![](/screenshots/9650017d-1167-4108-9a08-707e41672356.png)
yemaozi999.buzz
Open in
urlscan Pro
2a06:98c1:3121::3
Public Scan
Submission Tags: @ecarlesi possiblethreat #phishing Search All
Submission: On October 12 via api from AU — Scanned from NL
Summary
TLS certificate: Issued by GTS CA 1P5 on October 11th 2023. Valid for: 3 months.
This is the only time yemaozi999.buzz was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2620:1ec:48:1... 2620:1ec:48:1::45 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 59.63.226.29 59.63.226.29 | 134238 (CT-JIANGX...) (CT-JIANGXI-IDC CHINANET Jiangx province IDC network) | |
1 2 | 68.219.88.97 68.219.88.97 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 1 | 2620:1ec:c11:... 2620:1ec:c11::200 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 20.231.53.73 20.231.53.73 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
7 | 5 |
ASN134238 (CT-JIANGXI-IDC CHINANET Jiangx province IDC network, CN)
www.aqniu.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
clarity.ms
1 redirects
www.clarity.ms — Cisco Umbrella Rank: 998 c.clarity.ms — Cisco Umbrella Rank: 1548 q.clarity.ms — Cisco Umbrella Rank: 7704 |
22 KB |
2 |
yemaozi999.buzz
yemaozi999.buzz |
13 KB |
1 |
bing.com
1 redirects
c.bing.com — Cisco Umbrella Rank: 257 |
765 B |
1 |
aqniu.com
www.aqniu.com |
337 KB |
7 | 4 |
Domain | Requested by | |
---|---|---|
2 | c.clarity.ms | 1 redirects |
2 | www.clarity.ms |
yemaozi999.buzz
www.clarity.ms |
2 | yemaozi999.buzz |
yemaozi999.buzz
|
1 | q.clarity.ms |
www.clarity.ms
|
1 | c.bing.com | 1 redirects |
1 | www.aqniu.com |
yemaozi999.buzz
|
7 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
yemaozi999.buzz GTS CA 1P5 |
2023-10-11 - 2024-01-09 |
3 months | crt.sh |
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1 |
2023-08-29 - 2024-08-29 |
a year | crt.sh |
*.aqniu.com Xcc Trust DV SSL CA |
2023-04-14 - 2024-05-13 |
a year | crt.sh |
a.clarity.ms Microsoft Azure TLS Issuing CA 06 |
2023-02-13 - 2024-02-08 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://yemaozi999.buzz/html/28.html
Frame ID: BF2AF609F06A2F79018D0B0539842582
Requests: 7 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 4- https://c.clarity.ms/c.gif HTTP 302
- https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=D962A6F9AA3541D7B508DE38AE0A670F&RedC=c.clarity.ms&MXFR=1E59D9F9A1D96BED196DCA51A5D965CE HTTP 302
- https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=D962A6F9AA3541D7B508DE38AE0A670F&MUID=3B20E16DDF6667B0306BF2C5DE2E66D0
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
28.html
yemaozi999.buzz/html/ |
27 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mains.css
yemaozi999.buzz/css/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
i8z2mapj31
www.clarity.ms/tag/ |
719 B 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
image003-1024x633.png
www.aqniu.com/wp-content/uploads/2022/02/ |
336 KB 337 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clarity.js
www.clarity.ms/s/0.7.12/ |
58 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
c.gif
c.clarity.ms/ Redirect Chain
|
42 B 444 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
collect
q.clarity.ms/ |
0 295 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| clarity11 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.clarity.ms/ | Name: CLID Value: 9cb511ca7ab34994915f288622e318a3.20231012.20241011 |
|
.yemaozi999.buzz/ | Name: _clck Value: h26uzg|2|ffs|0|1380 |
|
.bing.com/ | Name: MUID Value: 3B20E16DDF6667B0306BF2C5DE2E66D0 |
|
.c.bing.com/ | Name: MR Value: 0 |
|
.c.bing.com/ | Name: SRM_B Value: 3B20E16DDF6667B0306BF2C5DE2E66D0 |
|
.c.clarity.ms/ | Name: SM Value: C |
|
.clarity.ms/ | Name: MUID Value: 3B20E16DDF6667B0306BF2C5DE2E66D0 |
|
.c.clarity.ms/ | Name: MR Value: 0 |
|
.c.clarity.ms/ | Name: ANONCHK Value: 0 |
|
.yemaozi999.buzz/ | Name: _clsk Value: duq0if|1697094301094|1|1|q.clarity.ms/collect |
|
www.aqniu.com/ | Name: __jsluid_s Value: 00721d32dc5043553fe4761f83676f48 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
c.bing.com
c.clarity.ms
q.clarity.ms
www.aqniu.com
www.clarity.ms
yemaozi999.buzz
20.231.53.73
2620:1ec:48:1::45
2620:1ec:c11::200
2a06:98c1:3121::3
59.63.226.29
68.219.88.97
4bf286355a0c195c3b818bb7ffb7b304168f4fa9462ad8beb4280f2d35eaa9a4
6493d389b5f2b17a2e4c408337327f7c04074ea03becaa4041bbf0511e7ef766
6f1eb8ad0acc0dd73b1d3d1be85df8079b9159efc5d2e4464ce8504a2192dd77
977a886e5d9068b3ed8dde6e511ca22ccf44cbed7fb881d0b8b74619fe462e21
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
dd37b3334daccb3063dcffadc4373c4851037a97f326b47a057387267a834c06
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855