9confirm.vip Open in urlscan Pro
23.225.40.28  Public Scan

3 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response 9confirm.vip/	28 KB 10 KB	465ms 153ms	Document text/html	23.225.40.28 CNSERVERS
General Check archive.org Show headers Download Go to Full URL https://9confirm.vip/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.225.40.28 , United States, ASN40065 (CNSERVERS, US), Reverse DNS Software openresty / Resource Hash 1810020b590d52da2478f5016d0fe57328832e3ae8a855a7c590d90bd7a61426 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers server openresty date Wed, 02 Mar 2022 05:38:39 GMT content-type text/html; charset=utf-8 vary Accept-Encoding content-encoding gzip
GET H2	200	js Show response www.googletagmanager.com/gtag/	94 KB 37 KB	151ms 66ms	Script application/javascript	2a00:1450:4001:831::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=UA-159239914-1 Requested by Host: 9confirm.vip URL: https://9confirm.vip/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash bb4188987824ea763fec3e974a224a5a75565421260e25b14acae1ae041882d3 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://9confirm.vip/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 02 Mar 2022 05:38:39 GMT content-encoding br vary Accept-Encoding cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 37539 x-xss-protection 0 last-modified Wed, 02 Mar 2022 03:00:00 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Wed, 02 Mar 2022 05:38:39 GMT
GET H2	200	common.js Show response cdn.bdstatic.org/scripts/	70 KB 24 KB	59ms 17ms	Script application/javascript	2606:4700:3034::6815:39de CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.bdstatic.org/scripts/common.js Requested by Host: 9confirm.vip URL: https://9confirm.vip/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::6815:39de , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 11fc36f40f5c5223b08c55417f771949dd8f6f843da8edcb57e0885cd226c01a Request headers Accept-Language de-DE,de;q=0.9 Referer https://9confirm.vip/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 02 Mar 2022 05:38:39 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 6421 cf-polished origSize=71806 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 last-modified Mon, 28 Feb 2022 13:44:27 GMT server cloudflare etag W/"621cd1bb-1187e" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=geVYI7dzwiPcP%2FENN9K%2BKvOTOvj5trWH8ckhLXKZ1c%2BC1v9SDkTWsrANEswPpQHmVFodOr2OaK8%2FOkDhpiy5bZ4bgG0B5mvUngZk%2BDKupBLXIdK6X93yhl2Y5OE1M5sKMnJA31RbHj0zjtaG%2FizE"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=1800 cf-ray 6e57c9931f8790b2-FRA cf-bgj minify
GET H2	200	index.json Show response 9confirm.vip/	134 KB 49 KB	209ms 209ms	Script application/json	23.225.40.28 CNSERVERS
General Check archive.org Show headers Download Go to Full URL https://9confirm.vip/index.json Requested by Host: 9confirm.vip URL: https://9confirm.vip/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.225.40.28 , United States, ASN40065 (CNSERVERS, US), Reverse DNS Software openresty / Resource Hash 9b2cb49432e67a0ac4db15464ad4fa708aa6680bcbee21021472ed0ae7b3baea Request headers Accept-Language de-DE,de;q=0.9 Referer https://9confirm.vip/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 02 Mar 2022 05:38:39 GMT content-encoding gzip last-modified Tue, 01 Mar 2022 11:55:20 GMT server openresty etag W/"621e09a8-21813" vary Accept-Encoding content-type application/json
GET		z_stat.php s9.cnzz.com/	0 0
GET H2	200	video.min.js 9confirm.vip/style/	0 188 KB	173ms 172ms	Other application/javascript	23.225.40.28 CNSERVERS
General Check archive.org Show headers Download Go to Full URL https://9confirm.vip/style/video.min.js Requested by Host: 9confirm.vip URL: https://9confirm.vip/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.225.40.28 , United States, ASN40065 (CNSERVERS, US), Reverse DNS Software openresty / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://9confirm.vip/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 02 Mar 2022 05:38:39 GMT content-encoding gzip last-modified Tue, 01 Mar 2022 09:46:19 GMT server openresty etag W/"621deb6b-8b76f" vary Accept-Encoding content-type application/javascript; charset=utf-8
GET H2	200	video-js.min.css 9confirm.vip/style/	0 12 KB	333ms 333ms	Other text/css	23.225.40.28 CNSERVERS
General Check archive.org Show headers Download Go to Full URL https://9confirm.vip/style/video-js.min.css Requested by Host: 9confirm.vip URL: https://9confirm.vip/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.225.40.28 , United States, ASN40065 (CNSERVERS, US), Reverse DNS Software openresty / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://9confirm.vip/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 02 Mar 2022 05:38:39 GMT content-encoding gzip last-modified Tue, 01 Mar 2022 09:46:30 GMT server openresty etag W/"621deb76-9fe4" vary Accept-Encoding content-type text/css
GET H2	200	index.json 9confirm.vip/	0 49 KB	333ms 332ms	Other application/json	23.225.40.28 CNSERVERS
General Check archive.org Show headers Download Go to Full URL https://9confirm.vip/index.json Requested by Host: 9confirm.vip URL: https://9confirm.vip/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.225.40.28 , United States, ASN40065 (CNSERVERS, US), Reverse DNS Software openresty / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://9confirm.vip/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 02 Mar 2022 05:38:39 GMT content-encoding gzip last-modified Tue, 01 Mar 2022 11:55:20 GMT server openresty etag W/"621e09a8-21813" vary Accept-Encoding content-type application/json
GET		key.key bchyf.com/	0 0
GET		2yCgqMHh.ts bchyf.com/	0 0
GET DATA	200 OK	truncated /	52 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash f5d7077a30dfc7c91cff8cdb8af3b8db14ac790cf886d6127c2b4f63648cfa3f Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Content-Type image/gif

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

s9.cnzz.com

URL

https://s9.cnzz.com/z_stat.php?id=1280748325&web_id=1280748325

Domain

bchyf.com

URL

https://bchyf.com/key.key

Domain

bchyf.com

URL

https://bchyf.com/2yCgqMHh.ts

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone function| _MMgg function| _0x3a3026 function| _0x4804 function| _0xe11f boolean| _DGX number| st string| CNZZ_HOST string| JUMP_HOST string| API_HOST string| UA string| P string| REF number| COLD_HOUR string| COLD_KEY number| STARTNUM_KEY_HOUR string| STARTNUM_KEY boolean| DEBUG boolean| IS_BAD object| ALL_BAO object| clientInfo object| google_tag_manager object| dataLayer string| data

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

9confirm.vip
bchyf.com
cdn.bdstatic.org
s9.cnzz.com
www.googletagmanager.com
bchyf.com
s9.cnzz.com
23.225.40.28
2606:4700:3034::6815:39de
2a00:1450:4001:831::2008
11fc36f40f5c5223b08c55417f771949dd8f6f843da8edcb57e0885cd226c01a
1810020b590d52da2478f5016d0fe57328832e3ae8a855a7c590d90bd7a61426
9b2cb49432e67a0ac4db15464ad4fa708aa6680bcbee21021472ed0ae7b3baea
bb4188987824ea763fec3e974a224a5a75565421260e25b14acae1ae041882d3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f5d7077a30dfc7c91cff8cdb8af3b8db14ac790cf886d6127c2b4f63648cfa3f