urlscan.io logo urlscan.io
SecurityTrails logo

delhiescort69.com Open in urlscan Pro
166.62.27.173  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://count.mail.163.com.emed-depot.com/ben%20obi/redirect.php
Effective URL: http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php
Submission: On April 28 via automatic, source openphish
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 3 countries across 5 domains to perform 20 HTTP transactions. The main IP is 166.62.27.173, located in Scottsdale, United States and belongs to AS-26496-GO-DADDY-COM-LLC, US. The main domain is delhiescort69.com.
This is the only time delhiescort69.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic China (Online)

Domain & IP information

IP Address AS Autonomous System
1 129.121.2.217 62729 (ASMALLORA...)
1 166.62.27.173 26496 (AS-26496-...)
11 103.129.252.34 137263 (NETEASE-A...)
1 123.126.97.210 4808 (CHINA169-...)
1 223.252.195.133 45062 (NETEASE-A...)
1 209.126.103.59 30083 (AS-30083-...)
1 123.126.97.207 4808 (CHINA169-...)
20 8
1    129.121.2.217 (United States)

ASN62729 (ASMALLORANGE1, US)
PTR: ip-129-121-2-217.local
count.mail.163.com.emed-depot.com
1    166.62.27.173 (Scottsdale, United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-166-62-27-173.ip.secureserver.net
delhiescort69.com
11    103.129.252.34 (Hong Kong)

ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK)
mimg.127.net
mail.163.com
1    123.126.97.210 (Beijing, China)

ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN)
PTR: mail-m97210.mail.163.com
ssl.mail.163.com
1    223.252.195.133 (China)

ASN45062 (NETEASE-AS Guangzhou NetEase Computer System Co., Ltd., CN)
analytics.163.com
1    209.126.103.59 (St Louis, United States)

ASN30083 (AS-30083-GO-DADDY-COM-LLC, US)
PTR: condor2630.startdedicated.com
cfs.u-ad.info
1    123.126.97.207 (Beijing, China)

ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN)
PTR: mail-m97207.mail.163.com
iplocator.mail.163.com
Domain Requested by
10 mimg.127.net delhiescort69.com
mimg.127.net
1 iplocator.mail.163.com mimg.127.net
1 cfs.u-ad.info delhiescort69.com
1 mail.163.com delhiescort69.com
1 analytics.163.com delhiescort69.com
1 ssl.mail.163.com delhiescort69.com
1 delhiescort69.com count.mail.163.com.emed-depot.com
1 count.mail.163.com.emed-depot.com
0 gzep.127.net Failed mimg.127.net
0 gzcp.127.net Failed mimg.127.net
0 gztp.127.net Failed mimg.127.net
20 11
Subject Issuer Validity Valid
ssl.mail.163.com
GeoTrust CN RSA CA G1		 2020-01-07 -
2022-03-05		 2 years crt.sh

This page contains 2 frames:

Primary Page: http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php
Frame ID: C73BE2A144F6489B56FC016CF771BF69
Requests: 19 HTTP requests in this frame

Frame: http://mail.163.com/preload5.htm
Frame ID: FED31CD81520FD0E112D5061DA5AFDAF
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://count.mail.163.com.emed-depot.com/ben%20obi/redirect.php Page URL
  2. http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

20
Requests

5 %
HTTPS

0 %
IPv6

5
Domains

11
Subdomains

8
IPs

3
Countries

104 kB
Transfer

175 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://count.mail.163.com.emed-depot.com/ben%20obi/redirect.php Page URL
  2. http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
redirect.php
count.mail.163.com.emed-depot.com/ben%20obi/ 		214 B
388 B 		Document
General
Check archive.org
Download Go to
Full URL
http://count.mail.163.com.emed-depot.com/ben%20obi/redirect.php
Protocol
HTTP/1.1
Server
129.121.2.217 , United States, ASN62729 (ASMALLORANGE1, US),
Reverse DNS
ip-129-121-2-217.local
Software
nginx/1.16.1 /
Resource Hash

Request headers

Host
count.mail.163.com.emed-depot.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server
nginx/1.16.1
Date
Tue, 28 Apr 2020 00:45:36 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Content-Encoding
gzip
Primary Request email.163.com.htm
delhiescort69.com/images/ 		60 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php
Requested by
Host: count.mail.163.com.emed-depot.com
URL: http://count.mail.163.com.emed-depot.com/ben%20obi/redirect.php
Protocol
HTTP/1.1
Server
166.62.27.173 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
ip-166-62-27-173.ip.secureserver.net
Software
Apache /
Resource Hash
a3468a2e7ce1302cb71c5c8ba907fc3f2d74d165ee1fbe88fb2ac823085ebd9f

