URL: https://xs.2042d.xyz/
Submission: On May 07 via api from US — Scanned from DE

Summary

This website contacted 9 IPs in 5 countries across 7 domains to perform 15 HTTP transactions. The main IP is 172.247.238.13, located in United States and belongs to CNSERVERS, US. The main domain is xs.2042d.xyz.
TLS certificate: Issued by R3 on May 7th 2024. Valid for: 3 months.
This is the only time xs.2042d.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 172.247.238.13 40065 (CNSERVERS)
1 2409:8c20:8ab... 56046 (CMNET-JIA...)
1 59.110.117.70 37963 (ALIBABA-C...)
6 59.110.117.121 37963 (ALIBABA-C...)
1 163.181.92.237 24429 (TAOBAO Zh...)
2 14.215.182.140 4134 (CHINANET-...)
2 119.13.80.235 136907 (HWCLOUDS-...)
1 2404:2280:196... 24429 (TAOBAO Zh...)
15 9
Apex Domain
Subdomains
Transfer
7 aliyuncs.com
qz168.oss-cn-beijing.aliyuncs.com
qz929.oss-cn-beijing.aliyuncs.com
16 KB
2 7qo2met.com
76355mg.7qo2met.com
76354mg.7qo2met.com
21 KB
2 baidu.com
hm.baidu.com — Cisco Umbrella Rank: 10507
12 KB
1 bytegoofy.com
lf1-cdn-tos.bytegoofy.com — Cisco Umbrella Rank: 43178
5 KB
1 biliimg.com
article.biliimg.com
198 KB
1 bytecdntp.com
lf6-cdn-tos.bytecdntp.com — Cisco Umbrella Rank: 244027
30 KB
1 2042d.xyz
xs.2042d.xyz
5 KB
15 7
Domain Requested by
6 qz929.oss-cn-beijing.aliyuncs.com xs.2042d.xyz
qz168.oss-cn-beijing.aliyuncs.com
2 hm.baidu.com qz929.oss-cn-beijing.aliyuncs.com
xs.2042d.xyz
1 lf1-cdn-tos.bytegoofy.com
1 76354mg.7qo2met.com xs.2042d.xyz
1 76355mg.7qo2met.com xs.2042d.xyz
1 article.biliimg.com xs.2042d.xyz
1 qz168.oss-cn-beijing.aliyuncs.com xs.2042d.xyz
1 lf6-cdn-tos.bytecdntp.com xs.2042d.xyz
1 xs.2042d.xyz
15 9

This site contains links to these domains. Also see Links.

Domain
122.114.186.4
xxssdongman.com
23669484.vip
Subject Issuer Validity Valid
xs.2042d.xyz
R3
2024-05-07 -
2024-08-05
3 months crt.sh
*.bytecdntp.com
RapidSSL TLS RSA CA G1
2023-06-30 -
2024-06-28
a year crt.sh
cn-beijing.oss.aliyuncs.com
GlobalSign Organization Validation CA - SHA256 - G3
2024-02-18 -
2024-10-15
8 months crt.sh
*.biliimg.com
GlobalSign GCC R3 DV TLS CA 2020
2023-08-04 -
2024-09-04
a year crt.sh
baidu.com
GlobalSign RSA OV SSL CA 2018
2023-07-06 -
2024-08-06
a year crt.sh
7qo2met.com
CerSign DV SSL CA
2024-04-14 -
2024-07-13
3 months crt.sh
*.bytegoofy.com
RapidSSL Global TLS RSA4096 SHA256 2022 CA1
2023-06-30 -
2024-07-30
a year crt.sh

This page contains 1 frames:

Primary Page: https://xs.2042d.xyz/
Frame ID: EC7009C30AC7BEDAD98D9C98901EE5B2
Requests: 16 HTTP requests in this frame

Screenshot

Page Title

橘子小说

Detected technologies

Overall confidence: 100%
Detected patterns
  • hm\.baidu\.com/hm\.js

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

100 %
HTTPS

25 %
IPv6

7
Domains

9
Subdomains

9
IPs

5
Countries

286 kB
Transfer

384 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
xs.2042d.xyz/
15 KB
5 KB
Document
General
Full URL
https://xs.2042d.xyz/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
172.247.238.13 , United States, ASN40065 (CNSERVERS, US),
Reverse DNS
Software
tydcdn / ThinkPHP
Resource Hash
1b97f0bd1e95492fbd37a10bbe41fdde8404a30fe2ec5e295ac88576bf3a0319

