urlscan.io logo urlscan.io
SecurityTrails logo

zsee.vip Open in urlscan Pro
47.52.30.46  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://clck.ru/P8naQ
Effective URL: http://zsee.vip/-/app/pic/gethtml/faq_config/friends.php?power=y8dt8uwet880k&itself=fell&sleep=wind
Submission: On July 31 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 4 countries across 5 domains to perform 3 HTTP transactions. The main IP is 47.52.30.46, located in Hong Kong and belongs to CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN. The main domain is zsee.vip.
This is the only time zsee.vip was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Weightloss Scam (Online)

Domain & IP information

IP Address AS Autonomous System
2 2 2a02:6b8::221 13238 (YANDEX)
2 2 2a02:6b8::232 13238 (YANDEX)
1 1 144.208.82.13 396341 (COBBLEHILL)
2 47.52.30.46 45102 (CNNIC-ALI...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 3
2    2a02:6b8::221 (Moscow, Russian Federation)

ASN13238 (YANDEX, RU)
clck.ru
2    2a02:6b8::232 (Moscow, Russian Federation)

ASN13238 (YANDEX, RU)
sba.yandex.net
1    144.208.82.13 (Canada)

ASN396341 (COBBLEHILL, CA)
m.shopinsacramento.com
2    47.52.30.46 (Hong Kong)

ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN)
zsee.vip
1    2606:4700::6810:84e5 (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
Apex Domain
Subdomains		 Transfer
2 zsee.vip
zsee.vip
2 KB
2 yandex.net
sba.yandex.net
779 B
2 clck.ru
clck.ru
995 B
1 cloudflare.com
cdnjs.cloudflare.com
34 KB
1 shopinsacramento.com
m.shopinsacramento.com
200 B
3 5
Domain Requested by
2 zsee.vip zsee.vip
2 sba.yandex.net 2 redirects
2 clck.ru 2 redirects
1 cdnjs.cloudflare.com zsee.vip
1 m.shopinsacramento.com 1 redirects
3 5

This site contains links to these domains. Also see Links.

Domain
atrack.pro
Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://zsee.vip/-/app/pic/gethtml/faq_config/friends.php?power=y8dt8uwet880k&itself=fell&sleep=wind
Frame ID: 32F95B7A5843DD92698A61575BE50F6C
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://clck.ru/P8naQ HTTP 302
    https://sba.yandex.net/redirect?url=http%3A%2F%2Fm.shopinsacramento.com%2Fredirect.aspx%3Furl%3D%25... HTTP 302
    http://m.shopinsacramento.com/redirect.aspx?url=%68%74%74%70%73%3a%2f%2f%63%6c%63%6b%2e%72%75%2f%50%38%52%... HTTP 302
    https://clck.ru/P8Rg3 HTTP 302
    https://sba.yandex.net/redirect?url=http%3A%2F%2Fzsee.vip%2F-%2Fapp%2Fpic%2Fgethtml%2Ffaq_config%2F... HTTP 302
    http://zsee.vip/-/app/pic/gethtml/faq_config/friends.php?radio=g1zxx01mnb25ku Page URL
  2. http://zsee.vip/-/app/pic/gethtml/faq_config/friends.php?power=y8dt8uwet880k&itself=fell&sle... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

