my3ddreams.com Open in urlscan Pro
192.185.183.65 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://my3ddreams.com/comm/Yhatspokfun/neteaseqiye/ii.php
Submission: On September 13 via automatic, source openphish (September 13th 2021, 12:07:36 pm UTC) — Scanned from DE

Summary HTTP 12 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 6 IPs in 4 countries across 3 domains to perform 12 HTTP transactions. The main IP is 192.185.183.65, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is my3ddreams.com.

This is the only time my3ddreams.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: 163.cn (Online) Generic China (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	192.185.183.65 192.185.183.65	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
5	54.176.139.60 54.176.139.60	16509 (AMAZON-02) (AMAZON-02)
1	18.159.198.32 18.159.198.32	16509 (AMAZON-02) (AMAZON-02)
3	103.129.252.34 103.129.252.34	137263 (NETEASE-A...) (NETEASE-AS-AP NETEASE HONG KONG LIMITED)
1	123.126.97.210 123.126.97.210	4808 (CHINA169-...) (CHINA169-BJ China Unicom Beijing Province Network)
1	223.252.195.133 223.252.195.133	45062 (NETEASE-A...) (NETEASE-AS Guangzhou NetEase Computer System Co.)
12	6

1 192.185.183.65 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: ebbswebs.biz

my3ddreams.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 54.176.139.60 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: mail-aws13960.qiye.163.com

mimg.qiye.163.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mimghz.qiye.163.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.159.198.32 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: mail-aws19832.qiye.163.com

mail.qiye.163.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 103.129.252.34 (Hong Kong)

ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK)

mimg.127.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 123.126.97.210 (Fengtai, China)

ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN)
PTR: mail-m97210.mail.163.com

ssl.mail.163.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 223.252.195.133 (China)

ASN45062 (NETEASE-AS Guangzhou NetEase Computer System Co., Ltd., CN)

analytics.163.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	163.com mimg.qiye.163.com mail.qiye.163.com ssl.mail.163.com analytics.163.com mimghz.qiye.163.com	43 KB
3	127.net mimg.127.net	6 KB
1	my3ddreams.com my3ddreams.com	9 KB
12	3

	Domain	Requested by
4	mimghz.qiye.163.com	my3ddreams.com
3	mimg.127.net	my3ddreams.com
1	analytics.163.com	my3ddreams.com
1	ssl.mail.163.com	my3ddreams.com
1	mail.qiye.163.com	my3ddreams.com
1	mimg.qiye.163.com	my3ddreams.com
1	my3ddreams.com
12	7

This site contains links to these domains. Also see Links.

Domain
qiye.163.com
mail.qiye.163.com
hw.qiye.163.com
u.163.com
mail.163.com
www.163.com
ss.cnnic.cn
gb.corp.163.com
weibo.com
qiyemail.blog.163.com
help.163.com

Subject Issuer	Validity	Valid
*.qiye.163.com GeoTrust CN RSA CA G1	`2020-01-20` - `2022-02-19`	2 years	crt.sh
mimg.127.net GeoTrust RSA CN CA G2	`2021-08-17` - `2022-09-09`	a year	crt.sh
ssl.mail.163.com GeoTrust CN RSA CA G1	`2020-01-07` - `2022-03-05`	2 years	crt.sh
*.163.com GeoTrust CN RSA CA G1	`2020-02-12` - `2022-04-10`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://my3ddreams.com/comm/Yhatspokfun/neteaseqiye/ii.php
Frame ID: AD941F854688DCB7E3E435E91B8D94A2
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

网易企业邮箱 - 登录入口

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

12
Requests

83 %
HTTPS

0 %
IPv6

3
Domains

7
Subdomains

6
IPs

4
Countries

59 kB
Transfer

91 kB
Size

1
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: http://qiye.163.com/

Search URL Search Domain Scan URL

URL: http://mail.qiye.163.com/?hl=zh_TW
Title: 繁體版

Search URL Search Domain Scan URL

URL: http://mail.qiye.163.com/?hl=en_US
Title: English

Search URL Search Domain Scan URL

URL: http://hw.qiye.163.com/
Title: 国外用户登录

Search URL Search Domain Scan URL

URL: http://qiye.163.com/entry/buy-price.htm
Title: 购买

Search URL Search Domain Scan URL

URL: http://qiye.163.com/mobile/

Search URL Search Domain Scan URL

URL: https://mail.qiye.163.com/mailapp/qiyeurs/?from=http%3A%2F%2Fmail.qiye.163.com%2F#/resetPwd
Title: 忘记密码了？

