alf.adsunadvertising.com Open in urlscan Pro
199.189.248.11  Malicious Activity! Public Scan

URL: http://alf.adsunadvertising.com/alf/error.php?email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Submission: On May 07 via automatic, source openphish

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 8 HTTP transactions. The main IP is 199.189.248.11, located in Charleston, United States and belongs to MICFO, US. The main domain is alf.adsunadvertising.com.
This is the only time alf.adsunadvertising.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic China (Online) 163.cn (Online)

Domain & IP information

IP Address AS Autonomous System
7 199.189.248.11 53889 (MICFO)
1 220.194.24.216 4808 (CHINA169-...)
8 3
Apex Domain
Subdomains
Transfer
7 adsunadvertising.com
alf.adsunadvertising.com
53 KB
1 163.com
mimg.qiye.163.com
134 KB
8 2
Domain Requested by
7 alf.adsunadvertising.com alf.adsunadvertising.com
1 mimg.qiye.163.com alf.adsunadvertising.com
8 2
Subject Issuer Validity Valid
*.qiye.163.com
GeoTrust CN RSA CA G1
2020-01-20 -
2022-02-19
2 years crt.sh

This page contains 1 frames:

Primary Page: http://alf.adsunadvertising.com/alf/error.php?email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Frame ID: 0D0007E7CD365446BDD589B65CEE5052
Requests: 16 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Overall confidence: 50%
Detected patterns
  • url /\.aspx?(?:$|\?)/i

Overall confidence: 100%
Detected patterns
  • url /\.aspx?(?:$|\?)/i

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Overall confidence: 50%
Detected patterns
  • url /\.aspx?(?:$|\?)/i

Page Statistics

8
Requests

13 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

187 kB
Transfer

228 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request error.php
alf.adsunadvertising.com/alf/
16 KB
6 KB
Document
General
Full URL
http://alf.adsunadvertising.com/alf/error.php?email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Protocol
HTTP/1.1
Server
199.189.248.11 Charleston, United States, ASN53889 (MICFO, US),
Reverse DNS
brilliant.hostnac.com
Software
Apache / PHP/5.6.40
Resource Hash
44ee5ef20c61263c6ed6144e0a8abce265979ea802d47a78510a41c72b156e91
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Host
alf.adsunadvertising.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 07 May 2020 00:25:19 GMT
Server
Apache
X-Powered-By
PHP/5.6.40
Strict-Transport-Security
max-age=31536000
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
5923
Keep-Alive
timeout=15, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
style.css
alf.adsunadvertising.com/alf/files/
51 KB
33 KB
Stylesheet
General
Full URL
http://alf.adsunadvertising.com/alf/files/style.css
Requested by
Host: alf.adsunadvertising.com
URL: http://alf.adsunadvertising.com/alf/error.php?email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Protocol
HTTP/1.1
Server
199.189.248.11 Charleston, United States, ASN53889 (MICFO, US),
Reverse DNS
brilliant.hostnac.com
Software
Apache /
Resource Hash
d8c0dda55d7946522ccff373c25e35fee86944c24e67cfeea32d06bee12f327e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://alf.adsunadvertising.com/alf/error.php?email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 07 May 2020 00:25:20 GMT
Content-Encoding
gzip
Last-Modified
Fri, 28 Feb 2020 15:42:10 GMT
Server
Apache
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000
Content-Type
text/css
Transfer-Encoding
chunked
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=99
getqrcode.jpg
alf.adsunadvertising.com/alf/files/
8 KB
8 KB
Image
General
Full URL
http://alf.adsunadvertising.com/alf/files/getqrcode.jpg
Requested by
Host: alf.adsunadvertising.com
URL: http://alf.adsunadvertising.com/alf/error.php?email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Protocol
HTTP/1.1
Server
199.189.248.11 Charleston, United States, ASN53889 (MICFO, US),
Reverse DNS
brilliant.hostnac.com
Software
Apache /
Resource Hash
be0125ab3d7fdc093ea0e9175e1d89c046d7a517c5b03b7c294c14992eeb8d7f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://alf.adsunadvertising.com/alf/error.php?email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 07 May 2020 00:25:20 GMT
Content-Encoding
gzip
Last-Modified
Fri, 28 Feb 2020 15:42:10 GMT
Server
Apache
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
Content-Length
7867
year.js
alf.adsunadvertising.com/alf/files/
0
0
Script
General
Full URL
http://alf.adsunadvertising.com/alf/files/year.js
Requested by
Host: alf.adsunadvertising.com
URL: http://alf.adsunadvertising.com/alf/error.php?email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Protocol
HTTP/1.1
Server
199.189.248.11 Charleston, United States, ASN53889 (MICFO, US),
Reverse DNS
brilliant.hostnac.com
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://alf.adsunadvertising.com/alf/error.php?email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 07 May 2020 00:25:20 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=15, max=100
Content-Length
315
Strict-Transport-Security
max-age=31536000
Content-Type
text/html; charset=iso-8859-1
knet.png
alf.adsunadvertising.com/alf/files/
5 KB
5 KB
Image
General
Full URL
http://alf.adsunadvertising.com/alf/files/knet.png
Requested by
Host: alf.adsunadvertising.com
URL: http://alf.adsunadvertising.com/alf/error.php?email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Protocol
HTTP/1.1
Server
199.189.248.11 Charleston, United States, ASN53889 (MICFO, US),
Reverse DNS
brilliant.hostnac.com
Software
Apache /
Resource Hash
17add961a686edb5b25996bcc4e08a14e5e36b6a1796ffbbb9cc751e7ca97ac8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://alf.adsunadvertising.com/alf/error.php?email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 07 May 2020 00:25:20 GMT
Content-Encoding
gzip
Last-Modified
Fri, 28 Feb 2020 15:42:10 GMT
Server
Apache
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
Content-Length
4662
httpsEnable.gif
alf.adsunadvertising.com/alf/files/
43 B
330 B
Image
General
Full URL
http://alf.adsunadvertising.com/alf/files/httpsEnable.gif
Requested by
Host: alf.adsunadvertising.com
URL: http://alf.adsunadvertising.com/alf/error.php?email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Protocol
HTTP/1.1
Server
199.189.248.11 Charleston, United States, ASN53889 (MICFO, US),
Reverse DNS
brilliant.hostnac.com
Software
Apache /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://alf.adsunadvertising.com/alf/error.php?email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 07 May 2020 00:25:20 GMT
Last-Modified
Fri, 28 Feb 2020 15:42:10 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
Content-Length
43
raven-3.js
alf.adsunadvertising.com/alf/files/
0
0
Other
General
Full URL
http://alf.adsunadvertising.com/alf/files/raven-3.js
Requested by
Host: alf.adsunadvertising.com
URL: http://alf.adsunadvertising.com/alf/error.php?email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Protocol
HTTP/1.1
Server
199.189.248.11 Charleston, United States, ASN53889 (MICFO, US),
Reverse DNS
brilliant.hostnac.com
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://alf.adsunadvertising.com/alf/error.php?email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 07 May 2020 00:25:20 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=15, max=100
Content-Length
315
Strict-Transport-Security
max-age=31536000
Content-Type
text/html; charset=iso-8859-1
truncated
/
4 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
60475ffd41d476cab4bbe6c9b06358f2419e43ca09f51061df33f0dba9f66462

