midasbuyofficial.com Open in urlscan Pro
2606:4700:3030::ac43:d8cc Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://midasbuyofficial.com/
Effective URL:
https://midasbuyofficial.com/
Submission: On May 20 via api (May 20th 2023, 6:12:11 am UTC) from GB — Scanned from GB

Summary HTTP 109 Redirects Behaviour Indicators

Summary

This website contacted 15 IPs in 6 countries across 13 domains to perform 109 HTTP transactions. The main IP is 2606:4700:3030::ac43:d8cc, located in United States and belongs to CLOUDFLARENET, US. The main domain is midasbuyofficial.com.
TLS certificate: Issued by GTS CA 1P5 on April 5th 2023. Valid for: 3 months.

This is the only time midasbuyofficial.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Gaming (Entertainment)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3037::6815:260c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	2606:4700:303... 2606:4700:3030::ac43:d8cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42::485 2a04:4e42::485	54113 (FASTLY) (FASTLY)
11	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
58	101.33.10.29 101.33.10.29	132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building)
1	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:1734	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
2	3.126.195.33 3.126.195.33	16509 (AMAZON-02) (AMAZON-02)
2	162.19.88.69 162.19.88.69	16276 (OVH) (OVH)
1	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba2a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	240e:97c:2f:1... 240e:97c:2f:1003::12	58466 (CT-GUANGZ...) (CT-GUANGZHOU-IDC CHINANET Guangdong province network)
19	43.152.29.38 43.152.29.38	139341 (ACE-AS-AP...) (ACE-AS-AP ACE)
2	129.226.107.210 129.226.107.210	132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building)
109	15

1 2606:4700:3037::6815:260c (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

midasbuyofficial.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3030::ac43:d8cc (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

midasbuyofficial.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

yzhhcprg.updatez.icu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

58 101.33.10.29 (Frankfurt am Main, Germany)

ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)

cdn-go.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.midasbuy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1734 (United States)

ASN13335 (CLOUDFLARENET, US)

site-assets.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.126.195.33 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-195-33.eu-central-1.compute.amazonaws.com

mp.midasbuy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.19.88.69 (France)

ASN16276 (OVH, FR)
PTR: ns3221384.ip-162-19-88.eu

i.postimg.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00::210:ba2a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

www.pubgmobile.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 240e:97c:2f:1003::12 (China)

ASN58466 (CT-GUANGZHOU-IDC CHINANET Guangdong province network, CN)

aegis.qq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 43.152.29.38 (Singapore)

ASN139341 (ACE-AS-AP ACE, SG)

report1.midasbuy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 129.226.107.210 (Central, Hong Kong)

ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)

kepler.captcha.qcloud.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
78	midasbuy.com cdn.midasbuy.com — Cisco Umbrella Rank: 378091 mp.midasbuy.com — Cisco Umbrella Rank: 745968 report1.midasbuy.com — Cisco Umbrella Rank: 350497	5 MB
11	updatez.icu yzhhcprg.updatez.icu	79 KB
4	qq.com aegis.qq.com — Cisco Umbrella Rank: 24839	687 B
4	midasbuyofficial.com 2 redirects midasbuyofficial.com	14 KB
2	qcloud.com kepler.captcha.qcloud.com — Cisco Umbrella Rank: 391527	56 KB
2	postimg.cc i.postimg.cc — Cisco Umbrella Rank: 17824	33 KB
1	pubgmobile.com www.pubgmobile.com — Cisco Umbrella Rank: 41305	74 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	1 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 199	6 KB
1	fontawesome.com site-assets.fontawesome.com — Cisco Umbrella Rank: 68263	80 KB
1	bootstrapcdn.com stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2440	7 KB
1	cdn-go.cn cdn-go.cn — Cisco Umbrella Rank: 29725	21 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 344	23 KB
109	13

	Domain	Requested by
57	cdn.midasbuy.com	yzhhcprg.updatez.icu cdn.midasbuy.com
19	report1.midasbuy.com	yzhhcprg.updatez.icu
11	yzhhcprg.updatez.icu	midasbuyofficial.com yzhhcprg.updatez.icu cdn-go.cn cdn.midasbuy.com
4	aegis.qq.com	cdn-go.cn
4	midasbuyofficial.com	2 redirects midasbuyofficial.com
2	kepler.captcha.qcloud.com	yzhhcprg.updatez.icu cdn-go.cn
2	i.postimg.cc	yzhhcprg.updatez.icu
2	mp.midasbuy.com	yzhhcprg.updatez.icu
1	www.pubgmobile.com	yzhhcprg.updatez.icu
1	fonts.googleapis.com	yzhhcprg.updatez.icu
1	cdnjs.cloudflare.com	yzhhcprg.updatez.icu
1	site-assets.fontawesome.com	yzhhcprg.updatez.icu
1	stackpath.bootstrapcdn.com	yzhhcprg.updatez.icu
1	cdn-go.cn	yzhhcprg.updatez.icu
1	cdn.jsdelivr.net	midasbuyofficial.com
109	15

This site contains no links.

