urlscan.io logo urlscan.io
SecurityTrails logo

9jeburoe.xyz Open in urlscan Pro
2606:4700:3033::681b:96b0  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://clck.ru/RNbWj
Effective URL: https://9jeburoe.xyz/game_h648/
Submission: On October 15 via manual from SG
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 5 domains to perform 6 HTTP transactions. The main IP is 2606:4700:3033::681b:96b0, located in United States and belongs to CLOUDFLARENET, US. The main domain is 9jeburoe.xyz.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 5th 2020. Valid for: a year.
This is the only time 9jeburoe.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 2a02:6b8::221 13238 (YANDEX)
1 1 2a02:6b8::232 13238 (YANDEX)
2 3 2606:4700:303... 13335 (CLOUDFLAR...)
1 3 190.115.26.117 262254 (DDOS-GUAR...)
3 2606:4700:303... 13335 (CLOUDFLAR...)
6 3
1    2a02:6b8::221 (Moscow, Russian Federation)

ASN13238 (YANDEX, RU)
clck.ru
1    2a02:6b8::232 (Moscow, Russian Federation)

ASN13238 (YANDEX, RU)
sba.yandex.net
3    2606:4700:3034::681b:b298 (United States)

ASN13335 (CLOUDFLARENET, US)
lingoto.xyz
3    190.115.26.117 (Belize)

ASN262254 (DDOS-GUARD CORP., BZ)
PTR: 190-115-26-117.bilibili.be
ccpay.win
3    2606:4700:3033::681b:96b0 (United States)

ASN13335 (CLOUDFLARENET, US)
9jeburoe.xyz
Apex Domain
Subdomains		 Transfer
3 9jeburoe.xyz
9jeburoe.xyz
7 KB
3 ccpay.win
ccpay.win
31 KB
3 lingoto.xyz
lingoto.xyz
2 KB
1 yandex.net
sba.yandex.net
289 B
1 clck.ru
clck.ru
362 B
6 5
Domain Requested by
3 9jeburoe.xyz ccpay.win
9jeburoe.xyz
3 ccpay.win 1 redirects ccpay.win
3 lingoto.xyz 2 redirects
1 sba.yandex.net 1 redirects
1 clck.ru 1 redirects
6 5

This site contains links to these domains. Also see Links.

Domain
www.cloudflare.com
Subject Issuer Validity Valid
ccpay.win
Let's Encrypt Authority X3		 2020-10-14 -
2021-01-12		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-10-05 -
2021-10-05		 a year crt.sh

This page contains 1 frames:

Primary Page: https://9jeburoe.xyz/game_h648/
Frame ID: A1957B62E7B659C71DE6F2780AC285D5
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://clck.ru/RNbWj HTTP 302
    https://sba.yandex.net/redirect?url=http%3A%2F%2Flingoto.xyz%2F1210ru%3Fiuw86&client=clck&sign=d5d5... HTTP 302
    http://lingoto.xyz/1210ru?iuw86 HTTP 301
    http://lingoto.xyz/1210ru/?iuw86 Page URL
  2. http://lingoto.xyz/tds/1010op HTTP 302
    https://ccpay.win/d/5f7989a1deb01 Page URL
  3. https://ccpay.win/check-unique/index?unique_code=35654b5ff734651327496757c37081fd&link_type=pa... HTTP 302
    https://9jeburoe.xyz/game_h648/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

6
Requests

83 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

3
IPs

3
Countries

38 kB
Transfer

58 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://clck.ru/RNbWj HTTP 302
    https://sba.yandex.net/redirect?url=http%3A%2F%2Flingoto.xyz%2F1210ru%3Fiuw86&client=clck&sign=d5d5e3b77ae1b1d98f0628ab7bbcabba HTTP 302
    http://lingoto.xyz/1210ru?iuw86 HTTP 301
    http://lingoto.xyz/1210ru/?iuw86 Page URL
  2. http://lingoto.xyz/tds/1010op HTTP 302
    https://ccpay.win/d/5f7989a1deb01 Page URL
  3. https://ccpay.win/check-unique/index?unique_code=35654b5ff734651327496757c37081fd&link_type=partner&code=5f7989a1deb01&u=&url=https://9jeburoe.xyz/game_h648/&upgrade=6e0dc15b690de HTTP 302
    https://9jeburoe.xyz/game_h648/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://clck.ru/RNbWj HTTP 302
  • https://sba.yandex.net/redirect?url=http%3A%2F%2Flingoto.xyz%2F1210ru%3Fiuw86&client=clck&sign=d5d5e3b77ae1b1d98f0628ab7bbcabba HTTP 302
  • http://lingoto.xyz/1210ru?iuw86 HTTP 301
  • http://lingoto.xyz/1210ru/?iuw86
Request Chain 1
  • http://lingoto.xyz/tds/1010op HTTP 302
  • https://ccpay.win/d/5f7989a1deb01

