Report - mgcreativeworld.com/new.html

Report Overview

Visitedpublic

2025-07-12 19:13:28

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
dump.li	unknown	unknown	2023-05-05	2025-07-05	451 B	2.4 kB	172.67.167.142
www.ionos.com	211472	2000-02-29	2018-10-29	2025-06-29	438 B	16 kB	74.208.4.76
ce1.uicdn.net	136303	2010-08-25	2017-02-01	2025-07-10	2.6 kB	535 kB	213.165.66.58
mgcreativeworld.com	unknown	2022-01-30	2025-03-27	2025-04-10	496 B	60 kB	34.68.50.78

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-07-12	medium	javascript.write.md5:2151b7472dfff0f3ccec12c96b7aee6f	Detects file containing Telegram Bot API
2025-07-12	medium	javascript.script.md5:bcbfabc04c53d17eca364cf118cf6e07	Detects file containing Telegram Bot API

OpenPhish

No alerts detected

PhishTank

Scan Date	Severity	Indicator	Alert
2025-04-09	medium	mgcreativeworld.com/new.html	Other

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Telegram Bot detected (2)

URL

mgcreativeworld.com/new.html

IP / ASN

34.68.50.78

#396982 GOOGLE-CLOUD-PLATFORM

Token

7691627832:AAF1xXab3lbftuiUYoUfAG1vo-5RPq3j1zI

Bot Overview

User ID7691627832

Usernameeim1234_bot

First Nameeim

Last NameN/A

Chat Info

Chat ID5854891060

Chat Typeprivate

TitleN/A

User Count2

Admins0

Pending Msgs0

Token

7691627832:AAF1xXab3lbftuiUYoUfAG1vo-5RPq3j1zI

Bot Overview

User ID7691627832

Usernameeim1234_bot

First Nameeim

Last NameN/A

Chat Info

Chat ID5854891060

Chat Typeprivate

TitleN/A

User Count2

Admins0

Pending Msgs0

JavaScript (3)

URL

From

Size

First Seen

Last Seen

mgcreativeworld.com/new.html

ScriptElement

59 kB

2025-04-10

2025-07-12

mgcreativeworld.com/new.html

ScriptElement

3.4 kB

2025-04-10

2025-07-12

URL

mgcreativeworld.com/new.html

IP / ASN

34.68.50.78

#396982 GOOGLE-CLOUD-PLATFORM

Introduced by ScriptElement

Embedded false

Resource Info

First Seen 2025-04-10

Last Seen 2025-07-12

Times Seen 4

Size 3.4 kB (3363 bytes)

MD5 bcbfabc04c53d17eca364cf118cf6e07

SHA1 92fef31974edf23f8c7455bb5c853f6fc2eb7c48

SHA256 47aaf454cd6237d19a40c7304ed1d420b8f6e88bff252591d3a9846329f43ba4

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detects file containing Telegram Bot API

Format Code

HASH

FROM

Size

First Seen

Last Seen

2151b7472dfff0f3ccec12c96b7aee6f

DocumentWrite

8.1 kB

2025-04-10

2025-07-12

Introduced by DocumentWrite

First Seen 2025-04-10

Last Seen 2025-07-12

Times Seen 4

Size 8.1 kB (8143 bytes)

MD5 2151b7472dfff0f3ccec12c96b7aee6f

SHA1 31e11e9283cec755c69c9af8fad8807cc3a52b16

SHA256 9a0d72fdb437ab5c938e1f0ab4bd9e1dd136163b90472f4754614b7b055eb087

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detects file containing Telegram Bot API

Format Code

HTTP Transactions (8)

URL IP Response Size

GET dump.li/image/get/38a592d7d31a956f.png

172.67.167.142

200 OK

1.4 kB

URL GET HTTPS

dump.li/image/get/38a592d7d31a956f.png

IP / ASN

172.67.167.142

#13335 CLOUDFLARENET

Requested byhttps://mgcreativeworld.com/new.html

Resource Info

File typePNG image data, 49 x 43, 8-bit/color RGB, non-interlaced

First Seen2025-04-05

Last Seen2025-07-12

Times Seen5

Size1.4 kB (1412 bytes)

MD55996e920c13503ab9f706cb3a5958245

SHA1b81bcfa305804ebd51534d6156e3760dc5d9152a

SHA256ec9e8d3ff365f90023f1d1f430f139b18d577920ddc16b3cdd91cd6de54adc6a

Certificate Info

IssuerGoogle Trust Services

Subjectdump.li

FingerprintF9:61:42:3B:86:6F:AF:7A:77:AA:34:A1:1B:BA:FC:71:FB:29:6F:91

ValidityTue, 01 Jul 2025 22:58:23 GMT - Mon, 29 Sep 2025 23:56:38 GMT

HTTP Headers

GET /image/get/38a592d7d31a956f.png HTTP/1.1
Host: dump.li
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mgcreativeworld.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 12 Jul 2025 19:13:08 GMT
content-type: image/png
content-length: 1412
server: cloudflare
last-modified: Thu, 14 Nov 2024 03:47:59 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
etag: "673572ef-584"
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: no-referrer
cache-control: public, max-age=21600, no-transform
onion-location: http://dumpliwoard5qsrrsroni7bdiishealhky4snigbzfmzcquwo3kml4id.onion/image/get/38a592d7d31a956f.png
accept-ranges: bytes
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=wcGKi032uFK8Daf%2BuPMOefc85OWeCh5Vdn0JFQMZKpJ4vsn%2B1Ft%2FtR2bO0ppeXluhn3dgWRaH4kX14tJapxIREWNgSBD"}]}
cf-ray: 95e2db2b2dc7712b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET www.ionos.com/favicon.ico

