urlscan.io logo urlscan.io
SecurityTrails logo

www.gaitc.ca Open in urlscan Pro
208.113.175.136  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://www.gaitc.ca/wp-admin/vx1107.html
Submission: On June 25 via api from JP — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 18 HTTP transactions. The main IP is 208.113.175.136, located in Ashburn, United States and belongs to DREAMHOST-AS, US. The main domain is www.gaitc.ca.
This is the only time www.gaitc.ca was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic China (Online)

Domain & IP information

IP Address AS Autonomous System
1 208.113.175.136 26347 (DREAMHOST-AS)
12 103.129.252.89 137263 (NETEASE-A...)
1 123.126.96.204 4808 (CHINA169-...)
2 103.129.252.87 137263 (NETEASE-A...)
1 1 123.126.96.184 ()
18 5
1    208.113.175.136 (Ashburn, United States)

ASN26347 (DREAMHOST-AS, US)
PTR: apache2-emu.habersham.dreamhost.com
www.gaitc.ca
12    103.129.252.89 (Hong Kong)

ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK)
mimg.127.net
1    123.126.96.204 (Beijing, China)

ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN)
PTR: mail-m96204.mail.126.com
ssl.mail.126.com
2    103.129.252.87 (Hong Kong)

ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK)
mail.163.com
1    123.126.96.184 (None, )

ASN- ()
iplocator.mail.163.com
Apex Domain
Subdomains		 Transfer
12 127.net
mimg.127.net — Cisco Umbrella Rank: 118435
776 KB
3 163.com
mail.163.com — Cisco Umbrella Rank: 44591
iplocator.mail.163.com
5 KB
1 126.com
ssl.mail.126.com
ir3.mail.126.com Failed
ir.mail.126.com Failed
224 B
1 gaitc.ca
www.gaitc.ca
26 KB
18 4
Domain Requested by
12 mimg.127.net www.gaitc.ca
mail.163.com
2 mail.163.com www.gaitc.ca
1 iplocator.mail.163.com 1 redirects
1 ssl.mail.126.com www.gaitc.ca
1 www.gaitc.ca
0 ir.mail.126.com Failed mimg.127.net
0 ir3.mail.126.com Failed mimg.127.net
18 7
Subject Issuer Validity Valid
*.mail.126.com
TrustAsia RSA OV TLS CA G2		 2023-03-22 -
2024-04-13		 a year crt.sh
mimg.127.net
GeoTrust RSA CN CA G2		 2022-08-22 -
2023-09-12		 a year crt.sh

This page contains 2 frames:

Primary Page: http://www.gaitc.ca/wp-admin/vx1107.html
Frame ID: 83DD692C52AB6259D962621D0E29B7D5
Requests: 13 HTTP requests in this frame

Frame: http://mail.163.com/preload6.htm
Frame ID: 663730872538973AFEC9EF59B79612C5
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

126网易免费邮--你的专业电子邮局

Page Statistics

18
Requests

28 %
HTTPS

0 %
IPv6

4
Domains

7
Subdomains

5
IPs

3
Countries

806 kB
Transfer

2440 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14
  • http://iplocator.mail.163.com/iplocator?callback=fGetLocator HTTP 302
  • https://mail.163.com/404_error.html

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request vx1107.html
www.gaitc.ca/wp-admin/ 		91 KB
26 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.gaitc.ca/wp-admin/vx1107.html
Protocol
HTTP/1.1
Server
208.113.175.136 Ashburn, United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS
apache2-emu.habersham.dreamhost.com
Software
Apache /
Resource Hash
c5336b2b859991bc19aca54cf6605eeb117f7871c2bd0f667319240d72ab0f58

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=600
Connection
Upgrade, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html
Date
Sun, 25 Jun 2023 20:20:25 GMT
ETag
"16b73-51893e38da687-gzip"
Expires
Sun, 25 Jun 2023 20:30:25 GMT
Keep-Alive
timeout=5, max=100
Last-Modified
Mon, 15 Jun 2015 19:59:00 GMT
Server
Apache
Transfer-Encoding
chunked
Upgrade
h2
Vary
Accept-Encoding,User-Agent
base_v5.min.js
mimg.127.net/index/lib/scripts/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://mimg.127.net/index/lib/scripts/base_v5.min.js
Requested by
Host: www.gaitc.ca
URL: http://www.gaitc.ca/wp-admin/vx1107.html
Protocol
HTTP/1.1
Server
103.129.252.89 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
66f7395da705f823eb253cb60f2ae419ae3a77b1901cad9e035a3e5639023243