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-control
private
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Tue, 07 May 2024 11:43:30 GMT
Server
tydcdn
Transfer-Encoding
chunked
Upgrade
h2
Vary
Accept-Encoding Accept-Encoding
X-Cache-Status
HIT
X-Powered-By
ThinkPHP
jquery.min.js
lf6-cdn-tos.bytecdntp.com/cdn/expire-1-y/jquery/2.1.4/
82 KB
30 KB
Script
General
Full URL
https://lf6-cdn-tos.bytecdntp.com/cdn/expire-1-y/jquery/2.1.4/jquery.min.js
Requested by
Host: xs.2042d.xyz
URL: https://xs.2042d.xyz/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2409:8c20:8ab1:22:1::f4 , China, ASN56046 (CMNET-JIANGSU-AP China Mobile communications corporation, CN),
Reverse DNS
Software
TLB /
Resource Hash
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://xs.2042d.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 25 Mar 2024 09:22:53 GMT
content-encoding
gzip
x-tt-trace-tag
id=06;cdn-cache=hit;type=static
x-tt-trace-id
00-2403251722539546BBEDF7747A0E4424-4E18B6325EF95A8E-00
age
3723640
x-link-via
yanccm31:443;hzmp63:443;
x-cache-status
HIT from KS-CLOUD-HZ-MP-63-20, HIT from KS-CLOUD-YANC-CM-31-05
server-timing
inner; dur=8
content-length
29593
last-modified
Wed, 26 Jan 2022 04:19:43 GMT
server
TLB
x-tt-logid
202403251722539546BBEDF7747A0E4424
etag
W/"61f0cbdf-1499c"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
x-tt-trace-host
01e04126959f8e82e7e956e3965118f29f250134704eb1d05505623ac54a3a1e9e5c37b5d7b68c7115c960dac4d4f6a538dda9c881d7bbf5d2f5e86a164ee3bd7d38eb898e7216ff1c5b029a2c51045e8f8057159a03c48b37ba254915699d76ee08960894e465775b6edf322b5e4a78e3
x-response-cinfo
2a03:1b20:6:f011::5e
accept-ranges
bytes
x-response-cache
edge_hit
timing-allow-origin
*
x-cdn-request-id
bb83a84f2e60371a47701412f722408a
expires
Tue, 25 Mar 2025 09:22:53 GMT
h.js
qz168.oss-cn-beijing.aliyuncs.com/
2 KB
1 KB
Script
General
Full URL
https://qz168.oss-cn-beijing.aliyuncs.com/h.js
Requested by
Host: xs.2042d.xyz
URL: https://xs.2042d.xyz/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
59.110.117.70 Beijing, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash
7fb8e99e64f74b594df7eabb46456f7d1923edfc72af5844b36e6567327930aa

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://xs.2042d.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 07 May 2024 11:43:31 GMT
Content-Encoding
gzip
x-oss-request-id
663A13E39C5C28313888049A
Content-MD5
lcwfjl4zVMdCWC3Rb2Q5gg==
Transfer-Encoding
chunked
Content-Disposition
attachment
Connection
keep-alive
x-oss-object-type
Normal
Last-Modified
Sun, 07 Apr 2024 00:02:33 GMT
Server
AliyunOSS
Vary
Accept-Encoding
Content-Type
application/javascript
x-oss-ec
0048-00000113
x-oss-force-download
true
x-oss-storage-class
Standard
x-oss-hash-crc64ecma
7389797378269535924
x-oss-server-time
2
1.css
qz929.oss-cn-beijing.aliyuncs.com/xs/
12 KB
4 KB
Stylesheet
General
Full URL
https://qz929.oss-cn-beijing.aliyuncs.com/xs/1.css
Requested by
Host: xs.2042d.xyz
URL: https://xs.2042d.xyz/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
59.110.117.121 Beijing, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash
6040893f9491126668160ad30af8af0bf6eb9cbf93d0bd8f0be1cb9bf6cca171

