hello.joybelle.cyou Open in urlscan Pro
188.114.96.3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://embracingthedream.org/onagwethgt/
Effective URL:
https://hello.joybelle.cyou/s/de5851ef674bb
Submission: On October 22 via api (October 22nd 2024, 8:35:21 pm UTC) from US — Scanned from NL

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 2 domains to perform 12 HTTP transactions. The main IP is 188.114.96.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is hello.joybelle.cyou.
TLS certificate: Issued by WE1 on October 16th 2024. Valid for: 3 months.

This is the only time hello.joybelle.cyou was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	194.87.62.57 194.87.62.57	41745 (FORTIS-AS...) (FORTIS-AS Hosting services)
12	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	1

1 194.87.62.57 (Netherlands) 1 redirects

ASN41745 (FORTIS-AS Hosting services, RU)

embracingthedream.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

hello.joybelle.cyou	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	joybelle.cyou hello.joybelle.cyou	404 KB
1	embracingthedream.org 1 redirects embracingthedream.org	241 B
12	2

	Domain	Requested by
12	hello.joybelle.cyou	hello.joybelle.cyou
1	embracingthedream.org	1 redirects
12	2

This site contains no links.

Subject Issuer	Validity	Valid
joybelle.cyou WE1	`2024-10-16` - `2025-01-14`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://hello.joybelle.cyou/s/de5851ef674bb
Frame ID: 2D22083CED9155BD3AC42EF4003A1532
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

De meest populaire datingsite van deze maand

Page URL History Show full URLs

https://embracingthedream.org/onagwethgt/ HTTP 302
https://hello.joybelle.cyou/s/de5851ef674bb Page URL

