mrlong.cc Open in urlscan Pro
146.56.39.55 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://mrlong.cc/wp-content/Basicdd/index.html
Effective URL:
https://mrlong.cc/wp-content/Basicdd/index.html
Submission: On October 18 via automatic, source openphish (October 18th 2023, 1:28:41 pm UTC) — Scanned from DE

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 15 HTTP transactions. The main IP is 146.56.39.55, located in Seoul, Korea, Republic Of and belongs to ORACLE-BMC-31898, US. The main domain is mrlong.cc.
TLS certificate: Issued by Encryption Everywhere DV TLS CA - G1 on April 19th 2023. Valid for: a year.

This is the only time mrlong.cc was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DHL (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 14	146.56.39.55 146.56.39.55	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
1	2606:4700:20:... 2606:4700:20::681a:164	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
15	3

14 146.56.39.55 (Seoul, Korea, Republic Of) 1 redirects

ASN31898 (ORACLE-BMC-31898, US)

mrlong.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:164 (United States)

ASN13335 (CLOUDFLARENET, US)

get.geojs.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	mrlong.cc 1 redirects mrlong.cc	272 KB
1	gstatic.com www.gstatic.com
1	geojs.io get.geojs.io — Cisco Umbrella Rank: 16291	894 B
15	3

	Domain	Requested by
14	mrlong.cc	1 redirects mrlong.cc
1	www.gstatic.com	mrlong.cc
1	get.geojs.io	mrlong.cc
15	3

This site contains no links.

Subject Issuer	Validity	Valid
mrlong.cc Encryption Everywhere DV TLS CA - G1	`2023-04-19` - `2024-04-19`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-11` - `2024-04-10`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://mrlong.cc/wp-content/Basicdd/index.html
Frame ID: 0BECE252234B7EE9F7290546E9D35C99
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

DHL Express

Page URL History Show full URLs

http://mrlong.cc/wp-content/Basicdd/index.html HTTP 301
https://mrlong.cc/wp-content/Basicdd/index.html Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

273 kB
Transfer

354 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://mrlong.cc/wp-content/Basicdd/index.html HTTP 301
https://mrlong.cc/wp-content/Basicdd/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request index.html Show response
mrlong.cc/wp-content/Basicdd/
Redirect Chain

http://mrlong.cc/wp-content/Basicdd/index.html
https://mrlong.cc/wp-content/Basicdd/index.html

5 KB
2 KB

824ms
271ms

Document
text/html

146.56.39.55
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL

https://mrlong.cc/wp-content/Basicdd/index.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.56.39.55 Seoul, Korea, Republic Of, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

nginx /

Resource Hash

6362ab2a344bb85d9a0917e1b8b493e9591a0fdf6fd338ceb08c0a367b835c70

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html
date: Wed, 18 Oct 2023 13:28:35 GMT
etag: W/"652f43ad-126d"
last-modified: Wed, 18 Oct 2023 02:32:13 GMT
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding

Redirect headers

Connection: keep-alive
Content-Length: 162
Content-Type: text/html
Date: Wed, 18 Oct 2023 13:28:34 GMT
Location: https://mrlong.cc/wp-content/Basicdd/index.html
Server: nginx
Strict-Transport-Security: max-age=31536000

GET
H2 200 styles.css
mrlong.cc/wp-content/Basicdd/ 1 KB
707 B 271ms
269ms Stylesheet
text/css 146.56.39.55
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL

https://mrlong.cc/wp-content/Basicdd/styles.css

Requested by

Host: mrlong.cc
URL: https://mrlong.cc/wp-content/Basicdd/index.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.56.39.55 Seoul, Korea, Republic Of, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

nginx /

Resource Hash

a49fbbbd68835c4f4acbf8c1875769502a53bdb788cd34678b1640e8a8e0e740

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mrlong.cc/wp-content/Basicdd/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 13:28:35 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 18 Oct 2023 02:32:13 GMT
server: nginx
etag: W/"652f43ad-525"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=43200
expires: Thu, 19 Oct 2023 01:28:35 GMT

