urlscan.io logo urlscan.io
SecurityTrails logo

yemaozi999.buzz Open in urlscan Pro
2a06:98c1:3121::3  Public Scan

Go To Rescan Add Verdict Report
URL: https://yemaozi999.buzz/html/28.html
Submission Tags: @ecarlesi possiblethreat #phishing Search All
Submission: On October 12 via api from AU — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 7 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is yemaozi999.buzz.
TLS certificate: Issued by GTS CA 1P5 on October 11th 2023. Valid for: 3 months.
This is the only time yemaozi999.buzz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2a06:98c1:312... 13335 (CLOUDFLAR...)
2 2620:1ec:48:1... 8075 (MICROSOFT...)
1 59.63.226.29 134238 (CT-JIANGX...)
1 2 68.219.88.97 8075 (MICROSOFT...)
1 1 2620:1ec:c11:... 8068 (MICROSOFT...)
1 20.231.53.73 8075 (MICROSOFT...)
7 5
2    2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)
yemaozi999.buzz
2    2620:1ec:48:1::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.clarity.ms
1    59.63.226.29 (Nanchang, China)

ASN134238 (CT-JIANGXI-IDC CHINANET Jiangx province IDC network, CN)
www.aqniu.com
2    68.219.88.97 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.clarity.ms
1    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.bing.com
1    20.231.53.73 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
q.clarity.ms
Apex Domain
Subdomains		 Transfer
5 clarity.ms
www.clarity.ms — Cisco Umbrella Rank: 998
c.clarity.ms — Cisco Umbrella Rank: 1548
q.clarity.ms — Cisco Umbrella Rank: 7704
22 KB
2 yemaozi999.buzz
yemaozi999.buzz
13 KB
1 bing.com
c.bing.com — Cisco Umbrella Rank: 257
765 B
1 aqniu.com
www.aqniu.com
337 KB
7 4
Domain Requested by
2 c.clarity.ms 1 redirects
2 www.clarity.ms yemaozi999.buzz
www.clarity.ms
2 yemaozi999.buzz yemaozi999.buzz
1 q.clarity.ms www.clarity.ms
1 c.bing.com 1 redirects
1 www.aqniu.com yemaozi999.buzz
7 6

This site contains no links.

Subject Issuer Validity Valid
yemaozi999.buzz
GTS CA 1P5		 2023-10-11 -
2024-01-09		 3 months crt.sh
www.clarity.ms
DigiCert TLS RSA SHA256 2020 CA1		 2023-08-29 -
2024-08-29		 a year crt.sh
*.aqniu.com
Xcc Trust DV SSL CA		 2023-04-14 -
2024-05-13		 a year crt.sh
a.clarity.ms
Microsoft Azure TLS Issuing CA 06		 2023-02-13 -
2024-02-08		 a year crt.sh

This page contains 1 frames:

Primary Page: https://yemaozi999.buzz/html/28.html
Frame ID: BF2AF609F06A2F79018D0B0539842582
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

夜猫子导航,免费收录福利导航,常见的php一句话木马大全,常见webshell流量特征

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/

Page Statistics

7
Requests

86 %
HTTPS

50 %
IPv6

4
Domains

6
Subdomains

5
IPs

3
Countries

372 kB
Transfer

430 kB
Size

11
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://c.clarity.ms/c.gif HTTP 302
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=D962A6F9AA3541D7B508DE38AE0A670F&RedC=c.clarity.ms&MXFR=1E59D9F9A1D96BED196DCA51A5D965CE HTTP 302
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=D962A6F9AA3541D7B508DE38AE0A670F&MUID=3B20E16DDF6667B0306BF2C5DE2E66D0

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 28.html
yemaozi999.buzz/html/ 		27 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://yemaozi999.buzz/html/28.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4bf286355a0c195c3b818bb7ffb7b304168f4fa9462ad8beb4280f2d35eaa9a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
814d7ded9e310be1-AMS
content-encoding
br
content-type
text/html
date
Thu, 12 Oct 2023 07:05:00 GMT
last-modified
Wed, 02 Aug 2023 14:50:44 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6vLQkbExn5okAsTfOCmHZnEKK65eGJo9VmM6f8OqGT1c1eWlXAhhHVU%2Ft8sCPL%2Ffak1Mi6yBHqVOHg6PY7roXb0Jbe2L5uRnAb8ihWtURyJ3tIU98IMBuxD3czUZ69KRAfl51Txh3RGw9YiUCGw%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
mains.css
yemaozi999.buzz/css/ 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://yemaozi999.buzz/css/mains.css
Requested by
Host: yemaozi999.buzz
URL: https://yemaozi999.buzz/html/28.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd37b3334daccb3063dcffadc4373c4851037a97f326b47a057387267a834c06

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://yemaozi999.buzz/html/28.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Thu, 12 Oct 2023 07:05:00 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 02 Jun 2023 16:43:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
5305
etag
W/"647a1c46-1d01"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DqujqRRbgiPGD6AKqlCjmPBB4qWfc20K3AFImu8ZidIVollLFONXZ32eKnzr4p2jXQWAUTVXY5e8cP9nN4u0AruPfO4iDt%2FsEhpQN27DE1%2Fuw37GtH9nIxO164abeOdZ%2F0O38YbAU9fsqZjPX40%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=43200
cf-ray
814d7df038190be1-AMS
alt-svc
h3=":443"; ma=86400
expires
Thu, 12 Oct 2023 17:36:34 GMT
i8z2mapj31
www.clarity.ms/tag/ 		719 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/tag/i8z2mapj31
Requested by
Host: yemaozi999.buzz
URL: https://yemaozi999.buzz/html/28.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:48:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
6f1eb8ad0acc0dd73b1d3d1be85df8079b9159efc5d2e4464ce8504a2192dd77