Detected technologies

animate.css (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

404 kB
Transfer

533 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://embracingthedream.org/onagwethgt/ HTTP 302
https://hello.joybelle.cyou/s/de5851ef674bb Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request de5851ef674bb Show response hello.joybelle.cyou/s/ Redirect Chain https://embracingthedream.org/onagwethgt/ https://hello.joybelle.cyou/s/de5851ef674bb	48 KB 19 KB	437ms 385ms	Document text/html	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hello.joybelle.cyou/s/de5851ef674bb Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e9f7cb33ba0e9c476b411c8198d76c8be3da59796272cc764c73cbb04af84545` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666 Response headers alt-svc h3=":443"; ma=86400 cache-control no-cache, no-store, must-revalidate cf-cache-status DYNAMIC cf-ray 8d6c45d87e776716-AMS content-encoding zstd content-type text/html; charset=UTF-8 date Tue, 22 Oct 2024 20:35:16 GMT expires 0 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache priority u=0,i report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZwQj3x6fQb2MYBpuT%2BljTJhnGQjdcuzp5WqrH4Ed%2Bf1efEm3RomMlbYF8a61Ds7ogSpf4FTBAVAnzVYzUs92okWPASC7y9MDo5lJoQFqP1n%2B2qI%2BXAYgPh%2F0phJB0K9VbzxWXpYJ"}],"group":"cf-nel","max_age":604800} server cloudflare server-timing cfL4;desc="?proto=QUIC&rtt=15730&sent=11&recv=10&lost=0&retrans=0&sent_bytes=4142&recv_bytes=4517&delivery_rate=656&cwnd=12000&unsent_bytes=0&cid=e6e96517871ccf4d&ts=391&x=1" cfExtPri cfHdrFlush;dur=0 vary Accept-Encoding Accept-Encoding Redirect headers Connection keep-alive Content-Length 142 Content-Type text/html Date Tue, 22 Oct 2024 20:35:15 GMT Location https://hello.joybelle.cyou/s/de5851ef674bb Server openresty X-Powered-By PHP/7.2.30
GET H3	200	animate.min.css hello.joybelle.cyou/bundle/84/assets/css/	52 KB 5 KB	183ms 182ms	Stylesheet text/css	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hello.joybelle.cyou/bundle/84/assets/css/animate.min.css Requested by Host: hello.joybelle.cyou URL: https://hello.joybelle.cyou/s/de5851ef674bb Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `26968435703f42f548195e31049e1f621c267346a0295be2bafa457b5904ace9` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666 Referer https://hello.joybelle.cyou/s/de5851ef674bb Response headers content-encoding gzip cf-cache-status BYPASS etag W/"6331879c-ce3f" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l3R%2Bo8pu3Syx1%2FuysxIxFHYhD%2FA57Q%2FYoXsgNJvfTTq%2BNkbYG8PNsCJJbucrNvflIpNR4A2RiSuBuOoFyYq0HhpF0GkCF%2F%2FPHpYtO29KCJvl5riCLG0K5UTN%2FUcjW9xHoa4BhysA"}],"group":"cf-nel","max_age":604800} expires Thu, 21 Nov 2024 20:35:16 GMT alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=16232&sent=37&recv=34&lost=0&retrans=0&sent_bytes=28348&recv_bytes=18587&delivery_rate=8986&cwnd=19200&unsent_bytes=0&cid=e6e96517871ccf4d&ts=583&x=1", cfExtPri, cfHdrFlush;dur=0 date Tue, 22 Oct 2024 20:35:16 GMT content-type text/css vary Accept-Encoding, Accept-Encoding last-modified Mon, 26 Sep 2022 11:06:04 GMT priority u=0,i=?0 cache-control max-age=2592000, private nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8d6c45daf9eb6716-AMS server cloudflare
GET H3	200	style.css hello.joybelle.cyou/bundle/84/assets/css/	395 B 951 B	168ms 167ms	Stylesheet text/css	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hello.joybelle.cyou/bundle/84/assets/css/style.css Requested by Host: hello.joybelle.cyou URL: https://hello.joybelle.cyou/s/de5851ef674bb Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `cba51b4f821a7b19e8bee4eb3fafe20f0b710a1a5ba4bd304dc854d79e15fe39` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666 Referer https://hello.joybelle.cyou/s/de5851ef674bb Response headers content-encoding gzip cf-cache-status BYPASS etag W/"6331879d-18b" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zwD0gHBOh3dzp1W5qlpfLIDQWQfm%2FH6mX3ZUfXv8AUmXsAFd2A26rLnz%2FiD8025P6Lxsb0l7FRDCh%2FOUGBQ7jCDEXyJyc41zYAdkpTPpsqq3NeuYk0FGHZFfQPd054I%2F%2BhoyUZi1"}],"group":"cf-nel","max_age":604800} expires Thu, 21 Nov 2024 20:35:16 GMT alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=16232&sent=33&recv=34&lost=0&retrans=0&sent_bytes=24596&recv_bytes=18587&delivery_rate=8986&cwnd=19200&unsent_bytes=0&cid=e6e96517871ccf4d&ts=567&x=1", cfExtPri, cfHdrFlush;dur=0 date Tue, 22 Oct 2024 20:35:16 GMT content-type text/css vary Accept-Encoding, Accept-Encoding last-modified Mon, 26 Sep 2022 11:06:05 GMT priority u=0,i=?0 cache-control max-age=2592000, private nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8d6c45daf9ed6716-AMS server cloudflare