GET
H2 200 Anti.js Show response
mrlong.cc/wp-content/Basicdd/ 4 KB
2 KB 273ms
270ms Script
application/javascript 146.56.39.55
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL

https://mrlong.cc/wp-content/Basicdd/Anti.js

Requested by

Host: mrlong.cc
URL: https://mrlong.cc/wp-content/Basicdd/index.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.56.39.55 Seoul, Korea, Republic Of, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

nginx /

Resource Hash

571b3071e69a410f079b7e393cbb8707702d85a4c929bb14b9edbdd58aef6051

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mrlong.cc/wp-content/Basicdd/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 13:28:35 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 18 Oct 2023 02:32:13 GMT
server: nginx
etag: W/"652f43ad-118b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
expires: Thu, 19 Oct 2023 01:28:35 GMT

GET
H2 404 clear.js
mrlong.cc/wp-content/Basicdd/ 0
0 274ms
272ms Script
text/html 146.56.39.55
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://mrlong.cc/wp-content/Basicdd/clear.js
Requested by: Host: mrlong.cc
URL: https://mrlong.cc/wp-content/Basicdd/index.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 146.56.39.55 Seoul, Korea, Republic Of, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mrlong.cc/wp-content/Basicdd/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 13:28:35 GMT
server: nginx
content-length: 548
content-type: text/html

GET
H2 200 dhl.png
mrlong.cc/wp-content/Basicdd/img/ 2 KB
3 KB 275ms
273ms Image
image/png 146.56.39.55
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mrlong.cc/wp-content/Basicdd/img/dhl.png

Requested by

Host: mrlong.cc
URL: https://mrlong.cc/wp-content/Basicdd/index.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.56.39.55 Seoul, Korea, Republic Of, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

nginx /

Resource Hash

f1623225d55c29bd8661b2329e207d51286142a931725c573505c0bfa5c2198a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mrlong.cc/wp-content/Basicdd/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 13:28:35 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 18 Oct 2023 02:32:13 GMT
server: nginx
etag: "652f43ad-9d0"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 2512
expires: Fri, 17 Nov 2023 13:28:35 GMT

GET
H2 200 static-logo.jpg
mrlong.cc/wp-content/Basicdd/img/ 27 KB
27 KB 393ms
391ms Image
image/jpeg 146.56.39.55
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mrlong.cc/wp-content/Basicdd/img/static-logo.jpg

Requested by

Host: mrlong.cc
URL: https://mrlong.cc/wp-content/Basicdd/index.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.56.39.55 Seoul, Korea, Republic Of, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

nginx /

Resource Hash

fd9249bcb8bf277f4db71cbc03a12f1b39b4da133e4661e3a72be3baf5303623

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mrlong.cc/wp-content/Basicdd/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 13:28:35 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 18 Oct 2023 02:32:13 GMT
server: nginx
etag: "652f43ad-6a6b"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 27243
expires: Fri, 17 Nov 2023 13:28:35 GMT

GET
H2 200 geo.js Show response
get.geojs.io/v1/ip/ 361 B
894 B 95ms
39ms Script
application/javascript 2606:4700:20::681a:164
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://get.geojs.io/v1/ip/geo.js

Requested by

Host: mrlong.cc
URL: https://mrlong.cc/wp-content/Basicdd/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:164 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1da9dd55de03852ed3536b7b7c38d676ee3725e601ba237823b537d8b187bd97

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mrlong.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 13:28:36 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-request-id: 4d17bd5a2ead5c9b3513c2d20020cec3-AMS
x-geojs-location: AMS
pragma: no-cache
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eLCQ9i7YxH0FQb%2FiIFuKagygbSLObSb76kIVMmAbrhNyyCoUG9Khc%2FOLFdxIu%2BlxgWrkuxsnj6Z4q5esLNEKe7PlHDHH%2B7Q0y3u16zx6Xr%2FsN8VwnKzlpyNY4853Bp4LDqfJSS4yt%2BTndA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-store, no-cache, must-revalidate, private, max-age=0
cf-ray: 8181201a18762c51-FRA

GET
H2 200 facebox.css
mrlong.cc/wp-content/Basicdd/javascript/facebox/src/ 1 KB
702 B 296ms
294ms Stylesheet
text/css 146.56.39.55
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL

https://mrlong.cc/wp-content/Basicdd/javascript/facebox/src/facebox.css

Requested by

Host: mrlong.cc
URL: https://mrlong.cc/wp-content/Basicdd/index.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.56.39.55 Seoul, Korea, Republic Of, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

nginx /

Resource Hash

059d4395082c7dfee3b0fba3d74d0cf66c07d549495c95a9bc274db202caf4ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mrlong.cc/wp-content/Basicdd/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 13:28:36 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 18 Oct 2023 02:32:13 GMT
server: nginx
etag: W/"652f43ad-4ce"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=43200
expires: Thu, 19 Oct 2023 01:28:36 GMT

