urlscan.io logo urlscan.io
SecurityTrails logo

ganda-ljo.com Open in urlscan Pro
18.205.196.133  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://steamaccounts.us/
Effective URL: https://ganda-ljo.com/zclkredirect?visitid=5ac03965-2d2d-11ef-96c2-0affd6821825&type=js&browserWidth=1600&browserHeigh...
Submission: On June 18 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 4 HTTP transactions. The main IP is 18.205.196.133, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is ganda-ljo.com. The Cisco Umbrella rank of the primary domain is 584520.
TLS certificate: Issued by Amazon RSA 2048 M01 on September 12th 2023. Valid for: a year.
This is the only time ganda-ljo.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 162.210.196.166 30633 (LEASEWEB-...)
2 18.205.196.133 14618 (AMAZON-AES)
4 3
Apex Domain
Subdomains		 Transfer
2 ganda-ljo.com
ganda-ljo.com — Cisco Umbrella Rank: 584520
4 KB
2 steamaccounts.us
steamaccounts.us
1003 B
0 wpsafeguardinfo.com Failed
wpsafeguardinfo.com Failed
4 3
Domain Requested by
2 ganda-ljo.com steamaccounts.us
ganda-ljo.com
2 steamaccounts.us 1 redirects
0 wpsafeguardinfo.com Failed ganda-ljo.com
4 3

This site contains no links.

Subject Issuer Validity Valid
steamaccounts.us
R3		 2024-05-28 -
2024-08-26		 3 months crt.sh
ganda-ljo.com
Amazon RSA 2048 M01		 2023-09-12 -
2024-10-10		 a year crt.sh

This page contains 1 frames:

Frame: https://wpsafeguardinfo.com/mc-test/0d1cebd36d547554fd8c7cce540454ce/index.php?utm_source=84&utm_campaign=16116768&cid=zr5ac039652d2d11ef96c20affd68218255688e41497e84df2807264fde697ef630829482eb47dd1b921&dom=badious-buzzard_alpha-sap-dexwpxty8_&s=0.030000
Frame ID: 0A7210C30FCABEA016C34E2834611EF3
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://steamaccounts.us/ HTTP 307
    https://steamaccounts.us/ Page URL
  2. https://steamaccounts.us/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MT... HTTP 302
    http://ganda-ljo.com/zclkvisitor/5ac03965-2d2d-11ef-96c2-0affd6821825/72092e88-2c53-401c-b988-51e... HTTP 307
    https://ganda-ljo.com/zclkvisitor/5ac03965-2d2d-11ef-96c2-0affd6821825/72092e88-2c53-401c-b988-51e... Page URL
  3. https://ganda-ljo.com/zclkredirect?visitid=5ac03965-2d2d-11ef-96c2-0affd6821825&type=js&browserWid... Page URL

Page Statistics

4
Requests

75 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

5 kB
Transfer

4 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://steamaccounts.us/ HTTP 307
    https://steamaccounts.us/ Page URL
  2. https://steamaccounts.us/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxODY5MzAyOCwiaWF0IjoxNzE4Njg1ODI4LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydmN2djl1MzdidWtyYWFxaHMxcWQybTYiLCJuYmYiOjE3MTg2ODU4MjgsInRzIjoxNzE4Njg1ODI4ODE4NTQzfQ.RhaKnbOVFHK3b18IAp5Xm1vZa1UpAeaU836SXhVnu1A&sid=5a93539c-2d2d-11ef-ad4a-c45a49171ae8 HTTP 302
    http://ganda-ljo.com/zclkvisitor/5ac03965-2d2d-11ef-96c2-0affd6821825/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=39b2a7b0-6e76-11ee-863f-0a4ababc2193 HTTP 307
    https://ganda-ljo.com/zclkvisitor/5ac03965-2d2d-11ef-96c2-0affd6821825/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=39b2a7b0-6e76-11ee-863f-0a4ababc2193 Page URL
  3. https://ganda-ljo.com/zclkredirect?visitid=5ac03965-2d2d-11ef-96c2-0affd6821825&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC-10%3A00&timezoneName=Pacific%2FHonolulu Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://steamaccounts.us/ HTTP 307
  • https://steamaccounts.us/
Request Chain 1
  • https://steamaccounts.us/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxODY5MzAyOCwiaWF0IjoxNzE4Njg1ODI4LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydmN2djl1MzdidWtyYWFxaHMxcWQybTYiLCJuYmYiOjE3MTg2ODU4MjgsInRzIjoxNzE4Njg1ODI4ODE4NTQzfQ.RhaKnbOVFHK3b18IAp5Xm1vZa1UpAeaU836SXhVnu1A&sid=5a93539c-2d2d-11ef-ad4a-c45a49171ae8 HTTP 302
  • http://ganda-ljo.com/zclkvisitor/5ac03965-2d2d-11ef-96c2-0affd6821825/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=39b2a7b0-6e76-11ee-863f-0a4ababc2193 HTTP 307
  • https://ganda-ljo.com/zclkvisitor/5ac03965-2d2d-11ef-96c2-0affd6821825/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=39b2a7b0-6e76-11ee-863f-0a4ababc2193

