URL: http://jwii.cc/web/mail163/block/login.html
Submission: On August 29 via automatic, source openphish

Summary

This website contacted 5 IPs in 4 countries across 2 domains to perform 16 HTTP transactions. The main IP is 69.49.230.222, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is jwii.cc.
This is the only time jwii.cc was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: 163.cn (Online)

Domain & IP information

IP Address AS Autonomous System
10 69.49.230.222 46606 (UNIFIEDLA...)
4 103.129.252.34 137263 (NETEASE-A...)
1 163.171.128.148 54994 (QUANTILNE...)
1 183.131.108.223 58461 (CT-HANGZH...)
16 5
Apex Domain
Subdomains
Transfer
10 jwii.cc
jwii.cc
188 KB
6 127.net
mimg.127.net
urswebzj.nosdn.127.net
mail-activity.nosdn.127.net
102 KB
16 2
Domain Requested by
10 jwii.cc jwii.cc
4 mimg.127.net jwii.cc
1 mail-activity.nosdn.127.net jwii.cc
1 urswebzj.nosdn.127.net jwii.cc
16 4

This site contains no links.

Subject Issuer Validity Valid
mimg.127.net
GeoTrust RSA CN CA G2
2021-08-17 -
2022-09-09
a year crt.sh
*.nosdn.127.net
GeoTrust CN RSA CA G1
2020-03-27 -
2022-06-26
2 years crt.sh

This page contains 1 frames:

Primary Page: http://jwii.cc/web/mail163/block/login.html
Frame ID: C89F0DDFAA6120B513F507983E595E1F
Requests: 21 HTTP requests in this frame

Screenshot

Page Title

163网易免费邮--中文邮箱第一品牌

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

16
Requests

31 %
HTTPS

0 %
IPv6

2
Domains

4
Subdomains

5
IPs

4
Countries

290 kB
Transfer

290 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request login.html
jwii.cc/web/mail163/block/
82 KB
82 KB
Document
General
Full URL
http://jwii.cc/web/mail163/block/login.html
Protocol
HTTP/1.1
Server
69.49.230.222 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
69-49-230-222.unifiedlayer.com
Software
Apache /
Resource Hash
165a95bb7f51279e95c894226fddde08c7a9b8359f2f1bca5c481cd57cce465f

Request headers

Host
jwii.cc
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Sun, 29 Aug 2021 13:11:11 GMT
Server
Apache
Last-Modified
Sun, 16 May 2021 03:42:50 GMT
Accept-Ranges
bytes
Content-Length
83598
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html
style.248e37ee059989c49193.css
jwii.cc/web/mail163/block/figs/
88 KB
88 KB
Stylesheet
General
Full URL
http://jwii.cc/web/mail163/block/figs/style.248e37ee059989c49193.css
Requested by
Host: jwii.cc
URL: http://jwii.cc/web/mail163/block/login.html
Protocol
HTTP/1.1
Server
69.49.230.222 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
69-49-230-222.unifiedlayer.com
Software
Apache /
Resource Hash
6f494c2fccb2dc23ad991b9b89ba2b6b5e1db103316116a57fae38776610ed64

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
jwii.cc
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://jwii.cc/web/mail163/block/login.html
Connection
keep-alive
Cache-Control
no-cache
Referer
http://jwii.cc/web/mail163/block/login.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Sun, 29 Aug 2021 13:11:12 GMT
Last-Modified
Sun, 16 May 2021 00:15:10 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
89663
urs.163.607297a5.css
jwii.cc/web/mail163/block/figs/
5 KB
5 KB
Stylesheet
General
Full URL
http://jwii.cc/web/mail163/block/figs/urs.163.607297a5.css
Requested by
Host: jwii.cc
URL: http://jwii.cc/web/mail163/block/login.html
Protocol
HTTP/1.1
Server
69.49.230.222 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
69-49-230-222.unifiedlayer.com
Software
Apache /
Resource Hash
4a78062df2ac95881a546f84880e0e938fcdf265f7812ff7d3a3c93b9338df03

