confirmation-mail.ru Open in urlscan Pro
2a03:6f00:1::b039:d891 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://confirmation-mail.ru/
Submission: On March 20 via automatic, source phishtank (March 20th 2017, 6:11:42 pm UTC)

Summary HTTP 19 Redirects Links 43 Behaviour Indicators

Summary

This website contacted 9 IPs in 1 countries across 5 domains to perform 19 HTTP transactions. The main IP is 2a03:6f00:1::b039:d891, located in Russian Federation and belongs to TIMEWEB-AS, RU. The main domain is confirmation-mail.ru.

This is the only time confirmation-mail.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

	IP Address	AS Autonomous System
9	2a03:6f00:1::... 2a03:6f00:1::b039:d891	9123 (TIMEWEB-AS) (TIMEWEB-AS)
1	94.100.180.59 94.100.180.59	47764 (MAILRU-AS...) (MAILRU-AS Mail.Ru)
1	217.69.139.101 217.69.139.101	47764 (MAILRU-AS...) (MAILRU-AS Mail.Ru)
1	217.69.139.58 217.69.139.58	47764 (MAILRU-AS...) (MAILRU-AS Mail.Ru)
3	2a02:6b8::1:119 2a02:6b8::1:119	13238 (YANDEX) (YANDEX)
2	185.5.137.174 185.5.137.174	47764 (MAILRU-AS...) (MAILRU-AS Mail.Ru)
1	193.0.170.54 193.0.170.54	58116 (ASMAMBA) (ASMAMBA)
1	5.61.23.5 5.61.23.5	47764 (MAILRU-AS...) (MAILRU-AS Mail.Ru)
19	9

9 2a03:6f00:1::b039:d891 (Russian Federation)

ASN9123 (TIMEWEB-AS, RU)

confirmation-mail.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.100.180.59 (Russian Federation)

ASN47764 (MAILRU-AS Mail.Ru, RU)
PTR: portal.mail.ru

portal.mail.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 217.69.139.101 (Russian Federation)

ASN47764 (MAILRU-AS Mail.Ru, RU)
PTR: img.imgsmail.ru

img.imgsmail.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 217.69.139.58 (Russian Federation)

ASN47764 (MAILRU-AS Mail.Ru, RU)
PTR: portal.mail.ru

portal.mail.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:6b8::1:119 (Russian Federation)

ASN13238 (YANDEX, RU)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.5.137.174 (Russian Federation)

ASN47764 (MAILRU-AS Mail.Ru, RU)
PTR: is-radar17.common.radar.imgsmail.ru

stat.radar.imgsmail.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.170.54 (Russian Federation)

ASN58116 (ASMAMBA, RU)
PTR: bar.love.mail.ru

bar.love.mail.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 5.61.23.5 (Russian Federation)

ASN47764 (MAILRU-AS Mail.Ru, RU)
PTR: ip5.23.odnoklassniki.ru

ok.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	confirmation-mail.ru confirmation-mail.ru	262 KB
3	yandex.ru mc.yandex.ru	27 KB
3	imgsmail.ru img.imgsmail.ru stat.radar.imgsmail.ru	55 KB
3	mail.ru portal.mail.ru bar.love.mail.ru	273 B
1	ok.ru ok.ru
19	5

	Domain	Requested by
9	confirmation-mail.ru	confirmation-mail.ru
3	mc.yandex.ru	confirmation-mail.ru
2	stat.radar.imgsmail.ru	confirmation-mail.ru
2	portal.mail.ru	confirmation-mail.ru
1	ok.ru	confirmation-mail.ru
1	bar.love.mail.ru	confirmation-mail.ru
1	img.imgsmail.ru	confirmation-mail.ru
19	7

This site contains links to these domains. Also see Links.

Domain
r.mail.ru
account.mail.ru
mail.ru
e.mail.ru

Subject Issuer	Validity	Valid
*.imgsmail.ru GeoTrust SSL CA - G3	`2016-06-21` - `2019-08-09`	3 years	crt.sh
*.mail.ru GeoTrust SSL CA - G3	`2016-06-21` - `2018-09-14`	2 years	crt.sh
bs.yandex.ru Yandex CA	`2015-12-16` - `2017-12-15`	2 years	crt.sh
*.ok.ru GeoTrust SSL CA - G3	`2016-08-01` - `2018-03-22`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://confirmation-mail.ru/
Frame ID: 6955.1
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

19
Requests

32 %
HTTPS

25 %
IPv6

5
Domains

7
Subdomains

9
IPs

1
Countries

344 kB
Transfer

1321 kB
Size

3
Cookies

43 Outgoing links

These are links going to different origins than the main page.