3
Requests

0 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

3
IPs

4
Countries

35 kB
Transfer

1630 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://clck.ru/P8naQ HTTP 302
    https://sba.yandex.net/redirect?url=http%3A%2F%2Fm.shopinsacramento.com%2Fredirect.aspx%3Furl%3D%2568%2574%2574%2570%2573%253a%252f%252f%2563%256c%2563%256b%252e%2572%2575%252f%2550%2538%2552%2567%2533%26redirect%3Dhttps%3A%2F%2Fwebside.pro%2Fxvideos-novinha-webcam-solo-1.html%23egypwngrdq&client=clck&sign=b9d6d32be099c010f3ce123e43455790 HTTP 302
    http://m.shopinsacramento.com/redirect.aspx?url=%68%74%74%70%73%3a%2f%2f%63%6c%63%6b%2e%72%75%2f%50%38%52%67%33&redirect=https://webside.pro/xvideos-novinha-webcam-solo-1.html HTTP 302
    https://clck.ru/P8Rg3 HTTP 302
    https://sba.yandex.net/redirect?url=http%3A%2F%2Fzsee.vip%2F-%2Fapp%2Fpic%2Fgethtml%2Ffaq_config%2Ffriends.php%3Fradio%3Dg1zxx01mnb25ku&client=clck&sign=c858d216d48483bd703d324ec37585e8 HTTP 302
    http://zsee.vip/-/app/pic/gethtml/faq_config/friends.php?radio=g1zxx01mnb25ku Page URL
  2. http://zsee.vip/-/app/pic/gethtml/faq_config/friends.php?power=y8dt8uwet880k&itself=fell&sleep=wind Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://clck.ru/P8naQ HTTP 302
  • https://sba.yandex.net/redirect?url=http%3A%2F%2Fm.shopinsacramento.com%2Fredirect.aspx%3Furl%3D%2568%2574%2574%2570%2573%253a%252f%252f%2563%256c%2563%256b%252e%2572%2575%252f%2550%2538%2552%2567%2533%26redirect%3Dhttps%3A%2F%2Fwebside.pro%2Fxvideos-novinha-webcam-solo-1.html%23egypwngrdq&client=clck&sign=b9d6d32be099c010f3ce123e43455790 HTTP 302
  • http://m.shopinsacramento.com/redirect.aspx?url=%68%74%74%70%73%3a%2f%2f%63%6c%63%6b%2e%72%75%2f%50%38%52%67%33&redirect=https://webside.pro/xvideos-novinha-webcam-solo-1.html HTTP 302
  • https://clck.ru/P8Rg3 HTTP 302
  • https://sba.yandex.net/redirect?url=http%3A%2F%2Fzsee.vip%2F-%2Fapp%2Fpic%2Fgethtml%2Ffaq_config%2Ffriends.php%3Fradio%3Dg1zxx01mnb25ku&client=clck&sign=c858d216d48483bd703d324ec37585e8 HTTP 302
  • http://zsee.vip/-/app/pic/gethtml/faq_config/friends.php?radio=g1zxx01mnb25ku

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
friends.php
zsee.vip/-/app/pic/gethtml/faq_config/
Redirect Chain
  • https://clck.ru/P8naQ
  • https://sba.yandex.net/redirect?url=http%3A%2F%2Fm.shopinsacramento.com%2Fredirect.aspx%3Furl%3D%2568%2574%2574%2570%2573%253a%252f%252f%2563%256c%2563%256b%252e%2572%2575%252f%2550%2538%2552%2567%...
  • http://m.shopinsacramento.com/redirect.aspx?url=%68%74%74%70%73%3a%2f%2f%63%6c%63%6b%2e%72%75%2f%50%38%52%67%33&redirect=https://webside.pro/xvideos-novinha-webcam-solo-1.html
  • https://clck.ru/P8Rg3
  • https://sba.yandex.net/redirect?url=http%3A%2F%2Fzsee.vip%2F-%2Fapp%2Fpic%2Fgethtml%2Ffaq_config%2Ffriends.php%3Fradio%3Dg1zxx01mnb25ku&client=clck&sign=c858d216d48483bd703d324ec37585e8
  • http://zsee.vip/-/app/pic/gethtml/faq_config/friends.php?radio=g1zxx01mnb25ku
3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://zsee.vip/-/app/pic/gethtml/faq_config/friends.php?radio=g1zxx01mnb25ku
Protocol
HTTP/1.1
Server
47.52.30.46 , Hong Kong, ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN),
Reverse DNS
Software
nginx / PHP/7.1.5
Resource Hash
88de952d0250baff801ef2688bc95810d43eb31a8a206a751ebf0f5948ad18f5

Request headers

Host
zsee.vip
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
nginx
Date
Fri, 31 Jul 2020 09:25:13 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-Powered-By
PHP/7.1.5
Content-Encoding
gzip

Redirect headers

Content-Length
361
Content-Type
text/html; charset=utf-8
Date
Fri, 31 Jul 2020 09:25:11 GMT
Location
http://zsee.vip/-/app/pic/gethtml/faq_config/friends.php?radio=g1zxx01mnb25ku
Strict-Transport-Security
max-age=3600; includeSubDomains
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Primary Request friends.php
zsee.vip/-/app/pic/gethtml/faq_config/ 		910 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
http://zsee.vip/-/app/pic/gethtml/faq_config/friends.php?power=y8dt8uwet880k&itself=fell&sleep=wind
Requested by
Host: zsee.vip
URL: http://zsee.vip/-/app/pic/gethtml/faq_config/friends.php?radio=g1zxx01mnb25ku
Protocol
HTTP/1.1
Server
47.52.30.46 , Hong Kong, ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN),
Reverse DNS
Software
nginx / PHP/7.1.5
Resource Hash

Request headers

Host
zsee.vip
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://zsee.vip/-/app/pic/gethtml/faq_config/friends.php?radio=g1zxx01mnb25ku
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://zsee.vip/-/app/pic/gethtml/faq_config/friends.php?radio=g1zxx01mnb25ku

Response headers

Server
nginx
Date
Fri, 31 Jul 2020 09:25:20 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-Powered-By
PHP/7.1.5
Content-Encoding
gzip
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/ 		95 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js
Requested by
Host: zsee.vip
URL: http://zsee.vip/-/app/pic/gethtml/faq_config/friends.php?power=y8dt8uwet880k&itself=fell&sleep=wind
Protocol
HTTP/1.1
Server
2606:4700::6810:84e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Request headers