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://xs.2042d.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 07 May 2024 11:43:33 GMT
Content-Encoding
gzip
x-oss-request-id
663A13E5224F96303305F93B
Content-MD5
8k7Sv38sc6vY/H9Z8d/cBQ==
Transfer-Encoding
chunked
Content-Disposition
attachment
Connection
keep-alive
x-oss-object-type
Normal
Last-Modified
Fri, 29 Sep 2023 06:36:06 GMT
Server
AliyunOSS
Vary
Accept-Encoding
Content-Type
text/css
x-oss-ec
0048-00000113
Cache-Control
max-age=43200
x-oss-force-download
true
x-oss-storage-class
Standard
x-oss-hash-crc64ecma
10458001101069767635
x-oss-server-time
7
Expires
Fri, 29 Sep 2023 18:36:06 GMT
pfnav.js
qz929.oss-cn-beijing.aliyuncs.com/xs/
498 B
1 KB
Script
General
Full URL
https://qz929.oss-cn-beijing.aliyuncs.com/xs/pfnav.js
Requested by
Host: qz168.oss-cn-beijing.aliyuncs.com
URL: https://qz168.oss-cn-beijing.aliyuncs.com/h.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
59.110.117.121 Beijing, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash
9baaf9e8cdcdc8c4e0edf684105983139e400a5e8ebc4d5f3b4427777e5c3ab4

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://xs.2042d.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 07 May 2024 11:43:33 GMT
x-oss-request-id
663A13E5224F96303359F93B
Content-MD5
oKez4Y3IsWBVk79JfxxXYg==
Content-Disposition
attachment
Connection
keep-alive
Content-Length
498
x-oss-object-type
Normal
Last-Modified
Sat, 07 Oct 2023 19:02:02 GMT
Server
AliyunOSS
ETag
"A0A7B3E18DC8B1605593BF497F1C5762"
Content-Type
application/javascript
x-oss-ec
0048-00000113
Cache-Control
max-age=43200
x-oss-force-download
true
x-oss-storage-class
Standard
Accept-Ranges
bytes
x-oss-hash-crc64ecma
1551179917737029436
x-oss-server-time
2
Expires
Sun, 08 Oct 2023 07:02:02 GMT
hf.js
qz929.oss-cn-beijing.aliyuncs.com/xs/
1 KB
1 KB
Script
General
Full URL
https://qz929.oss-cn-beijing.aliyuncs.com/xs/hf.js
Requested by
Host: qz168.oss-cn-beijing.aliyuncs.com
URL: https://qz168.oss-cn-beijing.aliyuncs.com/h.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
59.110.117.121 Beijing, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash
b3aedeee8e08d41c83a9e6ffb26b59e43b84accff05644cb1fd625d96d902071

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://xs.2042d.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 07 May 2024 11:43:34 GMT
Content-Encoding
gzip
x-oss-request-id
663A13E6224F963033B1F93B
Content-MD5
svzrC1FFpVvopPpKu3CtEQ==
Transfer-Encoding
chunked
Content-Disposition
attachment
Connection
keep-alive
x-oss-object-type
Normal
Last-Modified
Fri, 24 Nov 2023 16:22:37 GMT
Server
AliyunOSS
Vary
Accept-Encoding
Content-Type
application/javascript
x-oss-ec
0048-00000113
x-oss-force-download
true
x-oss-storage-class
Standard
x-oss-hash-crc64ecma
2678523829840183682
x-oss-server-time
2
mh.js
qz929.oss-cn-beijing.aliyuncs.com/
9 KB
4 KB
Script
General
Full URL
https://qz929.oss-cn-beijing.aliyuncs.com/mh.js
Requested by
Host: qz168.oss-cn-beijing.aliyuncs.com
URL: https://qz168.oss-cn-beijing.aliyuncs.com/h.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
59.110.117.121 Beijing, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash
86a34043007864ace38ca328f97e9c3026093fe02a85744c9e5f0c470f3183e1