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
jwii.cc
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://jwii.cc/web/mail163/block/login.html
Connection
keep-alive
Cache-Control
no-cache
Referer
http://jwii.cc/web/mail163/block/login.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Sun, 29 Aug 2021 13:11:12 GMT
Last-Modified
Sun, 16 May 2021 00:15:48 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
4761
form3
jwii.cc/web/mail163/block/figs/
62 B
277 B
Script
General
Full URL
http://jwii.cc/web/mail163/block/figs/form3
Requested by
Host: jwii.cc
URL: http://jwii.cc/web/mail163/block/login.html
Protocol
HTTP/1.1
Server
69.49.230.222 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
69-49-230-222.unifiedlayer.com
Software
Apache /
Resource Hash
af9a2d314e6b6a69b5f8b68511f4e0f53987e051e39d4e493df6ffe2c0763963

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
jwii.cc
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
*/*
Referer
http://jwii.cc/web/mail163/block/login.html
Connection
keep-alive
Cache-Control
no-cache
Referer
http://jwii.cc/web/mail163/block/login.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Sun, 29 Aug 2021 13:11:12 GMT
Last-Modified
Sun, 16 May 2021 00:15:10 GMT
Server
Apache
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
62
t.gif
jwii.cc/web/mail163/block/figs/
77 B
317 B
Image
General
Full URL
http://jwii.cc/web/mail163/block/figs/t.gif
Requested by
Host: jwii.cc
URL: http://jwii.cc/web/mail163/block/login.html
Protocol
HTTP/1.1
Server
69.49.230.222 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
69-49-230-222.unifiedlayer.com
Software
Apache /
Resource Hash
3f666934b806964af9be68a39f16151701e7a7b8009ac24e7acb9ac0a7c10aa5

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
jwii.cc
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer
http://jwii.cc/web/mail163/block/login.html
Connection
keep-alive
Cache-Control
no-cache
Referer
http://jwii.cc/web/mail163/block/login.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Sun, 29 Aug 2021 13:11:12 GMT
Last-Modified
Sun, 16 May 2021 00:15:10 GMT
Server
Apache
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
77
loading_s.gif
jwii.cc/web/mail163/block/figs/
578 B
819 B
Image
General
Full URL
http://jwii.cc/web/mail163/block/figs/loading_s.gif
Requested by
Host: jwii.cc
URL: http://jwii.cc/web/mail163/block/login.html
Protocol
HTTP/1.1
Server
69.49.230.222 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
69-49-230-222.unifiedlayer.com
Software
Apache /
Resource Hash
065f86db73775341c54048befea1dbd24e6013780ce06db950cee6e5908463be

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
jwii.cc
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer
http://jwii.cc/web/mail163/block/login.html
Connection
keep-alive
Cache-Control
no-cache
Referer
http://jwii.cc/web/mail163/block/login.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Sun, 29 Aug 2021 13:11:12 GMT
Last-Modified
Sun, 16 May 2021 00:15:12 GMT
Server
Apache
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
578
noface_new.gif
jwii.cc/web/mail163/block/figs/
2 KB
2 KB
Image
General
Full URL
http://jwii.cc/web/mail163/block/figs/noface_new.gif
Requested by
Host: jwii.cc
URL: http://jwii.cc/web/mail163/block/login.html
Protocol
HTTP/1.1
Server
69.49.230.222 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
69-49-230-222.unifiedlayer.com
Software
Apache /
Resource Hash
fe224462b5aab571aea8bed69f9bc6c68c2cb8a8c1d98f4e30f2019a34ca7916

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
jwii.cc
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer
http://jwii.cc/web/mail163/block/login.html
Connection
keep-alive
Cache-Control
no-cache
Referer
http://jwii.cc/web/mail163/block/login.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Sun, 29 Aug 2021 13:11:12 GMT
Last-Modified
Sun, 16 May 2021 00:15:12 GMT
Server
Apache
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
2101
year.js.download
jwii.cc/web/mail163/block/figs/
23 B
276 B
Script
General
Full URL
http://jwii.cc/web/mail163/block/figs/year.js.download
Requested by
Host: jwii.cc
URL: http://jwii.cc/web/mail163/block/login.html
Protocol
HTTP/1.1
Server
69.49.230.222 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
69-49-230-222.unifiedlayer.com
Software
Apache /
Resource Hash
b7d3c2e78895ed6048d40b23537f1d008f0f169de24ec0745765b7e3765c0069

