webmail.7hsgu.asia Open in urlscan Pro
23.224.233.87  Malicious Activity! Public Scan

4 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request t5.html Show response webmail.7hsgu.asia/index/	57 KB 13 KB	2009ms 358ms	Document text/html	23.224.233.87 CNSERVERS
General Check archive.org Show headers Download Go to Full URL http://webmail.7hsgu.asia/index/t5.html Protocol HTTP/1.1 Server 23.224.233.87 , United States, ASN40065 (CNSERVERS, US), Reverse DNS Software nginx / Resource Hash 48463799623b9bc113456cf13668cf1b8357d53c5364b443f1bee93c12c069bd Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=utf-8 Date Sat, 22 Apr 2023 15:00:35 GMT Server nginx Strict-Transport-Security max-age=31536000 Transfer-Encoding chunked Vary Accept-Encoding
GET H/1.1	200 OK	style.css webmail.7hsgu.asia/static/templete/outlook/static/css/	146 KB 27 KB	284ms 283ms	Stylesheet text/css	23.224.233.87 CNSERVERS
General Check archive.org Show headers Download Go to Full URL http://webmail.7hsgu.asia/static/templete/outlook/static/css/style.css Requested by Host: webmail.7hsgu.asia URL: http://webmail.7hsgu.asia/index/t5.html Protocol HTTP/1.1 Server 23.224.233.87 , United States, ASN40065 (CNSERVERS, US), Reverse DNS Software nginx / Resource Hash e1d056c337d6028e6ded60e32cface28c6dfd8de734880c3f1908d3427657a85 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer http://webmail.7hsgu.asia/index/t5.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Sat, 22 Apr 2023 15:00:35 GMT Strict-Transport-Security max-age=31536000 Content-Encoding gzip Last-Modified Thu, 13 Apr 2023 11:53:56 GMT Server nginx ETag W/"6437ed54-24609" Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/css Cache-Control max-age=43200 Connection keep-alive Expires Sun, 23 Apr 2023 03:00:35 GMT
GET H/1.1	200 OK	53_8b36337037cff88c3df203bb73d58e41.png aadcdn.msauth.cn/shared/1.0/content/images/applogos/	5 KB 6 KB	680ms 24ms	Image image/png	163.171.132.119 QUANTILNETWORKS
General Check archive.org Show headers Download Go to Show image Full URL https://aadcdn.msauth.cn/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png Requested by Host: webmail.7hsgu.asia URL: http://webmail.7hsgu.asia/index/t5.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 163.171.132.119 , Germany, ASN54994 (QUANTILNETWORKS, CA), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash e4e1e65871749d18aea150643c07e0aab2057da057c6c57ec1c3c43580e1c898 Request headers accept-language de-DE,de;q=0.9 Referer http://webmail.7hsgu.asia/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers x-ms-blob-type BlockBlob Date Sat, 22 Apr 2023 15:00:35 GMT Content-MD5 izYzcDfP+Iw98gO7c9WOQQ== Age 1 X-Cache HIT from cache.51cdn.com X-Via 1.1 PSmglsjLAX2ui163:3 (Cdn Cache Server V2.0), 1.1 PSdgflkfFRA1bc200:14 (Cdn Cache Server V2.0), 1.1 PSdgflkfFRA2gb73:17 (Cdn Cache Server V2.0) Connection keep-alive Content-Length 5139 x-ms-lease-status unlocked Last-Modified Wed, 12 Feb 2020 03:12:12 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 ETag 0x8D7AF695A8C44DC X-Ws-Request-Id 6443f693_PSdgflkfFRA2lp71_21529-9154 Content-Type image/png Access-Control-Allow-Origin * x-ms-request-id a141c211-a01e-005d-2813-228b5b000000 Access-Control-Expose-Headers x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Cache-Control public, max-age=31536000 x-ms-version 2009-09-19
GET H/1.1	200 OK	signin-options_4e48046ce74f4b89d45037c90576bfac.svg aadcdn.msauth.cn/shared/1.0/content/images/	2 KB 2 KB	657ms 22ms	Image image/svg+xml	163.171.132.119 QUANTILNETWORKS
