aisnfjiasf.012391.com
Open in
urlscan Pro
143.92.58.48
Malicious Activity!
Public Scan
URL:
https://aisnfjiasf.012391.com/
Submission: On July 02 via automatic, source openphish — Scanned from DE
Submission: On July 02 via automatic, source openphish — Scanned from DE
Summary
This website contacted 4 IPs
in 2 countries
across 4 domains to perform 39 HTTP transactions.
The main IP is 143.92.58.48, located in
Hong Kong and
belongs to BCPL-SG BGPNET Global ASN, SG.
The main domain is aisnfjiasf.012391.com.
TLS certificate: Issued by R3 on July 1st 2023. Valid for: 3 months.
This is the only time aisnfjiasf.012391.com was scanned on urlscan.io!
TLS certificate: Issued by R3 on July 1st 2023. Valid for: 3 months.
This is the only time aisnfjiasf.012391.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: 163.cn (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 29 | 143.92.58.48 143.92.58.48 | 64050 (BCPL-SG B...) (BCPL-SG BGPNET Global ASN) | |
| 2 | 103.235.46.191 103.235.46.191 | 55967 (BAIDU Bei...) (BAIDU Beijing Baidu Netcom Science and Technology Co.) | |
| 1 | 123.126.96.184 123.126.96.184 | 4808 (CHINA169-...) (CHINA169-BJ China Unicom Beijing Province Network) | |
| 39 | 4 |
2
103.235.46.191
(Hong Kong)
ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN)
ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN)
| hm.baidu.com |
1
123.126.96.184
(Beijing, China)
ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN)
PTR: mail-m96184.mail.126.com
ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN)
PTR: mail-m96184.mail.126.com
| count.mail.163.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 29 |
012391.com
aisnfjiasf.012391.com |
172 KB |
| 2 |
baidu.com
hm.baidu.com — Cisco Umbrella Rank: 7415 |
935 B |
| 1 |
163.com
iplocator.mail.163.com Failed count.mail.163.com — Cisco Umbrella Rank: 401958 |
218 B |
| 0 |
127.net
Failed
tp.127.net Failed cp.127.net Failed ep.127.net Failed |
|
| 39 | 4 |
| Domain | Requested by | |
|---|---|---|
| 29 | aisnfjiasf.012391.com |
aisnfjiasf.012391.com
|
| 2 | hm.baidu.com |
aisnfjiasf.012391.com
|
| 1 | count.mail.163.com | |
| 0 | iplocator.mail.163.com Failed |
aisnfjiasf.012391.com
|
| 0 | ep.127.net Failed |
aisnfjiasf.012391.com
|
| 0 | cp.127.net Failed |
aisnfjiasf.012391.com
|
| 0 | tp.127.net Failed |
aisnfjiasf.012391.com
|
| 39 | 7 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| reg.163.com |
| reg.email.163.com |
| ss.knet.cn |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| aksioj.012391.com R3 |
2023-07-01 - 2023-09-29 |
3 months | crt.sh |
| baidu.com GlobalSign RSA OV SSL CA 2018 |
2022-07-05 - 2023-08-06 |
a year | crt.sh |
| *.mail.163.com GeoTrust RSA CN CA G2 |
2022-08-22 - 2023-09-19 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://aisnfjiasf.012391.com/
Frame ID: ACD7013737622580CDCD10EF68ACD18D
Requests: 38 HTTP requests in this frame
Frame:
https://aisnfjiasf.012391.com/1_files/preload6.html
Frame ID: C0723177C7097C92C9B0A491C46E275E
Requests: 1 HTTP requests in this frame
4 Outgoing links
These are links going to different origins than the main page.
URL: http://reg.163.com/RecoverPasswd1.shtml
Title: 忘记密码?
Title: 忘记密码?
