j9sd.happynewyear99024.com
Open in
urlscan Pro
154.85.10.132
Public Scan
URL:
https://j9sd.happynewyear99024.com/
Submission Tags: phishingrod
Submission: On June 11 via api from DE — Scanned from JP
Submission Tags: phishingrod
Submission: On June 11 via api from DE — Scanned from JP
Summary
This website contacted 5 IPs
in 2 countries
across 4 domains to perform 17 HTTP transactions.
The main IP is 154.85.10.132, located in
Tokyo, Japan and
belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US.
The main domain is j9sd.happynewyear99024.com.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on April 10th 2024. Valid for: 3 months.
This is the only time j9sd.happynewyear99024.com was scanned on urlscan.io!
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on April 10th 2024. Valid for: 3 months.
This is the only time j9sd.happynewyear99024.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 5 | 154.85.10.132 154.85.10.132 | 209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare) | |
| 2 | 240e:f7:7c00:... 240e:f7:7c00:10a:3::3f2 | () () | |
| 5 | 13.225.183.97 13.225.183.97 | 16509 (AMAZON-02) (AMAZON-02) | |
| 4 | 99.83.207.187 99.83.207.187 | 16509 (AMAZON-02) (AMAZON-02) | |
| 17 | 5 |
5
154.85.10.132
(Tokyo, Japan)
ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
| j9sd.happynewyear99024.com |
5
13.225.183.97
(United States)
ASN16509 (AMAZON-02, US)
PTR: server-13-225-183-97.nrt57.r.cloudfront.net
ASN16509 (AMAZON-02, US)
PTR: server-13-225-183-97.nrt57.r.cloudfront.net
| sdoiuewa.a20vcg7o.com |
4
99.83.207.187
(United States)
ASN16509 (AMAZON-02, US)
PTR: a48d7a3baeaba2a67.awsglobalaccelerator.com
ASN16509 (AMAZON-02, US)
PTR: a48d7a3baeaba2a67.awsglobalaccelerator.com
| 2949yj.33465aaabb.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 5 |
a20vcg7o.com
sdoiuewa.a20vcg7o.com |
199 KB |
| 5 |
happynewyear99024.com
j9sd.happynewyear99024.com |
42 KB |
| 4 |
33465aaabb.com
2949yj.33465aaabb.com — Cisco Umbrella Rank: 442545 |
9 KB |
| 2 |
cnzz.com
s9.cnzz.com z12.cnzz.com Failed c.cnzz.com |
6 KB |
| 17 | 4 |
| Domain | Requested by | |
|---|---|---|
| 5 | sdoiuewa.a20vcg7o.com |
j9sd.happynewyear99024.com
sdoiuewa.a20vcg7o.com |
| 5 | j9sd.happynewyear99024.com |
j9sd.happynewyear99024.com
|
| 4 | 2949yj.33465aaabb.com |
sdoiuewa.a20vcg7o.com
|
| 1 | c.cnzz.com |
s9.cnzz.com
|
| 1 | s9.cnzz.com |
j9sd.happynewyear99024.com
|
| 0 | z12.cnzz.com Failed |
s9.cnzz.com
|
| 17 | 6 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.baidu.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| j9sd.happynewyear99024.com ZeroSSL RSA Domain Secure Site CA |
2024-04-10 - 2024-07-09 |
3 months | crt.sh |
| *.cnzz.com GlobalSign Organization Validation CA - SHA256 - G3 |
2024-02-17 - 2025-03-20 |
a year | crt.sh |
| *.livehelp100service.com Amazon RSA 2048 M02 |
2023-11-30 - 2024-12-29 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://j9sd.happynewyear99024.com/
Frame ID: 01FDA11E9142715D179E5B138CF8C7D5
Requests: 9 HTTP requests in this frame
Frame:
https://sdoiuewa.a20vcg7o.com/visitorside/js/common.8e4fae38.js
Frame ID: D689320EC26ECB6F7813DB65D6046678
Requests: 8 HTTP requests in this frame
1 Outgoing links
These are links going to different origins than the main page.
