ejoau4fgmw02wnorre.z7.web.core.windows.net Open in urlscan Pro
20.60.131.225 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://89u6.cc/
Effective URL:
https://ejoau4fgmw02wnorre.z7.web.core.windows.net/site/GM-W02.html?channelCode=pl66
Submission: On August 14 via api (August 14th 2024, 1:54:26 am UTC) from US — Scanned from SG

Summary HTTP 13 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 13 HTTP transactions. The main IP is 20.60.131.225, located in Hong Kong, Hong Kong and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is ejoau4fgmw02wnorre.z7.web.core.windows.net.
TLS certificate: Issued by Microsoft Azure RSA TLS Issuing CA 04 on April 3rd 2024. Valid for: a year.

This is the only time ejoau4fgmw02wnorre.z7.web.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Porn Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	27.124.45.249 27.124.45.249	64050 (BGNL-HK B...) (BGNL-HK BGP Network Limited)
1	20.60.131.225 20.60.131.225	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
11	161.117.118.128 161.117.118.128	45102 (ALIBABA-C...) (ALIBABA-CN-NET Alibaba US Technology Co.)
1	43.132.73.61 43.132.73.61	139341 (ACE-AS-AP...) (ACE-AS-AP ACE)
13	4

1 27.124.45.249 (Singapore) 1 redirects

ASN64050 (BGNL-HK BGP Network Limited, HK)

89u6.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.60.131.225 (Hong Kong, Hong Kong)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

ejoau4fgmw02wnorre.z7.web.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 161.117.118.128 (Singapore)

ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN)

lkscjasa0724.oss-accelerate.aliyuncs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 43.132.73.61 (Singapore, Singapore)

ASN139341 (ACE-AS-AP ACE, SG)

gmopdircweb.310di.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	aliyuncs.com lkscjasa0724.oss-accelerate.aliyuncs.com	369 KB
1	310di.com gmopdircweb.310di.com	1 KB
1	windows.net ejoau4fgmw02wnorre.z7.web.core.windows.net	3 KB
1	89u6.cc 1 redirects 89u6.cc	250 B
13	4

	Domain	Requested by
11	lkscjasa0724.oss-accelerate.aliyuncs.com	ejoau4fgmw02wnorre.z7.web.core.windows.net lkscjasa0724.oss-accelerate.aliyuncs.com
1	gmopdircweb.310di.com	lkscjasa0724.oss-accelerate.aliyuncs.com
1	ejoau4fgmw02wnorre.z7.web.core.windows.net
1	89u6.cc	1 redirects
13	4

This site contains links to these domains. Also see Links.

Domain
chat.gmmktcsm.com

Subject Issuer	Validity	Valid
*.web.core.windows.net Microsoft Azure RSA TLS Issuing CA 04	`2024-04-03` - `2025-03-29`	a year	crt.sh
ap-southeast-1.oss.aliyuncs.com GlobalSign Organization Validation CA - SHA256 - G3	`2023-09-14` - `2024-10-15`	a year	crt.sh
310di.com R11	`2024-07-29` - `2024-10-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://ejoau4fgmw02wnorre.z7.web.core.windows.net/site/GM-W02.html?channelCode=pl66
Frame ID: CAEA0A947D73A20FDEF1E20A82CFFA64
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

欢迎访问

Page URL History Show full URLs

https://89u6.cc/ HTTP 301
https://ejoau4fgmw02wnorre.z7.web.core.windows.net/site/GM-W02.html?channelCode=pl66 Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

373 kB
Transfer

791 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://chat.gmmktcsm.com/webchat/chatbox.aspx?siteid=666666&lng=cn