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
jwii.cc
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
*/*
Referer
http://jwii.cc/web/mail163/block/login.html
Connection
keep-alive
Cache-Control
no-cache
Referer
http://jwii.cc/web/mail163/block/login.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Sun, 29 Aug 2021 13:11:12 GMT
Last-Modified
Sun, 16 May 2021 00:15:12 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
23
gonganlogo.png
jwii.cc/web/mail163/block/figs/
1 KB
2 KB
Image
General
Full URL
http://jwii.cc/web/mail163/block/figs/gonganlogo.png
Requested by
Host: jwii.cc
URL: http://jwii.cc/web/mail163/block/login.html
Protocol
HTTP/1.1
Server
69.49.230.222 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
69-49-230-222.unifiedlayer.com
Software
Apache /
Resource Hash
48e7484ac4f925cce2688a289e73fd5e287dbda8f3f7b8ca0c2db6a807f12c4d

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
jwii.cc
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer
http://jwii.cc/web/mail163/block/login.html
Connection
keep-alive
Cache-Control
no-cache
Referer
http://jwii.cc/web/mail163/block/login.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Sun, 29 Aug 2021 13:11:12 GMT
Last-Modified
Sun, 16 May 2021 00:15:14 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1396
resupload_2020_6_8_39628e5a6146f059949210bebf88d697.png
jwii.cc/web/mail163/block/figs/
8 KB
8 KB
Image
General
Full URL
http://jwii.cc/web/mail163/block/figs/resupload_2020_6_8_39628e5a6146f059949210bebf88d697.png
Requested by
Host: jwii.cc
URL: http://jwii.cc/web/mail163/block/login.html
Protocol
HTTP/1.1
Server
69.49.230.222 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
69-49-230-222.unifiedlayer.com
Software
Apache /
Resource Hash
cee64c6ea4503e58c6702cc4e4ae9eacce784f2c054cf2c68f19a1e92b0a7489

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
jwii.cc
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer
http://jwii.cc/web/mail163/block/login.html
Connection
keep-alive
Cache-Control
no-cache
Referer
http://jwii.cc/web/mail163/block/login.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Sun, 29 Aug 2021 13:11:12 GMT
Last-Modified
Sun, 16 May 2021 00:15:14 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
7965
truncated
/
4 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1e34a2e90f3638992e8531b253e9f25d3e00d7604be7bad35e3261b3e0c71d25

Request headers

Referer
http://jwii.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
588 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
78f95deba1d88e2fd1d8b43399c447f6eb336943374983cb83f4de4a97453c72

Request headers

Referer
http://jwii.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
image/png
ico-user.png
mimg.127.net/p/freemail/index/lib/img/urs/
615 B
875 B
Image
General
Full URL
https://mimg.127.net/p/freemail/index/lib/img/urs/ico-user.png
Requested by
Host: jwii.cc
URL: http://jwii.cc/web/mail163/block/figs/urs.163.607297a5.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
ca12da8dade48acfcd0b7ec3fe0c96fff0283622488812896f045aa22b1338c2

Request headers

Referer
http://jwii.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Sun, 29 Aug 2021 13:11:13 GMT
last-modified
Thu, 23 May 2019 01:39:47 GMT
server
nginx
etag
"5ce5f9e3-267"
x-cache
HIT from HKGM
content-type
image/png
access-control-allow-origin
*.163.com *.126.com *.yeah.net *.tryfun.com
cache-control
max-age=315360000
accept-ranges
bytes
content-length
615
expires
Fri, 06 Jul 2029 08:57:43 GMT
ico-password.png
mimg.127.net/p/freemail/index/lib/img/urs/
379 B
638 B
Image
General
Full URL
https://mimg.127.net/p/freemail/index/lib/img/urs/ico-password.png
Requested by
Host: jwii.cc
URL: http://jwii.cc/web/mail163/block/figs/urs.163.607297a5.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
67d26d3c0f24b481a552884c4e5e165fde02b12b6fe237c89815fecdf7251c3e