GET H3	200	norma.css hello.joybelle.cyou/bundle/84/assets/css/	8 KB 3 KB	172ms 171ms	Stylesheet text/css	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hello.joybelle.cyou/bundle/84/assets/css/norma.css Requested by Host: hello.joybelle.cyou URL: https://hello.joybelle.cyou/s/de5851ef674bb Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8f18a19a418d131fec6155ec9eb075997c4a6d94aa3f9b8b354c678d0b7cc310` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666 Referer https://hello.joybelle.cyou/s/de5851ef674bb Response headers content-encoding gzip cf-cache-status BYPASS etag W/"6331879d-208d" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=89k1FMbwpn3zJNCSqEwcQyNfEdLsO1MHsUZRg6V4KIIgVwAw7tcJTDGS5qgeg1YW4YRh2O2nkMDKB8QJDDuDFE3EqBYTWbgr9RaGpt7N3Pd2lkex22NiY7wFxAqtlecANbrnzwQo"}],"group":"cf-nel","max_age":604800} expires Thu, 21 Nov 2024 20:35:16 GMT alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=16232&sent=34&recv=34&lost=0&retrans=0&sent_bytes=25570&recv_bytes=18587&delivery_rate=8986&cwnd=19200&unsent_bytes=0&cid=e6e96517871ccf4d&ts=572&x=1", cfExtPri, cfHdrFlush;dur=0 date Tue, 22 Oct 2024 20:35:16 GMT content-type text/css vary Accept-Encoding, Accept-Encoding last-modified Mon, 26 Sep 2022 11:06:05 GMT priority u=0,i=?0 cache-control max-age=2592000, private nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8d6c45daf9ee6716-AMS server cloudflare
GET H3	200	123.png hello.joybelle.cyou/bundle/84/assets/img/	177 KB 178 KB	232ms 232ms	Image image/png	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hello.joybelle.cyou/bundle/84/assets/img/123.png Requested by Host: hello.joybelle.cyou URL: https://hello.joybelle.cyou/s/de5851ef674bb Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `bb5e13dbdc98b4aa3efc708db62c764dabe34a9c9b89fad23d55fedb80881c14` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666 Referer https://hello.joybelle.cyou/s/de5851ef674bb Response headers cf-cache-status BYPASS etag "6331879e-2c4e2" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6NI%2BpjMC74%2FTXjsMNu3kh4WDalxjP0Y2vZSTjPHeHWaDKauTHVv%2BSa%2FakVYfrAHQ%2FaFIiWesjL%2FpE%2Bct3PIdI818mmk6%2B5yluKv0SPUKeLTz03%2BTrifM9UEc3TXrPEUc8%2B%2BDgNLf"}],"group":"cf-nel","max_age":604800} expires Thu, 21 Nov 2024 20:35:16 GMT alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=16429&sent=44&recv=42&lost=0&retrans=0&sent_bytes=33321&recv_bytes=22722&delivery_rate=453130&cwnd=19200&unsent_bytes=0&cid=e6e96517871ccf4d&ts=634&x=1", cfExtPri, cfHdrFlush;dur=0 date Tue, 22 Oct 2024 20:35:16 GMT content-type image/png last-modified Mon, 26 Sep 2022 11:06:06 GMT vary Accept-Encoding priority u=2,i cache-control max-age=2592000, private nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8d6c45daf9ef6716-AMS accept-ranges bytes content-length 181474 server cloudflare
GET H3	200	jquery.min.js Show response hello.joybelle.cyou/bundle/84/assets/js/	84 KB 30 KB	265ms 264ms	Script application/javascript	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hello.joybelle.cyou/bundle/84/assets/js/jquery.min.js Requested by Host: hello.joybelle.cyou URL: https://hello.joybelle.cyou/s/de5851ef674bb Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `fdce77a6d0053f32d231518a84a71bcab5c86045ed52369da00b89d4284aef46` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666 Referer https://hello.joybelle.cyou/s/de5851ef674bb Response headers content-encoding gzip cf-cache-status BYPASS etag W/"6331879e-14e49" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GJBIrL7NPNX%2BeRy12gfJDTm9FPoUcBbGefb1ln08C0xPUFFGL3KlGqMjQ8bVWAp%2BG9RitJkCZVz%2BK2dSPrNzckwSNyw52WJ6tJnV47Vsz8aerQWqOQm%2FvW%2B1qtpJTu61ttQM%2B4JS"}],"group":"cf-nel","max_age":604800} expires Thu, 21 Nov 2024 20:35:16 GMT alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=15852&sent=92&recv=50&lost=0&retrans=0&sent_bytes=90921&recv_bytes=23066&delivery_rate=436551&cwnd=38400&unsent_bytes=0&cid=e6e96517871ccf4d&ts=657&x=1", cfExtPri, cfHdrFlush;dur=8 date Tue, 22 Oct 2024 20:35:16 GMT content-type application/javascript vary Accept-Encoding, Accept-Encoding last-modified Mon, 26 Sep 2022 11:06:06 GMT priority u=2,i=?0 cache-control max-age=2592000, private nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8d6c45daf9f06716-AMS server cloudflare
