urlscan.io logo urlscan.io
SecurityTrails logo

paypay.133.w21.net Open in urlscan Pro
222.186.48.133  Public Scan

Go To Rescan Add Verdict Report
URL: https://paypay.133.w21.net/
Submission Tags: @phishunt_io
Submission: On May 25 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 11 HTTP transactions. The main IP is 222.186.48.133, located in China and belongs to CHINANET-BACKBONE No.31,Jin-rong Street, CN. The main domain is paypay.133.w21.net.
TLS certificate: Issued by R3 on May 25th 2024. Valid for: 3 months.
This is the only time paypay.133.w21.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 222.186.48.133 4134 (CHINANET-...)
11 2
Apex Domain
Subdomains		 Transfer
2 w21.net
paypay.133.w21.net
131425.133.w21.net Failed
17 KB
11 1
Domain Requested by
1 131425.133.w21.net paypay.133.w21.net
1 paypay.133.w21.net
11 2

This site contains links to these domains. Also see Links.

Domain
131425.133.w21.net
bbs.hyphp.cn
Subject Issuer Validity Valid
paypay.133.w21.net
R3		 2024-05-25 -
2024-08-23		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://paypay.133.w21.net/
Frame ID: DEE534A0F13FF7020AED0C1B62EE2733
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

HYBBS - HYBBS - Powered by HYBBS

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+data-react

Page Statistics

11
Requests

18 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

17 kB
Transfer

33 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
paypay.133.w21.net/ 		22 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://paypay.133.w21.net/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
222.186.48.133 , China, ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN),
Reverse DNS
Software
nginx / HYPHP
Resource Hash
b5a6ea8a7eca3d9e62cdffdc400539cda9bf4d8a4f1f9581971690bd08ad8281

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Sat, 25 May 2024 04:14:20 GMT
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Powered-By
HYPHP
forum1.png
131425.133.w21.net/upload/ 		0
0
iconfont.css
131425.133.w21.net/View/hybbs/icon/ 		0
0
app.css
131425.133.w21.net/View/hybbs/ 		0
0
public.css
131425.133.w21.net/public/css/ 		0
0
jquery.min.js
131425.133.w21.net/public/js/ 		0
0
jquery.darktooltip.js
131425.133.w21.net/View/hybbs/ 		0
0
app.js
131425.133.w21.net/View/hybbs/ 		0
0
app.js
131425.133.w21.net/public/js/ 		0
0
truncated
/ 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9d381a6fd0dd8e5e0c54cdcce7c0f8bf2477a749753049754fc9c38e881fc91d

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
de.png
131425.133.w21.net/upload/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://131425.133.w21.net/upload/de.png
Requested by
Host: paypay.133.w21.net
URL: https://paypay.133.w21.net/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
222.186.48.133 , China, ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN),
Reverse DNS
Software
nginx /
Resource Hash
4860a16a41834b26225bba689464278e4f1f57ebfef188001674819426f5ddab

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://paypay.133.w21.net/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 25 May 2024 04:14:24 GMT
Last-Modified
Sat, 25 May 2024 00:09:27 GMT
Server
nginx
ETag
"66512c37-1601"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5633
favicon.ico
131425.133.w21.net/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
131425.133.w21.net
URL
https://131425.133.w21.net/upload/forum1.png
Domain
131425.133.w21.net
URL
http://131425.133.w21.net/View/hybbs/icon/iconfont.css?ver=2.22
Domain
131425.133.w21.net
URL
http://131425.133.w21.net/View/hybbs/app.css?ver=2.22
Domain
131425.133.w21.net
URL
http://131425.133.w21.net/public/css/public.css?ver=2.22
Domain
131425.133.w21.net
URL
http://131425.133.w21.net/public/js/jquery.min.js
Domain
131425.133.w21.net
URL
http://131425.133.w21.net/View/hybbs/jquery.darktooltip.js
Domain
131425.133.w21.net
URL
http://131425.133.w21.net/View/hybbs/app.js
Domain
131425.133.w21.net
URL
http://131425.133.w21.net/public/js/app.js
Domain
131425.133.w21.net
URL
http://131425.133.w21.net/favicon.ico