Request headers

Referer
http://jwii.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Sun, 29 Aug 2021 13:11:13 GMT
last-modified
Thu, 23 May 2019 01:39:47 GMT
server
nginx
etag
"5ce5f9e3-17b"
x-cache
HIT from HKGM
content-type
image/png
access-control-allow-origin
*.163.com *.126.com *.yeah.net *.tryfun.com
cache-control
max-age=315360000
accept-ranges
bytes
content-length
379
expires
Fri, 06 Jul 2029 08:57:43 GMT
sprite_61fbe151ab715649c6b7c4ec39156201.png
urswebzj.nosdn.127.net/webzj_cdn101/
21 KB
21 KB
Image
General
Full URL
http://urswebzj.nosdn.127.net/webzj_cdn101/sprite_61fbe151ab715649c6b7c4ec39156201.png
Requested by
Host: jwii.cc
URL: http://jwii.cc/web/mail163/block/login.html
Protocol
HTTP/1.1
Server
163.171.128.148 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software
nos/v1.0.2 /
Resource Hash
dd37cd41f21e27f74586217bc1a1e6017580492bec9774602ccfe0faf4c34663

Request headers

Referer
http://jwii.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Sun, 29 Aug 2021 13:11:13 GMT
x-nos-object-name
webzj_cdn101%2Fsprite_61fbe151ab715649c6b7c4ec39156201.png
x-nos-request-id
a1e65ae5-6945-49a1-a4ab-968e4c7c5ba5
Age
1
X-Cache
HIT from cache.51cdn.com
X-Via
1.1 PS-FOC-01KG494:13 (Cdn Cache Server V2.0), 1.1 PSdgflkfFRA1gi91:3 (Cdn Cache Server V2.0)
Content-Disposition
inline; filename="webzj_cdn101%2Fsprite_61fbe151ab715649c6b7c4ec39156201.png"
Connection
keep-alive
x-nos-storage-class
STANDARD
Content-Length
21044
Last-Modified
Mon, 26 Mar 2018 11:09:00 Asia/Shanghai
Server
nos/v1.0.2
ETag
61fbe151ab715649c6b7c4ec39156201
x-nos-requesttype
GetObject
X-Ws-Request-Id
612b8771_localhost_40478-44952
Content-Type
image/png;charset=UTF-8
ico-error.png
mimg.127.net/p/freemail/index/lib/img/urs/
436 B
694 B
Image
General
Full URL
https://mimg.127.net/p/freemail/index/lib/img/urs/ico-error.png
Requested by
Host: jwii.cc
URL: http://jwii.cc/web/mail163/block/figs/urs.163.607297a5.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
582f228d991eb285fe503a840fd5a61c98c87be59e460fcc02b5d2e141c6d0ff

Request headers

Referer
http://jwii.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Sun, 29 Aug 2021 13:11:13 GMT
last-modified
Thu, 23 May 2019 07:46:08 GMT
server
nginx
etag
"5ce64fc0-1b4"
x-cache
HIT from HKGM
content-type
image/png
access-control-allow-origin
*.163.com *.126.com *.yeah.net *.tryfun.com
cache-control
max-age=315360000
accept-ranges
bytes
content-length
436
expires
Fri, 06 Jul 2029 08:57:41 GMT
mail-index-bottom-gg-7.png
mimg.127.net/ggimg/all/img21/
17 KB
17 KB
Image
General
Full URL
https://mimg.127.net/ggimg/all/img21/mail-index-bottom-gg-7.png
Requested by
Host: jwii.cc
URL: http://jwii.cc/web/mail163/block/login.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
85bcfff50035a52bd2b913234a45fe12a485f7fb3dd24f681de98eaa953e52d0

Request headers

Referer
http://jwii.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Sun, 29 Aug 2021 13:11:13 GMT
last-modified
Tue, 28 May 2019 09:03:18 GMT
server
nginx
etag
"5cecf956-4301"
x-cache
HIT from HKGM
content-type
image/png
cache-control
max-age=315360000
accept-ranges
bytes
content-length
17153
expires
Sun, 20 Oct 2030 23:32:26 GMT
1871dab7-0857-42f7-b7ca-919a5b76c3a6
mail-activity.nosdn.127.net/
61 KB
61 KB
Image
General
Full URL
https://mail-activity.nosdn.127.net/1871dab7-0857-42f7-b7ca-919a5b76c3a6
Requested by
Host: jwii.cc
URL: http://jwii.cc/web/mail163/block/login.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
183.131.108.223 Shanghai, China, ASN58461 (CT-HANGZHOU-IDC No.288,Fu-chun Road, CN),
Reverse DNS
Software
nos/v1.0.2 /
Resource Hash
b275aa829dcfbb40e98fc132289102e17d8997431434dde4b2ce7e665858e70e

Request headers

Referer
http://jwii.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Sun, 29 Aug 2021 13:11:13 GMT
x-nos-object-name
1871dab7-0857-42f7-b7ca-919a5b76c3a6
x-nos-request-id
25b1f7de-1434-4a23-ba83-e5afb408a707
Age
1
X-Cache
HIT from cache.51cdn.com
X-Via
1.1 xin46:2 (Cdn Cache Server V2.0), 1.1 dx216:9 (Cdn Cache Server V2.0)
Content-Disposition
inline; filename="1871dab7-0857-42f7-b7ca-919a5b76c3a6"
Connection
keep-alive
x-nos-storage-class
STANDARD
Content-Length
61987
Last-Modified
Tue, 27 Apr 2021 08:40:37 GMT
Server
nos/v1.0.2
ETag
"822a0689e1d2932936ea242f2b012409"
x-nos-requesttype
GetObject
X-Ws-Request-Id
612b8771_xingdianxin217_76672-45998
Content-Type
image/jpeg;charset=UTF-8
truncated
/
429 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2c44c94942bf16b971d8543513ddd9f47db6acc17f04aacea54b278e53cd672d

Request headers

Referer
http://jwii.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
326 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
697c43474ba71d79eeb8ba6dcb0c1c49d3617aef8aa5cc4d296b1e799cb12f24

Request headers

Referer
http://jwii.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
331 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2a840f089f3a645c5c6dda7e3ed1fc43c33e15fbb87fc4c3ada8d6f0421af26a

Request headers

Referer
http://jwii.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: 163.cn (Online)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

jwii.cc
mail-activity.nosdn.127.net
mimg.127.net
urswebzj.nosdn.127.net
103.129.252.34
163.171.128.148
183.131.108.223
69.49.230.222
065f86db73775341c54048befea1dbd24e6013780ce06db950cee6e5908463be
165a95bb7f51279e95c894226fddde08c7a9b8359f2f1bca5c481cd57cce465f
1e34a2e90f3638992e8531b253e9f25d3e00d7604be7bad35e3261b3e0c71d25
2a840f089f3a645c5c6dda7e3ed1fc43c33e15fbb87fc4c3ada8d6f0421af26a
2c44c94942bf16b971d8543513ddd9f47db6acc17f04aacea54b278e53cd672d
3f666934b806964af9be68a39f16151701e7a7b8009ac24e7acb9ac0a7c10aa5
48e7484ac4f925cce2688a289e73fd5e287dbda8f3f7b8ca0c2db6a807f12c4d
4a78062df2ac95881a546f84880e0e938fcdf265f7812ff7d3a3c93b9338df03
582f228d991eb285fe503a840fd5a61c98c87be59e460fcc02b5d2e141c6d0ff
67d26d3c0f24b481a552884c4e5e165fde02b12b6fe237c89815fecdf7251c3e
697c43474ba71d79eeb8ba6dcb0c1c49d3617aef8aa5cc4d296b1e799cb12f24
6f494c2fccb2dc23ad991b9b89ba2b6b5e1db103316116a57fae38776610ed64
78f95deba1d88e2fd1d8b43399c447f6eb336943374983cb83f4de4a97453c72
85bcfff50035a52bd2b913234a45fe12a485f7fb3dd24f681de98eaa953e52d0
af9a2d314e6b6a69b5f8b68511f4e0f53987e051e39d4e493df6ffe2c0763963
b275aa829dcfbb40e98fc132289102e17d8997431434dde4b2ce7e665858e70e
b7d3c2e78895ed6048d40b23537f1d008f0f169de24ec0745765b7e3765c0069
ca12da8dade48acfcd0b7ec3fe0c96fff0283622488812896f045aa22b1338c2
cee64c6ea4503e58c6702cc4e4ae9eacce784f2c054cf2c68f19a1e92b0a7489
dd37cd41f21e27f74586217bc1a1e6017580492bec9774602ccfe0faf4c34663
fe224462b5aab571aea8bed69f9bc6c68c2cb8a8c1d98f4e30f2019a34ca7916