webmail.iymqf.asia Open in urlscan Pro
23.224.233.87  Malicious Activity! Public Scan

Submitted URL: http://webmail.iymqf.asia/index/t5.html
Effective URL: https://webmail.iymqf.asia/index/t5.html
Submission: On April 28 via automatic, source openphish — Scanned from DE

Summary

This website contacted 4 IPs in 4 countries across 4 domains to perform 9 HTTP transactions. The main IP is 23.224.233.87, located in United States and belongs to CNSERVERS, US. The main domain is webmail.iymqf.asia.
TLS certificate: Issued by R3 on April 27th 2023. Valid for: 3 months.
This is the only time webmail.iymqf.asia was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 3 23.224.233.87 40065 (CNSERVERS)
4 163.171.132.119 54994 (QUANTILNE...)
1 61.170.65.58 4812 (CHINANET-...)
2 103.235.46.191 55967 (BAIDU Bei...)
9 4
Apex Domain
Subdomains
Transfer
4 msauth.cn
aadcdn.msauth.cn
11 KB
3 iymqf.asia
webmail.iymqf.asia
42 KB
2 baidu.com
hm.baidu.com — Cisco Umbrella Rank: 6664
12 KB
1 bootcdn.net
cdn.bootcdn.net — Cisco Umbrella Rank: 99683
71 KB
9 4
Domain Requested by
4 aadcdn.msauth.cn webmail.iymqf.asia
3 webmail.iymqf.asia 1 redirects webmail.iymqf.asia
2 hm.baidu.com webmail.iymqf.asia
1 cdn.bootcdn.net webmail.iymqf.asia
9 4

This site contains links to these domains. Also see Links.

Domain
passwordreset.activedirectory.windowsazure.cn
www.21vbluecloud.com
www.miibeian.gov.cn
Subject Issuer Validity Valid
webmail.iymqf.asia
R3
2023-04-27 -
2023-07-26
3 months crt.sh
aadcdn.msauth.cn
DigiCert Cloud Services CA-1
2022-11-11 -
2023-11-11
a year crt.sh
cdn.bootcdn.net
TrustAsia RSA DV TLS CA G2
2022-06-06 -
2023-06-06
a year crt.sh
baidu.com
GlobalSign RSA OV SSL CA 2018
2022-07-05 -
2023-08-06
a year crt.sh

This page contains 1 frames:

Primary Page: https://webmail.iymqf.asia/index/t5.html
Frame ID: D20823844F2242F7FA23D100666788F6
Requests: 9 HTTP requests in this frame

Screenshot

Page Title

登录到 Outlook

Page URL History Show full URLs

  1. http://webmail.iymqf.asia/index/t5.html HTTP 301
    https://webmail.iymqf.asia/index/t5.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • hm\.baidu\.com/hm\.js

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

4
Countries

135 kB
Transfer

542 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://webmail.iymqf.asia/index/t5.html HTTP 301
    https://webmail.iymqf.asia/index/t5.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request t5.html
webmail.iymqf.asia/index/
Redirect Chain
  • http://webmail.iymqf.asia/index/t5.html
  • https://webmail.iymqf.asia/index/t5.html
73 KB
15 KB
Document
General
Full URL
https://webmail.iymqf.asia/index/t5.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.224.233.87 , United States, ASN40065 (CNSERVERS, US),
Reverse DNS
Software
nginx /
Resource Hash
ac6a33b1bf70dcba718c4c6c0e7c7bd8cca2b68cc6eff772b6e8e1ea20c2dd9c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=utf-8
date
Fri, 28 Apr 2023 04:09:30 GMT
server
nginx
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

Connection
keep-alive
Content-Length
162
Content-Type
text/html
Date
Fri, 28 Apr 2023 04:09:29 GMT
Location
https://webmail.iymqf.asia/index/t5.html
Server
nginx
Strict-Transport-Security
max-age=31536000
style.css
webmail.iymqf.asia/static/templete/outlook/static/css/
146 KB
27 KB
Stylesheet
General
Full URL
https://webmail.iymqf.asia/static/templete/outlook/static/css/style.css
Requested by
Host: webmail.iymqf.asia
URL: https://webmail.iymqf.asia/index/t5.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.224.233.87 , United States, ASN40065 (CNSERVERS, US),
Reverse DNS
Software
nginx /
Resource Hash
e1d056c337d6028e6ded60e32cface28c6dfd8de734880c3f1908d3427657a85
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://webmail.iymqf.asia/index/t5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Fri, 28 Apr 2023 04:09:30 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
last-modified
Thu, 13 Apr 2023 11:53:56 GMT
server
nginx
etag
W/"6437ed54-24609"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=43200
expires
Fri, 28 Apr 2023 16:09:30 GMT
53_8b36337037cff88c3df203bb73d58e41.png
aadcdn.msauth.cn/shared/1.0/content/images/applogos/
5 KB
6 KB
Image
General
Full URL
https://aadcdn.msauth.cn/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png
Requested by
Host: webmail.iymqf.asia
URL: https://webmail.iymqf.asia/index/t5.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
163.171.132.119 , Germany, ASN54994 (QUANTILNETWORKS, CA),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
e4e1e65871749d18aea150643c07e0aab2057da057c6c57ec1c3c43580e1c898

