URL: https://mg26333.asia/
Submission Tags: phishingrod
Submission: On December 27 via api from DE — Scanned from NL

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 7 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is mg26333.asia.
TLS certificate: Issued by E1 on December 27th 2023. Valid for: 3 months.
This is the only time mg26333.asia was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
3 240e:97d:10:1... 134763 (CT-DONGGU...)
1 2409:8c62:e10... 139080 (CMNET-SCI...)
7 4
Apex Domain
Subdomains
Transfer
3 dlycj.com
dtimg.dlycj.com
gw.mugua.dlycj.com Failed
48 KB
1 11jiaoluo.com
qn.11jiaoluo.com
28 KB
1 mg26333.asia
mg26333.asia
2 KB
7 3
Domain Requested by
3 dtimg.dlycj.com mg26333.asia
1 qn.11jiaoluo.com mg26333.asia
1 mg26333.asia
0 gw.mugua.dlycj.com Failed dtimg.dlycj.com
7 4

This site contains no links.

Subject Issuer Validity Valid
mg26333.asia
E1
2023-12-27 -
2024-03-26
3 months crt.sh
dtimg.dlycj.com
TrustAsia RSA DV TLS CA G3
2023-11-04 -
2024-11-03
a year crt.sh
qn.11jiaoluo.com
TrustAsia RSA DV TLS CA G3
2023-11-04 -
2024-11-03
a year crt.sh

This page contains 1 frames:

Primary Page: https://mg26333.asia/
Frame ID: 90BEEB0EC94EFAFC7DCCDE54B56D0003
Requests: 6 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

7
Requests

71 %
HTTPS

100 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

78 kB
Transfer

426 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
mg26333.asia/
6 KB
2 KB
Document
General
Full URL
https://mg26333.asia/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1ab07fa264268f03bd73350fcd1861010818ddefab20700d30453425d3fa4827
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=0, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
83c0792cb9306931-FRA
content-encoding
br
content-type
text/html; charset=utf-8
date
Wed, 27 Dec 2023 09:17:56 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PJEGTd9sIuO%2Fhy93JwJzWjZ3IuLk1OSLELnH%2ByxfVX7SZPRikUx%2BJQj3uVkgOnIkn140cMGVjsn5uOXXbLQIZ1nM1H6Gv5Cwhq0zKojqIEiSrB6ge3kUIDH55BI%2BAPy9yhv4fp2InDm7W3c%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff
jquery20220830.js
dtimg.dlycj.com/
102 KB
32 KB
Script
General
Full URL
https://dtimg.dlycj.com/jquery20220830.js
Requested by
Host: mg26333.asia
URL: https://mg26333.asia/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
240e:97d:10:1401::40f , China, ASN134763 (CT-DONGGUAN-IDC CHINANET Guangdong province network, CN),
Reverse DNS
Software
openresty /
Resource Hash
44470e711f18fb5e296dd4e3c377dc6e510d2a900dc23e637dfc8c5148a1c39d

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://mg26333.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-log
X-Log
date
Wed, 27 Dec 2023 09:17:58 GMT
content-encoding
gzip
x-svr
IO
content-md5
YuXbghOZYQatItmbsj7UjQ==
age
155076
x-reqid
0NwAAAByUYaYGKQX
content-transfer-encoding
binary
content-disposition
inline; filename="jquery20220830.js"; filename*=utf-8''jquery20220830.js
x-m-reqid
xDubrWG3b
x-m-log
QNM:cdn-cache-dls-gddg1-dg-1;QNM3
last-modified
Tue, 30 Aug 2022 04:27:24 GMT
server
openresty
etag
"FgDS7tDGk5C0Ix3XgyVCjFqpj0AM.gz"
access-control-max-age
2592000
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
X-Log, X-Reqid
cache-control
public, max-age=31536000
accept-ranges
bytes
x-qiniu-zone
2
x-qnm-cache
Hit
20220825_wx_top.png
qn.11jiaoluo.com/
27 KB
28 KB
Image
General
Full URL
https://qn.11jiaoluo.com/20220825_wx_top.png
Requested by
Host: mg26333.asia
URL: https://mg26333.asia/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2409:8c62:e10:5c::b00:90 , China, ASN139080 (CMNET-SCIDC-CN The Internet Data Center of Sichuan Mobile Communication Company Limited, CN),
Reverse DNS
Software
Byte-nginx /
Resource Hash
ccdcc58ad2e9cf3f3dfe5d8d4eea583efdf45a54144bd5f14a7fd30d9a366c29