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| www string| WWW string| exp

2 Cookies

Domain/Path Name / Value
paypay.133.w21.net/ Name: hyphp_lang
Value: de-DE
131425.133.w21.net/ Name: hyphp_lang
Value: de-DE

12 Console Messages

Source Level URL
Text
security warning URL: https://paypay.133.w21.net/
Message:
Mixed Content: The page at 'https://paypay.133.w21.net/' was loaded over HTTPS, but requested an insecure element 'http://131425.133.w21.net/upload/forum1.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security error URL: https://paypay.133.w21.net/(Line 11)
Message:
Mixed Content: The page at 'https://paypay.133.w21.net/' was loaded over HTTPS, but requested an insecure stylesheet 'http://131425.133.w21.net/View/hybbs/icon/iconfont.css?ver=2.22'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://paypay.133.w21.net/(Line 12)
Message:
Mixed Content: The page at 'https://paypay.133.w21.net/' was loaded over HTTPS, but requested an insecure stylesheet 'http://131425.133.w21.net/View/hybbs/app.css?ver=2.22'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://paypay.133.w21.net/(Line 13)
Message:
Mixed Content: The page at 'https://paypay.133.w21.net/' was loaded over HTTPS, but requested an insecure stylesheet 'http://131425.133.w21.net/public/css/public.css?ver=2.22'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://paypay.133.w21.net/
Message:
Mixed Content: The page at 'https://paypay.133.w21.net/' was loaded over HTTPS, but requested an insecure script 'http://131425.133.w21.net/public/js/jquery.min.js'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://paypay.133.w21.net/
Message:
Mixed Content: The page at 'https://paypay.133.w21.net/' was loaded over HTTPS, but requested an insecure script 'http://131425.133.w21.net/View/hybbs/jquery.darktooltip.js'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://paypay.133.w21.net/
Message:
Mixed Content: The page at 'https://paypay.133.w21.net/' was loaded over HTTPS, but requested an insecure script 'http://131425.133.w21.net/View/hybbs/app.js'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://paypay.133.w21.net/
Message:
Mixed Content: The page at 'https://paypay.133.w21.net/' was loaded over HTTPS, but requested an insecure script 'http://131425.133.w21.net/public/js/app.js'. This request has been blocked; the content must be served over HTTPS.
security warning URL: https://paypay.133.w21.net/(Line 45)
Message:
Mixed Content: The page at 'https://paypay.133.w21.net/' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'http://131425.133.w21.net/?search.html'. This endpoint should be made available over a secure connection.
security warning URL: https://paypay.133.w21.net/(Line 376)
Message:
Mixed Content: The page at 'https://paypay.133.w21.net/' was loaded over HTTPS, but requested an insecure element 'http://131425.133.w21.net/upload/forum1.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://paypay.133.w21.net/
Message:
Mixed Content: The page at 'https://paypay.133.w21.net/' was loaded over HTTPS, but requested an insecure element 'http://131425.133.w21.net/upload/de.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security error URL: https://paypay.133.w21.net/
Message:
Mixed Content: The page at 'https://paypay.133.w21.net/' was loaded over HTTPS, but requested an insecure favicon 'http://131425.133.w21.net/favicon.ico'. This request has been blocked; the content must be served over HTTPS.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

131425.133.w21.net
paypay.133.w21.net
131425.133.w21.net
222.186.48.133
4860a16a41834b26225bba689464278e4f1f57ebfef188001674819426f5ddab
9d381a6fd0dd8e5e0c54cdcce7c0f8bf2477a749753049754fc9c38e881fc91d
b5a6ea8a7eca3d9e62cdffdc400539cda9bf4d8a4f1f9581971690bd08ad8281