mail.globaleventss.midasbuyspro.com Open in urlscan Pro
2606:4700:3035::6815:2759 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://mail.globaleventss.midasbuyspro.com/
Submission: On December 24 via api (December 24th 2023, 11:34:02 pm UTC) from US — Scanned from US

Summary HTTP 130 Redirects Behaviour Indicators

Summary

This website contacted 16 IPs in 2 countries across 14 domains to perform 130 HTTP transactions. The main IP is 2606:4700:3035::6815:2759, located in United States and belongs to CLOUDFLARENET, US. The main domain is mail.globaleventss.midasbuyspro.com.

This is the only time mail.globaleventss.midasbuyspro.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Gaming (Entertainment)

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700:303... 2606:4700:3035::6815:2759	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:400... 2a04:4e42:400::485	54113 (FASTLY) (FASTLY)
3 30	2606:4700:303... 2606:4700:3036::ac43:a3b3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	211.152.148.32 211.152.148.32	139341 (ACE-AS-AP...) (ACE-AS-AP ACE)
49	211.152.148.45 211.152.148.45	139341 (ACE-AS-AP...) (ACE-AS-AP ACE)
1	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:440... 2606:4700:4400::ac40:93bc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:81c::200a	15169 (GOOGLE) (GOOGLE)
5	104.243.38.177 104.243.38.177	23470 (RELIABLESITE) (RELIABLESITE)
2	240e:97c:2f:1... 240e:97c:2f:1::6e	58466 (CT-GUANGZ...) (CT-GUANGZHOU-IDC CHINANET Guangdong province network)
29	128.14.246.105 128.14.246.105	21859 (ZEN-ECN) (ZEN-ECN)
3	124.156.190.80 124.156.190.80	() ()
1	2600:141b:1c0... 2600:141b:1c00:10::172c:c9b1	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2607:f8b0:400... 2607:f8b0:4006:820::2003	15169 (GOOGLE) (GOOGLE)
130	16

1 2606:4700:3035::6815:2759 (United States)

ASN13335 (CLOUDFLARENET, US)

mail.globaleventss.midasbuyspro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2606:4700:3036::ac43:a3b3 (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

hulkhogahtt.anakembok.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 211.152.148.32 (Atlanta, United States)

ASN139341 (ACE-AS-AP ACE, SG)

cdn-go.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

49 211.152.148.45 (Atlanta, United States)

ASN139341 (ACE-AS-AP ACE, SG)

cdn.midasbuy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::ac40:93bc (United States)

ASN13335 (CLOUDFLARENET, US)

site-assets.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81c::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.243.38.177 (Piscataway, United States)

ASN23470 (RELIABLESITE, US)
PTR: disuanqi.dadongeng.cn

i.ibb.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 240e:97c:2f:1::6e (China)

ASN58466 (CT-GUANGZHOU-IDC CHINANET Guangdong province network, CN)

aegis.qq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 128.14.246.105 (Los Angeles, United States)

ASN21859 (ZEN-ECN, US)

report1.midasbuy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 124.156.190.80 (None, )

ASN- ()

kepler.captcha.qcloud.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:1c00:10::172c:c9b1 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)

www.pubgmobile.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:820::2003 (United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
78	midasbuy.com cdn.midasbuy.com — Cisco Umbrella Rank: 310510 report1.midasbuy.com — Cisco Umbrella Rank: 254859	4 MB
30	anakembok.de 3 redirects hulkhogahtt.anakembok.de	254 KB
5	ibb.co i.ibb.co — Cisco Umbrella Rank: 12045	232 KB
4	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 204	139 KB
3	qcloud.com kepler.captcha.qcloud.com	57 KB
3	fontawesome.com site-assets.fontawesome.com — Cisco Umbrella Rank: 61664	506 KB
2	qq.com aegis.qq.com — Cisco Umbrella Rank: 24575	413 B
1	gstatic.com fonts.gstatic.com	16 KB
1	pubgmobile.com www.pubgmobile.com — Cisco Umbrella Rank: 45888	816 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	1 KB
1	bootstrapcdn.com stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2842	7 KB
1	cdn-go.cn cdn-go.cn — Cisco Umbrella Rank: 31970	22 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 313	21 KB
1	midasbuyspro.com mail.globaleventss.midasbuyspro.com	1 KB
130	14

