urlscan.io logo urlscan.io
SecurityTrails logo

nj-mj-login.guokuu.com Open in urlscan Pro
113.207.105.132  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://auth-mj-01.soloment.com/
Effective URL: https://nj-mj-login.guokuu.com/
Submission Tags: @ecarlesi threat phishing Search All
Submission: On November 10 via api from IT — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 11 HTTP transactions. The main IP is 113.207.105.132, located in China and belongs to CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN. The main domain is nj-mj-login.guokuu.com.
TLS certificate: Issued by R11 on September 14th 2024. Valid for: 3 months.
This is the only time nj-mj-login.guokuu.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Discord (Instant Messenger)

Domain & IP information

IP Address AS Autonomous System
2 2 45.153.129.99 55933 (CLOUDIE-A...)
10 113.207.105.132 4837 (CHINA169-...)
1 2408:4005:30a... 37963 (ALIBABA-C...)
11 3
Apex Domain
Subdomains		 Transfer
10 guokuu.com
nj-mj-login.guokuu.com
nj-mj-auth.guokuu.com
246 KB
2 soloment.com
auth-mj-01.soloment.com
629 B
1 dcloud.net.cn
cdn.dcloud.net.cn — Cisco Umbrella Rank: 66425
580 B
11 3
Domain Requested by
9 nj-mj-login.guokuu.com nj-mj-login.guokuu.com
2 auth-mj-01.soloment.com 2 redirects
1 cdn.dcloud.net.cn nj-mj-login.guokuu.com
1 nj-mj-auth.guokuu.com nj-mj-login.guokuu.com
11 4

This site contains no links.

Subject Issuer Validity Valid
nj-mj-login.guokuu.com
R11		 2024-09-14 -
2024-12-13		 3 months crt.sh
nj-mj-auth.guokuu.com
R11		 2024-09-14 -
2024-12-13		 3 months crt.sh
*.dcloud.net.cn
Certum Domain Validation CA SHA2		 2024-08-12 -
2025-09-11		 a year crt.sh

This page contains 1 frames:

Primary Page: https://nj-mj-login.guokuu.com/
Frame ID: 0C3DBD42BF04B67F209BAA0C41D57A12
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Midjourny

Page URL History Show full URLs

  1. http://auth-mj-01.soloment.com/ HTTP 307
    https://auth-mj-01.soloment.com/ HTTP 307
    http://auth-mj-01.soloment.com/ HTTP 301
    https://auth-mj-01.soloment.com/ HTTP 302
    https://nj-mj-login.guokuu.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-

Page Statistics

11
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

247 kB
Transfer

444 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://auth-mj-01.soloment.com/ HTTP 307
    https://auth-mj-01.soloment.com/ HTTP 307
    http://auth-mj-01.soloment.com/ HTTP 301
    https://auth-mj-01.soloment.com/ HTTP 302
    https://nj-mj-login.guokuu.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
nj-mj-login.guokuu.com/
Redirect Chain
  • http://auth-mj-01.soloment.com/
  • https://auth-mj-01.soloment.com/
  • http://auth-mj-01.soloment.com/
  • https://auth-mj-01.soloment.com/
  • https://nj-mj-login.guokuu.com/
849 B
1002 B 		Document
General
Check archive.org
Download Go to
Full URL
https://nj-mj-login.guokuu.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
113.207.105.132 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software
nginx /
Resource Hash
84094da9cbd241d9ba056776d9fa66cc822c898afd7b676d3a1f76a31257204b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
content-length
849
content-type
text/html
date
Sun, 10 Nov 2024 03:47:21 GMT
etag
"66e1030e-351"
last-modified
Wed, 11 Sep 2024 02:40:14 GMT
server
nginx
strict-transport-security
max-age=31536000

Redirect headers

cache-control
no-cache
content-length
60
content-type
text/html; charset=utf-8
date
Sun, 10 Nov 2024 03:47:20 GMT
location
https://nj-mj-login.guokuu.com/
server
nginx
vary
Accept
x-powered-by
Express
uni.8d0f5091.css
nj-mj-login.guokuu.com/assets/ 		9 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://nj-mj-login.guokuu.com/assets/uni.8d0f5091.css
Requested by
Host: nj-mj-login.guokuu.com
URL: https://nj-mj-login.guokuu.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
113.207.105.132 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software
nginx /
Resource Hash
8d0f50916ecc3f006fcdee223071497fb5e26e332afe19eb24552f4735b0c894
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://nj-mj-login.guokuu.com/

