URL: http://push.5z5zw.com/cp/v_aiqiyi.html
Submission: On December 04 via manual from JP

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 3 HTTP transactions. The main IP is 183.131.200.61, located in Jinhua, China and belongs to CHINATELECOM-YUNNAN-DALI-MAN DaLi, CN. The main domain is push.5z5zw.com.
This is the only time push.5z5zw.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 183.131.200.61 136190 (CHINATELE...)
1 183.131.200.68 136190 (CHINATELE...)
1 111.206.13.62 4808 (CHINA169-...)
3 3
Apex Domain
Subdomains
Transfer
1 iqiyi.com
vip.iqiyi.com
1 faihan.cn
push.faihan.cn
9 KB
1 5z5zw.com
push.5z5zw.com
2 KB
3 3
Domain Requested by
1 vip.iqiyi.com push.5z5zw.com
1 push.faihan.cn push.5z5zw.com
1 push.5z5zw.com
3 3

This site contains links to these domains. Also see Links.

Domain
nclick.linktech.cn
Subject Issuer Validity Valid

This page contains 2 frames:

Primary Page: http://push.5z5zw.com/cp/v_aiqiyi.html
Frame ID: 950346773A556A6168E1AE015789DAD9
Requests: 2 HTTP requests in this frame

Frame: http://vip.iqiyi.com/?fv=zz_575fbcd11cccc-A100234725
Frame ID: DA735B3702C17A683B8BC12747600AE1
Requests: 1 HTTP requests in this frame

Screenshot


Page Statistics

3
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

11 kB
Transfer

11 kB
Size

18
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request v_aiqiyi.html
push.5z5zw.com/cp/
3 KB
2 KB
Document
General
Full URL
http://push.5z5zw.com/cp/v_aiqiyi.html
Protocol
HTTP/1.1
Server
183.131.200.61 Jinhua, China, ASN136190 (CHINATELECOM-YUNNAN-DALI-MAN DaLi, CN),
Reverse DNS
Software
marco/2.7 /
Resource Hash
cacfc2b73c6d044694a6f18ff86e31518c31c2587bb8b78b56ab238e07efeb3e

Request headers

Host
push.5z5zw.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Server
marco/2.7
Date
Tue, 04 Dec 2018 00:24:20 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-Request-Id
244cfbdb0565d23f9e546017b41fb538; 67fd5d06dc577a566de16ded1f1fe58e
X-Source
U/304
X-Upyun-Folder
false
ETag
W/"3f1bbaf723346be13157bc7d04f34699"
X-Content-Type
text/html
Last-Modified
Tue, 24 Jul 2018 08:15:15 GMT
Expires
Tue, 11 Dec 2018 08:41:00 GMT
Cache-Control
max-age=691200
Age
56599
Via
T.79.H, V.mix-sd-dst1-080, T.61.H, M.ctn-zj-jgh-061
Content-Encoding
gzip
aiqiyi.jpg
push.faihan.cn/img/
8 KB
9 KB
Image
General
Full URL
http://push.faihan.cn/img/aiqiyi.jpg
Requested by
Host: push.5z5zw.com
URL: http://push.5z5zw.com/cp/v_aiqiyi.html
Protocol
HTTP/1.1
Server
183.131.200.68 Jinhua, China, ASN136190 (CHINATELECOM-YUNNAN-DALI-MAN DaLi, CN),
Reverse DNS
Software
marco/2.7 /
Resource Hash
aed216e387d652e48a5d4220a0afd7879cdc2be2881a7319a2741296ebf34006

Request headers

Referer
http://push.5z5zw.com/cp/v_aiqiyi.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 04 Dec 2018 00:24:21 GMT
Via
T.78.H, V.mix-sd-dst1-082, T.74.H, M.ctn-zj-jgh-068
Age
56597
X-Source
U/200
X-Upyun-Folder
false
Connection
keep-alive
Content-Length
8518
X-Request-Id
f23dacdc769198cf5d6235db5b08b0bb; 1e6cfced835f2c3c416703daebb89413
X-Content-Type
image/jpeg
Last-Modified
Tue, 24 Jul 2018 07:24:42 GMT
Server
marco/2.7
ETag
"907a2d4bbfbdcc0ad86709f9fb7362a7"
Content-Type
image/jpeg
Cache-Control
max-age=691200
Accept-Ranges
bytes
Expires
Tue, 11 Dec 2018 08:41:03 GMT
/
vip.iqiyi.com/ Frame DA73
0
0
Document
General
Full URL
http://vip.iqiyi.com/?fv=zz_575fbcd11cccc-A100234725
Requested by
Host: push.5z5zw.com
URL: http://push.5z5zw.com/cp/v_aiqiyi.html
Protocol
HTTP/1.1
Server
111.206.13.62 Beijing, China, ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN),
Reverse DNS
Software
QWS /
Resource Hash

Request headers

Host
vip.iqiyi.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://push.5z5zw.com/cp/v_aiqiyi.html
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://push.5z5zw.com/cp/v_aiqiyi.html

Response headers

Server
QWS
Date
Tue, 04 Dec 2018 00:24:21 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Content-Encoding
gzip

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| add_iframe_h function| g_r_n function| c_ifr_p_h function| c_num

18 Cookies

Domain/Path Name / Value
.iqiyi.com/ Name: __dfp
Value: a0db788a8e33d243a4a07f0bd7aeb6f762817570c6fe791039153ae3628f2e80b1@1545179067521@1543883067521
.iqiyi.com/ Name: QC175
Value: %7B%22upd%22%3Atrue%2C%22ct%22%3A%22%22%7D
.iqiyi.com/ Name: QC010
Value: 264749388
vip.iqiyi.com/ Name: __uuid
Value: 86edb4a0-22c0-ceed-6490-388b6bfecec4
.iqiyi.com/ Name: IMS
Value: IggQARj_yJrgBSokCiA2M2I4MDA0Y2Y2MjE0ODc3NTY3YzJhNTA1YzJjYzZkMhAA
.iqiyi.com/ Name: T00404
Value: 23e9b539e13bb4f57b8fc0e6b7d8baf0
.iqiyi.com/ Name: nu
Value: 0
.iqiyi.com/ Name: QC173
Value: 1
.iqiyi.com/ Name: QC142
Value: zz_575fbcd11cccc-A100234725
.iqiyi.com/ Name: QC007
Value: http%253A%252F%252Fpush.5z5zw.com%252Fcp%252Fv_aiqiyi.html
.iqiyi.com/ Name: Hm_lpvt_53b7374a63c37483e5dd97d78d9bb36e
Value: 1543883064
.iqiyi.com/ Name: QC008
Value: 1543883065.1543883065.1543883065.1
.iqiyi.com/ Name: Hm_lvt_53b7374a63c37483e5dd97d78d9bb36e
Value: 1543883064
.iqiyi.com/ Name: QC001
Value: 1
.iqiyi.com/ Name: QC005
Value: 6ba7d75f7bf630b3f25b91d29cb2115d
.iqiyi.com/ Name: QP0013
Value:
.iqiyi.com/ Name: QC006
Value: e45212c1a0a84cb542497689b6f2e552
.iqiyi.com/ Name: QP001
Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

push.5z5zw.com
push.faihan.cn
vip.iqiyi.com
111.206.13.62
183.131.200.61
183.131.200.68
aed216e387d652e48a5d4220a0afd7879cdc2be2881a7319a2741296ebf34006
cacfc2b73c6d044694a6f18ff86e31518c31c2587bb8b78b56ab238e07efeb3e