electrocoolhvacr.com
Open in
urlscan Pro
195.191.25.158
Malicious Activity!
Public Scan
Submission: On September 16 via api from TW
Summary
This is the only time electrocoolhvacr.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic China (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 195.191.25.158 195.191.25.158 | 196645 (HOSTPRO-AS) (HOSTPRO-AS) | |
11 | 103.129.252.34 103.129.252.34 | 137263 (NETEASE-A...) (NETEASE-AS-AP NETEASE HONG KONG LIMITED) | |
1 | 123.126.97.210 123.126.97.210 | 4808 (CHINA169-...) (CHINA169-BJ China Unicom Beijing Province Network) | |
1 | 223.252.195.133 223.252.195.133 | 45062 (NETEASE-A...) (NETEASE-AS Guangzhou NetEase Computer System Co.) | |
1 | 123.126.97.211 123.126.97.211 | 4808 (CHINA169-...) (CHINA169-BJ China Unicom Beijing Province Network) | |
1 | 123.126.97.207 123.126.97.207 | 4808 (CHINA169-...) (CHINA169-BJ China Unicom Beijing Province Network) | |
19 | 7 |
ASN196645 (HOSTPRO-AS, UA)
PTR: iron.fastbighost.net
electrocoolhvacr.com |
ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK)
mimg.127.net | |
mail.163.com |
ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN)
PTR: mail-m97210.mail.163.com
ssl.mail.163.com |
ASN45062 (NETEASE-AS Guangzhou NetEase Computer System Co., Ltd., CN)
analytics.163.com |
ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN)
PTR: mail-m97211.mail.163.com
count.mail.163.com |
ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN)
PTR: mail-m97207.mail.163.com
iplocator.mail.163.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
127.net
mimg.127.net gztp.127.net Failed gzcp.127.net Failed gzep.127.net Failed |
87 KB |
5 |
163.com
ssl.mail.163.com analytics.163.com count.mail.163.com mail.163.com iplocator.mail.163.com |
8 KB |
1 |
electrocoolhvacr.com
electrocoolhvacr.com |
24 KB |
19 | 3 |
Domain | Requested by | |
---|---|---|
10 | mimg.127.net |
electrocoolhvacr.com
mimg.127.net |
1 | iplocator.mail.163.com |
mimg.127.net
|
1 | mail.163.com |
electrocoolhvacr.com
|
1 | count.mail.163.com |
electrocoolhvacr.com
|
1 | analytics.163.com |
electrocoolhvacr.com
|
1 | ssl.mail.163.com |
electrocoolhvacr.com
|
1 | electrocoolhvacr.com | |
0 | gzep.127.net Failed |
mimg.127.net
|
0 | gzcp.127.net Failed |
mimg.127.net
|
0 | gztp.127.net Failed |
mimg.127.net
|
19 | 10 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ssl.mail.163.com GeoTrust CN RSA CA G1 |
2020-01-07 - 2022-03-05 |
2 years | crt.sh |
This page contains 2 frames:
Primary Page:
http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm
Frame ID: 6BB922450D9A3DC323B2907C0E2B7490
Requests: 18 HTTP requests in this frame
Frame:
http://mail.163.com/preload5.htm
Frame ID: 7E3B688FEC94D8637373BB9EFEBEC96C
Requests: 1 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
163xffrxxzzz.htm
electrocoolhvacr.com/control/163/ |
82 KB 24 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
base_v3.js
mimg.127.net/index/lib/scripts/ |
23 KB 8 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ntes_logo.png
mimg.127.net/index/email/img/2012/ |
983 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
t.gif
mimg.127.net/p/ |
77 B 478 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
knet.png
mimg.127.net/logo/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
httpsEnable.gif
ssl.mail.163.com/ |
43 B 251 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ntes.js
analytics.163.com/ |
22 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_v2.png
mimg.127.net/index/email/img/2012/ |
10 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bgx.png
mimg.127.net/index/email/img/2012/ |
304 B 628 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg_v2.png
mimg.127.net/index/email/img/2012/ |
16 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arr.png
mimg.127.net/index/email/img/2012/ |
492 B 816 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
all2.jpg
mimg.127.net/index/email/img/2012/ |
43 KB 44 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
webmail.gif
count.mail.163.com/beacon/ |
49 B 278 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
preload5.htm
mail.163.com/ Frame 7E3B |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
iplocator
iplocator.mail.163.com/ |
25 B 214 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gad.js
mimg.127.net/m/login/ |
1 KB 691 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
gzttest
gztp.127.net/cte/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
gzctest
gzcp.127.net/cte/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
gzetest
gzep.127.net/cte/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- gztp.127.net
- URL
- http://gztp.127.net/cte/gzttest?1600281001273
- Domain
- gzcp.127.net
- URL
- http://gzcp.127.net/cte/gzctest?1600281001274
- Domain
- gzep.127.net
- URL
- http://gzep.127.net/cte/gzetest?1600281001274
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic China (Online)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
analytics.163.com
count.mail.163.com
electrocoolhvacr.com
gzcp.127.net
gzep.127.net
gztp.127.net
iplocator.mail.163.com
mail.163.com
mimg.127.net
ssl.mail.163.com
gzcp.127.net
gzep.127.net
gztp.127.net
103.129.252.34
123.126.97.207
123.126.97.210
123.126.97.211
195.191.25.158
223.252.195.133
16ede25c08f54c3b1627d401b847eec08b089227058660799c2372dbd6f52425
17add961a686edb5b25996bcc4e08a14e5e36b6a1796ffbbb9cc751e7ca97ac8
1c9f60c1e405da5f8d3eb2b526b76db044937a15ceadfe370f83b7c6bcf7fde8
2eedcabc30b2dc86675308bf7b48c454e954f76eef2d95271b62af70ae337841
3cc3a1cc321b22df78b7bf0da839fd05906c7db47296afdf317298882a0b73be
3f666934b806964af9be68a39f16151701e7a7b8009ac24e7acb9ac0a7c10aa5
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5b953cd3f6bbe8c85e45372e4d9f6019da313c92f99e7ab4d88b2734251c5bdc
7d898171a5ede23236d3d2cdfe18d4590a5dc485f6229c66e24f6928d16e7072
86305704cb5ce03d2ce2c34224ecd1f54bfad514a5980bd9453fab19858af4d5
93db6ff0af01c1416a4cf5643fa970e6facf75aa2c38a66404085039c2314e33
a0ceb7edc5991f85a9613588811fee01502816f4a31ed92b19b348c07854f052
a8d67b57dd9674a935fb2da9e453d0d92c80438733aa5e19d5f0defb82151997
bc53e609df063968a9dc8ed64aedb7b1fc5221eccfacf18b93467564d16d91c3
e4129228b3c1d9183ed091b163797dddf16a2cf72868bb4fa56c98e7a074686d