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://webmail.iymqf.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
Date
Fri, 28 Apr 2023 04:09:31 GMT
Content-MD5
izYzcDfP+Iw98gO7c9WOQQ==
Age
1
X-Cache
HIT from cache.51cdn.com
X-Via
1.1 PSmglsjLAX2ui163:3 (Cdn Cache Server V2.0), 1.1 PSdgflkfFRA1bc200:14 (Cdn Cache Server V2.0), 1.1 PSdgflkfFRA2gb73:17 (Cdn Cache Server V2.0)
Connection
keep-alive
Content-Length
5139
x-ms-lease-status
unlocked
Last-Modified
Wed, 12 Feb 2020 03:12:12 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag
0x8D7AF695A8C44DC
X-Ws-Request-Id
644b46fb_PSdgflkfFRA2gb73_6920-30713
Content-Type
image/png
Access-Control-Allow-Origin
*
x-ms-request-id
a141c211-a01e-005d-2813-228b5b000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
signin-options_4e48046ce74f4b89d45037c90576bfac.svg
aadcdn.msauth.cn/shared/1.0/content/images/
2 KB
2 KB
Image
General
Full URL
https://aadcdn.msauth.cn/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg
Requested by
Host: webmail.iymqf.asia
URL: https://webmail.iymqf.asia/index/t5.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
163.171.132.119 , Germany, ASN54994 (QUANTILNETWORKS, CA),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://webmail.iymqf.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
Date
Fri, 28 Apr 2023 04:09:31 GMT
Content-Encoding
gzip
Content-MD5
R2FAVxfpONfnQAuxVxXbHg==
Age
1
X-Cache
HIT from cache.51cdn.com
X-Via
1.1 hx172:10 (Cdn Cache Server V2.0), 1.1 PSfgblPAR2ff185:4 (Cdn Cache Server V2.0), 1.1 PSdgflkfFRA2po75:13 (Cdn Cache Server V2.0)
Connection
keep-alive
Content-Length
621
x-ms-lease-status
unlocked
Last-Modified
Tue, 10 Nov 2020 03:41:24 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag
0x8D8852A7FA6B761
X-Ws-Request-Id
644b46fb_PSdgflkfFRA2lp71_3907-49713
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
x-ms-request-id
40bd392c-b01e-0000-5873-483773000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
aadcdn.msauth.cn/shared/1.0/content/images/
513 B
1 KB
Image
General
Full URL
https://aadcdn.msauth.cn/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
Requested by
Host: webmail.iymqf.asia
URL: https://webmail.iymqf.asia/index/t5.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
163.171.132.119 , Germany, ASN54994 (QUANTILNETWORKS, CA),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://webmail.iymqf.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
Date
Fri, 28 Apr 2023 04:09:31 GMT
Content-Encoding
gzip
Content-MD5
TjUQkZ0p0Y7rbj6LJofS9Q==
Age
1
X-Cache
HIT from cache.51cdn.com
X-Via
1.1 hx171:1 (Cdn Cache Server V2.0), 1.1 PSfgblPAR2ff185:8 (Cdn Cache Server V2.0), 1.1 PSdgflkfFRA2lp71:15 (Cdn Cache Server V2.0)
Connection
keep-alive
Content-Length
276
x-ms-lease-status
unlocked
Last-Modified
Fri, 17 Jan 2020 19:28:34 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag
0x8D79B8371B97A82
X-Ws-Request-Id
644b46fb_PSdgflkfFRA2lp71_6342-55248
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
x-ms-request-id
e038b528-b01e-0000-26ed-683773000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
jquery.js
cdn.bootcdn.net/ajax/libs/jquery/3.6.4/
286 KB
71 KB
Script
General
Full URL
https://cdn.bootcdn.net/ajax/libs/jquery/3.6.4/jquery.js
Requested by
Host: webmail.iymqf.asia
URL: https://webmail.iymqf.asia/index/t5.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
61.170.65.58 Shanghai, China, ASN4812 (CHINANET-SH-AP China Telecom Group, CN),
Reverse DNS
58.65.170.61.broad.xw.sh.dynamic.163data.com.cn
Software
cloudflare /
Resource Hash
6bd8c1051ca05f5061e65b7c1998d70f3c8e07e6d6bdef4488eeed44e52d8ff1
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://webmail.iymqf.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Thu, 27 Apr 2023 07:13:28 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cache-lookup
Cache Hit
age
75180
strict-transport-security
max-age=63072000;
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
71357
last-modified
Wed, 08 Mar 2023 16:05:42 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"6408b256-116bd"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ITVmUsGW5yfcF1PNKVvFgzZIxzLjxygFOqrMhIJZxCscuvz92tYaS6y9mfjcTWhnKlFVIkJ0un%2BeuK9zbhlLzO553BQw56XS7XJKoXnikXum2geBRJrShROZnFVnh9guBKie0kNr"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
x-nws-log-uuid
4943556825094328739
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7be54359ee4d6444-SJC
expires
Tue, 16 Apr 2024 07:13:28 GMT
hm.js
hm.baidu.com/
29 KB
12 KB
Script
General
Full URL
https://hm.baidu.com/hm.js?3226b22f2a06945ceb732c2228e96b24
Requested by
Host: webmail.iymqf.asia
URL: https://webmail.iymqf.asia/index/t5.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
c775c719274c431a1c2026c3894f393d7d4704a0e348ffab57b7480d07b901ab
Security Headers
Name Value
Strict-Transport-Security max-age=172800

