electrocoolhvacr.com Open in urlscan Pro
195.191.25.158 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm
Submission: On September 16 via api (September 16th 2020, 6:30:15 pm UTC) from TW

Summary HTTP 19 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 3 domains to perform 19 HTTP transactions. The main IP is 195.191.25.158, located in Ukraine and belongs to HOSTPRO-AS, UA. The main domain is electrocoolhvacr.com.

This is the only time electrocoolhvacr.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic China (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	195.191.25.158 195.191.25.158	196645 (HOSTPRO-AS) (HOSTPRO-AS)
11	103.129.252.34 103.129.252.34	137263 (NETEASE-A...) (NETEASE-AS-AP NETEASE HONG KONG LIMITED)
1	123.126.97.210 123.126.97.210	4808 (CHINA169-...) (CHINA169-BJ China Unicom Beijing Province Network)
1	223.252.195.133 223.252.195.133	45062 (NETEASE-A...) (NETEASE-AS Guangzhou NetEase Computer System Co.)
1	123.126.97.211 123.126.97.211	4808 (CHINA169-...) (CHINA169-BJ China Unicom Beijing Province Network)
1	123.126.97.207 123.126.97.207	4808 (CHINA169-...) (CHINA169-BJ China Unicom Beijing Province Network)
19	7

1 195.191.25.158 (Ukraine)

ASN196645 (HOSTPRO-AS, UA)
PTR: iron.fastbighost.net

electrocoolhvacr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 103.129.252.34 (Hong Kong)

ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK)

mimg.127.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mail.163.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 123.126.97.210 (Beijing, China)

ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN)
PTR: mail-m97210.mail.163.com

ssl.mail.163.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 223.252.195.133 (China)

ASN45062 (NETEASE-AS Guangzhou NetEase Computer System Co., Ltd., CN)

analytics.163.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 123.126.97.211 (Beijing, China)

ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN)
PTR: mail-m97211.mail.163.com

count.mail.163.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 123.126.97.207 (Beijing, China)

ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN)
PTR: mail-m97207.mail.163.com

iplocator.mail.163.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	127.net mimg.127.net gztp.127.net Failed gzcp.127.net Failed gzep.127.net Failed	87 KB
5	163.com ssl.mail.163.com analytics.163.com count.mail.163.com mail.163.com iplocator.mail.163.com	8 KB
1	electrocoolhvacr.com electrocoolhvacr.com	24 KB
19	3

	Domain	Requested by
10	mimg.127.net	electrocoolhvacr.com mimg.127.net
1	iplocator.mail.163.com	mimg.127.net
1	mail.163.com	electrocoolhvacr.com
1	count.mail.163.com	electrocoolhvacr.com
1	analytics.163.com	electrocoolhvacr.com
1	ssl.mail.163.com	electrocoolhvacr.com
1	electrocoolhvacr.com
0	gzep.127.net Failed	mimg.127.net
0	gzcp.127.net Failed	mimg.127.net
0	gztp.127.net Failed	mimg.127.net
19	10

This site contains no links.

Subject Issuer	Validity	Valid
ssl.mail.163.com GeoTrust CN RSA CA G1	`2020-01-07` - `2022-03-05`	2 years	crt.sh

This page contains 2 frames:

Primary Page: http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm
Frame ID: 6BB922450D9A3DC323B2907C0E2B7490
Requests: 18 HTTP requests in this frame

Frame: http://mail.163.com/preload5.htm
Frame ID: 7E3B688FEC94D8637373BB9EFEBEC96C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

