tj-account.bjinternetcourt.gov.cn
Open in
urlscan Pro
219.232.205.155
Malicious Activity!
Public Scan
Submission: On February 06 via automatic, source certstream-suspicious — Scanned from DE
Summary
TLS certificate: Issued by Encryption Everywhere DV TLS CA - G1 on June 7th 2021. Valid for: a year.
This is the only time tj-account.bjinternetcourt.gov.cn was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Email (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 219.232.205.155 219.232.205.155 | 18239 (CAPNET-AS...) (CAPNET-AS-AP Beijing Capital Public Information Platform) | |
10 | 79.133.177.252 79.133.177.252 | 24429 (TAOBAO Zh...) (TAOBAO Zhejiang Taobao Network Co.) | |
1 | 47.246.23.254 47.246.23.254 | 24429 (TAOBAO Zh...) (TAOBAO Zhejiang Taobao Network Co.) | |
2 | 218.94.207.228 218.94.207.228 | 140292 (CHINATELE...) (CHINATELECOM-JIANGSU-SUZHOU-5G-NETWORK CHINATELECOM Jiangsu province Suzhou 5G network) | |
1 | 2408:4001:f00... 2408:4001:f00::2f | 37963 (CNNIC-ALI...) (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.) | |
15 | 5 |
ASN18239 (CAPNET-AS-AP Beijing Capital Public Information Platform, CN)
tj-account.bjinternetcourt.gov.cn |
ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN)
g.alicdn.com | |
img.alicdn.com |
ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN)
retcode.alicdn.com |
ASN140292 (CHINATELECOM-JIANGSU-SUZHOU-5G-NETWORK CHINATELECOM Jiangsu province Suzhou 5G network, CN)
s23.cnzz.com | |
c.cnzz.com |
ASN37963 (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN)
z12.cnzz.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
alicdn.com
g.alicdn.com — Cisco Umbrella Rank: 6571 retcode.alicdn.com — Cisco Umbrella Rank: 18923 img.alicdn.com — Cisco Umbrella Rank: 8363 |
111 KB |
3 |
cnzz.com
s23.cnzz.com — Cisco Umbrella Rank: 124845 c.cnzz.com — Cisco Umbrella Rank: 20060 z12.cnzz.com — Cisco Umbrella Rank: 42982 |
5 KB |
1 |
bjinternetcourt.gov.cn
tj-account.bjinternetcourt.gov.cn |
3 KB |
15 | 3 |
Domain | Requested by | |
---|---|---|
8 | g.alicdn.com |
tj-account.bjinternetcourt.gov.cn
g.alicdn.com |
2 | img.alicdn.com |
g.alicdn.com
tj-account.bjinternetcourt.gov.cn |
1 | z12.cnzz.com |
tj-account.bjinternetcourt.gov.cn
|
1 | c.cnzz.com |
s23.cnzz.com
|
1 | s23.cnzz.com |
tj-account.bjinternetcourt.gov.cn
|
1 | retcode.alicdn.com |
tj-account.bjinternetcourt.gov.cn
|
1 | tj-account.bjinternetcourt.gov.cn | |
15 | 7 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.cnzz.com |
www.google.cn |
Subject Issuer | Validity | Valid | |
---|---|---|---|
tj-account.bjinternetcourt.gov.cn Encryption Everywhere DV TLS CA - G1 |
2021-06-07 - 2022-06-07 |
a year | crt.sh |
*.alicdn.com GlobalSign Organization Validation CA - SHA256 - G2 |
2021-07-03 - 2022-08-04 |
a year | crt.sh |
*.cnzz.com GlobalSign Organization Validation CA - SHA256 - G2 |
2022-01-11 - 2023-02-12 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://tj-account.bjinternetcourt.gov.cn/
Frame ID: D7976CDD3A50A9A5C74A107070B230D6
Requests: 15 HTTP requests in this frame
Screenshot
Page Title
统一账号中心Detected technologies
CNZZ (Analytics) ExpandDetected patterns
- //[^./]+\.cnzz\.com/(?:z_stat.php|core)\?
