cd001.v78q.com Open in urlscan Pro
120.52.95.245 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.baidu.com/aladdin.php?url=af0000KL0vTPWUUQr9pjSM5h_DS4L_k5UCnXCQHo9gj3jumeV3fWIKX2d0OddvNELeg_TUSQUhYpY6Hj...
Effective URL:
https://cd001.v78q.com/cs/233sem/%E5%BE%AE%E4%BF%A1%20Windows%20%E7%89%88_sm70005042e.exe
Submission: On April 09 via manual (April 9th 2024, 9:41:09 am UTC) from GB — Scanned from GB

Summary HTTP 1 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 2 countries across 3 domains to perform 1 HTTP transactions. The main IP is 120.52.95.245, located in China and belongs to UNICOM-CN China Unicom IP network, CN. The main domain is cd001.v78q.com.
TLS certificate: Issued by TrustAsia RSA DV TLS CA G2 on February 2nd 2024. Valid for: 3 months.

This is the only time cd001.v78q.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Downloads These files were downloaded by the website

download 4 MB application/x-dosexec

SHA256: 1f292f89857b79f9e7766f9978c4100ed0aed53349cecadfc0adb54ae35ac7f4

MIME: PE32 executable (GUI) Intel 80386, for MS Windows

Size: 4 MB (4275392 bytes, 100% done)

Downloaded from: https://cd001.v78q.com/cs/233sem/%E5%BE%AE%E4%BF%A1%20Windows%20%E7%89%88_sm70005042e.exe

Domain & IP information

	IP Address	AS Autonomous System
2 2	103.235.46.40 103.235.46.40	55967 (BAIDU Bei...) (BAIDU Beijing Baidu Netcom Science and Technology Co.)
1 1	119.3.51.130 119.3.51.130	55990 (HWCSNET H...) (HWCSNET Huawei Cloud Service data center)
1	120.52.95.245 120.52.95.245	133119 (UNICOM-CN...) (UNICOM-CN China Unicom IP network)
1	1

2 103.235.46.40 (Hong Kong) 2 redirects

ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN)

www.baidu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 119.3.51.130 (China) 1 redirects

ASN55990 (HWCSNET Huawei Cloud Service data center, CN)
PTR: ecs-119-3-51-130.compute.hwclouds-dns.com

jump1.51xiazai.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 120.52.95.245 (China)

ASN133119 (UNICOM-CN China Unicom IP network, CN)

cd001.v78q.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	baidu.com 2 redirects www.baidu.com — Cisco Umbrella Rank: 2513	3 KB
1	v78q.com cd001.v78q.com
1	51xiazai.cn 1 redirects jump1.51xiazai.cn	289 B
1	3

	Domain	Requested by
2	www.baidu.com	2 redirects
1	cd001.v78q.com
1	jump1.51xiazai.cn	1 redirects
1	3

This site contains no links.

Subject Issuer	Validity	Valid
*.v78q.com TrustAsia RSA DV TLS CA G2	`2024-02-02` - `2024-05-02`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://cd001.v78q.com/cs/233sem/%E5%BE%AE%E4%BF%A1%20Windows%20%E7%89%88_sm70005042e.exe
Frame ID: 4D24B1E0E5BB98168F790F5FCDFFC992
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

