVzJhdlE4WlZGdTdqV19RZ1QwN2NyYm16WlhoRmV5OTV5dm9Ed0dqTzF4XzNx...
  • https://g1124.wwookapp.top/ApkDLD/dld/appcode/Qux1cEy5JP2GQyLS
  • https://onebag.hzbtkj.com/32252699.apk
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://onebag.hzbtkj.com/32252699.apk
Requested by
Host: sh-xintaio.oss-accelerate.aliyuncs.com
URL: https://sh-xintaio.oss-accelerate.aliyuncs.com/xintiao/xinjs/js/appinstall.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
163.181.42.182 , Singapore, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),
Reverse DNS
Software
Tengine /
Resource Hash

Request headers

Referer
https://ml666.zhouqiaoying01.cn/success/demaxy/ns/zz.html?channelCode=nszb1119
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
zh-SG,zh;q=0.9

Response headers

Accept-Ranges
bytes
Ali-Swift-Global-Savetime
1701457298
Connection
keep-alive
Content-Length
42301759
Content-Type
application/octet-stream
Date
Fri, 01 Dec 2023 19:01:38 GMT
ETag
"656a2d53-285793f"
EagleId
a3b52a9a17014572969157569e
Last-Modified
Fri, 01 Dec 2023 19:00:35 GMT
Server
Tengine
Timing-Allow-Origin
*
Via
cache14.l2sg3[776,776,200-0,M], cache14.l2sg3[778,0], cache4.sg8[1456,1456,200-0,M], cache6.sg8[1459,0]
X-Cache
MISS TCP_MISS dirn:-2:-2
X-Swift-CacheTime
90
X-Swift-SaveTime
Fri, 01 Dec 2023 19:01:38 GMT

Redirect headers

cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
text/html; charset=UTF-8
date
Fri, 01 Dec 2023 19:01:36 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
https://onebag.hzbtkj.com/32252699.apk
pragma
no-cache
server
qq.com
x-cache-status
MISS

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| $ function| jQuery function| AppInstall object| data object| _hmt boolean| _bdhm_loaded_eac78278b0633e24bd607ccaeae7471c object| mini_tangram_log_83q6gl

4 Cookies

Domain/Path Name / Value
.hm.baidu.com/ Name: HMACCOUNT_BFESS
Value: E89EE2242C0D868E
.ml666.zhouqiaoying01.cn/ Name: Hm_lvt_eac78278b0633e24bd607ccaeae7471c
Value: 1701457295
.ml666.zhouqiaoying01.cn/ Name: Hm_lpvt_eac78278b0633e24bd607ccaeae7471c
Value: 1701457295
g1124.wwookapp.top/ Name: PHPSESSID
Value: e8gfukrompgki7g7lm5jc7ern5

4 Console Messages

Source Level URL
Text
javascript warning URL: https://xt-ym.oss-cn-hongkong.aliyuncs.com/ds/ds.js
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://sh-xintaio.oss-accelerate.aliyuncs.com/xintiao/xinjs/images/jquery-2.2.4.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://xt-ym.oss-cn-hongkong.aliyuncs.com/ds/ds.js
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://sh-xintaio.oss-accelerate.aliyuncs.com/xintiao/xinjs/images/jquery-2.2.4.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://xt-ym.oss-cn-hongkong.aliyuncs.com/ds/ds.js
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://sh-xintaio.oss-accelerate.aliyuncs.com/xintiao/xinjs/js/appinstall.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://xt-ym.oss-cn-hongkong.aliyuncs.com/ds/ds.js
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://sh-xintaio.oss-accelerate.aliyuncs.com/xintiao/xinjs/js/xz.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.