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://mg26333.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-log
X-Log
date
Wed, 27 Dec 2023 09:17:57 GMT
via
cache15.sccdcm09
x-svr
IO
x-tt-trace-tag
id=5
content-md5
BzinPdUvAkHQQrOQ/9Q5JQ==
age
1218129
x-reqid
Zl4AAAC63FbBUaAX
x-bdcdn-cache-status
TCP_HIT
content-transfer-encoding
binary
content-disposition
inline; filename="20220825_wx_top.png"; filename*=utf-8''20220825_wx_top.png
content-length
27547
x-m-reqid
Cc4AANFej1bBUaAX
x-request-id
ff5b2b0062fefbe1547ddadfcfea83ed
x-m-log
QNM:jf38;SRCPROXY:jf35;SRC:10/304;SRCPROXY:10/304;QNM3:11/304
last-modified
Thu, 25 Aug 2022 15:06:06 GMT
server
Byte-nginx
etag
"FqguHp7A0PFRPYAaSiQ--U0HYC6u"
access-control-max-age
2592000
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-Log, X-Reqid
cache-control
public, max-age=31536000
x-request-ip
2001:1af8:4020:a034:9876::10
x-response-cinfo
2001:1af8:4020:a034:9876::10
accept-ranges
bytes
x-qiniu-zone
2
x-qnm-cache
Miss
x-response-cache
edge_hit
inlogo_20220830.png
dtimg.dlycj.com/
16 KB
16 KB
Image
General
Full URL
https://dtimg.dlycj.com/inlogo_20220830.png
Requested by
Host: mg26333.asia
URL: https://mg26333.asia/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
240e:97d:10:1401::40f , China, ASN134763 (CT-DONGGUAN-IDC CHINANET Guangdong province network, CN),
Reverse DNS
Software
openresty /
Resource Hash
306f038473c7653c83985a42331e0b17a4e58930f35b1ae90c361133359ece81

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://mg26333.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-log
X-Log
date
Wed, 27 Dec 2023 09:17:58 GMT
x-svr
IO
content-md5
3BN0peM7CFyLtucytWhIEg==
age
518470
x-reqid
KnwAAAB7tkcXzqIX
content-transfer-encoding
binary
content-disposition
inline; filename="inlogo_20220830.png"; filename*=utf-8''inlogo_20220830.png
content-length
15922
x-m-reqid
t6V5gZarK
x-m-log
QNM:cdn-cache-dls-gddg1-dg-8;QNM3
last-modified
Tue, 30 Aug 2022 03:00:30 GMT
server
openresty
etag
"FgiiMxsvQJy0286O4AItYMpAFWWC"
access-control-max-age
2592000
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-Log, X-Reqid
cache-control
public, max-age=31536000
accept-ranges
bytes
x-qiniu-zone
2
x-qnm-cache
Hit
20210907_location.png
dtimg.dlycj.com/
275 KB
0
Image
General
Full URL
https://dtimg.dlycj.com/20210907_location.png
Requested by
Host: mg26333.asia
URL: https://mg26333.asia/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
240e:97d:10:1401::40f , China, ASN134763 (CT-DONGGUAN-IDC CHINANET Guangdong province network, CN),
Reverse DNS
Software
openresty /
Resource Hash

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://mg26333.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-log
X-Log
date
Wed, 27 Dec 2023 09:17:59 GMT
x-svr
IO
content-md5
jlFxjp+1qCLQb8MwVuHvWA==
age
1546739
x-reqid
F0UAAADaIOniJp8X
content-transfer-encoding
binary
content-disposition
inline; filename="20210907_location.png"; filename*=utf-8''20210907_location.png
content-length
556739
x-m-reqid
qGqWcEVNJ
x-m-log
QNM:cdn-cache-dls-gddg1-dg-9;QNM3
last-modified
Tue, 07 Sep 2021 03:42:42 GMT
server
openresty
etag
"FgKsa3TvM1urP9QY4B37PQitlAla"
access-control-max-age
2592000
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-Log, X-Reqid
cache-control
public, max-age=31536000
accept-ranges
bytes
x-qiniu-zone
2
x-qnm-cache
Hit
index
gw.mugua.dlycj.com/service-extra/h5Direct/
0
0

index
gw.mugua.dlycj.com/service-extra/h5Direct/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
gw.mugua.dlycj.com
URL
https://gw.mugua.dlycj.com/service-extra/h5Direct/index
Domain
gw.mugua.dlycj.com
URL
https://gw.mugua.dlycj.com/service-extra/h5Direct/index

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| $ function| jQuery

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff