mail.mentech.com Open in urlscan Pro
2409:8c6a:b021:1400:0:3:0:47 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://mail.mentech.com/
Submission: On July 20 via api (July 20th 2024, 6:15:38 pm UTC) from US — Scanned from DE

Summary HTTP 19 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 19 HTTP transactions. The main IP is 2409:8c6a:b021:1400:0:3:0:47, located in China and belongs to CHINAMOBILE-CN China Mobile Communications Group Co., Ltd., CN. The main domain is mail.mentech.com.
TLS certificate: Issued by TrustAsia RSA DV TLS CA G3 on June 25th 2024. Valid for: 3 months.

This is the only time mail.mentech.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic China (Online)

Domain & IP information

	IP Address	AS Autonomous System
3	2409:8c6a:b02... 2409:8c6a:b021:1400:0:3:0:47	9808 (CHINAMOBI...) (CHINAMOBILE-CN China Mobile Communications Group Co.)
16	103.129.255.238 103.129.255.238	137263 (NETEASE-A...) (NETEASE-AS-AP NETEASE HONG KONG LIMITED)
19	2

3 2409:8c6a:b021:1400:0:3:0:47 (China)

ASN9808 (CHINAMOBILE-CN China Mobile Communications Group Co., Ltd., CN)

mail.mentech.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 103.129.255.238 (Hong Kong)

ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK)
PTR: mail-m255238.qiye.163.com

mimghz.qiye.163.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mimg.qiye.163.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	163.com mimghz.qiye.163.com mimg.qiye.163.com	110 KB
3	mentech.com mail.mentech.com	3 KB
19	2

	Domain	Requested by
13	mimghz.qiye.163.com	mail.mentech.com
3	mimg.qiye.163.com	mail.mentech.com mimghz.qiye.163.com
3	mail.mentech.com	mail.mentech.com
19	3

This site contains no links.

Subject Issuer	Validity	Valid
mail.mentech.com TrustAsia RSA DV TLS CA G3	`2024-06-25` - `2024-09-23`	3 months	crt.sh
*.qiye.163.com GeoTrust RSA CN CA G2	`2024-01-26` - `2025-02-23`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://mail.mentech.com/
Frame ID: 4918B107738BE82BC76574E450B1A3F6
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