Search URL Search Domain Scan URL

URL: http://u.163.com/androidds4
Title: Android版

Search URL Search Domain Scan URL

URL: http://u.163.com/iosds4
Title: iPhone版

Search URL Search Domain Scan URL

URL: http://mail.163.com/dashi/
Title: 下载邮箱大师

Search URL Search Domain Scan URL

URL: http://www.163.com/

Search URL Search Domain Scan URL

URL: https://ss.cnnic.cn/verifyseal.dll?sn=e12051044010020841301459&ct=df&pa=997669

Search URL Search Domain Scan URL

URL: http://gb.corp.163.com/gb/home.shtml
Title: 关于网易

Search URL Search Domain Scan URL

URL: http://weibo.com/163qiye
Title: 官方微博

Search URL Search Domain Scan URL

URL: http://qiyemail.blog.163.com/
Title: 官方博客

Search URL Search Domain Scan URL

URL: http://help.163.com/
Title: 客户服务

Search URL Search Domain Scan URL

URL: http://gb.corp.163.com/gb/legal.html
Title: 相关法律

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request ii.php Show response my3ddreams.com/comm/Yhatspokfun/neteaseqiye/	29 KB 9 KB	532ms 288ms	Document text/html	192.185.183.65 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL http://my3ddreams.com/comm/Yhatspokfun/neteaseqiye/ii.php Protocol HTTP/1.1 Server 192.185.183.65 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS ebbswebs.biz Software Apache / Resource Hash `24206933e5d2a0e696622323807fca96a6bebed0f40c575fe055ccd23d8c0384` Request headers Host my3ddreams.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Date Mon, 13 Sep 2021 12:07:23 GMT Server Apache Upgrade h2,h2c Connection Upgrade, Keep-Alive Vary Accept-Encoding Content-Encoding gzip Content-Length 8992 Keep-Alive timeout=5, max=75 Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	logo.gif mimg.qiye.163.com/o/public/	3 KB 3 KB	7926ms 388ms	Image image/gif	54.176.139.60 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://mimg.qiye.163.com/o/public/logo.gif Requested by Host: my3ddreams.com URL: http://my3ddreams.com/comm/Yhatspokfun/neteaseqiye/ii.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 54.176.139.60 San Jose, United States, ASN16509 (AMAZON-02, US), Reverse DNS mail-aws13960.qiye.163.com Software nginx / Resource Hash `ed6dbc8fab5b63d6df0b079b70fc95459214b77dc174a05f0ea97d6a5fdc131c` Request headers Accept-Language de-DE,de;q=0.9 Referer http://my3ddreams.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers Date Mon, 13 Sep 2021 12:07:31 GMT Last-Modified Thu, 18 Oct 2012 06:21:43 GMT Server nginx X-Cache from ntes_qiye Content-Type image/gif Cache-Control max-age=31536000 Connection keep-alive Accept-Ranges bytes Content-Length 3232 Expires Tue, 13 Sep 2022 12:07:31 GMT
GET H/1.1	200	getqrcode.do mail.qiye.163.com/mailapp/commonweb/qrcode/	8 KB 8 KB	5095ms 268ms	Image image/jpeg	18.159.198.32 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://mail.qiye.163.com/mailapp/commonweb/qrcode/getqrcode.do?w=130&h=130 Requested by Host: my3ddreams.com URL: http://my3ddreams.com/comm/Yhatspokfun/neteaseqiye/ii.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 18.159.198.32 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS mail-aws19832.qiye.163.com Software nginx / Resource Hash `59e781429ff48baf5941649747b6178a3f0c483090ef3a390b61ffd1e7c6c6d7` Request headers Accept-Language de-DE,de;q=0.9 Referer http://my3ddreams.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers Date Mon, 13 Sep 2021 12:07:28 GMT Server nginx Connection keep-alive Content-Type image/jpeg Content-Length 8062 X-Cache from ntes_qiye P3P CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
GET H2	200	netease_logo.gif mimg.127.net/logo/	1 KB 1 KB	2021ms 249ms	Image image/gif	103.129.252.34 NETEASE-AS-AP NET...
General Check archive.org Show headers Download Go to Show image Full URL https://mimg.127.net/logo/netease_logo.gif Requested by Host: my3ddreams.com URL: http://my3ddreams.com/comm/Yhatspokfun/neteaseqiye/ii.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK), Reverse DNS Software nginx / Resource Hash `b13de2eb10e93a66f6332b6ccb258bcf1502362a89b91c16f78ea425562e40a0` Request headers Accept-Language de-DE,de;q=0.9 Referer http://my3ddreams.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Mon, 13 Sep 2021 12:07:25 GMT last-modified Wed, 01 Dec 2010 02:06:41 GMT server nginx etag "4cf5adb1-4ec" x-cache HIT from HKGM content-type image/gif cache-control max-age=3600 accept-ranges bytes content-length 1260 expires Mon, 13 Sep 2021 12:40:17 GMT