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
steamaccounts.us/
Redirect Chain
  • http://steamaccounts.us/
  • https://steamaccounts.us/
478 B
760 B 		Document
General
Check archive.org
Download Go to
Full URL
https://steamaccounts.us/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.210.196.166 Washington, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
Cowboy /
Resource Hash

Request headers

Accept-Language
en-US,en;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control
max-age=0, private, must-revalidate
content-length
478
content-type
text/html; charset=utf-8
date
Tue, 18 Jun 2024 04:43:48 GMT
server
Cowboy

Redirect headers

Location
https://steamaccounts.us/
Non-Authoritative-Reason
HttpsUpgrades
72092e88-2c53-401c-b988-51ef43ce1034
ganda-ljo.com/zclkvisitor/5ac03965-2d2d-11ef-96c2-0affd6821825/
Redirect Chain
  • https://steamaccounts.us/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxODY5MzAyOCwiaWF0IjoxNzE4Njg1ODI4LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydmN2djl1MzdidWtyYWFxaH...
  • http://ganda-ljo.com/zclkvisitor/5ac03965-2d2d-11ef-96c2-0affd6821825/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=39b2a7b0-6e76-11ee-863f-0a4ababc2193
  • https://ganda-ljo.com/zclkvisitor/5ac03965-2d2d-11ef-96c2-0affd6821825/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=39b2a7b0-6e76-11ee-863f-0a4ababc2193
3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ganda-ljo.com/zclkvisitor/5ac03965-2d2d-11ef-96c2-0affd6821825/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=39b2a7b0-6e76-11ee-863f-0a4ababc2193
Requested by
Host: steamaccounts.us
URL: https://steamaccounts.us/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.205.196.133 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-205-196-133.compute-1.amazonaws.com
Software
/
Resource Hash
8c87ae6f148662b553ae7c33b30c9ca8fab900c56bf38c5e68e9c947118d8549
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Accept-Language
en-US,en;q=0.9;q=0.9
Referer
https://steamaccounts.us/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"
sec-ch-ua-platform-version
"10.0.0"

Response headers

access-control-allow-headers
X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
*
cache-control
no-store, no-cache, pre-check=0, post-check=0
content-length
2732
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
content-type
text/html;charset=UTF-8
date
Tue, 18 Jun 2024 04:43:49 GMT
x-content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
x-webkit-csp
default-src 'self'; script-src 'self' 'unsafe-inline'

Redirect headers

Location
https://ganda-ljo.com/zclkvisitor/5ac03965-2d2d-11ef-96c2-0affd6821825/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=39b2a7b0-6e76-11ee-863f-0a4ababc2193
Non-Authoritative-Reason
HttpsUpgrades
Primary Request zclkredirect
ganda-ljo.com/ 		692 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ganda-ljo.com/zclkredirect?visitid=5ac03965-2d2d-11ef-96c2-0affd6821825&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC-10%3A00&timezoneName=Pacific%2FHonolulu
Requested by
Host: ganda-ljo.com
URL: https://ganda-ljo.com/zclkvisitor/5ac03965-2d2d-11ef-96c2-0affd6821825/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=39b2a7b0-6e76-11ee-863f-0a4ababc2193
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.205.196.133 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-205-196-133.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Accept-Language
en-US,en;q=0.9;q=0.9
Referer
https://ganda-ljo.com/zclkvisitor/5ac03965-2d2d-11ef-96c2-0affd6821825/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=39b2a7b0-6e76-11ee-863f-0a4ababc2193
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-headers
X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
*
cache-control
no-store, no-cache, pre-check=0, post-check=0
content-length
692
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
content-type
text/html;charset=UTF-8
date
Tue, 18 Jun 2024 04:43:49 GMT
redirected
JS
x-content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
x-webkit-csp
default-src 'self'; script-src 'self' 'unsafe-inline'
index.php
wpsafeguardinfo.com/mc-test/0d1cebd36d547554fd8c7cce540454ce/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
wpsafeguardinfo.com
URL
https://wpsafeguardinfo.com/mc-test/0d1cebd36d547554fd8c7cce540454ce/index.php?utm_source=84&utm_campaign=16116768&cid=zr5ac039652d2d11ef96c20affd68218255688e41497e84df2807264fde697ef630829482eb47dd1b921&dom=badious-buzzard_alpha-sap-dexwpxty8_&s=0.030000

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence

1 Cookies

Domain/Path Name / Value
.steamaccounts.us/ Name: sid
Value: 5a93539c-2d2d-11ef-ad4a-c45a49171ae8

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ganda-ljo.com
steamaccounts.us
wpsafeguardinfo.com
wpsafeguardinfo.com
162.210.196.166
18.205.196.133
8c87ae6f148662b553ae7c33b30c9ca8fab900c56bf38c5e68e9c947118d8549