URL: https://pay.mxlbs.cn/
Submission: On February 16 via automatic, source certstream-suspicious

Summary

This website contacted 3 IPs in 3 countries across 2 domains to perform 5 HTTP transactions. The main IP is 106.15.46.189, located in China and belongs to CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN. The main domain is pay.mxlbs.cn.
TLS certificate: Issued by R3 on February 16th 2021. Valid for: 3 months.
This is the only time pay.mxlbs.cn was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 106.15.46.189 37963 (CNNIC-ALI...)
2 2a04:4e42:3::621 54113 (FASTLY)
1 185.232.59.135 135391 (AOFEI-HK ...)
5 3
Apex Domain
Subdomains
Transfer
3 mxlbs.cn
pay.mxlbs.cn
ypy.mxlbs.cn
51 KB
2 jsdelivr.net
cdn.jsdelivr.net
52 KB
5 2
Domain Requested by
2 cdn.jsdelivr.net pay.mxlbs.cn
2 pay.mxlbs.cn pay.mxlbs.cn
1 ypy.mxlbs.cn pay.mxlbs.cn
5 3

This site contains no links.

Subject Issuer Validity Valid
pay.mxlbs.cn
R3
2021-02-16 -
2021-05-17
3 months crt.sh
f3.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3
2020-10-26 -
2021-04-17
6 months crt.sh
ypy.mxlbs.cn
TrustAsia TLS RSA CA
2020-05-15 -
2021-05-16
a year crt.sh

This page contains 1 frames:

Primary Page: https://pay.mxlbs.cn/
Frame ID: DC9C4D3DE0593BF2A458AF93038E3161
Requests: 5 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

5
Requests

100 %
HTTPS

33 %
IPv6

2
Domains

3
Subdomains

3
IPs

3
Countries

103 kB
Transfer

218 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
pay.mxlbs.cn/
8 KB
3 KB
Document
General
Full URL
https://pay.mxlbs.cn/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
106.15.46.189 , China, ASN37963 (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
Apache /
Resource Hash
2fed771b9a0dc70adf653fe35a2e8775d2b6a3b1c77a9a737c86e2fd0ce966f9

Request headers

:method
GET
:authority
pay.mxlbs.cn
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 16 Feb 2021 16:11:26 GMT
server
Apache
last-modified
Sat, 18 Apr 2020 03:17:58 GMT
etag
"1efc-5a3881cdd8349-gzip"
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-length
2866
content-type
text/html
style.min.css
cdn.jsdelivr.net/combine/gh/picturepan2/spectre@0.5.7/dist/spectre.min.css,gh/hifocus/merger@0.14/assets/styles/
46 KB
10 KB
Stylesheet
General
Full URL
https://cdn.jsdelivr.net/combine/gh/picturepan2/spectre@0.5.7/dist/spectre.min.css,gh/hifocus/merger@0.14/assets/styles/style.min.css
Requested by
Host: pay.mxlbs.cn
URL: https://pay.mxlbs.cn/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::621 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4f622b8751528fc7537d5d0db723f4635d7224b955392770ca4b473ee0d0310f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://pay.mxlbs.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
109716
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
10225
etag
W/"b9d7-3dulcsuNtvQ58tf8/4FXtC5D9dc"
x-served-by
cache-fra19126-FRA
date
Tue, 16 Feb 2021 16:11:26 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
china.css
pay.mxlbs.cn/css/
0
0
Stylesheet
General
Full URL
https://pay.mxlbs.cn/css/china.css
Requested by
Host: pay.mxlbs.cn
URL: https://pay.mxlbs.cn/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
106.15.46.189 , China, ASN37963 (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
Apache /
Resource Hash

