106.75.145.218 Open in urlscan Pro
106.75.145.218 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://106.75.145.218:60000/#/user/login
Effective URL:
https://106.75.145.218:60000/
Submission Tags: c2 malware viper Search All
Submission: On August 15 via api (August 15th 2025, 11:27:52 pm UTC) from US — Scanned from DE

Summary HTTP 12 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 1 domains to perform 12 HTTP transactions. The main IP is 106.75.145.218, located in China and belongs to CT-GUANGZHOU-IDC CHINANET Guangdong province network, CN. The main domain is 106.75.145.218.
TLS certificate: Issued by 0d72da0c on March 29th 2021. Valid for: 10 years.

This is the only time 106.75.145.218 was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
11	106.75.145.218 106.75.145.218	58466 (CT-GUANGZ...) (CT-GUANGZHOU-IDC CHINANET Guangdong province network)
1	163.181.58.167 163.181.58.167	24429 (TAOBAO Zh...) (TAOBAO Zhejiang Taobao Network Co.)
12	2

11 106.75.145.218 (China)

ASN58466 (CT-GUANGZHOU-IDC CHINANET Guangdong province network, CN)
PTR: ocguesh.asia

106.75.145.218	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 163.181.58.167 (Frankfurt am Main, Germany)

ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN)

at.alicdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

	Apex Domain Subdomains	Transfer
1	alicdn.com at.alicdn.com — Cisco Umbrella Rank: 21418	14 KB
12	1

	Domain	Requested by
1	at.alicdn.com	106.75.145.218
12	1

This site contains links to these domains. Also see Links.

Domain
www.yuque.com

Subject Issuer	Validity	Valid
d1d38ec9 0d72da0c	`2021-03-29` - `2031-03-27`	10 years	crt.sh
*.tbcdn.cn GlobalSign GCC R3 OV TLS CA 2024	`2025-06-16` - `2026-07-18`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://106.75.145.218:60000/
Frame ID: 667E72E0C26641E07A6D64E2C38C14BE
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Page Statistics

12
Requests

8 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

2
Countries

540 kB
Transfer

1896 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.yuque.com/vipersec/help/oktwb7

