authenticateportalssl.com
Open in
urlscan Pro
2a06:98c1:3120::3
Malicious Activity!
Private Scan
Submission: On November 30 via api from DE — Scanned from NL
Summary
This is the only time authenticateportalssl.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Alibaba (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 2a06:98c1:312... 2a06:98c1:3120::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
7 | 79.133.177.252 79.133.177.252 | 24429 (TAOBAO Zh...) (TAOBAO Zhejiang Taobao Network Co.) | |
1 2 | 104.111.243.137 104.111.243.137 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
2 | 104.111.216.213 104.111.216.213 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
2 | 59.82.33.226 59.82.33.226 | 37963 (ALIBABA-C...) (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.) | |
1 | 163.181.56.193 163.181.56.193 | 24429 (TAOBAO Zh...) (TAOBAO Zhejiang Taobao Network Co.) | |
1 | 2401:b180:700... 2401:b180:7003::1ac | 37963 (ALIBABA-C...) (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.) | |
2 | 203.119.144.58 203.119.144.58 | 37963 (ALIBABA-C...) (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.) | |
1 1 | 2408:4001:f00... 2408:4001:f00::84 | 37963 (ALIBABA-C...) (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.) | |
25 | 9 |
ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN)
g.alicdn.com |
ASN16625 (AKAMAI-AS, US)
PTR: a104-111-243-137.deploy.static.akamaitechnologies.com
s.alicdn.com |
ASN16625 (AKAMAI-AS, US)
PTR: a104-111-216-213.deploy.static.akamaitechnologies.com
i.alicdn.com |
ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN)
log.mmstat.com |
ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN)
gw.alicdn.com |
ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN)
log.mmstat.com |
ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN)
fourier.taobao.com |
ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN)
fourier.taobao.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
alicdn.com
1 redirects
g.alicdn.com — Cisco Umbrella Rank: 4380 s.alicdn.com — Cisco Umbrella Rank: 13107 i.alicdn.com — Cisco Umbrella Rank: 16098 gw.alicdn.com — Cisco Umbrella Rank: 11166 |
174 KB |
9 |
authenticateportalssl.com
authenticateportalssl.com |
289 KB |
3 |
taobao.com
1 redirects
fourier.taobao.com — Cisco Umbrella Rank: 9576 |
2 KB |
3 |
mmstat.com
log.mmstat.com — Cisco Umbrella Rank: 12184 |
1 KB |
25 | 4 |
Domain | Requested by | |
---|---|---|
9 | authenticateportalssl.com |
authenticateportalssl.com
|
7 | g.alicdn.com |
authenticateportalssl.com
g.alicdn.com |
3 | fourier.taobao.com |
1 redirects
authenticateportalssl.com
|
3 | log.mmstat.com |
authenticateportalssl.com
|
2 | i.alicdn.com |
authenticateportalssl.com
|
2 | s.alicdn.com |
1 redirects
authenticateportalssl.com
|
1 | gw.alicdn.com |
authenticateportalssl.com
|
25 | 7 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.alibaba.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.tbcdn.cn GlobalSign Organization Validation CA - SHA256 - G2 |
2022-07-22 - 2023-08-06 |
a year | crt.sh |
*.mmstat.com GlobalSign Organization Validation CA - SHA256 - G2 |
2022-07-18 - 2023-08-19 |
a year | crt.sh |
*.taobao.com GlobalSign Organization Validation CA - SHA256 - G2 |
2022-08-17 - 2023-06-18 |
10 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://authenticateportalssl.com/ali-inc/ali/icbu_login.php?passport.alibaba.com.spm=a2700.8293689.scGlobalHomeHeader.9.1fa367afsMyIqw&tracelog=hd_signin
Frame ID: 70E9D59C99B84F1CF33116E1140D6DEF
Requests: 26 HTTP requests in this frame
1 Outgoing links
These are links going to different origins than the main page.