Search URL Search Domain Scan URL
URL: http://reg.email.163.com/unireg/call.do?cmd=register.entrance&flow=mobile&from=email_mobile
Title: 免费激活
Title: 免费激活
Search URL Search Domain Scan URL
URL: http://reg.email.163.com/mailregAll/reg0.jsp?from=email163®Page=163
Title: 注册网易免费邮
Title: 注册网易免费邮
Search URL Search Domain Scan URL
URL: https://ss.knet.cn/verifyseal.dll?sn=e12051044010020841301459&ct=df&pa=868807
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
39 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
/
aisnfjiasf.012391.com/ |
115 KB 29 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
hm.js
aisnfjiasf.012391.com/1_files/ |
22 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
base_v5.min.js
aisnfjiasf.012391.com/1_files/ |
18 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ntes_logo.png
aisnfjiasf.012391.com/1_files/ |
983 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
t.gif
aisnfjiasf.012391.com/1_files/ |
77 B 323 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
year.js
aisnfjiasf.012391.com/1_files/ |
23 B 448 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
knet.png
aisnfjiasf.012391.com/1_files/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
httpsEnable.gif
aisnfjiasf.012391.com/1_files/ |
43 B 289 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.min.js
aisnfjiasf.012391.com/1_files/ |
92 KB 42 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
webmail.gif
aisnfjiasf.012391.com/1_files/ |
49 B 295 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
iplocator
aisnfjiasf.012391.com/1_files/ |
234 B 617 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ttest
aisnfjiasf.012391.com/1_files/ |
14 B 427 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ctest
aisnfjiasf.012391.com/1_files/ |
14 B 427 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
etest
aisnfjiasf.012391.com/1_files/ |
14 B 427 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
tp
aisnfjiasf.012391.com/1_files/ |
8 B 422 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ep
aisnfjiasf.012391.com/1_files/ |
8 B 421 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
cp
aisnfjiasf.012391.com/1_files/ |
8 B 422 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
webmail(1).gif
aisnfjiasf.012391.com/1_files/ |
49 B 295 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
webmail(2).gif
aisnfjiasf.012391.com/1_files/ |
49 B 295 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
webmail(3).gif
aisnfjiasf.012391.com/1_files/ |
49 B 295 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
webmail(4).gif
aisnfjiasf.012391.com/1_files/ |
49 B 295 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
hm.gif
hm.baidu.com/ |
43 B 636 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
new.png
aisnfjiasf.012391.com/ |
225 B 471 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo_v2.png
aisnfjiasf.012391.com/ |
10 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bgx_v2.png
aisnfjiasf.012391.com/ |
330 B 576 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bg_v3.png
aisnfjiasf.012391.com/ |
14 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
mailapp_logo_141212.png
aisnfjiasf.012391.com/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
arr.png
aisnfjiasf.012391.com/ |
492 B 738 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
all4.jpg
aisnfjiasf.012391.com/ |
38 KB 38 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
preload6.html
aisnfjiasf.012391.com/1_files/ Frame C072 |
10 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
ttest
tp.127.net/cte/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
ctest
cp.127.net/cte/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
etest
ep.127.net/cte/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
tp
tp.127.net/cte/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
cp
cp.127.net/cte/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
ep
ep.127.net/cte/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
iplocator
iplocator.mail.163.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
webmail.gif
count.mail.163.com/beacon/ |
49 B 218 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
hm.gif
hm.baidu.com/ |
43 B 299 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
.gif%22){kind=link}
.gif){kind=link}
.gif){kind=link}
.gif%22){kind=link}
.gif){kind=link}
.gif){kind=link}
.gif%22){kind=link}
.gif){kind=link}
.gif){kind=link}
.gif%22){kind=link}
.gif){kind=link}
.gif){kind=link}
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- tp.127.net
- URL
- http://tp.127.net/cte/ttest?1688325513806
