fenca-abc.com
Open in
urlscan Pro
164.160.129.137
Malicious Activity!
Public Scan
Effective URL: http://fenca-abc.com/https.mail.163.com.fghhgtf54tf45.655ttf54rfgvcrd456tyhyhyt6r56ty/163_126/latest126/9954272a05c7b...
Submission: On October 28 via api from CA
Summary
This is the only time fenca-abc.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic China (Online) 163.cn (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 3 | 164.160.129.137 164.160.129.137 | 328110 (Garanntor...) (Garanntor-Hosting-AS) | |
15 | 103.129.252.34 103.129.252.34 | 137263 (NETEASE-A...) (NETEASE-AS-AP NETEASE HONG KONG LIMITED) | |
1 | 123.126.97.209 123.126.97.209 | 4808 (CHINA169-...) (CHINA169-BJ China Unicom Beijing Province Network) | |
3 | 123.126.97.207 123.126.97.207 | 4808 (CHINA169-...) (CHINA169-BJ China Unicom Beijing Province Network) | |
2 | 220.181.12.206 220.181.12.206 | 23724 (CHINANET-...) (CHINANET-IDC-BJ-AP IDC) | |
23 | 5 |
ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK)
mimg.127.net | |
mail.163.com |
ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN)
PTR: mail-m97209.mail.163.com
ssl.mail.126.com |
ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN)
PTR: mail-m97207.mail.163.com
ir3.mail.126.com | |
iplocator.mail.163.com | |
ir.mail.126.com |
ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN)
PTR: m12-206.163.com
irpmt.mail.163.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
127.net
mimg.127.net |
202 KB |
4 |
163.com
mail.163.com iplocator.mail.163.com irpmt.mail.163.com |
897 B |
3 |
126.com
ssl.mail.126.com ir3.mail.126.com ir.mail.126.com |
4 KB |
3 |
fenca-abc.com
1 redirects
fenca-abc.com |
113 KB |
23 | 4 |
Domain | Requested by | |
---|---|---|
14 | mimg.127.net |
fenca-abc.com
|
3 | fenca-abc.com |
1 redirects
fenca-abc.com
|
2 | irpmt.mail.163.com | |
1 | ir.mail.126.com |
fenca-abc.com
|
1 | iplocator.mail.163.com |
fenca-abc.com
|
1 | ir3.mail.126.com |
fenca-abc.com
|
1 | mail.163.com |
fenca-abc.com
|
1 | ssl.mail.126.com |
fenca-abc.com
|
23 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
mail.163.com |
r.mail.163.com |
ss.knet.cn |
Subject Issuer | Validity | Valid | |
---|---|---|---|
ssl.mail.163.com GeoTrust RSA CA 2018 |
2017-12-22 - 2020-02-20 |
2 years | crt.sh |
mimg.127.net GeoTrust CN RSA CA G1 |
2019-07-11 - 2021-09-08 |
2 years | crt.sh |
*.mail.163.com GeoTrust CN RSA CA G1 |
2019-07-18 - 2021-09-15 |
2 years | crt.sh |
This page contains 2 frames:
Primary Page:
http://fenca-abc.com/https.mail.163.com.fghhgtf54tf45.655ttf54rfgvcrd456tyhyhyt6r56ty/163_126/latest126/9954272a05c7bc5a237144ed047a.php?sam=77Inboxaspxnba83af59ab755ed5c26694342e4d&Idba83af59ab755ed5c26694342e4d&doc46afe6fc5819cc90615ae82e8f56&email=&jiv46afe6fc5819cc90615ae82e8f56&xls1d&id=fav&doc
Frame ID: 73C3CD353EF393DD594B8466212223FF
Requests: 22 HTTP requests in this frame
Frame:
http://mail.163.com/preload6.htm
Frame ID: 4DE0289F64029E908BA60E26AB3619B8
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://fenca-abc.com/https.mail.163.com.fghhgtf54tf45.655ttf54rfgvcrd456tyhyhyt6r56ty/163_126/lat...
HTTP 302
http://fenca-abc.com/https.mail.163.com.fghhgtf54tf45.655ttf54rfgvcrd456tyhyhyt6r56ty/163_126/lat... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: 签到就送豪礼!人人有份!
Search URL Search Domain Scan URL
Title: 自营:CK制造商秋冬鞋靴上新特惠>
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://fenca-abc.com/https.mail.163.com.fghhgtf54tf45.655ttf54rfgvcrd456tyhyhyt6r56ty/163_126/latest126/
HTTP 302
http://fenca-abc.com/https.mail.163.com.fghhgtf54tf45.655ttf54rfgvcrd456tyhyhyt6r56ty/163_126/latest126/9954272a05c7bc5a237144ed047a.php?sam=77Inboxaspxnba83af59ab755ed5c26694342e4d&Idba83af59ab755ed5c26694342e4d&doc46afe6fc5819cc90615ae82e8f56&email=&jiv46afe6fc5819cc90615ae82e8f56&xls1d&id=fav&doc Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
9954272a05c7bc5a237144ed047a.php
fenca-abc.com/https.mail.163.com.fghhgtf54tf45.655ttf54rfgvcrd456tyhyhyt6r56ty/163_126/latest126/ Redirect Chain
|
90 KB 91 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
base_v5.min.js
fenca-abc.com/https.mail.163.com.fghhgtf54tf45.655ttf54rfgvcrd456tyhyhyt6r56ty/163_126/latest126/ |
22 KB 22 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
126logo.gif
mimg.127.net/logo/ |
6 KB 7 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
t.gif
mimg.127.net/index/lib/img/ |
77 B 473 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loading_s.gif
mimg.127.net/index/lib/img/ |
578 B 976 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
netease_logo.gif
mimg.127.net/logo/ |
1 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
knet.png
mimg.127.net/logo/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
year.js
mimg.127.net/copyright/ |
23 B 438 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg_v3.png
mimg.127.net/index/126/img/2013/ |
10 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login_v4.png
mimg.127.net/index/126/img/2013/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon_code.png
mimg.127.net/index/lib/img/ |
230 B 627 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mailapp_logo_141212.png
mimg.127.net/index/lib/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
httpsEnable.gif
ssl.mail.126.com/ |
43 B 251 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
preload6.htm
mail.163.com/ Frame 4DE0 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
error_bg.png
mimg.127.net/index/126/img/2013/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
get.do
ir3.mail.126.com/ |
16 KB 3 KB |
Script
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
iplocator
iplocator.mail.163.com/ |
151 B 341 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
get.do
ir.mail.126.com/ |
893 B 1 KB |
Script
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bLoginTpl.js
mimg.127.net/m/ir/8/ |
3 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
stat.gif
irpmt.mail.163.com/ir/ |
49 B 278 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
stat.gif
irpmt.mail.163.com/ir/ |
49 B 278 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
140919_mailapp_cnt.jpg
mimg.127.net/index/163/themes/ |
82 KB 82 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
140919_mailapp_cnt.jpg
mimg.127.net/index/163/themes/ |
82 KB 82 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic China (Online) 163.cn (Online)77 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| gOption function| fCheckLoginNow function| fCheckAutoLogin function| fAutoLogin undefined| gbForcepc object| oAndroidRedirect function| fCheckBrowser function| fHtml5Tag function| fCheckCookie function| fGetQuery function| fGetQueryHash function| $id function| fTrim function| fParseMNum function| fCheckAccount function| fGetScript function| fGetCookie function| fSetCookie function| fEventListen function| fEventUnlisten function| fRandom function| fUrlP function| fResize function| fJSONP function| fFQ function| fStartTime object| gUserInfo object| gVisitorCookie undefined| gMobileNumMailIsForbidden undefined| gMobileNumMailResult object| gMobileNumMail function| fEnData function| loginRequest function| getRnd undefined| DOMContentLoaded function| DOMREADY string| base64EncodeChars function| base64encode function| utf16to8 function| fGetLocator function| CapsLock function| MobCallback boolean| bGettingAlgorithm object| loginExtAD undefined| gAdUserPropertyData object| gAdResData object| gErrorInfo object| oStyle function| fCls object| aSpdResult object| aSpdStartTime object| aSpdEndTime object| aSpdTmpTime object| aSpdQueue boolean| bSpdAuto string| sLocationInfo function| fSpeedTestPre function| fSpeedTest function| fSpd function| fLocationDot object| aLocationDot function| fSelectLoaction function| fSpdUserInit function| fLocationChoose function| fSetLocation function| fNetErrDebug object| indexLogin object| themeHandler object| gAdTemplate_lbp number| oIntervalCheckInputAlways string| gLocationProvince string| gLocationCity function| YayaTemplate object| gAdTemplate boolean| bImgLoaderIsLoaded0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fenca-abc.com
iplocator.mail.163.com
ir.mail.126.com
ir3.mail.126.com
irpmt.mail.163.com
mail.163.com
mimg.127.net
ssl.mail.126.com
103.129.252.34
123.126.97.207
123.126.97.209
164.160.129.137
220.181.12.206
065f86db73775341c54048befea1dbd24e6013780ce06db950cee6e5908463be
098ec9249cb3e97872e1862b4400b9db4c6622a4d089b64b752ffc73b3ef7a30
17add961a686edb5b25996bcc4e08a14e5e36b6a1796ffbbb9cc751e7ca97ac8
1c1adb63e5136c9fad4baf3f9710aa197273b3ace949c5ac51ade6c88c09885a
3253a3f8d53517f626af8adb363e47359952f319412745ffb1478e1e75caef83
3f666934b806964af9be68a39f16151701e7a7b8009ac24e7acb9ac0a7c10aa5
4b65646e580b883fa13c46a43b399b98e7627a866f44de26bc08284628c15f38
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
673828f411721df981552d50fac873a9093515447c147f77aae690ae2cf28689
6c9e4b43a1a10a8d1384743318e115c60812bbfb2e0f314c1ead27930c2c7a74
753ac75f62579e480917b777de2565909be29687d31711671eb5fa4034a642d8
7c538ed7c5803c01e5ebc25a3597472724d509a0874ceda1b0a2700c3bb40b62
8d884e6c5efddd283575e12799be869f728fd93b92f585d5c3862bc69f4f1893
93db6ff0af01c1416a4cf5643fa970e6facf75aa2c38a66404085039c2314e33
a3274f74ee9d2bae61e8b85aeb6ef59f5a5fbe915252aeb856f5d872f94bfbad
b13de2eb10e93a66f6332b6ccb258bcf1502362a89b91c16f78ea425562e40a0
d7916ca92b82038f9fb31b42361f28ec13a1c9339088ad8bd5911eb616003419
d89a3449505416c5c98e43f5b1db73d56a3fd4e7eea48e047d028e87857d7236
f3e1cb84d3ffd4259c5a06e4b5ce70e69dfe607945f75cc5c09d2bff88f34653
f546d233454659aa9638887636ed19349cf5873ace45fbf18d7994603b3d6b00