Referer
http://zsee.vip/-/app/pic/gethtml/faq_config/friends.php?power=y8dt8uwet880k&itself=fell&sleep=wind
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 31 Jul 2020 09:25:20 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
Age
15124023
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0445c9c6380000dfcf8a31a200000001
Served-In-Seconds
0.003
Timing-Allow-Origin
*
Last-Modified
Thu, 17 May 2018 09:21:00 GMT
Server
cloudflare
ETag
W/"5afd497c-17b8b"
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=30672000
CF-RAY
5bb645838c96dfcf-FRA
Expires
Wed, 21 Jul 2021 09:25:20 GMT
truncated
/ 		11 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d4face6c75f425c2ff01d9db2b080f8a494035d006b34b4d7ce3171e508e9f95

Request headers

Referer
http://zsee.vip/-/app/pic/gethtml/faq_config/friends.php?power=y8dt8uwet880k&itself=fell&sleep=wind
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/jpg
truncated
/ 		32 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0011fd01a0d7c94f16540e0312f43148d47c9c4f1ac0ec768d4e22309fae5b98

Request headers

Referer
http://zsee.vip/-/app/pic/gethtml/faq_config/friends.php?power=y8dt8uwet880k&itself=fell&sleep=wind
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		91 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dad7f515accda98057a527c6d2bf039723b90b4c892273a9740a2a56f12501c9

Request headers

Referer
http://zsee.vip/-/app/pic/gethtml/faq_config/friends.php?power=y8dt8uwet880k&itself=fell&sleep=wind
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		62 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
22c54c8c9b3cefd3ae2fdd10514f917a66974b4b51b020c0105abb325952877b

Request headers

Referer
http://zsee.vip/-/app/pic/gethtml/faq_config/friends.php?power=y8dt8uwet880k&itself=fell&sleep=wind
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		71 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3fa9325f3bc95c7c2a88a30571b67cfc7904c6402edc8b4fda9ab7caf39d1192

Request headers

Referer
http://zsee.vip/-/app/pic/gethtml/faq_config/friends.php?power=y8dt8uwet880k&itself=fell&sleep=wind
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		91 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
15e3d6ecbb830ae7b4e0add2bda4275e4a1514e763d97751b13327a2b7ac1a87

Request headers

Referer
http://zsee.vip/-/app/pic/gethtml/faq_config/friends.php?power=y8dt8uwet880k&itself=fell&sleep=wind
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/jpg
truncated
/ 		75 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e9e29c9c11075c1eb69393884562075299925e1de7672fcc29b01356634ca1c3

Request headers

Referer
http://zsee.vip/-/app/pic/gethtml/faq_config/friends.php?power=y8dt8uwet880k&itself=fell&sleep=wind
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/jpg
truncated
/ 		36 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
aba596b7a72ffd61e8258da8ffbd3b4797cda31728fab525572a78f802ad89f9

Request headers

Referer
http://zsee.vip/-/app/pic/gethtml/faq_config/friends.php?power=y8dt8uwet880k&itself=fell&sleep=wind
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		35 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
940552a0d787f4ffa516c6e73dc8cfb84e8ef1d521592f83dba0552c0c25a933

Request headers

Referer
http://zsee.vip/-/app/pic/gethtml/faq_config/friends.php?power=y8dt8uwet880k&itself=fell&sleep=wind
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		47 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
48a999b97ef4417527b64d2c033f69b29fbe69c49125d928a79c2912043fd27e

Request headers

Referer
http://zsee.vip/-/app/pic/gethtml/faq_config/friends.php?power=y8dt8uwet880k&itself=fell&sleep=wind
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		23 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5b5b95ceabcd121c2efd989911f7c906e753a38f8876300a1b82921c78806088

Request headers

Referer
http://zsee.vip/-/app/pic/gethtml/faq_config/friends.php?power=y8dt8uwet880k&itself=fell&sleep=wind
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d5a22c4bfda1f7b5194ee24fc1db5eea3abac22e395097f244e58bfb037c7951

Request headers

Referer
http://zsee.vip/-/app/pic/gethtml/faq_config/friends.php?power=y8dt8uwet880k&itself=fell&sleep=wind
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		45 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2c00339b175d5c10e5c82b2081cde9caef9f26e9da0a98e7ffe78ab1da8bac47

Request headers

Referer
http://zsee.vip/-/app/pic/gethtml/faq_config/friends.php?power=y8dt8uwet880k&itself=fell&sleep=wind
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/jpeg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Weightloss Scam (Online)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| backDay

0 Cookies