URL: http://r.mail.ru/n201603520?sz=&rnd=105400436
Title: Mail.Ru

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n215030470?sz=&rnd=105400436
Title: Почта0

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n201603521?sz=&rnd=105400436
Title: Мой Мир0

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n165232845?sz=&rnd=105400436
Title: Одноклассники0

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n215030471?sz=&rnd=105400436
Title: Игры0

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n102969579?sz=&rnd=105400436
Title: Знакомства

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n211738025?sz=&rnd=105400436
Title: Новости

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n102969581?sz=&rnd=105400436
Title: Поиск

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n201603522?sz=&rnd=105400436
Title: Все проекты

Search URL Search Domain Scan URL

URL: https://account.mail.ru/login
Title: Все проекты

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n211738026?sz=&rnd=105400436
Title: Авто

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n211738028?sz=&rnd=105400436
Title: Гороскопы

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n211738029?sz=&rnd=105400436
Title: Дети

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n115576061?sz=&rnd=105400436
Title: Добро

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n211738030?sz=&rnd=105400436
Title: Здоровье

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n153067283?sz=&rnd=105400436
Title: Календарь

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n211738027?sz=&rnd=105400436
Title: Кино

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n211738031?sz=&rnd=105400436
Title: Леди

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n211738032?sz=&rnd=105400436
Title: Недвижимость

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n118989499?sz=&rnd=105400436
Title: Облако

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n102969585?sz=&rnd=105400436
Title: Ответы

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n211738033?sz=&rnd=105400436
Title: Погода

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n211738034?sz=&rnd=105400436
Title: Спорт

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n211738035?sz=&rnd=105400436
Title: ТВ программа

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n112250582?sz=&rnd=105400436
Title: Товары

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n211738036?sz=&rnd=105400436
Title: Cars

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n211738037?sz=&rnd=105400436
Title: Hi-Tech

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n165232846?sz=&rnd=105400436
Title: Почта для бизнеса

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n165232847?sz=&rnd=105400436
Title: Почта для образования

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n107086316?sz=&rnd=105400436
Title: Рейтинг сайтов

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n193391118?sz=&rnd=105400436
Title: Таргет

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n211738038?sz=&rnd=105400436
Title: Мобильные приложения

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n102969605?sz=&rnd=105400436
Title: Агент Mail.Ru

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n118989498?sz=&rnd=105400436
Title: Браузер «Амиго»

Search URL Search Domain Scan URL

URL: http://r.mail.ru/n102969608?sz=&rnd=105400436
Title: ICQ

Search URL Search Domain Scan URL

URL: https://r.mail.ru/clb1126001/mailblog.mail.ru/multiauth-2/
Title: Вы можете одновременно работатьс несколькими почтовыми ящиками. Узнать больше

Search URL Search Domain Scan URL

URL: https://r.mail.ru/cls951827/e.mail.ru/login?lang=ru_RU&Page=&from=multi
Title: Добавить почтовый ящик

Search URL Search Domain Scan URL

URL: https://r.mail.ru/cls1074201/auth.mail.ru/cgi-bin/logout?next=1&lang=ru_RU&Page=
Title: выход

Search URL Search Domain Scan URL

URL: http://r.mail.ru/cls525468/r.mail.ru/clb1126011/e.mail.ru/signup?from=navi&lang=ru_RU&rnd=105400436
Title: Регистрация

Search URL Search Domain Scan URL

URL: https://r.mail.ru/cls951827/e.mail.ru/login?lang=ru_RU&Page=
Title: Вход

Search URL Search Domain Scan URL

URL: https://mail.ru/

Search URL Search Domain Scan URL

URL: https://e.mail.ru/password/restore/
Title: Забыли пароль?

Search URL Search Domain Scan URL

URL: https://e.mail.ru/signup?from=login
Title: Регистрация в Почте

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request 13

https://mc.yandex.ru/watch/39318735?wmode=5&callback=_ymjsp275243567&page-url=http%3A%2F%2Fconfirmation-mail.ru%2F&browser-info=s%3A1600x1200x24%3Ask%3A1%3Af%3A25.0.0%3Afpr%3A178852602201%3Acn%3A1%...
https://mc.yandex.ru/watch/39318735/1?wmode=5&callback=_ymjsp275243567&page-url=http%3A%2F%2Fconfirmation-mail.ru%2F&browser-info=s%3A1600x1200x24%3Ask%3A1%3Af%3A25.0.0%3Afpr%3A178852602201%3Acn%3A...

Request 17

http://ok.ru/mapi?query=%7B%22cmd%22%3A%22getCounters%22%7D&callback=__PHJSONPCallback_0&rnd=1490033491537
https://ok.ru/mapi?query=%7B%22cmd%22%3A%22getCounters%22%7D&callback=__PHJSONPCallback_0&rnd=1490033491537

19 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
confirmation-mail.ru/ 128 KB
35 KB 142ms
56ms Document
text/html 2a03:6f00:1::b039:d891
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://confirmation-mail.ru/
Protocol: HTTP/1.1
Server: 2a03:6f00:1::b039:d891 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software: nginx/1.10.1 /
Resource Hash: fe895a2d6bd31b6e0dde759eb7863b9a982543337211717e54dc9af0ced7b38a

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: confirmation-mail.ru
Accept-Language: en-US,en;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Cache-Control: no-cache
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Date: Mon, 20 Mar 2017 18:11:30 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Fri, 27 Jan 2017 06:50:15 GMT
Server: nginx/1.10.1
ETag: W/"200a1-5470de0d0c8cd"
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
Connection: keep-alive

GET
H/1.1 200
OK main.min.css
confirmation-mail.ru/index_files/ 223 KB
51 KB 92ms
48ms Stylesheet
text/css 2a03:6f00:1::b039:d891
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://confirmation-mail.ru/index_files/main.min.css
Requested by: Host: confirmation-mail.ru
URL: http://confirmation-mail.ru/
Protocol: HTTP/1.1
Server: 2a03:6f00:1::b039:d891 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software: nginx/1.10.1 /
Resource Hash: 538464f390c7e48fca73a8b8e279dde8598cbba03cacc3de1490ebdb08d817ad

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: confirmation-mail.ru
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://confirmation-mail.ru/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://confirmation-mail.ru/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Date: Mon, 20 Mar 2017 18:11:30 GMT
Content-Encoding: gzip
Last-Modified: Fri, 27 Jan 2017 06:37:03 GMT
Server: nginx/1.10.1
ETag: W/"588aea8f-37d40"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2678400
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 20 Apr 2017 18:11:30 GMT

GET
H/1.1 200
OK authGate.js.%D0%B7%D0%B0%D0%B3%D1%80%D1%83%D0%B6%D0%B5%D0%BD%D0%BE Show response
confirmation-mail.ru/index_files/ 24 KB
13 KB 99ms
53ms Script
application/x-javascript 2a03:6f00:1::b039:d891
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://confirmation-mail.ru/index_files/authGate.js.%D0%B7%D0%B0%D0%B3%D1%80%D1%83%D0%B6%D0%B5%D0%BD%D0%BE
Requested by: Host: confirmation-mail.ru
URL: http://confirmation-mail.ru/
Protocol: HTTP/1.1
Server: 2a03:6f00:1::b039:d891 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software: nginx/1.10.1 /
Resource Hash: 62c552801951513becbb3711fd25b974fcd3f5c4fdde4d41f8da36bd5dc3fd13

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: confirmation-mail.ru
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: */*
Referer: http://confirmation-mail.ru/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://confirmation-mail.ru/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Date: Mon, 20 Mar 2017 18:11:30 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Fri, 27 Jan 2017 06:37:02 GMT
Server: nginx/1.10.1
ETag: W/"5e16-5470db1928be5"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Connection: keep-alive

GET
H/1.1 200
OK app.js.%D0%B7%D0%B0%D0%B3%D1%80%D1%83%D0%B6%D0%B5%D0%BD%D0%BE Show response
confirmation-mail.ru/index_files/ 403 KB
116 KB 121ms
75ms Script
application/x-javascript 2a03:6f00:1::b039:d891
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://confirmation-mail.ru/index_files/app.js.%D0%B7%D0%B0%D0%B3%D1%80%D1%83%D0%B6%D0%B5%D0%BD%D0%BE
Requested by: Host: confirmation-mail.ru
URL: http://confirmation-mail.ru/
Protocol: HTTP/1.1
Server: 2a03:6f00:1::b039:d891 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software: nginx/1.10.1 /
Resource Hash: 81cd712061c880a005fe9a0949a4a4ac3d0bad7a99cf39a527b7f3e0ce2ed95d

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: confirmation-mail.ru
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: */*
Referer: http://confirmation-mail.ru/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://confirmation-mail.ru/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Date: Mon, 20 Mar 2017 18:11:30 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Fri, 27 Jan 2017 06:37:03 GMT
Server: nginx/1.10.1
ETag: W/"64b2f-5470db1949f25"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Connection: keep-alive

GET
H/1.1 200
OK external.min.js.%D0%B7%D0%B0%D0%B3%D1%80%D1%83%D0%B6%D0%B5%D0%BD%D0%BE Show response
confirmation-mail.ru/index_files/ 219 KB
43 KB 70ms
70ms Script
application/x-javascript 2a03:6f00:1::b039:d891
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://confirmation-mail.ru/index_files/external.min.js.%D0%B7%D0%B0%D0%B3%D1%80%D1%83%D0%B6%D0%B5%D0%BD%D0%BE
Requested by: Host: confirmation-mail.ru
URL: http://confirmation-mail.ru/
Protocol: HTTP/1.1
Server: 2a03:6f00:1::b039:d891 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software: nginx/1.10.1 /
Resource Hash: 7ed10b1274560ed76f6cc608ffa81c7e74a1e91c9181b79b29718b49925ec25d

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: confirmation-mail.ru
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: */*
Referer: http://confirmation-mail.ru/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://confirmation-mail.ru/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Date: Mon, 20 Mar 2017 18:11:30 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Fri, 27 Jan 2017 06:37:03 GMT
Server: nginx/1.10.1
ETag: W/"36a08-5470db19e6325"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Connection: keep-alive

GET
H/1.1 200
OK mapi Show response
confirmation-mail.ru/index_files/ 85 B
85 B 52ms
52ms Script
text/plain 2a03:6f00:1::b039:d891
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://confirmation-mail.ru/index_files/mapi
Requested by: Host: confirmation-mail.ru
URL: http://confirmation-mail.ru/
Protocol: HTTP/1.1
Server: 2a03:6f00:1::b039:d891 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software: nginx/1.10.1 /
Resource Hash: 8179d4ab5bdc2b0b5304d980420a2f352f69555850ac6cf468d408507e85c623

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: confirmation-mail.ru
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: */*
Referer: http://confirmation-mail.ru/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://confirmation-mail.ru/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Date: Mon, 20 Mar 2017 18:11:30 GMT
Last-Modified: Fri, 27 Jan 2017 06:37:03 GMT
Server: nginx/1.10.1
Connection: keep-alive
Accept-Ranges: bytes
ETag: "55-5470db1a18fa5"
Content-Length: 85

GET
H/1.1 200
OK logo2x.png
confirmation-mail.ru/index_files/ 3 KB
3 KB 46ms
46ms Image
image/png 2a03:6f00:1::b039:d891
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://confirmation-mail.ru/index_files/logo2x.png
Requested by: Host: confirmation-mail.ru
URL: http://confirmation-mail.ru/
Protocol: HTTP/1.1
Server: 2a03:6f00:1::b039:d891 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software: nginx/1.10.1 /
Resource Hash: ebd109c9dc20771ccc839cc319992b911f5e96c1add52a22c9f8b803c8b11273

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: confirmation-mail.ru
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: image/webp,image/*,*/*;q=0.8
Referer: http://confirmation-mail.ru/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://confirmation-mail.ru/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Date: Mon, 20 Mar 2017 18:11:31 GMT
Last-Modified: Fri, 27 Jan 2017 06:37:03 GMT
Server: nginx/1.10.1
ETag: "588aea8f-dba"
Content-Type: image/png
Cache-Control: max-age=2678400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3514
Expires: Thu, 20 Apr 2017 18:11:31 GMT

GET
H/1.1 200
OK d22345996.gif
confirmation-mail.ru/index_files/ 43 B
43 B 48ms
47ms Image
image/gif 2a03:6f00:1::b039:d891
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://confirmation-mail.ru/index_files/d22345996.gif
Requested by: Host: confirmation-mail.ru
URL: http://confirmation-mail.ru/
Protocol: HTTP/1.1
Server: 2a03:6f00:1::b039:d891 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software: nginx/1.10.1 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: confirmation-mail.ru
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: image/webp,image/*,*/*;q=0.8
Referer: http://confirmation-mail.ru/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://confirmation-mail.ru/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Date: Mon, 20 Mar 2017 18:11:31 GMT
Last-Modified: Fri, 27 Jan 2017 06:37:03 GMT
Server: nginx/1.10.1
ETag: "588aea8f-2b"
Content-Type: image/gif
Cache-Control: max-age=2678400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Thu, 20 Apr 2017 18:11:31 GMT

GET
H/1.1 200
OK counter
confirmation-mail.ru/index_files/ 43 B
43 B 54ms
54ms Image
image/gif 2a03:6f00:1::b039:d891
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://confirmation-mail.ru/index_files/counter
Requested by: Host: confirmation-mail.ru
URL: http://confirmation-mail.ru/
Protocol: HTTP/1.1
Server: 2a03:6f00:1::b039:d891 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software: nginx/1.10.1 /
Resource Hash: 24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: confirmation-mail.ru
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: image/webp,image/*,*/*;q=0.8
Referer: http://confirmation-mail.ru/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://confirmation-mail.ru/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Date: Mon, 20 Mar 2017 18:11:31 GMT
Last-Modified: Fri, 27 Jan 2017 06:37:03 GMT
Server: nginx/1.10.1
Connection: keep-alive
Accept-Ranges: bytes
ETag: "2b-5470db1959925"
Content-Length: 43

