brooklynisburning.buzz
Open in
urlscan Pro
91.234.99.190
Malicious Activity!
Public Scan
Submission: On April 28 via api from CA
Summary
This is the only time brooklynisburning.buzz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic China (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 91.234.99.190 91.234.99.190 | 35196 (IHOR-AS) (IHOR-AS) | |
5 | 103.129.252.34 103.129.252.34 | 137263 (NETEASE-A...) (NETEASE-AS-AP NETEASE HONG KONG LIMITED) | |
1 | 223.252.195.133 223.252.195.133 | 45062 (NETEASE-A...) (NETEASE-AS Guangzhou NetEase Computer System Co.) | |
1 | 123.58.177.239 123.58.177.239 | 45062 (NETEASE-A...) (NETEASE-AS Guangzhou NetEase Computer System Co.) | |
1 | 163.171.128.153 163.171.128.153 | 54994 (QUANTILNE...) (QUANTILNETWORKS) | |
2 | 2a00:1450:400... 2a00:1450:4001:81d::200e | 15169 (GOOGLE) (GOOGLE) | |
2 | 103.235.46.191 103.235.46.191 | 55967 (BAIDU Bei...) (BAIDU Beijing Baidu Netcom Science and Technology Co.) | |
22 | 8 |
ASN45062 (NETEASE-AS Guangzhou NetEase Computer System Co., Ltd., CN)
analytics.163.com |
ASN45062 (NETEASE-AS Guangzhou NetEase Computer System Co., Ltd., CN)
PTR: m239-177.yeah.net
mimghz.qiye.163.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN)
hm.baidu.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
127.net
mimg.127.net yanxuan.nosdn.127.net |
60 KB |
3 |
brooklynisburning.buzz
brooklynisburning.buzz |
21 KB |
2 |
baidu.com
hm.baidu.com |
14 KB |
2 |
google-analytics.com
www.google-analytics.com |
18 KB |
2 |
163.com
mimghz.qiye.163.com Failed mimg.qiye.163.com Failed mail.qiye.163.com Failed ssl.mail.163.com Failed analytics.163.com ir.mail.163.com Failed |
29 KB |
22 | 5 |
Domain | Requested by | |
---|---|---|
5 | mimg.127.net |
brooklynisburning.buzz
|
3 | brooklynisburning.buzz |
brooklynisburning.buzz
|
2 | hm.baidu.com |
brooklynisburning.buzz
|
2 | www.google-analytics.com |
brooklynisburning.buzz
|
1 | yanxuan.nosdn.127.net |
mimghz.qiye.163.com
|
1 | analytics.163.com |
brooklynisburning.buzz
|
1 | mimghz.qiye.163.com |
brooklynisburning.buzz
|
0 | ir.mail.163.com Failed |
mimg.127.net
|
0 | ssl.mail.163.com Failed |
brooklynisburning.buzz
|
0 | mail.qiye.163.com Failed |
brooklynisburning.buzz
|
0 | mimg.qiye.163.com Failed |
brooklynisburning.buzz
|
22 | 11 |
This site contains links to these domains. Also see Links.