GET H2	200	knet.png mimg.127.net/logo/	5 KB 5 KB	2021ms 249ms	Image image/png	103.129.252.34 NETEASE-AS-AP NET...
General Check archive.org Show headers Download Go to Show image Full URL https://mimg.127.net/logo/knet.png Requested by Host: my3ddreams.com URL: http://my3ddreams.com/comm/Yhatspokfun/neteaseqiye/ii.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK), Reverse DNS Software nginx / Resource Hash `17add961a686edb5b25996bcc4e08a14e5e36b6a1796ffbbb9cc751e7ca97ac8` Request headers Accept-Language de-DE,de;q=0.9 Referer http://my3ddreams.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Mon, 13 Sep 2021 12:07:25 GMT last-modified Wed, 16 May 2012 09:47:58 GMT server nginx etag "4fb377ce-1203" x-cache HIT from HKGM content-type image/png cache-control max-age=3600 accept-ranges bytes content-length 4611 expires Mon, 13 Sep 2021 13:01:20 GMT
GET H/1.1	200 OK	year.js Show response mimg.127.net/copyright/	23 B 364 B	1779ms 257ms	Script application/x-javascript	103.129.252.34 NETEASE-AS-AP NET...
General Check archive.org Show headers Download Go to Full URL http://mimg.127.net/copyright/year.js Requested by Host: my3ddreams.com URL: http://my3ddreams.com/comm/Yhatspokfun/neteaseqiye/ii.php Protocol HTTP/1.1 Server 103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK), Reverse DNS Software nginx / Resource Hash `b7d3c2e78895ed6048d40b23537f1d008f0f169de24ec0745765b7e3765c0069` Request headers Accept-Language de-DE,de;q=0.9 Referer http://my3ddreams.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers Date Mon, 13 Sep 2021 12:07:25 GMT Last-Modified Thu, 31 Dec 2020 10:43:14 GMT Server nginx ETag "5fedab42-17" X-Cache HIT from HKGM Content-Type application/x-javascript Cache-Control max-age=31536000 Connection keep-alive Accept-Ranges bytes Content-Length 23 Expires Fri, 31 Dec 2021 10:43:14 GMT
GET H/1.1	200 OK	httpsEnable.gif ssl.mail.163.com/	43 B 251 B	2229ms 217ms	Image image/gif	123.126.97.210 CHINA169-BJ China...
General Check archive.org Show headers Download Go to Show image Full URL https://ssl.mail.163.com/httpsEnable.gif Requested by Host: my3ddreams.com URL: http://my3ddreams.com/comm/Yhatspokfun/neteaseqiye/ii.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_CBC Server 123.126.97.210 Fengtai, China, ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN), Reverse DNS mail-m97210.mail.163.com Software nginx / Resource Hash `4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49` Request headers Accept-Language de-DE,de;q=0.9 Referer http://my3ddreams.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers Date Mon, 13 Sep 2021 12:07:25 GMT Last-Modified Wed, 15 Jun 2011 02:19:09 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 43 Content-Type image/gif
GET H2	200	ntes.js Show response analytics.163.com/	23 KB 8 KB	949ms 254ms	Script application/javascript	223.252.195.133 NETEASE-AS Guangz...
General Check archive.org Show headers Download Go to Full URL https://analytics.163.com/ntes.js Requested by Host: my3ddreams.com URL: http://my3ddreams.com/comm/Yhatspokfun/neteaseqiye/ii.php Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 223.252.195.133 , China, ASN45062 (NETEASE-AS Guangzhou NetEase Computer System Co., Ltd., CN), Reverse DNS Software nginx / Resource Hash `25db958af8f71e0c19b5ad136125dac706ee9592790160e6ae65f9b292d7fd2a` Request headers Accept-Language de-DE,de;q=0.9 Referer http://my3ddreams.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Mon, 13 Sep 2021 12:07:24 GMT content-encoding gzip last-modified Tue, 31 Aug 2021 10:42:56 GMT server nginx content-type application/javascript x-server-id S170 cache-control max-age=3600 content-length 7846 expires Mon, 13 Sep 2021 13:07:24 GMT