GET
H2 200 jquery-1.6.2.min.js Show response
mrlong.cc/wp-content/Basicdd/javascript/ 89 KB
35 KB 603ms
596ms Script
application/javascript 146.56.39.55
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL

https://mrlong.cc/wp-content/Basicdd/javascript/jquery-1.6.2.min.js

Requested by

Host: mrlong.cc
URL: https://mrlong.cc/wp-content/Basicdd/index.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.56.39.55 Seoul, Korea, Republic Of, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

nginx /

Resource Hash

57cfdf508e90ac2610f2edb6b3f2dc0eac909f34cec632a2eadd39142daad40a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mrlong.cc/wp-content/Basicdd/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 13:28:36 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 18 Oct 2023 02:32:13 GMT
server: nginx
etag: W/"652f43ad-165bd"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
expires: Thu, 19 Oct 2023 01:28:36 GMT

GET
H2 200 facebox.js Show response
mrlong.cc/wp-content/Basicdd/javascript/facebox/src/ 9 KB
3 KB 676ms
669ms Script
application/javascript 146.56.39.55
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL

https://mrlong.cc/wp-content/Basicdd/javascript/facebox/src/facebox.js

Requested by

Host: mrlong.cc
URL: https://mrlong.cc/wp-content/Basicdd/index.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.56.39.55 Seoul, Korea, Republic Of, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

nginx /

Resource Hash

fc1051ff8ece6493b643873b420df97c3cb5037337891450cad3051a9bba1754

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mrlong.cc/wp-content/Basicdd/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 13:28:36 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 18 Oct 2023 02:32:13 GMT
server: nginx
etag: W/"652f43ad-253c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
expires: Thu, 19 Oct 2023 01:28:36 GMT

GET
H2 200 jquery.watermark.js Show response
mrlong.cc/wp-content/Basicdd/javascript/watermark/ 19 KB
7 KB 693ms
687ms Script
application/javascript 146.56.39.55
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL

https://mrlong.cc/wp-content/Basicdd/javascript/watermark/jquery.watermark.js

Requested by

Host: mrlong.cc
URL: https://mrlong.cc/wp-content/Basicdd/index.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.56.39.55 Seoul, Korea, Republic Of, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

nginx /

Resource Hash

016f9cfa001792db7ad2be1e1ea1424cea09f108f68e7efb1caf4c5e65ac1335

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mrlong.cc/wp-content/Basicdd/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 13:28:36 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 18 Oct 2023 02:32:13 GMT
server: nginx
etag: W/"652f43ad-4b1d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
expires: Thu, 19 Oct 2023 01:28:36 GMT

GET
H2 200 javascript1.js Show response
mrlong.cc/wp-content/Basicdd/javascript/ 4 KB
1 KB 702ms
696ms Script
application/javascript 146.56.39.55
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL

https://mrlong.cc/wp-content/Basicdd/javascript/javascript1.js

Requested by

Host: mrlong.cc
URL: https://mrlong.cc/wp-content/Basicdd/index.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.56.39.55 Seoul, Korea, Republic Of, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

nginx /

Resource Hash

31f0268a2b493b5cbcf72d68de7c9f161ae432da3c795aa151f66d30211b3777

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mrlong.cc/wp-content/Basicdd/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 13:28:36 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 18 Oct 2023 02:32:13 GMT
server: nginx
etag: W/"652f43ad-114a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
expires: Thu, 19 Oct 2023 01:28:36 GMT

GET
H2 200 auto.js Show response
mrlong.cc/wp-content/Basicdd/javascript/ 2 KB
1 KB 702ms
697ms Script
application/javascript 146.56.39.55
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL

https://mrlong.cc/wp-content/Basicdd/javascript/auto.js

Requested by

Host: mrlong.cc
URL: https://mrlong.cc/wp-content/Basicdd/index.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.56.39.55 Seoul, Korea, Republic Of, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

nginx /

Resource Hash

545edcd1cd09b93a9f4fbd22e31c40244029d62055fb402398761894f0550d93

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mrlong.cc/wp-content/Basicdd/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 13:28:36 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 18 Oct 2023 02:32:13 GMT
server: nginx
etag: W/"652f43ad-8a6"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
expires: Thu, 19 Oct 2023 01:28:36 GMT

