baiyunclassic.com Open in urlscan Pro
103.27.74.33 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://baiyunclassic.com/wp-content/obo/email2.php
Submission: On January 31 via automatic, source openphish (January 31st 2017, 3:51:30 am UTC)

Summary HTTP 69 Redirects Behaviour Indicators

Summary

This website contacted 9 IPs in 6 countries across 8 domains to perform 69 HTTP transactions. The main IP is 103.27.74.33, located in Malaysia and belongs to GIGABIT-MY Gigabit Hosting Sdn Bhd, MY. The main domain is baiyunclassic.com.

This is the only time baiyunclassic.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
40	103.27.74.33 103.27.74.33	55720 (GIGABIT-M...) (GIGABIT-MY Gigabit Hosting Sdn Bhd)
2	2400:cb00:204... 2400:cb00:2048:1::6813:c166	13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare)
1	2a00:1450:400... 2a00:1450:4001:814::200a	15169 (GOOGLE) (GOOGLE - Google Inc.)
3	134.249.116.78 134.249.116.78	15895 (KSNET-AS ) (KSNET-AS )
1	2400:cb00:204... 2400:cb00:2048:1::6813:c266	13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare)
2	2a00:1450:400... 2a00:1450:4001:814::200e	15169 (GOOGLE) (GOOGLE - Google Inc.)
2	188.42.162.176 188.42.162.176	35415 (WEBZILLA ) (WEBZILLA )
13	2a02:26f0:78:... 2a02:26f0:78::174a:18ab	20940 (AKAMAI-ASN1 ) (AKAMAI-ASN1 )
69	9

40 103.27.74.33 (Malaysia)

ASN55720 (GIGABIT-MY Gigabit Hosting Sdn Bhd, MY)
PTR: sirius.sfdns.net

baiyunclassic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2400:cb00:2048:1::6813:c166 (United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:814::200a (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 134.249.116.78 (Lviv, Ukraine)

ASN15895 (KSNET-AS , UA)
PTR: 134-249-116-78.broadband.kyivstar.net

134.249.116.78	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:cb00:2048:1::6813:c266 (United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:814::200e (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 188.42.162.176 (Amsterdam, Netherlands)

ASN35415 (WEBZILLA , NL)

go.padsdel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a02:26f0:78::174a:18ab (European Union)

ASN20940 (AKAMAI-ASN1 , US)

telekom.info-promotionen.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
40	baiyunclassic.com baiyunclassic.com	276 KB
13	info-promotionen.com telekom.info-promotionen.com Failed	72 KB
3	cloudflare.com cdnjs.cloudflare.com	18 KB
2	padsdel.com go.padsdel.com Failed	2 KB
2	google-analytics.com www.google-analytics.com	11 KB
1	googleapis.com fonts.googleapis.com	257 B
0	com-selected-rewards.club Failed vodafone.com-selected-rewards.club Failed
0	gethere.info Failed gethere.info Failed
69	8

	Domain	Requested by
40	baiyunclassic.com	baiyunclassic.com
13	telekom.info-promotionen.com	telekom.info-promotionen.com
3	cdnjs.cloudflare.com	baiyunclassic.com
2	go.padsdel.com
2	www.google-analytics.com	baiyunclassic.com
1	fonts.googleapis.com	baiyunclassic.com
0	vodafone.com-selected-rewards.club Failed	telekom.info-promotionen.com
0	gethere.info Failed	baiyunclassic.com
69	8

This site contains no links.

Subject Issuer	Validity	Valid
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2016-12-19` - `2017-06-25`	6 months	crt.sh
*.googleapis.com Google Internet Authority G2	`2017-01-18` - `2017-04-12`	3 months	crt.sh
*.google-analytics.com Google Internet Authority G2	`2017-01-18` - `2017-04-12`	3 months	crt.sh

This page contains 3 frames:

Frame: http://go.padsdel.com/afu.php?id=473791
Frame ID: 20515.1
Requests: 52 HTTP requests in this frame

Frame: http://telekom.info-promotionen.com/de/samsung/galaxy-s7/telekom/index.html?ip=148.251.45.170&voluumdata=BASE64dmlkLi4wMDAwMDAwMS1lMWNiLTQ2NDAtODAwMC0wMDAwMDAwMDAwMDBfX3ZwaWQuLjVhYTUzODAwLWU3NjEtMTFlNi04NzFkLWM5ZmQ2YzhhZDgzYl9fY2FpZC4uZGI0OWU1YjAtMDUxNS00M2QzLTg1MTItYjBiNmY4YzM5NjMzX19ydC4uREpfX2xpZC4uYzc5MzgxOGMtZTZmMS00MDAyLWExNmUtYWIyMDUzNzk0NDRlX19vaWQxLi42NDEyOTg3Mi1kNDIyLTRlNDMtYTdmNS00ZWE1MDQ4ODk5OGNfX3ZhcjEuLjQ3Mzc5MV9fdmFyMi4uNjY3NTU3X192YXIzLi4yNzU1OTMzOTU2NzhfX3JkLi5nb1wuXHBhZHNkZWxcLlxjb21fX2FpZC4uX19hYi4uX19zaWQuLg&zoneid=473791&campaignid=667557&visitor_id=275593395678&visitor_id=275593395678
Frame ID: 20699.1
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

69
Requests

9 %
HTTPS

63 %
IPv6

8
Domains

8
Subdomains

9
IPs

6
Countries

389 kB
Transfer

1106 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request 49

http://go.ad2up.com/afu.php?id=473791
http://go.padsdel.com/afu.php?id=473791

Request 52

http://a.trackredi.com/db49e5b0-0515-43d3-8512-b0b6f8c39633?zoneid=473791&campaignid=667557&visitor_id=275593395678&visitor_id=275593395678
http://telekom.info-promotionen.com/de/samsung/galaxy-s7/telekom/index.html?ip=148.251.45.170&voluumdata=BASE64dmlkLi4wMDAwMDAwMS1lMWNiLTQ2NDAtODAwMC0wMDAwMDAwMDAwMDBfX3ZwaWQuLjVhYTUzODAwLWU3NjEtMT...

69 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 404
Not Found Primary Request Cookie set email2.php Show response
baiyunclassic.com/wp-content/obo/ 27 KB
6 KB 1713ms
1507ms Document
text/html 103.27.74.33
GIGABIT-MY Gigabi...

General

baiyunclassic.com Open in urlscan Pro 103.27.74.33 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

69 Requests

9 %HTTPS

63 %IPv6

8 Domains

8 Subdomains

9 IPs

6 Countries

389 kBTransfer

1106 kBSize

0 Cookies

0 Outgoing links

Redirected requests

69 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

baiyunclassic.com Open in urlscan Pro
103.27.74.33 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

69
Requests

9 %
HTTPS

63 %
IPv6

8
Domains

8
Subdomains

9
IPs

6
Countries

389 kB
Transfer

1106 kB
Size

0
Cookies

69 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!