302004.com Open in urlscan Pro
118.193.162.122 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://302004.com/
Effective URL:
http://302004.com/?FIFNNJ=77100259263894.html
Submission: On August 10 via api (August 10th 2017, 4:08:38 am UTC) from CA

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 12 HTTP transactions. The main IP is 118.193.162.122, located in Guangzhou, China and belongs to ANCHNET Shanghai Anchang Network Security Technology Co.,Ltd., CN. The main domain is 302004.com.

This is the only time 302004.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Apple (Online)

Domain & IP information

	IP Address		AS Autonomous System
12	118.193.162.122 118.193.162.122		58879 (ANCHNET S...) (ANCHNET Shanghai Anchang Network Security Technology Co.)
12	1

12 118.193.162.122 (Guangzhou, China)

ASN58879 (ANCHNET Shanghai Anchang Network Security Technology Co.,Ltd., CN)

302004.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	302004.com 302004.com	82 KB
12	1

	Domain	Requested by
12	302004.com	302004.com
12	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://302004.com/?FIFNNJ=77100259263894.html
Frame ID: 7398.1
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

12
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

82 kB
Transfer

82 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response 302004.com/ Redirect Chain http://302004.com/?FIFNN=3643619.html http://302004.com/?FIFNNJ=77100259263894.html	15 KB 15 KB	421ms 421ms	Document text/html	118.193.162.122 ANCHNET Shanghai ...
General Check archive.org Show headers Download Go to Full URL http://302004.com/?FIFNNJ=77100259263894.html Protocol HTTP/1.1 Server 118.193.162.122 Guangzhou, China, ASN58879 (ANCHNET Shanghai Anchang Network Security Technology Co.,Ltd., CN), Reverse DNS Software Äæ·ç¹¤×÷ÊÒ Netbox v3.0 201005 / Resource Hash `e43f39356c83e626f552b60c17b9f5adb012e9da44e08cf53967d20a1fc78386` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Thu, 10 Aug 2017 04:09:44 GMT Cache-control no-cache Server Äæ·ç¹¤×÷ÊÒ Netbox v3.0 201005 Connection Keep-Alive Content-Type text/html Content-Length 14871 Expires Thu, 10 Aug 2017 04:09:44 GMT Redirect headers Date Thu, 10 Aug 2017 04:09:44 GMT Server Äæ·ç¹¤×÷ÊÒ Netbox v3.0 201005 Content-Type text/html Location ?FIFNNJ=77100259263894.html Cache-control no-cache Connection Keep-Alive Content-Length 0 Expires Thu, 10 Aug 2017 04:09:44 GMT
GET H/1.1	200 OK	index.css 302004.com/js/	1 KB 1 KB	243ms 243ms	Stylesheet text/css	118.193.162.122 ANCHNET Shanghai ...
General Check archive.org Show headers Download Go to Full URL http://302004.com/js/index.css Requested by Host: 302004.com URL: http://302004.com/?FIFNNJ=77100259263894.html Protocol HTTP/1.1 Server 118.193.162.122 Guangzhou, China, ASN58879 (ANCHNET Shanghai Anchang Network Security Technology Co.,Ltd., CN), Reverse DNS Software Äæ·ç¹¤×÷ÊÒ Netbox v3.0 201005 / Resource Hash `ffb017e9573bcd5eb639b8d8af69574d667befd438a8d1c3e14ec8d1b6c807fc` Request headers Referer http://302004.com/?FIFNNJ=77100259263894.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Thu, 10 Aug 2017 04:09:45 GMT Last-Modified Sun, 02 Jun 2016 08:07:48 GMT Server Äæ·ç¹¤×÷ÊÒ Netbox v3.0 201005 Connection Keep-Alive Content-Length 1170 Content-Type text/css
GET H/1.1	200 OK	stylel.css 302004.com/js/	2 KB 2 KB	254ms 253ms	Stylesheet text/css	118.193.162.122 ANCHNET Shanghai ...
General Check archive.org Show headers Download Go to Full URL http://302004.com/js/stylel.css Requested by Host: 302004.com URL: http://302004.com/?FIFNNJ=77100259263894.html Protocol HTTP/1.1 Server 118.193.162.122 Guangzhou, China, ASN58879 (ANCHNET Shanghai Anchang Network Security Technology Co.,Ltd., CN), Reverse DNS Software Äæ·ç¹¤×÷ÊÒ Netbox v3.0 201005 / Resource Hash `19cc696d6edd4effc1f661b51c9114d4c1d035052461207004609c0bf36bf5f8` Request headers Referer http://302004.com/?FIFNNJ=77100259263894.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Thu, 10 Aug 2017 04:09:45 GMT Last-Modified Sun, 02 Jun 2016 08:07:48 GMT Server Äæ·ç¹¤×÷ÊÒ Netbox v3.0 201005 Connection Keep-Alive Content-Length 1557 Content-Type text/css