URL: https://www.baidu.com/
Title: 浏览器安全检查通过,请点击继续访问
Title: 浏览器安全检查通过,请点击继续访问
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
/
j9sd.happynewyear99024.com/ |
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
style.css
j9sd.happynewyear99024.com/css/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-1.8.3.min.js
j9sd.happynewyear99024.com/js/ |
92 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
uaredirect.js
j9sd.happynewyear99024.com/js/ |
819 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
z.js
s9.cnzz.com/ |
10 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
livechat.ashx
sdoiuewa.a20vcg7o.com/ |
2 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
common.8e4fae38.js
sdoiuewa.a20vcg7o.com/visitorside/js/ Frame D689 |
79 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
vendor.c1318fdb.js
sdoiuewa.a20vcg7o.com/visitorside/js/ Frame D689 |
112 KB 35 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bundle.0c83fbae.js
sdoiuewa.a20vcg7o.com/visitorside/js/ Frame D689 |
562 KB 130 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
visitor.ashx
2949yj.33465aaabb.com/ Frame D689 |
1 KB 1 KB |
XHR
text/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
visitor.ashx
2949yj.33465aaabb.com/ Frame D689 |
1 KB 1 KB |
XHR
text/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
DBImage.ashx
2949yj.33465aaabb.com/DBResource/ Frame D689 |
618 B 696 B |
XHR
text/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
campaign.ashx
2949yj.33465aaabb.com/ Frame D689 |
13 KB 6 KB |
XHR
text/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Button.45c69a8d.js
sdoiuewa.a20vcg7o.com/visitorside/js/ Frame D689 |
10 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST |
stat.htm
z12.cnzz.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
c.js
c.cnzz.com/ |
907 B 878 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
favicon.ico
j9sd.happynewyear99024.com/ |
548 B 719 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- z12.cnzz.com
- URL
- https://z12.cnzz.com/stat.htm?id=1278067449&r=&lg=ja-jp&ntime=none&cnzz_eid=1282562862-1718064242-&showp=1600x1200&p=https%3A%2F%2Fj9sd.happynewyear99024.com%2F&t=%E6%B5%8F%E8%A7%88%E5%99%A8%E6%A3%80%E6%B5%8B&umuuid=190049bdee96d6-0c9277b0843e18-26001c51-1d4c00-190049bdeeabba&h=1
Verdicts & Comments Add Verdict or Comment
12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 function| $ function| jQuery function| uaredirect function| isSubdomain object| _czc function| getRandom function| checkurl object| OnlineHelpAPI string| brandingNameLowerCase string| brandingName2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| 2949yj.33465aaabb.com/ | Name: visitorGuid_5001077 Value: 31319e9f-b69e-40b3-b89d-0e90ddfec04c |
|
| j9sd.happynewyear99024.com/ | Name: onlinehelp_visitorguid_5001077 Value: 31319e9f-b69e-40b3-b89d-0e90ddfec04c |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
2949yj.33465aaabb.com
c.cnzz.com
j9sd.happynewyear99024.com
s9.cnzz.com
sdoiuewa.a20vcg7o.com
z12.cnzz.com
z12.cnzz.com
13.225.183.97
154.85.10.132
240e:f7:7c00:10a:3::3f2
99.83.207.187
08a0f6a8a263004634dba81b084cc7bc63658e0ca0f164fcec27e04eb334fb98
0d82e5c8ce3f52a99e4fd644ae4ce4e8ffe8c40a39a04bddefdf3e288d029ab7
13f2d29d21ebe5ecafb0f83ca4a6b1b6dc6816490ac6d684ce75d26d6ea3f55f
17effd046c50fd9c98ad98f045efa891dc71d2decfc0a0ff8da5787e83bed155
1bd17b877b5cce1da6090cc69c6265491f7359bc33e25bae8edc7eebbe837565
21deb1708f67908dd34516cc7bee8d4e036fd5520b601de6423b5d23c1528630
6181b5cb3836698fff44434ac6312f0846c4d4fca101b3512d48fc903c81f8a3
7acc5fcc487277cdd2846a3691a0c4e2151c921d2f38e9503a4136e9c1d80af3
887f0457b698cf15a35b9622a2b48f71cb3f019bf34a305e2dc5f5b92e4c1fa8
8e1cac245a9daa0ff3a9e12ad5ff809822d35742803f040960531fffff3131f8
a9a256508dbb52d9f98e5fd69bef3a016c00c55921e1813a132cc4bfa17a42a7
b2200cebc8faea2b80a57c6586c9e1893aadb784897b42e4662819c62ed4b7b1
c98dacd8c1a0066030c0ebb280cd3440c8788dcd6ec4055d868888a6305ffa40
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
ef45c2b4676161897f63a84bddd4a8d7e33e98d5477e8bda3ca8173b222b8a9c
fae7b25ccc94864994d290b63a842a1cd1113278a53898333a3813afd447a1a1