ejoau4fgmw02wnorre.z7.web.core.windows.net
Open in
urlscan Pro
20.60.131.225
Malicious Activity!
Public Scan
Effective URL: https://ejoau4fgmw02wnorre.z7.web.core.windows.net/site/GM-W02.html?channelCode=pl66
Submission: On August 14 via api from US — Scanned from SG
Summary
TLS certificate: Issued by Microsoft Azure RSA TLS Issuing CA 04 on April 3rd 2024. Valid for: a year.
This is the only time ejoau4fgmw02wnorre.z7.web.core.windows.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Porn Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 27.124.45.249 27.124.45.249 | 64050 (BGNL-HK B...) (BGNL-HK BGP Network Limited) | |
1 | 20.60.131.225 20.60.131.225 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
11 | 161.117.118.128 161.117.118.128 | 45102 (ALIBABA-C...) (ALIBABA-CN-NET Alibaba US Technology Co.) | |
1 | 43.132.73.61 43.132.73.61 | 139341 (ACE-AS-AP...) (ACE-AS-AP ACE) | |
13 | 4 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
ejoau4fgmw02wnorre.z7.web.core.windows.net |
ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN)
lkscjasa0724.oss-accelerate.aliyuncs.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
aliyuncs.com
lkscjasa0724.oss-accelerate.aliyuncs.com |
369 KB |
1 |
310di.com
gmopdircweb.310di.com |
1 KB |
1 |
windows.net
ejoau4fgmw02wnorre.z7.web.core.windows.net |
3 KB |
1 |
89u6.cc
1 redirects
89u6.cc |
250 B |
13 | 4 |
Domain | Requested by | |
---|---|---|
11 | lkscjasa0724.oss-accelerate.aliyuncs.com |
ejoau4fgmw02wnorre.z7.web.core.windows.net
lkscjasa0724.oss-accelerate.aliyuncs.com |
1 | gmopdircweb.310di.com |
lkscjasa0724.oss-accelerate.aliyuncs.com
|
1 | ejoau4fgmw02wnorre.z7.web.core.windows.net | |
1 | 89u6.cc | 1 redirects |
13 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
chat.gmmktcsm.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.web.core.windows.net Microsoft Azure RSA TLS Issuing CA 04 |
2024-04-03 - 2025-03-29 |
a year | crt.sh |
ap-southeast-1.oss.aliyuncs.com GlobalSign Organization Validation CA - SHA256 - G3 |
2023-09-14 - 2024-10-15 |
a year | crt.sh |
310di.com R11 |
2024-07-29 - 2024-10-27 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://ejoau4fgmw02wnorre.z7.web.core.windows.net/site/GM-W02.html?channelCode=pl66
Frame ID: CAEA0A947D73A20FDEF1E20A82CFFA64
Requests: 17 HTTP requests in this frame
Screenshot
Page Title
欢迎访问Page URL History Show full URLs
-
https://89u6.cc/
HTTP 301
https://ejoau4fgmw02wnorre.z7.web.core.windows.net/site/GM-W02.html?channelCode=pl66 Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://89u6.cc/
HTTP 301
https://ejoau4fgmw02wnorre.z7.web.core.windows.net/site/GM-W02.html?channelCode=pl66 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
GM-W02.html
ejoau4fgmw02wnorre.z7.web.core.windows.net/site/ Redirect Chain
|
2 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
appinstall.js
lkscjasa0724.oss-accelerate.aliyuncs.com/assets/js/ |
47 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
qrcode.min.js
lkscjasa0724.oss-accelerate.aliyuncs.com/assets/js/ |
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
opTool.min.js
lkscjasa0724.oss-accelerate.aliyuncs.com/assets/js/ |
7 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
crypto-js.min.js
lkscjasa0724.oss-accelerate.aliyuncs.com/assets/js/ |
47 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loadpage-tool-v1.min.js
lkscjasa0724.oss-accelerate.aliyuncs.com/assets/js/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.5.1.min.js
lkscjasa0724.oss-accelerate.aliyuncs.com/assets/js/ |
87 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bff-w02.min.css
lkscjasa0724.oss-accelerate.aliyuncs.com/assets/css/bff/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
qr-title.js
lkscjasa0724.oss-accelerate.aliyuncs.com/assets/img/ |
3 KB 3 KB |
Image
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
init
gmopdircweb.310di.com/web/o2o8gko6/pl66/ |
667 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aes-img-bg-v1.aes
lkscjasa0724.oss-accelerate.aliyuncs.com/assets/img/v1/gm-w02/ |
261 KB 262 KB |
XHR
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aes-kefu-v1.aes
lkscjasa0724.oss-accelerate.aliyuncs.com/assets/img/v1/gm-w02/ |
20 KB 21 KB |
XHR
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
85 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
6 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bff.ico
lkscjasa0724.oss-accelerate.aliyuncs.com/assets/img/ |
4 KB 5 KB |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
261 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
20 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Porn Scam (Online)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| lightYear function| QRCode object| opTool object| CryptoJS object| loadPageTool function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
89u6.cc
ejoau4fgmw02wnorre.z7.web.core.windows.net
gmopdircweb.310di.com
lkscjasa0724.oss-accelerate.aliyuncs.com
161.117.118.128
20.60.131.225
27.124.45.249
43.132.73.61
04ea324f07d8c299771c73d498f7afe61fc0d255214ce49ea0c15d4422271e25
0d069cf648e16af758181adc371d2a16e7165a78fe506135ca39b6cc21091d99
264b6ece96301653d7c8031872fade09009a1fdc5f27ae01f8ff3f9d5b5eb563
2cdd41ba805ab8376cb98b8886d0b126f1878984bd5515ca28d8075d3746d816
395dbbff39b7122bb167a0a484f5767bcfd3c15801abd1b4f3e830da34dd7dde
4a711f5cd03c09fd79ae2f19bb2f71168e71c18b7562626a1ae8d99ebc3212ff
526ffc58ae8bcfe0aa8bcf42c760dec5b296fda9dcdf8ea7293ee9acf93df67e
532731b611fc66cffda2e0de5333ca89b6e5846732d1309aaa20212dcac27ef6
77c757adcfda015a40de6eae6b617db34496fd4d3540ab1727b8bfa5c9414df4
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
9c059bc68b5bbffe27aca7780ed9fb114d16ecb9c049cbdfd742a7e62d1057fc
ab54ae7b4cd932b860dfaf2bac971060ef91fe59c659257aac39b8c3a870ccd4
c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36
c695b2bc20897f995c36610e0d78b0e617406fe7c4d47b4de2b636423c4da214
dcbbd85e43f7a9863557345642182026c5fda718d58f4693a8dd958aa86f9635
f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b
f3aaa1a1c33036fd14a384da791fad9a280e228a703240c56e6c203ba4289af7