Help
RSS
API
Feed
Maltego
Contact
Domain > h520712.o5w3if.click
×
More information on this domain is in
AlienVault OTX
Is this malicious?
Yes
No
DNS Resolutions
Date
IP Address
2025-07-29
198.16.61.27
(
ClassC
)
2025-10-18
45.249.244.110
(
ClassC
)
Port 80
HTTP/1.1 301 Moved PermanentlyServer: nginxDate: Sat, 18 Oct 2025 16:00:05 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveLocation: https://h520712.o5w3if.click/ html>head>title>301 Moved Permanently/title>/head>body>center>h1>301 Moved Permanently/h1>/center>hr>center>nginx/center>/body>/html>
Port 443
HTTP/1.1 200 OKServer: nginxDate: Sat, 18 Oct 2025 16:00:06 GMTContent-Type: text/html; charsetUTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingVary: Accept-EncodingVary: Accept-EncodingX-Content-Type-Options: nosniffCache-Control: privateX-RateLimit-Limit: 1000X-RateLimit-Remaining: 999Set-Cookie: _sessionHandler83128a096759bf6948ce698eabd7c819879a80d8d4813e75292f76def086396f; path/Access-Control-Allow-Credentials: trueAccess-Control-Allow-Methods: POST, PUT, GET, DELETE, HEAD, OPTIONAccess-Control-Allow-Headers: X-Requested-With, Content-Type, Authorization, SourceAccess-Control-Max-Age: 86400Access-Control-Expose-Headers: Authorization, Set-CookieCache-Control: private !-- Sat Oct 18 2025 12:27:33 GMT+0800 (台北標準時間) -->!DOCTYPE html>html>head> meta charsetUTF-8 /> meta http-equivX-UA-Compatible contentIEedge /> meta namerenderer contentwebkit /> link relshortcut icon href/favicon-hx5.ico> !-- Google tag (gtag.js) --> script async srchttps://www.googletagmanager.com/gtag/js?idG-W1K4EY55YJ>/script> script> var domain window.location.host if (domain www.drt01.com || domain drt01.com) { window.dataLayer window.dataLayer || ; function gtag() {dataLayer.push(arguments);} gtag(js, new Date()); gtag(config, G-W1K4EY55YJ); } /script> script> (function () { window.__CDN_PUBLIC_PATH__ /webx/; var agent ; if(location.href.includes(register)){ const size location.href.split(/).length; agent location.href.split(/)size - 1; } if (!/Android|webOS|iPhone|iPod|BlackBerry/i.test(navigator.userAgent) && location.pathname ! /) { location.href /; } if (/Android|webOS|iPhone|iPod|BlackBerry/i.test(navigator.userAgent) && location.pathname.indexOf(webapp) -1) { if(agent){ location.href /webapp/register? + agent; return; } // 本地调试不跳转 if(location.host ! localhost){ location.href /webapp/#/; } } if (navigator.standalone || window.matchMedia((display-mode: standalone)).matches) { document.title ; } // LITE APP if (location.href.indexOf(&deviceTypewebapp) > -1) { const agentCode location.href.split(#/?)1.split(&)0.split()1; sessionStorage.setItem(_agentCode_, agentCode); location.hash #/; } })() /script> script src/js/lib-js/react.production.min.js?v crossoriginanonymous referrerpolicyno-referrer>/script> script src/js/lib-js/react-dom.production.min.js?v crossoriginanonymous referrerpolicyno-referrer>/script> script src/js/lib-js/lodash.min.js?v crossoriginanonymous referrerpolicyno-referrer>/script> script src/js/lib-js/jsencrypt.min.js?v crossoriginanonymous referrerpolicyno-referrer>/script> script src/js/lib-js/axios.min.js?v crossoriginanonymous referrerpolicyno-referrer>/script> script src/js/lib-js/crypto-js.min.js?v crossoriginanonymous referrerpolicyno-referrer>/script> script>var __DES_CODE__KepLzlcJE2g/script> script> function getDesString(encrypted, key) { var key CryptoJS.enc.Utf8.parse(key); var decrypted CryptoJS.TripleDES.decrypt(encrypted, key, { mode: CryptoJS.mode.ECB, padding: CryptoJS.pad.Pkcs7 }); return decrypted.toString(CryptoJS.enc.Utf8); } function getDes(data) { var decryptedStr getDesString(data, ckIUr89EtPMJtjcDoZ1W8dst4C58YPM1); eval(decryptedStr); var parser new DOMParser(); var decodedHtml parser.parseFromString(__DES_CODE__, text/html).documentElement.textContent; var desJsCode decodedHtml.match(/\/webx.*?javascript.*?0-9.{0,14}/g); var desCssCode decodedHtml.match(/\/webx\/a-z0-9A-Z{2,6}\/desktop\/styles\/.*?v0-9.{0,14}/g); desJsCode?.map((item) > { let script document.createElement(script); script.setAttribute(defer, ) script.setAttribute(src, item) document.getElementsByTagName(head)0.appendChild(script); }) desCssCode?.map((item) > { let link document.createElement(link); link.setAttribute(href, item) link.setAttribute(rel, stylesheet) document.getElementsByTagName(head)0.appendChild(link); }) } getDes(__DES_CODE__) /script> link relapple-touch-icon sizes120x120 href/webx/app-xc.png?v> link relapple-touch-icon-precomposed sizes120x120 href/webx/app-xc.png?v>meta namecache-control contente1b1d561-clear>script defer src/webx/hx5/desktop/javascript/bootstrap.c12fc782.js?v>/script>script defer src/webx/hx5/desktop/javascript/vendors.f2708fbc.js?v>/script>script defer src/webx/hx5/desktop/javascript/index.47cf57f9.js?v>/script>link href/webx/hx5/desktop/styles/styles.bfdddff7226abd1b3ce7.css?v relstylesheet>link href/webx/hx5/desktop/styles/styles.3edfffd1bb44558cc781.css?v relstylesheet>script idparam-hydration>window.__INITIAL_DATA__ {settings:null,gameStatus:null} /script>/head>body> div classroot idroot classview>/div>/body>/html>!--e88f243bf341ded9b4ced444795c3f17-->
View on OTX
|
View on ThreatMiner
Please enable JavaScript to view the
comments powered by Disqus.
Data with thanks to
AlienVault OTX
,
VirusTotal
,
Malwr
and
others
. [
Sitemap
]