qwerty467.xiaocao30.top Open in urlscan Pro
45.207.36.124 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://nercve.icu/
Effective URL:
https://qwerty467.xiaocao30.top/index7.html
Submission: On February 26 via api (February 26th 2023, 4:01:03 am UTC) from US — Scanned from US

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 6 domains to perform 20 HTTP transactions. The main IP is 45.207.36.124, located in and belongs to . The main domain is qwerty467.xiaocao30.top.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on December 11th 2022. Valid for: 3 months.

This is the only time qwerty467.xiaocao30.top was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	38.55.9.23 38.55.9.23	8796 (FD-298-8796) (FD-298-8796)
1	2606:4700:303... 2606:4700:3037::6815:1023	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:303... 2606:4700:3037::6815:4bdd	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	58.216.118.209 58.216.118.209	4134 (CHINANET-...) (CHINANET-BACKBONE No.31)
1	45.207.36.124 45.207.36.124	() ()
20	5

2 38.55.9.23 (United States)

ASN8796 (FD-298-8796, US)

nercve.icu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3037::6815:1023 (United States)

ASN13335 (CLOUDFLARENET, US)

plugins.doubleclicks.biz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3037::6815:4bdd (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jqueryboots.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 58.216.118.209 (China) 1 redirects

ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN)

7j103fgr.1-2-frozen.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.207.36.124 (None, )

ASN- ()

qwerty467.xiaocao30.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	nercve.icu nercve.icu	2 KB
1	xiaocao30.top qwerty467.xiaocao30.top
1	1-2-frozen.com 1 redirects 7j103fgr.1-2-frozen.com	574 B
1	jqueryboots.com cdn.jqueryboots.com	643 B
1	doubleclicks.biz plugins.doubleclicks.biz — Cisco Umbrella Rank: 555980
0	aliyuncs.com Failed xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com Failed
20	6

	Domain	Requested by
2	nercve.icu	nercve.icu
1	qwerty467.xiaocao30.top	cdn.jqueryboots.com
1	7j103fgr.1-2-frozen.com	1 redirects
1	cdn.jqueryboots.com	nercve.icu
1	plugins.doubleclicks.biz	nercve.icu
0	xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com Failed	qwerty467.xiaocao30.top
20	6

This site contains no links.

Subject Issuer	Validity	Valid
*.doubleclicks.biz GTS CA 1P5	`2023-02-17` - `2023-05-18`	3 months	crt.sh
*.jqueryboots.com GTS CA 1P5	`2023-02-23` - `2023-05-24`	3 months	crt.sh
*.xiaocao30.top ZeroSSL RSA Domain Secure Site CA	`2022-12-11` - `2023-03-11`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://qwerty467.xiaocao30.top/index7.html
Frame ID: CA6F99F5FFEBC92EC87204976BD3B073
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://nercve.icu/ Page URL
https://7j103fgr.1-2-frozen.com/ice7467 HTTP 302
https://qwerty467.xiaocao30.top/index7.html Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

20
Requests

15 %
HTTPS

40 %
IPv6

6
Domains

6
Subdomains

5
IPs

2
Countries

3 kB
Transfer

8 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://nercve.icu/ Page URL
https://7j103fgr.1-2-frozen.com/ice7467 HTTP 302
https://qwerty467.xiaocao30.top/index7.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
nercve.icu/ 2 KB
992 B 3081ms
100ms Document
text/html 38.55.9.23
FD-298-8796

General

Check archive.org

Show headers Download Go to

Full URL: http://nercve.icu/
Protocol: HTTP/1.1
Server: 38.55.9.23 , United States, ASN8796 (FD-298-8796, US),
Reverse DNS
Software: nginx /
Resource Hash: 8525b5c1adcdb6439ab101b3c13b5d114c65db2592b1f5bebd26113a44e00c5b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html;charset=utf-8
Date: Sun, 26 Feb 2023 04:00:53 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding

GET
H/1.1 200
OK qj.php Show response
nercve.icu/ 2 KB
1 KB 91ms
91ms Script
text/html 38.55.9.23
FD-298-8796

General

Check archive.org

Show headers Download Go to

Full URL: http://nercve.icu/qj.php
Requested by: Host: nercve.icu
URL: http://nercve.icu/
Protocol: HTTP/1.1
Server: 38.55.9.23 , United States, ASN8796 (FD-298-8796, US),
Reverse DNS
Software: nginx /
Resource Hash: 4fcd3735962e87c5f8b1ca7601272b49e33786b923422464a302ff060c8579fb

Request headers

accept-language: en-US,en;q=0.9
Referer: http://nercve.icu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Sun, 26 Feb 2023 04:00:54 GMT
Content-Encoding: gzip
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/html

GET
H2 403 linkid.js
plugins.doubleclicks.biz/plugins/ua/ 0
0 107ms
34ms Script
text/html 2606:4700:3037::6815:1023
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://plugins.doubleclicks.biz/plugins/ua/linkid.js
Requested by: Host: nercve.icu
URL: http://nercve.icu/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:1023 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://nercve.icu/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

GET
H2 200 jquery.min.js
cdn.jqueryboots.com/ajax/libs/jquery/3.6.1/ 137 B
643 B 249ms
42ms Script
application/javascript 2606:4700:3037::6815:4bdd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jqueryboots.com/ajax/libs/jquery/3.6.1/jquery.min.js