General Check archive.org Show headers Download Go to Show image Full URL https://aadcdn.msauth.cn/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg Requested by Host: webmail.7hsgu.asia URL: http://webmail.7hsgu.asia/index/t5.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 163.171.132.119 , Germany, ASN54994 (QUANTILNETWORKS, CA), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93 Request headers accept-language de-DE,de;q=0.9 Referer http://webmail.7hsgu.asia/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers x-ms-blob-type BlockBlob Date Sat, 22 Apr 2023 15:00:35 GMT Content-Encoding gzip Content-MD5 R2FAVxfpONfnQAuxVxXbHg== Age 1 X-Cache HIT from cache.51cdn.com X-Via 1.1 hx172:10 (Cdn Cache Server V2.0), 1.1 PSfgblPAR2ff185:4 (Cdn Cache Server V2.0), 1.1 PSdgflkfFRA2po75:13 (Cdn Cache Server V2.0) Connection keep-alive Content-Length 621 x-ms-lease-status unlocked Last-Modified Tue, 10 Nov 2020 03:41:24 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 ETag 0x8D8852A7FA6B761 X-Ws-Request-Id 6443f693_PSdgflkfFRA2gb73_14921-53452 Content-Type image/svg+xml Access-Control-Allow-Origin * x-ms-request-id 40bd392c-b01e-0000-5873-483773000000 Access-Control-Expose-Headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Cache-Control public, max-age=31536000 x-ms-version 2009-09-19
GET H/1.1	200 OK	arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg aadcdn.msauth.cn/shared/1.0/content/images/	513 B 1 KB	657ms 23ms	Image image/svg+xml	163.171.132.119 QUANTILNETWORKS
General Check archive.org Show headers Download Go to Show image Full URL https://aadcdn.msauth.cn/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg Requested by Host: webmail.7hsgu.asia URL: http://webmail.7hsgu.asia/index/t5.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 163.171.132.119 , Germany, ASN54994 (QUANTILNETWORKS, CA), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58 Request headers accept-language de-DE,de;q=0.9 Referer http://webmail.7hsgu.asia/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers x-ms-blob-type BlockBlob Date Sat, 22 Apr 2023 15:00:35 GMT Content-Encoding gzip Content-MD5 TjUQkZ0p0Y7rbj6LJofS9Q== Age 1 X-Cache HIT from cache.51cdn.com X-Via 1.1 hx171:1 (Cdn Cache Server V2.0), 1.1 PSfgblPAR2ff185:8 (Cdn Cache Server V2.0), 1.1 PSdgflkfFRA2lp71:15 (Cdn Cache Server V2.0) Connection keep-alive Content-Length 276 x-ms-lease-status unlocked Last-Modified Fri, 17 Jan 2020 19:28:34 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 ETag 0x8D79B8371B97A82 X-Ws-Request-Id 6443f693_PSdgflkfFRA2gb73_18650-31544 Content-Type image/svg+xml Access-Control-Allow-Origin * x-ms-request-id e038b528-b01e-0000-26ed-683773000000 Access-Control-Expose-Headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Cache-Control public, max-age=31536000 x-ms-version 2009-09-19
GET H2	403	jquery.js cdn.bootcdn.net/ajax/libs/jquery/3.6.4/	0 0	1466ms 197ms	Script text/html	218.12.76.172 CHINA169-BACKBONE...
General Check archive.org Show headers Download Go to Full URL https://cdn.bootcdn.net/ajax/libs/jquery/3.6.4/jquery.js Requested by Host: webmail.7hsgu.asia URL: http://webmail.7hsgu.asia/index/t5.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 218.12.76.172 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN), Reverse DNS Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer http://webmail.7hsgu.asia/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers
GET H/1.1	200 OK	hm.js Show response hm.baidu.com/	29 KB 12 KB	1287ms 372ms	Script application/javascript	103.235.46.191 BAIDU Beijing Bai...