GET H/1.1	200 OK	bbb.css 302004.com/js/	733 B 733 B	485ms 243ms	Stylesheet text/css	118.193.162.122 ANCHNET Shanghai ...
General Check archive.org Show headers Download Go to Full URL http://302004.com/js/bbb.css Requested by Host: 302004.com URL: http://302004.com/?FIFNNJ=77100259263894.html Protocol HTTP/1.1 Server 118.193.162.122 Guangzhou, China, ASN58879 (ANCHNET Shanghai Anchang Network Security Technology Co.,Ltd., CN), Reverse DNS Software Äæ·ç¹¤×÷ÊÒ Netbox v3.0 201005 / Resource Hash `307ee8d5882afea9cf8c7215559fb55657cc8b38c15dbf6e31c8e491311180d5` Request headers Referer http://302004.com/?FIFNNJ=77100259263894.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Thu, 10 Aug 2017 04:09:46 GMT Last-Modified Sun, 02 Jun 2016 08:07:48 GMT Server Äæ·ç¹¤×÷ÊÒ Netbox v3.0 201005 Connection Keep-Alive Content-Length 733 Content-Type text/css
GET H/1.1	200 OK	bg.png 302004.com/js/	39 KB 39 KB	245ms 245ms	Image image/png	118.193.162.122 ANCHNET Shanghai ...
General Check archive.org Show headers Download Go to Show image Full URL http://302004.com/js/bg.png Requested by Host: 302004.com URL: http://302004.com/?FIFNNJ=77100259263894.html Protocol HTTP/1.1 Server 118.193.162.122 Guangzhou, China, ASN58879 (ANCHNET Shanghai Anchang Network Security Technology Co.,Ltd., CN), Reverse DNS Software Äæ·ç¹¤×÷ÊÒ Netbox v3.0 201005 / Resource Hash `51557984bd40a071c69a34a74a7c716aa8fe4da8a1004ecd79b98409a7abcba2` Request headers Referer http://302004.com/?FIFNNJ=77100259263894.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Thu, 10 Aug 2017 04:09:46 GMT Last-Modified Sun, 02 Jun 2016 08:07:48 GMT Server Äæ·ç¹¤×÷ÊÒ Netbox v3.0 201005 Connection Keep-Alive Content-Length 40185 Content-Type image/png
GET H/1.1	200 OK	jj.png 302004.com/js/	2 KB 2 KB	263ms 262ms	Image image/png	118.193.162.122 ANCHNET Shanghai ...
General Check archive.org Show headers Download Go to Show image Full URL http://302004.com/js/jj.png Requested by Host: 302004.com URL: http://302004.com/?FIFNNJ=77100259263894.html Protocol HTTP/1.1 Server 118.193.162.122 Guangzhou, China, ASN58879 (ANCHNET Shanghai Anchang Network Security Technology Co.,Ltd., CN), Reverse DNS Software Äæ·ç¹¤×÷ÊÒ Netbox v3.0 201005 / Resource Hash `3f522ed961284f489df1024d50bbacf26c227cce8cb2744e60b5a67795d8555f` Request headers Referer http://302004.com/?FIFNNJ=77100259263894.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Thu, 10 Aug 2017 04:09:46 GMT Last-Modified Sun, 02 Jun 2016 08:07:48 GMT Server Äæ·ç¹¤×÷ÊÒ Netbox v3.0 201005 Connection Keep-Alive Content-Length 2548 Content-Type image/png
GET H/1.1	200 OK	pg.png 302004.com/js/	3 KB 3 KB	263ms 262ms	Image image/png	118.193.162.122 ANCHNET Shanghai ...
General Check archive.org Show headers Download Go to Show image Full URL http://302004.com/js/pg.png Requested by Host: 302004.com URL: http://302004.com/?FIFNNJ=77100259263894.html Protocol HTTP/1.1 Server 118.193.162.122 Guangzhou, China, ASN58879 (ANCHNET Shanghai Anchang Network Security Technology Co.,Ltd., CN), Reverse DNS Software Äæ·ç¹¤×÷ÊÒ Netbox v3.0 201005 / Resource Hash `f6bc4f92d614acc4a11c691cf58ac2a928fcf9012e4ff7aac9c18ae0795bce75` Request headers Referer http://302004.com/?FIFNNJ=77100259263894.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Thu, 10 Aug 2017 04:09:46 GMT Last-Modified Sun, 02 Jun 2016 08:07:48 GMT Server Äæ·ç¹¤×÷ÊÒ Netbox v3.0 201005 Connection Keep-Alive Content-Length 3343 Content-Type image/png
GET H/1.1	200 OK	yun.png 302004.com/js/	803 B 803 B	506ms 244ms	Image image/png	118.193.162.122 ANCHNET Shanghai ...