Requested by

Host: nercve.icu
URL: http://nercve.icu/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::6815:4bdd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: http://nercve.icu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Sun, 26 Feb 2023 04:00:54 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 25 Feb 2023 14:08:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1170
etag: W/"63fa1662-89"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dBZ%2BwHPZhucUleX7Ce0gfnTm%2BB%2FlHCUipDuCEnbVBpDSax9LSx54JfrqZ6SkUrPNDNIiJzfOflEQzJb2%2BSSd2J%2FnMzal5GnE6mq3lkSGcEpIJI5kFAGlxMNp6QDAv2DCIr59Xd74cmmsXTIW14zVl7yL"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 79f5c6c3ac45c34a-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2

200

Primary Request index7.html
qwerty467.xiaocao30.top/
Redirect Chain

https://7j103fgr.1-2-frozen.com/ice7467
https://qwerty467.xiaocao30.top/index7.html

5 KB
0

4564ms
641ms

Document
text/html

45.207.36.124

General

Check archive.org

Show headers Download Go to

Full URL: https://qwerty467.xiaocao30.top/index7.html
Requested by: Host: cdn.jqueryboots.com
URL: https://cdn.jqueryboots.com/ajax/libs/jquery/3.6.1/jquery.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 45.207.36.124 -, , ASN (),
Reverse DNS
Software: cdn-ddos-cc /
Resource Hash

Request headers

Referer: http://nercve.icu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: *
access-control-allow-origin: *
content-encoding: gzip
content-type: text/html
date: Sun, 26 Feb 2023 04:01:02 GMT
etag: W/"63ebef4b-1257"
last-modified: Tue, 14 Feb 2023 20:30:03 GMT
server: cdn-ddos-cc
vary: Accept-Encoding
x-cache-status: MISS

Redirect headers

Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
Access-Control-Allow-Methods: *
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Sun, 26 Feb 2023 04:00:58 GMT
EagleId: 3ad8769516773840578417355e
Location: https://qwerty467.xiaocao30.top/index7.html
Server: Tengine
Timing-Allow-Origin: *
Transfer-Encoding: chunked
Via: cache17.l2ot7-1[200,0], kunlun1.cn1310[599,0]
X-Powered-By: PHP/7.4.26

GET index.css
xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com/css/ 0
0

GET layer.css
xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com/css/ 0
0

GET jquery-3.4.1.min.js
xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com/js/ 0
0

GET clipboard.min.js
xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com/js/ 0
0

GET mobile-detect.min.js
xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com/js/ 0
0

GET base64.min.js
xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com/js/ 0
0

GET jquery.qrcode.min.js
xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com/js/ 0
0

GET crypto-js.min.js
xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com/js/ 0
0

GET aes.min.js
xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com/js/ 0
0

GET flexible.js
xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com/js/ 0
0

GET layer.js
xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com/js/ 0
0

GET wechar.png
xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com/img/ 0
0

GET ic_back.png
xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com/img/ 0
0

GET img.js
xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com/js/ 0
0

GET index.js
xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com/js/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com
URL: https://xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com/css/index.css

Domain: xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com
URL: https://xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com/css/layer.css

Domain: xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com
URL: https://xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com/js/jquery-3.4.1.min.js

Domain: xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com
URL: https://xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com/js/clipboard.min.js

Domain: xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com
URL: https://xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com/js/mobile-detect.min.js

Domain: xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com
URL: https://xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com/js/base64.min.js

Domain: xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com
URL: https://xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com/js/jquery.qrcode.min.js

Domain: xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com
URL: https://xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com/js/crypto-js.min.js

Domain: xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com
URL: https://xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com/js/aes.min.js

Domain: xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com
URL: https://xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com/js/flexible.js

Domain: xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com
URL: https://xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com/js/layer.js

Domain: xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com
URL: https://xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com/img/wechar.png

Domain: xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com
URL: https://xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com/img/ic_back.png

Domain: xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com
URL: https://xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com/js/img.js

Domain: xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com
URL: https://xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com/js/index.js

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			nercve.icu/	1970-01-20 09:56:45	Name: waf_sc Value: 5889647726

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: http://nercve.icu/ Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://plugins.doubleclicks.biz/plugins/ua/linkid.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://nercve.icu/ Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://plugins.doubleclicks.biz/plugins/ua/linkid.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://plugins.doubleclicks.biz/plugins/ua/linkid.js Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

7j103fgr.1-2-frozen.com
cdn.jqueryboots.com
nercve.icu
plugins.doubleclicks.biz
qwerty467.xiaocao30.top
xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com
xiaocaofjikezyy.oss-ap-southeast-1.aliyuncs.com
2606:4700:3037::6815:1023
2606:4700:3037::6815:4bdd
38.55.9.23
45.207.36.124
58.216.118.209
4fcd3735962e87c5f8b1ca7601272b49e33786b923422464a302ff060c8579fb
8525b5c1adcdb6439ab101b3c13b5d114c65db2592b1f5bebd26113a44e00c5b

qwerty467.xiaocao30.top Open in urlscan Pro 45.207.36.124 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

20 Requests

15 %HTTPS

40 %IPv6

6 Domains

6 Subdomains

5 IPs

2 Countries

3 kBTransfer

8 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

1 Cookies

3 Console Messages

Indicators

qwerty467.xiaocao30.top Open in urlscan Pro
45.207.36.124 Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

15 %
HTTPS

40 %
IPv6

6
Domains

6
Subdomains

5
IPs

2
Countries

3 kB
Transfer

8 kB
Size

1
Cookies

20 HTTP transactions
0 data transactions