zkelgjaq.shop Open in urlscan Pro
43.128.10.104 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://bloombergmarketing.szmitao.com/
Effective URL:
http://zkelgjaq.shop/
Submission: On October 13 via manual (October 13th 2023, 12:44:51 am UTC) from HK — Scanned from DE

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 5 countries across 5 domains to perform 10 HTTP transactions. The main IP is 43.128.10.104, located in Hong Kong, Hong Kong and belongs to TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN. The main domain is zkelgjaq.shop.

This is the only time zkelgjaq.shop was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	168.76.2.155 168.76.2.155	137951 (CLAYERLIM...) (CLAYERLIMITED-AS-AP Clayer Limited)
1	47.246.46.206 47.246.46.206	24429 (TAOBAO Zh...) (TAOBAO Zhejiang Taobao Network Co.)
1	203.107.86.226 203.107.86.226	37963 (ALIBABA-C...) (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.)
1 1	2606:4700:303... 2606:4700:3037::6815:1bd7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2606:4700:303... 2606:4700:3031::ac43:a9c3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 7	43.128.10.104 43.128.10.104	132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building)
10	4

2 168.76.2.155 (South Africa)

ASN137951 (CLAYERLIMITED-AS-AP Clayer Limited, HK)

bloombergmarketing.szmitao.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 47.246.46.206 (Milan, Italy)

ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN)

sdk.51.la	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 203.107.86.226 (China)

ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN)

collect-v6.51.la	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3037::6815:1bd7 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

mt994.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3031::ac43:a9c3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

mt994.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 43.128.10.104 (Hong Kong, Hong Kong) 1 redirects

ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)

esmvsadjxu.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
zkelgjaq.shop	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	zkelgjaq.shop zkelgjaq.shop	44 KB
2	mt994.com 2 redirects mt994.com	1 KB
2	51.la sdk.51.la — Cisco Umbrella Rank: 63196 collect-v6.51.la — Cisco Umbrella Rank: 58204	14 KB
2	szmitao.com bloombergmarketing.szmitao.com	4 KB
1	esmvsadjxu.cn 1 redirects esmvsadjxu.cn	449 B
10	5

	Domain	Requested by
6	zkelgjaq.shop	bloombergmarketing.szmitao.com zkelgjaq.shop
2	mt994.com	2 redirects
2	bloombergmarketing.szmitao.com	bloombergmarketing.szmitao.com
1	esmvsadjxu.cn	1 redirects
1	collect-v6.51.la	sdk.51.la
1	sdk.51.la	bloombergmarketing.szmitao.com
10	6

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://zkelgjaq.shop/
Frame ID: B665312DCCC23A8D19DF0514AED505C9
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://bloombergmarketing.szmitao.com/ Page URL
https://mt994.com/ HTTP 301
http://mt994.com/faweg89r7g95rf6we8d9wefg3er6htr8h9egs9r8e9gs8re/fawe89g5ewr7a9ghh3h2tr6g5e6r... HTTP 302
http://esmvsadjxu.cn/aH1W31CgSf?KUs HTTP 302
http://zkelgjaq.shop/ Page URL

Page Statistics

10
Requests

0 %
HTTPS

33 %
IPv6

5
Domains

6
Subdomains

4
IPs

5
Countries

62 kB
Transfer

634 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://bloombergmarketing.szmitao.com/ Page URL
https://mt994.com/ HTTP 301
http://mt994.com/faweg89r7g95rf6we8d9wefg3er6htr8h9egs9r8e9gs8re/fawe89g5ewr7a9ghh3h2tr6g5e6r.php?diffneifnw=gsre895g6aew7f9wef26h2tr6h2 HTTP 302
http://esmvsadjxu.cn/aH1W31CgSf?KUs HTTP 302
http://zkelgjaq.shop/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response bloombergmarketing.szmitao.com/	9 KB 4 KB	4697ms 201ms	Document text/html	168.76.2.155 CLAYERLIMITED-AS-...
General Check archive.org Show headers Download Go to Full URL http://bloombergmarketing.szmitao.com/ Protocol HTTP/1.1 Server 168.76.2.155 , South Africa, ASN137951 (CLAYERLIMITED-AS-AP Clayer Limited, HK), Reverse DNS Software nginx / PHP/8.2.6 Resource Hash `4e51378289c06d36026215f179688814b9484f7b6771cc3ec5953d7718fd51c8` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=utf-8 Date Fri, 13 Oct 2023 00:44:43 GMT Server nginx Transfer-Encoding chunked Vary Accept-Encoding X-Powered-By PHP/8.2.6
GET H/1.1	200 OK	js-sdk-pro.min.js Show response sdk.51.la/	34 KB 13 KB	1085ms 16ms	Script application/javascript	47.246.46.206 TAOBAO Zhejiang T...
General Check archive.org Show headers Download Go to Full URL http://sdk.51.la/js-sdk-pro.min.js Requested by Host: bloombergmarketing.szmitao.com URL: http://bloombergmarketing.szmitao.com/ Protocol HTTP/1.1 Server 47.246.46.206 Milan, Italy, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN), Reverse DNS Software Tengine / Resource Hash `d1f1bfe698f2ffb7b3e7a885a301d58f9554d45df0a31c3e8b53c84b33c80d27` Request headers accept-language de-DE,de;q=0.9 Referer http://bloombergmarketing.szmitao.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Date Fri, 06 Oct 2023 16:07:27 GMT Via cache15.l2de2[686,686,304-0,M], cache23.l2de2[688,0], cache1.it2[0,0,200-0,H], cache2.it2[1,0] Content-Encoding gzip x-oss-request-id 652030BFCC8CEC3434A366B8 Content-MD5 JLtSDpUX8u0+2Ye0aur3Iw== Age 549437 X-Swift-CacheTime 1296000 X-Cache HIT TCP_MEM_HIT dirn:8:451742100 x-oss-cdn-auth success Connection keep-alive X-Swift-SaveTime Fri, 06 Oct 2023 16:07:27 GMT Content-Length 12846 x-oss-object-type Normal Last-Modified Thu, 08 Jun 2023 02:24:34 GMT Server Tengine ETag "24BB520E9517F2ED3ED987B46AEAF723" Vary Accept-Encoding Ali-Swift-Global-Savetime 1696608447 Content-Type application/javascript Access-Control-Allow-Origin * x-oss-storage-class Standard Accept-Ranges bytes Timing-Allow-Origin * x-oss-hash-crc64ecma 5143829838470429443 EagleId 2ff62e9616971578845023301e x-oss-server-time 3
GET H/1.1	200 OK	action.php Show response bloombergmarketing.szmitao.com/action/	212 B 407 B	199ms 199ms	Script text/javascript	168.76.2.155 CLAYERLIMITED-AS-...
General Check archive.org Show headers Download Go to Full URL http://bloombergmarketing.szmitao.com/action/action.php Requested by Host: bloombergmarketing.szmitao.com URL: http://bloombergmarketing.szmitao.com/ Protocol HTTP/1.1 Server 168.76.2.155 , South Africa, ASN137951 (CLAYERLIMITED-AS-AP Clayer Limited, HK), Reverse DNS Software nginx / PHP/8.2.6 Resource Hash `14cc5865241599647e71afd28ec304d9a63a96c5303dcdb31410929b07d199a9` Request headers accept-language de-DE,de;q=0.9 Referer http://bloombergmarketing.szmitao.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Date Fri, 13 Oct 2023 00:44:43 GMT Content-Encoding gzip Server nginx X-Powered-By PHP/8.2.6 Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/javascript; charset=utf-8 Connection keep-alive
POST H/1.1	200	collect collect-v6.51.la/v6/	0 529 B	1028ms 321ms	XHR text/plain	203.107.86.226 ALIBABA-CN-NET Ha...
General Check archive.org Show headers Download Go to Full URL http://collect-v6.51.la/v6/collect?dt=4 Requested by Host: sdk.51.la URL: http://sdk.51.la/js-sdk-pro.min.js Protocol HTTP/1.1 Server 203.107.86.226 , China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN), Reverse DNS Software nginx / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer http://bloombergmarketing.szmitao.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Access-Control-Allow-Origin http://bloombergmarketing.szmitao.com Date Fri, 13 Oct 2023 00:44:45 GMT Access-Control-Allow-Credentials true Server nginx Connection keep-alive Content-Length 0 Vary Origin, Access-Control-Request-Method, Access-Control-Request-Headers
