spread.huasecpa.cn Open in urlscan Pro
8.136.235.248 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://63cat.com/
Effective URL:
http://spread.huasecpa.cn/download/sexPrivme.html?channel=hm00018&channelCode=hm00018
Submission Tags: falconsandbox
Submission: On June 08 via api (June 8th 2021, 9:12:46 am UTC) from US

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 4 countries across 5 domains to perform 16 HTTP transactions. The main IP is 8.136.235.248, located in Singapore and belongs to CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN. The main domain is spread.huasecpa.cn.

This is the only time spread.huasecpa.cn was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	47.251.14.189 47.251.14.189	45102 (CNNIC-ALI...) (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co.)
1	120.52.95.243 120.52.95.243	133119 (UNICOM-CN...) (UNICOM-CN China Unicom IP network)
1	183.131.207.66 183.131.207.66	136190 (CHINATELE...) (CHINATELECOM-ZHEJIANG-JINHUA-IDC JINHUA)
6	8.136.235.248 8.136.235.248	37963 (CNNIC-ALI...) (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.)
2	47.246.43.227 47.246.43.227	24429 (TAOBAO Zh...) (TAOBAO Zhejiang Taobao Network Co.)
5	163.171.128.129 163.171.128.129	54994 (QUANTILNE...) (QUANTILNETWORKS)
16	6

1 47.251.14.189 (Santa Clara, United States)

ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN)

63cat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 120.52.95.243 (China)

ASN133119 (UNICOM-CN China Unicom IP network, CN)

js.users.51.la	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 183.131.207.66 (China)

ASN136190 (CHINATELECOM-ZHEJIANG-JINHUA-IDC JINHUA, ZHEJIANG Province, P.R.China., CN)

ia.51.la	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 8.136.235.248 (Singapore)

ASN37963 (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN)

spread.huasecpa.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 47.246.43.227 (Frankfurt am Main, Germany)

ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN)

web.cdn.openinstall.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
web.openinstall.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 163.171.128.129 (Germany)

ASN54994 (QUANTILNETWORKS, US)

wangsu.huataclub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	huasecpa.cn spread.huasecpa.cn	73 KB
5	huataclub.com wangsu.huataclub.com	603 KB
2	openinstall.io web.cdn.openinstall.io web.openinstall.io	18 KB
2	51.la js.users.51.la ia.51.la	6 KB
1	63cat.com 63cat.com	764 B
16	5

	Domain	Requested by
6	spread.huasecpa.cn	63cat.com spread.huasecpa.cn
5	wangsu.huataclub.com	spread.huasecpa.cn
1	web.openinstall.io	web.cdn.openinstall.io
1	web.cdn.openinstall.io	spread.huasecpa.cn
1	ia.51.la	63cat.com
1	js.users.51.la	63cat.com
1	63cat.com
16	7

This site contains no links.

Subject Issuer	Validity	Valid
*.cdn.openinstall.io RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2020-09-28` - `2021-09-29`	a year	crt.sh
*.openinstall.io RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2020-08-25` - `2021-08-26`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://spread.huasecpa.cn/download/sexPrivme.html?channel=hm00018&channelCode=hm00018
Frame ID: E0D5420F1F9CB9F7F164BF93CCB6F8BE
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://63cat.com/ Page URL
http://spread.huasecpa.cn/download/sexPrivme.html?channel=hm00018&channelCode=hm00018 Page URL

