ejoau4tgmw021snusos.z7.web.core.windows.net
Open in
urlscan Pro
20.60.131.196
Malicious Activity!
Public Scan
Effective URL: https://ejoau4tgmw021snusos.z7.web.core.windows.net/site/GM-W021.html?channelCode=gmhs10
Submission: On June 22 via api from US — Scanned from DE
Summary
TLS certificate: Issued by Microsoft Azure RSA TLS Issuing CA 04 on April 3rd 2024. Valid for: a year.
This is the only time ejoau4tgmw021snusos.z7.web.core.windows.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Porn Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 114.134.188.79 114.134.188.79 | 142032 (HFTCL-AS-...) (HFTCL-AS-AP High Family Technology Co.) | |
2 | 20.60.131.196 20.60.131.196 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
11 | 47.254.187.65 47.254.187.65 | 45102 (ALIBABA-C...) (ALIBABA-CN-NET Alibaba US Technology Co.) | |
2 | 43.198.213.180 43.198.213.180 | 16509 (AMAZON-02) (AMAZON-02) | |
16 | 4 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
ejoau4tgmw021snusos.z7.web.core.windows.net | |
ejoau4ctapp3.z7.web.core.windows.net |
ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN)
haoyun0607.oss-accelerate.aliyuncs.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-43-198-213-180.ap-east-1.compute.amazonaws.com
web.b2m8qx.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
aliyuncs.com
haoyun0607.oss-accelerate.aliyuncs.com |
375 KB |
2 |
b2m8qx.com
web.b2m8qx.com |
1 KB |
2 |
windows.net
ejoau4tgmw021snusos.z7.web.core.windows.net ejoau4ctapp3.z7.web.core.windows.net |
3 KB |
1 |
ix19.cc
1 redirects
ix19.cc |
142 B |
0 |
hbanana.com
Failed
web.hbanana.com Failed |
|
16 | 5 |
Domain | Requested by | |
---|---|---|
11 | haoyun0607.oss-accelerate.aliyuncs.com |
ejoau4tgmw021snusos.z7.web.core.windows.net
haoyun0607.oss-accelerate.aliyuncs.com |
2 | web.b2m8qx.com |
haoyun0607.oss-accelerate.aliyuncs.com
|
1 | ejoau4ctapp3.z7.web.core.windows.net |
haoyun0607.oss-accelerate.aliyuncs.com
|
1 | ejoau4tgmw021snusos.z7.web.core.windows.net | |
1 | ix19.cc | 1 redirects |
0 | web.hbanana.com Failed |
haoyun0607.oss-accelerate.aliyuncs.com
|
16 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
chat.gmmktcsm.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.web.core.windows.net Microsoft Azure RSA TLS Issuing CA 04 |
2024-04-03 - 2025-03-29 |
a year | crt.sh |
*.oss-eu-central-1.aliyuncs.com GlobalSign Organization Validation CA - SHA256 - G3 |
2024-01-26 - 2025-02-26 |
a year | crt.sh |
b2m8qx.com R3 |
2024-05-09 - 2024-08-07 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://ejoau4tgmw021snusos.z7.web.core.windows.net/site/GM-W021.html?channelCode=gmhs10
Frame ID: 15D922BF7798B77D7B71A32AF638694C
Requests: 20 HTTP requests in this frame
Screenshot
Page Title
欢迎访问Page URL History Show full URLs
-
https://ix19.cc/
HTTP 302
https://ejoau4tgmw021snusos.z7.web.core.windows.net/site/GM-W021.html?channelCode=gmhs10 Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://ix19.cc/
HTTP 302
https://ejoau4tgmw021snusos.z7.web.core.windows.net/site/GM-W021.html?channelCode=gmhs10 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
GM-W021.html
ejoau4tgmw021snusos.z7.web.core.windows.net/site/ Redirect Chain
|
2 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
appinstall.js
haoyun0607.oss-accelerate.aliyuncs.com/assets/js/ |
47 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
qrcode.min.js
haoyun0607.oss-accelerate.aliyuncs.com/assets/js/ |
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
opTool.min.js
haoyun0607.oss-accelerate.aliyuncs.com/assets/js/ |
37 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