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://xs.2042d.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 07 May 2024 11:43:34 GMT
Content-Encoding
gzip
x-oss-request-id
663A13E6224F9630330CFA3B
Content-MD5
RAaQ9qX6x7UKkSPc7ioyUg==
Transfer-Encoding
chunked
Content-Disposition
attachment
Connection
keep-alive
x-oss-object-type
Normal
Last-Modified
Tue, 07 May 2024 06:07:22 GMT
Server
AliyunOSS
Vary
Accept-Encoding
Content-Type
application/javascript
x-oss-ec
0048-00000113
x-oss-force-download
true
x-oss-storage-class
Standard
x-oss-hash-crc64ecma
5663368093232129867
x-oss-server-time
3
tg.js
qz929.oss-cn-beijing.aliyuncs.com/xs/
0
518 B
Script
General
Full URL
https://qz929.oss-cn-beijing.aliyuncs.com/xs/tg.js
Requested by
Host: qz168.oss-cn-beijing.aliyuncs.com
URL: https://qz168.oss-cn-beijing.aliyuncs.com/h.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
59.110.117.121 Beijing, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://xs.2042d.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 07 May 2024 11:43:34 GMT
x-oss-request-id
663A13E6224F9630336FFA3B
Content-MD5
1B2M2Y8AsgTpgAmY7PhCfg==
Content-Disposition
attachment
Connection
keep-alive
Content-Length
0
x-oss-object-type
Normal
Last-Modified
Tue, 09 Jan 2024 13:38:36 GMT
Server
AliyunOSS
ETag
"D41D8CD98F00B204E9800998ECF8427E"
Content-Type
application/javascript
x-oss-ec
0048-00000113
x-oss-force-download
true
x-oss-storage-class
Standard
Accept-Ranges
bytes
x-oss-hash-crc64ecma
0
54c59a704ec4337a226cfb39ebe3d603f543fdc6.gif
article.biliimg.com/bfs/article/
197 KB
198 KB
Image
General
Full URL
https://article.biliimg.com/bfs/article/54c59a704ec4337a226cfb39ebe3d603f543fdc6.gif
Requested by
Host: xs.2042d.xyz
URL: https://xs.2042d.xyz/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
163.181.92.237 Frankfurt am Main, Germany, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),
Reverse DNS
Software
Tengine /
Resource Hash
77b4a3185b5372725e4b75fda40c4a0fb07d6bc1b20bb77cc45573685c376326

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 11 Apr 2024 21:38:10 GMT
x-amz-version-id
v1.0.0
via
cache5.l2de2[0,0,200-0,H], cache15.l2de2[2,0], ens-cache2.de5[0,17,200-0,H], ens-cache1.de5[20,0]
content-md5
PK7mEo5Ghf3VROGLJ7m6ng==
x-amz-request-id
1712871490827291651
age
2210723
x-swift-cachetime
31226776
x-cache
HIT TCP_HIT dirn:8:183796777
x-hyper-traffic-cache-state
miss
cross-origin-resource-policy
cross-origin
x-swift-savetime
Mon, 15 Apr 2024 11:31:55 GMT
content-length
201938
code
200
last-modified
Wed, 13 Sep 2023 07:38:59 GMT
server
Tengine
x-bili-trace-id
59e6d11d0020ed113db3b1a70b661858
etag
3caee6128e4685fdd544e18b27b9ba9e
vary
Accept-Encoding,Origin,X1-Bilispy-Color
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
ali-swift-global-savetime
1712871491
access-control-expose-headers
Content-Length,X-Cache-Webcdn,Content-Type,Content-Length,Content-Md5,X-Bili-Trace-Id
cache-control
max-age=31536000
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
Origin,No-Cache,X-Requested-With,If-Modified-Since,Pragma,Last-Modified,Cache-Control,Expires,Content-Type,Access-Control-Allow-Credentials,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Cache-Webcdn,X-Bilibili-Key-Real-Ip,X-Upos-Auth,Range
eagleid
a3b55c9517150822146327758e
x-cache-webcdn
AL
expires
Sat, 12 Apr 2025 05:38:10 GMT
truncated
/
395 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
92171aae14141f60adc9ab3b5b6c3b04f6185c7a0a62a78098694cf8a98c0af9

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
foot.js
qz929.oss-cn-beijing.aliyuncs.com/xs/
11 KB
4 KB
Script
General
Full URL
https://qz929.oss-cn-beijing.aliyuncs.com/xs/foot.js
Requested by
Host: qz168.oss-cn-beijing.aliyuncs.com
URL: https://qz168.oss-cn-beijing.aliyuncs.com/h.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
59.110.117.121 Beijing, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash
5d74ed01c7ec6fd6e1a61a64c51ee3e0949d74f46216c6a9528ca60ad463d00b