- Domain
- cp.127.net
- URL
- http://cp.127.net/cte/ctest?1688325513807
- Domain
- ep.127.net
- URL
- http://ep.127.net/cte/etest?1688325513807
- Domain
- tp.127.net
- URL
- http://tp.127.net/cte/tp?1688325513989
- Domain
- cp.127.net
- URL
- http://cp.127.net/cte/cp?1688325513993
- Domain
- ep.127.net
- URL
- http://ep.127.net/cte/ep?1688325513994
- Domain
- iplocator.mail.163.com
- URL
- http://iplocator.mail.163.com/iplocator?callback=fGetLocator
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: 163.cn (Online)86 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 boolean| credentialless object| onbeforetoggle object| onscrollend boolean| _bdhm_loaded_9d483e9e48ba1faa0dfceaf6333de846 object| _hmt object| mini_tangram_log_4m6ynu object| gOption function| fCheckLoginNow function| fCheckAutoLogin function| fAutoLogin undefined| gbForcepc object| oAndroidRedirect function| fCheckBrowser function| fHtml5Tag function| fCheckCookie function| fGetQuery function| fGetQueryHash function| $id function| fTrim function| fParseMNum function| fCheckAccount function| fGetScript function| fGetCookie function| fSetCookie function| fEventListen function| fEventUnlisten function| fRandom function| fUrlP function| fResize function| fJSONP function| fFQ function| fStartTime object| gUserInfo object| gVisitorCookie undefined| gMobileNumMailIsForbidden undefined| gMobileNumMailResult object| gMobileNumMail function| fEnData function| loginRequest function| getRnd undefined| DOMContentLoaded function| DOMREADY string| base64EncodeChars function| base64encode function| utf16to8 function| fGetLocator function| CapsLock number| offset function| MobCallback boolean| bGettingAlgorithm object| loginExtAD function| doAdblock undefined| aa undefined| listBox undefined| list object| gErrorInfo string| gCurrentDomain string| gShoujiDomain object| gShoujiCache object| gLoginInfo function| fE function| fCls string| sLocationInfo function| fSetLocation object| oSpdTestPosition object| aSpdResult object| aSpdStartTime object| aSpdEndTime object| aSpdTmpTime object| aSpdQueue function| fSpeedTestPre function| fSpeedTest function| fSpd function| fNetErrDebug object| indexLogin boolean| bSpdAuto function| $ function| jQuery string| gLocationProvince string| gLocationCity boolean| gSetFirstTab number| oIntervalCheckInputAlways object| mini_tangram_log_7j3kcg3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .aisnfjiasf.012391.com/ | Name: Hm_lvt_9d483e9e48ba1faa0dfceaf6333de846 Value: 1688325513 |
|
| .aisnfjiasf.012391.com/ | Name: Hm_lpvt_9d483e9e48ba1faa0dfceaf6333de846 Value: 1688325513 |
|
| .hm.baidu.com/ | Name: HMACCOUNT_BFESS Value: D5D199D282A0D50B |
8 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aisnfjiasf.012391.com
count.mail.163.com
cp.127.net
ep.127.net
hm.baidu.com
iplocator.mail.163.com
tp.127.net
cp.127.net
ep.127.net
iplocator.mail.163.com
tp.127.net
103.235.46.191
123.126.96.184
143.92.58.48
16ede25c08f54c3b1627d401b847eec08b089227058660799c2372dbd6f52425
17add961a686edb5b25996bcc4e08a14e5e36b6a1796ffbbb9cc751e7ca97ac8
275b25690ee55c56df1ba87820a2231572fc4df8c32d806ce31dd4b152f2637f
2971e154a27082071354ca9e73a5c32dbd1c8d923e47cdd680a670d40aa2fb93
3cc3a1cc321b22df78b7bf0da839fd05906c7db47296afdf317298882a0b73be
3dad7c85b3ecc176357b48435e2a4a9aa4bd2f476f956fd6f66e733607982911
3f666934b806964af9be68a39f16151701e7a7b8009ac24e7acb9ac0a7c10aa5
41350078ff3d82ed49aad4e2ddb0c297dce103a98f94759519bee35e55001d8e
44909b69c476c0c6faa500a641d84972a9f7b020037e1a864442c2106a75eff3
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5cde651a9b3c9c0a12aad0f1747660b932f272c3bcacd49e92fe38a1c12904fe
6dfb08a75b43cb33fe133a7b6e4886062aea58e435467175bc01ab9e44012186
7f5dab87d3a60a65c457194584bab47cb4c0b494895572fe642015b340ad4511
8e5fbde0ebbcc317b159bc9f681b83117d152e55634cbcb617281e896e41ee2b
923f3be09ebd00ecbf184735879c4ec6572f673d967b1fa481fb8318fad3c5db
93db6ff0af01c1416a4cf5643fa970e6facf75aa2c38a66404085039c2314e33
9444b737019557abeff79197724d314a2509ad30b8566ff53b5289fc2510b65c
9affc0ff6e0f96cf80b8bc7cea4ecd81e4ae5f15ce02d9084720af6fc66fa8b4
9ec80cb2a8346a0a6b23c4057f648d59e1816f7f37e9cc7740087f44a3580f54
b8eecd0ae475cbd4fbd1160ecd7a12a3e46a7d36878e28d5eed9acefd93e007a
c73baeeaaa07d5e1873c23b6a56a705f8cf1052134da7c06f5f7ce5166988fab
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d7916ca92b82038f9fb31b42361f28ec13a1c9339088ad8bd5911eb616003419
df4030aa0640de781cc995f800ad3d7eb26f0e536ae8a7af2ee7681a4ad5259c
e4129228b3c1d9183ed091b163797dddf16a2cf72868bb4fa56c98e7a074686d
ff4e4975ef403004f8fe8e59008db7ad47f54b10d84c72eb90e728d1ec9157ce