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://89u6.cc/ HTTP 301
https://ejoau4fgmw02wnorre.z7.web.core.windows.net/site/GM-W02.html?channelCode=pl66 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request GM-W02.html Show response ejoau4fgmw02wnorre.z7.web.core.windows.net/site/ Redirect Chain https://89u6.cc/ https://ejoau4fgmw02wnorre.z7.web.core.windows.net/site/GM-W02.html?channelCode=pl66	2 KB 3 KB	176ms 42ms	Document text/html	20.60.131.225 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://ejoau4fgmw02wnorre.z7.web.core.windows.net/site/GM-W02.html?channelCode=pl66 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 20.60.131.225 Hong Kong, Hong Kong, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `c695b2bc20897f995c36610e0d78b0e617406fe7c4d47b4de2b636423c4da214` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Accept-Ranges bytes Content-Length 2222 Content-MD5 zD53DdnnP/zh8OnujtRoCw== Content-Type text/html Date Wed, 14 Aug 2024 01:54:19 GMT ETag "0x8DCB6A00D4AA1E3" Last-Modified Wed, 07 Aug 2024 05:16:11 GMT Server Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id 929d2bca-101e-000b-65ec-ed2043000000 x-ms-version 2018-03-28 Redirect headers Connection keep-alive Content-Length 166 Content-Type text/html Date Wed, 14 Aug 2024 01:54:20 GMT Location https://ejoau4fgmw02wnorre.z7.web.core.windows.net/site/GM-W02.html?channelCode=pl66 Server cdn
GET H/1.1	200 OK	appinstall.js Show response lkscjasa0724.oss-accelerate.aliyuncs.com/assets/js/	47 KB 18 KB	163ms 82ms	Script application/javascript	161.117.118.128 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Full URL https://lkscjasa0724.oss-accelerate.aliyuncs.com/assets/js/appinstall.js Requested by Host: ejoau4fgmw02wnorre.z7.web.core.windows.net URL: https://ejoau4fgmw02wnorre.z7.web.core.windows.net/site/GM-W02.html?channelCode=pl66 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 161.117.118.128 , Singapore, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software AliyunOSS / Resource Hash `ab54ae7b4cd932b860dfaf2bac971060ef91fe59c659257aac39b8c3a870ccd4` Request headers Referer https://ejoau4fgmw02wnorre.z7.web.core.windows.net/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Date Wed, 14 Aug 2024 01:54:20 GMT Content-Encoding gzip x-oss-request-id 66BC0E4CFFD93E15D979CFCF Content-MD5 oTpRPUD4ch/GtKmPt3HErQ== Transfer-Encoding chunked Content-Disposition attachment Connection keep-alive x-oss-object-type Normal Last-Modified Fri, 02 Aug 2024 02:07:31 GMT Server AliyunOSS Vary Accept-Encoding Content-Type application/javascript x-oss-ec 0048-00000113 x-oss-force-download true x-oss-storage-class Standard x-oss-hash-crc64ecma 12034541424503076589 x-oss-server-time 1
GET H/1.1	200 OK	qrcode.min.js Show response lkscjasa0724.oss-accelerate.aliyuncs.com/assets/js/	19 KB 7 KB	160ms 80ms	Script application/javascript	161.117.118.128 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Full URL https://lkscjasa0724.oss-accelerate.aliyuncs.com/assets/js/qrcode.min.js Requested by Host: ejoau4fgmw02wnorre.z7.web.core.windows.net URL: https://ejoau4fgmw02wnorre.z7.web.core.windows.net/site/GM-W02.html?channelCode=pl66 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 161.117.118.128 , Singapore, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software AliyunOSS / Resource Hash `c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36` Request headers Referer https://ejoau4fgmw02wnorre.z7.web.core.windows.net/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Date Wed, 14 Aug 2024 01:54:20 GMT Content-Encoding gzip x-oss-request-id 66BC0E4CFFD93E15D979CFD1 Content-MD5 UXtV02iM6e8QhaPZYyvLlw== Transfer-Encoding chunked Content-Disposition attachment Connection keep-alive x-oss-object-type Normal Last-Modified Tue, 30 Jul 2024 02:36:57 GMT Server AliyunOSS Vary Accept-Encoding Content-Type application/javascript x-oss-ec 0048-00000113 x-oss-force-download true x-oss-storage-class Standard x-oss-hash-crc64ecma 17632674935737242381 x-oss-server-time 1