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://xs.2042d.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 07 May 2024 11:43:34 GMT
Content-Encoding
gzip
x-oss-request-id
663A13E6224F963033CBFA3B
Content-MD5
EHI8a8YugDQMPqV1oqa1bw==
Transfer-Encoding
chunked
Content-Disposition
attachment
Connection
keep-alive
x-oss-object-type
Normal
Last-Modified
Fri, 03 May 2024 17:35:08 GMT
Server
AliyunOSS
Vary
Accept-Encoding
Content-Type
application/javascript
x-oss-ec
0048-00000113
x-oss-force-download
true
x-oss-storage-class
Standard
x-oss-hash-crc64ecma
14120263035676226896
x-oss-server-time
1
hm.js
hm.baidu.com/
29 KB
12 KB
Script
General
Full URL
https://hm.baidu.com/hm.js?dde230ce88227723d36a5d09f6825d68
Requested by
Host: qz929.oss-cn-beijing.aliyuncs.com
URL: https://qz929.oss-cn-beijing.aliyuncs.com/xs/foot.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
14.215.182.140 Guangzhou, China, ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN),
Reverse DNS
Software
apache /
Resource Hash
1e6d02e84e0351ae18f1955b29806aa177231aef2733ebc1f95e3fa6cd49c51a
Security Headers
Name Value
Strict-Transport-Security max-age=172800

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://xs.2042d.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 07 May 2024 11:43:35 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=172800
Server
apache
Etag
d6bda17dbbf81eecfa278da0f52bb506
P3p
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type
application/javascript
Cache-Control
max-age=0, must-revalidate
Content-Length
11256
6355
76355mg.7qo2met.com/sc/
10 KB
11 KB
Script
General
Full URL
https://76355mg.7qo2met.com:8003/sc/6355?n=ksqmqtzb
Requested by
Host: xs.2042d.xyz
URL: https://xs.2042d.xyz/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
119.13.80.235 Hong Kong, Hong Kong, ASN136907 (HWCLOUDS-AS-AP HUAWEI CLOUDS, HK),
Reverse DNS
ecs-119-13-80-235.compute.hwclouds-dns.com
Software
nginx/1.18.0 / PHP/5.6.31
Resource Hash
547d001111102da3ed6af68e993f253ee0a1105e3600603cc6682a15227c9f83

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://xs.2042d.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
max-age=1800
Date
Tue, 07 May 2024 11:43:35 GMT
Server
nginx/1.18.0
X-Powered-By
PHP/5.6.31
Transfer-Encoding
chunked
P3P
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Access-Control-Allow-Origin
*
Content-Type
text/javascript; charset=utf-8
Cache-Control
max-age=1800
Connection
keep-alive
6354
76354mg.7qo2met.com/sc/
10 KB
11 KB
Script
General
Full URL
https://76354mg.7qo2met.com:8003/sc/6354?n=vfkilfnj
Requested by
Host: xs.2042d.xyz
URL: https://xs.2042d.xyz/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
119.13.80.235 Hong Kong, Hong Kong, ASN136907 (HWCLOUDS-AS-AP HUAWEI CLOUDS, HK),
Reverse DNS
ecs-119-13-80-235.compute.hwclouds-dns.com
Software
nginx/1.18.0 / PHP/5.6.31
Resource Hash
d1cb4cc632294f6c0a2e95d38f8e8c4e1bc96a80e7d6e502075b189c0b5ccd40

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://xs.2042d.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
max-age=1800
Date
Tue, 07 May 2024 11:43:35 GMT
Server
nginx/1.18.0
X-Powered-By
PHP/5.6.31
Transfer-Encoding
chunked
P3P
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Access-Control-Allow-Origin
*
Content-Type
text/javascript; charset=utf-8
Cache-Control
max-age=1800
Connection
keep-alive
hm.gif
hm.baidu.com/
43 B
299 B
Image
General
Full URL
https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=de-de&lo=0&rnd=1400488129&si=dde230ce88227723d36a5d09f6825d68&v=1.3.0&lv=1&sn=31266&r=0&ww=1600&u=https%3A%2F%2Fxs.2042d.xyz%2F&tt=%E6%A9%98%E5%AD%90%E5%B0%8F%E8%AF%B4
Requested by
Host: xs.2042d.xyz
URL: https://xs.2042d.xyz/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
14.215.182.140 Guangzhou, China, ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN),
Reverse DNS
Software
apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=172800
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://xs.2042d.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Date
Tue, 07 May 2024 11:43:36 GMT
Strict-Transport-Security
max-age=172800
X-Content-Type-Options
nosniff
Server
apache
Content-Type
image/gif
Cache-Control
private, max-age=0, no-cache
Content-Length
43
favicon.ico
lf1-cdn-tos.bytegoofy.com/goofy/ies/douyin_web/public/
4 KB
5 KB
Other
General
Full URL
https://lf1-cdn-tos.bytegoofy.com/goofy/ies/douyin_web/public/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2404:2280:196:0:3::7f7 , Singapore, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),
Reverse DNS
Software
Tengine /
Resource Hash
e67348e3ab54fa207e1ce4be78e8399d1b73a794d819a17d8656ea2b17a1109d