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=43200
content-encoding
gzip
etag
W/"66e1030e-2369"
expires
Sun, 10 Nov 2024 15:47:21 GMT
date
Sun, 10 Nov 2024 03:47:21 GMT
content-type
text/css
last-modified
Wed, 11 Sep 2024 02:40:14 GMT
server
nginx
vary
Accept-Encoding
index-0ac3c1ed.js
nj-mj-login.guokuu.com/assets/ 		231 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nj-mj-login.guokuu.com/assets/index-0ac3c1ed.js
Requested by
Host: nj-mj-login.guokuu.com
URL: https://nj-mj-login.guokuu.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
113.207.105.132 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software
nginx /
Resource Hash
c06b0fcc5ff0551fe9fb36ec16441a687d59f589b731032717c17eaeaa13fea0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://nj-mj-login.guokuu.com
Referer
https://nj-mj-login.guokuu.com/

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=43200
content-encoding
gzip
etag
W/"66e1030e-39bab"
expires
Sun, 10 Nov 2024 15:47:21 GMT
date
Sun, 10 Nov 2024 03:47:21 GMT
content-type
application/javascript
last-modified
Wed, 11 Sep 2024 02:40:14 GMT
server
nginx
vary
Accept-Encoding
index-bd04c4da.css
nj-mj-login.guokuu.com/assets/ 		49 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://nj-mj-login.guokuu.com/assets/index-bd04c4da.css
Requested by
Host: nj-mj-login.guokuu.com
URL: https://nj-mj-login.guokuu.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
113.207.105.132 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software
nginx /
Resource Hash
bd04c4da4ac7080bd5d17b9d850da6f6fb20833c70678954cb8738ad2d7d1e69
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://nj-mj-login.guokuu.com/

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=43200
content-encoding
gzip
etag
W/"66e1030e-c58a"
expires
Sun, 10 Nov 2024 15:47:21 GMT
date
Sun, 10 Nov 2024 03:47:21 GMT
content-type
text/css
last-modified
Wed, 11 Sep 2024 02:40:14 GMT
server
nginx
vary
Accept-Encoding
pages-index-index.c85bca05.js
nj-mj-login.guokuu.com/assets/ 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nj-mj-login.guokuu.com/assets/pages-index-index.c85bca05.js
Requested by
Host: nj-mj-login.guokuu.com
URL: https://nj-mj-login.guokuu.com/assets/index-0ac3c1ed.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
113.207.105.132 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software
nginx /
Resource Hash
4c5fbb73abbc389c987763f66909219ed5a0f2c9487201ae02afa61cd0194885
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://nj-mj-login.guokuu.com
Referer

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=43200
content-encoding
gzip
etag
W/"66e1030e-6b15"
expires
Sun, 10 Nov 2024 15:47:22 GMT
date
Sun, 10 Nov 2024 03:47:22 GMT
content-type
application/javascript
last-modified
Wed, 11 Sep 2024 02:40:14 GMT
server
nginx
vary
Accept-Encoding
index-e731db0d.css
nj-mj-login.guokuu.com/assets/ 		10 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://nj-mj-login.guokuu.com/assets/index-e731db0d.css
Requested by
Host: nj-mj-login.guokuu.com
URL: https://nj-mj-login.guokuu.com/assets/index-0ac3c1ed.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
113.207.105.132 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software
nginx /
Resource Hash
e731db0de01c9986e13143d79daffa0ae8a6995aafc69dff5ace24db848e3579
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://nj-mj-login.guokuu.com/

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=43200
content-encoding
gzip
etag
W/"66e1030e-29f0"
expires
Sun, 10 Nov 2024 15:47:22 GMT
date
Sun, 10 Nov 2024 03:47:22 GMT
content-type
text/css
last-modified
Wed, 11 Sep 2024 02:40:14 GMT
server
nginx
vary
Accept-Encoding
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0ccf8dd29c61715a6364ea9ec36d32c295e82ca837488590130c51cee298b7d3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
favicon.ico
nj-mj-login.guokuu.com/ 		548 B
611 B 		Other
General
Check archive.org
Download Go to
Full URL
https://nj-mj-login.guokuu.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
113.207.105.132 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software
nginx /
Resource Hash
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://nj-mj-login.guokuu.com/