GET H/1.1	200 OK	Primary Request / Show response zkelgjaq.shop/ Redirect Chain https://mt994.com/ http://mt994.com/faweg89r7g95rf6we8d9wefg3er6htr8h9egs9r8e9gs8re/fawe89g5ewr7a9ghh3h2tr6g5e6r.php?diffneifnw=gsre895g6aew7f9wef26h2tr6h2 http://esmvsadjxu.cn/aH1W31CgSf?KUs http://zkelgjaq.shop/	824 B 1 KB	2653ms 248ms	Document text/html	43.128.10.104 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL http://zkelgjaq.shop/ Requested by Host: bloombergmarketing.szmitao.com URL: http://bloombergmarketing.szmitao.com/ Protocol HTTP/1.1 Server 43.128.10.104 Hong Kong, Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx / Resource Hash `edd2db54fa88c0969bb7beda3d346d9b0aeddc735de8350662f9555c2df29276` Request headers Referer http://bloombergmarketing.szmitao.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Accept-Ranges bytes Connection keep-alive Content-Length 824 Content-Type text/html Date Fri, 13 Oct 2023 00:44:50 GMT ETag "64f5c3ce-338" Last-Modified Mon, 04 Sep 2023 11:47:26 GMT Server nginx Redirect headers Cache-Control no-store, no-cache, must-revalidate Connection keep-alive Content-Type text/html; charset=UTF-8 Date Fri, 13 Oct 2023 00:44:48 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Location http://zkelgjaq.shop/#/regtoken?ttname=NDI0LS0xNDYuNzAuMTE3LjExOS0tMTY5NzE1Nzg4OA==&rand=1697157888&KUs Pragma no-cache Server nginx Transfer-Encoding chunked
GET H/1.1	200 OK	hls.min.js zkelgjaq.shop/ckplayer/hls.js/	270 KB 0	251ms 250ms	Script application/javascript	43.128.10.104 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL http://zkelgjaq.shop/ckplayer/hls.js/hls.min.js Requested by Host: zkelgjaq.shop URL: http://zkelgjaq.shop/ Protocol HTTP/1.1 Server 43.128.10.104 Hong Kong, Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer http://zkelgjaq.shop/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Date Fri, 13 Oct 2023 00:44:51 GMT Content-Encoding gzip Last-Modified Wed, 02 Aug 2023 17:54:16 GMT Server nginx ETag W/"64ca9848-4e8bc" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript Connection keep-alive
GET H/1.1	200 OK	ckplayer.min.js Show response zkelgjaq.shop/ckplayer/js/	135 KB 36 KB	258ms 257ms	Script application/javascript	43.128.10.104 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL http://zkelgjaq.shop/ckplayer/js/ckplayer.min.js Requested by Host: zkelgjaq.shop URL: http://zkelgjaq.shop/ Protocol HTTP/1.1 Server 43.128.10.104 Hong Kong, Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx / Resource Hash `045b01ab99808fffdf49d3e95c3eb765b3e6b08bad4dc12ae89f214f16b0b354` Request headers accept-language de-DE,de;q=0.9 Referer http://zkelgjaq.shop/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Date Fri, 13 Oct 2023 00:44:51 GMT Content-Encoding gzip Last-Modified Wed, 02 Aug 2023 17:54:16 GMT Server nginx ETag W/"64ca9848-21ba8" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript Connection keep-alive
GET H/1.1	200 OK	ckplayer.css zkelgjaq.shop/ckplayer/css/	42 KB 7 KB	492ms 247ms	Stylesheet text/css	43.128.10.104 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL http://zkelgjaq.shop/ckplayer/css/ckplayer.css Requested by Host: zkelgjaq.shop URL: http://zkelgjaq.shop/ Protocol HTTP/1.1 Server 43.128.10.104 Hong Kong, Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx / Resource Hash `5c0d44e9314528ccf0d53e5df4d5a637d34fb67922a4aaf32e6f5935b7ca6c2c` Request headers accept-language de-DE,de;q=0.9 Referer http://zkelgjaq.shop/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Date Fri, 13 Oct 2023 00:44:51 GMT Content-Encoding gzip Last-Modified Wed, 02 Aug 2023 17:54:14 GMT Server nginx ETag W/"64ca9846-a9f6" Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/css Connection keep-alive
GET H/1.1	200 OK	index.e316471b.js zkelgjaq.shop/assets/	90 KB 0	506ms 254ms	Script application/javascript	43.128.10.104 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL http://zkelgjaq.shop/assets/index.e316471b.js Requested by Host: zkelgjaq.shop URL: http://zkelgjaq.shop/ Protocol HTTP/1.1 Server 43.128.10.104 Hong Kong, Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx / Resource Hash Request headers Referer http://zkelgjaq.shop/ Origin http://zkelgjaq.shop accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Date Fri, 13 Oct 2023 00:44:51 GMT Content-Encoding gzip Last-Modified Mon, 04 Sep 2023 11:47:26 GMT Server nginx ETag W/"64f5c3ce-78aee" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript Connection keep-alive
GET H/1.1	200 OK	index.f090549a.css zkelgjaq.shop/assets/	53 KB 0	499ms 250ms	Stylesheet text/css	43.128.10.104 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL http://zkelgjaq.shop/assets/index.f090549a.css Requested by Host: zkelgjaq.shop URL: http://zkelgjaq.shop/ Protocol HTTP/1.1 Server 43.128.10.104 Hong Kong, Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer http://zkelgjaq.shop/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Date Fri, 13 Oct 2023 00:44:51 GMT Content-Encoding gzip Last-Modified Mon, 04 Sep 2023 11:47:26 GMT Server nginx ETag W/"64f5c3ce-3859a" Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/css Connection keep-alive

