Help
RSS
API
Feed
Maltego
Contact
Domain > gkgnsf5b.cc
×
More information on this domain is in
AlienVault OTX
Is this malicious?
Yes
No
DNS Resolutions
Date
IP Address
2025-09-16
103.204.13.177
(
ClassC
)
2025-10-12
103.40.113.178
(
ClassC
)
Port 80
HTTP/1.1 301 Moved PermanentlyDate: Sun, 12 Oct 2025 23:45:34 GMTContent-Type: text/htmlContent-Length: 166Connection: keep-aliveLocation: https://gkgnsf5b.cc/Server: nginx html>head>title>301 Moved Permanently/title>/head>body>center>h1>301 Moved Permanently/h1>/center>hr>center>openresty/center>/body>/html>
Port 443
HTTP/1.1 200 OKDate: Sun, 12 Oct 2025 23:45:35 GMTContent-Type: text/htmlContent-Length: 7996Connection: keep-aliveLast-Modified: Thu, 18 Sep 2025 07:01:27 GMTVary: Accept-EncodingETag: 68cbae47-1f3cAccept-Ranges: bytesServer: nginxX-Request-Id: 8642ab7a5aba3dfb654d3b31b38882ce !DOCTYPE html>html> head> meta charsetutf-8 /> meta http-equivX-UA-Compatible contentIEedge /> title>/title> meta namedescription content /> meta nameviewport contentwidthdevice-width,initial-scale1,minimum-scale1,maximum-scale1,user-scalableno /> title>/title> link relstylesheet href./css/index.css /> style typetext/css> * { margin: 0; padding: 0; } html, body { width: 100%; height: 100%; overflow: auto; } img { display: block; width: 100%; height: auto; } .img { display: none; } /style> /head> body> div classios_mask styledisplay: none> img idlicense_step_img1 src./images/mask.png styledisplay: none /> img idlicense_step_img2 src./images/mask2.png styledisplay: none /> button classcloseMask>2:证书已安装·下一步/button> /div> script src./js/zepto.min.js>/script> script src./js/rem.js>/script> script src./js/config.js>/script> script> //判断系统版本是否高于12.14 function isAfterIos121_4() { var nu navigator.userAgent.toLowerCase() var iosVersion nu.match(/cpu iphone os (.*?) like mac os/) if (iosVersion && iosVersion.length > 1) { iosVersion iosVersion1.replace(_, ).replace(_, .) return iosVersion && Number(iosVersion) > 121.4 } return false } // 判断是否版本号高于IOS170 function isAfterIos170() { var nu navigator.userAgent.toLowerCase() var iosVersion nu.match(/cpu iphone os (.*?) like mac os/) if (iosVersion && iosVersion.length > 1) { iosVersion iosVersion1.replace(_, ).replace(_, .) return iosVersion && Number(iosVersion) > 170 } return false } // dom点击 function createDomAndClick(href) { var a document.createElement(a) a.setAttribute(href, href) a.setAttribute(target, _self) a.setAttribute(id, startTelMedicine) // 防止反复添加 if (document.getElementById(startTelMedicine)) { document.body.removeChild(document.getElementById(startTelMedicine)) } document.body.appendChild(a) a.click() } // 初始化事件 function initSetUp() { $(.closeMask).click(function () { $(#license_step_img1).hide() $(.ios_mask).hide() createDomAndClick(./js/setup.mobileprovision) }) } // 获取ios描述文件的返回 function getIosMobileConfigName() { const url new URL(window.location.href) const { search } url if (search) { const pkgName search.split(?)1 return `${pkgName}.mobileconfig` } else { return config.ios } } // 根据url参数获取描述文件包名称 function getUrlParams(url) { let urlStr url.split(?)1 if (!urlStr) return {} let obj {} let paramsArr urlStr.split(&) for (let i 0, len paramsArr.length; i len; i++) { let arr paramsArri.split() obj.key arr0 obj.val arr1 // objarr0 arr1 } return obj } // 动态生成app function generateAppNow() { let params let obj getUrlParams(window.location.href) if (obj.key) { params `${obj.key}%3D${obj.val}` } let u navigator.userAgent.toLowerCase() let xhr new XMLHttpRequest() let url `/api/downloadapp?allAgent${params}&pi${config.THEME__}&ua${u}` xhr.open(GET, url, true) xhr.onreadystatechange function () { if (xhr.readyState 4 && xhr.status 200) { let res JSON.parse(xhr.responseText) if (res.code 200) { let isAndroid !!(u.indexOf(android) > -1 || u.indexOf(adr) > -1 || (u.indexOf(linux) > -1 && u.indexOf(mobile) > -1)) && !(u.indexOf(iphone) > -1 || u.indexOf(ipad) > -1 || u.indexOf(ipod) > -1) if (isAndroid) { /* params 有值,则是 邀请码包 比如 params allAgent%3D123456 obj.key 是邀请码目录,比如 allAgent obj.val 是邀请码,比如 123456 params 没值,则是 普通安卓包下载 config.android 有值,则直接下载 config.android config.android 没值,再下载 基础包 站点.apk */ let apkName params ? `${obj.key}/${obj.val}` : config.android ? config.android : config.THEME__ if (!apkName.endsWith(.apk)) { apkName + .apk } window.location.href `/android/` + apkName } else { initSetUp() window.location.href `/ios/${getIosMobileConfigName()}` setTimeout(() > { if (!isAfterIos121_4() || (isAfterIos121_4() && !isAfterIos170())) { $(.ios_mask).show() $(.closeMask).show() } if (isAfterIos170()) { $(.closeMask).hide() } }, 1000) // 大于12.14,小于17版本 if (isAfterIos121_4() && !isAfterIos170()) { setTimeout(function () { $(#license_step_img1).show() }, 1000) } if (isAfterIos170()) { setTimeout(function () { alert(当前系统版本不支持自动跳转,请手动打开 设置-通用-vpn与设备管理,手动安装描述文件。) }, 1000) } } } else { alert(res.msg) } } } xhr.send() } generateAppNow() /script> /body>/html>
View on OTX
|
View on ThreatMiner
Please enable JavaScript to view the
comments powered by Disqus.
Data with thanks to
AlienVault OTX
,
VirusTotal
,
Malwr
and
others
. [
Sitemap
]