Subject Issuer	Validity	Valid
*.midasbuyofficial.com GTS CA 1P5	`2023-04-05` - `2023-07-04`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-23` - `2024-01-24`	a year	crt.sh
updatez.icu GTS CA 1P5	`2023-05-04` - `2023-08-02`	3 months	crt.sh
weixin.qq.com DigiCert Secure Site CN CA G3	`2023-05-11` - `2024-05-28`	a year	crt.sh
*.midasbuy.com DigiCert Secure Site CN CA G3	`2023-04-11` - `2024-05-11`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-12-30` - `2023-12-30`	a year	crt.sh
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-22` - `2023-12-23`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
postimg.cc R3	`2023-04-19` - `2023-07-18`	3 months	crt.sh
wetv.acc.qq.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-19` - `2023-11-22`	a year	crt.sh
aegis.qq.com DigiCert Secure Site CN CA G3	`2023-03-08` - `2024-04-07`	a year	crt.sh
apr02-2023-1.ias.qcloud.com DigiCert Secure Site CN CA G3	`2023-04-01` - `2024-04-02`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://midasbuyofficial.com/
Frame ID: E31701A3E81CF2D6C3C4AAD0BEFFF84A
Requests: 3 HTTP requests in this frame

Frame: https://yzhhcprg.updatez.icu/SCPASANGDISINI/
Frame ID: 4DDCE31B1A83DDBEC53FDC7191ECB3EE
Requests: 122 HTTP requests in this frame

Frame: https://yzhhcprg.updatez.icu/apps/login/home/ot?hidePop=1
Frame ID: 70C5C8030F6DCA9E67C70EDA6091C60D
Requests: 1 HTTP requests in this frame

Frame: https://yzhhcprg.updatez.icu/receivemsg?buy_type_key=CURRENT_BUY_ITEM_SAVE_page_07838953556726913
Frame ID: E87D65A2C9A13F4F08E1D78B49892664
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

PUBG Mobile - Midasbuy

Page URL History Show full URLs

http://midasbuyofficial.com/ HTTP 301
https://midasbuyofficial.com/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

109
Requests

96 %
HTTPS

67 %
IPv6

13
Domains

15
Subdomains

15
IPs

6
Countries

5296 kB
Transfer

7817 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://midasbuyofficial.com/ HTTP 301
https://midasbuyofficial.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://midasbuyofficial.com/cdn-cgi/challenge-platform/h/g/scripts/invisible.js?ts=1651633200 HTTP 302
https://midasbuyofficial.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/7fe8adc8/invisible.js?ts=1651633200

109 HTTP transactions
19 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
midasbuyofficial.com/
Redirect Chain

http://midasbuyofficial.com/
https://midasbuyofficial.com/

1 KB
1 KB

158ms
88ms

Document
text/html

2606:4700:3030::ac43:d8cc
CLOUDFLARENET

General

Source	Level	URL Text
rendering	warning	URL: https://midasbuyofficial.com/(Line 11) Message: The key "" is not recognized and ignored.
network	error	Message: A bad HTTP response code (404) was received when fetching the script.
network	error	URL: https://yzhhcprg.updatez.icu/interface/getLoginInfoV2?encrypt_msg=i9c1yi%2BugEafJppda9yDAGXtgQ7qPg9Y5I6Xv6KCWVA%3D&ctoken_ver=1.0.1&ctoken=d356f0bae5ca9abd01785bf204c57fbcd775c5620d0e24f80fdf59ab34b681638959674f474b5999ba66516ca547b0c7&_r=0.6281872428393649 Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: https://yzhhcprg.updatez.icu/SCPASANGDISINI/(Line 5262) Message: Access to script at 'https://cdn.midasbuy.com/apps/activity/js/api/api.global.js' from origin 'https://yzhhcprg.updatez.icu' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://cdn.midasbuy.com' that is not equal to the supplied origin.
network	error	URL: https://cdn.midasbuy.com/apps/activity/js/api/api.global.js Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://yzhhcprg.updatez.icu/apps/login/home/ot?hidePop=1#login Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://yzhhcprg.updatez.icu/receivemsg?buy_type_key=CURRENT_BUY_ITEM_SAVE_page_07838953556726913 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://yzhhcprg.updatez.icu/interface/queryVipScore Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://yzhhcprg.updatez.icu/apps/activity/api/activity-initialize/many-valid-events?appid=1450015065&country=ot&supportEmbed=1 Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://kepler.captcha.qcloud.com/tencent-kepler.js?appId=9865970 Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu
network	error	URL: https://aegis.qq.com/collect/whitelist?id=xEyy0TQ9LxaDmGDWQg&uin=uv_046123862290262841666404955068&version=1.40.2&aid=4d749616-b76a-496d-8d27-19a716e01a10&env=production&platform=3&netType=4&vp=1600%20%201200&sr=1600%20%201200&sessionId=session-1684563126947&from=https%3A%2F%2Fyzhhcprg.updatez.icu%2FSCPASANGDISINI%2F&referer=https%3A%2F%2Fmidasbuyofficial.com%2F Message: Failed to load resource: the server responded with a status of 403 ()
other	warning	URL: https://kepler.captcha.qcloud.com/tencent-kepler.js?appId=9865970 Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu

midasbuyofficial.com Open in urlscan Pro 2606:4700:3030::ac43:d8cc Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

109 Requests

96 %HTTPS

67 %IPv6

13 Domains

15 Subdomains

15 IPs

6 Countries

5296 kBTransfer

7817 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

109 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 19 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

midasbuyofficial.com Open in urlscan Pro
2606:4700:3030::ac43:d8cc Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

109
Requests

96 %
HTTPS

67 %
IPv6

13
Domains

15
Subdomains

15
IPs

6
Countries

5296 kB
Transfer

7817 kB
Size

0
Cookies

109 HTTP transactions
19 data transactions