urlscan.io logo urlscan.io
SecurityTrails logo

electrocoolhvacr.com Open in urlscan Pro
88.218.28.56  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm
Submission: On December 17 via api from LU — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 3 countries across 3 domains to perform 18 HTTP transactions. The main IP is 88.218.28.56, located in Netherlands and belongs to SERVERIUS-AS, NL. The main domain is electrocoolhvacr.com.
This is the only time electrocoolhvacr.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic China (Online)

Domain & IP information

IP Address AS Autonomous System
1 88.218.28.56 50673 (SERVERIUS-AS)
12 103.129.252.61 137263 (NETEASE-A...)
1 123.126.96.214 4808 (CHINA169-...)
1 2 59.111.239.33 45062 (NETEASE-N...)
1 220.181.12.191 23724 (CHINANET-...)
1 103.129.252.59 137263 (NETEASE-A...)
18 7
1    88.218.28.56 (Netherlands)

ASN50673 (SERVERIUS-AS, NL)
PTR: nl-iron.fastbighost.net
electrocoolhvacr.com
12    103.129.252.61 (Hong Kong)

ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK)
mimg.127.net
1    123.126.96.214 (China)

ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN)
PTR: mail-m96214.mail.126.com
ssl.mail.163.com
2    59.111.239.33 (China)

ASN45062 (NETEASE-NETWORK NetEase Building No.16 Ke Yun Road, CN)
analytics.163.com
1    220.181.12.191 (China)

ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN)
PTR: m12-191.163.com
count.mail.163.com
1    103.129.252.59 (Hong Kong)

ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK)
mail.163.com
Apex Domain
Subdomains		 Transfer
12 127.net
mimg.127.net — Cisco Umbrella Rank: 114302
610 KB
5 163.com
ssl.mail.163.com — Cisco Umbrella Rank: 313849
analytics.163.com — Cisco Umbrella Rank: 504688
count.mail.163.com — Cisco Umbrella Rank: 341643
mail.163.com — Cisco Umbrella Rank: 45494
5 KB
1 electrocoolhvacr.com
electrocoolhvacr.com
24 KB
18 3
Domain Requested by
12 mimg.127.net electrocoolhvacr.com
mail.163.com
2 analytics.163.com 1 redirects electrocoolhvacr.com
1 mail.163.com electrocoolhvacr.com
1 count.mail.163.com electrocoolhvacr.com
1 ssl.mail.163.com electrocoolhvacr.com
1 electrocoolhvacr.com
18 6
Subject Issuer Validity Valid
*.mail.163.com
GeoTrust RSA CN CA G2		 2023-08-29 -
2024-09-21		 a year crt.sh

This page contains 2 frames:

Primary Page: http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm
Frame ID: 4021536F02F394F23077262E3D8FE468
Requests: 14 HTTP requests in this frame

Frame: http://mail.163.com/preload5.htm
Frame ID: 7A851637B31D4061AA0D9FCE74CB2818
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

网易免费邮箱 - 中国第一大电子邮件服务商

Page Statistics

18
Requests

6 %
HTTPS

0 %
IPv6

3
Domains

6
Subdomains

7
IPs

3
Countries

638 kB
Transfer

1876 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5
  • http://analytics.163.com/ntes.js HTTP 307
  • https://analytics.163.com/ntes.js
Request Chain 16
  • http://iplocator.mail.163.com/iplocator?callback=fGetLocator HTTP 302
  • https://mail.163.com/404_error.html

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 163xffrxxzzz.htm
electrocoolhvacr.com/control/163/ 		82 KB
24 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm
Protocol
HTTP/1.1
Server
88.218.28.56 , Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
nl-iron.fastbighost.net
Software
nginx /
Resource Hash
2eedcabc30b2dc86675308bf7b48c454e954f76eef2d95271b62af70ae337841

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Sun, 17 Dec 2023 20:15:44 GMT
Last-Modified
Mon, 01 Jun 2015 13:19:42 GMT
Server
nginx
Transfer-Encoding
chunked
base_v3.js
mimg.127.net/index/lib/scripts/ 		23 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://mimg.127.net/index/lib/scripts/base_v3.js
Requested by
Host: electrocoolhvacr.com
URL: http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm
Protocol
HTTP/1.1
Server
103.129.252.61 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
a0ceb7edc5991f85a9613588811fee01502816f4a31ed92b19b348c07854f052