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://yemaozi999.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

request-context
appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78
date
Thu, 12 Oct 2023 07:04:59 GMT
x-azure-ref
0nJonZQAAAABZAE/H2vwqRKUz5roOULzMTE9OMjEyMDUwNzE2MDI1ADZjZmJlZWUwLTUwMjctNDg0Yi04OTY3LTRhMjlhZjc3ZjFlMQ==
x-cache
CONFIG_NOCACHE
content-type
application/x-javascript
cache-control
no-cache, no-store
content-length
719
expires
-1
image003-1024x633.png
www.aqniu.com/wp-content/uploads/2022/02/ 		336 KB
337 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.aqniu.com/wp-content/uploads/2022/02/image003-1024x633.png
Requested by
Host: yemaozi999.buzz
URL: https://yemaozi999.buzz/html/28.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
59.63.226.29 Nanchang, China, ASN134238 (CT-JIANGXI-IDC CHINANET Jiangx province IDC network, CN),
Reverse DNS
Software
/
Resource Hash
6493d389b5f2b17a2e4c408337327f7c04074ea03becaa4041bbf0511e7ef766

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://yemaozi999.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date
Thu, 12 Oct 2023 07:05:02 GMT
Last-Modified
Tue, 08 Feb 2022 07:26:37 GMT
ETag
"62021b2d-54156"
X-Via-JSL
8b19e79,-
X-Cache
bypass
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
344406
Expires
Sat, 11 Nov 2023 07:05:01 GMT
clarity.js
www.clarity.ms/s/0.7.12/ 		58 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/s/0.7.12/clarity.js
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/tag/i8z2mapj31
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:48:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
977a886e5d9068b3ed8dde6e511ca22ccf44cbed7fb881d0b8b74619fe462e21

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://yemaozi999.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Thu, 12 Oct 2023 07:05:00 GMT
content-encoding
br
last-modified
Tue, 10 Oct 2023 09:01:50 GMT
x-azure-ref-originshield
0JHMmZQAAAADchb41vBakQqHWfLEjwgAPTE9OMjFFREdFMTYwNgA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
etag
"0x8DBC96F8A8B290C"
x-azure-ref
0nJonZQAAAAAllyw6FpPpRIETYrSI4fXoTE9OMjEyMDUwNzE2MDI1ADZjZmJlZWUwLTUwMjctNDg0Yi04OTY3LTRhMjlhZjc3ZjFlMQ==
x-cache
TCP_HIT
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
x-ms-request-id
bab72436-801e-003a-597b-fb34a3000000
cache-control
public, max-age=86400
x-ms-version
2018-03-28
accept-ranges
bytes
c.gif
c.clarity.ms/
Redirect Chain
  • https://c.clarity.ms/c.gif
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=D962A6F9AA3541D7B508DE38AE0A670F&RedC=c.clarity.ms&MXFR=1E59D9F9A1D96BED196DCA51A5D965CE
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=D962A6F9AA3541D7B508DE38AE0A670F&MUID=3B20E16DDF6667B0306BF2C5DE2E66D0
42 B
444 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=D962A6F9AA3541D7B508DE38AE0A670F&MUID=3B20E16DDF6667B0306BF2C5DE2E66D0
Protocol
H2
Server
68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://yemaozi999.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 12 Oct 2023 07:04:59 GMT
last-modified
Wed, 30 Aug 2023 19:01:41 GMT
server
Microsoft-IIS/10.0
etag
"8d59566974dbd91:0"
x-powered-by
ASP.NET
content-type
image/gif
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-length
42

Redirect headers

pragma
no-cache
date
Thu, 12 Oct 2023 07:05:00 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 95D07DDFF5174159AD0E0F9A67AAF2B2 Ref B: BRU30EDGE0915 Ref C: 2023-10-12T07:05:00Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=D962A6F9AA3541D7B508DE38AE0A670F&MUID=3B20E16DDF6667B0306BF2C5DE2E66D0
cache-control
private, no-cache, proxy-revalidate, no-store
content-length
0
collect
q.clarity.ms/ 		0
295 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://q.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.12/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.231.53.73 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://yemaozi999.buzz/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://yemaozi999.buzz
Date
Thu, 12 Oct 2023 07:05:01 GMT
Access-Control-Allow-Credentials
true
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| clarity

11 Cookies

Domain/Path Name / Value
www.clarity.ms/ Name: CLID
Value: 9cb511ca7ab34994915f288622e318a3.20231012.20241011
.yemaozi999.buzz/ Name: _clck
Value: h26uzg|2|ffs|0|1380
.bing.com/ Name: MUID
Value: 3B20E16DDF6667B0306BF2C5DE2E66D0
.c.bing.com/ Name: MR
Value: 0
.c.bing.com/ Name: SRM_B
Value: 3B20E16DDF6667B0306BF2C5DE2E66D0
.c.clarity.ms/ Name: SM
Value: C
.clarity.ms/ Name: MUID
Value: 3B20E16DDF6667B0306BF2C5DE2E66D0
.c.clarity.ms/ Name: MR
Value: 0
.c.clarity.ms/ Name: ANONCHK
Value: 0
.yemaozi999.buzz/ Name: _clsk
Value: duq0if|1697094301094|1|1|q.clarity.ms/collect
www.aqniu.com/ Name: __jsluid_s
Value: 00721d32dc5043553fe4761f83676f48