GET H/1.1	200 OK	opTool.min.js Show response lkscjasa0724.oss-accelerate.aliyuncs.com/assets/js/	7 KB 2 KB	170ms 90ms	Script application/javascript	161.117.118.128 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Full URL https://lkscjasa0724.oss-accelerate.aliyuncs.com/assets/js/opTool.min.js?v=4.2.25 Requested by Host: ejoau4fgmw02wnorre.z7.web.core.windows.net URL: https://ejoau4fgmw02wnorre.z7.web.core.windows.net/site/GM-W02.html?channelCode=pl66 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 161.117.118.128 , Singapore, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software AliyunOSS / Resource Hash `0d069cf648e16af758181adc371d2a16e7165a78fe506135ca39b6cc21091d99` Request headers Referer https://ejoau4fgmw02wnorre.z7.web.core.windows.net/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Date Wed, 14 Aug 2024 01:54:20 GMT Content-Encoding gzip x-oss-request-id 66BC0E4CA75DA0538879A2BE Content-MD5 9zFZBeStMBzCAvda4A/Axw== Transfer-Encoding chunked Content-Disposition attachment Connection keep-alive x-oss-object-type Normal Last-Modified Mon, 12 Aug 2024 01:50:47 GMT Server AliyunOSS Vary Accept-Encoding Content-Type application/javascript x-oss-ec 0048-00000113 x-oss-force-download true x-oss-storage-class Standard x-oss-hash-crc64ecma 13249744573037870477 x-oss-server-time 1
GET H/1.1	200 OK	crypto-js.min.js Show response lkscjasa0724.oss-accelerate.aliyuncs.com/assets/js/	47 KB 17 KB	153ms 74ms	Script application/javascript	161.117.118.128 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Full URL https://lkscjasa0724.oss-accelerate.aliyuncs.com/assets/js/crypto-js.min.js Requested by Host: ejoau4fgmw02wnorre.z7.web.core.windows.net URL: https://ejoau4fgmw02wnorre.z7.web.core.windows.net/site/GM-W02.html?channelCode=pl66 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 161.117.118.128 , Singapore, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software AliyunOSS / Resource Hash `8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762` Request headers Referer https://ejoau4fgmw02wnorre.z7.web.core.windows.net/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Date Wed, 14 Aug 2024 01:54:20 GMT Content-Encoding gzip x-oss-request-id 66BC0E4CFFD93E15D979CFCE Content-MD5 LKA62HiFq5g1QQkrh62ymQ== Transfer-Encoding chunked Content-Disposition attachment Connection keep-alive x-oss-object-type Normal Last-Modified Tue, 30 Jul 2024 02:36:58 GMT Server AliyunOSS Vary Accept-Encoding Content-Type application/javascript x-oss-ec 0048-00000113 x-oss-force-download true x-oss-storage-class Standard x-oss-hash-crc64ecma 2111864505403207597 x-oss-server-time 0
GET H/1.1	200 OK	loadpage-tool-v1.min.js Show response lkscjasa0724.oss-accelerate.aliyuncs.com/assets/js/	3 KB 2 KB	399ms 320ms	Script application/javascript	161.117.118.128 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Full URL https://lkscjasa0724.oss-accelerate.aliyuncs.com/assets/js/loadpage-tool-v1.min.js?v=1.1 Requested by Host: ejoau4fgmw02wnorre.z7.web.core.windows.net URL: https://ejoau4fgmw02wnorre.z7.web.core.windows.net/site/GM-W02.html?channelCode=pl66 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 161.117.118.128 , Singapore, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software AliyunOSS / Resource Hash `f3aaa1a1c33036fd14a384da791fad9a280e228a703240c56e6c203ba4289af7` Request headers Referer https://ejoau4fgmw02wnorre.z7.web.core.windows.net/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Date Wed, 14 Aug 2024 01:54:20 GMT Content-Encoding gzip x-oss-request-id 66BC0E4C9F73B162A883B0BC Content-MD5 qAq6ujegJMOX/dmViweqyw== Transfer-Encoding chunked Content-Disposition attachment Connection keep-alive x-oss-object-type Normal Last-Modified Tue, 30 Jul 2024 02:36:57 GMT Server AliyunOSS Vary Accept-Encoding Content-Type application/javascript x-oss-ec 0048-00000113 x-oss-force-download true x-oss-storage-class Standard x-oss-hash-crc64ecma 10102349120166313854 x-oss-server-time 1
GET H/1.1	200 OK	jquery-3.5.1.min.js Show response lkscjasa0724.oss-accelerate.aliyuncs.com/assets/js/	87 KB 31 KB	232ms 76ms	Script application/javascript	161.117.118.128 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Full URL https://lkscjasa0724.oss-accelerate.aliyuncs.com/assets/js/jquery-3.5.1.min.js Requested by Host: ejoau4fgmw02wnorre.z7.web.core.windows.net URL: https://ejoau4fgmw02wnorre.z7.web.core.windows.net/site/GM-W02.html?channelCode=pl66 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 161.117.118.128 , Singapore, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software AliyunOSS / Resource Hash `f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b` Request headers Referer https://ejoau4fgmw02wnorre.z7.web.core.windows.net/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Date Wed, 14 Aug 2024 01:54:20 GMT Content-Encoding gzip x-oss-request-id 66BC0E4CFFD93E15D979CFD6 Content-MD5 thqm4taNIbNUa1tBi/Dpww== Transfer-Encoding chunked Content-Disposition attachment Connection keep-alive x-oss-object-type Normal Last-Modified Tue, 30 Jul 2024 02:36:58 GMT Server AliyunOSS Vary Accept-Encoding Content-Type application/javascript x-oss-ec 0048-00000113 x-oss-force-download true x-oss-storage-class Standard x-oss-hash-crc64ecma 8771392997377686943 x-oss-server-time 1