19
Requests

5 %
HTTPS

0 %
IPv6

3
Domains

10
Subdomains

7
IPs

3
Countries

120 kB
Transfer

206 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request 163xffrxxzzz.htm Show response electrocoolhvacr.com/control/163/	82 KB 24 KB	86ms 67ms	Document text/html	195.191.25.158 HOSTPRO-AS
General Check archive.org Show headers Download Go to Full URL http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm Protocol HTTP/1.1 Server 195.191.25.158 , Ukraine, ASN196645 (HOSTPRO-AS, UA), Reverse DNS iron.fastbighost.net Software nginx / Resource Hash `2eedcabc30b2dc86675308bf7b48c454e954f76eef2d95271b62af70ae337841` Request headers Host electrocoolhvacr.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Server nginx Date Wed, 16 Sep 2020 18:29:56 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive Last-Modified Mon, 01 Jun 2015 13:19:42 GMT Content-Encoding gzip
GET H/1.1	200 OK	base_v3.js Show response mimg.127.net/index/lib/scripts/	23 KB 8 KB	726ms 410ms	Script application/x-javascript	103.129.252.34 NETEASE-AS-AP NET...
General Check archive.org Show headers Download Go to Full URL http://mimg.127.net/index/lib/scripts/base_v3.js Requested by Host: electrocoolhvacr.com URL: http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm Protocol HTTP/1.1 Server 103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK), Reverse DNS Software nginx / Resource Hash `a0ceb7edc5991f85a9613588811fee01502816f4a31ed92b19b348c07854f052` Request headers Referer http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 16 Sep 2020 18:29:57 GMT Content-Encoding gzip Last-Modified Tue, 05 Nov 2013 10:13:30 GMT Server nginx ETag W/"5278c4ca-5d69" Vary Accept-Encoding X-Cache HIT from HKGM Content-Type application/x-javascript Cache-Control max-age=3600 Transfer-Encoding chunked Connection keep-alive Expires Wed, 16 Sep 2020 18:53:18 GMT
GET H/1.1	200 OK	ntes_logo.png mimg.127.net/index/email/img/2012/	983 B 1 KB	730ms 413ms	Image image/png	103.129.252.34 NETEASE-AS-AP NET...
General Check archive.org Show headers Download Go to Show image Full URL http://mimg.127.net/index/email/img/2012/ntes_logo.png Requested by Host: electrocoolhvacr.com URL: http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm Protocol HTTP/1.1 Server 103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK), Reverse DNS Software nginx / Resource Hash `16ede25c08f54c3b1627d401b847eec08b089227058660799c2372dbd6f52425` Request headers Referer http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 16 Sep 2020 18:29:57 GMT Last-Modified Mon, 17 Dec 2012 09:09:12 GMT Server nginx ETag "50cee138-3d7" X-Cache HIT from HKGM Content-Type image/png Cache-Control max-age=3600 Connection keep-alive Accept-Ranges bytes Content-Length 983 Expires Wed, 16 Sep 2020 19:12:35 GMT
GET H/1.1	200 OK	t.gif mimg.127.net/p/	77 B 478 B	212ms 211ms	Image image/gif	103.129.252.34 NETEASE-AS-AP NET...
General Check archive.org Show headers Download Go to Show image Full URL http://mimg.127.net/p/t.gif Requested by Host: electrocoolhvacr.com URL: http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm Protocol HTTP/1.1 Server 103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK), Reverse DNS Software nginx / Resource Hash `3f666934b806964af9be68a39f16151701e7a7b8009ac24e7acb9ac0a7c10aa5` Request headers Referer http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 16 Sep 2020 18:29:57 GMT Last-Modified Mon, 18 Jun 2012 08:52:50 GMT Server nginx ETag "4fdeec62-4d" X-Cache HIT from HKGM Content-Type image/gif Access-Control-Allow-Origin .163.com .126.com .yeah.net .tryfun.com Cache-Control max-age=315360000 Connection keep-alive Accept-Ranges bytes Content-Length 77 Expires Fri, 06 Jul 2029 08:57:39 GMT
GET H/1.1	200 OK	knet.png mimg.127.net/logo/	5 KB 5 KB	209ms 208ms	Image image/png	103.129.252.34 NETEASE-AS-AP NET...
General Check archive.org Show headers Download Go to Show image Full URL http://mimg.127.net/logo/knet.png Requested by Host: electrocoolhvacr.com URL: http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm Protocol HTTP/1.1 Server 103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK), Reverse DNS Software nginx / Resource Hash `17add961a686edb5b25996bcc4e08a14e5e36b6a1796ffbbb9cc751e7ca97ac8` Request headers Referer http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 16 Sep 2020 18:29:57 GMT Last-Modified Wed, 16 May 2012 09:47:58 GMT Server nginx ETag "4fb377ce-1203" X-Cache HIT from HKGM Content-Type image/png Cache-Control max-age=3600 Connection keep-alive Accept-Ranges bytes Content-Length 4611 Expires Wed, 16 Sep 2020 18:52:01 GMT
GET H/1.1	200 OK	httpsEnable.gif ssl.mail.163.com/	43 B 251 B	1047ms 187ms	Image image/gif	123.126.97.210 CHINA169-BJ China...