铭普光磁 - 邮箱用户登录

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

19
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

3
Subdomains

2
IPs

2
Countries

113 kB
Transfer

214 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response mail.mentech.com/	8 KB 2 KB	1398ms 249ms	Document text/html	2409:8c6a:b021:1400:0:3:0:47 CHINAMOBILE-CN Ch...
General Check archive.org Show headers Download Go to Full URL https://mail.mentech.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 2409:8c6a:b021:1400:0:3:0:47 , China, ASN9808 (CHINAMOBILE-CN China Mobile Communications Group Co., Ltd., CN), Reverse DNS Software nginx / Resource Hash `6913fe60c3be16d42565b2d97660c60423c6e4b088d5f5b4ce8d97772200f0c0` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers content-encoding br content-type text/html;charset=utf-8 date Sat, 20 Jul 2024 18:15:32 GMT lingxi-traceid 85c248a73f4cab2a0c376e5f93961f5b_n^750873600000^0 server nginx vary Accept-Encoding
GET H2	200	global.css mimghz.qiye.163.com/o/domain/201906051135/index/css/	4 KB 2 KB	1406ms 252ms	Stylesheet text/css	103.129.255.238 NETEASE-AS-AP NET...
General Check archive.org Show headers Download Go to Full URL https://mimghz.qiye.163.com/o/domain/201906051135/index/css/global.css Requested by Host: mail.mentech.com URL: https://mail.mentech.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 103.129.255.238 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK), Reverse DNS mail-m255238.qiye.163.com Software nginx / Resource Hash `54cce4207020984ff31f527bcc36000f12446bb286f859f32b1ed6d4fd1a4166` Request headers Referer https://mail.mentech.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Sat, 20 Jul 2024 18:15:33 GMT content-encoding gzip last-modified Wed, 30 Aug 2023 10:54:25 GMT server nginx lingxi-traceid 015c4de4bff4dced615aecc680105a4f_n^750873600000^0 vary Accept-Encoding, Accept-Encoding, Accept-Encoding content-type text/css cache-control max-age=31536000 expires Sun, 20 Jul 2025 18:15:33 GMT
GET H2	200	user.css mimghz.qiye.163.com/o/domain/201906051135/index/css/	515 B 525 B	1407ms 253ms	Stylesheet text/css	103.129.255.238 NETEASE-AS-AP NET...
General Check archive.org Show headers Download Go to Full URL https://mimghz.qiye.163.com/o/domain/201906051135/index/css/user.css Requested by Host: mail.mentech.com URL: https://mail.mentech.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 103.129.255.238 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK), Reverse DNS mail-m255238.qiye.163.com Software nginx / Resource Hash `cf018496eb76bb111624b1a1f0ffc86ba179056b3e4dc5bd8d91b6e9b23813be` Request headers Referer https://mail.mentech.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Sat, 20 Jul 2024 18:15:33 GMT content-encoding gzip last-modified Wed, 30 Aug 2023 10:54:25 GMT server nginx lingxi-traceid 80c9eac90daff0f5ed9d56e54fed7731_n^750873600000^0 vary Accept-Encoding content-type text/css cache-control max-age=31536000 expires Sun, 20 Jul 2025 18:15:33 GMT
GET H2	200	custom.css mimghz.qiye.163.com/o/domain/201906051135/index/css/	5 KB 2 KB	1408ms 255ms	Stylesheet text/css	103.129.255.238 NETEASE-AS-AP NET...
General Check archive.org Show headers Download Go to Full URL https://mimghz.qiye.163.com/o/domain/201906051135/index/css/custom.css Requested by Host: mail.mentech.com URL: https://mail.mentech.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 103.129.255.238 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK), Reverse DNS mail-m255238.qiye.163.com Software nginx / Resource Hash `9680f628715e90308b15fe04893fa8494bd74b0aca1ab79889956aa29fc1d52f` Request headers Referer https://mail.mentech.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Sat, 20 Jul 2024 18:15:33 GMT content-encoding gzip last-modified Wed, 30 Aug 2023 10:54:25 GMT server nginx lingxi-traceid e55285f055ed12647000cdf5987d6907_n^750873600000^0 vary Accept-Encoding, Accept-Encoding, Accept-Encoding content-type text/css cache-control max-age=31536000 expires Sun, 20 Jul 2025 18:15:33 GMT
GET H2	200	loginjs.jsp Show response mail.mentech.com/js/	8 B 160 B	245ms 243ms	Script text/javascript	2409:8c6a:b021:1400:0:3:0:47 CHINAMOBILE-CN Ch...
General Check archive.org Show headers Download Go to Full URL https://mail.mentech.com/js/loginjs.jsp Requested by Host: mail.mentech.com URL: https://mail.mentech.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 2409:8c6a:b021:1400:0:3:0:47 , China, ASN9808 (CHINAMOBILE-CN China Mobile Communications Group Co., Ltd., CN), Reverse DNS Software nginx / Resource Hash `79488488398f5f5aed236dd6e9f914599370d04dfe70fda61b8c83bf739b1088` Request headers Referer https://mail.mentech.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Sat, 20 Jul 2024 18:15:32 GMT cache-control no-cache lingxi-traceid d747ac3e9e1888fa0f65996d90c32934_n^750873600000^0 server nginx content-length 8 content-type text/javascript;charset=utf-8
