URL: http://dss.r302.cc/
Submission: On July 27 via manual from PE — Scanned from DE

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 7 HTTP transactions. The main IP is 20.118.176.177, located in Phoenix, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is dss.r302.cc.
This is the only time dss.r302.cc was scanned on urlscan.io!

urlscan.io Verdict: No classification

Downloads These files were downloaded by the website

MIME: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Size: 31 MB (32406296 bytes, 100% done)
Downloaded from: https://imlizhi-store-https.seewo.com/ScreenShare_windows_3.1.0.2422(20210126110300).exe

Domain & IP information

IP Address AS Autonomous System
2 20.118.176.177 8075 (MICROSOFT...)
1 180.101.136.134 4134 (CHINANET-...)
1 3 103.235.46.191 55967 (BAIDU Bei...)
1 120.55.11.73 37963 (ALIBABA-C...)
1 1 223.4.221.197 37963 (ALIBABA-C...)
1 240e:90d:1101... 4134 (CHINANET-...)
7 5
Apex Domain
Subdomains
Transfer
3 baidu.com
hm.baidu.com — Cisco Umbrella Rank: 8950
12 KB
2 seewo.com
e.seewo.com
imlizhi-store-https.seewo.com
487 B
2 r302.cc
dss.r302.cc
23 KB
1 cvte.com
friday.cvte.com
4 KB
1 qbox.me
dn-growing.qbox.me — Cisco Umbrella Rank: 508683
7 5
Domain Requested by
3 hm.baidu.com 1 redirects
2 dss.r302.cc dss.r302.cc
1 imlizhi-store-https.seewo.com dss.r302.cc
1 e.seewo.com 1 redirects
1 friday.cvte.com dss.r302.cc
1 dn-growing.qbox.me dss.r302.cc
7 6

This site contains no links.

Subject Issuer Validity Valid
*.cvte.com
RapidSSL RSA CA 2018
2022-11-04 -
2023-11-29
a year crt.sh
*.seewo.com
Go Daddy Secure Certificate Authority - G2
2023-02-17 -
2024-02-23
a year crt.sh
baidu.com
GlobalSign RSA OV SSL CA 2018
2023-07-06 -
2024-08-06
a year crt.sh

This page contains 1 frames:

Frame: https://imlizhi-store-https.seewo.com/ScreenShare_windows_3.1.0.2422(20210126110300).exe
Frame ID: 8D02C1D120730F97CE154E5F5E4BEB87
Requests: 7 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • hm\.baidu\.com/hm\.js

Page Statistics

7
Requests

43 %
HTTPS

17 %
IPv6

5
Domains

6
Subdomains

5
IPs

3
Countries

40 kB
Transfer

63 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • http://hm.baidu.com/hm.js?fd9f880c563790ddfdf14e8d0d719783 HTTP 301
  • https://hm.baidu.com/hm.js?fd9f880c563790ddfdf14e8d0d719783
Request Chain 4
  • https://e.seewo.com/download/file?code=ScreenShare_Windows HTTP 302
  • https://imlizhi-store-https.seewo.com/ScreenShare_windows_3.1.0.2422(20210126110300).exe

7 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
dss.r302.cc/
3 KB
2 KB
Document
General
Full URL
http://dss.r302.cc/
Protocol
HTTP/1.1
Server
20.118.176.177 Phoenix, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
openresty / Express
Resource Hash
b72234c37c224b7943e15d5c743393aa0412123070dacb490f0244b26a27b5e8
Security Headers
Name Value
Content-Security-Policy font-src 'self';child-src 'self'
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Headers
*
Access-Control-Allow-Methods
*
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
*
Access-Control-Max-Age
5
Connection
keep-alive
Content-Encoding
gzip
Content-Security-Policy
font-src 'self';child-src 'self'
Content-Type
text/html; charset=utf-8
Date
Thu, 27 Jul 2023 15:19:50 GMT
ETag
W/"Ih29Vwk6VhAk0NEgrOI9ZQ=="
Server
openresty
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
sameorigin
X-Powered-By
Express
browser-redirect-d70b975a00.png
dss.r302.cc/static/images/
21 KB
21 KB
Image
General
Full URL
http://dss.r302.cc/static/images/browser-redirect-d70b975a00.png
Requested by
Host: dss.r302.cc
URL: http://dss.r302.cc/
Protocol
HTTP/1.1
Server
20.118.176.177 Phoenix, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
openresty /
Resource Hash
41f45c39a3b3e2fb39f37c1c5c285c1f07de21921ee0d0d8141abc23e1863eaf