General Check archive.org Show headers Download Go to Show image Full URL https://ssl.mail.163.com/httpsEnable.gif Requested by Host: electrocoolhvacr.com URL: http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_CBC Server 123.126.97.210 Beijing, China, ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN), Reverse DNS mail-m97210.mail.163.com Software nginx / Resource Hash `4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49` Request headers Referer http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 16 Sep 2020 18:29:58 GMT Last-Modified Wed, 15 Jun 2011 02:19:09 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 43 Content-Type image/gif
GET H/1.1	200 OK	ntes.js Show response analytics.163.com/	22 KB 8 KB	1291ms 1099ms	Script application/javascript	223.252.195.133 NETEASE-AS Guangz...
General Check archive.org Show headers Download Go to Full URL http://analytics.163.com/ntes.js Requested by Host: electrocoolhvacr.com URL: http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm Protocol HTTP/1.1 Server 223.252.195.133 , China, ASN45062 (NETEASE-AS Guangzhou NetEase Computer System Co., Ltd., CN), Reverse DNS Software nginx / Resource Hash `a8d67b57dd9674a935fb2da9e453d0d92c80438733aa5e19d5f0defb82151997` Request headers Referer http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 16 Sep 2020 18:29:58 GMT Content-Encoding gzip Last-Modified Thu, 27 Aug 2020 09:45:34 GMT Server nginx Content-Type application/javascript X-Server-ID S170 Cache-Control max-age=3600 Connection keep-alive Content-Length 7603 Expires Wed, 16 Sep 2020 19:29:58 GMT
GET H/1.1	200 OK	logo_v2.png mimg.127.net/index/email/img/2012/	10 KB 11 KB	421ms 413ms	Image image/png	103.129.252.34 NETEASE-AS-AP NET...
General Check archive.org Show headers Download Go to Show image Full URL http://mimg.127.net/index/email/img/2012/logo_v2.png Requested by Host: electrocoolhvacr.com URL: http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm Protocol HTTP/1.1 Server 103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK), Reverse DNS Software nginx / Resource Hash `3cc3a1cc321b22df78b7bf0da839fd05906c7db47296afdf317298882a0b73be` Request headers Referer http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 16 Sep 2020 18:29:57 GMT Last-Modified Fri, 19 Apr 2013 08:46:49 GMT Server nginx ETag "51710479-29a8" X-Cache HIT from HKGM Content-Type image/png Cache-Control max-age=3600 Connection keep-alive Accept-Ranges bytes Content-Length 10664 Expires Wed, 16 Sep 2020 19:12:36 GMT
GET H/1.1	200 OK	bgx.png mimg.127.net/index/email/img/2012/	304 B 628 B	425ms 417ms	Image image/png	103.129.252.34 NETEASE-AS-AP NET...
General Check archive.org Show headers Download Go to Show image Full URL http://mimg.127.net/index/email/img/2012/bgx.png Requested by Host: electrocoolhvacr.com URL: http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm Protocol HTTP/1.1 Server 103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK), Reverse DNS Software nginx / Resource Hash `86305704cb5ce03d2ce2c34224ecd1f54bfad514a5980bd9453fab19858af4d5` Request headers Referer http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 16 Sep 2020 18:29:57 GMT Last-Modified Mon, 17 Dec 2012 09:09:16 GMT Server nginx ETag "50cee13c-130" X-Cache HIT from HKGM Content-Type image/png Cache-Control max-age=3600 Connection keep-alive Accept-Ranges bytes Content-Length 304 Expires Wed, 16 Sep 2020 19:12:36 GMT
GET H/1.1	200 OK	bg_v2.png mimg.127.net/index/email/img/2012/	16 KB 17 KB	419ms 411ms	Image image/png	103.129.252.34 NETEASE-AS-AP NET...
General Check archive.org Show headers Download Go to Show image Full URL http://mimg.127.net/index/email/img/2012/bg_v2.png Requested by Host: electrocoolhvacr.com URL: http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm Protocol HTTP/1.1 Server 103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK), Reverse DNS Software nginx / Resource Hash `7d898171a5ede23236d3d2cdfe18d4590a5dc485f6229c66e24f6928d16e7072` Request headers Referer http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 16 Sep 2020 18:29:57 GMT Last-Modified Fri, 19 Apr 2013 08:46:49 GMT Server nginx ETag "51710479-4165" X-Cache HIT from HKGM Content-Type image/png Cache-Control max-age=3600 Connection keep-alive Accept-Ranges bytes Content-Length 16741 Expires Wed, 16 Sep 2020 19:12:36 GMT
GET H/1.1	200 OK	arr.png mimg.127.net/index/email/img/2012/	492 B 816 B	423ms 414ms	Image image/png	103.129.252.34 NETEASE-AS-AP NET...
General Check archive.org Show headers Download Go to Show image Full URL http://mimg.127.net/index/email/img/2012/arr.png Requested by Host: electrocoolhvacr.com URL: http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm Protocol HTTP/1.1 Server 103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK), Reverse DNS Software nginx / Resource Hash `e4129228b3c1d9183ed091b163797dddf16a2cf72868bb4fa56c98e7a074686d` Request headers Referer http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 16 Sep 2020 18:29:57 GMT Last-Modified Mon, 17 Dec 2012 09:09:16 GMT Server nginx ETag "50cee13c-1ec" X-Cache HIT from HKGM Content-Type image/png Cache-Control max-age=3600 Connection keep-alive Accept-Ranges bytes Content-Length 492 Expires Wed, 16 Sep 2020 19:12:36 GMT