GET H/1.1	200 OK	bff-w02.min.css lkscjasa0724.oss-accelerate.aliyuncs.com/assets/css/bff/	2 KB 1 KB	167ms 90ms	Stylesheet text/css	161.117.118.128 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Full URL https://lkscjasa0724.oss-accelerate.aliyuncs.com/assets/css/bff/bff-w02.min.css Requested by Host: ejoau4fgmw02wnorre.z7.web.core.windows.net URL: https://ejoau4fgmw02wnorre.z7.web.core.windows.net/site/GM-W02.html?channelCode=pl66 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 161.117.118.128 , Singapore, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software AliyunOSS / Resource Hash `526ffc58ae8bcfe0aa8bcf42c760dec5b296fda9dcdf8ea7293ee9acf93df67e` Request headers Referer https://ejoau4fgmw02wnorre.z7.web.core.windows.net/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Date Wed, 14 Aug 2024 01:54:20 GMT Content-Encoding gzip x-oss-request-id 66BC0E4CA75DA0538879A2BF Content-MD5 p/qBPT7M60OIApOjsmcL0A== Transfer-Encoding chunked Content-Disposition attachment Connection keep-alive x-oss-object-type Normal Last-Modified Wed, 24 Jul 2024 10:02:39 GMT Server AliyunOSS Vary Accept-Encoding Content-Type text/css x-oss-ec 0048-00000113 x-oss-force-download true x-oss-storage-class Standard x-oss-hash-crc64ecma 11736189253239297055 x-oss-server-time 1
GET H/1.1	200 OK	qr-title.js lkscjasa0724.oss-accelerate.aliyuncs.com/assets/img/	3 KB 3 KB	78ms 78ms	Image application/javascript	161.117.118.128 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Show image Full URL https://lkscjasa0724.oss-accelerate.aliyuncs.com/assets/img/qr-title.js Requested by Host: ejoau4fgmw02wnorre.z7.web.core.windows.net URL: https://ejoau4fgmw02wnorre.z7.web.core.windows.net/site/GM-W02.html?channelCode=pl66 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 161.117.118.128 , Singapore, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software AliyunOSS / Resource Hash `264b6ece96301653d7c8031872fade09009a1fdc5f27ae01f8ff3f9d5b5eb563` Request headers Referer https://ejoau4fgmw02wnorre.z7.web.core.windows.net/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Date Wed, 14 Aug 2024 01:54:20 GMT Content-Encoding gzip x-oss-request-id 66BC0E4C9F73B162A883B0B1 Content-MD5 p0KRRS0VloM5BiO9Uygatg== Transfer-Encoding chunked Content-Disposition attachment Connection keep-alive x-oss-object-type Normal Last-Modified Wed, 24 Jul 2024 10:03:15 GMT Server AliyunOSS Vary Accept-Encoding Content-Type application/javascript x-oss-ec 0048-00000113 x-oss-force-download true x-oss-storage-class Standard x-oss-hash-crc64ecma 14533523563399653618 x-oss-server-time 1
POST H/1.1	200 OK	init Show response gmopdircweb.310di.com/web/o2o8gko6/pl66/	667 B 1 KB	121ms 87ms	XHR application/json	43.132.73.61 ACE-AS-AP ACE
General Check archive.org Show headers Download Go to Full URL https://gmopdircweb.310di.com/web/o2o8gko6/pl66/init?channelCode=pl66&av=0&cv=0&hash=&server=gmopdircweb.310di.com&sw=p6Cmpg&sh=p6Smpg&sp=1&li=p6GkuKehuKa4og Requested by Host: lkscjasa0724.oss-accelerate.aliyuncs.com URL: https://lkscjasa0724.oss-accelerate.aliyuncs.com/assets/js/appinstall.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 43.132.73.61 Singapore, Singapore, ASN139341 (ACE-AS-AP ACE, SG), Reverse DNS Software nginx / Resource Hash `2cdd41ba805ab8376cb98b8886d0b126f1878984bd5515ca28d8075d3746d816` Request headers Referer https://ejoau4fgmw02wnorre.z7.web.core.windows.net/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers Date Wed, 14 Aug 2024 01:54:20 GMT Server nginx EO-Cache-Status MISS Vary Origin Content-Type application/json;charset=utf-8 Access-Control-Allow-Origin https://ejoau4fgmw02wnorre.z7.web.core.windows.net Cache-Control no-cache Access-Control-Allow-Credentials true EO-LOG-UUID 14151044366590879226 Connection keep-alive Content-Length 667