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://www.gaitc.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Sun, 25 Jun 2023 20:20:27 GMT
Content-Encoding
gzip
Last-Modified
Thu, 28 Apr 2016 03:04:49 GMT
Server
nginx
ETag
W/"57217dd1-4485"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=3600
Connection
keep-alive
Expires
Sun, 25 Jun 2023 21:00:53 GMT
126logo.gif
mimg.127.net/logo/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://mimg.127.net/logo/126logo.gif
Requested by
Host: www.gaitc.ca
URL: http://www.gaitc.ca/wp-admin/vx1107.html
Protocol
HTTP/1.1
Server
103.129.252.89 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
4b65646e580b883fa13c46a43b399b98e7627a866f44de26bc08284628c15f38

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://www.gaitc.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Sun, 25 Jun 2023 20:20:27 GMT
Last-Modified
Tue, 10 Feb 2009 07:01:48 GMT
Server
nginx
ETag
"4991265c-19c1"
Content-Type
image/gif
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6593
Expires
Sun, 25 Jun 2023 20:53:48 GMT
netease_logo.gif
mimg.127.net/logo/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://mimg.127.net/logo/netease_logo.gif
Requested by
Host: www.gaitc.ca
URL: http://www.gaitc.ca/wp-admin/vx1107.html
Protocol
HTTP/1.1
Server
103.129.252.89 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
b13de2eb10e93a66f6332b6ccb258bcf1502362a89b91c16f78ea425562e40a0

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://www.gaitc.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Sun, 25 Jun 2023 20:20:27 GMT
Last-Modified
Wed, 01 Dec 2010 02:06:41 GMT
Server
nginx
ETag
"4cf5adb1-4ec"
Content-Type
image/gif
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1260
Expires
Sun, 25 Jun 2023 20:26:31 GMT
knet.png
mimg.127.net/logo/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://mimg.127.net/logo/knet.png
Requested by
Host: www.gaitc.ca
URL: http://www.gaitc.ca/wp-admin/vx1107.html
Protocol
HTTP/1.1
Server
103.129.252.89 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
17add961a686edb5b25996bcc4e08a14e5e36b6a1796ffbbb9cc751e7ca97ac8

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://www.gaitc.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Sun, 25 Jun 2023 20:20:27 GMT
Last-Modified
Wed, 16 May 2012 09:47:58 GMT
Server
nginx
ETag
"4fb377ce-1203"
Content-Type
image/png
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4611
Expires
Sun, 25 Jun 2023 20:46:08 GMT
httpsEnable.gif
ssl.mail.126.com/ 		43 B
224 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.mail.126.com/httpsEnable.gif
Requested by
Host: www.gaitc.ca
URL: http://www.gaitc.ca/wp-admin/vx1107.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
123.126.96.204 Beijing, China, ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN),
Reverse DNS
mail-m96204.mail.126.com
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://www.gaitc.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sun, 25 Jun 2023 20:20:28 GMT
last-modified
Wed, 27 Oct 2021 02:55:03 GMT
server
nginx
etag
"6178bf87-2b"
content-type
image/gif
cache-control
max-age=3600
accept-ranges
bytes
content-length
43
expires
Sun, 25 Jun 2023 20:35:02 GMT
bg_v3.png
mimg.127.net/index/126/img/2013/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://mimg.127.net/index/126/img/2013/bg_v3.png
Requested by
Host: www.gaitc.ca
URL: http://www.gaitc.ca/wp-admin/vx1107.html
Protocol
HTTP/1.1
Server
103.129.252.89 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
6c9e4b43a1a10a8d1384743318e115c60812bbfb2e0f314c1ead27930c2c7a74

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://www.gaitc.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Sun, 25 Jun 2023 20:20:27 GMT
Last-Modified
Wed, 06 Aug 2014 08:37:50 GMT
Server
nginx
ETag
"53e1e95e-28ce"
Content-Type
image/png
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
10446
Expires
Sun, 25 Jun 2023 20:41:03 GMT
login_v2.png
mimg.127.net/index/126/img/2013/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://mimg.127.net/index/126/img/2013/login_v2.png
Requested by
Host: www.gaitc.ca
URL: http://www.gaitc.ca/wp-admin/vx1107.html
Protocol
HTTP/1.1
Server
103.129.252.89 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
dd7fd308f7d0e0dc3a52dba67e0fe21db27a986d560e06c608391c86e0291e15