GET H/1.1	200 OK	all2.jpg mimg.127.net/index/email/img/2012/	43 KB 44 KB	385ms 385ms	Image image/jpeg	103.129.252.34 NETEASE-AS-AP NET...
General Check archive.org Show headers Download Go to Show image Full URL http://mimg.127.net/index/email/img/2012/all2.jpg Requested by Host: electrocoolhvacr.com URL: http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm Protocol HTTP/1.1 Server 103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK), Reverse DNS Software nginx / Resource Hash `5b953cd3f6bbe8c85e45372e4d9f6019da313c92f99e7ab4d88b2734251c5bdc` Request headers Referer http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 16 Sep 2020 18:29:58 GMT Last-Modified Fri, 25 Jan 2013 06:27:10 GMT Server nginx ETag "510225be-ade0" X-Cache EXPIRED from HKGM Content-Type image/jpeg Cache-Control max-age=3600 Connection keep-alive Accept-Ranges bytes Content-Length 44512 Expires Wed, 16 Sep 2020 19:29:58 GMT
GET H/1.1	200 OK	webmail.gif count.mail.163.com/beacon/	49 B 278 B	1075ms 382ms	Image image/gif	123.126.97.211 CHINA169-BJ China...
General Check archive.org Show headers Download Go to Show image Full URL http://count.mail.163.com/beacon/webmail.gif?product=emailtab&type=default&tabname=163&rnd=1600280998708 Requested by Host: electrocoolhvacr.com URL: http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm Protocol HTTP/1.1 Server 123.126.97.211 Beijing, China, ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN), Reverse DNS mail-m97211.mail.163.com Software nginx / Resource Hash `93db6ff0af01c1416a4cf5643fa970e6facf75aa2c38a66404085039c2314e33` Request headers Referer http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 16 Sep 2020 18:29:59 GMT Last-Modified Wed, 23 May 2012 03:14:23 GMT Server nginx ETag "4fbc560f-31" Content-Type image/gif Connection keep-alive Accept-Ranges bytes Content-Length 49
GET H/1.1	200 OK	preload5.htm mail.163.com/ Frame 7E3B	0 0	633ms 457ms	Document text/html	103.129.252.34 NETEASE-AS-AP NET...
General Check archive.org Show headers Download Go to Full URL http://mail.163.com/preload5.htm Requested by Host: electrocoolhvacr.com URL: http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm Protocol HTTP/1.1 Server 103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK), Reverse DNS Software nginx / Resource Hash Request headers Host mail.163.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm Response headers Server nginx Date Wed, 16 Sep 2020 18:29:59 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive Vary Accept-Encoding Accept-Encoding Accept-Encoding Last-Modified Wed, 14 May 2014 06:51:42 GMT ETag W/"5373127e-2499" Expires Wed, 16 Sep 2020 19:09:06 GMT Cache-Control max-age=3600 X-Cache from HKGM Content-Encoding gzip
GET H/1.1	200 OK	iplocator Show response iplocator.mail.163.com/	25 B 214 B	599ms 337ms	Script text/plain	123.126.97.207 CHINA169-BJ China...
General Check archive.org Show headers Download Go to Full URL http://iplocator.mail.163.com/iplocator?callback=fGetLocator Requested by Host: mimg.127.net URL: http://mimg.127.net/index/lib/scripts/base_v3.js Protocol HTTP/1.1 Server 123.126.97.207 Beijing, China, ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN), Reverse DNS mail-m97207.mail.163.com Software nginx / Resource Hash `bc53e609df063968a9dc8ed64aedb7b1fc5221eccfacf18b93467564d16d91c3` Request headers Referer http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 16 Sep 2020 18:30:01 GMT Server nginx Connection keep-alive Content-Length 25 X-Cache from ngx18-221.163.com Content-Type text/plain;charset=UTF-8
GET H/1.1	200 OK	gad.js Show response mimg.127.net/m/login/	1 KB 691 B	215ms 214ms	Script application/x-javascript	103.129.252.34 NETEASE-AS-AP NET...
General Check archive.org Show headers Download Go to Full URL http://mimg.127.net/m/login/gad.js Requested by Host: mimg.127.net URL: http://mimg.127.net/index/lib/scripts/base_v3.js Protocol HTTP/1.1 Server 103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK), Reverse DNS Software nginx / Resource Hash `1c9f60c1e405da5f8d3eb2b526b76db044937a15ceadfe370f83b7c6bcf7fde8` Request headers Referer http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 16 Sep 2020 18:30:01 GMT Content-Encoding gzip Last-Modified Thu, 02 Jan 2014 02:03:52 GMT Server nginx ETag W/"52c4c908-460" Vary Accept-Encoding X-Cache HIT from HKGM Content-Type application/x-javascript Cache-Control max-age=3600 Transfer-Encoding chunked Connection keep-alive Expires Wed, 16 Sep 2020 18:41:09 GMT
GET		gzttest gztp.127.net/cte/	0 0