GET H/1.1	200 OK	aes-img-bg-v1.aes Show response lkscjasa0724.oss-accelerate.aliyuncs.com/assets/img/v1/gm-w02/	261 KB 262 KB	308ms 298ms	XHR application/octet-stream	161.117.118.128 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Full URL https://lkscjasa0724.oss-accelerate.aliyuncs.com/assets/img/v1/gm-w02/aes-img-bg-v1.aes Requested by Host: lkscjasa0724.oss-accelerate.aliyuncs.com URL: https://lkscjasa0724.oss-accelerate.aliyuncs.com/assets/js/loadpage-tool-v1.min.js?v=1.1 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 161.117.118.128 , Singapore, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software AliyunOSS / Resource Hash `395dbbff39b7122bb167a0a484f5767bcfd3c15801abd1b4f3e830da34dd7dde` Request headers Referer https://ejoau4fgmw02wnorre.z7.web.core.windows.net/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Date Wed, 14 Aug 2024 01:54:21 GMT x-oss-request-id 66BC0E4DFFD93E15D979CFF5 Content-MD5 4q5P3dVlB00TJymrwDbS1Q== Content-Disposition attachment Connection keep-alive Content-Length 267712 x-oss-object-type Normal Last-Modified Wed, 24 Jul 2024 10:02:52 GMT Server AliyunOSS ETag "E2AE4FDDD565074D132729ABC036D2D5" Access-Control-Max-Age 0 Access-Control-Allow-Methods GET Content-Type application/octet-stream Access-Control-Allow-Origin * x-oss-ec 0048-00000113 x-oss-force-download true x-oss-storage-class Standard Accept-Ranges bytes x-oss-hash-crc64ecma 17162424503848072601 x-oss-server-time 1
GET H/1.1	200 OK	aes-kefu-v1.aes Show response lkscjasa0724.oss-accelerate.aliyuncs.com/assets/img/v1/gm-w02/	20 KB 21 KB	345ms 79ms	XHR application/octet-stream	161.117.118.128 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Full URL https://lkscjasa0724.oss-accelerate.aliyuncs.com/assets/img/v1/gm-w02/aes-kefu-v1.aes Requested by Host: lkscjasa0724.oss-accelerate.aliyuncs.com URL: https://lkscjasa0724.oss-accelerate.aliyuncs.com/assets/js/loadpage-tool-v1.min.js?v=1.1 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 161.117.118.128 , Singapore, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software AliyunOSS / Resource Hash `532731b611fc66cffda2e0de5333ca89b6e5846732d1309aaa20212dcac27ef6` Request headers Referer https://ejoau4fgmw02wnorre.z7.web.core.windows.net/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Date Wed, 14 Aug 2024 01:54:21 GMT x-oss-request-id 66BC0E4D9F73B162A883B0CC Content-MD5 uFb4XhxRpdpjAD4Co/8UmA== Content-Disposition attachment Connection keep-alive Content-Length 20464 x-oss-object-type Normal Last-Modified Wed, 24 Jul 2024 10:02:52 GMT Server AliyunOSS ETag "B856F85E1C51A5DA63003E02A3FF1498" Access-Control-Max-Age 0 Access-Control-Allow-Methods GET Content-Type application/octet-stream Access-Control-Allow-Origin * x-oss-ec 0048-00000113 x-oss-force-download true x-oss-storage-class Standard Accept-Ranges bytes x-oss-hash-crc64ecma 5528089886498507289 x-oss-server-time 1
GET DATA	200 OK	truncated /	85 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `4a711f5cd03c09fd79ae2f19bb2f71168e71c18b7562626a1ae8d99ebc3212ff` Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated /	6 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `dcbbd85e43f7a9863557345642182026c5fda718d58f4693a8dd958aa86f9635` Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Content-Type image/png
GET H/1.1	200 OK	bff.ico lkscjasa0724.oss-accelerate.aliyuncs.com/assets/img/	4 KB 5 KB	86ms 85ms	Other image/vnd.microsoft.icon	161.117.118.128 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Full URL https://lkscjasa0724.oss-accelerate.aliyuncs.com/assets/img/bff.ico Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 161.117.118.128 , Singapore, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software AliyunOSS / Resource Hash `77c757adcfda015a40de6eae6b617db34496fd4d3540ab1727b8bfa5c9414df4` Request headers Referer https://ejoau4fgmw02wnorre.z7.web.core.windows.net/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Date Wed, 14 Aug 2024 01:54:21 GMT x-oss-request-id 66BC0E4C9F73B162A883B0C5 Content-MD5 HSjue5LgPJWqdnFWGkhzcw== Content-Disposition attachment Connection keep-alive Content-Length 4286 x-oss-object-type Normal Last-Modified Wed, 24 Jul 2024 10:03:16 GMT Server AliyunOSS ETag "1D28EE7B92E03C95AA7671561A487373" Content-Type image/vnd.microsoft.icon x-oss-ec 0048-00000113 x-oss-force-download true x-oss-storage-class Standard Accept-Ranges bytes x-oss-hash-crc64ecma 5432167365781376676 x-oss-server-time 1
GET DATA	200 OK	truncated /	261 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `9c059bc68b5bbffe27aca7780ed9fb114d16ecb9c049cbdfd742a7e62d1057fc` Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	20 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `04ea324f07d8c299771c73d498f7afe61fc0d255214ce49ea0c15d4422271e25` Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Content-Type image/jpeg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Porn Scam (Online)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