Request headers

Host
delhiescort69.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://count.mail.163.com.emed-depot.com/ben%20obi/redirect.php
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://count.mail.163.com.emed-depot.com/ben%20obi/redirect.php

Response headers

Date
Tue, 28 Apr 2020 00:45:37 GMT
Server
Apache
Upgrade
h2,h2c
Connection
Upgrade, Keep-Alive
Last-Modified
Mon, 02 Mar 2020 14:53:52 GMT
ETag
"9563ca2-f0ce-59fe05b038000-gzip"
Accept-Ranges
bytes
Vary
Accept-Encoding,User-Agent
Content-Encoding
gzip
Content-Length
16565
Keep-Alive
timeout=5
Content-Type
text/html
base_v3.js
mimg.127.net/index/lib/scripts/ 		23 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://mimg.127.net/index/lib/scripts/base_v3.js
Requested by
Host: delhiescort69.com
URL: http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php
Protocol
HTTP/1.1
Server
103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
a0ceb7edc5991f85a9613588811fee01502816f4a31ed92b19b348c07854f052

Request headers

Referer
http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 00:45:38 GMT
Content-Encoding
gzip
Last-Modified
Tue, 05 Nov 2013 10:13:30 GMT
Server
nginx
ETag
W/"5278c4ca-5d69"
Vary
Accept-Encoding
X-Cache
HIT from HKGM
Content-Type
application/x-javascript
Cache-Control
max-age=3600
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Tue, 28 Apr 2020 01:02:20 GMT
ntes_logo.png
mimg.127.net/index/email/img/2012/ 		983 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://mimg.127.net/index/email/img/2012/ntes_logo.png
Requested by
Host: delhiescort69.com
URL: http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php
Protocol
HTTP/1.1
Server
103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
16ede25c08f54c3b1627d401b847eec08b089227058660799c2372dbd6f52425

Request headers

Referer
http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 00:45:38 GMT
Last-Modified
Mon, 17 Dec 2012 09:09:12 GMT
Server
nginx
ETag
"50cee138-3d7"
X-Cache
HIT from HKGM
Content-Type
image/png
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
983
Expires
Tue, 28 Apr 2020 01:27:35 GMT
t.gif
mimg.127.net/p/ 		77 B
478 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://mimg.127.net/p/t.gif
Requested by
Host: delhiescort69.com
URL: http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php
Protocol
HTTP/1.1
Server
103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
3f666934b806964af9be68a39f16151701e7a7b8009ac24e7acb9ac0a7c10aa5

Request headers

Referer
http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 00:45:38 GMT
Last-Modified
Mon, 18 Jun 2012 08:52:50 GMT
Server
nginx
ETag
"4fdeec62-4d"
X-Cache
HIT from HKGM
Content-Type
image/gif
Access-Control-Allow-Origin
*.163.com *.126.com *.yeah.net *.tryfun.com
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
77
Expires
Fri, 06 Jul 2029 08:57:39 GMT
knet.png
mimg.127.net/logo/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://mimg.127.net/logo/knet.png
Requested by
Host: delhiescort69.com
URL: http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php
Protocol
HTTP/1.1
Server
103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
17add961a686edb5b25996bcc4e08a14e5e36b6a1796ffbbb9cc751e7ca97ac8

Request headers

Referer
http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 00:45:38 GMT
Last-Modified
Wed, 16 May 2012 09:47:58 GMT
Server
nginx
ETag
"4fb377ce-1203"
X-Cache
HIT from HKGM
Content-Type
image/png
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4611
Expires
Tue, 28 Apr 2020 01:33:06 GMT
httpsEnable.gif
ssl.mail.163.com/ 		43 B
251 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.mail.163.com/httpsEnable.gif
Requested by
Host: delhiescort69.com
URL: http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_CBC
Server
123.126.97.210 Beijing, China, ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN),
Reverse DNS
mail-m97210.mail.163.com
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 00:45:40 GMT
Last-Modified
Wed, 15 Jun 2011 02:19:09 GMT
Server
nginx
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Content-Type
image/gif
ntes.js
analytics.163.com/ 		22 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://analytics.163.com/ntes.js
Requested by
Host: delhiescort69.com
URL: http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php
Protocol
HTTP/1.1
Server
223.252.195.133 , China, ASN45062 (NETEASE-AS Guangzhou NetEase Computer System Co., Ltd., CN),
Reverse DNS
Software
nginx /
Resource Hash
544ebbf8179c3b31c8799d972d599701696b4b8f8b313592d88496d96d79661e