GET		gzctest gzcp.127.net/cte/	0 0

GET		gzetest gzep.127.net/cte/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: gztp.127.net
URL: http://gztp.127.net/cte/gzttest?1600281001273

Domain: gzcp.127.net
URL: http://gzcp.127.net/cte/gzctest?1600281001274

Domain: gzep.127.net
URL: http://gzep.127.net/cte/gzetest?1600281001274

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic China (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.163.com
count.mail.163.com
electrocoolhvacr.com
gzcp.127.net
gzep.127.net
gztp.127.net
iplocator.mail.163.com
mail.163.com
mimg.127.net
ssl.mail.163.com
gzcp.127.net
gzep.127.net
gztp.127.net
103.129.252.34
123.126.97.207
123.126.97.210
123.126.97.211
195.191.25.158
223.252.195.133
16ede25c08f54c3b1627d401b847eec08b089227058660799c2372dbd6f52425
17add961a686edb5b25996bcc4e08a14e5e36b6a1796ffbbb9cc751e7ca97ac8
1c9f60c1e405da5f8d3eb2b526b76db044937a15ceadfe370f83b7c6bcf7fde8
2eedcabc30b2dc86675308bf7b48c454e954f76eef2d95271b62af70ae337841
3cc3a1cc321b22df78b7bf0da839fd05906c7db47296afdf317298882a0b73be
3f666934b806964af9be68a39f16151701e7a7b8009ac24e7acb9ac0a7c10aa5
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5b953cd3f6bbe8c85e45372e4d9f6019da313c92f99e7ab4d88b2734251c5bdc
7d898171a5ede23236d3d2cdfe18d4590a5dc485f6229c66e24f6928d16e7072
86305704cb5ce03d2ce2c34224ecd1f54bfad514a5980bd9453fab19858af4d5
93db6ff0af01c1416a4cf5643fa970e6facf75aa2c38a66404085039c2314e33
a0ceb7edc5991f85a9613588811fee01502816f4a31ed92b19b348c07854f052
a8d67b57dd9674a935fb2da9e453d0d92c80438733aa5e19d5f0defb82151997
bc53e609df063968a9dc8ed64aedb7b1fc5221eccfacf18b93467564d16d91c3
e4129228b3c1d9183ed091b163797dddf16a2cf72868bb4fa56c98e7a074686d

electrocoolhvacr.com Open in urlscan Pro 195.191.25.158 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

19 Requests

5 %HTTPS

0 %IPv6

3 Domains

10 Subdomains

7 IPs

3 Countries

120 kBTransfer

206 kBSize

0 Cookies

0 Outgoing links

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

electrocoolhvacr.com Open in urlscan Pro
195.191.25.158 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

5 %
HTTPS

0 %
IPv6

3
Domains

10
Subdomains

7
IPs

3
Countries

120 kB
Transfer

206 kB
Size

0
Cookies

19 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!