GET
H2 404 recaptcha__de.js
www.gstatic.com/recaptcha/releases/tftmXwdbgCvrXiHxr5HGbIaL/ 0
0 832ms
744ms Script
text/html 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/tftmXwdbgCvrXiHxr5HGbIaL/recaptcha__de.js

Requested by

Host: mrlong.cc
URL: https://mrlong.cc/wp-content/Basicdd/Anti.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mrlong.cc/
Origin: https://mrlong.cc
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 13:28:36 GMT
x-content-type-options: nosniff
server: sffe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1621
x-xss-protection: 0

GET
H2 200 bg.jpg
mrlong.cc/wp-content/Basicdd/img/ 189 KB
189 KB 825ms
822ms Image
image/jpeg 146.56.39.55
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mrlong.cc/wp-content/Basicdd/img/bg.jpg

Requested by

Host: mrlong.cc
URL: https://mrlong.cc/wp-content/Basicdd/styles.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.56.39.55 Seoul, Korea, Republic Of, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

nginx /

Resource Hash

0395076fb9954f3b49953bd564c8eb72de592a50fc89129fc97228a7fb5c75a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mrlong.cc/wp-content/Basicdd/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 13:28:36 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 18 Oct 2023 02:32:13 GMT
server: nginx
etag: "652f43ad-2f299"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 193177
expires: Fri, 17 Nov 2023 13:28:36 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			mrlong.cc/wp-content/Basicdd	1969-12-31 23:59:59	Name: name Value: wert
			mrlong.cc/wp-content/Basicdd	1970-01-21 00:19:31	Name: meincookie Value: meinwert

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://mrlong.cc/wp-content/Basicdd/index.html(Line 6) Message: The value "s" for key "width" is invalid, and has been ignored.
network	error	URL: https://mrlong.cc/wp-content/Basicdd/clear.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.gstatic.com/recaptcha/releases/tftmXwdbgCvrXiHxr5HGbIaL/recaptcha__de.js Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://mrlong.cc/wp-content/Basicdd/index.html Message: Refused to execute script from 'https://www.gstatic.com/recaptcha/releases/tftmXwdbgCvrXiHxr5HGbIaL/recaptcha__de.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

get.geojs.io
mrlong.cc
www.gstatic.com
146.56.39.55
2606:4700:20::681a:164
2a00:1450:4001:82f::2003
016f9cfa001792db7ad2be1e1ea1424cea09f108f68e7efb1caf4c5e65ac1335
0395076fb9954f3b49953bd564c8eb72de592a50fc89129fc97228a7fb5c75a4
059d4395082c7dfee3b0fba3d74d0cf66c07d549495c95a9bc274db202caf4ca
1da9dd55de03852ed3536b7b7c38d676ee3725e601ba237823b537d8b187bd97
31f0268a2b493b5cbcf72d68de7c9f161ae432da3c795aa151f66d30211b3777
545edcd1cd09b93a9f4fbd22e31c40244029d62055fb402398761894f0550d93
571b3071e69a410f079b7e393cbb8707702d85a4c929bb14b9edbdd58aef6051
57cfdf508e90ac2610f2edb6b3f2dc0eac909f34cec632a2eadd39142daad40a
6362ab2a344bb85d9a0917e1b8b493e9591a0fdf6fd338ceb08c0a367b835c70
a49fbbbd68835c4f4acbf8c1875769502a53bdb788cd34678b1640e8a8e0e740
f1623225d55c29bd8661b2329e207d51286142a931725c573505c0bfa5c2198a
fc1051ff8ece6493b643873b420df97c3cb5037337891450cad3051a9bba1754
fd9249bcb8bf277f4db71cbc03a12f1b39b4da133e4661e3a72be3baf5303623

mrlong.cc Open in urlscan Pro 146.56.39.55 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

273 kBTransfer

354 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

18 JavaScript Global Variables

2 Cookies

4 Console Messages

Security Headers

Indicators

mrlong.cc Open in urlscan Pro
146.56.39.55 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

273 kB
Transfer

354 kB
Size

2
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!