fast.midasbuysite.com Open in urlscan Pro
2a06:98c1:3120::3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://fast.midasbuysite.com/?fbclid=PAAabUd0b9XtAvzF_EblgYS3CfJcSD1yY_7SnmBERhyS_asqDU7QIfuuMZ4f4_aem_AX8pL3EPtvX2bZxz3QinAb...
Submission: On November 16 via api (November 16th 2023, 6:56:33 pm UTC) from US — Scanned from NL

Summary HTTP 87 Redirects Behaviour Indicators

Summary

This website contacted 15 IPs in 3 countries across 14 domains to perform 87 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is fast.midasbuysite.com.
TLS certificate: Issued by GTS CA 1P5 on October 3rd 2023. Valid for: 3 months.

This is the only time fast.midasbuysite.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Gaming (Entertainment)

Domain & IP information

	IP Address	AS Autonomous System
2	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:5814	13335 (CLOUDFLAR...) (CLOUDFLARENET)
17	2606:4700:303... 2606:4700:3036::ac43:95b7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	101.33.10.108 101.33.10.108	132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building)
41	101.33.10.29 101.33.10.29	132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::ac40:93bc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
2	162.19.58.159 162.19.58.159	16276 (OVH) (OVH)
3	2606:4700::68... 2606:4700::6810:3965	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	43.152.44.232 43.152.44.232	() ()
2	240e:97c:2f:1... 240e:97c:2f:1::6e	() ()
1	2a02:26f0:780... 2a02:26f0:780::210:ca80	() ()
87	15

2 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

fast.midasbuysite.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5814 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2606:4700:3036::ac43:95b7 (United States)

ASN13335 (CLOUDFLARENET, US)

kiboy.eventmaterialfree.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 101.33.10.108 (Frankfurt am Main, Germany)

ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)

cdn-go.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

41 101.33.10.29 (Frankfurt am Main, Germany)

ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)

cdn.midasbuy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:93bc (United States)

ASN13335 (CLOUDFLARENET, US)

site-assets.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.19.58.159 (France)

ASN16276 (OVH, FR)
PTR: ns3096667.ip-162-19-58.eu

i.ibb.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:3965 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 43.152.44.232 (None, )

ASN- ()

report1.midasbuy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 240e:97c:2f:1::6e (None, )

ASN- ()

aegis.qq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:780::210:ca80 (None, )

ASN- ()

www.pubgmobile.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
49	midasbuy.com cdn.midasbuy.com — Cisco Umbrella Rank: 329639 report1.midasbuy.com	3 MB
17	eventmaterialfree.com kiboy.eventmaterialfree.com	155 KB
3	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 899	20 KB
2	qq.com aegis.qq.com	415 B
2	ibb.co i.ibb.co — Cisco Umbrella Rank: 11551	56 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 223	25 KB
2	midasbuysite.com fast.midasbuysite.com	5 KB
1	pubgmobile.com www.pubgmobile.com	817 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31	1 KB
1	fontawesome.com site-assets.fontawesome.com — Cisco Umbrella Rank: 57726	80 KB
1	bootstrapcdn.com stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2914	7 KB
1	cdn-go.cn cdn-go.cn — Cisco Umbrella Rank: 30377	22 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 335	21 KB
0	qcloud.com Failed kepler.captcha.qcloud.com Failed
87	14

	Domain	Requested by
41	cdn.midasbuy.com	kiboy.eventmaterialfree.com cdn.midasbuy.com
17	kiboy.eventmaterialfree.com	fast.midasbuysite.com kiboy.eventmaterialfree.com cdn.midasbuy.com cdn-go.cn static.cloudflareinsights.com
8	report1.midasbuy.com	kiboy.eventmaterialfree.com
3	static.cloudflareinsights.com	kiboy.eventmaterialfree.com
2	aegis.qq.com	cdn-go.cn
2	i.ibb.co	kiboy.eventmaterialfree.com
2	cdnjs.cloudflare.com	kiboy.eventmaterialfree.com
2	fast.midasbuysite.com	fast.midasbuysite.com
1	www.pubgmobile.com	kiboy.eventmaterialfree.com
1	fonts.googleapis.com	kiboy.eventmaterialfree.com
1	site-assets.fontawesome.com	kiboy.eventmaterialfree.com
1	stackpath.bootstrapcdn.com	kiboy.eventmaterialfree.com
1	cdn-go.cn	kiboy.eventmaterialfree.com
1	cdn.jsdelivr.net	fast.midasbuysite.com
0	kepler.captcha.qcloud.com Failed	kiboy.eventmaterialfree.com
87	15

This site contains no links.

Subject Issuer	Validity	Valid
midasbuysite.com GTS CA 1P5	`2023-10-03` - `2024-01-01`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-02` - `2024-05-01`	a year	crt.sh
eventmaterialfree.com GTS CA 1P5	`2023-10-21` - `2024-01-19`	3 months	crt.sh
cdnv4-go.cn DigiCert Secure Site CN CA G3	`2023-02-15` - `2024-03-15`	a year	crt.sh
*.midasbuy.com DigiCert Secure Site CN CA G3	`2023-04-11` - `2024-05-11`	a year	crt.sh
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-22` - `2023-12-23`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
ibb.co R3	`2023-10-09` - `2024-01-07`	3 months	crt.sh
aegis.qq.com DigiCert Secure Site CN CA G3	`2023-03-08` - `2024-04-07`	a year	crt.sh
wetv.acc.qq.com DigiCert TLS RSA SHA256 2020 CA1	`2023-10-30` - `2024-10-30`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://fast.midasbuysite.com/?fbclid=PAAabUd0b9XtAvzF_EblgYS3CfJcSD1yY_7SnmBERhyS_asqDU7QIfuuMZ4f4_aem_AX8pL3EPtvX2bZxz3QinAb0xVD1Oh2tyrmCS12yyh-2D5npo8xLfe4D8T36aJyMHHpUbi4l5sJDHCBEtn_Diuygl
Frame ID: 22B3C6A238A4A7A2FDCD834E32CBD4F4
Requests: 3 HTTP requests in this frame

Frame: https://kiboy.eventmaterialfree.com/
Frame ID: A471FCA8F98AF14971F7D2802BA39B07
Requests: 93 HTTP requests in this frame

Frame: https://kiboy.eventmaterialfree.com/apps/login/home/ot?hidePop=1
Frame ID: F563BA57C941A9437FC0A84A8ABA034B
Requests: 3 HTTP requests in this frame

Frame: https://kiboy.eventmaterialfree.com/receivemsg?buy_type_key=CURRENT_BUY_ITEM_SAVE_page_07585752403329911
Frame ID: 26329A881DE062038E17C67CE4CEBDAE
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

www.midasbuy.com

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

87
Requests

95 %
HTTPS

71 %
IPv6

14
Domains

15
Subdomains

15
IPs

3
Countries

3932 kB
Transfer

6367 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

87 HTTP transactions
15 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
fast.midasbuysite.com/ 915 B
961 B 600ms
379ms Document
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Source	Level	URL Text
network	error	Message: A bad HTTP response code (404) was received when fetching the script.
javascript	error	URL: https://kiboy.eventmaterialfree.com/ Message: Access to script at 'https://cdn.midasbuy.com/apps/activity/js/api/api.global.js' from origin 'https://kiboy.eventmaterialfree.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://cdn.midasbuy.com/apps/activity/js/api/api.global.js Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://kiboy.eventmaterialfree.com/apps/login/home/ot?hidePop=1#login Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://kiboy.eventmaterialfree.com/receivemsg?buy_type_key=CURRENT_BUY_ITEM_SAVE_page_07585752403329911 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://kiboy.eventmaterialfree.com/interface/getLoginInfoV2?encrypt_msg=eoPLAswqO3xiBhlvv4QubSZHcgyOg%2BolbrMUXdA9Jj4%3D&ctoken_ver=1.0.1&ctoken=d356f0bae5ca9abd01785bf204c57fbcd775c5620d0e24f80fdf59ab34b681638959674f474b5999ba66516ca547b0c7&_r=0.5627619256796612 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://kiboy.eventmaterialfree.com/apps/activity/api/activity-initialize/many-valid-events?appid=1450015065&country=ot&supportEmbed=1 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://aegis.qq.com/collect/whitelist?id=xEyy0TQ9LxaDmGDWQg&uin=uv_046123862290262841666404955068&version=1.42.25&aid=e8389982-a61b-4aef-809b-75cdd2879f78&env=production&platform=3&netType=4&vp=1600%20%201200&sr=1600%20%201200&sessionId=session-1700160991251&from=https%3A%2F%2Fkiboy.eventmaterialfree.com%2F&referer=https%3A%2F%2Ffast.midasbuysite.com%2F Message: Failed to load resource: the server responded with a status of 403 ()

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

fast.midasbuysite.com Open in urlscan Pro 2a06:98c1:3120::3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

87 Requests

95 %HTTPS

71 %IPv6

14 Domains

15 Subdomains

15 IPs

3 Countries

3932 kBTransfer

6367 kBSize

0 Cookies

0 Outgoing links

Redirected requests

87 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 15 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

fast.midasbuysite.com Open in urlscan Pro
2a06:98c1:3120::3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

87
Requests

95 %
HTTPS

71 %
IPv6

14
Domains

15
Subdomains

15
IPs

3
Countries

3932 kB
Transfer

6367 kB
Size

0
Cookies

87 HTTP transactions
15 data transactions