Response headers

content-length
548
date
Sun, 10 Nov 2024 03:47:23 GMT
content-type
text/html
server
nginx
findByKey
nj-mj-auth.guokuu.com/mapi/v1/system/ 		231 B
422 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://nj-mj-auth.guokuu.com/mapi/v1/system/findByKey?id=100
Requested by
Host: nj-mj-login.guokuu.com
URL: https://nj-mj-login.guokuu.com/assets/index-0ac3c1ed.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
113.207.105.132 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software
nginx / Express
Resource Hash
316ebd88077b9eb03c01d2de15cace30aeda8ed1b1e528d580684f378b47b3b0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://nj-mj-login.guokuu.com/

Response headers

cache-control
no-cache, no-cache
etag
W/"e7-FWB0kX7jzvjiuzJMRdBVHHmORvk"
access-control-allow-origin
*
content-length
231
date
Sun, 10 Nov 2024 03:47:24 GMT
content-type
application/json; charset=utf-8
x-powered-by
Express
server
nginx
bg-daa6ee4f-daa6ee4f.svg
nj-mj-login.guokuu.com/assets/ 		46 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nj-mj-login.guokuu.com/assets/bg-daa6ee4f-daa6ee4f.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
113.207.105.132 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software
nginx /
Resource Hash
daa6ee4f77114793f32be2cd7585321c72a61f4b0c7f213b6464de61caa77514
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://nj-mj-login.guokuu.com/

Response headers

strict-transport-security
max-age=31536000
etag
"66e1030e-b853"
accept-ranges
bytes
content-length
47187
date
Sun, 10 Nov 2024 03:47:23 GMT
content-type
image/svg+xml
last-modified
Wed, 11 Sep 2024 02:40:14 GMT
server
nginx
wechat-f1cb3da6.jpg
nj-mj-login.guokuu.com/assets/ 		68 KB
68 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nj-mj-login.guokuu.com/assets/wechat-f1cb3da6.jpg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
113.207.105.132 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software
nginx /
Resource Hash
f1cb3da62c2f5abb89cfd8342b0b575a0734d54e7fcd92a6601d0914a65ccc69
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://nj-mj-login.guokuu.com/

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=2592000
etag
"66e1030e-110ab"
expires
Tue, 10 Dec 2024 03:47:23 GMT
accept-ranges
bytes
content-length
69803
date
Sun, 10 Nov 2024 03:47:23 GMT
content-type
image/jpeg
last-modified
Wed, 11 Sep 2024 02:40:14 GMT
server
nginx
shadow-grey.png
cdn.dcloud.net.cn/img/ 		136 B
580 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.dcloud.net.cn/img/shadow-grey.png
Requested by
Host: nj-mj-login.guokuu.com
URL: https://nj-mj-login.guokuu.com/assets/index-bd04c4da.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2408:4005:30a:4302:6218:d8d9:db29:5dd6 , China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
nginx /
Resource Hash
ad4ebea1c3496dd2924789ee009174a2c6289d1200e9811f458fd46f172d1d6f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://nj-mj-login.guokuu.com/

Response headers

Cache-Control
max-age=43200
ETag
"5cf8b5bf-88"
Connection
close
Expires
Sun, 10 Nov 2024 15:47:25 GMT
Accept-Ranges
bytes
Content-Length
136
Date
Sun, 10 Nov 2024 03:47:25 GMT
Content-Type
image/png
Last-Modified
Thu, 06 Jun 2019 06:42:07 GMT
Server
nginx

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Discord (Instant Messenger)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| coverSupport object| uni object| wx function| rpx2px object| __uniConfig object| __uniLayout object| __uniRoutes boolean| __VUE__

1 Cookies

Domain/Path Name / Value
.dcloud.net.cn/ Name: __uni__uid
Value: 2yld1mcwLM27PvzdA+W/Ag==

1 Console Messages

Source Level URL
Text
network error URL: https://nj-mj-login.guokuu.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000