	Domain	Requested by
49	cdn.midasbuy.com	hulkhogahtt.anakembok.de cdn.midasbuy.com
30	hulkhogahtt.anakembok.de	3 redirects mail.globaleventss.midasbuyspro.com hulkhogahtt.anakembok.de cdn-go.cn cdn.midasbuy.com
29	report1.midasbuy.com	hulkhogahtt.anakembok.de
5	i.ibb.co	hulkhogahtt.anakembok.de
4	cdnjs.cloudflare.com	hulkhogahtt.anakembok.de cdnjs.cloudflare.com
3	kepler.captcha.qcloud.com	hulkhogahtt.anakembok.de cdn-go.cn
3	site-assets.fontawesome.com	hulkhogahtt.anakembok.de site-assets.fontawesome.com
2	aegis.qq.com	cdn-go.cn
1	fonts.gstatic.com	fonts.googleapis.com
1	www.pubgmobile.com	hulkhogahtt.anakembok.de
1	fonts.googleapis.com	hulkhogahtt.anakembok.de
1	stackpath.bootstrapcdn.com	hulkhogahtt.anakembok.de
1	cdn-go.cn	hulkhogahtt.anakembok.de
1	cdn.jsdelivr.net	mail.globaleventss.midasbuyspro.com
1	mail.globaleventss.midasbuyspro.com
130	15

This site contains no links.

Subject Issuer	Validity	Valid
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-09-27` - `2024-10-28`	a year	crt.sh
anakembok.de GTS CA 1P5	`2023-11-29` - `2024-02-27`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
cdnv4-go.cn DigiCert Secure Site CN CA G3	`2023-02-15` - `2024-03-15`	a year	crt.sh
*.midasbuy.com DigiCert Secure Site CN CA G3	`2023-04-11` - `2024-05-11`	a year	crt.sh
bootstrapcdn.com GTS CA 1P5	`2023-11-30` - `2024-02-28`	3 months	crt.sh
*.fontawesome.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-04` - `2025-01-03`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
ibb.co R3	`2023-12-09` - `2024-03-08`	3 months	crt.sh
aegis.qq.com DigiCert Secure Site CN CA G3	`2023-03-08` - `2024-04-07`	a year	crt.sh
apr02-2023-1.ias.qcloud.com DigiCert Secure Site CN CA G3	`2023-04-01` - `2024-04-02`	a year	crt.sh
wetv.acc.qq.com DigiCert TLS RSA SHA256 2020 CA1	`2023-10-30` - `2024-10-30`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh

This page contains 7 frames:

Primary Page: http://mail.globaleventss.midasbuyspro.com/
Frame ID: B71E0937470686CF24FA0A021E4B2E29
Requests: 2 HTTP requests in this frame

Frame: https://hulkhogahtt.anakembok.de/
Frame ID: E5C0C3686AD717A80786A09106031A1B
Requests: 135 HTTP requests in this frame

Frame: https://hulkhogahtt.anakembok.de/apps/login/home/ot?hidePop=1
Frame ID: 9F0EE87E304B341C1BF85ADC3A9D67A0
Requests: 1 HTTP requests in this frame

Frame: https://hulkhogahtt.anakembok.de/receivemsg?buy_type_key=CURRENT_BUY_ITEM_SAVE_page_003229930379646939
Frame ID: 45FA1E7EB365E0F0E87C3CDC9620FD96
Requests: 1 HTTP requests in this frame

Frame: https://hulkhogahtt.anakembok.de/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js
Frame ID: FE3B9852C688A2088FCFC5D7F71C8D68
Requests: 2 HTTP requests in this frame