GET H3	200	functions.js Show response hello.joybelle.cyou/bundle/84/assets/js/	331 B 897 B	73ms 73ms	Script application/javascript	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hello.joybelle.cyou/bundle/84/assets/js/functions.js Requested by Host: hello.joybelle.cyou URL: https://hello.joybelle.cyou/s/de5851ef674bb Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a4a5f23f90259e436bf729257fe30b51033bfca924f926b900d758a927e023a7` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666 Referer https://hello.joybelle.cyou/s/de5851ef674bb Response headers content-encoding gzip cf-cache-status BYPASS etag W/"6331879e-14b" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=my6S284SCWp43ejTrWugl3MsxruESu%2FLFjc9pdBIulAf6OVRQEqSV5RxPVny7JUj2%2FjP7sRcAbG%2FPBox9U8Wms2Q4dqYyHRHiZV3TscJeo1IMbFcUtCAzwh9Dz3CqX0Iuf258eV3"}],"group":"cf-nel","max_age":604800} expires Thu, 21 Nov 2024 20:35:16 GMT alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=16240&sent=32&recv=33&lost=0&retrans=0&sent_bytes=23676&recv_bytes=18543&delivery_rate=744706&cwnd=19200&unsent_bytes=0&cid=e6e96517871ccf4d&ts=484&x=1", cfExtPri, cfHdrFlush;dur=0 date Tue, 22 Oct 2024 20:35:16 GMT content-type application/javascript vary Accept-Encoding, Accept-Encoding last-modified Mon, 26 Sep 2022 11:06:06 GMT priority u=2,i=?0 cache-control max-age=2592000, private nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8d6c45db0a016716-AMS server cloudflare
GET H3	200	main.js Show response hello.joybelle.cyou/bundle/84/assets/js/	98 B 803 B	270ms 270ms	Script application/javascript	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hello.joybelle.cyou/bundle/84/assets/js/main.js Requested by Host: hello.joybelle.cyou URL: https://hello.joybelle.cyou/s/de5851ef674bb Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `06d8974fb718e17d1bb74c5361f64f76c3c1dd3022e9082feb57f0df4294910e` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666 Referer https://hello.joybelle.cyou/s/de5851ef674bb Response headers content-encoding gzip cf-cache-status BYPASS etag W/"6331879e-62" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yWfnVMS%2FcydOrIVLWgBv7%2Bm%2B6rQsb03FHzlbL7cko3bWpzPP6Pxpr%2FOQqExrZPjrI7pm3xJBdE19dtQTGVA%2BC59m%2BS7P%2FcMeI6SZKMUoT5A936FkYDImKV0mY3aQHFBsbaXMxi1v"}],"group":"cf-nel","max_age":604800} expires Thu, 21 Nov 2024 20:35:16 GMT alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=16189&sent=154&recv=66&lost=0&retrans=0&sent_bytes=162921&recv_bytes=23770&delivery_rate=872647&cwnd=72000&unsent_bytes=0&cid=e6e96517871ccf4d&ts=671&x=1", cfExtPri, cfHdrFlush;dur=0 date Tue, 22 Oct 2024 20:35:16 GMT content-type application/javascript vary Accept-Encoding, Accept-Encoding last-modified Mon, 26 Sep 2022 11:06:06 GMT priority u=2,i=?0 cache-control max-age=2592000, private nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8d6c45db0a046716-AMS server cloudflare
GET H3	200	bg.jpg hello.joybelle.cyou/bundle/84/assets/img/	47 KB 48 KB	110ms 110ms	Image image/jpeg	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hello.joybelle.cyou/bundle/84/assets/img/bg.jpg Requested by Host: hello.joybelle.cyou URL: https://hello.joybelle.cyou/bundle/84/assets/css/norma.css Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1d67cfa74414b5fb048766a919421dc3e3b189348c8eebd014b4a2909d28e5bc` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666 Referer https://hello.joybelle.cyou/bundle/84/assets/css/norma.css Response headers cf-cache-status BYPASS etag "6331879e-bc43" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ERUHjs71OogxmA0VDsWduM4asE1nksrEk3NRT8t0WegQVh51aSqZEdjGX2OdR9MoZyMYT2dkz62T4Gwiztvcrkv78urA9b1T7ftSu4nNcQHNH0q6l1OBzGYFZghVqVN4yzMySlfn"}],"group":"cf-nel","max_age":604800} expires Thu, 21 Nov 2024 20:35:16 GMT alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=15852&sent=92&recv=50&lost=0&retrans=0&sent_bytes=90921&recv_bytes=23066&delivery_rate=436551&cwnd=38400&unsent_bytes=0&cid=e6e96517871ccf4d&ts=661&x=1", cfExtPri, cfHdrFlush;dur=4 date Tue, 22 Oct 2024 20:35:16 GMT content-type image/jpeg last-modified Mon, 26 Sep 2022 11:06:06 GMT vary Accept-Encoding priority u=3,i cache-control max-age=2592000, private nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8d6c45dc2b616716-AMS accept-ranges bytes content-length 48195 server cloudflare