GET
H/1.1 200
OK Cookie set NaviData Show response
portal.mail.ru/ 54 B
54 B 114ms
57ms XHR
application/json 94.100.180.59
MAILRU-AS Mail.Ru

General

Check archive.org

Show headers Download Go to

Full URL: http://portal.mail.ru/NaviData?mac=1&gamescnt=1&Socials=1&rnd=1490033491066
Requested by: Host: confirmation-mail.ru
URL: http://confirmation-mail.ru/
Protocol: HTTP/1.1
Server: 94.100.180.59 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),
Reverse DNS: portal.mail.ru
Software: nginx/1.6.2 /
Resource Hash: 297e4faf8ec3c6a0bb35d208afab689c291200959518500cc579d576e11458cd

Request headers

Pragma: no-cache
Origin: http://confirmation-mail.ru
Accept-Encoding: gzip, deflate, sdch
Host: portal.mail.ru
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: */*
Referer: http://confirmation-mail.ru/
Connection: keep-alive
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Referer: http://confirmation-mail.ru/
Origin: http://confirmation-mail.ru

Response headers

Pragma: no-cache
Date: Mon, 20 Mar 2017 18:11:31 GMT
Last-Modified: Mon, 20 Mar 2017 21:11:31 GMT
Server: nginx/1.6.2
P3P: CP="NON CUR OUR IND UNI INT"
Connection: keep-alive
Content-Type: application/json; charset=UTF-8
Cache-Control: no-cache,no-store,must-revalidate
Set-Cookie: mrcu=51B658D01B536A5A7E94AA2DFB94; expires=Thu, 18 Mar 2027 18:11:31 GMT; path=/; domain=.mail.ru
Content-Length: 54
Expires: Sun, 20 Mar 2016 18:11:31 GMT

GET
H2 200 external.min.js Show response
img.imgsmail.ru/ph/0.45.10/ 219 KB
55 KB 230ms
57ms Script
application/x-javascript 217.69.139.101
MAILRU-AS Mail.Ru

General

Check archive.org

Show headers Download Go to

Full URL

https://img.imgsmail.ru/ph/0.45.10/external.min.js

Requested by

Host: confirmation-mail.ru
URL: http://confirmation-mail.ru/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

217.69.139.101 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),

Reverse DNS

img.imgsmail.ru

Software

nginx /

Resource Hash

7ed10b1274560ed76f6cc608ffa81c7e74a1e91c9181b79b29718b49925ec25d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /ph/0.45.10/external.min.js
pragma: no-cache
accept-encoding: gzip, deflate, sdch, br
accept-language: en-US,en;q=0.8
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: img.imgsmail.ru
referer: http://confirmation-mail.ru/
:scheme: https
:method: GET
Referer: http://confirmation-mail.ru/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

date: Mon, 20 Mar 2017 18:11:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 08 Dec 2016 10:45:50 GMT
server: nginx
etag: W/"584939de-36a08"
content-type: application/x-javascript
status: 200

GET
H/1.1 200
OK Cookie set Domains Show response
portal.mail.ru/ 821 B
214 B 247ms
65ms Script
application/json 217.69.139.58
MAILRU-AS Mail.Ru

General

Check archive.org

Show headers Download Go to

Full URL: https://portal.mail.ru/Domains?callback=jQuery18309686480714733403_1490033491043&v2=1&extra=1&_=1490033491098
Requested by: Host: confirmation-mail.ru
URL: http://confirmation-mail.ru/index_files/app.js.%D0%B7%D0%B0%D0%B3%D1%80%D1%83%D0%B6%D0%B5%D0%BD%D0%BE
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 217.69.139.58 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),
Reverse DNS: portal.mail.ru
Software: nginx/1.6.2 /
Resource Hash: 271a2c30a987545eed078bea4399ff4dfba4ef8e027a6f684b338f4e9708e233

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch, br
Host: portal.mail.ru
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: */*
Referer: http://confirmation-mail.ru/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://confirmation-mail.ru/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 20 Mar 2017 18:11:31 GMT
Content-Encoding: gzip
Last-Modified: Mon, 20 Mar 2017 21:11:31 GMT
Server: nginx/1.6.2
P3P: CP="NON CUR OUR IND UNI INT"
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/json; charset=UTF-8
Cache-Control: no-cache,no-store,must-revalidate
Set-Cookie: mrcu=B46C58D01B53527D0F15AA2DFB94; expires=Thu, 18 Mar 2027 18:11:31 GMT; path=/; domain=.mail.ru
Content-Length: 214
Expires: Sun, 20 Mar 2016 18:11:31 GMT

GET
H/1.1 200
OK watch.js Show response
mc.yandex.ru/metrika/ 74 KB
27 KB 51ms
23ms Script
application/x-javascript 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/watch.js

Requested by

Host: confirmation-mail.ru
URL: http://confirmation-mail.ru/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

nginx/1.8.1 /

Resource Hash

f9edd59a76ac0cc18e1acbf34b026463df7df05ec3b81128e21aaaef51da7bca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch, br
Host: mc.yandex.ru
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: */*
Referer: http://confirmation-mail.ru/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://confirmation-mail.ru/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Date: Mon, 20 Mar 2017 18:11:31 GMT
Content-Encoding: gzip
Last-Modified: Mon, 20 Mar 2017 09:09:15 GMT
Server: nginx/1.8.1
Strict-Transport-Security: max-age=31536000
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/x-javascript
Content-Length: 27183
Expires: Mon, 20 Mar 2017 19:11:31 GMT

GET
DATA 200
OK truncated
/ 27 KB
0 Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bc265b5c52350d03cce1f1f93245c9d869f0b7606eaa928fcf679e1d551ccd52

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Referer: http://confirmation-mail.ru/index_files/main.min.css
Origin: http://confirmation-mail.ru

Response headers

Access-Control-Allow-Origin: *
Content-Type: application/font-woff;charset=US-ASCII

GET
H/1.1

200
OK

1 Show response
mc.yandex.ru/watch/39318735/
Redirect Chain

https://mc.yandex.ru/watch/39318735?wmode=5&callback=_ymjsp275243567&page-url=http%3A%2F%2Fconfirmation-mail.ru%2F&browser-info=s%3A1600x1200x24%3Ask%3A1%3Af%3A25.0.0%3Afpr%3A178852602201%3Acn%3A1%...
https://mc.yandex.ru/watch/39318735/1?wmode=5&callback=_ymjsp275243567&page-url=http%3A%2F%2Fconfirmation-mail.ru%2F&browser-info=s%3A1600x1200x24%3Ask%3A1%3Af%3A25.0.0%3Afpr%3A178852602201%3Acn%3A...

112 B
112 B

24ms
12ms

Script
application/javascript

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/39318735/1?wmode=5&callback=_ymjsp275243567&page-url=http%3A%2F%2Fconfirmation-mail.ru%2F&browser-info=s%3A1600x1200x24%3Ask%3A1%3Af%3A25.0.0%3Afpr%3A178852602201%3Acn%3A1%3Aw%3A1598x1132%3Ai%3A20170320181131%3Aet%3A1490033491%3Aen%3Autf-8%3Av%3A787%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A197646267%3Ahid%3A281812412%3Ads%3A41%2C45%2C56%2C46%2C0%2C0%2C%2C340%2C12%2C%2C%2C%2C484%3Afp%3A442%3Awn%3A5298%3Ahl%3A2%3Ast%3A1490033491%3Au%3A1490033491317344202%3At%3A%D0%90%D0%B2%D1%82%D0%BE%D1%80%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F

Requested by

Host: confirmation-mail.ru
URL: http://confirmation-mail.ru/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

nginx/1.8.1 /

Resource Hash

475e0892b790a24dc9678de8b2a3c56db64c67c709e5fcf1ff5f163e8a27329a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch, br
Host: mc.yandex.ru
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: */*
Referer: http://confirmation-mail.ru/
Cookie: yandexuid=7577544531490033491; yp=1805393491.yrts.1490033491; yabs-sid=2408408581490033491
Connection: keep-alive
Cache-Control: no-cache
Referer: http://confirmation-mail.ru/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 20 Mar 2017 18:11:31 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 20 Mar 2017 18:11:31 GMT
Server: nginx/1.8.1
Strict-Transport-Security: max-age=31536000
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Type: application/javascript
Content-Length: 112
Expires: Mon, 20 Mar 2017 18:11:31 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 20 Mar 2017 18:11:31 GMT
Last-Modified: Mon, 20 Mar 2017 18:11:31 GMT
Server: nginx/1.8.1
Strict-Transport-Security: max-age=31536000
Connection: keep-alive
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Location: https://mc.yandex.ru/watch/39318735/1?wmode=5&callback=_ymjsp275243567&page-url=http%3A%2F%2Fconfirmation-mail.ru%2F&browser-info=s%3A1600x1200x24%3Ask%3A1%3Af%3A25.0.0%3Afpr%3A178852602201%3Acn%3A1%3Aw%3A1598x1132%3Ai%3A20170320181131%3Aet%3A1490033491%3Aen%3Autf-8%3Av%3A787%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A197646267%3Ahid%3A281812412%3Ads%3A41%2C45%2C56%2C46%2C0%2C0%2C%2C340%2C12%2C%2C%2C%2C484%3Afp%3A442%3Awn%3A5298%3Ahl%3A2%3Ast%3A1490033491%3Au%3A1490033491317344202%3At%3A%D0%90%D0%B2%D1%82%D0%BE%D1%80%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Set-Cookie: yandexuid=7577544531490033491; domain=.yandex.ru; path=/; expires=Thu, 18-Mar-2027 18:11:31 GMT yp=1805393491.yrts.1490033491; domain=.yandex.ru; path=/; expires=Thu, 18-Mar-2027 18:11:31 GMT yabs-sid=2408408581490033491; path=/
Content-Length: 0
Expires: Mon, 20 Mar 2017 18:11:31 GMT