Frame: https://hulkhogahtt.anakembok.de/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js
Frame ID: 4BC540956D055A30B325DE464AE8691B
Requests: 2 HTTP requests in this frame

Frame: https://hulkhogahtt.anakembok.de/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js
Frame ID: 698422A20A4CAFB95CD6CAA1090025D6
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

GLOBAL EVENT

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

130
Requests

96 %
HTTPS

67 %
IPv6

14
Domains

15
Subdomains

16
IPs

2
Countries

5115 kB
Transfer

7680 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 107

https://hulkhogahtt.anakembok.de/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://hulkhogahtt.anakembok.de/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js

Request Chain 108

https://hulkhogahtt.anakembok.de/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://hulkhogahtt.anakembok.de/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js

Request Chain 109

https://hulkhogahtt.anakembok.de/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://hulkhogahtt.anakembok.de/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js

130 HTTP transactions
15 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
mail.globaleventss.midasbuyspro.com/ 725 B
1 KB 327ms
267ms Document
text/html 2606:4700:3035::6815:2759
CLOUDFLARENET

General

Source	Level	URL Text
network	error	URL: https://hulkhogahtt.anakembok.de/interface/getLoginInfoV2?encrypt_msg=iHe%2Ff3piZyV0bB8hB4cB3p5W0JIPST%2FzZ7QTsH0H4MI%3D&ctoken_ver=1.0.1&ctoken=d356f0bae5ca9abd01785bf204c57fbcd775c5620d0e24f80fdf59ab34b681638959674f474b5999ba66516ca547b0c7&_r=0.8939485081047327 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://hulkhogahtt.anakembok.de/apps/login/home/ot?hidePop=1#login Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: https://hulkhogahtt.anakembok.de/(Line 5494) Message: Access to script at 'https://cdn.midasbuy.com/apps/activity/js/api/api.global.js' from origin 'https://hulkhogahtt.anakembok.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://cdn.midasbuy.com/apps/activity/js/api/api.global.js Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://hulkhogahtt.anakembok.de/receivemsg?buy_type_key=CURRENT_BUY_ITEM_SAVE_page_003229930379646939 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://hulkhogahtt.anakembok.de/apps/activity/api/activity-initialize/many-valid-events?appid=1450015065&country=ot&supportEmbed=1 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://aegis.qq.com/collect/whitelist?id=xEyy0TQ9LxaDmGDWQg&uin=uv_046123862290262841666404955068&version=1.42.25&aid=35fcd02b-d03e-4596-91f2-839317b83528&env=production&platform=3&netType=4&vp=1600%20%201200&sr=1600%20%201200&sessionId=session-1703460831461&from=https%3A%2F%2Fhulkhogahtt.anakembok.de%2F&referer=http%3A%2F%2Fmail.globaleventss.midasbuyspro.com%2F Message: Failed to load resource: the server responded with a status of 403 ()
other	warning	URL: https://kepler.captcha.qcloud.com/tencent-kepler.js?appId=9865970 Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu
other	warning	URL: https://kepler.captcha.qcloud.com/tencent-kepler.js?appId=9865970 Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu
other	warning	URL: https://kepler.captcha.qcloud.com/tencent-kepler.js?appId=9865970 Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu

mail.globaleventss.midasbuyspro.com Open in urlscan Pro 2606:4700:3035::6815:2759 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

130 Requests

96 %HTTPS

67 %IPv6

14 Domains

15 Subdomains

16 IPs

2 Countries

5115 kBTransfer

7680 kBSize

1 Cookies

0 Outgoing links

Redirected requests

130 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 15 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

mail.globaleventss.midasbuyspro.com Open in urlscan Pro
2606:4700:3035::6815:2759 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

130
Requests

96 %
HTTPS

67 %
IPv6

14
Domains

15
Subdomains

16
IPs

2
Countries

5115 kB
Transfer

7680 kB
Size

1
Cookies

130 HTTP transactions
15 data transactions