GET H2	200	jquery.js Show response mimghz.qiye.163.com/o/domain/201906051135/index/js/	81 KB 29 KB	1406ms 253ms	Script application/x-javascript	103.129.255.238 NETEASE-AS-AP NET...
General Check archive.org Show headers Download Go to Full URL https://mimghz.qiye.163.com/o/domain/201906051135/index/js/jquery.js Requested by Host: mail.mentech.com URL: https://mail.mentech.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 103.129.255.238 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK), Reverse DNS mail-m255238.qiye.163.com Software nginx / Resource Hash `c885da4a8201d00d35da21db41ef3847353ad1ef6b9254e7991294bd796e6af5` Request headers Referer https://mail.mentech.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Sat, 20 Jul 2024 18:15:33 GMT content-encoding gzip last-modified Wed, 30 Aug 2023 10:54:25 GMT server nginx lingxi-traceid a66a6309975736d1897fcd965e16f0af_n^750873600000^0 vary Accept-Encoding, Accept-Encoding, Accept-Encoding content-type application/x-javascript cache-control max-age=31536000 expires Sun, 20 Jul 2025 18:15:33 GMT
GET H2	200	jquery-migrate.js Show response mimghz.qiye.163.com/o/domain/201906051135/index/js/	7 KB 3 KB	1820ms 668ms	Script application/x-javascript	103.129.255.238 NETEASE-AS-AP NET...
General Check archive.org Show headers Download Go to Full URL https://mimghz.qiye.163.com/o/domain/201906051135/index/js/jquery-migrate.js Requested by Host: mail.mentech.com URL: https://mail.mentech.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 103.129.255.238 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK), Reverse DNS mail-m255238.qiye.163.com Software nginx / Resource Hash `c4d24f6b27cc7ceea56fbec786bb1f486fdad9a1f998f760f76d1f44671e105c` Request headers Referer https://mail.mentech.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Sat, 20 Jul 2024 18:15:34 GMT content-encoding gzip last-modified Wed, 30 Aug 2023 10:54:25 GMT server nginx lingxi-traceid 6556e3c0d214c3687c8f33c035c0edaa_n^750873600000^0 vary Accept-Encoding, Accept-Encoding, Accept-Encoding content-type application/x-javascript cache-control max-age=31536000 expires Sun, 20 Jul 2025 18:15:34 GMT
GET H2	200	lang_zhcn.js Show response mimghz.qiye.163.com/o/domain/201906051135/index/js/	165 B 419 B	1746ms 593ms	Script application/x-javascript	103.129.255.238 NETEASE-AS-AP NET...
General Check archive.org Show headers Download Go to Full URL https://mimghz.qiye.163.com/o/domain/201906051135/index/js/lang_zhcn.js Requested by Host: mail.mentech.com URL: https://mail.mentech.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 103.129.255.238 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK), Reverse DNS mail-m255238.qiye.163.com Software nginx / Resource Hash `9fbba19171af44efe31699786b016f8a3158560da6e846f5f8ab005a5a19a665` Request headers Referer https://mail.mentech.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Sat, 20 Jul 2024 18:15:33 GMT content-encoding gzip last-modified Wed, 30 Aug 2023 10:54:25 GMT server nginx lingxi-traceid d414d1dead884e781dd99af8b6d4f468_n^750873600000^0 vary Accept-Encoding content-type application/x-javascript cache-control max-age=31536000 expires Sun, 20 Jul 2025 18:15:33 GMT
GET H2	200	select_network.js Show response mimghz.qiye.163.com/o/domain/201906051135/index/js/	5 KB 2 KB	1730ms 577ms	Script application/x-javascript	103.129.255.238 NETEASE-AS-AP NET...
General Check archive.org Show headers Download Go to Full URL https://mimghz.qiye.163.com/o/domain/201906051135/index/js/select_network.js Requested by Host: mail.mentech.com URL: https://mail.mentech.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 103.129.255.238 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK), Reverse DNS mail-m255238.qiye.163.com Software nginx / Resource Hash `8c7c933589b7475336aedd38dcb4d47fd69b5f4e6a3f96de9cc6bcd16668ead6` Request headers Referer https://mail.mentech.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Sat, 20 Jul 2024 18:15:33 GMT content-encoding gzip last-modified Wed, 30 Aug 2023 10:54:25 GMT server nginx lingxi-traceid 6e7b14e61f3c52fdfa5541420b0134da_n^750873600000^0 vary Accept-Encoding, Accept-Encoding, Accept-Encoding content-type application/x-javascript cache-control max-age=31536000 expires Sun, 20 Jul 2025 18:15:33 GMT
GET H2	200	login_util.js Show response mimghz.qiye.163.com/o/domain/201906051135/index/js/	14 KB 5 KB	1744ms 591ms	Script application/x-javascript	103.129.255.238 NETEASE-AS-AP NET...