GET
H/1.1 200
OK advert.gif
mc.yandex.ru/metrika/ 43 B
43 B 24ms
12ms Image
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.ru/metrika/advert.gif

Requested by

Host: confirmation-mail.ru
URL: http://confirmation-mail.ru/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

nginx/1.8.1 /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch, br
Host: mc.yandex.ru
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: image/webp,image/*,*/*;q=0.8
Referer: http://confirmation-mail.ru/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://confirmation-mail.ru/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Date: Mon, 20 Mar 2017 18:11:31 GMT
Last-Modified: Mon, 12 Oct 2015 13:09:09 GMT
Server: nginx/1.8.1
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Strict-Transport-Security: max-age=31536000
Content-Type: image/gif
Connection: keep-alive
Content-Length: 43
Expires: Mon, 11 Feb 2047 18:11:31 GMT

GET
H/1.1 200
OK update
stat.radar.imgsmail.ru/ 43 B
43 B 167ms
56ms Image
image/gif 185.5.137.174
MAILRU-AS Mail.Ru

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://stat.radar.imgsmail.ru/update?p=headline&t=other&v=4&i=updateError:1,updateError_netError:1,updateError_accountInfo:1,updateError_netError_accountInfo:1&rlog=navidata_errors&rlog_message=netError,accountInfo,netError&email=undefined&rnd=0.29396687488685624

Requested by

Host: confirmation-mail.ru
URL: http://confirmation-mail.ru/

Protocol

HTTP/1.1

Server

185.5.137.174 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),

Reverse DNS

is-radar17.common.radar.imgsmail.ru

Software

nginx/1.10.1 /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: stat.radar.imgsmail.ru
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: image/webp,image/*,*/*;q=0.8
Referer: http://confirmation-mail.ru/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://confirmation-mail.ru/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 20 Mar 2017 18:11:31 GMT
X-Content-Type-Options: nosniff
Server: nginx/1.10.1
Content-Type: image/gif
Cache-Control: private, no-cache, no-store, max-age=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H/1.1 200
OK bar Show response
bar.love.mail.ru/jsonp/ 5 B
5 B 112ms
56ms XHR
application/octet-stream 193.0.170.54
ASMAMBA

General

Check archive.org

Show headers Download Go to

Full URL: http://bar.love.mail.ru/jsonp/bar?rnd=1490033491537
Requested by: Host: confirmation-mail.ru
URL: http://confirmation-mail.ru/
Protocol: HTTP/1.1
Server: 193.0.170.54 , Russian Federation, ASN58116 (ASMAMBA, RU),
Reverse DNS: bar.love.mail.ru
Software: nginx /
Resource Hash: c6c094bc0054f9cbe34102ff49f86b3928b5ac09f3d2ac87e170d0500675921f

Request headers

Pragma: no-cache
Origin: http://confirmation-mail.ru
Accept-Encoding: gzip, deflate, sdch
Host: bar.love.mail.ru
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: */*
Referer: http://confirmation-mail.ru/
Cookie: mrcu=B46C58D01B53527D0F15AA2DFB94
Connection: keep-alive
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Referer: http://confirmation-mail.ru/
Origin: http://confirmation-mail.ru

Response headers

Date: Mon, 20 Mar 2017 18:11:31 GMT
Server: nginx
Connection: keep-alive
Content-Length: 5
Content-Type: application/octet-stream

GET
H/1.1

503
Service Unavailable

mapi
ok.ru/
Redirect Chain

http://ok.ru/mapi?query=%7B%22cmd%22%3A%22getCounters%22%7D&callback=__PHJSONPCallback_0&rnd=1490033491537
https://ok.ru/mapi?query=%7B%22cmd%22%3A%22getCounters%22%7D&callback=__PHJSONPCallback_0&rnd=1490033491537

0
0

168ms
53ms

Script
text/plain

5.61.23.5
MAILRU-AS Mail.Ru

General

Check archive.org

Show headers Download Go to

Full URL: https://ok.ru/mapi?query=%7B%22cmd%22%3A%22getCounters%22%7D&callback=__PHJSONPCallback_0&rnd=1490033491537
Requested by: Host: confirmation-mail.ru
URL: http://confirmation-mail.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 5.61.23.5 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),
Reverse DNS: ip5.23.odnoklassniki.ru
Software: Apache-Coyote/1.1 /
Resource Hash