Request headers

Referer
http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 00:45:39 GMT
Content-Encoding
gzip
Last-Modified
Fri, 24 Apr 2020 08:37:26 GMT
Server
nginx
Content-Type
application/javascript
X-Server-ID
S170
Cache-Control
max-age=3600
Connection
keep-alive
Content-Length
7515
Expires
Tue, 28 Apr 2020 01:45:39 GMT
logo.png
mimg.127.net/index/email/img/2012/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://mimg.127.net/index/email/img/2012/logo.png
Requested by
Host: delhiescort69.com
URL: http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php
Protocol
HTTP/1.1
Server
103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
4f351f075b297bc471bc0a3f4abc39bee04204393a1543c06fab5b2a5e85264d

Request headers

Referer
http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 00:45:38 GMT
Last-Modified
Mon, 17 Dec 2012 09:09:16 GMT
Server
nginx
ETag
"50cee13c-22f1"
X-Cache
HIT from HKGM
Content-Type
image/png
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
8945
Expires
Tue, 28 Apr 2020 01:27:35 GMT
bgx.png
mimg.127.net/index/email/img/2012/ 		304 B
628 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://mimg.127.net/index/email/img/2012/bgx.png
Requested by
Host: delhiescort69.com
URL: http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php
Protocol
HTTP/1.1
Server
103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
86305704cb5ce03d2ce2c34224ecd1f54bfad514a5980bd9453fab19858af4d5

Request headers

Referer
http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 00:45:38 GMT
Last-Modified
Mon, 17 Dec 2012 09:09:16 GMT
Server
nginx
ETag
"50cee13c-130"
X-Cache
HIT from HKGM
Content-Type
image/png
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
304
Expires
Tue, 28 Apr 2020 01:27:35 GMT
bg.png
mimg.127.net/index/email/img/2012/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://mimg.127.net/index/email/img/2012/bg.png
Requested by
Host: delhiescort69.com
URL: http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php
Protocol
HTTP/1.1
Server
103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
8c65da2d6f0962332bfc51374752fc99fb033b06cd0c4fbf2bbc96c19f3748ee

Request headers

Referer
http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 00:45:38 GMT
Last-Modified
Mon, 17 Dec 2012 09:09:17 GMT
Server
nginx
ETag
"50cee13d-3bd6"
X-Cache
HIT from HKGM
Content-Type
image/png
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
15318
Expires
Tue, 28 Apr 2020 01:27:35 GMT
arr.png
mimg.127.net/index/email/img/2012/ 		492 B
816 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://mimg.127.net/index/email/img/2012/arr.png
Requested by
Host: delhiescort69.com
URL: http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php
Protocol
HTTP/1.1
Server
103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
e4129228b3c1d9183ed091b163797dddf16a2cf72868bb4fa56c98e7a074686d

Request headers

Referer
http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 00:45:38 GMT
Last-Modified
Mon, 17 Dec 2012 09:09:16 GMT
Server
nginx
ETag
"50cee13c-1ec"
X-Cache
HIT from HKGM
Content-Type
image/png
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
492
Expires
Tue, 28 Apr 2020 01:27:35 GMT
all.jpg
mimg.127.net/index/email/img/2012/ 		38 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://mimg.127.net/index/email/img/2012/all.jpg
Requested by
Host: delhiescort69.com
URL: http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php
Protocol
HTTP/1.1
Server
103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
75504d17088f01fd3d96848402052b5c6d96965303fcff93482d8a7bbee87de8

Request headers

Referer
http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 00:45:39 GMT
Last-Modified
Mon, 17 Dec 2012 09:09:14 GMT
Server
nginx
ETag
"50cee13a-9798"
X-Cache
HIT from HKGM
Content-Type
image/jpeg
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
38808
Expires
Tue, 28 Apr 2020 01:27:36 GMT
preload5.htm
mail.163.com/ Frame FED3 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
http://mail.163.com/preload5.htm
Requested by
Host: delhiescort69.com
URL: http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php
Protocol
HTTP/1.1
Server
103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Host
mail.163.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php