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
lingoto.xyz/1210ru/
Redirect Chain
  • https://clck.ru/RNbWj
  • https://sba.yandex.net/redirect?url=http%3A%2F%2Flingoto.xyz%2F1210ru%3Fiuw86&client=clck&sign=d5d5e3b77ae1b1d98f0628ab7bbcabba
  • http://lingoto.xyz/1210ru?iuw86
  • http://lingoto.xyz/1210ru/?iuw86
90 B
639 B 		Document
General
Check archive.org
Download Go to
Full URL
http://lingoto.xyz/1210ru/?iuw86
Protocol
HTTP/1.1
Server
2606:4700:3034::681b:b298 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c6bf7d30a4ccf41b4515c485bcda13e9005b074efab44341d22ecf47440171f2

Request headers

Host
lingoto.xyz
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Cookie
__cfduid=d4ec893e577e8f7884fe8841a417f92411602771515
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 15 Oct 2020 14:18:35 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Last-Modified
Tue, 13 Oct 2020 05:44:57 GMT
CF-Cache-Status
DYNAMIC
cf-request-id
05ce3992110000d7155733b000000001
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?lkg-colo=71&lkg-time=1602771516"}],"group":"cf-nel","max_age":604800}
NEL
{"report_to":"cf-nel","max_age":604800}
Server
cloudflare
CF-RAY
5e2a2b968fcfd715-FRA
Content-Encoding
gzip

Redirect headers

Date
Thu, 15 Oct 2020 14:18:35 GMT
Content-Type
text/html; charset=iso-8859-1
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
__cfduid=d4ec893e577e8f7884fe8841a417f92411602771515; expires=Sat, 14-Nov-20 14:18:35 GMT; path=/; domain=.lingoto.xyz; HttpOnly; SameSite=Lax
Location
http://lingoto.xyz/1210ru/?iuw86
CF-Cache-Status
DYNAMIC
cf-request-id
05ce3991db0000d71533acf000000001
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?lkg-colo=71&lkg-time=1602771516"}],"group":"cf-nel","max_age":604800}
NEL
{"report_to":"cf-nel","max_age":604800}
Server
cloudflare
CF-RAY
5e2a2b962e7bd715-FRA
5f7989a1deb01
ccpay.win/d/
Redirect Chain
  • http://lingoto.xyz/tds/1010op
  • https://ccpay.win/d/5f7989a1deb01
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ccpay.win/d/5f7989a1deb01
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
190.115.26.117 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),
Reverse DNS
190-115-26-117.bilibili.be
Software
nginx /
Resource Hash
dc0a424f482eda376d4845ce510cea28fbc25eea6e62affead9834696355b644
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

Host
ccpay.win
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
http://lingoto.xyz/1210ru/?iuw86
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://lingoto.xyz/1210ru/?iuw86

Response headers

Server
nginx
Date
Thu, 15 Oct 2020 14:18:34 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Strict-Transport-Security
max-age=15768000; includeSubdomains; preload
X-Content-Type-Options
nosniff
Content-Encoding
gzip

Redirect headers

Date
Thu, 15 Oct 2020 14:18:36 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Powered-By
PHP/7.3.11
Access-Control-Allow-Origin
*
Set-Cookie
qwerty_1010op=0; expires=Fri, 16-Oct-2020 14:18:36 GMT; Max-Age=86400; path=/
Location
https://ccpay.win/d/5f7989a1deb01
CF-Cache-Status
DYNAMIC
cf-request-id
05ce3992570000d7153f09d000000001
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?lkg-colo=71&lkg-time=1602771516"}],"group":"cf-nel","max_age":604800}
NEL
{"report_to":"cf-nel","max_age":604800}
Server
cloudflare
CF-RAY
5e2a2b96e918d715-FRA
fp21.min.js
ccpay.win/frontend/web/js/ 		29 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ccpay.win/frontend/web/js/fp21.min.js
Requested by
Host: ccpay.win
URL: https://ccpay.win/d/5f7989a1deb01
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
190.115.26.117 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),
Reverse DNS
190-115-26-117.bilibili.be
Software
nginx /
Resource Hash
af4ac135cf575e46eb783d82f6c659d92afb5e31b647e2ac9d62530c3e371bdb
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://ccpay.win/d/5f7989a1deb01
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 15 Oct 2020 14:18:35 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 15 Aug 2019 12:05:02 GMT
Server
nginx
ETag
"5d554a6e-7309"
Strict-Transport-Security
max-age=15768000; includeSubdomains; preload
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
29449
Primary Request /
9jeburoe.xyz/game_h648/
Redirect Chain
  • https://ccpay.win/check-unique/index?unique_code=35654b5ff734651327496757c37081fd&link_type=partner&code=5f7989a1deb01&u=&url=https://9jeburoe.xyz/game_h648/&upgrade=6e0dc15b690de
  • https://9jeburoe.xyz/game_h648/
4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://9jeburoe.xyz/game_h648/
Requested by
Host: ccpay.win
URL: https://ccpay.win/d/5f7989a1deb01
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::681b:96b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e94012a0e38d16adfeddf0e094c09375eba1eba6f7eefc9bf27848b382e5d66d
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