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
bloombergmarketing.szmitao.com/	1969-12-31 23:59:59	Name: __vtins__K5sCBLmqJ7CSN7bJ Value: %7B%22sid%22%3A%20%223d4f5a26-8da3-511e-ba14-651606e09ca8%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201697159684555%2C%20%22ct%22%3A%201697157884555%7D
bloombergmarketing.szmitao.com/	1970-01-21 01:01:57	Name: __51uvsct__K5sCBLmqJ7CSN7bJ Value: 1
bloombergmarketing.szmitao.com/	1970-01-21 01:01:57	Name: __51vcke__K5sCBLmqJ7CSN7bJ Value: 5869fb99-44a9-52fe-add7-c7e46e66e059
bloombergmarketing.szmitao.com/	1970-01-21 01:01:57	Name: __51vuft__K5sCBLmqJ7CSN7bJ Value: 1697157884559
esmvsadjxu.cn/	1969-12-31 23:59:59	Name: PHPSESSID Value: g8keo11464rvol7bb76mkaqnl2

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bloombergmarketing.szmitao.com
collect-v6.51.la
esmvsadjxu.cn
mt994.com
sdk.51.la
zkelgjaq.shop
168.76.2.155
203.107.86.226
2606:4700:3031::ac43:a9c3
2606:4700:3037::6815:1bd7
43.128.10.104
47.246.46.206
045b01ab99808fffdf49d3e95c3eb765b3e6b08bad4dc12ae89f214f16b0b354
14cc5865241599647e71afd28ec304d9a63a96c5303dcdb31410929b07d199a9
4e51378289c06d36026215f179688814b9484f7b6771cc3ec5953d7718fd51c8
5c0d44e9314528ccf0d53e5df4d5a637d34fb67922a4aaf32e6f5935b7ca6c2c
d1f1bfe698f2ffb7b3e7a885a301d58f9554d45df0a31c3e8b53c84b33c80d27
edd2db54fa88c0969bb7beda3d346d9b0aeddc735de8350662f9555c2df29276

zkelgjaq.shop Open in urlscan Pro 43.128.10.104 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

10 Requests

0 %HTTPS

33 %IPv6

5 Domains

6 Subdomains

4 IPs

5 Countries

62 kBTransfer

634 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

5 Cookies

Indicators

zkelgjaq.shop Open in urlscan Pro
43.128.10.104 Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

0 %
HTTPS

33 %
IPv6

5
Domains

6
Subdomains

4
IPs

5
Countries

62 kB
Transfer

634 kB
Size

5
Cookies

10 HTTP transactions
0 data transactions