Title: Alibaba.com
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 2- http://s.alicdn.com/@img/tfs/TB1pDDmmF67gK0jSZPfXXahhFXa-2814-380.png HTTP 301
- https://s.alicdn.com/@img/tfs/TB1pDDmmF67gK0jSZPfXXahhFXa-2814-380.png
- http://fourier.taobao.com/rp?ext=51&data=jm_null&random=2278207638188019&href=http%3A%2F%2Fauthenticateportalssl.com%2Fali-inc%2Fali%2Ficbu_login.php%3Fpassport.alibaba.com.spm%3Da2700.8293689.scGlobalHomeHeader.9.1fa367afsMyIqw%26tracelog%3Dhd_signin&protocol=http: HTTP 301
- https://fourier.taobao.com/rp?ext=51&data=jm_null&random=2278207638188019&href=http%3A%2F%2Fauthenticateportalssl.com%2Fali-inc%2Fali%2Ficbu_login.php%3Fpassport.alibaba.com.spm%3Da2700.8293689.scGlobalHomeHeader.9.1fa367afsMyIqw%26tracelog%3Dhd_signin&protocol=http:
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
icbu_login.php
authenticateportalssl.com/ali-inc/ali/ |
17 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
awsc.js
authenticateportalssl.com/ali-inc/ali/js/ |
12 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aplus_v2.js
g.alicdn.com/alilog/mlog/ |
17 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
TB1pDDmmF67gK0jSZPfXXahhFXa-2814-380.png
s.alicdn.com/@img/tfs/ Redirect Chain
|
16 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
so.png
authenticateportalssl.com/ali-inc/ali/img/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nc.js
authenticateportalssl.com/ali-inc/ali/js/ |
215 KB 56 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
i.alicdn.com/g/vip/havana-login/0.4.3/js/ |
183 KB 63 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mini-login-form-min.css
authenticateportalssl.com/ali-inc/ali/css/ |
22 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.css
authenticateportalssl.com/ali-inc/ali/css/ |
3 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.js
authenticateportalssl.com/ali-inc/ali/js/ |
28 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.js
authenticateportalssl.com/ali-inc/ali/js/x/ |
28 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg.jpg
authenticateportalssl.com/ali-inc/ali/img/ |
187 KB 188 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
g.alicdn.com/alilog/ |
116 KB 44 KB |
Fetch
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
eg.js
log.mmstat.com/ |
91 B 485 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
34 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
TB1VHK4KFXXXXbPXFXXwxCdHXXX-47-47.png
gw.alicdn.com/tps/i1/ |
922 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vers0.5x.png
i.alicdn.com/sc-footer/20181226200630/src/ |
17 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.js
g.alicdn.com/sd/baxia-entry/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v.gif
log.mmstat.com/ |
43 B 455 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.js
g.alicdn.com/secdev/entry/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
baxiaCommon.js
g.alicdn.com/sd/baxia/2.2.3/ |
25 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.js
g.alicdn.com/secdev/sufei_data/3.9.10/ |
17 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rp.js
g.alicdn.com/xlly/spl/ |
1 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ts
fourier.taobao.com/ |
0 60 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rp
fourier.taobao.com/ Redirect Chain
|
1023 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
eg.js
log.mmstat.com/ |