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response 106.75.145.218/	692 B 939 B	828ms 409ms	Document text/html	106.75.145.218 CT-GUANGZHOU-IDC ...
General Check archive.org Download Go to Full URL https://106.75.145.218:60000/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 106.75.145.218 , China, ASN58466 (CT-GUANGZHOU-IDC CHINANET Guangdong province network, CN), Reverse DNS ocguesh.asia Software nginx/1.24.0 (Ubuntu) / Resource Hash `748ebb050a2869bc29d48510eca68fba43670a10e49daab10c5fdab389e13bf6` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Response headers Accept-Ranges bytes Connection keep-alive Content-Length 692 Content-Type text/html Date Fri, 15 Aug 2025 23:27:53 GMT ETag "6757de18-2b4" Last-Modified Tue, 10 Dec 2024 06:22:16 GMT Server nginx/1.24.0 (Ubuntu)
GET H/1.1	200 OK	umi.432f8c81.css 106.75.145.218/	226 KB 27 KB	424ms 424ms	Stylesheet text/css	106.75.145.218 CT-GUANGZHOU-IDC ...
General Check archive.org Download Go to Full URL https://106.75.145.218:60000/umi.432f8c81.css Requested by Host: 106.75.145.218 URL: https://106.75.145.218:60000/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 106.75.145.218 , China, ASN58466 (CT-GUANGZHOU-IDC CHINANET Guangdong province network, CN), Reverse DNS ocguesh.asia Software nginx/1.24.0 (Ubuntu) / Resource Hash `955cc43d8fe60a97a0f8081ff81be3a625ff535b1c9c2daf8b08228db88c5f70` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Referer https://106.75.145.218:60000/ Response headers Transfer-Encoding chunked Content-Encoding gzip ETag W/"6757de18-387c0" Connection keep-alive Date Fri, 15 Aug 2025 23:27:53 GMT Content-Type text/css Last-Modified Tue, 10 Dec 2024 06:22:16 GMT Server nginx/1.24.0 (Ubuntu) Vary Accept-Encoding
GET H/1.1	200 OK	umi.82d08916.js Show response 106.75.145.218/	1 MB 405 KB	828ms 408ms	Script application/javascript	106.75.145.218 CT-GUANGZHOU-IDC ...
General Check archive.org Download Go to Full URL https://106.75.145.218:60000/umi.82d08916.js Requested by Host: 106.75.145.218 URL: https://106.75.145.218:60000/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 106.75.145.218 , China, ASN58466 (CT-GUANGZHOU-IDC CHINANET Guangdong province network, CN), Reverse DNS ocguesh.asia Software nginx/1.24.0 (Ubuntu) / Resource Hash `ed986f7a88d7234e70434ff4d48d1dfac9c80b4c0cd41062339248f83e7c0533` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Referer https://106.75.145.218:60000/ Response headers Transfer-Encoding chunked Content-Encoding gzip ETag W/"6757de18-1431b7" Connection keep-alive Date Fri, 15 Aug 2025 23:27:54 GMT Content-Type application/javascript Last-Modified Tue, 10 Dec 2024 06:22:16 GMT Server nginx/1.24.0 (Ubuntu) Vary Accept-Encoding
GET H/1.1	200 OK	layouts__UserLayout.c26c1167.chunk.css 106.75.145.218/	804 B 1 KB	205ms 205ms	Stylesheet text/css	106.75.145.218 CT-GUANGZHOU-IDC ...
General Check archive.org Download Go to Full URL https://106.75.145.218:60000/layouts__UserLayout.c26c1167.chunk.css Requested by Host: 106.75.145.218 URL: https://106.75.145.218:60000/umi.82d08916.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 106.75.145.218 , China, ASN58466 (CT-GUANGZHOU-IDC CHINANET Guangdong province network, CN), Reverse DNS ocguesh.asia Software nginx/1.24.0 (Ubuntu) / Resource Hash `00d35b49fab27f186b5b6f9d162683a16f224ccd46e74e1248506d227e02b2bc` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Referer https://106.75.145.218:60000/ Response headers ETag "6757de18-324" Connection keep-alive Accept-Ranges bytes Content-Length 804 Date Fri, 15 Aug 2025 23:28:01 GMT Content-Type text/css Last-Modified Tue, 10 Dec 2024 06:22:16 GMT Server nginx/1.24.0 (Ubuntu)
GET H/1.1	200 OK	layouts__UserLayout.e8825123.async.js Show response 106.75.145.218/	3 KB 2 KB	209ms 209ms	Script application/javascript	106.75.145.218 CT-GUANGZHOU-IDC ...
General Check archive.org Download Go to Full URL https://106.75.145.218:60000/layouts__UserLayout.e8825123.async.js Requested by Host: 106.75.145.218 URL: https://106.75.145.218:60000/umi.82d08916.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 106.75.145.218 , China, ASN58466 (CT-GUANGZHOU-IDC CHINANET Guangdong province network, CN), Reverse DNS ocguesh.asia Software nginx/1.24.0 (Ubuntu) / Resource Hash `524c97aed01d8a74f9e587563962115134478dac811e37f0bfd36feb4f405957` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Referer https://106.75.145.218:60000/ Response headers Transfer-Encoding chunked Content-Encoding gzip ETag W/"6757de18-b1b" Connection keep-alive Date Fri, 15 Aug 2025 23:28:01 GMT Content-Type application/javascript Last-Modified Tue, 10 Dec 2024 06:22:16 GMT Server nginx/1.24.0 (Ubuntu) Vary Accept-Encoding
GET H/1.1	200 OK	vendors~p__Core__HostAndSession~p__Core__Nav~p__Core__WebMain~p__User__Login.50a10f91.async.js Show response 106.75.145.218/	69 KB 23 KB	1072ms 1071ms	Script application/javascript	106.75.145.218 CT-GUANGZHOU-IDC ...
General Check archive.org Download Go to Full URL https://106.75.145.218:60000/vendors~p__Core__HostAndSession~p__Core__Nav~p__Core__WebMain~p__User__Login.50a10f91.async.js Requested by Host: 106.75.145.218 URL: https://106.75.145.218:60000/umi.82d08916.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 106.75.145.218 , China, ASN58466 (CT-GUANGZHOU-IDC CHINANET Guangdong province network, CN), Reverse DNS ocguesh.asia Software nginx/1.24.0 (Ubuntu) / Resource Hash `306f2a22fc19b3a4c86086a971dcd4a4208ab534b781e6d7b915a7c2f4fcbe22` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Referer https://106.75.145.218:60000/ Response headers Transfer-Encoding chunked Content-Encoding gzip ETag W/"6757de18-1133a" Connection keep-alive Date Fri, 15 Aug 2025 23:28:01 GMT Content-Type application/javascript Last-Modified Tue, 10 Dec 2024 06:22:16 GMT Server nginx/1.24.0 (Ubuntu) Vary Accept-Encoding
GET H/1.1	200 OK	vendors~p__Core__HostAndSession~p__Core__WebMain~p__User__Login.ef595634.chunk.css 106.75.145.218/	90 KB 11 KB	457ms 456ms	Stylesheet text/css	106.75.145.218 CT-GUANGZHOU-IDC ...