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://dss.r302.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date
Thu, 27 Jul 2023 15:19:50 GMT
Last-Modified
Fri, 15 Feb 2019 01:48:32 GMT
Server
openresty
ETag
"5c661a70-5374"
Access-Control-Max-Age
5
Access-Control-Allow-Methods
*
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
*
Connection
keep-alive
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Content-Length
21364
vds.js
dn-growing.qbox.me/
0
0
Script
General
Full URL
http://dn-growing.qbox.me/vds.js
Requested by
Host: dss.r302.cc
URL: http://dss.r302.cc/
Protocol
HTTP/1.1
Server
180.101.136.134 Nanjing, China, ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://dss.r302.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

hm.js
hm.baidu.com/
Redirect Chain
  • http://hm.baidu.com/hm.js?fd9f880c563790ddfdf14e8d0d719783
  • https://hm.baidu.com/hm.js?fd9f880c563790ddfdf14e8d0d719783
29 KB
12 KB
Script
General
Full URL
https://hm.baidu.com/hm.js?fd9f880c563790ddfdf14e8d0d719783
Protocol
HTTP/1.1
Server
103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
16e90520669e8bdf53743e409526f6f2dc615827116ab6a334913ce00ea4f777
Security Headers
Name Value
Strict-Transport-Security max-age=172800

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://dss.r302.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date
Thu, 27 Jul 2023 15:19:52 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=172800
Server
apache
Etag
97a75f8671765619be6cfdc16010689b
P3p
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type
application/javascript
Cache-Control
max-age=0, must-revalidate
Content-Length
11259

Redirect headers

Location
https://hm.baidu.com/hm.js?fd9f880c563790ddfdf14e8d0d719783
Date
Thu, 27 Jul 2023 15:19:51 GMT
Content-Length
94
Content-Type
text/html; charset=utf-8
fa.js
friday.cvte.com/agent/sdk/js/v2/
10 KB
4 KB
Script
General
Full URL
https://friday.cvte.com/agent/sdk/js/v2/fa.js?_appId=532888633f635e2ceac88f2969885d87
Requested by
Host: dss.r302.cc
URL: http://dss.r302.cc/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
120.55.11.73 Hangzhou, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
openresty /
Resource Hash
455e176ed2f9dbd206d6b94a6c385a397f60983563374a02f41119186e2b0371

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://dss.r302.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Thu, 27 Jul 2023 15:19:51 GMT
content-encoding
gzip
server
openresty
vary
Accept-Encoding
calleeid
9eecd0051b73a7f32c6ce50c3874a1ecadfbce9a, 9eecd0051b73a7f32c6ce50c3874a1ecadfbce9a
content-type
application/javascript;charset=UTF-8
calleenode
cn-hangzhou.10.111.56.71, cn-hangzhou.10.111.56.71
x-apm-traceid
3220f239f95c074ebccd0dba89970966, 3220f239f95c074ebccd0dba89970966
calleepodip
172.28.226.240, 172.28.226.240
calleeclusterid
101, 101
ScreenShare_windows_3.1.0.2422(20210126110300).exe
imlizhi-store-https.seewo.com/
Redirect Chain
  • https://e.seewo.com/download/file?code=ScreenShare_Windows
  • https://imlizhi-store-https.seewo.com/ScreenShare_windows_3.1.0.2422(20210126110300).exe
0
0
Document
General
Full URL
https://imlizhi-store-https.seewo.com/ScreenShare_windows_3.1.0.2422(20210126110300).exe
Requested by
Host: dss.r302.cc
URL: http://dss.r302.cc/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
240e:90d:1101:450f:8000:0:b00:100 , China, ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN),
Reverse DNS
Software
Byte-nginx /
Resource Hash