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://electrocoolhvacr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

Date
Sun, 17 Dec 2023 20:15:45 GMT
Content-Encoding
gzip
Last-Modified
Tue, 05 Nov 2013 10:13:30 GMT
Server
nginx
ETag
W/"5278c4ca-5d69"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=3600
Connection
keep-alive
Expires
Sun, 17 Dec 2023 21:15:45 GMT
ntes_logo.png
mimg.127.net/index/email/img/2012/ 		983 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://mimg.127.net/index/email/img/2012/ntes_logo.png
Requested by
Host: electrocoolhvacr.com
URL: http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm
Protocol
HTTP/1.1
Server
103.129.252.61 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
16ede25c08f54c3b1627d401b847eec08b089227058660799c2372dbd6f52425

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://electrocoolhvacr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

Date
Sun, 17 Dec 2023 20:15:45 GMT
Last-Modified
Mon, 17 Dec 2012 09:09:12 GMT
Server
nginx
ETag
"50cee138-3d7"
Content-Type
image/png
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
983
Expires
Sun, 17 Dec 2023 21:15:45 GMT
t.gif
mimg.127.net/p/ 		77 B
394 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://mimg.127.net/p/t.gif
Requested by
Host: electrocoolhvacr.com
URL: http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm
Protocol
HTTP/1.1
Server
103.129.252.61 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
3f666934b806964af9be68a39f16151701e7a7b8009ac24e7acb9ac0a7c10aa5

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://electrocoolhvacr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

Date
Sun, 17 Dec 2023 20:15:45 GMT
Last-Modified
Mon, 18 Jun 2012 08:52:50 GMT
Server
nginx
ETag
"4fdeec62-4d"
Vary
Origin
Content-Type
image/gif
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
77
Expires
Wed, 14 Dec 2033 20:14:43 GMT
knet.png
mimg.127.net/logo/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://mimg.127.net/logo/knet.png
Requested by
Host: electrocoolhvacr.com
URL: http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm
Protocol
HTTP/1.1
Server
103.129.252.61 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
17add961a686edb5b25996bcc4e08a14e5e36b6a1796ffbbb9cc751e7ca97ac8

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://electrocoolhvacr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

Date
Sun, 17 Dec 2023 20:15:45 GMT
Last-Modified
Wed, 16 May 2012 09:47:58 GMT
Server
nginx
ETag
"4fb377ce-1203"
Content-Type
image/png
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4611
Expires
Sun, 17 Dec 2023 21:08:08 GMT
httpsEnable.gif
ssl.mail.163.com/ 		43 B
224 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.mail.163.com/httpsEnable.gif
Requested by
Host: electrocoolhvacr.com
URL: http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
123.126.96.214 , China, ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN),
Reverse DNS
mail-m96214.mail.126.com
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://electrocoolhvacr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 20:15:46 GMT
last-modified
Wed, 27 Oct 2021 02:55:03 GMT
server
nginx
etag
"6178bf87-2b"
content-type
image/gif
cache-control
max-age=3600
accept-ranges
bytes
content-length
43
expires
Sun, 17 Dec 2023 20:39:32 GMT
ntes.js
analytics.163.com/
Redirect Chain
  • http://analytics.163.com/ntes.js
  • https://analytics.163.com/ntes.js
0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.163.com/ntes.js
Requested by
Host: electrocoolhvacr.com
URL: http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm
Protocol
H2
Server
59.111.239.33 , China, ASN45062 (NETEASE-NETWORK NetEase Building No.16 Ke Yun Road, CN),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://electrocoolhvacr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

Redirect headers

Location
https://analytics.163.com/ntes.js
Date
Sun, 17 Dec 2023 20:15:46 GMT
Server
nginx
Connection
keep-alive
Content-Length
180
Content-Type
text/html
logo_v2.png
mimg.127.net/index/email/img/2012/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://mimg.127.net/index/email/img/2012/logo_v2.png
Requested by
Host: electrocoolhvacr.com
URL: http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm
Protocol
HTTP/1.1
Server
103.129.252.61 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
3cc3a1cc321b22df78b7bf0da839fd05906c7db47296afdf317298882a0b73be