General Check archive.org Show headers Download Go to Full URL https://mimghz.qiye.163.com/o/domain/201906051135/index/js/login_util.js Requested by Host: mail.mentech.com URL: https://mail.mentech.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 103.129.255.238 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK), Reverse DNS mail-m255238.qiye.163.com Software nginx / Resource Hash `ab8567cf96f024c171a5bad2d97b8e23469e8a43ddcf29d508072c5d0bc640b4` Request headers Referer https://mail.mentech.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Sat, 20 Jul 2024 18:15:33 GMT content-encoding gzip last-modified Wed, 30 Aug 2023 10:54:25 GMT server nginx lingxi-traceid 9b9c759c0912ebe2c6f48b3af9f55db2_n^750873600000^0 vary Accept-Encoding, Accept-Encoding, Accept-Encoding content-type application/x-javascript cache-control max-age=31536000 expires Sun, 20 Jul 2025 18:15:33 GMT
GET H2	200	jquery.jsonp-2.4.0.min.js Show response mimghz.qiye.163.com/o/domain/201906051135/index/js/	2 KB 1 KB	1773ms 620ms	Script application/x-javascript	103.129.255.238 NETEASE-AS-AP NET...
General Check archive.org Show headers Download Go to Full URL https://mimghz.qiye.163.com/o/domain/201906051135/index/js/jquery.jsonp-2.4.0.min.js Requested by Host: mail.mentech.com URL: https://mail.mentech.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 103.129.255.238 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK), Reverse DNS mail-m255238.qiye.163.com Software nginx / Resource Hash `93ed16cd24d6668ae2ec63f33e5456b31d940f4f22044f0298f5f553beca5b40` Request headers Referer https://mail.mentech.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Sat, 20 Jul 2024 18:15:34 GMT content-encoding gzip last-modified Wed, 30 Aug 2023 10:54:25 GMT server nginx lingxi-traceid 21d719a97e2d07ea6a7317107906f655_n^750873600000^0 vary Accept-Encoding, Accept-Encoding, Accept-Encoding content-type application/x-javascript cache-control max-age=31536000 expires Sun, 20 Jul 2025 18:15:34 GMT
GET H2	200	select_banner.js Show response mimghz.qiye.163.com/o/domain/201906051135/index/js/	8 KB 3 KB	1745ms 594ms	Script application/x-javascript	103.129.255.238 NETEASE-AS-AP NET...
General Check archive.org Show headers Download Go to Full URL https://mimghz.qiye.163.com/o/domain/201906051135/index/js/select_banner.js Requested by Host: mail.mentech.com URL: https://mail.mentech.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 103.129.255.238 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK), Reverse DNS mail-m255238.qiye.163.com Software nginx / Resource Hash `f93dc8fce9eb4b6b68c4bab1aed3d4964b704f46e29aa452ee72ab1d9752cbf9` Request headers Referer https://mail.mentech.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Sat, 20 Jul 2024 18:15:33 GMT content-encoding gzip last-modified Wed, 30 Aug 2023 10:54:25 GMT server nginx lingxi-traceid 07000c6bc2697134ac7d01539a3ae363_n^750873600000^0 vary Accept-Encoding, Accept-Encoding, Accept-Encoding content-type application/x-javascript cache-control max-age=31536000 expires Sun, 20 Jul 2025 18:15:33 GMT
GET H2	200	reset_pwd.js Show response mimghz.qiye.163.com/o/domain/201906051135/index/js/	408 B 501 B	1773ms 621ms	Script application/x-javascript	103.129.255.238 NETEASE-AS-AP NET...
General Check archive.org Show headers Download Go to Full URL https://mimghz.qiye.163.com/o/domain/201906051135/index/js/reset_pwd.js Requested by Host: mail.mentech.com URL: https://mail.mentech.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 103.129.255.238 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK), Reverse DNS mail-m255238.qiye.163.com Software nginx / Resource Hash `f47380a77de7dd452a0004c2282a1ffa5bb6270b1737a220934ca2ec9158f502` Request headers Referer https://mail.mentech.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Sat, 20 Jul 2024 18:15:34 GMT content-encoding gzip last-modified Wed, 30 Aug 2023 10:54:25 GMT server nginx lingxi-traceid a64f5ddbd84a799dbb8ebfdf19a244ce_n^750873600000^0 vary Accept-Encoding content-type application/x-javascript cache-control max-age=31536000 expires Sun, 20 Jul 2025 18:15:34 GMT
GET H2	200	qiye_algorithm.js Show response mimg.qiye.163.com/o/index/lib/scripts/	27 KB 9 KB	1413ms 261ms	Script application/x-javascript	103.129.255.238 NETEASE-AS-AP NET...
General Check archive.org Show headers Download Go to Full URL https://mimg.qiye.163.com/o/index/lib/scripts/qiye_algorithm.js Requested by Host: mail.mentech.com URL: https://mail.mentech.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 103.129.255.238 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK), Reverse DNS mail-m255238.qiye.163.com Software nginx / Resource Hash `c948a51709e4f0bd4c7f0b6f21ed55286524e2b6c74efdb1969473cb40deccde` Request headers Referer https://mail.mentech.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Sat, 20 Jul 2024 18:15:33 GMT content-encoding gzip last-modified Wed, 09 Dec 2015 03:07:20 GMT server nginx lingxi-traceid 65e9356abe795d9cfb8b0cb5325bfb4a_n^750873600000^0 vary Accept-Encoding, Accept-Encoding, Accept-Encoding content-type application/x-javascript cache-control max-age=31536000 expires Sun, 20 Jul 2025 18:15:33 GMT
GET H2	200	bg_cn_noqiye.png mimghz.qiye.163.com/o/domain/201906051135/index/img/	9 KB 9 KB	417ms 416ms	Image image/png	103.129.255.238 NETEASE-AS-AP NET...