General Check archive.org Show headers Download Go to Show image Full URL http://302004.com/js/yun.png Requested by Host: 302004.com URL: http://302004.com/?FIFNNJ=77100259263894.html Protocol HTTP/1.1 Server 118.193.162.122 Guangzhou, China, ASN58879 (ANCHNET Shanghai Anchang Network Security Technology Co.,Ltd., CN), Reverse DNS Software Äæ·ç¹¤×÷ÊÒ Netbox v3.0 201005 / Resource Hash `322282e47d8552a0feabcfe595ca44c3afb82c5147f45416fa008af86e3cf515` Request headers Referer http://302004.com/?FIFNNJ=77100259263894.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Thu, 10 Aug 2017 04:09:46 GMT Last-Modified Sun, 02 Jun 2016 08:07:48 GMT Server Äæ·ç¹¤×÷ÊÒ Netbox v3.0 201005 Connection Keep-Alive Content-Length 803 Content-Type image/png
GET H/1.1	200 OK	wenh.png 302004.com/js/	3 KB 3 KB	512ms 249ms	Image image/png	118.193.162.122 ANCHNET Shanghai ...
General Check archive.org Show headers Download Go to Show image Full URL http://302004.com/js/wenh.png Requested by Host: 302004.com URL: http://302004.com/?FIFNNJ=77100259263894.html Protocol HTTP/1.1 Server 118.193.162.122 Guangzhou, China, ASN58879 (ANCHNET Shanghai Anchang Network Security Technology Co.,Ltd., CN), Reverse DNS Software Äæ·ç¹¤×÷ÊÒ Netbox v3.0 201005 / Resource Hash `7c32d97d72a64609c88ad87b22f98851636019f086f74b4451fb67d43b1c95ad` Request headers Referer http://302004.com/?FIFNNJ=77100259263894.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Thu, 10 Aug 2017 04:09:46 GMT Last-Modified Sun, 02 Jun 2016 08:07:48 GMT Server Äæ·ç¹¤×÷ÊÒ Netbox v3.0 201005 Connection Keep-Alive Content-Length 2717 Content-Type image/png
GET H/1.1	200 OK	an.png 302004.com/js/	1 KB 1 KB	749ms 243ms	Image image/png	118.193.162.122 ANCHNET Shanghai ...
General Check archive.org Show headers Download Go to Show image Full URL http://302004.com/js/an.png Requested by Host: 302004.com URL: http://302004.com/?FIFNNJ=77100259263894.html Protocol HTTP/1.1 Server 118.193.162.122 Guangzhou, China, ASN58879 (ANCHNET Shanghai Anchang Network Security Technology Co.,Ltd., CN), Reverse DNS Software Äæ·ç¹¤×÷ÊÒ Netbox v3.0 201005 / Resource Hash `b3d98c4c8aa4055992854cedc838d36b8970d5c1c9030936d206d2dd31f44428` Request headers Referer http://302004.com/?FIFNNJ=77100259263894.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Thu, 10 Aug 2017 04:09:46 GMT Last-Modified Sun, 02 Jun 2016 08:07:48 GMT Server Äæ·ç¹¤×÷ÊÒ Netbox v3.0 201005 Connection Keep-Alive Content-Length 1459 Content-Type image/png
GET H/1.1	200 OK	divbg.png 302004.com/js/	14 KB 14 KB	498ms 243ms	Image image/png	118.193.162.122 ANCHNET Shanghai ...
General Check archive.org Show headers Download Go to Show image Full URL http://302004.com/js/divbg.png Requested by Host: 302004.com URL: http://302004.com/?FIFNNJ=77100259263894.html Protocol HTTP/1.1 Server 118.193.162.122 Guangzhou, China, ASN58879 (ANCHNET Shanghai Anchang Network Security Technology Co.,Ltd., CN), Reverse DNS Software Äæ·ç¹¤×÷ÊÒ Netbox v3.0 201005 / Resource Hash `94a870fe495320f69302c0671bd8907c40873d19f3df4a63d6b5ec5e662b5d2f` Request headers Referer http://302004.com/js/index.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Thu, 10 Aug 2017 04:09:46 GMT Last-Modified Sun, 02 Jun 2016 08:07:48 GMT Server Äæ·ç¹¤×÷ÊÒ Netbox v3.0 201005 Connection Keep-Alive Content-Length 14751 Content-Type image/png
GET H/1.1	200 OK	x.png 302004.com/js/	138 B 138 B	498ms 243ms	Image image/png	118.193.162.122 ANCHNET Shanghai ...
General Check archive.org Show headers Download Go to Show image Full URL http://302004.com/js/x.png Requested by Host: 302004.com URL: http://302004.com/?FIFNNJ=77100259263894.html Protocol HTTP/1.1 Server 118.193.162.122 Guangzhou, China, ASN58879 (ANCHNET Shanghai Anchang Network Security Technology Co.,Ltd., CN), Reverse DNS Software Äæ·ç¹¤×÷ÊÒ Netbox v3.0 201005 / Resource Hash `0ad39661293c7548396071886d984927146bb946de75ab3158a3bb14fdcc92ea` Request headers Referer http://302004.com/js/index.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Thu, 10 Aug 2017 04:09:46 GMT Last-Modified Sun, 02 Jun 2016 08:07:48 GMT Server Äæ·ç¹¤×÷ÊÒ Netbox v3.0 201005 Connection Keep-Alive Content-Length 138 Content-Type image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Apple (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

