urlscan.io logo urlscan.io
SecurityTrails logo

ip-184-168-166-154.ip.secureserver.net Open in urlscan Pro
184.168.166.154  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://ip-184-168-166-154.ip.secureserver.net/wordpress/wp-content/netvigator/update/qqinput/index.php?l=_jehfuq_vjoxk0qwhtogydw_product-useri...
Effective URL: http://ip-184-168-166-154.ip.secureserver.net/wordpress/wp-content/netvigator/update/qqinput/id.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&u...
Submission: On July 29 via automatic, source phishtank
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 184.168.166.154, located in Scottsdale, United States and belongs to AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US. The main domain is ip-184-168-166-154.ip.secureserver.net.
This is the only time ip-184-168-166-154.ip.secureserver.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 184.168.166.154 26496 (AS-26496-...)
4 183.3.235.72 4816 (CHINANET-...)
1 203.205.128.160 132203 (TENCENT-N...)
7 4
Apex Domain
Subdomains		 Transfer
5 qq.com
res.mail.qq.com
ssl.ptlogin2.qq.com
mail.qq.com Failed
32 KB
2 secureserver.net
ip-184-168-166-154.ip.secureserver.net
4 KB
7 2
Domain Requested by
4 res.mail.qq.com ip-184-168-166-154.ip.secureserver.net
2 ip-184-168-166-154.ip.secureserver.net 1 redirects
1 ssl.ptlogin2.qq.com ip-184-168-166-154.ip.secureserver.net
0 mail.qq.com Failed ip-184-168-166-154.ip.secureserver.net
7 4

This site contains no links.

Subject Issuer Validity Valid
*.mail.qq.com
DigiCert SHA2 Secure Server CA		 2019-03-29 -
2020-05-15		 a year crt.sh
ssl.ui.ptlogin2.qq.com
GlobalSign Organization Validation CA - SHA256 - G2		 2019-05-09 -
2019-12-08		 7 months crt.sh

This page contains 1 frames:

Frame: https://mail.qq.com/
Frame ID: E5BBA8FE5D66D8729284DE309BB81117
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://ip-184-168-166-154.ip.secureserver.net/wordpress/wp-content/netvigator/update/qqinput/index.php?l=_jehfuq_vjoxk0qwh... HTTP 302
    http://ip-184-168-166-154.ip.secureserver.net/wordpress/wp-content/netvigator/update/qqinput/id.php?l=_JeHFUq_VJOXK0QWHtoG... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

7
Requests

71 %
HTTPS

0 %
IPv6

2
Domains

4
Subdomains

4
IPs

2
Countries

36 kB
Transfer

40 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://ip-184-168-166-154.ip.secureserver.net/wordpress/wp-content/netvigator/update/qqinput/index.php?l=_jehfuq_vjoxk0qwhtogydw_product-userid&userid100bahtstore.comwindowcleaningproducts.org89.33.64.116/~imaco?id=china@langshide.com HTTP 302
    http://ip-184-168-166-154.ip.secureserver.net/wordpress/wp-content/netvigator/update/qqinput/id.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set id.php
ip-184-168-166-154.ip.secureserver.net/wordpress/wp-content/netvigator/update/qqinput/
Redirect Chain
  • http://ip-184-168-166-154.ip.secureserver.net/wordpress/wp-content/netvigator/update/qqinput/index.php?l=_jehfuq_vjoxk0qwhtogydw_product-userid&userid100bahtstore.comwindowcleaningproducts.org8...
  • http://ip-184-168-166-154.ip.secureserver.net/wordpress/wp-content/netvigator/update/qqinput/id.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=
10 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://ip-184-168-166-154.ip.secureserver.net/wordpress/wp-content/netvigator/update/qqinput/id.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=
Protocol
HTTP/1.1
Server
184.168.166.154 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US),
Reverse DNS
ip-184-168-166-154.ip.secureserver.net
Software
Apache /
Resource Hash
b2aa2e41bd6af1650150f0f51acc5452b3e62bb6f9f20c698ef8204457534a5c

Request headers

Host
ip-184-168-166-154.ip.secureserver.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

Date
Mon, 29 Jul 2019 13:48:19 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Set-Cookie
PHPSESSID=qibmoreqlbohf2me02vii8jej6; path=/
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
3641
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Content-Type
text/html

Redirect headers

Date
Mon, 29 Jul 2019 13:48:19 GMT
Server
Apache
Location
id.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=
Content-Length
0
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html
ptlogin1c005c.css
res.mail.qq.com/en_US/htmledition/style/ 		9 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://res.mail.qq.com/en_US/htmledition/style/ptlogin1c005c.css
Requested by
Host: ip-184-168-166-154.ip.secureserver.net
URL: http://ip-184-168-166-154.ip.secureserver.net/wordpress/wp-content/netvigator/update/qqinput/id.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
183.3.235.72 , China, ASN4816 (CHINANET-IDC-GD China Telecom (Group), CN),
Reverse DNS
Software
nginx/1.14.1 /
Resource Hash