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://www.gaitc.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Sun, 25 Jun 2023 20:20:27 GMT
Last-Modified
Thu, 07 Aug 2014 05:43:07 GMT
Server
nginx
ETag
"53e311eb-eba"
Content-Type
image/png
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3770
Expires
Sun, 25 Jun 2023 20:25:21 GMT
yixin_ico_v1.png
mimg.127.net/index/126/img/2013/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://mimg.127.net/index/126/img/2013/yixin_ico_v1.png
Requested by
Host: www.gaitc.ca
URL: http://www.gaitc.ca/wp-admin/vx1107.html
Protocol
HTTP/1.1
Server
103.129.252.89 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
3433683b0b8ff7c9ccbddd9291cc89f32b139de17ff1088ea7d754866af586be

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://www.gaitc.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Sun, 25 Jun 2023 20:20:27 GMT
Last-Modified
Thu, 12 Jun 2014 02:06:55 GMT
Server
nginx
ETag
"53990b3f-efc"
Content-Type
image/png
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3836
Expires
Sun, 25 Jun 2023 20:48:01 GMT
preload6.htm
mail.163.com/ Frame 6637 		13 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://mail.163.com/preload6.htm
Requested by
Host: www.gaitc.ca
URL: http://www.gaitc.ca/wp-admin/vx1107.html
Protocol
HTTP/1.1
Server
103.129.252.87 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
52329f377b4e62f73c19954e05f8861e2e40df7c983507d95b30dd3de5f5c20d
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' *.127.net *.126.net *.163.com *.126.com *.yeah.net *.188.com *.netease.com *.qiyukf.com qiyukf.com *.youdao.com *.mediav.com *.netstatic.net; connect-src 'self' *.127.net *.126.net *.163.com *.126.com *.yeah.net *.188.com *.netease.com *.qiyukf.com qiyukf.com *.youdao.com *.163yun.com; report-uri https://countly.mail.163.com/stats/csp

Request headers

Referer
http://www.gaitc.ca/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
max-age=3600
Connection
keep-alive
Content-Encoding
gzip
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.127.net *.126.net *.163.com *.126.com *.yeah.net *.188.com *.netease.com *.qiyukf.com qiyukf.com *.youdao.com *.mediav.com *.netstatic.net; connect-src 'self' *.127.net *.126.net *.163.com *.126.com *.yeah.net *.188.com *.netease.com *.qiyukf.com qiyukf.com *.youdao.com *.163yun.com; report-uri https://countly.mail.163.com/stats/csp
Content-Type
text/html
Date
Sun, 25 Jun 2023 20:20:28 GMT
ETag
W/"64917642-35fb"
Expires
Sun, 25 Jun 2023 20:54:34 GMT
Last-Modified
Tue, 20 Jun 2023 09:49:54 GMT
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding
bjs-1.1.6.js
mimg.127.net/p/bjs/release/ Frame 6637 		129 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mimg.127.net/p/bjs/release/bjs-1.1.6.js
Requested by
Host: mail.163.com
URL: http://mail.163.com/preload6.htm
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.129.252.89 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
590dd1d1a50d8bfb4b082194ebfe1cf712446e8c3794d6072636104b89b03c0a

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://mail.163.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sun, 25 Jun 2023 20:20:29 GMT
content-encoding
gzip
last-modified
Mon, 06 Feb 2023 06:13:00 GMT
server
nginx
etag
W/"63e09a6c-2041d"
vary
Accept-Encoding, Origin
content-type
application/x-javascript
cache-control
max-age=315360000
expires
Fri, 04 Feb 2033 05:21:29 GMT
p0.js
mimg.127.net/p/js6/6.0b2306131228/js/ Frame 6637 		704 KB
227 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mimg.127.net/p/js6/6.0b2306131228/js/p0.js
Requested by
Host: mail.163.com
URL: http://mail.163.com/preload6.htm
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.129.252.89 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
9d066e17aa65d8136b205b85256d0fd9229c4bb7fd536bd1f3b24bce7937453a

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://mail.163.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sun, 25 Jun 2023 20:20:29 GMT
content-encoding
gzip
last-modified
Tue, 13 Jun 2023 05:22:31 GMT
server
nginx
etag
W/"6487fd17-aff8f"
vary
Accept-Encoding, Origin
content-type
application/x-javascript
cache-control
max-age=315360000
expires
Thu, 16 Jun 2033 21:57:54 GMT
truncated
/ Frame 6637 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://mail.163.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/gif
base64_compress.css
mimg.127.net/p/js6/6.0b2306131228/css/ Frame 6637 		258 KB
97 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://mimg.127.net/p/js6/6.0b2306131228/css/base64_compress.css
Requested by
Host: mail.163.com
URL: http://mail.163.com/preload6.htm
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.129.252.89 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
b7d3eec1a1d4498869eb58cfb49efc38e81728a50bdf2a029ebcd3538cb4f748

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://mail.163.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sun, 25 Jun 2023 20:20:29 GMT
content-encoding
gzip
last-modified
Tue, 13 Jun 2023 05:22:30 GMT
server
nginx
etag
W/"6487fd16-40767"
vary
Accept-Encoding, Origin
content-type
text/css
cache-control
max-age=315360000
expires
Thu, 16 Jun 2033 21:57:54 GMT
get.do
ir3.mail.126.com/ 		0
0
404_error.html
mail.163.com/
Redirect Chain
  • http://iplocator.mail.163.com/iplocator?callback=fGetLocator
  • https://mail.163.com/404_error.html
0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://mail.163.com/404_error.html
Protocol
H2
Server
103.129.252.87 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://www.gaitc.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Redirect headers

Location
https://mail.163.com/404_error.html
Date
Sun, 25 Jun 2023 20:20:31 GMT
Server
nginx
Connection
keep-alive
Content-Length
138
X-Cache
from ngx52-194.163.com
Content-Type
text/html
get.do
ir.mail.126.com/ 		0
0
p1.js
mimg.127.net/p/js6/6.0b2306131228/js/ Frame 6637 		1 MB
371 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mimg.127.net/p/js6/6.0b2306131228/js/p1.js
Requested by
Host: mail.163.com
URL: http://mail.163.com/preload6.htm
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.129.252.89 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
a6e22708d9c98f3103a77ceb453c0d5657b81f576775c71e8f4c8c5ec25c8829

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://mail.163.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sun, 25 Jun 2023 20:20:30 GMT
content-encoding
gzip
last-modified
Tue, 13 Jun 2023 05:22:31 GMT
server
nginx
etag
W/"6487fd17-128a25"
vary
Accept-Encoding, Origin
content-type
application/x-javascript
cache-control
max-age=315360000
expires
Thu, 16 Jun 2033 21:57:54 GMT
140604_anzhuo_cnt.jpg
mimg.127.net/index/163/themes/ 		12 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://mimg.127.net/index/163/themes/140604_anzhuo_cnt.jpg
Protocol
HTTP/1.1
Server
103.129.252.89 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://www.gaitc.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Sun, 25 Jun 2023 20:20:33 GMT
Last-Modified
Wed, 04 Jun 2014 10:41:26 GMT
Server
nginx
ETag
"538ef7d6-1ef05"
Content-Type
image/jpeg
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
126725
Expires
Sun, 25 Jun 2023 20:26:38 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
ir3.mail.126.com
URL
http://ir3.mail.126.com/get.do?prod=wmail_lbp&ver=1&uid=nt@126.com&domain=126.com&mobUser=0&callback=themeHandler.callback&rnd=0.037358062580085116
Domain
ir.mail.126.com
URL
http://ir.mail.126.com/get.do?uid=nt@126.com&domain=126.com&ver=4&ph=-1&callback=loginExtAD.callback&rnd=0.23901072482827646

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic China (Online)

76 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 boolean| credentialless object| onbeforetoggle object| onscrollend object| gOption function| fCheckLoginNow function| fCheckAutoLogin function| fAutoLogin boolean| gbForcepc object| oAndroidRedirect function| fCheckBrowser function| fHtml5Tag function| fCheckCookie function| fGetQuery function| fGetQueryHash function| $id function| fTrim function| fParseMNum function| fCheckAccount function| fGetScript function| fGetCookie function| fSetCookie function| fEventListen function| fEventUnlisten function| fRandom function| fUrlP function| fResize function| fJSONP function| fFQ function| fStartTime object| gUserInfo object| gVisitorCookie undefined| gMobileNumMailIsForbidden undefined| gMobileNumMailResult object| gMobileNumMail function| fEnData function| loginRequest function| getRnd undefined| DOMContentLoaded function| DOMREADY string| base64EncodeChars function| base64encode function| utf16to8 function| fGetLocator function| CapsLock function| MobCallback boolean| bGettingAlgorithm object| loginExtAD undefined| gAdUserPropertyData object| gAdResData object| gErrorInfo object| oStyle function| fCls object| aSpdResult object| aSpdStartTime object| aSpdEndTime object| aSpdTmpTime object| aSpdQueue boolean| bSpdAuto string| sLocationInfo function| fSpeedTestPre function| fSpeedTest function| fSpd function| fLocationDot object| aLocationDot function| fSelectLoaction function| fSpdUserInit function| fLocationChoose function| fSetLocation function| fNetErrDebug object| indexLogin object| themeHandler object| gAdTemplate_lbp number| oIntervalCheckInputAlways

0 Cookies