Click to jump to signature section
Source: https://mrohailkhan.com/energyaustralia/auth/auhs1/ | Avira URL Cloud: detection malicious, Label: malware |
Source: 0.47.id.script.csv | Joe Sandbox AI: Detected suspicious JavaScript with source url: https://kamarhokizero.xyz/?spm=Koihoki.pdp_revamp.... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and interaction with suspicious domains. While some of the functionality may be legitimate (e.g., analytics or telemetry), the overall behavior and obfuscation raise significant security concerns. |
Source: https://kamarhokizero.xyz/?spm=Koihoki.pdp_revamp.0.0.3bc25fbchQYcAt | HTTP Parser: <input type="password" .../> found but no <form action="... |
Source: https://kamarhokizero.xyz/?spm=Koihoki.pdp_revamp.0.0.3bc25fbchQYcAt# | HTTP Parser: <input type="password" .../> found but no <form action="... |
Source: https://kamarhokizero.xyz/?spm=Koihoki.pdp_revamp.0.0.3bc25fbchQYcAt | HTTP Parser: Base64 decoded: @3155yUKDpWnht5CzXvVkC6TMrocoxIc2KYEDDgzA3phNe5dd51qpY3oQXtTbY0OyHF5/cLqfNSyhprp8UcuKvA== |
Source: https://g.alicdn.com/sd/baxia-entry/index.js | HTTP Parser: !function(){"use strict";var a=location,o=document,c=function(c,m,t,i){(void 0===m&&(m=1),void 0===t&&(t=.1),void 0===i&&(i="baxia-fast"),0>=t||math.random()<t)&&function(a,o){var c=[];for(var m in a)c.push(m+"="+encodeuricomponent(a[m]));(new image).src=o+c.join("&")}({code:m,msg:c+"",pid:i,page:a.href.split(/[#?]/)[0],query:a.search.substr(1),hash:a.hash,referrer:o.referrer,title:o.title,ua:navigator.useragent},"//gm.mmstat.com/fsp.1.1?")};var m=["alires","pha_pageheader","pha_header","/punish","fourier.taobao.com/assist","fourier.alibaba.com/assist","market.m.taobao.com/app/tbhome/common/index.html",".sm.cn",".sm-tc.cn",".alipay.com",".aliyun.com","error.taobao.com","sialiagames","vntth","qookkagames","mobijoygames"];var t=document,i=window,e="https://bdc.alibabachengdun.com/wcfg.json";location.hostname&&location.hostname.indexof("taobao.com")>-1?e="https://umdc.taobao.com/wcfg.json":location.hostname&&location.hostname.indexof("tmall.com")>-1&&(e="https://umdc.tmall.com/wcfg.json");var n=function(a){for(v... |
Source: https://kamarhokizero.xyz/?spm=Koihoki.pdp_revamp.0.0.3bc25fbchQYcAt | HTTP Parser: <input type="password" .../> found |
Source: https://kamarhokizero.xyz/?spm=Koihoki.pdp_revamp.0.0.3bc25fbchQYcAt# | HTTP Parser: <input type="password" .../> found |
Source: https://kamarhokizero.xyz/?spm=Koihoki.pdp_revamp.0.0.3bc25fbchQYcAt | HTTP Parser: No <meta name="author".. found |
Source: https://kamarhokizero.xyz/?spm=Koihoki.pdp_revamp.0.0.3bc25fbchQYcAt# | HTTP Parser: No <meta name="author".. found |
Source: https://kamarhokizero.xyz/?spm=Koihoki.pdp_revamp.0.0.3bc25fbchQYcAt# | HTTP Parser: No <meta name="author".. found |
Source: https://kamarhokizero.xyz/?spm=Koihoki.pdp_revamp.0.0.3bc25fbchQYcAt# | HTTP Parser: No <meta name="author".. found |
Source: https://kamarhokizero.xyz/?spm=Koihoki.pdp_revamp.0.0.3bc25fbchQYcAt | HTTP Parser: No <meta name="copyright".. found |
Source: https://kamarhokizero.xyz/?spm=Koihoki.pdp_revamp.0.0.3bc25fbchQYcAt# | HTTP Parser: No <meta name="copyright".. found |
Source: https://kamarhokizero.xyz/?spm=Koihoki.pdp_revamp.0.0.3bc25fbchQYcAt# | HTTP Parser: No <meta name="copyright".. found |
Source: https://kamarhokizero.xyz/?spm=Koihoki.pdp_revamp.0.0.3bc25fbchQYcAt# | HTTP Parser: No <meta name="copyright".. found |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | DNS query: kamarhokizero.xyz |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | DNS query: kamarhokizero.xyz |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | DNS query: kamarhokizero.xyz |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | DNS query: kamarhokizero.xyz |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | HTTP traffic: Redirect from: t.ly to https://kamarhokizero.xyz/?spm=koihoki.pdp_revamp.0.0.3bc25fbchqycat |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.10 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.10 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.10 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.10 |
Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.211.108 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.10 |
Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.211.108 |
Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.211.108 |
Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.211.108 |
Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.211.108 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.10 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.211.108 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.10 |
Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.211.108 |
Source: unknown | TCP traffic detected without corresponding DNS query: 2.22.50.131 |
Source: unknown | TCP traffic detected without corresponding DNS query: 2.22.50.131 |
Source: unknown | TCP traffic detected without corresponding DNS query: 2.22.50.131 |
Source: unknown | TCP traffic detected without corresponding DNS query: 2.22.50.131 |
Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.221.95 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.136 |
Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.221.95 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.136 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.136 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.136 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.136 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.136 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: global traffic | HTTP traffic detected: GET /energyaustralia/auth/auhs1/ HTTP/1.1Host: mrohailkhan.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /g/lzdfe/pdp-platform/0.1.22/pc.css HTTP/1.1Host: g.lazcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://mrohailkhan.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /g/lzdfe/pdp-modules/1.4.4/pc-mod.css HTTP/1.1Host: g.lazcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://mrohailkhan.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /g/??lzd/assets/0.0.7/dpl-buyeruikit/2.0.1/next-noreset-1.css,lzd/assets/0.0.7/dpl-buyeruikit/2.0.1/next-noreset-2.css,lazada/lazada-product-detail/1.7.4/index/index.css HTTP/1.1Host: g.lazcdn.comConnection: keep-alivesec-ch-ua: |