89u6.cc
ejoau4fgmw02wnorre.z7.web.core.windows.net
gmopdircweb.310di.com
lkscjasa0724.oss-accelerate.aliyuncs.com
161.117.118.128
20.60.131.225
27.124.45.249
43.132.73.61
04ea324f07d8c299771c73d498f7afe61fc0d255214ce49ea0c15d4422271e25
0d069cf648e16af758181adc371d2a16e7165a78fe506135ca39b6cc21091d99
264b6ece96301653d7c8031872fade09009a1fdc5f27ae01f8ff3f9d5b5eb563
2cdd41ba805ab8376cb98b8886d0b126f1878984bd5515ca28d8075d3746d816
395dbbff39b7122bb167a0a484f5767bcfd3c15801abd1b4f3e830da34dd7dde
4a711f5cd03c09fd79ae2f19bb2f71168e71c18b7562626a1ae8d99ebc3212ff
526ffc58ae8bcfe0aa8bcf42c760dec5b296fda9dcdf8ea7293ee9acf93df67e
532731b611fc66cffda2e0de5333ca89b6e5846732d1309aaa20212dcac27ef6
77c757adcfda015a40de6eae6b617db34496fd4d3540ab1727b8bfa5c9414df4
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
9c059bc68b5bbffe27aca7780ed9fb114d16ecb9c049cbdfd742a7e62d1057fc
ab54ae7b4cd932b860dfaf2bac971060ef91fe59c659257aac39b8c3a870ccd4
c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36
c695b2bc20897f995c36610e0d78b0e617406fe7c4d47b4de2b636423c4da214
dcbbd85e43f7a9863557345642182026c5fda718d58f4693a8dd958aa86f9635
f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b
f3aaa1a1c33036fd14a384da791fad9a280e228a703240c56e6c203ba4289af7

ejoau4fgmw02wnorre.z7.web.core.windows.net Open in urlscan Pro 20.60.131.225 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

373 kBTransfer

791 kBSize

0 Cookies

1 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

Indicators

ejoau4fgmw02wnorre.z7.web.core.windows.net Open in urlscan Pro
20.60.131.225 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

373 kB
Transfer

791 kB
Size

0
Cookies

13 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!