General Check archive.org Download Go to Full URL https://106.75.145.218:60000/vendors~p__Core__HostAndSession~p__Core__WebMain~p__User__Login.ef595634.chunk.css Requested by Host: 106.75.145.218 URL: https://106.75.145.218:60000/umi.82d08916.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 106.75.145.218 , China, ASN58466 (CT-GUANGZHOU-IDC CHINANET Guangdong province network, CN), Reverse DNS ocguesh.asia Software nginx/1.24.0 (Ubuntu) / Resource Hash `e0f5798006cf021be0acc5d9c80b52a3f15b0f4299f8d23d2e0dfcdd1cd7ed8e` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Referer https://106.75.145.218:60000/ Response headers Transfer-Encoding chunked Content-Encoding gzip ETag W/"6757de18-16634" Connection keep-alive Date Fri, 15 Aug 2025 23:28:01 GMT Content-Type text/css Last-Modified Tue, 10 Dec 2024 06:22:16 GMT Server nginx/1.24.0 (Ubuntu) Vary Accept-Encoding
GET H/1.1	200 OK	vendors~p__Core__HostAndSession~p__Core__WebMain~p__User__Login.8562ba19.async.js Show response 106.75.145.218/	148 KB 46 KB	2323ms 1941ms	Script application/javascript	106.75.145.218 CT-GUANGZHOU-IDC ...
General Check archive.org Download Go to Full URL https://106.75.145.218:60000/vendors~p__Core__HostAndSession~p__Core__WebMain~p__User__Login.8562ba19.async.js Requested by Host: 106.75.145.218 URL: https://106.75.145.218:60000/umi.82d08916.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 106.75.145.218 , China, ASN58466 (CT-GUANGZHOU-IDC CHINANET Guangdong province network, CN), Reverse DNS ocguesh.asia Software nginx/1.24.0 (Ubuntu) / Resource Hash `df86647f00c6f5d2631cfcc9d4f28213a0dd9d7588a02d7b18e9af4f2ac2f598` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Referer https://106.75.145.218:60000/ Response headers Transfer-Encoding chunked Content-Encoding gzip ETag W/"6757de18-250f2" Connection keep-alive Date Fri, 15 Aug 2025 23:28:01 GMT Content-Type application/javascript Last-Modified Tue, 10 Dec 2024 06:22:16 GMT Server nginx/1.24.0 (Ubuntu) Vary Accept-Encoding
GET H/1.1	200 OK	p__User__Login.8ce24f5d.chunk.css 106.75.145.218/	101 B 346 B	751ms 369ms	Stylesheet text/css	106.75.145.218 CT-GUANGZHOU-IDC ...
General Check archive.org Download Go to Full URL https://106.75.145.218:60000/p__User__Login.8ce24f5d.chunk.css Requested by Host: 106.75.145.218 URL: https://106.75.145.218:60000/umi.82d08916.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 106.75.145.218 , China, ASN58466 (CT-GUANGZHOU-IDC CHINANET Guangdong province network, CN), Reverse DNS ocguesh.asia Software nginx/1.24.0 (Ubuntu) / Resource Hash `3a2b40f8e13c6dcaf6125fe0b0ea23269cb2b3df6fac1fe12ddf1c1abca3a357` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Referer https://106.75.145.218:60000/ Response headers ETag "6757de18-65" Connection keep-alive Accept-Ranges bytes Content-Length 101 Date Fri, 15 Aug 2025 23:28:01 GMT Content-Type text/css Last-Modified Tue, 10 Dec 2024 06:22:16 GMT Server nginx/1.24.0 (Ubuntu)
GET H/1.1	200 OK	p__User__Login.71270e11.async.js Show response 106.75.145.218/	17 KB 3 KB	899ms 450ms	Script application/javascript	106.75.145.218 CT-GUANGZHOU-IDC ...
General Check archive.org Download Go to Full URL https://106.75.145.218:60000/p__User__Login.71270e11.async.js Requested by Host: 106.75.145.218 URL: https://106.75.145.218:60000/umi.82d08916.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 106.75.145.218 , China, ASN58466 (CT-GUANGZHOU-IDC CHINANET Guangdong province network, CN), Reverse DNS ocguesh.asia Software nginx/1.24.0 (Ubuntu) / Resource Hash `3eee9e49b880e170c8eae2231548318e591671b00bed50e946602eb77464fd73` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Referer https://106.75.145.218:60000/ Response headers Transfer-Encoding chunked Content-Encoding gzip ETag W/"6757de18-422f" Connection keep-alive Date Fri, 15 Aug 2025 23:28:01 GMT Content-Type application/javascript Last-Modified Tue, 10 Dec 2024 06:22:16 GMT Server nginx/1.24.0 (Ubuntu) Vary Accept-Encoding
GET H2	200	font_1077799_candygnjo7p.js Show response at.alicdn.com/t/c/	43 KB 14 KB	50ms 21ms	Script application/javascript	163.181.58.167 TAOBAO Zhejiang T...
General Check archive.org Download Go to Full URL https://at.alicdn.com/t/c/font_1077799_candygnjo7p.js Requested by Host: 106.75.145.218 URL: https://106.75.145.218:60000/vendors~p__Core__HostAndSession~p__Core__WebMain~p__User__Login.8562ba19.async.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 163.181.58.167 Frankfurt am Main, Germany, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN), Reverse DNS Software Tengine / Resource Hash `cce942e5462e5a00c807886e453a55e36f875af488ad92dbe3186599f211e2db` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Referer https://106.75.145.218:60000/ Response headers content-md5 NsGu8DUX+X67raF9TlWgdQ== x-oss-storage-class Standard content-encoding gzip etag W/"36C1AEF03517F97EBBADA17D4E55A075" age 6282017 x-oss-object-type Normal x-cache MISS TCP_MISS dirn:11:97821546 date Wed, 04 Jun 2025 06:27:47 GMT x-oss-server-time 23 content-type application/javascript vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Origin last-modified Tue, 02 Jul 2024 07:11:42 GMT cache-control max-age=63072000 x-swift-cachetime 56789983 timing-allow-origin * x-oss-hash-crc64ecma 4102896281048686235 via ens-cache22.l2de3[0,0,200-0,H], ens-cache11.l2de3[3,0], ens-cache5.de13[12,13,200-0,M], ens-cache8.de13[14,0] ali-swift-global-savetime 1749018467 x-swift-savetime Fri, 15 Aug 2025 23:28:04 GMT access-control-allow-origin * eagleid a3b53a9c17553004844008902e x-oss-request-id 683FE763E54CE13233D5022C server Tengine
GET H/1.1	200 OK	favicon.png 106.75.145.218/	7 KB 7 KB	194ms 194ms	Other image/png	106.75.145.218 CT-GUANGZHOU-IDC ...
General Check archive.org Download Go to Full URL https://106.75.145.218:60000/favicon.png Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 106.75.145.218 , China, ASN58466 (CT-GUANGZHOU-IDC CHINANET Guangdong province network, CN), Reverse DNS ocguesh.asia Software nginx/1.24.0 (Ubuntu) / Resource Hash `d2224a6a27d5c404a59d16789536dc3a076765e21fec2fd823cf76989378ede1` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Referer https://106.75.145.218:60000/ Response headers Transfer-Encoding chunked Content-Encoding gzip ETag W/"6757dd56-1c49" Connection keep-alive Date Fri, 15 Aug 2025 23:28:04 GMT Content-Type image/png Last-Modified Tue, 10 Dec 2024 06:19:02 GMT Server nginx/1.24.0 (Ubuntu) Vary Accept-Encoding

Verdicts & Comments Add Verdict or Comment

11 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://106.75.145.218:60000/#/user/login(Line 8) Message: Error parsing a meta element's content: ';' is not a valid key-value pair separator. Please use ',' instead.
recommendation	verbose	URL: https://106.75.145.218:60000/#/user/login Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

at.alicdn.com
106.75.145.218
163.181.58.167
00d35b49fab27f186b5b6f9d162683a16f224ccd46e74e1248506d227e02b2bc
306f2a22fc19b3a4c86086a971dcd4a4208ab534b781e6d7b915a7c2f4fcbe22
3a2b40f8e13c6dcaf6125fe0b0ea23269cb2b3df6fac1fe12ddf1c1abca3a357
3eee9e49b880e170c8eae2231548318e591671b00bed50e946602eb77464fd73
524c97aed01d8a74f9e587563962115134478dac811e37f0bfd36feb4f405957
748ebb050a2869bc29d48510eca68fba43670a10e49daab10c5fdab389e13bf6
955cc43d8fe60a97a0f8081ff81be3a625ff535b1c9c2daf8b08228db88c5f70
cce942e5462e5a00c807886e453a55e36f875af488ad92dbe3186599f211e2db
d2224a6a27d5c404a59d16789536dc3a076765e21fec2fd823cf76989378ede1
df86647f00c6f5d2631cfcc9d4f28213a0dd9d7588a02d7b18e9af4f2ac2f598
e0f5798006cf021be0acc5d9c80b52a3f15b0f4299f8d23d2e0dfcdd1cd7ed8e
ed986f7a88d7234e70434ff4d48d1dfac9c80b4c0cd41062339248f83e7c0533

106.75.145.218 Open in urlscan Pro 106.75.145.218 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

12 Requests

8 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

2 Countries

540 kBTransfer

1896 kBSize

0 Cookies

1 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script Fetch XHR CSS Image Font Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

11 JavaScript Window variables

0 Cookies

2 Console Messages

Indicators

106.75.145.218 Open in urlscan Pro
106.75.145.218 Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

8 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

2
Countries

540 kB
Transfer

1896 kB
Size

0
Cookies

12 HTTP transactions
0 data transactions