General Check archive.org Show headers Download Go to Show image Full URL https://mimghz.qiye.163.com/o/domain/201906051135/index/img/bg_cn_noqiye.png Requested by Host: mail.mentech.com URL: https://mail.mentech.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 103.129.255.238 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK), Reverse DNS mail-m255238.qiye.163.com Software nginx / Resource Hash `000114f7ef19aac009b411eff3232439da5e89a7476248a8813b94e9c4cd7bc1` Request headers Referer https://mail.mentech.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Sat, 20 Jul 2024 18:15:34 GMT last-modified Wed, 30 Aug 2023 10:54:25 GMT server nginx lingxi-traceid f30dab11d3ad95cd050dc6b9fecc33fa_n^750873600000^0 content-type image/png cache-control max-age=31536000 accept-ranges bytes content-length 9147 expires Sun, 20 Jul 2025 18:15:34 GMT
GET H2	200	bgx.gif mimg.qiye.163.com/xm/qiye/login/img/	87 B 306 B	280ms 280ms	Image image/gif	103.129.255.238 NETEASE-AS-AP NET...
General Check archive.org Show headers Download Go to Show image Full URL https://mimg.qiye.163.com/xm/qiye/login/img/bgx.gif Requested by Host: mimghz.qiye.163.com URL: https://mimghz.qiye.163.com/o/domain/201906051135/index/css/global.css Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 103.129.255.238 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK), Reverse DNS mail-m255238.qiye.163.com Software nginx / Resource Hash `57f37271dc71a424614a1b51d7c9c95bc5d81ccc40588afb31f54689b46f8715` Request headers Referer https://mimghz.qiye.163.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Sat, 20 Jul 2024 18:15:34 GMT last-modified Thu, 07 Jan 2010 06:22:50 GMT server nginx lingxi-traceid 70cb8587825a4b0780d7435aba72cd60_n^750873600000^0 content-type image/gif cache-control no-cache accept-ranges bytes content-length 87 expires Sat, 20 Jul 2024 18:15:33 GMT
GET H2	200	bg.gif mimg.qiye.163.com/xm/qiye/login/img/	12 KB 13 KB	253ms 253ms	Image image/gif	103.129.255.238 NETEASE-AS-AP NET...
General Check archive.org Show headers Download Go to Show image Full URL https://mimg.qiye.163.com/xm/qiye/login/img/bg.gif Requested by Host: mimghz.qiye.163.com URL: https://mimghz.qiye.163.com/o/domain/201906051135/index/css/global.css Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 103.129.255.238 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK), Reverse DNS mail-m255238.qiye.163.com Software nginx / Resource Hash `09e7fb9326ea92a21d2e4703ed5274db3e63652e90892761ae12e82ffc33eb66` Request headers Referer https://mimghz.qiye.163.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Sat, 20 Jul 2024 18:15:34 GMT last-modified Thu, 07 Jan 2010 06:22:50 GMT server nginx lingxi-traceid e7374381ab4157421ff2226e7b0152f8_n^750873600000^0 content-type image/gif cache-control no-cache accept-ranges bytes content-length 12556 expires Sat, 20 Jul 2024 18:15:33 GMT
GET H2	200	defaultBgRight3.8f205c3b.jpg mimghz.qiye.163.com/o/admin/20150730/images/	30 KB 31 KB	251ms 251ms	Image image/jpeg	103.129.255.238 NETEASE-AS-AP NET...
General Check archive.org Show headers Download Go to Show image Full URL https://mimghz.qiye.163.com/o/admin/20150730/images/defaultBgRight3.8f205c3b.jpg Requested by Host: mail.mentech.com URL: https://mail.mentech.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 103.129.255.238 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK), Reverse DNS mail-m255238.qiye.163.com Software nginx / Resource Hash `22a3a07ec7f1cf1e74425f0b9f4fe090abb317d8655220cdb30bc23bf94b672e` Request headers Referer https://mail.mentech.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Sat, 20 Jul 2024 18:15:34 GMT last-modified Fri, 23 Dec 2016 10:28:06 GMT server nginx lingxi-traceid 245168b08d98ad4d8fd3391459ae0bde_n^750873600000^0 content-type image/jpeg cache-control max-age=31536000 accept-ranges bytes content-length 30996 expires Sun, 20 Jul 2025 18:15:34 GMT
GET H2	200	favicon.ico mail.mentech.com/	894 B 1 KB	245ms 244ms	Other image/x-icon	2409:8c6a:b021:1400:0:3:0:47 CHINAMOBILE-CN Ch...
General Check archive.org Show headers Download Go to Full URL https://mail.mentech.com/favicon.ico Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 2409:8c6a:b021:1400:0:3:0:47 , China, ASN9808 (CHINAMOBILE-CN China Mobile Communications Group Co., Ltd., CN), Reverse DNS Software nginx / Resource Hash `c8a5ae04c0da8eb8002570c53870db9a5bb8ba1a5286cdba33e268f085a25f88` Request headers Referer https://mail.mentech.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Sat, 20 Jul 2024 18:15:34 GMT last-modified Wed, 12 May 2021 07:08:38 GMT server nginx lingxi-traceid d6648c28267759441ada06d74a380fe7_n^750873600000^0 content-type image/x-icon cache-control max-age=31536000 accept-ranges bytes content-length 894 expires Sun, 20 Jul 2025 18:15:34 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic China (Online)