GET H3	200	Lato-Regular.ttf hello.joybelle.cyou/bundle/84/assets/fonts/	117 KB 118 KB	72ms 72ms	Font application/octet-stream	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hello.joybelle.cyou/bundle/84/assets/fonts/Lato-Regular.ttf Requested by Host: hello.joybelle.cyou URL: https://hello.joybelle.cyou/bundle/84/assets/css/norma.css Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7ae714b63c2c8b940bdd211a0cc678f01168a34eea8aa13c0df25364f29238a7` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666 Origin https://hello.joybelle.cyou Referer https://hello.joybelle.cyou/bundle/84/assets/css/norma.css Response headers cf-cache-status BYPASS etag "6331879d-1d584" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sBYR2pWNjbBm68RuAE8%2Bz1brk3ykK3JwPcKaFCj%2FPxoLvz%2B2RH3m%2FiFnklo9aJ6J0xn3kUOGLElQIrx99dbl70%2ByVJ7va%2Fc228NhpRc2Zg7emH8qF4VRs7liNnAlUs%2F55abvKAMQ"}],"group":"cf-nel","max_age":604800} expires Thu, 21 Nov 2024 20:35:16 GMT alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=15852&sent=92&recv=50&lost=0&retrans=0&sent_bytes=90921&recv_bytes=23066&delivery_rate=436551&cwnd=38400&unsent_bytes=0&cid=e6e96517871ccf4d&ts=664&x=1", cfExtPri, cfHdrFlush;dur=1 date Tue, 22 Oct 2024 20:35:16 GMT content-type application/octet-stream last-modified Mon, 26 Sep 2022 11:06:05 GMT vary Accept-Encoding priority u=0,i=?0 cache-control max-age=2592000, private nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8d6c45dc2b656716-AMS accept-ranges bytes content-length 120196 server cloudflare
GET H3	204	favicon.ico hello.joybelle.cyou/	0 614 B	34ms 34ms	Other text/plain	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hello.joybelle.cyou/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666 Referer https://hello.joybelle.cyou/s/de5851ef674bb Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-cache-status HIT age 5934 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q8otNWQmvoaGS%2FCy1dWjky9pGuKTS%2BL3z2pxNrunbZjq%2B2Bw2AA4oVerOGUarmUUlRSbl0IH20IKdKwyVKnLWLG0OL1qFTfkaCtwwrEfuC%2FXrwva1R57AYkIS6PFukW9OoV0XDV4"}],"group":"cf-nel","max_age":604800} cf-ray 8d6c45dd4cdb6716-AMS alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=16508&sent=380&recv=110&lost=0&retrans=0&sent_bytes=425557&recv_bytes=33648&delivery_rate=10782039&cwnd=189600&unsent_bytes=0&cid=e6e96517871ccf4d&ts=805&x=1", cfExtPri, cfHdrFlush;dur=0 date Tue, 22 Oct 2024 20:35:16 GMT vary Accept-Encoding server cloudflare priority u=1,i
POST H3	200	track.php Show response hello.joybelle.cyou/	0 652 B	95ms 93ms	XHR text/html	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hello.joybelle.cyou/track.php Requested by Host: hello.joybelle.cyou URL: https://hello.joybelle.cyou/bundle/84/assets/js/jquery.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://hello.joybelle.cyou/s/de5851ef674bb X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666 Accept / Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding zstd cf-cache-status DYNAMIC report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rgY8W0VccxuqAkm6m3NgJzISscdRsmvDTWjRZ5JooKEmgzYhfsnce8cOzrhRaFoUdR%2BsNe86E%2F3yG9KnsxoH22jHzjOPK%2Bi1jrV2rOWjvaK1JF0EcD3%2B68cuTVqoxdR%2BmEO2VQPH"}],"group":"cf-nel","max_age":604800} cf-ray 8d6c45dd5d096716-AMS alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=16361&sent=381&recv=111&lost=0&retrans=0&sent_bytes=426194&recv_bytes=33693&delivery_rate=6024&cwnd=189600&unsent_bytes=0&cid=e6e96517871ccf4d&ts=875&x=1", cfExtPri, cfHdrFlush;dur=0 date Tue, 22 Oct 2024 20:35:16 GMT content-type text/html; charset=UTF-8 vary Accept-Encoding, Accept-Encoding server cloudflare priority u=1,i