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: 站长统计
Search URL Search Domain Scan URL
Title: Google Chrome
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
tj-account.bjinternetcourt.gov.cn/ |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.css
g.alicdn.com/onlineCourt/account/1.0.38/ |
18 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
g.alicdn.com/code/lib/ |
149 KB 58 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
template-debug.js
g.alicdn.com/onlineCourt/static/0.6.108/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
g.alicdn.com/onlineCourt/account/1.0.38/ |
41 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bl.js
retcode.alicdn.com/retcode/ |
41 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
z_stat.php
s23.cnzz.com/ |
11 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
account-info~bind~certification~certification-mobile~entry~entry-login~forgot-pwd~login~register~res~f88ee34c.css
g.alicdn.com/onlineCourt/account/1.0.38/ |
2 KB 1020 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
account-info~bind~certification~certification-mobile~entry~entry-login~forgot-pwd~login~register~res~f88ee34c.js
g.alicdn.com/onlineCourt/account/1.0.38/ |
25 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login.css
g.alicdn.com/onlineCourt/account/1.0.38/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login.js
g.alicdn.com/onlineCourt/account/1.0.38/ |
19 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
TB1cO._g0Tfau8jSZFwXXX1mVXa-128-128.png
img.alicdn.com/tfs/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
O1CN01HH42Vq1Qu4fiCxLKu_!!6000000002035-55-tps-10-10.svg
img.alicdn.com/imgextra/i3/ |
194 B 493 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
core.php
c.cnzz.com/ |
970 B 906 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
stat.htm
z12.cnzz.com/ |
2 B 123 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Email (Online)26 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| KJUR object| Hex object| Base64 function| ASN1 function| JSEncrypt function| template string| assetsLink object| akanConfig string| alipay_iframe_url object| __bl function| BrowserLogger boolean| __hasInitBlSdk string| cnzz_protocol function| initAppVersion object| webpackJsonp boolean| isSupportPlaceholder boolean| ieVersion boolean| isMobile object| jQuery111209612423566896364 object| _cz_loaded string| _cz_account object| _czc object| _CNZZDbridge_1278108394 object| cnzz_image_3394277754 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
tj-account.bjinternetcourt.gov.cn/ | Name: HOLDONKEY Value: Y2JmY2ZiZGQtODcwMS00ODE1LWEyYzQtZWYzYjY0NzIxODI2 |
|
.bjinternetcourt.gov.cn/ | Name: UM_distinctid Value: 17ece3b2433c87-02598fa37c0d9-f791b31-1d4c00-17ece3b2434bf6 |
|
tj-account.bjinternetcourt.gov.cn/ | Name: CNZZDATA1278108394 Value: 1497910450-1644135155-%7C1644135155 |
|
tj-account.bjinternetcourt.gov.cn/ | Name: _bl_uid Value: nLkhLzOmbLa1aa0hFfX0isjtwO34 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
c.cnzz.com
g.alicdn.com
img.alicdn.com
retcode.alicdn.com
s23.cnzz.com
tj-account.bjinternetcourt.gov.cn
z12.cnzz.com
218.94.207.228
219.232.205.155
2408:4001:f00::2f
47.246.23.254
79.133.177.252
40fc02bd3b3bbc3f47c2ea6eface88531572ea86ac5a4cab7e3b54d93556bb8b
466507c5f198c09ff1cef9b7bd912eeb6f7122db891b3c57ce119bef86d71596
55cc780f4b8e6b3e3a19b3492db5164e1b416476f727e45bbfdc87c571765f34
570aab793bfde2a168251517bd836d4ed863e57d8df7513997395490ddd8ec0d
5d6b13702e50cf97c4e40ed5da1d2e7bfb44337b887395ba4a73686622d051a4
7008dc6cbc94546f463d063d06e24c2f5f23bf069299f77fa24ca83c9c05fdda
7973d83a75e94c1f6f2da4f4d0a3622fda496e0eca018f8b54401408067144cc
80e16fad0cc3d626048101ee314b7793671d7c9b518fd888f1f4628bdce7e305
a5260bf25faef3e1d6ae291361ecb5fb7c62ee9d842b51b9fd6eeca8cacaeadd
caa17208ba4e8fc27121fb29036b6f39ae9d31778a453df5ed9f32cba2bf3197
cf5c311cfcc2183fb1bacb5542fa1cbb38e9868fa215a167b03636ccb1ce5cd4
d04d2368800e961dcc302fda0281ee800b79a1732ff345048490bb942cd6c90a
e2631f9a7d8d4d44f6d6dbe6d30327e5ffbadfa87e1d429c662258f9a09fc626
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f2869e89e1ec1ae8b1724edf82e95f179e8834dd49b0297725236103ef72af4f