118 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			mail.mentech.com/	1969-12-31 23:59:59	Name: ds Value: 00

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://mail.mentech.com/ Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

mail.mentech.com
mimg.qiye.163.com
mimghz.qiye.163.com
103.129.255.238
2409:8c6a:b021:1400:0:3:0:47
000114f7ef19aac009b411eff3232439da5e89a7476248a8813b94e9c4cd7bc1
09e7fb9326ea92a21d2e4703ed5274db3e63652e90892761ae12e82ffc33eb66
22a3a07ec7f1cf1e74425f0b9f4fe090abb317d8655220cdb30bc23bf94b672e
54cce4207020984ff31f527bcc36000f12446bb286f859f32b1ed6d4fd1a4166
57f37271dc71a424614a1b51d7c9c95bc5d81ccc40588afb31f54689b46f8715
6913fe60c3be16d42565b2d97660c60423c6e4b088d5f5b4ce8d97772200f0c0
79488488398f5f5aed236dd6e9f914599370d04dfe70fda61b8c83bf739b1088
8c7c933589b7475336aedd38dcb4d47fd69b5f4e6a3f96de9cc6bcd16668ead6
93ed16cd24d6668ae2ec63f33e5456b31d940f4f22044f0298f5f553beca5b40
9680f628715e90308b15fe04893fa8494bd74b0aca1ab79889956aa29fc1d52f
9fbba19171af44efe31699786b016f8a3158560da6e846f5f8ab005a5a19a665
ab8567cf96f024c171a5bad2d97b8e23469e8a43ddcf29d508072c5d0bc640b4
c4d24f6b27cc7ceea56fbec786bb1f486fdad9a1f998f760f76d1f44671e105c
c885da4a8201d00d35da21db41ef3847353ad1ef6b9254e7991294bd796e6af5
c8a5ae04c0da8eb8002570c53870db9a5bb8ba1a5286cdba33e268f085a25f88
c948a51709e4f0bd4c7f0b6f21ed55286524e2b6c74efdb1969473cb40deccde
cf018496eb76bb111624b1a1f0ffc86ba179056b3e4dc5bd8d91b6e9b23813be
f47380a77de7dd452a0004c2282a1ffa5bb6270b1737a220934ca2ec9158f502
f93dc8fce9eb4b6b68c4bab1aed3d4964b704f46e29aa452ee72ab1d9752cbf9

mail.mentech.com Open in urlscan Pro 2409:8c6a:b021:1400:0:3:0:47 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

19 Requests

100 %HTTPS

50 %IPv6

2 Domains

3 Subdomains

2 IPs

2 Countries

113 kBTransfer

214 kBSize

1 Cookies

0 Outgoing links

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

118 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

mail.mentech.com Open in urlscan Pro
2409:8c6a:b021:1400:0:3:0:47 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

3
Subdomains

2
IPs

2
Countries

113 kB
Transfer

214 kB
Size

1
Cookies

19 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!