l6qpwcp.icu - urlscan.io

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 7 HTTP transactions. The main IP is 164.88.168.144, located in South Africa and belongs to CLAYERLIMITED-AS-AP Clayer Limited, HK. The main domain is l6qpwcp.icu.

This is the only time l6qpwcp.icu was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	164.88.168.144 164.88.168.144	137951 (CLAYERLIM...) (CLAYERLIMITED-AS-AP Clayer Limited)
4	103.235.46.191 103.235.46.191	55967 (BAIDU Bei...) (BAIDU Beijing Baidu Netcom Science and Technology Co.)
1	128.1.217.226 128.1.217.226	13444 (TRS-GL-01) (TRS-GL-01)
7	3

2 164.88.168.144 (South Africa)

ASN137951 (CLAYERLIMITED-AS-AP Clayer Limited, HK)

l6qpwcp.icu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 103.235.46.191 (Hong Kong)

ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN)

hm.baidu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 128.1.217.226 (Los Angeles, United States)

ASN13444 (TRS-GL-01, US)

www.fdzs22.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	baidu.com hm.baidu.com	29 KB
2	l6qpwcp.icu l6qpwcp.icu	2 KB
1	fdzs22.com www.fdzs22.com
7	3

	Domain	Requested by
4	hm.baidu.com	l6qpwcp.icu
2	l6qpwcp.icu	l6qpwcp.icu
1	www.fdzs22.com	l6qpwcp.icu
7	3

This site contains links to these domains. Also see Links.

Domain
www.bt.cn

Subject Issuer	Validity	Valid
baidu.com GlobalSign Organization Validation CA - SHA256 - G2	`2020-04-02` - `2021-07-26`	a year	crt.sh
*.fdzs22.com Let's Encrypt Authority X3	`2020-08-09` - `2020-11-07`	3 months	crt.sh

This page contains 2 frames:

Primary Page: http://l6qpwcp.icu/
Frame ID: F38B71897DE92D7A0520930880584DEB
Requests: 6 HTTP requests in this frame

Frame: https://www.fdzs22.com/?att=1607
Frame ID: DDFF047DCCF6BE2C5F83E41E49B00C13
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

7
Requests

71 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

31 kB
Transfer

80 kB
Size

4
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.bt.cn/
Title: 宝塔官网(www.bt.cn)

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
l6qpwcp.icu/ 854 B
891 B 1320ms
435ms Document
text/html 164.88.168.144
CLAYERLIMITED-AS-...

General

Check archive.org

Show headers Download Go to

Full URL: http://l6qpwcp.icu/
Protocol: HTTP/1.1
Server: 164.88.168.144 , South Africa, ASN137951 (CLAYERLIMITED-AS-AP Clayer Limited, HK),
Reverse DNS
Software: nginx / PHP/7.3.9
Resource Hash: 8fa0d54d4dad1ee43fde64716d911cc568292f9740bdccf62cfa798f802b3e02

Request headers

Host: l6qpwcp.icu
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: nginx
Date: Thu, 27 Aug 2020 05:58:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.3.9
Content-Encoding: gzip

GET
H/1.1 200
OK js.js Show response
l6qpwcp.icu/ 1 KB
972 B 225ms
225ms Script
application/javascript 164.88.168.144
CLAYERLIMITED-AS-...

General

Check archive.org

Show headers Download Go to

Full URL: http://l6qpwcp.icu/js.js
Requested by: Host: l6qpwcp.icu
URL: http://l6qpwcp.icu/
Protocol: HTTP/1.1
Server: 164.88.168.144 , South Africa, ASN137951 (CLAYERLIMITED-AS-AP Clayer Limited, HK),
Reverse DNS
Software: nginx /
Resource Hash: c6777ebd31a3b78b0a4c5353415d7c7a1a35b823173aca6b4fa2c0552dbcc2b9

Request headers

Referer: http://l6qpwcp.icu/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 27 Aug 2020 05:58:16 GMT
Content-Encoding: gzip
Last-Modified: Mon, 10 Aug 2020 03:38:00 GMT
Server: nginx
ETag: W/"5f30c118-428"
Vary: Accept-Encoding
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK hm.js Show response
hm.baidu.com/ 39 KB
14 KB 931ms
452ms Script
application/javascript 103.235.46.191
BAIDU Beijing Bai...

General

Check archive.org

Show headers Download Go to

Full URL

https://hm.baidu.com/hm.js?5636c1296ff1d2b02d71759f1326be2c

Requested by

Host: l6qpwcp.icu
URL: http://l6qpwcp.icu/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),

Reverse DNS

Software

apache /

Resource Hash

f9ad70ddde65d666da4be13430a803d96d4d9a7d1bbe475b513a8fa602bdc432

Security Headers

Name	Value
Strict-Transport-Security	max-age=172800

Request headers

Referer: http://l6qpwcp.icu/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 27 Aug 2020 05:58:25 GMT
Content-Encoding: gzip
Server: apache
Etag: 605a093a6032d44beaaaaee34dddf2f7
Strict-Transport-Security: max-age=172800
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control: max-age=0, must-revalidate
Content-Type: application/javascript
Content-Length: 14031

GET
H/1.1 200
OK hm.js Show response
hm.baidu.com/ 39 KB
14 KB 925ms
449ms Script
application/javascript 103.235.46.191
BAIDU Beijing Bai...