Request headers

Referer
http://dss.r302.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
X-Log, X-Reqid
Access-Control-Max-Age
2592000
Age
1935436
Cache-Control
public, max-age=31536000
Connection
keep-alive
Content-Disposition
inline; filename="ScreenShare_windows_3.1.0.2422(20210126110300).exe"; filename*=utf-8''ScreenShare_windows_3.1.0.2422%2820210126110300%29.exe
Content-Length
32406296
Content-Md5
xzSt6Cf4B6d2hjB6vYJRsw==
Content-Transfer-Encoding
binary
Content-Type
application/x-msdownload
Date
Thu, 27 Jul 2023 15:19:52 GMT
Etag
"lupwK-ZM551lj3GXvazerkZWlrWa"
Last-Modified
Tue, 26 Jan 2021 03:06:23 GMT
Server
Byte-nginx
X-Bdcdn-Cache-Status
TCP_HIT
X-Log
X-Log
X-M-Log
QNM:xs472;SRCPROXY:xs492;SRC:9/304;SRCPROXY:9/304;QNM3:11/304
X-M-Reqid
mxYAAMLWRUdT4m4X
X-Qiniu-Zone
0
X-Qnm-Cache
Validate,Hit
X-Reqid
p2cAAADkJXixrGUX
X-Request-Id
55994cb77fb279f6b1583a6b141f9b77
X-Request-Ip
2a00:c98:2030:a004:1::13
X-Response-Cache
edge_hit
X-Response-Cinfo
2a00:c98:2030:a004:1::13
X-Svr
IO
X-Tt-Trace-Tag
id=5
via
cache04.dlct02

Redirect headers

content-length
220
content-security-policy
font-src 'self';child-src 'self'
content-type
text/html; charset=utf-8
date
Thu, 27 Jul 2023 15:19:51 GMT
location
https://imlizhi-store-https.seewo.com/ScreenShare_windows_3.1.0.2422(20210126110300).exe
server
cagw
vary
Accept, Accept-Encoding
x-apm-traceid
cd08d40c07673b1cbfe7c58a00f9c40b
x-content-type-options
nosniff
x-frame-options
sameorigin
x-powered-by
Express
hm.gif
hm.baidu.com/
43 B
299 B
Image
General
Full URL
https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=1716513846&si=fd9f880c563790ddfdf14e8d0d719783&v=1.3.0&lv=1&sn=61403&r=0&ww=1600&u=http%3A%2F%2Fdss.r302.cc%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=172800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://dss.r302.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jul 2023 15:19:52 GMT
Strict-Transport-Security
max-age=172800
X-Content-Type-Options
nosniff
Server
apache
Content-Type
image/gif
Cache-Control
private, max-age=0, no-cache
Content-Length
43

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| _vds object| _hmt object| _faq function| FridayAnalyze function| _typeof object| $fa boolean| _bdhm_loaded_fd9f880c563790ddfdf14e8d0d719783 object| mini_tangram_log_iugr02

6 Cookies

Domain/Path Name / Value
dss.r302.cc/ Name: connect.sid
Value: s%3AEht9X1GzUqaYZuGwcE8UZ4SbYji7pAVE.slE7NTI1ZmboFN1yGpJ27YpO1KZS1X6%2F1w%2BClDAnEZw
e.seewo.com/ Name: acw_tc
Value: 707c9fd816904711915006952e4fb624b8f4aab9db01320e0f01de7fb9543e
e.seewo.com/ Name: connect.sid
Value: s%3A4hzF2Y4hTyST_US_LjRUlAMxwJ133_Kx.JUFb%2B5byXAm8rt54mevCwdvY1tAFWcnxkCzTTxAVmuU
.hm.baidu.com/ Name: HMACCOUNT_BFESS
Value: 4E2E58FE172BD211
.dss.r302.cc/ Name: Hm_lvt_fd9f880c563790ddfdf14e8d0d719783
Value: 1690471193
.dss.r302.cc/ Name: Hm_lpvt_fd9f880c563790ddfdf14e8d0d719783
Value: 1690471193

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy font-src 'self';child-src 'self'
X-Content-Type-Options nosniff
X-Frame-Options sameorigin