Detected technologies

Windows Server (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

IIS (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

16
Requests

13 %
HTTPS

0 %
IPv6

5
Domains

7
Subdomains

6
IPs

4
Countries

701 kB
Transfer

867 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://63cat.com/ Page URL
http://spread.huasecpa.cn/download/sexPrivme.html?channel=hm00018&channelCode=hm00018 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response 63cat.com/	540 B 764 B	594ms 303ms	Document text/html	47.251.14.189 CNNIC-ALIBABA-US-...
General Check archive.org Show headers Download Go to Full URL http://63cat.com/ Protocol HTTP/1.1 Server 47.251.14.189 Santa Clara, United States, ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN), Reverse DNS Software Microsoft-IIS/7.5 / Resource Hash `e4048034b33dd3eb151b02d60e7e857f6e37a681e508d6130f5745c32d24c58b` Request headers Host 63cat.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type text/html Last-Modified Tue, 08 Jun 2021 08:23:09 GMT Accept-Ranges bytes ETag "9fedb5833f5cd71:0" Server Microsoft-IIS/7.5 Date Tue, 08 Jun 2021 09:12:27 GMT Content-Length 540
GET H/1.1	200 OK	21138929.js Show response js.users.51.la/	5 KB 6 KB	661ms 639ms	Script application/javascript	120.52.95.243 UNICOM-CN China U...
General Check archive.org Show headers Download Go to Full URL http://js.users.51.la/21138929.js Requested by Host: 63cat.com URL: http://63cat.com/ Protocol HTTP/1.1 Server 120.52.95.243 , China, ASN133119 (UNICOM-CN China Unicom IP network, CN), Reverse DNS Software openresty / Resource Hash `b9687c1c75f1dd0a82e6fc714e913c4a42e19c9874ce75a8e7ab6f133d42fa27` Request headers Referer http://63cat.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers nginx-hit 1 Date Tue, 08 Jun 2021 09:12:27 GMT via CHN-HElangfang-AREACUCC1-CACHE22[2],CHN-HElangfang-AREACUCC1-CACHE42[0,TCP_HIT,1],CHN-SH-GLOBAL1-CACHE57[4],CHN-SH-GLOBAL1-CACHE136[0,TCP_HIT,2] X-CCDN-CacheTTL 86400 Age 265436 Content-Disposition inline;filename=f.txt Connection keep-alive request-id 00000179D2AC6FB89419A92393FD5E54 x-reserved amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc Content-Length 4898 id-2 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSXuUHeu8zk7GWAAv0AxRiZvdEYPp53Q Last-Modified Fri Jun 04 00:19:45 CST 2021 Server openresty ETag "effa19c72727156ee3358656f6734c33" Content-Type application/javascript;charset=UTF-8 version-id G0011179D2AC6C55FFFF90471C04BC5C Accept-Ranges bytes x-hcs-proxy-type 1
GET H/1.1	200	go1 ia.51.la/	0 215 B	520ms 499ms	Image text/plain	183.131.207.66 CHINATELECOM-ZHEJ...
General Check archive.org Show headers Download Go to Show image Full URL http://ia.51.la/go1?id=21138929&rt=1623143548122&rl=16001200&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1623143548122&tt=&kw=&cu=http%253A%252F%252F63cat.com%252F&pu= Requested by* Host: 63cat.com URL: http://63cat.com/ Protocol HTTP/1.1 Server 183.131.207.66 , China, ASN136190 (CHINATELECOM-ZHEJIANG-JINHUA-IDC JINHUA, ZHEJIANG Province, P.R.China., CN), Reverse DNS Software CloudWAF / Resource Hash Request headers Referer http://63cat.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 08 Jun 2021 09:12:28 GMT Server CloudWAF Connection keep-alive Content-Length 0
GET H/1.1	200 OK	Primary Request sexPrivme.html Show response spread.huasecpa.cn/download/	4 KB 2 KB	704ms 409ms	Document text/html	8.136.235.248 CNNIC-ALIBABA-CN-...
General Check archive.org Show headers Download Go to Full URL http://spread.huasecpa.cn/download/sexPrivme.html?channel=hm00018&channelCode=hm00018 Requested by Host: 63cat.com URL: http://63cat.com/ Protocol HTTP/1.1 Server 8.136.235.248 , Singapore, ASN37963 (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN), Reverse DNS Software nginx / Resource Hash `5c8f7f5d13f6f7e9343d5694d8ad397bd7976e57fc5c46c02dd2e9e41d7bd833` Request headers Host spread.huasecpa.cn Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer http://63cat.com/ Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer http://63cat.com/ Response headers Server nginx Date Tue, 08 Jun 2021 09:12:29 GMT Content-Type text/html Last-Modified Thu, 27 May 2021 15:59:24 GMT Transfer-Encoding chunked Connection keep-alive Vary Accept-Encoding ETag W/"60afc1dc-10fb" Content-Encoding gzip
GET H/1.1	200 OK	jquery.js Show response spread.huasecpa.cn/download/	95 KB 37 KB	435ms 415ms	Script application/javascript	8.136.235.248 CNNIC-ALIBABA-CN-...
General Check archive.org Show headers Download Go to Full URL http://spread.huasecpa.cn/download/jquery.js Requested by Host: spread.huasecpa.cn URL: http://spread.huasecpa.cn/download/sexPrivme.html?channel=hm00018&channelCode=hm00018 Protocol HTTP/1.1 Server 8.136.235.248 , Singapore, ASN37963 (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN), Reverse DNS Software nginx / Resource Hash `deb52d300b2661984df3b49056357c03f53b29f5f8ba26f597316bf4c1ca4841` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host spread.huasecpa.cn Accept-Language en-US User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept / Referer http://spread.huasecpa.cn/download/sexPrivme.html?channel=hm00018&channelCode=hm00018 Connection keep-alive Cache-Control no-cache Referer http://spread.huasecpa.cn/download/sexPrivme.html?channel=hm00018&channelCode=hm00018 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 08 Jun 2021 09:12:29 GMT Content-Encoding gzip Last-Modified Wed, 28 Apr 2021 13:45:00 GMT Server nginx ETag W/"608966dc-17b98" Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=43200 Transfer-Encoding chunked Connection keep-alive Expires Tue, 08 Jun 2021 21:12:29 GMT
GET H/1.1	200 OK	lead.css spread.huasecpa.cn/download/	3 KB 1 KB	215ms 214ms	Stylesheet text/css	8.136.235.248 CNNIC-ALIBABA-CN-...
General Check archive.org Show headers Download Go to Full URL http://spread.huasecpa.cn/download/lead.css Requested by Host: spread.huasecpa.cn URL: http://spread.huasecpa.cn/download/sexPrivme.html?channel=hm00018&channelCode=hm00018 Protocol HTTP/1.1 Server 8.136.235.248 , Singapore, ASN37963 (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN), Reverse DNS Software nginx / Resource Hash `df215851a6eac73c9acb2b61b7112ab51479fb54c34a8b3356ae6a918ee823f4` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host spread.huasecpa.cn Accept-Language en-US User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/css,/;q=0.1 Referer http://spread.huasecpa.cn/download/sexPrivme.html?channel=hm00018&channelCode=hm00018 Connection keep-alive Cache-Control no-cache Referer http://spread.huasecpa.cn/download/sexPrivme.html?channel=hm00018&channelCode=hm00018 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 08 Jun 2021 09:12:29 GMT Content-Encoding gzip Last-Modified Wed, 28 Apr 2021 13:45:00 GMT Server nginx ETag W/"608966dc-b97" Vary Accept-Encoding Content-Type text/css Cache-Control max-age=43200 Transfer-Encoding chunked Connection keep-alive Expires Tue, 08 Jun 2021 21:12:29 GMT
GET H/1.1	200 OK	swiper.min.css spread.huasecpa.cn/download/	17 KB 4 KB	451ms 432ms	Stylesheet text/css	8.136.235.248 CNNIC-ALIBABA-CN-...
General Check archive.org Show headers Download Go to Full URL http://spread.huasecpa.cn/download/swiper.min.css Requested by Host: spread.huasecpa.cn URL: http://spread.huasecpa.cn/download/sexPrivme.html?channel=hm00018&channelCode=hm00018 Protocol HTTP/1.1 Server 8.136.235.248 , Singapore, ASN37963 (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN), Reverse DNS Software nginx / Resource Hash `aa6093ae92ef933fc67b115b3f5e22f69f2fca61db60e1101197e5bc429a5c75` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host spread.huasecpa.cn Accept-Language en-US User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/css,/;q=0.1 Referer http://spread.huasecpa.cn/download/sexPrivme.html?channel=hm00018&channelCode=hm00018 Connection keep-alive Cache-Control no-cache Referer http://spread.huasecpa.cn/download/sexPrivme.html?channel=hm00018&channelCode=hm00018 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 08 Jun 2021 09:12:29 GMT Content-Encoding gzip Last-Modified Wed, 28 Apr 2021 13:45:00 GMT Server nginx ETag W/"608966dc-4561" Vary Accept-Encoding Content-Type text/css Cache-Control max-age=43200 Transfer-Encoding chunked Connection keep-alive Expires Tue, 08 Jun 2021 21:12:29 GMT
GET H/1.1	200 OK	swiper.min.js Show response spread.huasecpa.cn/download/	95 KB 27 KB	449ms 429ms	Script application/javascript	8.136.235.248 CNNIC-ALIBABA-CN-...
General Check archive.org Show headers Download Go to Full URL http://spread.huasecpa.cn/download/swiper.min.js Requested by Host: spread.huasecpa.cn URL: http://spread.huasecpa.cn/download/sexPrivme.html?channel=hm00018&channelCode=hm00018 Protocol HTTP/1.1 Server 8.136.235.248 , Singapore, ASN37963 (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN), Reverse DNS Software nginx / Resource Hash `ede2c7dbc293f13a2c5d75df9d042e64ce50c09f4fec99cad573efc442d27b18` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host spread.huasecpa.cn Accept-Language en-US User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept / Referer http://spread.huasecpa.cn/download/sexPrivme.html?channel=hm00018&channelCode=hm00018 Connection keep-alive Cache-Control no-cache Referer http://spread.huasecpa.cn/download/sexPrivme.html?channel=hm00018&channelCode=hm00018 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 08 Jun 2021 09:12:29 GMT Content-Encoding gzip Last-Modified Wed, 28 Apr 2021 13:45:00 GMT Server nginx ETag W/"608966dc-17a37" Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=43200 Transfer-Encoding chunked Connection keep-alive Expires Tue, 08 Jun 2021 21:12:29 GMT
GET H/1.1	200 OK	invite.js Show response spread.huasecpa.cn/download/	3 KB 1 KB	428ms 409ms	Script application/javascript	8.136.235.248 CNNIC-ALIBABA-CN-...
General Check archive.org Show headers Download Go to Full URL http://spread.huasecpa.cn/download/invite.js Requested by Host: spread.huasecpa.cn URL: http://spread.huasecpa.cn/download/sexPrivme.html?channel=hm00018&channelCode=hm00018 Protocol HTTP/1.1 Server 8.136.235.248 , Singapore, ASN37963 (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN), Reverse DNS Software nginx / Resource Hash `de6c760f602a8cedf35e3871478d82104b9fafe7dbe7d9a36f4a02c63b7613cd` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host spread.huasecpa.cn Accept-Language en-US User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept / Referer http://spread.huasecpa.cn/download/sexPrivme.html?channel=hm00018&channelCode=hm00018 Connection keep-alive Cache-Control no-cache Referer http://spread.huasecpa.cn/download/sexPrivme.html?channel=hm00018&channelCode=hm00018 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 08 Jun 2021 09:12:29 GMT Content-Encoding gzip Last-Modified Wed, 19 May 2021 05:00:46 GMT Server nginx ETag W/"60a49b7e-b5b" Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=43200 Transfer-Encoding chunked Connection keep-alive Expires Tue, 08 Jun 2021 21:12:29 GMT
GET H2	200	openinstall.js Show response web.cdn.openinstall.io/	44 KB 17 KB	1600ms 35ms	Script application/javascript	47.246.43.227 TAOBAO Zhejiang T...
General Check archive.org Show headers Download Go to Full URL https://web.cdn.openinstall.io/openinstall.js Requested by Host: spread.huasecpa.cn URL: http://spread.huasecpa.cn/download/sexPrivme.html?channel=hm00018&channelCode=hm00018 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 47.246.43.227 Frankfurt am Main, Germany, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN), Reverse DNS Software Tengine / Resource Hash `d88a0dc28d421f512811d7cdfb6de79fb8a6b05dae0d7199e78806a4cc5f3bbd` Request headers Referer http://spread.huasecpa.cn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-qiniu-zone 0 x-log X-Log date Mon, 07 Jun 2021 06:19:06 GMT content-encoding gzip vary Accept-Encoding x-svr IO content-md5 BevQ0zezZlOeEA2g7bBn3g== age 96804 x-cache HIT TCP_MEM_HIT dirn:5:1282873412 content-transfer-encoding binary x-swift-cachetime 31535393 content-disposition inline; filename="openinstall.js"; filename=utf-8''openinstall.js x-swift-savetime* Mon, 07 Jun 2021 06:29:13 GMT content-length 16373 x-m-reqid ISkAAMc-EbZqOIYW x-m-log QNM:xs466;QNM3 last-modified Mon, 07 Jun 2021 04:00:38 GMT server Tengine etag "Fmg0KkKuS1g_29U79SiifWdmINIe.gz" access-control-max-age 2592000 ali-swift-global-savetime 1623046746 content-type application/javascript via cache15.l2ot7[0,0,200-0,H], cache28.l2ot7[0,0], cache13.de2[0,0,200-0,H], cache4.de2[6,0] access-control-expose-headers X-Log, X-Reqid cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * access-control-allow-origin * x-qnm-cache Hit eagleid 2ff62b9816231435509097347e x-reqid ISkAACfIEbZqOIYW, ISkAAEgXqadoOIYW
GET H/1.1	200 OK	en_log.png wangsu.huataclub.com/download/	17 KB 17 KB	363ms 41ms	Image image/png	163.171.128.129 QUANTILNETWORKS
General Check archive.org Show headers Download Go to Show image Full URL http://wangsu.huataclub.com/download/en_log.png Requested by Host: spread.huasecpa.cn URL: http://spread.huasecpa.cn/download/sexPrivme.html?channel=hm00018&channelCode=hm00018 Protocol HTTP/1.1 Server 163.171.128.129 , Germany, ASN54994 (QUANTILNETWORKS, US), Reverse DNS Software WS-web-server / Resource Hash `8194a455dccd8fb9f5b1be69ac4d1f6449c71cae82e56a5a76786c0af213ec52` Request headers Referer http://spread.huasecpa.cn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 08 Jun 2021 09:12:30 GMT Last-Modified Thu, 27 May 2021 10:49:04 GMT Server WS-web-server Age 59653 ETag "FnhKE1UefsjuVMCiNAgjZa02gtwq" X-Ws-Request-Id 60bf347e_PSdgflkfFRA1ye8_19679-63114 Content-Type image/png;charset=UTF-8 Connection keep-alive Accept-Ranges bytes Content-Length 16902 X-Via 1.1 PSrbdbOSA2py110:2 (Cdn Cache Server V2.0)[0 200 0], 1.1 PSygldLON4gd24:0 (Cdn Cache Server V2.0)[0 200 0], 1.1 PSdgflkfFRA1ye83:0 (Cdn Cache Server V2.0)[0 200 0]
GET H/1.1	200 OK	en_0.png wangsu.huataclub.com/download/	262 KB 263 KB	31ms 31ms	Image image/png	163.171.128.129 QUANTILNETWORKS
General Check archive.org Show headers Download Go to Show image Full URL http://wangsu.huataclub.com/download/en_0.png Requested by Host: spread.huasecpa.cn URL: http://spread.huasecpa.cn/download/sexPrivme.html?channel=hm00018&channelCode=hm00018 Protocol HTTP/1.1 Server 163.171.128.129 , Germany, ASN54994 (QUANTILNETWORKS, US), Reverse DNS Software WS-web-server / Resource Hash `555c27a3113359f113f981d507e511812170cd43e7003bfcf189c2805c4f9f51` Request headers Referer http://spread.huasecpa.cn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 08 Jun 2021 09:12:30 GMT Last-Modified Thu, 27 May 2021 14:50:30 GMT Server WS-web-server Age 59653 ETag "FnvDrzxARLuVrv9zqHTh-p3LCZzd" X-Ws-Request-Id 60bf347e_PSdgflkfFRA1ye8_19679-63116 Content-Type image/png;charset=UTF-8 Connection keep-alive Accept-Ranges bytes Content-Length 268286 X-Via 1.1 PSrbdbOSA2ps111:3 (Cdn Cache Server V2.0)[0 200 0], 1.1 PSygldLON4uo25:6 (Cdn Cache Server V2.0)[487 200 2], 1.1 PSdgflkfFRA1ye83:6 (Cdn Cache Server V2.0)[0 200 0]
GET H/1.1	200 OK	en_1.png wangsu.huataclub.com/download/	307 KB 307 KB	30ms 30ms	Image image/png	163.171.128.129 QUANTILNETWORKS