crypto-js.min.js
haoyun0607.oss-accelerate.aliyuncs.com/assets/js/ |
47 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loadpage-tool-v1.min.js
haoyun0607.oss-accelerate.aliyuncs.com/assets/js/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.5.1.min.js
haoyun0607.oss-accelerate.aliyuncs.com/assets/js/ |
87 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common-gm-flex-style.css
haoyun0607.oss-accelerate.aliyuncs.com/assets/css/ |
1 KB 963 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
qrcode.css
haoyun0607.oss-accelerate.aliyuncs.com/assets/css/ |
1 KB 967 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
urlService
web.b2m8qx.com/ |
24 B 765 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
setting.json
ejoau4ctapp3.z7.web.core.windows.net/ |
117 B 526 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
visit
web.b2m8qx.com/analyze/ |
0 668 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aes-img-bg-v1.aes
haoyun0607.oss-accelerate.aliyuncs.com/assets/img/v1/gm-w02/ |
261 KB 262 KB |
XHR
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aes-kefu-v1.aes
haoyun0607.oss-accelerate.aliyuncs.com/assets/img/v1/gm-w02/ |
20 KB 21 KB |
XHR
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
85 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
6 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bff.ico
haoyun0607.oss-accelerate.aliyuncs.com/assets/img/ |
4 KB 5 KB |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
20 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
261 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
init
web.hbanana.com/web/o2o8gko6/gmhs10/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- web.hbanana.com
- URL
- https://web.hbanana.com/web/o2o8gko6/gmhs10/init?channelCode=gmhs10&av=0&cv=0&hash=&server=web.hbanana.com&sw=p6Cmpg&sh=p6Smpg&sp=1&li=p6GkuKehuKa4og
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Porn Scam (Online)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
undefined| event object| fence object| sharedStorage function| lightYear function| QRCode object| _0x3dbb function| _0x2e48 function| _0x531b4b object| opTool object| CryptoJS object| loadPageTool function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ejoau4ctapp3.z7.web.core.windows.net
ejoau4tgmw021snusos.z7.web.core.windows.net
haoyun0607.oss-accelerate.aliyuncs.com
ix19.cc
web.b2m8qx.com
web.hbanana.com
web.hbanana.com
114.134.188.79
20.60.131.196
43.198.213.180
47.254.187.65
04ea324f07d8c299771c73d498f7afe61fc0d255214ce49ea0c15d4422271e25
387940f3e346e874338e423cd6460e8ce8fe5b667d7d35ce41bf2bfa4c2a5e64
395dbbff39b7122bb167a0a484f5767bcfd3c15801abd1b4f3e830da34dd7dde
3d651b1d709ef7477a2e6dd540481e31eb1fc54aa33dad6bd6aa0e946e00a110
4a711f5cd03c09fd79ae2f19bb2f71168e71c18b7562626a1ae8d99ebc3212ff
532731b611fc66cffda2e0de5333ca89b6e5846732d1309aaa20212dcac27ef6
555b0eeac38a2ce4cddc29bee27b4468567559b86f7613f628cc324cbc5ce1c0
77c757adcfda015a40de6eae6b617db34496fd4d3540ab1727b8bfa5c9414df4
7c506ab451f29c31dbe096a02be69b967f5f6ea4b11893ccf3af53664314b54e
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
9c059bc68b5bbffe27aca7780ed9fb114d16ecb9c049cbdfd742a7e62d1057fc
c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36
c63b458d4e1de9552bb91ded4d9b64b50cf9d3b464fce11926401f1bcd09778b
d28878eefb8903a0d72ae9d02f03d0b99a1434ee110c9e554700ecfb42b6e7c9
d71188a9f222f1e482f9c98e609e602203f5f0ebcaea4d059c33736dfdce24c5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b
f3aaa1a1c33036fd14a384da791fad9a280e228a703240c56e6c203ba4289af7
fc6a1dba826fa4babb9657a9446e6baf4a606b1956201470908a991a2ccc366c