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://electrocoolhvacr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

Date
Sun, 17 Dec 2023 20:15:45 GMT
Last-Modified
Fri, 19 Apr 2013 08:46:49 GMT
Server
nginx
ETag
"51710479-29a8"
Content-Type
image/png
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
10664
Expires
Sun, 17 Dec 2023 21:15:45 GMT
bgx.png
mimg.127.net/index/email/img/2012/ 		304 B
604 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://mimg.127.net/index/email/img/2012/bgx.png
Requested by
Host: electrocoolhvacr.com
URL: http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm
Protocol
HTTP/1.1
Server
103.129.252.61 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
86305704cb5ce03d2ce2c34224ecd1f54bfad514a5980bd9453fab19858af4d5

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://electrocoolhvacr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

Date
Sun, 17 Dec 2023 20:15:45 GMT
Last-Modified
Mon, 17 Dec 2012 09:09:16 GMT
Server
nginx
ETag
"50cee13c-130"
Content-Type
image/png
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
304
Expires
Sun, 17 Dec 2023 21:15:45 GMT
bg_v2.png
mimg.127.net/index/email/img/2012/ 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://mimg.127.net/index/email/img/2012/bg_v2.png
Requested by
Host: electrocoolhvacr.com
URL: http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm
Protocol
HTTP/1.1
Server
103.129.252.61 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
7d898171a5ede23236d3d2cdfe18d4590a5dc485f6229c66e24f6928d16e7072

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://electrocoolhvacr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

Date
Sun, 17 Dec 2023 20:15:45 GMT
Last-Modified
Fri, 19 Apr 2013 08:46:49 GMT
Server
nginx
ETag
"51710479-4165"
Content-Type
image/png
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
16741
Expires
Sun, 17 Dec 2023 21:15:45 GMT
arr.png
mimg.127.net/index/email/img/2012/ 		492 B
792 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://mimg.127.net/index/email/img/2012/arr.png
Requested by
Host: electrocoolhvacr.com
URL: http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm
Protocol
HTTP/1.1
Server
103.129.252.61 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
e4129228b3c1d9183ed091b163797dddf16a2cf72868bb4fa56c98e7a074686d

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://electrocoolhvacr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

Date
Sun, 17 Dec 2023 20:15:45 GMT
Last-Modified
Mon, 17 Dec 2012 09:09:16 GMT
Server
nginx
ETag
"50cee13c-1ec"
Content-Type
image/png
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
492
Expires
Sun, 17 Dec 2023 21:15:45 GMT
all2.jpg
mimg.127.net/index/email/img/2012/ 		43 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://mimg.127.net/index/email/img/2012/all2.jpg
Requested by
Host: electrocoolhvacr.com
URL: http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm
Protocol
HTTP/1.1
Server
103.129.252.61 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
5b953cd3f6bbe8c85e45372e4d9f6019da313c92f99e7ab4d88b2734251c5bdc

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://electrocoolhvacr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

Date
Sun, 17 Dec 2023 20:15:47 GMT
Last-Modified
Fri, 25 Jan 2013 06:27:10 GMT
Server
nginx
ETag
"510225be-ade0"
Content-Type
image/jpeg
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
44512
Expires
Sun, 17 Dec 2023 21:15:47 GMT
webmail.gif
count.mail.163.com/beacon/ 		49 B
318 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://count.mail.163.com/beacon/webmail.gif?product=emailtab&type=default&tabname=163&rnd=1702844147000
Requested by
Host: electrocoolhvacr.com
URL: http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm
Protocol
HTTP/1.1
Server
220.181.12.191 , China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN),
Reverse DNS
m12-191.163.com
Software
nginx /
Resource Hash
93db6ff0af01c1416a4cf5643fa970e6facf75aa2c38a66404085039c2314e33

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://electrocoolhvacr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