:method
GET
:authority
9jeburoe.xyz
:scheme
https
:path
/game_h648/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://ccpay.win/d/5f7989a1deb01
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://ccpay.win/d/5f7989a1deb01

Response headers

status
200
date
Thu, 15 Oct 2020 14:18:36 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d5b8a61ab2ab8a737d85528d0981c5a851602771516; expires=Sat, 14-Nov-20 14:18:36 GMT; path=/; domain=.9jeburoe.xyz; HttpOnly; SameSite=Lax
x-frame-options
SAMEORIGIN
cf-request-id
05ce3994c60000d6bd3d86d000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?lkg-colo=71&lkg-time=1602771517"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
server
cloudflare
cf-ray
5e2a2b9adcf0d6bd-FRA
content-encoding
br

Redirect headers

Server
nginx
Date
Thu, 15 Oct 2020 14:18:35 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Location
https://9jeburoe.xyz/game_h648/
Set-Cookie
aff648=2e2ae94fd04e75816afa4059daf0e36ec385d38d45de41370dfbd495d165cfaea%3A2%3A%7Bi%3A0%3Bs%3A6%3A%22aff648%22%3Bi%3A1%3Bs%3A13%3A%225f7989a1deb01%22%3B%7D; expires=Tue, 17-Nov-2020 14:18:35 GMT; Max-Age=2851200; path=/; HttpOnly userHash=f12ba1eb95350a9e43bb15be61a1ae9876edf05607ac573c988f648cdf98bf75a%3A2%3A%7Bi%3A0%3Bs%3A8%3A%22userHash%22%3Bi%3A1%3Bs%3A32%3A%226004a82fc37d8152d0a288684182cfeb%22%3B%7D; expires=Tue, 17-Nov-2020 14:18:35 GMT; Max-Age=2851200; path=/; HttpOnly
Strict-Transport-Security
max-age=15768000; includeSubdomains; preload
X-Content-Type-Options
nosniff
cf.errors.css
9jeburoe.xyz/cdn-cgi/styles/ 		23 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://9jeburoe.xyz/cdn-cgi/styles/cf.errors.css
Requested by
Host: 9jeburoe.xyz
URL: https://9jeburoe.xyz/game_h648/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::681b:96b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16fd28061d42cf29268600418d5aa26b585435027ca599a42141cbc820f2547c
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://9jeburoe.xyz/game_h648/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 15 Oct 2020 14:18:36 GMT
content-encoding
gzip
last-modified
Wed, 14 Oct 2020 13:36:01 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"5f86fec1-5c88"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7200, public
cf-ray
5e2a2b9bbea6d6bd-FRA
expires
Thu, 15 Oct 2020 16:18:36 GMT
icon-exclamation.png
9jeburoe.xyz/cdn-cgi/images/ 		452 B
539 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://9jeburoe.xyz/cdn-cgi/images/icon-exclamation.png?1376755637
Requested by
Host: 9jeburoe.xyz
URL: https://9jeburoe.xyz/cdn-cgi/styles/cf.errors.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::681b:96b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://9jeburoe.xyz/cdn-cgi/styles/cf.errors.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 15 Oct 2020 14:18:36 GMT
last-modified
Wed, 14 Oct 2020 13:36:01 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
"5f86fec1-1c4"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=7200, public
accept-ranges
bytes
cf-ray
5e2a2b9bceccd6bd-FRA
content-length
452
expires
Thu, 15 Oct 2020 16:18:36 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes object| _cf_translation

1 Cookies

Domain/Path Name / Value
.9jeburoe.xyz/ Name: __cfduid
Value: d5b8a61ab2ab8a737d85528d0981c5a851602771516