Request headers

Referer
https://pay.mxlbs.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 16 Feb 2021 16:11:26 GMT
content-encoding
gzip
last-modified
Sun, 04 Aug 2019 17:28:32 GMT
server
Apache
etag
"cf4-58f4deba1cfd2-gzip"
vary
Accept-Encoding
content-type
text/html
accept-ranges
bytes
content-length
1169
font_974919_xgtacm93vxp.min.js
cdn.jsdelivr.net/combine/gh/hifocus/merger@0.1.5/assets/js/jQuery/jquery.min.js,gh/hifocus/merger@0.1.5/assets/js/jquery-qrcode/jquery-qrcode.min.js,gh/hifocus/merger@0.1.5/assets/js/function.min.j...
116 KB
42 KB
Script
General
Full URL
https://cdn.jsdelivr.net/combine/gh/hifocus/merger@0.1.5/assets/js/jQuery/jquery.min.js,gh/hifocus/merger@0.1.5/assets/js/jquery-qrcode/jquery-qrcode.min.js,gh/hifocus/merger@0.1.5/assets/js/function.min.js,gh/hifocus/merger@0.1.5/assets/js/font_974919_xgtacm93vxp.min.js
Requested by
Host: pay.mxlbs.cn
URL: https://pay.mxlbs.cn/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::621 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
51854683b71cbef44750ebfd96143fa7fd652c76131575937f2dbcf60ecbdffe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://pay.mxlbs.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
0
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
42349
etag
W/"1ce50-nZaUeaQt9lFuSP181kz9z/PxvE4"
x-served-by
cache-fra19126-FRA
date
Tue, 16 Feb 2021 16:11:27 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
Oriental-Fantasy-logo-640.jpg
ypy.mxlbs.cn/
48 KB
48 KB
Image
General
Full URL
https://ypy.mxlbs.cn/Oriental-Fantasy-logo-640.jpg
Requested by
Host: pay.mxlbs.cn
URL: https://pay.mxlbs.cn/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.232.59.135 , Netherlands, ASN135391 (AOFEI-HK AOFEI DATA INTERNATIONAL COMPANY LIMITED, HK),
Reverse DNS
Software
marco/2.13 /
Resource Hash
f878f3c9d0c06ab6b9c084d7b17b0012de6a15287bf6b26867d83a0c7ffe5489

Request headers

Referer
https://pay.mxlbs.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 16 Feb 2021 16:11:28 GMT
via
T.202.-, V.403-zj-fud-200, S.ntt-cn-hkg1-228, T.228.H, V.ntt-cn-hkg1-231, T.133.M, M.gtt-de-fra3-133
last-modified
Sat, 15 Jun 2019 04:52:57 GMT
server
marco/2.13
etag
"236f2c8c3b27b143393df0104777f43a"
vary
Accept
content-type
image/webp
cache-control
public, must-revalidate, max-age=43200
x-source
U/200, G/304
accept-ranges
bytes
content-length
49058
x-request-id
70c4c6f427f47af4e2404be0e78c5c70; b7a2f68400c821ea40e3a20723e70c64
expires
Wed, 17 Feb 2021 04:11:28 GMT

Verdicts & Comments Add Verdict or Comment

30 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated string| wechat string| alipay string| tenpay string| myname string| profile string| title string| subtitle string| debugmode string| qrcodeapi undefined| client undefined| selected number| scale function| openwechat function| openalipay function| opentenpay function| removal function| urlencode function| showqrcode undefined| openbox function| $ function| jQuery

0 Cookies

4 Console Messages

Source Level URL
Text
console-api log URL: https://cdn.jsdelivr.net/combine/gh/hifocus/merger@0.1.5/assets/js/jQuery/jquery.min.js,gh/hifocus/merger@0.1.5/assets/js/jquery-qrcode/jquery-qrcode.min.js,gh/hifocus/merger@0.1.5/assets/js/function.min.js,gh/hifocus/merger@0.1.5/assets/js/font_974919_xgtacm93vxp.min.js(Line 18)
Message:
DESKTOP BROWSER CLIENT
console-api log URL: https://cdn.jsdelivr.net/combine/gh/hifocus/merger@0.1.5/assets/js/jQuery/jquery.min.js,gh/hifocus/merger@0.1.5/assets/js/jquery-qrcode/jquery-qrcode.min.js,gh/hifocus/merger@0.1.5/assets/js/function.min.js,gh/hifocus/merger@0.1.5/assets/js/font_974919_xgtacm93vxp.min.js(Line 19)
Message:
PAYPAL BUTTON REMOVED
console-api log URL: https://cdn.jsdelivr.net/combine/gh/hifocus/merger@0.1.5/assets/js/jQuery/jquery.min.js,gh/hifocus/merger@0.1.5/assets/js/jquery-qrcode/jquery-qrcode.min.js,gh/hifocus/merger@0.1.5/assets/js/function.min.js,gh/hifocus/merger@0.1.5/assets/js/font_974919_xgtacm93vxp.min.js(Line 27)
Message:
DEBUG MODE ENABLED ↑
console-api log URL: https://cdn.jsdelivr.net/combine/gh/hifocus/merger@0.1.5/assets/js/jQuery/jquery.min.js,gh/hifocus/merger@0.1.5/assets/js/jquery-qrcode/jquery-qrcode.min.js,gh/hifocus/merger@0.1.5/assets/js/function.min.js,gh/hifocus/merger@0.1.5/assets/js/font_974919_xgtacm93vxp.min.js(Line 27)
Message:
%c merger.html %c https://github.com/hifocus/merger color: #fadfa3; background: #030307; padding:5px 0; background: #fadfa3; padding:5px 0;