Date
Sun, 17 Dec 2023 20:15:48 GMT
Last-Modified
Wed, 23 May 2012 03:14:23 GMT
Server
nginx
ETag
"4fbc560f-31"
X-Cache
BYPASS from ngx75-228.163.com
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
49
preload5.htm
mail.163.com/ Frame 7A85 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://mail.163.com/preload5.htm
Requested by
Host: electrocoolhvacr.com
URL: http://electrocoolhvacr.com/control/163/163xffrxxzzz.htm
Protocol
HTTP/1.1
Server
103.129.252.59 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
042d634f329cc58e5b3fe7242a50316d7fb57e66eb3e51e44faa293c97cadf4a
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' *.127.net *.126.net *.163.com *.126.com *.yeah.net *.188.com *.netease.com *.qiyukf.com qiyukf.com *.youdao.com *.mediav.com *.netstatic.net; connect-src 'self' wss: *.127.net *.126.net *.163.com *.126.com *.yeah.net *.188.com *.netease.com *.qiyukf.com qiyukf.com *.youdao.com *.163yun.com; report-uri https://countly.mail.163.com/stats/csp

Request headers

Referer
http://electrocoolhvacr.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Cache-Control
max-age=3600
Connection
keep-alive
Content-Encoding
gzip
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.127.net *.126.net *.163.com *.126.com *.yeah.net *.188.com *.netease.com *.qiyukf.com qiyukf.com *.youdao.com *.mediav.com *.netstatic.net; connect-src 'self' wss: *.127.net *.126.net *.163.com *.126.com *.yeah.net *.188.com *.netease.com *.qiyukf.com qiyukf.com *.youdao.com *.163yun.com; report-uri https://countly.mail.163.com/stats/csp
Content-Type
text/html
Date
Sun, 17 Dec 2023 20:15:47 GMT
ETag
W/"5373127e-2499"
Expires
Sun, 17 Dec 2023 21:15:47 GMT
Last-Modified
Wed, 14 May 2014 06:51:42 GMT
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding
p0.js
mimg.127.net/p/js5/5.1.0b1404091425/js/ Frame 7A85 		578 KB
188 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://mimg.127.net/p/js5/5.1.0b1404091425/js/p0.js
Requested by
Host: mail.163.com
URL: http://mail.163.com/preload5.htm
Protocol
HTTP/1.1
Server
103.129.252.61 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
bf9037271322ebb2be16d4770e5f3cc8177fe9a6239843b48535f5b0d1afe5f3

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://mail.163.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

Date
Sun, 17 Dec 2023 20:15:48 GMT
Content-Encoding
gzip
Last-Modified
Wed, 09 Apr 2014 06:44:09 GMT
Server
nginx
ETag
W/"5344ec39-9084c"
Transfer-Encoding
chunked
Vary
Accept-Encoding, Origin
Content-Type
application/x-javascript
Cache-Control
max-age=315360000
Connection
keep-alive
Expires
Wed, 14 Dec 2033 20:15:48 GMT
truncated
/ Frame 7A85 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://mail.163.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

Content-Type
image/gif
base64_compress.css
mimg.127.net/p/js5/5.1.0b1404091425/css/ Frame 7A85 		330 KB
85 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://mimg.127.net/p/js5/5.1.0b1404091425/css/base64_compress.css
Requested by
Host: mail.163.com
URL: http://mail.163.com/preload5.htm
Protocol
HTTP/1.1
Server
103.129.252.61 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
b1b282541f6b3666d5249a4ed1905dbbd2b8ce0f651fb36eba071d0f7b116def

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://mail.163.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

Date
Sun, 17 Dec 2023 20:15:48 GMT
Content-Encoding
gzip
Last-Modified
Wed, 09 Apr 2014 06:43:58 GMT
Server
nginx
ETag
W/"5344ec2e-527d8"
Transfer-Encoding
chunked
Vary
Accept-Encoding, Origin
Content-Type
text/css
Cache-Control
max-age=315360000
Connection
keep-alive
Expires
Wed, 14 Dec 2033 20:15:48 GMT
404_error.html
mail.163.com/
Redirect Chain
  • http://iplocator.mail.163.com/iplocator?callback=fGetLocator
  • https://mail.163.com/404_error.html
0
0
p1.js
mimg.127.net/p/js5/5.1.0b1404091425/js/ Frame 7A85 		777 KB
249 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://mimg.127.net/p/js5/5.1.0b1404091425/js/p1.js
Requested by
Host: mail.163.com
URL: http://mail.163.com/preload5.htm
Protocol
HTTP/1.1
Server
103.129.252.61 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
6e147c029b334a3d56a3ebcf503b8298d9e85e3fca73bc8de1d499d3d40c4242