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://webmail.iymqf.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Fri, 28 Apr 2023 04:09:31 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=172800
Server
apache
Etag
b3006f6e070bc9d7f009f9c347161eb6
P3p
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type
application/javascript
Cache-Control
max-age=0, must-revalidate
Content-Length
11266
49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg
aadcdn.msauth.cn/shared/1.0/content/images/appbackgrounds/
987 B
2 KB
Image
General
Full URL
https://aadcdn.msauth.cn/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg
Requested by
Host: webmail.iymqf.asia
URL: https://webmail.iymqf.asia/index/t5.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
163.171.132.119 , Germany, ASN54994 (QUANTILNETWORKS, CA),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
8b34a475187302935336bf43a2bf2a4e0adb9a1e87953ea51f6fcf0ef52a4a1d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://webmail.iymqf.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
Date
Fri, 28 Apr 2023 04:09:31 GMT
Content-MD5
5YqvyYBhSpzXeWvqe16o8A==
Age
1
X-Cache
HIT from cache.51cdn.com
X-Via
1.1 PS-YUL-01Ge696:12 (Cdn Cache Server V2.0), 1.1 kf230:7 (Cdn Cache Server V2.0), 1.1 PSdgflkfFRA2gb73:8 (Cdn Cache Server V2.0)
Connection
keep-alive
Content-Length
987
x-ms-lease-status
unlocked
Last-Modified
Fri, 27 Mar 2020 19:41:47 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag
0x8D7D286E322A911
X-Ws-Request-Id
644b46fb_PSdgflkfFRA2lp71_6342-55247
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
x-ms-request-id
0b59202f-301e-0008-1a96-816f62000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
hm.gif
hm.baidu.com/
43 B
299 B
Image
General
Full URL
https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=121577257&si=3226b22f2a06945ceb732c2228e96b24&v=1.3.0&lv=1&sn=43847&r=0&ww=1600&u=https%3A%2F%2Fwebmail.iymqf.asia%2Findex%2Ft5.html&tt=%E7%99%BB%E5%BD%95%E5%88%B0%20Outlook
Requested by
Host: webmail.iymqf.asia
URL: https://webmail.iymqf.asia/index/t5.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=172800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://webmail.iymqf.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 28 Apr 2023 04:09:32 GMT
Strict-Transport-Security
max-age=172800
X-Content-Type-Options
nosniff
Server
apache
Content-Type
image/gif
Cache-Control
private, max-age=0, no-cache
Content-Length
43

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| _hmt boolean| _bdhm_loaded_3226b22f2a06945ceb732c2228e96b24 object| mini_tangram_log_uuw7p2 function| $ function| jQuery function| chekmail

4 Cookies

Domain/Path Name / Value
webmail.iymqf.asia/ Name: PHPSESSID
Value: b9bcbe7852c648730284bc2ef5899b92
.hm.baidu.com/ Name: HMACCOUNT_BFESS
Value: 02A5A73D88FAC693
.webmail.iymqf.asia/ Name: Hm_lvt_3226b22f2a06945ceb732c2228e96b24
Value: 1682654972
.webmail.iymqf.asia/ Name: Hm_lpvt_3226b22f2a06945ceb732c2228e96b24
Value: 1682654972

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000