91 B 485 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Alibaba (Online)33 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
number| __startDomRender object| compatLog object| AWSC object| AWSCInner function| AWSCFY number| g_aplus_grey_launched object| goldlog object| ali_analytics object| goldlog_queue number| g_tb_aplus_loaded number| aplus_spmact number| _nc_initialized object| UA_Opt object| _sec_module object| outer_nc_list function| noCaptcha function| HVN function| RSAKey undefined| $ undefined| jQuery function| QRCode function| ThirdPartLogin object| __BIG_BROTHER__ boolean| __StoreProxyReady3 object| __StoreProxyExec3 object| _t2Frames object| BigBrother object| g_SPM boolean| __sec_entry_loaded number| nsrprtrt number| etrprtrt function| baxiaCommon object| __baxia__8 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
authenticateportalssl.com/ali-inc/ali | Name: _uab_collina Value: 166982636599907963460916 |
|
.authenticateportalssl.com/ | Name: isg Value: BIaGbW0NGRZLpM1yJyDTTUpp13wI58qhuZxUUnCvcqmEcyaN2HcasWwBTze_QMK5 |
|
.authenticateportalssl.com/ | Name: cna Value: P3UOHN84oD0CAQVPYibud8dj |
|
.mmstat.com/ | Name: cna Value: QHUOHOvsAT0CAQAAAAAGVtq2 |
|
.mmstat.com/ | Name: sca Value: 95579bb3 |
|
.mmstat.com/ | Name: atpsida Value: cbfa235fb0c4d501a40278f2_1669826368_1 |
|
.taobao.com/ | Name: x5secdata Value: xbeb83684f921e4520b8226f4fda2c0c771669826369a-717315356a1993109894abazc2caa__bx__fourier.taobao.com%3A443%2Frp |
|
.authenticateportalssl.com/ | Name: xlly_s Value: 2 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
authenticateportalssl.com
fourier.taobao.com
g.alicdn.com
gw.alicdn.com
i.alicdn.com
log.mmstat.com
s.alicdn.com
104.111.216.213
104.111.243.137
163.181.56.193
203.119.144.58
2401:b180:7003::1ac
2408:4001:f00::84
2a06:98c1:3120::3
59.82.33.226
79.133.177.252
0be6d1876fcb01d24c0c902724b4c38251b010df9891f2285e0cc1ad41e146c6
139092686b10caf08c8cd5dd903d9827911e4b77b6bde62706705a2731fcb67d
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
20469a99be0e8bb562e83cdf95a0ae327b3a4be5726a39cca517649c9b65a210
2551f1374a3cab6e2104fe6777ed5f1da9021bb6820f9f047d591627835503e4
4812cac16ccdad8b6225e610aee0dd7d10609d92c019c6208c3ebaa522e55c56
486ba168351c19d6297fdb944a8c532ddb1c2be56b9f6b4404e60ddd044dc758
4bf1f3124e96359e5de85d66ca5936eee0f7df3dea3eb7942c1898d2a7db6347
54c119b4c344d9282f9e872da1bf144f306923eacf760179dace606870a77d8f
55bdd7091e61df9bd52f2417a905d89bc7b1d8d83a135b9b4721cbbaceeb2504
73a4d18af923c8649f33a8cdd138f85a09b29dd1ae1b4426db7233893e44d73c
7aed0df49765f08dc3230355607d13bd34e5bbda54a1b99bf707cda14d1b3a1a
7ce6b93c26b5611e079a88c10103fef4f867c13d1e880e761dde4258845c24ac
7e4bc369ea3c28e878947fed48cedf582c1b09e2946ab2ed5e78c5a7ba375f15
8a978233505986e37cf952a7656e6c31f4a8d13902d76c68f28de30bf9f1d57c
8d2f36dc4a8342a131cdb45770b5280375fa26d7ff4dffd782f7e9b727c423b6
900380e983094168c8065b448cc3dadb9f615f6608bd6daaf35ce4bf8afa279c
975b35cd2d1623ac56b9d89154cb15dfa0ced081d18ae0999c13058f9c24788b
9acc86f98e5de175db2b80471ae206b9173ce4c4d2afbcca09d335e631ce84a7
ac59c4e3532a9363df1688a7509c206a4ce41644ef07c6b9fb410b76f6750194
c296f01a7d03fcf6bc56ed2bffb27d4b8a421bff87f62ba5831f1b6c8354a83a
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
dcfb83ad182de712e36297727ddd675567678d9ccd18ab13f22ad085d1011622
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e639fea6b09edde576c7e201e64996e7429017d54351e8cc7e163ca0773551a5
f7342e2faeafdc15499c3393d499f1e66f9e83cfdb55d7583f1eb9de0e110b9d