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://mail.163.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

Date
Sun, 17 Dec 2023 20:15:49 GMT
Content-Encoding
gzip
Last-Modified
Wed, 09 Apr 2014 06:44:09 GMT
Server
nginx
ETag
W/"5344ec39-c2221"
Transfer-Encoding
chunked
Vary
Accept-Encoding, Origin
Content-Type
application/x-javascript
Cache-Control
max-age=315360000
Connection
keep-alive
Expires
Wed, 14 Dec 2033 20:15:49 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
mail.163.com
URL
https://mail.163.com/404_error.html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic China (Online)

129 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| gOption function| fCheckLoginNow function| fCheckAutoLogin function| fAutoLogin undefined| gbForcepc object| oAndroidRedirect function| fCheckBrowser function| fHtml5Tag function| fCheckCookie function| fGetQuery function| fGetQueryHash function| $id function| fTrim function| fParseMNum function| fCheckAccount function| fGetScript function| fGetCookie function| fSetCookie function| fEventListen function| fEventUnlisten function| fRandom function| fUrlP function| fResize function| fFQ function| fStartTime object| gUserInfo object| gVisitorCookie undefined| gMobileNumMailIsForbidden undefined| gMobileNumMailResult object| gMobileNumMail function| fEnData function| loginRequest function| getRnd undefined| DOMContentLoaded function| DOMREADY string| base64EncodeChars function| base64encode function| utf16to8 function| fGetLocator function| fSetGadIndex function| MobCallback boolean| bGettingAlgorithm object| gIndexAd boolean| bForcepc boolean| bPreviewPc string| _ntes_nacc object| gWindow function| fCalc function| fChangeBg object| oMain object| oMainHd function| fChangePos function| fCheckboxChange string| gCurrentDomain string| gShoujiDomain object| gShoujiCache object| gLoginInfo boolean| bIsEuid object| sPreUrl object| sPreUid object| sPreReason object| sUid object| sStyle undefined| sEnUsername object| oForm object| oFormQiye object| oUrl2 object| oUserName object| oUserIpt object| oTxtAccount object| oTxtPwd object| oDomain object| oDomainQiye object| oStyle object| oGetPwd object| oLoginOpt object| oErr object| oLoginFtTips object| oIdL object| oIdLabel object| oPwL object| oPwLabel function| fSwitchTab function| fCheckShoujiDomain function| fSetShoujiDomain function| fLoginFtTipsVer function| fLoginFtDarr function| fEmuIcon function| fE function| fVerSelect function| fEmuIconTick function| fSwitchUserInfo function| fSecureLinkage function| fSubmit function| fSetAction function| fSaveLoginInfo function| fCheckqiye function| fGetQiyeMsg function| fStyleEvent function| fCls function| fIdInputEvent function| fCheckAlways undefined| oPopup undefined| oPopupClose undefined| oPopupCont undefined| oPopupSub undefined| oMask function| fKX string| sLocationInfo function| fSetLocation function| fNetErrDebug object| oSpdTestPosition object| aSpdResult object| aSpdStartTime object| aSpdEndTime object| aSpdTmpTime object| aSpdQueue function| fSpeedTestPre function| fSpeedTest function| fSpd function| fTmpSwitchLog undefined| fShowPopup undefined| fHidePopup function| fBodyClick number| oIntervalCheckAlways boolean| gSetFirstTab boolean| bSpdAuto

0 Cookies

1 Console Messages

Source Level URL
Text
network error URL: https://analytics.163.com/ntes.js
Message:
Failed to load resource: the server responded with a status of 403 ()