GET H/1.1	200 OK	login.png mimghz.qiye.163.com/o/mailapp/qiyelogin/style/img//	4 KB 4 KB	7870ms 345ms	Image image/png	54.176.139.60 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://mimghz.qiye.163.com/o/mailapp/qiyelogin/style/img//login.png Requested by Host: my3ddreams.com URL: http://my3ddreams.com/comm/Yhatspokfun/neteaseqiye/ii.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 54.176.139.60 San Jose, United States, ASN16509 (AMAZON-02, US), Reverse DNS mail-aws13960.qiye.163.com Software nginx / Resource Hash `a48f5ba832b9bcb1444871afeeb254fade0edc8ccd3122de34acceabb66434ac` Request headers Accept-Language de-DE,de;q=0.9 Referer http://my3ddreams.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers Date Mon, 13 Sep 2021 12:07:31 GMT Last-Modified Thu, 13 Nov 2014 10:33:23 GMT Server nginx X-Cache from ntes_qiye Content-Type image/png Cache-Control max-age=31536000 Connection keep-alive Accept-Ranges bytes Content-Length 4063 Expires Tue, 13 Sep 2022 00:19:44 GMT
GET H/1.1	200 OK	sprite.png mimghz.qiye.163.com/o/mailapp/qiyelogin/style/img//	6 KB 6 KB	7890ms 358ms	Image image/png	54.176.139.60 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://mimghz.qiye.163.com/o/mailapp/qiyelogin/style/img//sprite.png Requested by Host: my3ddreams.com URL: http://my3ddreams.com/comm/Yhatspokfun/neteaseqiye/ii.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 54.176.139.60 San Jose, United States, ASN16509 (AMAZON-02, US), Reverse DNS mail-aws13960.qiye.163.com Software nginx / Resource Hash `1650584f5c4f5b4e20435812baabcdf60113361578b9c001c1ef9cc638c886fd` Request headers Accept-Language de-DE,de;q=0.9 Referer http://my3ddreams.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers Date Mon, 13 Sep 2021 12:07:31 GMT Last-Modified Thu, 13 Nov 2014 10:33:23 GMT Server nginx X-Cache from ntes_qiye Content-Type image/png Cache-Control max-age=31536000 Connection keep-alive Accept-Ranges bytes Content-Length 5682 Expires Mon, 12 Sep 2022 23:00:06 GMT
GET H/1.1	200 OK	codebg.png mimghz.qiye.163.com/o/mailapp/qiyelogin/style/img//	6 KB 6 KB	7873ms 344ms	Image image/png	54.176.139.60 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://mimghz.qiye.163.com/o/mailapp/qiyelogin/style/img//codebg.png Requested by Host: my3ddreams.com URL: http://my3ddreams.com/comm/Yhatspokfun/neteaseqiye/ii.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 54.176.139.60 San Jose, United States, ASN16509 (AMAZON-02, US), Reverse DNS mail-aws13960.qiye.163.com Software nginx / Resource Hash `8696828c26cab79a60130d39242aa14bbcc38181ec2cfcb4320d5100f82fbf9e` Request headers Accept-Language de-DE,de;q=0.9 Referer http://my3ddreams.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers Date Mon, 13 Sep 2021 12:07:31 GMT Last-Modified Thu, 13 Nov 2014 10:33:23 GMT Server nginx X-Cache from ntes_qiye Content-Type image/png Cache-Control max-age=31536000 Connection keep-alive Accept-Ranges bytes Content-Length 5733 Expires Tue, 13 Sep 2022 00:43:11 GMT
GET H/1.1	200 OK	applogin_example.png mimghz.qiye.163.com/o/mailapp/qiyelogin/style/img//	7 KB 7 KB	7840ms 338ms	Image image/png	54.176.139.60 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://mimghz.qiye.163.com/o/mailapp/qiyelogin/style/img//applogin_example.png Requested by Host: my3ddreams.com URL: http://my3ddreams.com/comm/Yhatspokfun/neteaseqiye/ii.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 54.176.139.60 San Jose, United States, ASN16509 (AMAZON-02, US), Reverse DNS mail-aws13960.qiye.163.com Software nginx / Resource Hash `4e0171daa235a3165e2295b05780d34c366126e00c624b958766b84ee3fbe832` Request headers Accept-Language de-DE,de;q=0.9 Referer http://my3ddreams.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers Date Mon, 13 Sep 2021 12:07:31 GMT Last-Modified Mon, 13 Jun 2016 00:36:38 GMT Server nginx X-Cache from ntes_qiye Content-Type image/png Cache-Control max-age=31536000 Connection keep-alive Accept-Ranges bytes Content-Length 7129 Expires Tue, 13 Sep 2022 00:19:45 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: 163.cn (Online) Generic China (Online)

