load.alibaloads.top
Open in
urlscan Pro
27.124.40.28
Malicious Activity!
Public Scan
URL:
https://load.alibaloads.top/
Submission: On November 07 via api from US — Scanned from SG
Submission: On November 07 via api from US — Scanned from SG
Summary
This website contacted 1 IPs
in 1 countries
across 1 domains to perform 13 HTTP transactions.
The main IP is 27.124.40.28, located in
Singapore and
belongs to BGNL-HK BGP Network Limited, HK.
The main domain is load.alibaloads.top.
TLS certificate: Issued by R11 on November 6th 2024. Valid for: 3 months.
This is the only time load.alibaloads.top was scanned on urlscan.io!
TLS certificate: Issued by R11 on November 6th 2024. Valid for: 3 months.
This is the only time load.alibaloads.top was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: HSBC (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 13 | 27.124.40.28 27.124.40.28 | 64050 (BGNL-HK B...) (BGNL-HK BGP Network Limited) | |
| 13 | 1 |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 13 |
alibaloads.top
load.alibaloads.top |
801 KB |
| 13 | 1 |
| Domain | Requested by | |
|---|---|---|
| 13 | load.alibaloads.top |
load.alibaloads.top
|
| 13 | 1 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| load.alibabasfs.top R11 |
2024-11-06 - 2025-02-04 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://load.alibaloads.top/
Frame ID: 0CCBB875D0B437B171CDCB6867D75090
Requests: 13 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
load.alibaloads.top/ |
471 KB 36 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main.css
load.alibaloads.top/assets/css/ |
961 KB 133 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
tc-hsbc-logo-2.svg
load.alibaloads.top/assets/images/ |
3 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
profit-hand.jpg
load.alibaloads.top/assets/images/ |
29 KB 22 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
global-wallet.jpg
load.alibaloads.top/assets/images/ |
38 KB 30 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
8147-couples-drinking-champagne-in-the-restaurant-2560x1440.jpg
load.alibaloads.top/assets/images/ |
423 KB 415 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
airport-lounge.jpg
load.alibaloads.top/assets/images/ |
499 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
UniversNextforHSBCW02-Rg.woff
load.alibaloads.top/assets/fonts/ |
27 KB 27 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
UniversNextforHSBCW02-Bd.woff
load.alibaloads.top/assets/fonts/ |
26 KB 26 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
HSBCIcon-Font-Extension.woff
load.alibaloads.top/assets/fonts/ |
37 KB 38 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
UniversNextforHSBCW02-Lt.woff
load.alibaloads.top/assets/fonts/ |
26 KB 26 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
UniversNextforHSBCW02-LtIt.woff
load.alibaloads.top/assets/fonts/ |
24 KB 25 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
HSBCIcon-Font.woff
load.alibaloads.top/assets/fonts/ |
22 KB 22 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: HSBC (Banking)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| onTopClick function| handleApply function| handleQuery function| handleWithdrawal0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Strict-Transport-Security | max-age=31536000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
load.alibaloads.top
27.124.40.28
0734430c4da295787ce1ba6e53b60b4ac6cd7522995d022b34a1c47879b33d82
1410bf3ef15162a56d0c7ea0f851483738179ce8281a269f4ed88612e9c9a695
1fe93d773a537c17456fc95e7dbfb69cba2914ac73c5f9b01d4db046667c688e
33b6832b6f7b8008336c6ede40b04a646fa0944e77e014ffe4f9e2e7e75f93e9
580245633d829cdc4a80192bc505ad254af0ed2955d5add87b56917a1c0f64df
6d6898caec84507e6aae7dcd49874383c176b28df99a2d4ee9e39944e884c5de
76e6fcb163f76c23e3595acdb5c37457b8529ae4612bdfd266a9ef3d83550586
c736d15fc8104340a0fcbdad3dea714abc1a358ec4e108952c223a24460006e3
d5858e7a37f13d0fbba07960276e37fdf985f1e2854a9988b58cfcfc68729754
e5701cf0d59a7b2d9beb16f320d8c508e37eb73a18c8b8e0494ee95df36b8b38
e57fa923e1242b94093a29bc1497e22d7b5f78d6f124fe5ffc651383af545e13
ee83b88c2275f336bb531c21acf24f215fcd319c9695b08a07e2891428a9c502