General Check archive.org Show headers Download Go to Show image Full URL http://wangsu.huataclub.com/download/en_1.png Requested by Host: spread.huasecpa.cn URL: http://spread.huasecpa.cn/download/sexPrivme.html?channel=hm00018&channelCode=hm00018 Protocol HTTP/1.1 Server 163.171.128.129 , Germany, ASN54994 (QUANTILNETWORKS, US), Reverse DNS Software WS-web-server / Resource Hash `2de3b9991a48afc530e4e31f3663782831048f7724f5d0a37b4f8ee6875ea1c0` Request headers Referer http://spread.huasecpa.cn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 08 Jun 2021 09:12:30 GMT Last-Modified Tue, 25 May 2021 08:44:19 GMT Server WS-web-server Age 59278 ETag "FiGEhlpnlL8op6niS6fzh7j5pXPQ" X-Ws-Request-Id 60bf347e_PSdgflkfFRA1ye8_19679-63120 Content-Type image/png;charset=UTF-8 Connection keep-alive Accept-Ranges bytes Content-Length 314050 X-Via 1.1 PSrbdbOSA2hv116:1 (Cdn Cache Server V2.0)[183 200 0], 1.1 PSygldLON4fk23:6 (Cdn Cache Server V2.0)[20 200 0], 1.1 PSdgflkfFRA1ye83:3 (Cdn Cache Server V2.0)[0 200 0]
GET H/1.1	200 OK	ios-button.png wangsu.huataclub.com/download/	8 KB 9 KB	30ms 30ms	Image image/png	163.171.128.129 QUANTILNETWORKS
General Check archive.org Show headers Download Go to Show image Full URL http://wangsu.huataclub.com/download/ios-button.png Requested by Host: spread.huasecpa.cn URL: http://spread.huasecpa.cn/download/sexPrivme.html?channel=hm00018&channelCode=hm00018 Protocol HTTP/1.1 Server 163.171.128.129 , Germany, ASN54994 (QUANTILNETWORKS, US), Reverse DNS Software WS-web-server / Resource Hash `af45cd7022c685d9c27a250400d12cfeea497681e4a2e9edab4df6583172d786` Request headers Referer http://spread.huasecpa.cn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 08 Jun 2021 09:12:30 GMT Last-Modified Thu, 27 May 2021 11:06:32 GMT Server WS-web-server Age 66654 ETag "FquaTQIkA2g8Off7eNoXvzvSZs7x" X-Ws-Request-Id 60bf347e_PSdgflkfFRA1ye8_19679-63124 Content-Type image/png;charset=UTF-8 Connection keep-alive Accept-Ranges bytes Content-Length 8336 X-Via 1.1 PSrbdbOSA2py110:4 (Cdn Cache Server V2.0)[0 200 0], 1.1 PSygldLON4pk26:0 (Cdn Cache Server V2.0)[0 200 0], 1.1 PSdgflkfFRA1ye83:3 (Cdn Cache Server V2.0)[0 200 0]
GET H/1.1	200 OK	android-button.png wangsu.huataclub.com/download/	8 KB 8 KB	31ms 31ms	Image image/png	163.171.128.129 QUANTILNETWORKS
General Check archive.org Show headers Download Go to Show image Full URL http://wangsu.huataclub.com/download/android-button.png Requested by Host: spread.huasecpa.cn URL: http://spread.huasecpa.cn/download/sexPrivme.html?channel=hm00018&channelCode=hm00018 Protocol HTTP/1.1 Server 163.171.128.129 , Germany, ASN54994 (QUANTILNETWORKS, US), Reverse DNS Software WS-web-server / Resource Hash `c82f3e1db55465701f228bec824ddbc2dde326879f520152b4b31f3bfd3c7732` Request headers Referer http://spread.huasecpa.cn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 08 Jun 2021 09:12:30 GMT Last-Modified Thu, 27 May 2021 11:06:32 GMT Server WS-web-server Age 66654 ETag "FiRbovjyZ2hFzmJ44ORtc3dgpWMw" X-Ws-Request-Id 60bf347e_PSdgflkfFRA1ye8_19679-63125 Content-Type image/png;charset=UTF-8 Connection keep-alive Accept-Ranges bytes Content-Length 7828 X-Via 1.1 PS-KIX-01O6w190:7 (Cdn Cache Server V2.0)[0 200 0], 1.1 PSygldLON4hz30:2 (Cdn Cache Server V2.0)[0 200 0], 1.1 PSdgflkfFRA1ye83:4 (Cdn Cache Server V2.0)[0 200 0]
POST H2	200	init Show response web.openinstall.io/web/t0nz11/hm00018/	505 B 903 B	597ms 187ms	XHR application/json	47.246.43.227 TAOBAO Zhejiang T...
General Check archive.org Show headers Download Go to Full URL https://web.openinstall.io/web/t0nz11/hm00018/init?channelCode=hm00018&av=0&cv=0&hash=&sw=p6Cmpg&sh=p6Smpg&sp=1 Requested by Host: web.cdn.openinstall.io URL: https://web.cdn.openinstall.io/openinstall.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 47.246.43.227 Frankfurt am Main, Germany, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN), Reverse DNS Software Tengine / Resource Hash `6ce28c7b54d331c559757fe28102bb4ea3b301b4fb5bcedd96100d2ad9f85f6a` Request headers Referer http://spread.huasecpa.cn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Tue, 08 Jun 2021 09:12:31 GMT via cache16.l2cm12-6[4,0], cache11.de2[153,0] server Tengine vary Origin content-type application/json;charset=utf-8 access-control-allow-origin http://spread.huasecpa.cn access-control-allow-credentials true timing-allow-origin * content-length 505 eagleid 2ff62b9f16231435516861245e