69 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.mail.qiye.163.com/	1969-12-31 23:59:59	Name: qrcode_uuid Value: 6aac7797465a42ddb11282137d75bbf0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.163.com
mail.qiye.163.com
mimg.127.net
mimg.qiye.163.com
mimghz.qiye.163.com
my3ddreams.com
ssl.mail.163.com
103.129.252.34
123.126.97.210
18.159.198.32
192.185.183.65
223.252.195.133
54.176.139.60
1650584f5c4f5b4e20435812baabcdf60113361578b9c001c1ef9cc638c886fd
17add961a686edb5b25996bcc4e08a14e5e36b6a1796ffbbb9cc751e7ca97ac8
24206933e5d2a0e696622323807fca96a6bebed0f40c575fe055ccd23d8c0384
25db958af8f71e0c19b5ad136125dac706ee9592790160e6ae65f9b292d7fd2a
4e0171daa235a3165e2295b05780d34c366126e00c624b958766b84ee3fbe832
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
59e781429ff48baf5941649747b6178a3f0c483090ef3a390b61ffd1e7c6c6d7
8696828c26cab79a60130d39242aa14bbcc38181ec2cfcb4320d5100f82fbf9e
a48f5ba832b9bcb1444871afeeb254fade0edc8ccd3122de34acceabb66434ac
b13de2eb10e93a66f6332b6ccb258bcf1502362a89b91c16f78ea425562e40a0
b7d3c2e78895ed6048d40b23537f1d008f0f169de24ec0745765b7e3765c0069
ed6dbc8fab5b63d6df0b079b70fc95459214b77dc174a05f0ea97d6a5fdc131c

my3ddreams.com Open in urlscan Pro 192.185.183.65 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

12 Requests

83 %HTTPS

0 %IPv6

3 Domains

7 Subdomains

6 IPs

4 Countries

59 kBTransfer

91 kBSize

1 Cookies

17 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

69 JavaScript Global Variables

1 Cookies

Indicators

my3ddreams.com Open in urlscan Pro
192.185.183.65 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

83 %
HTTPS

0 %
IPv6

3
Domains

7
Subdomains

6
IPs

4
Countries

59 kB
Transfer

91 kB
Size

1
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!