General

Check archive.org

Show headers Download Go to

Full URL

https://hm.baidu.com/hm.js?d52d35568bcc431af0041b7ba0bef5a4

Requested by

Host: l6qpwcp.icu
URL: http://l6qpwcp.icu/js.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),

Reverse DNS

Software

apache /

Resource Hash

602d2b22c127f85a5525bdd162b2a56a8ddd04b959c365e1ed3868eed8f80bd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=172800

Request headers

Referer: http://l6qpwcp.icu/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 27 Aug 2020 05:58:25 GMT
Content-Encoding: gzip
Server: apache
Etag: 0bd027a67da282cafe410f7c1fa7c220
Strict-Transport-Security: max-age=172800
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control: max-age=0, must-revalidate
Content-Type: application/javascript
Content-Length: 14040

GET
H2 406 /
www.fdzs22.com/ Frame DDFF 0
0 1610ms
242ms Document
text/html 128.1.217.226
TRS-GL-01

General

Check archive.org

Show headers Download Go to

Full URL: https://www.fdzs22.com/?att=1607
Requested by: Host: l6qpwcp.icu
URL: http://l6qpwcp.icu/js.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 128.1.217.226 Los Angeles, United States, ASN13444 (TRS-GL-01, US),
Reverse DNS
Software: nginx/1.17.3 /
Resource Hash

Request headers

:method: GET
:authority: www.fdzs22.com
:scheme: https
:path: /?att=1607
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://l6qpwcp.icu/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://l6qpwcp.icu/

Response headers

status: 406
date: Thu, 27 Aug 2020 05:58:26 GMT
content-type: text/html
content-length: 565
server: nginx/1.17.3

GET
H/1.1 200
OK hm.gif
hm.baidu.com/ 43 B
299 B 310ms
310ms Image
image/gif 103.235.46.191
BAIDU Beijing Bai...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=1721400700&si=5636c1296ff1d2b02d71759f1326be2c&v=1.2.76&lv=1&sn=43721&r=0&ww=1600&ct=!!&u=http%3A%2F%2Fl6qpwcp.icu%2F&tt=%E6%81%AD%E5%96%9C%EF%BC%8C%E7%AB%99%E7%82%B9%E5%88%9B%E5%BB%BA%E6%88%90%E5%8A%9F%EF%BC%81

Requested by

Host: l6qpwcp.icu
URL: http://l6qpwcp.icu/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),

Reverse DNS

Software

apache /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=172800
X-Content-Type-Options	nosniff

Request headers

Referer: http://l6qpwcp.icu/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 27 Aug 2020 05:58:26 GMT
X-Content-Type-Options: nosniff
Server: apache
Strict-Transport-Security: max-age=172800
Content-Type: image/gif
Cache-Control: private, max-age=0, no-cache
Content-Length: 43

GET
H/1.1 200
OK hm.gif
hm.baidu.com/ 43 B
299 B 317ms
317ms Image
image/gif 103.235.46.191
BAIDU Beijing Bai...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=317484944&si=d52d35568bcc431af0041b7ba0bef5a4&v=1.2.76&lv=1&sn=43721&r=0&ww=1600&ct=!!&u=http%3A%2F%2Fl6qpwcp.icu%2F&tt=%E6%81%AD%E5%96%9C%EF%BC%8C%E7%AB%99%E7%82%B9%E5%88%9B%E5%BB%BA%E6%88%90%E5%8A%9F%EF%BC%81

Requested by

Host: l6qpwcp.icu
URL: http://l6qpwcp.icu/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),

Reverse DNS

Software

apache /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=172800
X-Content-Type-Options	nosniff

Request headers

Referer: http://l6qpwcp.icu/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 27 Aug 2020 05:58:26 GMT
X-Content-Type-Options: nosniff
Server: apache
Strict-Transport-Security: max-age=172800
Content-Type: image/gif
Cache-Control: private, max-age=0, no-cache
Content-Length: 43

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.l6qpwcp.icu/	1969-12-31 23:59:59	Name: Hm_lpvt_d52d35568bcc431af0041b7ba0bef5a4 Value: 1598507906
.l6qpwcp.icu/	1970-01-19 20:47:23	Name: Hm_lvt_d52d35568bcc431af0041b7ba0bef5a4 Value: 1598507906
.l6qpwcp.icu/	1969-12-31 23:59:59	Name: Hm_lpvt_5636c1296ff1d2b02d71759f1326be2c Value: 1598507906
.l6qpwcp.icu/	1970-01-19 20:47:23	Name: Hm_lvt_5636c1296ff1d2b02d71759f1326be2c Value: 1598507906

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

hm.baidu.com
l6qpwcp.icu
www.fdzs22.com
103.235.46.191
128.1.217.226
164.88.168.144
602d2b22c127f85a5525bdd162b2a56a8ddd04b959c365e1ed3868eed8f80bd7
8fa0d54d4dad1ee43fde64716d911cc568292f9740bdccf62cfa798f802b3e02
c6777ebd31a3b78b0a4c5353415d7c7a1a35b823173aca6b4fa2c0552dbcc2b9
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
f9ad70ddde65d666da4be13430a803d96d4d9a7d1bbe475b513a8fa602bdc432

l6qpwcp.icu Open in urlscan Pro 164.88.168.144 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

7 Requests

71 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

31 kBTransfer

80 kBSize

4 Cookies

1 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

4 Cookies

Indicators

l6qpwcp.icu Open in urlscan Pro
164.88.168.144 Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

71 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

31 kB
Transfer

80 kB
Size

4
Cookies

7 HTTP transactions
0 data transactions