souvenirkaretbdg.com Open in urlscan Pro
45.64.1.193 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://souvenirkaretbdg.com/wp-includes/fonts/western/lightpage/newfile/updated-163/163(1)/163/
Submission: On September 21 via api (September 21st 2017, 9:16:32 pm UTC) from CA

Summary HTTP 16 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 7 IPs in 5 countries across 5 domains to perform 16 HTTP transactions. The main IP is 45.64.1.193, located in Jakarta, Indonesia and belongs to MWN-AS-ID PT Master Web Network, ID. The main domain is souvenirkaretbdg.com.

This is the only time souvenirkaretbdg.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: 163.cn (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 6	45.64.1.193 45.64.1.193	55660 (MWN-AS-ID...) (MWN-AS-ID PT Master Web Network)
3	123.58.180.7 123.58.180.7	45062 (NETEASE-A...) (NETEASE-AS Guangzhou NetEase Computer System Co.)
3	123.58.180.5 123.58.180.5	45062 (NETEASE-A...) (NETEASE-AS Guangzhou NetEase Computer System Co.)
1	2400:cb00:204... 2400:cb00:2048:1::6813:c166	13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare)
1	94.31.29.54 94.31.29.54	54104 (AS-NETDNA) (AS-NETDNA - netDNA)
2	43.230.90.2 43.230.90.2	135391 (AOFEI-HK ...) (AOFEI-HK AOFEI DATA INTERNATIONAL COMPANY LIMITED)
1	2606:2800:133... 2606:2800:133:206e:1315:22a5:2006:24fd	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
16	7

6 45.64.1.193 (Jakarta, Indonesia) 1 redirects

ASN55660 (MWN-AS-ID PT Master Web Network, ID)
PTR: cl46093x.m.maintenis.com

souvenirkaretbdg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.souvenirkaretbdg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 123.58.180.7 (Hangzhou, China)

ASN45062 (NETEASE-AS Guangzhou NetEase Computer System Co., Ltd., CN)

e.bst2.126.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 123.58.180.5 (Hangzhou, China)

ASN45062 (NETEASE-AS Guangzhou NetEase Computer System Co., Ltd., CN)

e.bst2.126.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:cb00:2048:1::6813:c166 (United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.31.29.54 (United Kingdom)

ASN54104 (AS-NETDNA - netDNA, US)
PTR: 94.31.29.54.IPYX-077437-ZYO.above.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 43.230.90.2 (Hong Kong)

ASN135391 (AOFEI-HK AOFEI DATA INTERNATIONAL COMPANY LIMITED, HK)
PTR: proxy90-2.mail.163.com

mimg.126.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:133:206e:1315:22a5:2006:24fd (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

ajax.aspnetcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	126.net e.bst2.126.net mimg.126.net	28 KB
6	souvenirkaretbdg.com 1 redirects souvenirkaretbdg.com www.souvenirkaretbdg.com	36 KB
1	aspnetcdn.com ajax.aspnetcdn.com	8 KB
1	jquery.com code.jquery.com	38 KB
1	cloudflare.com cdnjs.cloudflare.com	29 KB
16	5

	Domain	Requested by
6	e.bst2.126.net	souvenirkaretbdg.com
5	souvenirkaretbdg.com	1 redirects souvenirkaretbdg.com
2	mimg.126.net	souvenirkaretbdg.com
1	ajax.aspnetcdn.com	souvenirkaretbdg.com
1	code.jquery.com	souvenirkaretbdg.com
1	www.souvenirkaretbdg.com	souvenirkaretbdg.com
1	cdnjs.cloudflare.com	souvenirkaretbdg.com
16	7

This site contains links to these domains. Also see Links.

Domain
mail.163.com
zhidao.mail.163.com
help.163.com
corp.163.com
gb.corp.163.com
emarketing.biz.163.com

Subject Issuer	Validity	Valid
code.jquery.com AlphaSSL CA - SHA256 - G2	`2017-07-25` - `2018-07-26`	a year	crt.sh
*.vo.msecnd.net Microsoft IT TLS CA 1	`2017-08-29` - `2019-08-29`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://souvenirkaretbdg.com/wp-includes/fonts/western/lightpage/newfile/updated-163/163(1)/163/
Frame ID: 26143.1
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js/i

Page Statistics

16
Requests

13 %
HTTPS

29 %
IPv6

5
Domains

7
Subdomains

7
IPs

5
Countries

138 kB
Transfer

312 kB
Size

0
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: http://mail.163.com/

Search URL Search Domain Scan URL

URL: http://zhidao.mail.163.com/zhidao/newsugg.jsp#%E9%99%84%E4%BB%B6
Title: Feedback

Search URL Search Domain Scan URL

URL: http://help.163.com/09/1013/14/5LGT3NOK00752VCP.html
Title: Help

Search URL Search Domain Scan URL

URL: http://mail.163.com/dashi/activity/gift/index.jsp?from=fj
Title: 马上签到

Search URL Search Domain Scan URL

URL: http://mail.163.com/client/dl.html?from=mail13
Title: 了解更多>>

Search URL Search Domain Scan URL

URL: http://corp.163.com/
Title: About NetEase

Search URL Search Domain Scan URL

URL: http://gb.corp.163.com/gb/about/overview.html
Title: About US

Search URL Search Domain Scan URL

URL: http://gb.corp.163.com/gb/contactus.html
Title: Contact

Search URL Search Domain Scan URL

URL: http://corp.163.com/gb/job/job.html
Title: Recruitment

Search URL Search Domain Scan URL

URL: http://help.163.com/
Title: Cusmmer Service

Search URL Search Domain Scan URL

URL: http://gb.corp.163.com/gb/legal.html
Title: Related law

Search URL Search Domain Scan URL

URL: http://emarketing.biz.163.com/
Title: Network marketing

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

http://souvenirkaretbdg.com/wp-includes/fonts/western/lightpage/newfile/updated-163/163(1)/163/js/evalidation1.js HTTP 301
http://www.souvenirkaretbdg.com/wp-includes/fonts/western/lightpage/newfile/updated-163/163(1)/163/js/evalidation1.js

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
souvenirkaretbdg.com/wp-includes/fonts/western/lightpage/newfile/updated-163/163(1)/163/ 10 KB
10 KB 175ms
175ms Document
text/html 45.64.1.193
MWN-AS-ID PT Mast...

General

souvenirkaretbdg.com Open in urlscan Pro 45.64.1.193 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

16 Requests

13 %HTTPS

29 %IPv6

5 Domains

7 Subdomains

7 IPs

5 Countries

138 kBTransfer

312 kBSize

0 Cookies

12 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

souvenirkaretbdg.com Open in urlscan Pro
45.64.1.193 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

13 %
HTTPS

29 %
IPv6

5
Domains

7
Subdomains

7
IPs

5
Countries

138 kB
Transfer

312 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!