Request headers

Referer
http://alf.adsunadvertising.com/alf/files/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
748.png
mimg.qiye.163.com/p/official_site/2019/img/12/
134 KB
134 KB
Image
General
Full URL
https://mimg.qiye.163.com/p/official_site/2019/img/12/748.png
Requested by
Host: alf.adsunadvertising.com
URL: http://alf.adsunadvertising.com/alf/error.php?email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
220.194.24.216 , China, ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN),
Reverse DNS
mail-m24216.qiye.163.com
Software
nginx /
Resource Hash
62ffd6d19dd46a8c3260d322c39ef4bf8d6219a6adfb6f0f3a049cfb7a68c554

Request headers

Referer
http://alf.adsunadvertising.com/alf/error.php?email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 07 May 2020 00:25:22 GMT
Last-Modified
Mon, 30 Dec 2019 05:35:41 GMT
Server
nginx
ETag
"5e098cad-2184b"
X-Cache
HIT from cnc ntes_qiye
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
137291
Expires
Fri, 28 Dec 2029 10:39:58 GMT
truncated
/
588 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
78f95deba1d88e2fd1d8b43399c447f6eb336943374983cb83f4de4a97453c72

Request headers

Referer
http://alf.adsunadvertising.com/alf/files/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
378 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cecc473d7971beff119b356795425354d66bd2b2012a880cd2e4567db5fb7462

Request headers

Referer
http://alf.adsunadvertising.com/alf/files/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
461 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6dc89bf0a893d2b0cbe97ad18f7023ff7cbb1ed76145104ca1335cba465294be

Request headers

Referer
http://alf.adsunadvertising.com/alf/files/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
341 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
80089ae647f586811a97b726d1a96d4bc8655792ee2c7c735c42755e3d89822a

Request headers

Referer
http://alf.adsunadvertising.com/alf/files/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
163 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a3c947f7fb9fe61ef5891883b997f2289d7b8281f889fc5da6271c37e1bbfd01

Request headers

Referer
http://alf.adsunadvertising.com/alf/files/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
5 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
92bded93a6be187282a3acbb72a66b616d395d9d4f164b87c179f0482c2fa00f

Request headers

Referer
http://alf.adsunadvertising.com/alf/files/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
4 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8f7a7554a70a86cb2ab9310991d40d6d5979bc641e836552117392cd7be5c0e6

Request headers

Referer
http://alf.adsunadvertising.com/alf/files/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic China (Online) 163.cn (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000