Response headers

Server
nginx
Date
Tue, 28 Apr 2020 00:45:39 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding Accept-Encoding Accept-Encoding
Last-Modified
Wed, 14 May 2014 06:51:42 GMT
ETag
W/"5373127e-2499"
Expires
Tue, 28 Apr 2020 01:28:56 GMT
Cache-Control
max-age=3600
X-Cache
from HKGM
Content-Encoding
gzip
request
cfs.u-ad.info/cfspushadsv2/ 		0
166 B 		Script
General
Check archive.org
Download Go to
Full URL
http://cfs.u-ad.info/cfspushadsv2/request?id=1&enc=telkom2&params=4TtHaUQnUEiP6K%2fc5C582ECSaLdwqSpn1q1bRQM88p%2bASV0PLRBZlnoARRsJa7b%2frLP%2bJWxvhJwwhZrt19m0XIKH%2fyOBjCqpWMoS0kVQUkEF%2f7PTmDb2LDQm8M0HCzsROn6cXWXwXx1isgwXE1dXPCY%2fa1Qia1166vI0ATo8PGeUrV3SlZYn3bpSLfD%2b3qjGtUmg2QT5nleX7nPFXajtEk0RCZF9VpS5XBeHmTrqP1JRvVBAVoT7GNuERMUyHFUhHdQ6Zgk61Jc72ywQ0ePgD%2f8PZH59Zp7OjLnFn%2fTYOafcHK7IF%2bho2zqQZB9w0gUQgS3Xo%2bngc7bf19MU5czFSMAUdQsvIrav571kXXx5cV3k0IEc5C%2bgXAxpUMNk2CoZAC%2bNCZUqeyRnxG8vhb1fwfHe7UJOYxR9sw5nOjf9Yt6RGMe0oSLQtnyZORLH23uO1Y99ZvmtsRheAZQN5rg20rNQnBJo%2bhaQDlcvUujg2oM%2bwRCTADUeK9s2%2fMRQ0VEXPXAiS1Af1j%2fZPE%2bl%2fgTceKlET4NgWOX%2bpsnHeeKOFIFqkwtMb%2fO%2fh5SXNfMJ7q1XSHkQf0FLOxJP0RZBmp1FVyd4tv7DN5nDrtv0Evs4Fjp08%2bq8QAL%2b2Z%2fYmPk6aLD4etcqr2n4TPtkndYvzrqffyGZnh5Dby5w7m3aq6nZxucjMOiTD3NVbdrEfa5FSG32kWomaHsf1SZxlccEu0XNkQ5NibYbif%2bEL2S09AyID1CyWZumoUHG52aKQwjDHv%2fTedefTPzA6FgCsifxKKpGNyMQBFQO7faP%2bw3z2qQKRVg%3d&idc_r=47320948162&domain=delhiescort69.com&sw=1600&sh=1200
Requested by
Host: delhiescort69.com
URL: http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php
Protocol
HTTP/1.1
Server
209.126.103.59 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),
Reverse DNS
condor2630.startdedicated.com
Software
Apache/2.4.18 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 00:45:39 GMT
Server
Apache/2.4.18 (Ubuntu)
Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
iplocator
iplocator.mail.163.com/ 		151 B
341 B 		Script
General
Check archive.org
Download Go to
Full URL
http://iplocator.mail.163.com/iplocator?callback=fGetLocator
Requested by
Host: mimg.127.net
URL: http://mimg.127.net/index/lib/scripts/base_v3.js
Protocol
HTTP/1.1
Server
123.126.97.207 Beijing, China, ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN),
Reverse DNS
mail-m97207.mail.163.com
Software
nginx /
Resource Hash
e1dbd48de49b34821c02a10512b5a1747b463c6592d4cc61c097f0f02f2bdfe8

Request headers

Referer
http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 00:45:42 GMT
Server
nginx
Connection
keep-alive
Content-Length
151
X-Cache
from ngx16-221.163.com
Content-Type
text/plain;charset=UTF-8
gad.js
mimg.127.net/m/login/ 		1 KB
691 B 		Script
General
Check archive.org
Download Go to
Full URL
http://mimg.127.net/m/login/gad.js
Requested by
Host: mimg.127.net
URL: http://mimg.127.net/index/lib/scripts/base_v3.js
Protocol
HTTP/1.1
Server
103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
1c9f60c1e405da5f8d3eb2b526b76db044937a15ceadfe370f83b7c6bcf7fde8

Request headers

Referer
http://delhiescort69.com/images/email.163.com.htm?http://vipmail2.mail.sina.com.cn/classic/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 00:45:42 GMT
Content-Encoding
gzip
Last-Modified
Thu, 02 Jan 2014 02:03:52 GMT
Server
nginx
ETag
W/"52c4c908-460"
Vary
Accept-Encoding
X-Cache
HIT from HKGM
Content-Type
application/x-javascript
Cache-Control
max-age=3600
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Tue, 28 Apr 2020 01:16:59 GMT
gzttest
gztp.127.net/cte/ 		0
0
gzctest
gzcp.127.net/cte/ 		0
0
gzetest
gzep.127.net/cte/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
gztp.127.net
URL
http://gztp.127.net/cte/gzttest?1588034742173
Domain
gzcp.127.net
URL
http://gzcp.127.net/cte/gzctest?1588034742173
Domain
gzep.127.net
URL
http://gzep.127.net/cte/gzetest?1588034742173