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://xs.2042d.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 19 Mar 2024 09:50:02 GMT
via
cache26.l2de2[0,0,200-0,H], cache14.l2de2[1,0], ens-cache3.se2[0,0,200-0,H], ens-cache7.se2[1,0]
x-tt-trace-tag
id=03;cdn-cache=hit;type=static
content-md5
+DEduFnSXikmTiPbb+pWYw==
x-tt-trace-id
00-24031917500270AEF3447A2E00CB14EC-0B7724FA70ECFACA-00
age
4240414
x-swift-cachetime
27317200
x-cache
HIT TCP_MEM_HIT dirn:-2:-2
x-tos-storage-class
STANDARD
server-timing
cdn-cache;desc=HIT,edge;dur=1
x-swift-savetime
Tue, 07 May 2024 05:43:22 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4286
x-tos-request-id
bb28e9f95fca949765f95fca-a924adb
x-tos-response-time
Tue, 19 Mar 2024 09:50:02 GMT
last-modified
Mon, 04 Sep 2023 12:23:52 GMT
server
Tengine
x-tt-logid
2024031917500270AEF3447A2E00CB14EC
etag
"f8311db859d25e29264e23db6fea5663"
access-control-allow-methods
OPTIONS, HEAD, GET
content-type
image/vnd.microsoft.icon
access-control-allow-origin
*
ali-swift-global-savetime
1710841802
cache-control
max-age=31536000
x-server
goofy
x-tt-trace-host
01e63b80ef009a709722f75bbf4cf02b69c95fd319f550d818641029be56b91af14e58fbeb1a7611159d37809dc962e17cd0116fb34fb36cf6739f775bb032408191289c3dc62f8f861fd8c4bad0f85fd1700bf45fce297ebf8554e1770c610046
access-control-request-methods
OPTIONS, HEAD, GET
accept-ranges
bytes
x-response-cache
edge_hit
timing-allow-origin
*
eagleid
2ff62c9b17150822165615958e

Verdicts & Comments Add Verdict or Comment

145 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery string| H0ST function| qzload function| loadScript function| mhcb string| __html1 function| xs_hf number| _start string| copy_text string| copy_alert string| blink_text function| copyLink string| mh_full string| __HOST1 string| __HOST2 string| mb_host string| Link2 string| Link3 string| uuHOST string| uhsot1 string| BHOST string| ky1113 string| tyc12 object| bjhlink object| yjhost string| __HOST_yj number| seed boolean| _r string| my23204 string| __MH__ object| myhost2 object| myhost string| __HOST_my object| llcpa_arr number| _r3 string| Lk1 string| xs_zb string| AS_cpa string| Link1 string| HS_cpa string| QZ_cpa string| cpa9253 string| zu_cpa string| cpa9251 string| cpa1072 string| jk_cpa string| lz_cpa string| cpa9252 string| GG_cpa string| pt_cpa string| TK_cpa string| LL_cpa string| F2_cpa string| LL_cpa2 string| LL_cpa3 string| F2_pt string| QZ_cpa2 string| TK_cpa2 string| cpa1071 string| TZ_cpa string| TZ_cpa2 string| Link4 string| Link5 string| Link6 object| Link7 object| Link8 object| Link9 object| Link0 object| Link10 string| Link11 string| Link12 string| Link13 string| Link14 string| Link15 string| Link16 string| Link17 string| Link18 string| Link19 string| Link20 string| Link21 string| Link22 string| Link23 string| Link24 string| Link25 string| Link26 string| Link27 string| Link28 string| Link29 string| Link30 string| lk2 string| lk3 string| lk4 string| lk5 string| lk6 string| lk7 string| lk8 string| lk9 string| lk0 string| lk11 string| lk12 string| lk13 string| lk14 string| lk15 string| lk16 string| lk17 string| lk18 string| lk19 string| lks0 string| lks1 string| lks2 string| lks3 string| lks4 string| lks5 string| lks6 string| lks7 string| lks8 string| lks9 string| lks10 string| lks11 string| lks12 string| lks13 string| lks14 string| lks15 string| lks16 string| lks17 string| lks18 string| lks19 string| lks20 function| qzspk string| AI_PRE string| AI_PRE2 string| x object| _hmt function| insert_tj number| _ssec boolean| isRead number| vfkilfnj_is_ws object| 7laq04cqs number| vfkilfnj_is_kk number| ksqmqtzb_is_ws object| g35map3xmxb number| ksqmqtzb_is_kk boolean| _bdhm_loaded_dde230ce88227723d36a5d09f6825d68 object| mini_tangram_log_sjx85a