Request headers

Referer
http://ip-184-168-166-154.ip.secureserver.net/wordpress/wp-content/netvigator/update/qqinput/id.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

date
Mon, 29 Jul 2019 13:48:30 GMT
last-modified
Wed, 26 Feb 2014 17:00:28 GMT
server
nginx/1.14.1
etag
"530e1dac-2590"
content-type
text/css
status
200
cache-control
max-age=315360000
accept-ranges
bytes
content-length
9616
expires
Thu, 31 Dec 2037 23:55:55 GMT
testimg
ssl.ptlogin2.qq.com/ 		0
138 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.ptlogin2.qq.com/testimg
Requested by
Host: ip-184-168-166-154.ip.secureserver.net
URL: http://ip-184-168-166-154.ip.secureserver.net/wordpress/wp-content/netvigator/update/qqinput/id.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
203.205.128.160 Shenzhen, China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software
Tencent Login Server/2.0.0 /
Resource Hash

Request headers

Referer
http://ip-184-168-166-154.ip.secureserver.net/wordpress/wp-content/netvigator/update/qqinput/id.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

status
403
pragma
no-cache
date
Mon, 29 Jul 2019 13:48:21 GMT
cache-control
no-cache, no-store, must-revalidate
server
Tencent Login Server/2.0.0
content-length
0
expires
-1
qmlogin1be06a.js
res.mail.qq.com/en_US/htmledition/js/ 		21 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://res.mail.qq.com/en_US/htmledition/js/qmlogin1be06a.js
Requested by
Host: ip-184-168-166-154.ip.secureserver.net
URL: http://ip-184-168-166-154.ip.secureserver.net/wordpress/wp-content/netvigator/update/qqinput/id.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
183.3.235.72 , China, ASN4816 (CHINANET-IDC-GD China Telecom (Group), CN),
Reverse DNS
Software
nginx/1.14.1 /
Resource Hash

Request headers

Referer
http://ip-184-168-166-154.ip.secureserver.net/wordpress/wp-content/netvigator/update/qqinput/id.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

date
Mon, 29 Jul 2019 13:48:30 GMT
last-modified
Thu, 26 Oct 2017 07:44:52 GMT
server
nginx/1.14.1
etag
"59f19274-52d1"
content-type
application/x-javascript
status
200
cache-control
max-age=315360000
accept-ranges
bytes
content-length
21201
expires
Thu, 31 Dec 2037 23:55:55 GMT
ico_help12fb20.gif
res.mail.qq.com/en_US/htmledition/images/ 		596 B
776 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://res.mail.qq.com/en_US/htmledition/images/ico_help12fb20.gif
Requested by
Host: ip-184-168-166-154.ip.secureserver.net
URL: http://ip-184-168-166-154.ip.secureserver.net/wordpress/wp-content/netvigator/update/qqinput/id.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
183.3.235.72 , China, ASN4816 (CHINANET-IDC-GD China Telecom (Group), CN),
Reverse DNS
Software
nginx/1.14.1 /
Resource Hash

Request headers

Referer
http://ip-184-168-166-154.ip.secureserver.net/wordpress/wp-content/netvigator/update/qqinput/id.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

date
Mon, 29 Jul 2019 13:48:30 GMT
last-modified
Wed, 25 Oct 2017 10:01:21 GMT
server
nginx/1.14.1
etag
"59f060f1-254"
content-type
image/gif
status
200
cache-control
max-age=315360000
accept-ranges
bytes
content-length
596
expires
Thu, 31 Dec 2037 23:55:55 GMT
spacer.gif
res.mail.qq.com/en_US/htmledition/images/ 		43 B
222 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://res.mail.qq.com/en_US/htmledition/images/spacer.gif
Requested by
Host: ip-184-168-166-154.ip.secureserver.net
URL: http://ip-184-168-166-154.ip.secureserver.net/wordpress/wp-content/netvigator/update/qqinput/id.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
183.3.235.72 , China, ASN4816 (CHINANET-IDC-GD China Telecom (Group), CN),
Reverse DNS
Software
nginx/1.14.1 /
Resource Hash

Request headers

Referer
http://ip-184-168-166-154.ip.secureserver.net/wordpress/wp-content/netvigator/update/qqinput/id.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

date
Mon, 29 Jul 2019 13:48:30 GMT
last-modified
Wed, 25 Oct 2017 10:19:04 GMT
server
nginx/1.14.1
etag
"59f06518-2b"
content-type
image/gif
status
200
cache-control
max-age=315360000
accept-ranges
bytes
content-length
43
expires
Thu, 31 Dec 2037 23:55:55 GMT
/
mail.qq.com/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
mail.qq.com
URL
https://mail.qq.com/

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ip-184-168-166-154.ip.secureserver.net
mail.qq.com
res.mail.qq.com
ssl.ptlogin2.qq.com
mail.qq.com
183.3.235.72
184.168.166.154
203.205.128.160
b2aa2e41bd6af1650150f0f51acc5452b3e62bb6f9f20c698ef8204457534a5c