General Check archive.org Show headers Download Go to Full URL https://hm.baidu.com/hm.js?3226b22f2a06945ceb732c2228e96b24 Requested by Host: webmail.7hsgu.asia URL: http://webmail.7hsgu.asia/index/t5.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN), Reverse DNS Software apache / Resource Hash ac1bd896b2efff912b93786ea9c734c35a057f2c932fa4e072626e8d272ceea0 Security Headers Name Value Strict-Transport-Security max-age=172800 Request headers accept-language de-DE,de;q=0.9 Referer http://webmail.7hsgu.asia/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Sat, 22 Apr 2023 15:00:36 GMT Content-Encoding gzip Strict-Transport-Security max-age=172800 Server apache Etag 76be75e91d54296b0f0f8c840cfc9f29 P3p CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type application/javascript Cache-Control max-age=0, must-revalidate Content-Length 11266
GET H/1.1	200 OK	49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg aadcdn.msauth.cn/shared/1.0/content/images/appbackgrounds/	987 B 2 KB	95ms 25ms	Image image/jpeg	163.171.132.119 QUANTILNETWORKS
General Check archive.org Show headers Download Go to Show image Full URL https://aadcdn.msauth.cn/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg Requested by Host: webmail.7hsgu.asia URL: http://webmail.7hsgu.asia/index/t5.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 163.171.132.119 , Germany, ASN54994 (QUANTILNETWORKS, CA), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 8b34a475187302935336bf43a2bf2a4e0adb9a1e87953ea51f6fcf0ef52a4a1d Request headers accept-language de-DE,de;q=0.9 Referer http://webmail.7hsgu.asia/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers x-ms-blob-type BlockBlob Date Sat, 22 Apr 2023 15:00:35 GMT Content-MD5 5YqvyYBhSpzXeWvqe16o8A== Age 1 X-Cache HIT from cache.51cdn.com X-Via 1.1 PS-YUL-01Ge696:12 (Cdn Cache Server V2.0), 1.1 kf230:7 (Cdn Cache Server V2.0), 1.1 PSdgflkfFRA2gb73:8 (Cdn Cache Server V2.0) Connection keep-alive Content-Length 987 x-ms-lease-status unlocked Last-Modified Fri, 27 Mar 2020 19:41:47 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 ETag 0x8D7D286E322A911 X-Ws-Request-Id 6443f693_PSdgflkfFRA2lp71_19515-42849 Content-Type image/jpeg Access-Control-Allow-Origin * x-ms-request-id 0b59202f-301e-0008-1a96-816f62000000 Access-Control-Expose-Headers x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Cache-Control public, max-age=31536000 x-ms-version 2009-09-19
GET H/1.1	200 OK	hm.gif hm.baidu.com/	43 B 299 B	372ms 372ms	Image image/gif	103.235.46.191 BAIDU Beijing Bai...
General Check archive.org Show headers Download Go to Show image Full URL https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=955804218&si=3226b22f2a06945ceb732c2228e96b24&v=1.3.0&lv=1&sn=23258&r=0&ww=1600&u=http%3A%2F%2Fwebmail.7hsgu.asia%2Findex%2Ft5.html&tt=%E7%99%BB%E5%BD%95%E5%88%B0%20Outlook Requested by Host: webmail.7hsgu.asia URL: http://webmail.7hsgu.asia/index/t5.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN), Reverse DNS Software apache / Resource Hash cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda Security Headers Name Value Strict-Transport-Security max-age=172800 X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer http://webmail.7hsgu.asia/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Pragma no-cache Date Sat, 22 Apr 2023 15:00:37 GMT Strict-Transport-Security max-age=172800 X-Content-Type-Options nosniff Server apache Content-Type image/gif Cache-Control private, max-age=0, no-cache Content-Length 43

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| _hmt function| chekmail boolean| _bdhm_loaded_3226b22f2a06945ceb732c2228e96b24 object| mini_tangram_log_g3crme

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			webmail.7hsgu.asia/	1969-12-31 23:59:59	Name: PHPSESSID Value: b2d058de9e15c80bd2b352e2719036f5
			.hm.baidu.com/	1970-01-20 20:52:15	Name: HMACCOUNT_BFESS Value: F97BE82AFF6FDF97
			.webmail.7hsgu.asia/	1970-01-20 20:01:51	Name: Hm_lvt_3226b22f2a06945ceb732c2228e96b24 Value: 1682175638
			.webmail.7hsgu.asia/	1969-12-31 23:59:59	Name: Hm_lpvt_3226b22f2a06945ceb732c2228e96b24 Value: 1682175638

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cdn.bootcdn.net/ajax/libs/jquery/3.6.4/jquery.js Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msauth.cn
cdn.bootcdn.net
hm.baidu.com
webmail.7hsgu.asia
103.235.46.191
163.171.132.119
218.12.76.172
23.224.233.87
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
48463799623b9bc113456cf13668cf1b8357d53c5364b443f1bee93c12c069bd
8b34a475187302935336bf43a2bf2a4e0adb9a1e87953ea51f6fcf0ef52a4a1d
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
ac1bd896b2efff912b93786ea9c734c35a057f2c932fa4e072626e8d272ceea0
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
e1d056c337d6028e6ded60e32cface28c6dfd8de734880c3f1908d3427657a85
e4e1e65871749d18aea150643c07e0aab2057da057c6c57ec1c3c43580e1c898