Page Statistics

1
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

1
IPs

2
Countries

0 kB
Transfer

0 kB
Size

7
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request %E5%BE%AE%E4%BF%A1%20Windows%20%E7%89%88_sm70005042e.exe cd001.v78q.com/cs/233sem/ Redirect Chain https://www.baidu.com/aladdin.php?url=af0000KL0vTPWUUQr9pjSM5h_DS4L_k5UCnXCQHo9gj3jumeV3fWIKX2d0OddvNELeg_TUSQUhYpY6Hj8n_A0rNbh_xvUMbzKBFqlB9_gx4eVLmHbw0O9AvH6kOA-aZKpPDNgn-sLuB4ava1BjKmvjV4B6s_cGC... https://www.baidu.com/aladdin.php?sc.af0000KL0vTPWUUQr9pjSM5h_DS4L_k5UCnXCQHo9gj3jumeV3fWIKX2d0OddvNELeg_TUSQUhYpY6Hj8n_A0rNbh_xvUMbzKBFqlB9_gx4eVLmHbw0O9AvH6kOA-aZKpPDNgn-sLuB4ava1BjKmvjV4B6s_cGCO... https://jump1.51xiazai.cn/d?k=%E5%BE%AE%E4%BF%A1%E7%94%B5%E8%84%91%E7%89%88%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85&s=10478&t=365xiazai&u=https%253A%252F%252Fcd001.v78q.com%252Fcs%252F233sem%252F%2525E... https://cd001.v78q.com/cs/233sem/%E5%BE%AE%E4%BF%A1%20Windows%20%E7%89%88_sm70005042e.exe	0 0	2988ms 356ms	Document application/x-msdownload	120.52.95.245 UNICOM-CN China U...
General Check archive.org Show headers Download Go to Full URL https://cd001.v78q.com/cs/233sem/%E5%BE%AE%E4%BF%A1%20Windows%20%E7%89%88_sm70005042e.exe Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 120.52.95.245 , China, ASN133119 (UNICOM-CN China Unicom IP network, CN), Reverse DNS Software openresty / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 accept-language en-GB,en;q=0.9 sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers Accept-Ranges bytes Age 2745696 Connection keep-alive Content-Length 4275392 Content-MD5 FFXsrVAolmFOAFxRc98W6w== Content-Type application/x-msdownload Date Tue, 09 Apr 2024 09:40:35 GMT ETag "1455ecad502896614e005c5173df16eb" Last-Modified Sun, 18 Feb 2024 11:51:12 GMT Server openresty X-Application-Context application:bj X-CCDN-CacheTTL 2592000 X-CCDN-REQ-ID-46B1 43923e2f5f39445efd5855e33ddaed90 nginx-hit 1 via CHN-HElangfang-AREACUCC1-CACHE11[11],CHN-HElangfang-AREACUCC1-CACHE43[0,TCP_HIT,8],CHN-TJ-GLOBAL1-CACHE67[26],CHN-TJ-GLOBAL1-CACHE43[0,TCP_HIT,2] x-hcs-proxy-type 1 x-kss-checksum-crc64ecma 10389941971025714744 x-kss-object-type Normal x-kss-qos-delay-time 0 x-kss-request-id fhjmc020kcmobs6l65ib5m9iln4dob6p Redirect headers Connection keep-alive Content-Type text/html; charset=UTF-8 Date Tue, 09 Apr 2024 09:40:32 GMT Location https://cd001.v78q.com/cs/233sem/%E5%BE%AE%E4%BF%A1 Windows %E7%89%88_sm70005042e.exe Server nginx Transfer-Encoding chunked X-Powered-By PHP/7.2.32

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.baidu.com/	1969-12-31 23:59:59	Name: shifen[1792222186_34321] Value: 1712655631
.baidu.com/	1969-12-31 23:59:59	Name: BCLID Value: 11379136447512126105
.baidu.com/	1969-12-31 23:59:59	Name: BCLID_BFESS Value: 11379136447512126105
.baidu.com/	1969-12-31 23:59:59	Name: BDSFRCVID Value: wbAOJeCmHRGl_ATtQD8BJdOiHeKK0gOTHllnwaL-MDTISYDVJeC6EG0Ptf8g0KubuD6KogKK0gOTH6KF_2uxOjjg8UtVJeC6EG0Ptf8g0M5
.baidu.com/	1969-12-31 23:59:59	Name: BDSFRCVID_BFESS Value: wbAOJeCmHRGl_ATtQD8BJdOiHeKK0gOTHllnwaL-MDTISYDVJeC6EG0Ptf8g0KubuD6KogKK0gOTH6KF_2uxOjjg8UtVJeC6EG0Ptf8g0M5
.baidu.com/	1969-12-31 23:59:59	Name: H_BDCLCKID_SF Value: tbCHoCtyJKI3j45zK5L_jj_bMfQE54FXKK_sLbopBhcqEn6S0xJSBU_75bQRqUjZ5gO0an5cWKJJ8UbSh-v_5P_TqtcRLUcgymnpaJ5nJq5nhMJmb67JDMP0-loRtfny523ion3vQpP-OpQ3DRoWXPIqbN7P-p5Z5mAqKl0MLPbtbb0xXj_0-nDSHH_fq6KO3J
.baidu.com/	1969-12-31 23:59:59	Name: H_BDCLCKID_SF_BFESS Value: tbCHoCtyJKI3j45zK5L_jj_bMfQE54FXKK_sLbopBhcqEn6S0xJSBU_75bQRqUjZ5gO0an5cWKJJ8UbSh-v_5P_TqtcRLUcgymnpaJ5nJq5nhMJmb67JDMP0-loRtfny523ion3vQpP-OpQ3DRoWXPIqbN7P-p5Z5mAqKl0MLPbtbb0xXj_0-nDSHH_fq6KO3J

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cd001.v78q.com
jump1.51xiazai.cn
www.baidu.com
103.235.46.40
119.3.51.130
120.52.95.245

cd001.v78q.com Open in urlscan Pro 120.52.95.245 Public Scan

Summary

urlscan.io Verdict: No classification

Downloads These files were downloaded by the website

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

1 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

1 IPs

2 Countries

0 kBTransfer

0 kBSize

7 Cookies

0 Outgoing links

Page URL History

Redirected requests

1 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

7 Cookies

Indicators

cd001.v78q.com Open in urlscan Pro
120.52.95.245 Public Scan

Screenshot
Live screenshot

Full Image

1
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

1
IPs

2
Countries

0 kB
Transfer

0 kB
Size

7
Cookies

1 HTTP transactions
0 data transactions