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Scam (Online)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.joybelle.cyou/	1970-01-21 00:28:35	Name: s Value: uEeXqP3DYs6RIj1gFJQNdoktUmIepFlYyKRPd8D4%2FO8RPiCNzuVoWjp%2FtO9HDtDza9ES0EY9PsV2jduGEnacGyB%2BJvkRH5tb%2FTdQQiJzDc0Vh%2Bo%2F6Pyj9NZpN2jPd80PRapmSpjBCfPp5NlFzMWU5Vnu3T51yneAsvnlKOkUVNVI0KfGEQ86lFn9GSBo9o63Sd94G7J7zQIk%2B%2Bnth9XWyElmsIJYr3yL0npQZ3w7y7ytrmKGuvC75XHlgSCg1KHF2BoIN%2Fkzh7lpf1y9iPUS9KPc%2BbpUa181tcLihnrmrtehm%2BY9mMgjOrSWXKCrhdPq0XM8TiQsmNyG4x8%2FqvMbewGvH69c88%2BV9W0XB%2FNQQcr7VXDqmIiwEOq1mwHCChqZqlXEK88pGAmnZKrzSliftq%2FyGw6CenOP4Pfx%2FWWmU94qreb4bkTp27NKyMYB%2FRvW24ctPwSs8FgVR6QdumXzRiQVwJquGHHa4%2BlzmgLwVjNxaSlhC58u2r5pq4uTmWHq%2BmW54zplexgacFNvTFXIMmZvKwA%2FeJjDsjil2vHW4cHOx0G6xeXd%2BkuhNG5MkM0hvdsMm1WunZsPkZWGII7fPh%2FU4gdJG7KLV6XTdaUFOPjyqbs1BuJnKhlXZYUhcfktAnh6bZMgqbhc8QaAHto8VRb0%2B6cHpk%2F5OTI6UjHiqkWP7ye6B8o%2Fl0hsG4%2BtH7A0gHkY4XCmrQlyWu9fO3NXRzsMewqQyirnCNDqZXzuyrAW3h2BgdEz5Q2gKjsxvZIen7dtN2L7860kz883K0GAuf7u1Ly3t7bN82UDb2rMHBLFv4Rmx8I%2FDKUavMR5OKYTGXkeI3rwRs2N5wKTYTjd%2FPVADcsKtlQDZRJFDkDBVY%2B9bkBP%2BrLWLKS5%2BQE5qlBNsOjxFrcMW0X23WNmR1uXyTSInEY2dxvNp6fndzONETKhbhEmUAJdeR%2B70AyG%2FSsiRXUbtAVlmYuDy7I0Yv%2FH6v9vPOqVFasd23sLRPIeryu7cW8khzkE%2BCrF0%2B2Ryg2y%2BCHUxe3%2FU7GoOpfcT8Q04kxqKqA%2Fs%2Bdjng7dJphboJ4guQEayhW1raS0BOOV6uTx93i4ngtOXa4y2k5UujRgoscl73ExwBP3aNmlsnQJvoTdZta1I9k9iko6LBEHORTU%2F6NnNk8XXmU21Vut%2FmsiEjCPLVkuo%2BPBiLTiCxC7l50F3zxoTUu6KzEcGeT1JPTjlqsWy4DM3zYd7dC3A3yjpAL10JHB79jutJP%2BzTDPx0IU0tjgPv6dbeVhJWtMoVQXzqPFUJ8f6fDH6Qq5T%2B5YrSQxQCdojTWnnShAPfOe1F49m4dwgjWqWmYJSwRArRSdLsH9MUOj5CLGaZjf621FOVkWSl69bHH6GYxorb746br47SBZc22ukQ3LD%2BMaHeQQ0iU%2FIu5XUSUcpYQx3RFonQFboALb3yVm%2FRyINipk9DMrmOeedYjQxruxyYhwazhj1gNwzlRr%2BtTLo3bULH4Z2WzYM6PhB6f0kaDdjTtfwEr0PimQU8fyCOgxzXD2cxfatq9TClseRZGHv3z9foVzGcYCvmVJXM5VpWVhTrk%2FdVnyHaIx0W6HgtoDT3kUsvtPm%2BSHGrjYsT8KLbm%2BvzCKq%2BCRy3YCZg8PNRiacnJB3T8KHZYgmwuHgszbNfktUfhVV9roOnwNVDdBs%2B%2BRxgFlYFoJGoKPwW2X1YYis%2B5yPXSlC64SvSpoXOLUQc3iu93a9i0gZJaibjGPYXKcx72PWoeD2xLiB%2F61hgoyTVDgbnX4KgNOl314nMQ1HTR7SA6I3tCpOWDsxA8HBQY165wuNgYpxWC%2FsnDRaI7ixtmJ
			hello.joybelle.cyou/	1969-12-31 23:59:59	Name: CF Value: PyPryK51FnXe3QvXnhJDOg__