3 Cookies

Domain/Path Name / Value
.hm.baidu.com/ Name: HMACCOUNT_BFESS
Value: 9FCBCF3DD76DFD5F
.xs.2042d.xyz/ Name: Hm_lvt_dde230ce88227723d36a5d09f6825d68
Value: 1715082216
.xs.2042d.xyz/ Name: Hm_lpvt_dde230ce88227723d36a5d09f6825d68
Value: 1715082216

6 Console Messages

Source Level URL
Text
javascript warning URL: https://qz168.oss-cn-beijing.aliyuncs.com/h.js(Line 4)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://qz929.oss-cn-beijing.aliyuncs.com/xs/pfnav.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://qz168.oss-cn-beijing.aliyuncs.com/h.js(Line 4)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://qz929.oss-cn-beijing.aliyuncs.com/xs/hf.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://qz168.oss-cn-beijing.aliyuncs.com/h.js(Line 4)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://qz929.oss-cn-beijing.aliyuncs.com/xs/tg.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://qz168.oss-cn-beijing.aliyuncs.com/h.js(Line 4)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://qz929.oss-cn-beijing.aliyuncs.com/xs/foot.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
other warning URL: https://xs.2042d.xyz/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://xs.2042d.xyz/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

76354mg.7qo2met.com
76355mg.7qo2met.com
article.biliimg.com
hm.baidu.com
lf1-cdn-tos.bytegoofy.com
lf6-cdn-tos.bytecdntp.com
qz168.oss-cn-beijing.aliyuncs.com
qz929.oss-cn-beijing.aliyuncs.com
xs.2042d.xyz
119.13.80.235
14.215.182.140
163.181.92.237
172.247.238.13
2404:2280:196:0:3::7f7
2409:8c20:8ab1:22:1::f4
59.110.117.121
59.110.117.70
1b97f0bd1e95492fbd37a10bbe41fdde8404a30fe2ec5e295ac88576bf3a0319
1e6d02e84e0351ae18f1955b29806aa177231aef2733ebc1f95e3fa6cd49c51a
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
547d001111102da3ed6af68e993f253ee0a1105e3600603cc6682a15227c9f83
5d74ed01c7ec6fd6e1a61a64c51ee3e0949d74f46216c6a9528ca60ad463d00b
6040893f9491126668160ad30af8af0bf6eb9cbf93d0bd8f0be1cb9bf6cca171
77b4a3185b5372725e4b75fda40c4a0fb07d6bc1b20bb77cc45573685c376326
7fb8e99e64f74b594df7eabb46456f7d1923edfc72af5844b36e6567327930aa
86a34043007864ace38ca328f97e9c3026093fe02a85744c9e5f0c470f3183e1
92171aae14141f60adc9ab3b5b6c3b04f6185c7a0a62a78098694cf8a98c0af9
9baaf9e8cdcdc8c4e0edf684105983139e400a5e8ebc4d5f3b4427777e5c3ab4
b3aedeee8e08d41c83a9e6ffb26b59e43b84accff05644cb1fd625d96d902071
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d1cb4cc632294f6c0a2e95d38f8e8c4e1bc96a80e7d6e502075b189c0b5ccd40
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e67348e3ab54fa207e1ce4be78e8399d1b73a794d819a17d8656ea2b17a1109d