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch, br
Host: ok.ru
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: */*
Referer: http://confirmation-mail.ru/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://confirmation-mail.ru/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Date: Mon, 20 Mar 2017 18:11:31 GMT
Server: Apache-Coyote/1.1
Connection: close
Content-Length: 0

Redirect headers

Location: https://ok.ru/mapi?query=%7B%22cmd%22%3A%22getCounters%22%7D&callback=__PHJSONPCallback_0&rnd=1490033491537
Date: Mon, 20 Mar 2017 18:11:31 GMT
Server: Apache-Coyote/1.1
Content-Length: 0

GET
H/1.1 200
OK update
stat.radar.imgsmail.ru/ 43 B
43 B 56ms
56ms Image
image/gif 185.5.137.174
MAILRU-AS Mail.Ru

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://stat.radar.imgsmail.ru/update?p=headline&t=loading_confirmation-mailRu&v=2635&i=domainLookup:41,connect:45,request:56,response:46,domComplete:1053,domContentLoaded:340,load:1054&rnd=0.839181013562309

Requested by

Host: confirmation-mail.ru
URL: http://confirmation-mail.ru/

Protocol

HTTP/1.1

Server

185.5.137.174 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),

Reverse DNS

is-radar17.common.radar.imgsmail.ru

Software

nginx/1.10.1 /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: stat.radar.imgsmail.ru
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: image/webp,image/*,*/*;q=0.8
Referer: http://confirmation-mail.ru/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://confirmation-mail.ru/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 20 Mar 2017 18:11:31 GMT
X-Content-Type-Options: nosniff
Server: nginx/1.10.1
Content-Type: image/gif
Cache-Control: private, no-cache, no-store, max-age=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:01 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.confirmation-mail.ru/	2019-03-10 18:11:31	Name: _ym_uid Value: 1490033491317344202
.confirmation-mail.ru/	2017-03-21 14:11:31	Name: _ym_isad Value: 2
.confirmation-mail.ru/	2017-03-20 18:41:31	Name: _ym_visorc_39318735 Value: w

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	debug	URL: http://confirmation-mail.ru/(Line 112) Message: headline.inline.js: 5.566ms
console-api	debug	URL: https://img.imgsmail.ru/ph/0.45.10/external.min.js(Line 231) Message: headline.external.js: 5.184ms

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bar.love.mail.ru
confirmation-mail.ru
img.imgsmail.ru
mc.yandex.ru
ok.ru
portal.mail.ru
stat.radar.imgsmail.ru
185.5.137.174
193.0.170.54
217.69.139.101
217.69.139.58
2a02:6b8::1:119
2a03:6f00:1::b039:d891
5.61.23.5
94.100.180.59
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
271a2c30a987545eed078bea4399ff4dfba4ef8e027a6f684b338f4e9708e233
297e4faf8ec3c6a0bb35d208afab689c291200959518500cc579d576e11458cd
475e0892b790a24dc9678de8b2a3c56db64c67c709e5fcf1ff5f163e8a27329a
538464f390c7e48fca73a8b8e279dde8598cbba03cacc3de1490ebdb08d817ad
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
62c552801951513becbb3711fd25b974fcd3f5c4fdde4d41f8da36bd5dc3fd13
7ed10b1274560ed76f6cc608ffa81c7e74a1e91c9181b79b29718b49925ec25d
8179d4ab5bdc2b0b5304d980420a2f352f69555850ac6cf468d408507e85c623
81cd712061c880a005fe9a0949a4a4ac3d0bad7a99cf39a527b7f3e0ce2ed95d
bc265b5c52350d03cce1f1f93245c9d869f0b7606eaa928fcf679e1d551ccd52
c6c094bc0054f9cbe34102ff49f86b3928b5ac09f3d2ac87e170d0500675921f
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
ebd109c9dc20771ccc839cc319992b911f5e96c1add52a22c9f8b803c8b11273
f9edd59a76ac0cc18e1acbf34b026463df7df05ec3b81128e21aaaef51da7bca
fe895a2d6bd31b6e0dde759eb7863b9a982543337211717e54dc9af0ced7b38a

confirmation-mail.ru Open in urlscan Pro 2a03:6f00:1::b039:d891 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

19 Requests

32 %HTTPS

25 %IPv6

5 Domains

7 Subdomains

9 IPs

1 Countries

344 kBTransfer

1321 kBSize

3 Cookies

43 Outgoing links

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

3 Cookies

2 Console Messages

Indicators

confirmation-mail.ru Open in urlscan Pro
2a03:6f00:1::b039:d891 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

32 %
HTTPS

25 %
IPv6

5
Domains

7
Subdomains

9
IPs

1
Countries

344 kB
Transfer

1321 kB
Size

3
Cookies

19 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!