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

embracingthedream.org
hello.joybelle.cyou
188.114.96.3
194.87.62.57
06d8974fb718e17d1bb74c5361f64f76c3c1dd3022e9082feb57f0df4294910e
1d67cfa74414b5fb048766a919421dc3e3b189348c8eebd014b4a2909d28e5bc
26968435703f42f548195e31049e1f621c267346a0295be2bafa457b5904ace9
7ae714b63c2c8b940bdd211a0cc678f01168a34eea8aa13c0df25364f29238a7
8f18a19a418d131fec6155ec9eb075997c4a6d94aa3f9b8b354c678d0b7cc310
a4a5f23f90259e436bf729257fe30b51033bfca924f926b900d758a927e023a7
bb5e13dbdc98b4aa3efc708db62c764dabe34a9c9b89fad23d55fedb80881c14
cba51b4f821a7b19e8bee4eb3fafe20f0b710a1a5ba4bd304dc854d79e15fe39
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9f7cb33ba0e9c476b411c8198d76c8be3da59796272cc764c73cbb04af84545
fdce77a6d0053f32d231518a84a71bcab5c86045ed52369da00b89d4284aef46

hello.joybelle.cyou Open in urlscan Pro 188.114.96.3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

1 IPs

1 Countries

404 kBTransfer

533 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

16 JavaScript Global Variables

2 Cookies

Indicators

hello.joybelle.cyou Open in urlscan Pro
188.114.96.3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

404 kB
Transfer

533 kB
Size

2
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!