![](/screenshots/e7282f90-4d91-4e85-a2c8-719d2b46b5a8.png)
account-confirm-v072.cf
Open in
urlscan Pro
13.233.23.214
Malicious Activity!
Public Scan
Submission: On May 14 via api from CA
Summary
This is the only time account-confirm-v072.cf was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: 163.cn (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
18 | 13.233.23.214 13.233.23.214 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 | 103.65.41.126 103.65.41.126 | 135391 (AOFEI-HK ...) (AOFEI-HK AOFEI DATA INTERNATIONAL COMPANY LIMITED) | |
19 | 2 |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-13-233-23-214.ap-south-1.compute.amazonaws.com
account-confirm-v072.cf |
ASN135391 (AOFEI-HK AOFEI DATA INTERNATIONAL COMPANY LIMITED, HK)
dl.reg.163.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
account-confirm-v072.cf
account-confirm-v072.cf |
340 KB |
1 |
163.com
dl.reg.163.com |
|
19 | 2 |
Domain | Requested by | |
---|---|---|
18 | account-confirm-v072.cf |
account-confirm-v072.cf
|
1 | dl.reg.163.com |
account-confirm-v072.cf
|
19 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.reg.163.com GeoTrust RSA CA 2018 |
2018-01-26 - 2019-12-07 |
2 years | crt.sh |
This page contains 5 frames:
Primary Page:
http://account-confirm-v072.cf/NetEase_Aut_Grab/login.php
Frame ID: 8512A6DEC0596FFFEB7978FDC57E1A1E
Requests: 9 HTTP requests in this frame
Frame:
http://account-confirm-v072.cf/NetEase_Aut_Grab/163.php
Frame ID: 20C92220493E661505AB3E8CEAA2980A
Requests: 3 HTTP requests in this frame
Frame:
http://account-confirm-v072.cf/NetEase_Aut_Grab/126.php
Frame ID: DC1DB5806B9B3D701D447A7AB9F88806
Requests: 3 HTTP requests in this frame
Frame:
http://account-confirm-v072.cf/NetEase_Aut_Grab/yeah.php
Frame ID: EA3981BCA93CD7521E34C2F920FAA403
Requests: 3 HTTP requests in this frame
Frame:
https://dl.reg.163.com/webzj/v1.0.1/pub/index_dl2_new.html?MGID=1557807293866.897&wdaId=&pkid=fjWGUOS&product=mail163
Frame ID: 78D86AAD62BFEF9FB0347CB7D55F4998
Requests: 1 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login.php
account-confirm-v072.cf/NetEase_Aut_Grab/ |
6 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.css
account-confirm-v072.cf/NetEase_Aut_Grab/assets/css/ |
11 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
message.js
account-confirm-v072.cf/NetEase_Aut_Grab/assets/js/ |
24 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ntes_logo.png
account-confirm-v072.cf/NetEase_Aut_Grab/assets/images/ |
983 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bundle-d35c952645.js
account-confirm-v072.cf/NetEase_Aut_Grab/assets/js/ |
23 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
163.php
account-confirm-v072.cf/NetEase_Aut_Grab/ Frame 20C9 |
7 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
126.php
account-confirm-v072.cf/NetEase_Aut_Grab/ Frame DC1D |
7 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
yeah.php
account-confirm-v072.cf/NetEase_Aut_Grab/ Frame EA39 |
7 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bkground.jpg
account-confirm-v072.cf/NetEase_Aut_Grab/assets/images/ |
38 KB 38 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
global-e1dc50f7b4.png
account-confirm-v072.cf/NetEase_Aut_Grab/assets/images/ |
21 KB 22 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arr-d8fcb50a13.png
account-confirm-v072.cf/NetEase_Aut_Grab/assets/images/ |
492 B 734 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loading_s-cb5160a325.gif
account-confirm-v072.cf/NetEase_Aut_Grab/assets/images/ |
578 B 819 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index_dl2_new.html
dl.reg.163.com/webzj/v1.0.1/pub/ Frame 78D8 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
126.css
account-confirm-v072.cf/NetEase_Aut_Grab/assets/css/ Frame DC1D |
42 KB 43 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
163.css
account-confirm-v072.cf/NetEase_Aut_Grab/assets/css/ Frame 20C9 |
42 KB 43 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
yeah.css
account-confirm-v072.cf/NetEase_Aut_Grab/assets/css/ Frame EA39 |
42 KB 43 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
61fbe151ab715649c6b7c4ec39156201.png
account-confirm-v072.cf/NetEase_Aut_Grab/assets/images/ Frame EA39 |
21 KB 21 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
61fbe151ab715649c6b7c4ec39156201.png
account-confirm-v072.cf/NetEase_Aut_Grab/assets/images/ Frame DC1D |
21 KB 21 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
61fbe151ab715649c6b7c4ec39156201.png
account-confirm-v072.cf/NetEase_Aut_Grab/assets/images/ Frame 20C9 |
21 KB 21 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: 163.cn (Online)12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| aTag object| URSCFG function| URS object| JSON3 number| __hasRun object| indexLogin function| succ undefined| base64 undefined| email3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
dl.reg.163.com/ | Name: _ihtxzdilxldP8_ Value: 30 |
|
dl.reg.163.com/ | Name: JSESSIONID-WYTXZDL Value: yhbYYV%5C%2F46lDyvEXwVMZluuJDE5cudyZzNl0gNDyV2vozIlEF8sqH7mYyIPnylsL2w4Mbc4d%2F2teb820EJqs95ltp7%5Cs%2Blu60vU4j1ODNBIBZjJtuHZ0ulvzGpOQnDEJzD%2B6MmTck%5CwBkTDU3%5CWFP9wmGMz%2BISGGSdS5VWV%2BMrR0%2BF%5CB%3A1557807895244 |
|
account-confirm-v072.cf/NetEase_Aut_Grab | Name: login_target Value: 163 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
account-confirm-v072.cf
dl.reg.163.com
103.65.41.126
13.233.23.214
065f86db73775341c54048befea1dbd24e6013780ce06db950cee6e5908463be
16ede25c08f54c3b1627d401b847eec08b089227058660799c2372dbd6f52425
1909f547306fa462fb1d436a4752ad00f5a233a4de70a3c5ff83178479f40151
25ebaa99e647bc57684cf7e1aa3e58eb27f286e520d24ec2f85d950a55669be8
2602da43ee9f2915106237a841d478a35db64185a1fef259daf41e8a06dbc783
5e775b642256ef7f38bc6af6a70f96e89b58d02eaecd36c3bdf74083b6c229ae
762db20897461423f8c84a84386f78bed3f8d30bb0c951cd9fac4ffdff8d53b5
923f3be09ebd00ecbf184735879c4ec6572f673d967b1fa481fb8318fad3c5db
9c8204be118adfd4d6eab204353a4839d4f9245c0840e2748e22b0cb3cd5c6fd
9e2ca9dfe47d25b330d128e2744ee6dd68867bc5f32dfc3ee12f4da8c9c730e3
d2d574c452d41c3838087c5686e19fedd33b4662207b29d81aa44867af874469
dd37cd41f21e27f74586217bc1a1e6017580492bec9774602ccfe0faf4c34663
e4129228b3c1d9183ed091b163797dddf16a2cf72868bb4fa56c98e7a074686d
ed6f623e362567bcec98f7e87dc048cd69751fd698a7d2da1042e512cb4c741b
f90a78252c518b7f934f8d103d75f32535448e728662f6e2b00e1a85c7da8294
fb1977d96428b0b6a6d6d9b7168d7eb35266f8e28af4080c523e1d6617241536