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic China (Online)

185 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| gOption function| fCheckLoginNow function| fCheckAutoLogin function| fAutoLogin undefined| gbForcepc object| oAndroidRedirect function| fCheckBrowser function| fHtml5Tag function| fCheckCookie function| fGetQuery function| fGetQueryHash function| $id function| fTrim function| fParseMNum function| fCheckAccount function| fGetScript function| fGetCookie function| fSetCookie function| fEventListen function| fEventUnlisten function| fRandom function| fUrlP function| fResize function| fFQ function| fStartTime object| gUserInfo object| gVisitorCookie undefined| gMobileNumMailIsForbidden undefined| gMobileNumMailResult object| gMobileNumMail function| fEnData function| loginRequest function| getRnd undefined| DOMContentLoaded function| DOMREADY string| base64EncodeChars function| base64encode function| utf16to8 function| fGetLocator function| fSetGadIndex function| MobCallback boolean| bGettingAlgorithm object| gIndexAd boolean| bForcepc boolean| bPreviewPc string| _ntes_nacc string| _ntes_nvid number| _ntes_nvtm number| _ntes_nvfi number| _ntes_nvsf number| _ntes_nstm string| _ntes_nurl string| _ntes_ntit string| _ntes_nref string| _ntes_nres string| _ntes_nlag string| _ntes_nscd number| _ntes_nlmf string| _ntes_flsh string| _ntes_nssn number| _ntes_surv function| _ntes_void object| _ntes_domain_array object| _non_ntes_domain_array string| _ntes_cdmn string| _non_ntes_cdmn string| _ntes_src_addr boolean| _ntes_cookie_enabled boolean| _ntes_localstorage_enabled object| _ntes_page_data function| ntes_set_uid function| ntes_get_uid function| neteaseTracker function| neteaseClickTracker function| ntes_survey_popup function| ntes_get_navigation_info function| fetch_visitor_hash function| ntes_get_domain function| non_ntes_get_domain function| ntes_set_cookie_long function| ntes_set_cookie function| ntes_set_cookie_new function| ntes_get_cookie function| ntes_get_flashver number| _ntes_hexcase number| _ntes_chrsz function| ntes_hex_md5 function| ntes_core_md5 function| md5_cmn function| md5_ff function| md5_gg function| md5_hh function| md5_ii function| safe_add function| bit_rol function| str2binl function| binl2hex function| str_to_ent function| ntes_page_click_stat function| ntes_page_unload_stat function| neteaseClickStat function| _ntes_bindEvent function| _ntes_fixEvent function| _ntes_sendInfo function| recordAction function| neteaseClickStatForArea function| ntes_area_click_stat function| is_spider object| ntes_area_click_tools object| pattern object| gWindow function| fCalc function| fChangeBg object| oMain object| oMainHd function| fChangePos function| fCheckboxChange string| gCurrentDomain object| gLoginInfo boolean| bIsEuid object| sPreUrl object| sPreUid object| sPreReason object| sUid object| sStyle undefined| sEnUsername object| oForm object| oFormQiye object| oUrl2 object| oUserName object| oUserIpt object| oTxtAccount object| oTxtPwd object| oDomain object| oDomainQiye object| oStyle object| oGetPwd object| oLoginOpt object| oErr object| oLoginFtTips object| oIdL object| oIdLabel object| oPwL object| oPwLabel function| fSwitchTab function| fSwitchUserInfo function| fSecureLinkage function| fSubmit function| fSetAction function| fSaveLoginInfo function| fCheckqiye function| fGetQiyeMsg function| fStyleEvent function| fCls function| fIdInputEvent function| fCheckAlways undefined| oPopup undefined| oPopupClose undefined| oPopupCont undefined| oPopupSub undefined| oMask function| fKX string| sLocationInfo function| fSetLocation function| fNetErrDebug object| oSpdTestPosition object| aSpdResult object| aSpdStartTime object| aSpdEndTime object| aSpdTmpTime object| aSpdQueue function| fSpeedTestPre function| fSpeedTest function| fSpd undefined| fShowPopup undefined| fHidePopup number| oIntervalCheckAlways boolean| bSpdAuto function| netbro_cache_analytics function| sync function| requestCfs string| gLocationProvince string| gLocationCity

0 Cookies