Domain |
---|
qiye.163.com |
ss.cnnic.cn |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.nosdn.127.net GeoTrust CN RSA CA G1 |
2020-03-27 - 2022-06-26 |
2 years | crt.sh |
*.google-analytics.com GTS CA 1O1 |
2020-04-07 - 2020-06-30 |
3 months | crt.sh |
baidu.com GlobalSign Organization Validation CA - SHA256 - G2 |
2020-01-13 - 2020-06-25 |
5 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://brooklynisburning.buzz/dkfjne/163/qiye.163.php
Frame ID: C32AFDA030222B84721EC1BF7D74E3CA
Requests: 22 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: 帮助
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 16- http://www.google-analytics.com/analytics.js HTTP 307
- https://www.google-analytics.com/analytics.js
- http://www.google-analytics.com/r/collect?v=1&_v=j81&a=1011465272&t=pageview&_s=1&dl=http%3A%2F%2Fbrooklynisburning.buzz%2Fdkfjne%2F163%2Fqiye.163.php&ul=en-us&de=UTF-8&dt=%E7%BD%91%E6%98%93%E4%BC%81%E4%B8%9A%E9%82%AE%E7%AE%B1%20-%20%E7%99%BB%E5%BD%95%E5%85%A5%E5%8F%A3&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=824463596&gjid=1856321991&cid=1431795567.1588105816&tid=UA-60729705-1&_gid=1963378755.1588105816&_r=1&z=1643747816 HTTP 307
- https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1011465272&t=pageview&_s=1&dl=http%3A%2F%2Fbrooklynisburning.buzz%2Fdkfjne%2F163%2Fqiye.163.php&ul=en-us&de=UTF-8&dt=%E7%BD%91%E6%98%93%E4%BC%81%E4%B8%9A%E9%82%AE%E7%AE%B1%20-%20%E7%99%BB%E5%BD%95%E5%85%A5%E5%8F%A3&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=824463596&gjid=1856321991&cid=1431795567.1588105816&tid=UA-60729705-1&_gid=1963378755.1588105816&_r=1&z=1643747816
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
qiye.163.php
brooklynisburning.buzz/dkfjne/163/ |
20 KB 21 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
login.7d2985bb.css
mimghz.qiye.163.com/o/mailapp/qiyelogin/style/css/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.11.1.min.js
brooklynisburning.buzz/dkfjne/163/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.js
brooklynisburning.buzz/dkfjne/163/ |
378 B 633 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.8.1.min.js
mimg.127.net/p/tools/jquery/ |
91 KB 33 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
base_v3.js
mimg.127.net/index/lib/scripts/ |
23 KB 8 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
qiye_algorithm.js
mimg.qiye.163.com/o/index/lib/scripts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
logo.gif
mimg.qiye.163.com/o/public/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
getqrcode.do
mail.qiye.163.com/mailapp/commonweb/qrcode/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
netease_logo.gif
mimg.127.net/logo/ |
1 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
knet.png
mimg.127.net/logo/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
year.js
mimg.127.net/copyright/ |
23 B 438 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
httpsEnable.gif
ssl.mail.163.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ntes.js
analytics.163.com/ |
22 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.1a392b93.js
mimghz.qiye.163.com/o/mailapp/qiyelogin/js/ |
21 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
stat.min.js
yanxuan.nosdn.127.net/hxm/yanxuan-analytics/common/js/ |
35 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
get.do
ir.mail.163.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ Redirect Chain
|
44 KB 18 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hm.js
hm.baidu.com/ |
38 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
www.google-analytics.com/r/ Redirect Chain
|
35 B 111 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
594.jpg
mimg.qiye.163.com/p/official_site/2018/img/11/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hm.gif
hm.baidu.com/ |
43 B 299 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- mimghz.qiye.163.com
- URL
- http://mimghz.qiye.163.com/o/mailapp/qiyelogin/style/css/login.7d2985bb.css
- Domain
- mimg.qiye.163.com
- URL
- http://mimg.qiye.163.com/o/index/lib/scripts/qiye_algorithm.js
- Domain
- mimg.qiye.163.com
- URL
- http://mimg.qiye.163.com/o/public/logo.gif
- Domain
- mail.qiye.163.com
- URL
- https://mail.qiye.163.com/mailapp/commonweb/qrcode/getqrcode.do?w=130&h=130
- Domain
- ssl.mail.163.com
- URL
- https://ssl.mail.163.com/httpsEnable.gif
- Domain
- ir.mail.163.com
- URL
- https://ir.mail.163.com/get.do?prod=qiyeMail&mod=4&_time=1588105816097&callback=gAd.callback
- Domain