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

63cat.com
ia.51.la
js.users.51.la
spread.huasecpa.cn
wangsu.huataclub.com
web.cdn.openinstall.io
web.openinstall.io
120.52.95.243
163.171.128.129
183.131.207.66
47.246.43.227
47.251.14.189
8.136.235.248
2de3b9991a48afc530e4e31f3663782831048f7724f5d0a37b4f8ee6875ea1c0
555c27a3113359f113f981d507e511812170cd43e7003bfcf189c2805c4f9f51
5c8f7f5d13f6f7e9343d5694d8ad397bd7976e57fc5c46c02dd2e9e41d7bd833
6ce28c7b54d331c559757fe28102bb4ea3b301b4fb5bcedd96100d2ad9f85f6a
8194a455dccd8fb9f5b1be69ac4d1f6449c71cae82e56a5a76786c0af213ec52
aa6093ae92ef933fc67b115b3f5e22f69f2fca61db60e1101197e5bc429a5c75
af45cd7022c685d9c27a250400d12cfeea497681e4a2e9edab4df6583172d786
b9687c1c75f1dd0a82e6fc714e913c4a42e19c9874ce75a8e7ab6f133d42fa27
c82f3e1db55465701f228bec824ddbc2dde326879f520152b4b31f3bfd3c7732
d88a0dc28d421f512811d7cdfb6de79fb8a6b05dae0d7199e78806a4cc5f3bbd
de6c760f602a8cedf35e3871478d82104b9fafe7dbe7d9a36f4a02c63b7613cd
deb52d300b2661984df3b49056357c03f53b29f5f8ba26f597316bf4c1ca4841
df215851a6eac73c9acb2b61b7112ab51479fb54c34a8b3356ae6a918ee823f4
e4048034b33dd3eb151b02d60e7e857f6e37a681e508d6130f5745c32d24c58b
ede2c7dbc293f13a2c5d75df9d042e64ce50c09f4fec99cad573efc442d27b18

spread.huasecpa.cn Open in urlscan Pro 8.136.235.248 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

13 %HTTPS

0 %IPv6

5 Domains

7 Subdomains

6 IPs

4 Countries

701 kBTransfer

867 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

0 Cookies

Indicators

spread.huasecpa.cn Open in urlscan Pro
8.136.235.248 Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

13 %
HTTPS

0 %
IPv6

5
Domains

7
Subdomains

6
IPs

4
Countries

701 kB
Transfer

867 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions