klelfa.ru
Open in
urlscan Pro
87.236.19.3
Malicious Activity!
Public Scan
Submission: On April 11 via automatic, source phishtank
Summary
This is the only time klelfa.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: 163.cn (Online) Generic China (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 87.236.19.3 87.236.19.3 | 198610 (BEGET-AS) (BEGET-AS) | |
12 | 43.230.90.2 43.230.90.2 | 135391 (AOFEI-HK ...) (AOFEI-HK AOFEI DATA INTERNATIONAL COMPANY LIMITED) | |
1 | 123.125.50.100 123.125.50.100 | 4808 (CHINA169-...) (CHINA169-BJ China Unicom Beijing Province Network) | |
1 | 54.217.235.157 54.217.235.157 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
19 | 5 |
ASN135391 (AOFEI-HK AOFEI DATA INTERNATIONAL COMPANY LIMITED, HK)
PTR: proxy90-2.mail.163.com
mimg.127.net |
ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN)
ssl.mail.163.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-217-235-157.eu-west-1.compute.amazonaws.com
mail.163.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
127.net
mimg.127.net |
130 KB |
2 |
163.com
ssl.mail.163.com mail.163.com Failed ir3.mail.163.com Failed iplocator.mail.163.com Failed ir.mail.163.com Failed |
607 B |
1 |
klelfa.ru
klelfa.ru |
27 KB |
19 | 3 |
Domain | Requested by | |
---|---|---|
12 | mimg.127.net |
klelfa.ru
|
1 | mail.163.com |
klelfa.ru
|
1 | ssl.mail.163.com |
klelfa.ru
|
1 | klelfa.ru | |
0 | ir.mail.163.com Failed |
mimg.127.net
|
0 | iplocator.mail.163.com Failed |
mimg.127.net
|
0 | ir3.mail.163.com Failed |
mimg.127.net
|
19 | 7 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ssl.mail.163.com GeoTrust SSL CA - G3 |
2015-10-15 - 2018-01-30 |
2 years | crt.sh |
This page contains 2 frames:
Primary Page:
http://klelfa.ru/media/css/22ndMarch163333333333.html
Frame ID: 28258.1
Requests: 18 HTTP requests in this frame
Frame:
http://mail.163.com/preload6.htm
Frame ID: 28258.4
Requests: 1 HTTP requests in this frame
28 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: 免费邮
Search URL Search Domain Scan URL
Title: 企业邮箱
Search URL Search Domain Scan URL
Title: VIP邮箱
Search URL Search Domain Scan URL
Title: 国外用户登录
Search URL Search Domain Scan URL
Title: 学生用户登录
Search URL Search Domain Scan URL
Title: 手机版
Search URL Search Domain Scan URL
Title: 帮助
Search URL Search Domain Scan URL
Title: 在线答疑
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: 忘记密码了?
Search URL Search Domain Scan URL
Title: 注 册
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: 适配iPad版本
Search URL Search Domain Scan URL
Title: 手机智能版
Search URL Search Domain Scan URL
Title: 用手机号码邮箱可直接登录易信
Search URL Search Domain Scan URL
Title: 花一元就有机会夺得潮流新品
Search URL Search Domain Scan URL
Title: 易信
Search URL Search Domain Scan URL
Title: 马上安装
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: 关于网易
Search URL Search Domain Scan URL
Title: 关于网易免费邮
Search URL Search Domain Scan URL
Title: 一元夺宝
Search URL Search Domain Scan URL
Title: 邮箱官方博客
Search URL Search Domain Scan URL
Title: 意见反馈>>
Search URL Search Domain Scan URL
Title: 网易云音乐
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
22ndMarch163333333333.html
klelfa.ru/media/css/ |
106 KB 27 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
base_v5.min.js
mimg.127.net/index/lib/scripts/ |
17 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
163logo.gif
mimg.127.net/logo/ |
7 KB 7 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
netease_logo.gif
mimg.127.net/logo/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
knet.png
mimg.127.net/logo/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
130523_music.png
mimg.127.net/index/163/effects/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
httpsEnable.gif
ssl.mail.163.com/ |
43 B 43 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg_v3.png
mimg.127.net/index/163/img/2013/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
new.png
mimg.127.net/index/lib/img/ |
225 B 225 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login_v4.png
mimg.127.net/index/163/img/2013/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mailapp_logo.png
mimg.127.net/index/lib/img/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
yixin_ico.png
mimg.127.net/index/lib/img/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
yxlogin_bg.v1.png
mimg.127.net/index/lib/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
preload6.htm
mail.163.com/ Frame 2825 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
get.do
ir3.mail.163.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
iplocator
iplocator.mail.163.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
get.do
ir.mail.163.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
mail.163.com/ |
564 B 564 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
140919_mailapp_cnt.jpg
mimg.127.net/index/163/themes/ |
82 KB 82 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- mail.163.com
- URL
- http://mail.163.com/preload6.htm
- Domain
- ir3.mail.163.com
- URL
- http://ir3.mail.163.com/get.do?prod=wmail_lbp&ver=1&uid=nt@163.com&domain=163.com&mobUser=0&callback=themeHandler.callback&rnd=0.17712537185107302
- Domain
- iplocator.mail.163.com
- URL
- http://iplocator.mail.163.com/iplocator?callback=fGetLocator
- Domain
- ir.mail.163.com
- URL
- http://ir.mail.163.com/get.do?uid=nt@163.com&domain=163.com&ver=4&ph=-1&callback=loginExtAD.callback&rnd=0.5477256348701744
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: 163.cn (Online) Generic China (Online)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
iplocator.mail.163.com
ir.mail.163.com
ir3.mail.163.com
klelfa.ru
mail.163.com
mimg.127.net
ssl.mail.163.com
iplocator.mail.163.com
ir.mail.163.com
ir3.mail.163.com
mail.163.com
123.125.50.100
43.230.90.2
54.217.235.157
87.236.19.3
0b52c5338af355699530a47683420e48c7344e779d3e815ff9943cbfdc153cf2
17add961a686edb5b25996bcc4e08a14e5e36b6a1796ffbbb9cc751e7ca97ac8
3433683b0b8ff7c9ccbddd9291cc89f32b139de17ff1088ea7d754866af586be
348c1cb97bc5a014bf3d6e056785abd242386541f4d52f95df1d48605ba06707
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
629358b38df917468e648571e26aa879f5c3cb8cca934651f49646141c37fb8b
66f7395da705f823eb253cb60f2ae419ae3a77b1901cad9e035a3e5639023243
6d5fe5d14223cc89a5104d8613791f0f25ff56ad4910d61d832f568a37dc80fb
8e5fbde0ebbcc317b159bc9f681b83117d152e55634cbcb617281e896e41ee2b
a3274f74ee9d2bae61e8b85aeb6ef59f5a5fbe915252aeb856f5d872f94bfbad
ac979412534bfcf27bf3a9451fdd6068d19155651509f423e321da54518f51e4
b13de2eb10e93a66f6332b6ccb258bcf1502362a89b91c16f78ea425562e40a0
c2437613c8cc2c31626ca3ce4f9cde0303c5d0f5d5f9d14552cbc82465527278
d18e6296a534078009774d635cbf390933c93c8758e2a3a990cb9b1a3d9c7199
dd8b4abb72cdfaa00427d235cfa1a0efe27f528db7b61669d7328404d49cb623