- mimg.qiye.163.com
- URL
- https://mimg.qiye.163.com/p/official_site/2018/img/11/594.jpg
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic China (Online)133 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| log function| $ function| jQuery function| fCheckLoginNow function| fCheckAutoLogin function| fAutoLogin undefined| gbForcepc object| oAndroidRedirect function| fCheckBrowser function| fHtml5Tag function| fCheckCookie function| fGetQuery function| fGetQueryHash function| $id function| fTrim function| fParseMNum function| fCheckAccount function| fGetScript function| fGetCookie function| fSetCookie function| fEventListen function| fEventUnlisten function| fRandom function| fUrlP function| fResize function| fFQ function| fStartTime object| gUserInfo object| gVisitorCookie undefined| gMobileNumMailIsForbidden undefined| gMobileNumMailResult object| gMobileNumMail function| fEnData function| loginRequest function| getRnd undefined| DOMContentLoaded function| DOMREADY string| base64EncodeChars function| base64encode function| utf16to8 function| fGetLocator function| fSetGadIndex function| MobCallback boolean| bGettingAlgorithm object| gIndexAd number| gDocHeight function| resizeBody function| getQueryStr string| _ntes_nacc string| _ntes_nvid number| _ntes_nvtm number| _ntes_nvfi number| _ntes_nvsf number| _ntes_nstm string| _ntes_nurl string| _ntes_ntit string| _ntes_nref string| _ntes_nres string| _ntes_nlag string| _ntes_nscd number| _ntes_nlmf string| _ntes_flsh string| _ntes_nssn number| _ntes_surv function| _ntes_void object| _ntes_domain_array object| _non_ntes_domain_array string| _ntes_cdmn string| _non_ntes_cdmn string| _ntes_src_addr boolean| _ntes_cookie_enabled boolean| _ntes_localstorage_enabled object| _ntes_page_data function| ntes_set_uid function| ntes_get_uid function| neteaseTracker function| neteaseClickTracker function| ntes_survey_popup function| ntes_get_navigation_info function| fetch_visitor_hash function| ntes_get_domain function| non_ntes_get_domain function| ntes_set_cookie_long function| ntes_set_cookie function| ntes_set_cookie_new function| ntes_get_cookie function| ntes_get_flashver number| _ntes_hexcase number| _ntes_chrsz function| ntes_hex_md5 function| ntes_core_md5 function| md5_cmn function| md5_ff function| md5_gg function| md5_hh function| md5_ii function| safe_add function| bit_rol function| str2binl function| binl2hex function| str_to_ent function| ntes_page_click_stat function| ntes_page_unload_stat function| neteaseClickStat function| _ntes_bindEvent function| _ntes_fixEvent function| _ntes_sendInfo function| recordAction function| neteaseClickStatForArea function| ntes_area_click_stat function| is_spider object| ntes_area_click_tools object| pattern string| addresses function| fSpeedTest function| fSpd object| YXStat object| jQuery18107699348428246757 undefined| gAd.callback object| gAd string| GoogleAnalyticsObject function| ga object| _hmt object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| JSON3 function| onWebViewStatisticsDidAppear boolean| _bdhm_loaded_c5b84290a8ff010ee2699f3f4eaa21d6 object| mini_tangram_log_6uk02b0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
analytics.163.com
brooklynisburning.buzz
hm.baidu.com
ir.mail.163.com
mail.qiye.163.com
mimg.127.net
mimg.qiye.163.com
mimghz.qiye.163.com
ssl.mail.163.com
www.google-analytics.com
yanxuan.nosdn.127.net
ir.mail.163.com
mail.qiye.163.com
mimg.qiye.163.com
mimghz.qiye.163.com
ssl.mail.163.com
103.129.252.34
103.235.46.191
123.58.177.239
163.171.128.153
223.252.195.133
2a00:1450:4001:81d::200e
91.234.99.190
098ec9249cb3e97872e1862b4400b9db4c6622a4d089b64b752ffc73b3ef7a30
17add961a686edb5b25996bcc4e08a14e5e36b6a1796ffbbb9cc751e7ca97ac8
18fd0aab2eecc8cef072a5b167f40da282cfb3f0e73f6a4f5a49080ec93d88f1
19a6ae163c064afed5e8e3b8539a18d20362bcda5f4e97574bad9f0affdf9f25
544ebbf8179c3b31c8799d972d599701696b4b8f8b313592d88496d96d79661e
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
a0ceb7edc5991f85a9613588811fee01502816f4a31ed92b19b348c07854f052
a1305347219d673cc973172494248e557ce8eccaf65af995c07c9d7daed4475d
b13de2eb10e93a66f6332b6ccb258bcf1502362a89b91c16f78ea425562e40a0
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d25d2066af8d3c8dcd207de3f3253328c0b767c18907a96bd5cf681df9b1fc71
e2b40b89439fa8cff19153f2cfc20061ead316635d62e596773ea008a45d13df
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
ff24a5763e0a6e6decadb2eece69aaa66a6704b208c5451c64c67bddcaee94cc