302004.com
118.193.162.122
0ad39661293c7548396071886d984927146bb946de75ab3158a3bb14fdcc92ea
19cc696d6edd4effc1f661b51c9114d4c1d035052461207004609c0bf36bf5f8
307ee8d5882afea9cf8c7215559fb55657cc8b38c15dbf6e31c8e491311180d5
322282e47d8552a0feabcfe595ca44c3afb82c5147f45416fa008af86e3cf515
3f522ed961284f489df1024d50bbacf26c227cce8cb2744e60b5a67795d8555f
51557984bd40a071c69a34a74a7c716aa8fe4da8a1004ecd79b98409a7abcba2
7c32d97d72a64609c88ad87b22f98851636019f086f74b4451fb67d43b1c95ad
94a870fe495320f69302c0671bd8907c40873d19f3df4a63d6b5ec5e662b5d2f
b3d98c4c8aa4055992854cedc838d36b8970d5c1c9030936d206d2dd31f44428
e43f39356c83e626f552b60c17b9f5adb012e9da44e08cf53967d20a1fc78386
f6bc4f92d614acc4a11c691cf58ac2a928fcf9012e4ff7aac9c18ae0795bce75
ffb017e9573bcd5eb639b8d8af69574d667befd438a8d1c3e14ec8d1b6c807fc

302004.com Open in urlscan Pro 118.193.162.122 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

12 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

82 kBTransfer

82 kBSize

0 Cookies

0 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

302004.com Open in urlscan Pro
118.193.162.122 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

82 kB
Transfer

82 kB
Size

0
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!