74.208.4.76

200 OK

15 kB

URL GET HTTPS

www.ionos.com/favicon.ico

IP / ASN

74.208.4.76

#8560 IONOS SE

Requested byhttps://mgcreativeworld.com/new.html

Resource Info

File typeMS Windows icon resource - 7 icons, 16x16, 16 colors, 4 bits/pixel, 24x24, 16 colors, 4 bits/pixel

First Seen2024-12-15

Last Seen2025-08-07

Times Seen306

Size15 kB (15374 bytes)

MD502754188af3cd6ce8d5d667d9e0c221f

SHA1d428818ab8bcf6a940b8a805623f08aa103035cf

SHA25659d1851201c19f172a23ad22ec040876d20be83c5fbe561f7294b37b3d5e010a

Certificate Info

IssuerDigiCert Inc

Subjectionos.com

Fingerprint95:4F:27:14:39:F5:79:6E:D2:90:8B:9D:68:A5:78:08:46:1C:DE:AB

ValidityMon, 30 Sep 2024 00:00:00 GMT - Fri, 17 Oct 2025 23:59:59 GMT

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.ionos.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mgcreativeworld.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 12 Jul 2025 19:13:09 GMT
content-type: image/vnd.microsoft.icon
content-length: 15374
set-cookie: DPX=v1:VnR+S2u62d:qxgybo2H:6872c1da:us; Path=/; Expires=Sat, 12-Jul-25 20:13:09 GMT; HttpOnly; Secure; SameSite=Lax
server: Apache
strict-transport-security: max-age=31536000
last-modified: Thu, 10 Jul 2025 13:48:42 GMT
etag: "3c0e-63993738f2280"
accept-ranges: bytes
content-security-policy: frame-ancestors 'self'
X-Firefox-Spdy: h2

GET ce1.uicdn.net/exos/icons/exos-icon-font.woff2?v=23

213.165.66.58

200 OK

37 kB

URL GET HTTPS

ce1.uicdn.net/exos/icons/exos-icon-font.woff2?v=23

IP / ASN

213.165.66.58

#8560 IONOS SE

Requested byhttps://mgcreativeworld.com/new.html

Resource Info

File typeWeb Open Font Format (Version 2), TrueType, length 36784, version 1.0

First Seen2024-08-30

Last Seen2025-08-08

Times Seen272

Size37 kB (36784 bytes)

MD51e976fb9405de7dc67bcc57d78ba3ff0

SHA149f2aff241029457c95cf65612aa1be7518ffdeb

SHA256c827f6cf31c0fc0588765a009b549055a3db1ac08b9fa7de15c6247f5eafcff0

Certificate Info

IssuerSectigo Limited

Subjectce1.uicdn.net

FingerprintD1:33:C1:A2:B9:9A:07:8A:31:FE:65:07:D0:52:2A:70:A1:3C:54:43

ValidityTue, 25 Feb 2025 00:00:00 GMT - Wed, 25 Feb 2026 23:59:59 GMT

HTTP Headers

GET /exos/icons/exos-icon-font.woff2?v=23 HTTP/1.1
Host: ce1.uicdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mgcreativeworld.com
DNT: 1
Connection: keep-alive
Referer: https://ce1.uicdn.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 12 Jul 2025 19:13:08 GMT
content-type: application/font-woff2
content-length: 36784
set-cookie: DPX=v1:7Pnf9IQHdL:JtTY6a51:6872c1d9:gb; Path=/; Expires=Sat, 12-Jul-25 20:13:08 GMT; HttpOnly; Secure; SameSite=Lax
server: Apache
last-modified: Tue, 13 Aug 2024 10:59:35 GMT
cache-control: max-age=31536000
expires: Wed, 24 Jun 2026 14:11:57 GMT
access-control-allow-origin: *
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET ce1.uicdn.net/exos/fonts/open-sans/opensans-regular.woff2

213.165.66.58

200 OK

19 kB

URL GET HTTPS

ce1.uicdn.net/exos/fonts/open-sans/opensans-regular.woff2

IP / ASN

213.165.66.58

#8560 IONOS SE

Requested byhttps://mgcreativeworld.com/new.html

Resource Info

File typeWeb Open Font Format (Version 2), TrueType, length 18668, version 1.0

First Seen2023-12-15

Last Seen2025-08-08

Times Seen12295

Size19 kB (18668 bytes)

MD58655d20bbcc8cdbfab17b6be6cf55df3

SHA190edbfa9a7dabb185487b4774076f82eb6412270

SHA256e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6

Certificate Info

IssuerSectigo Limited

Subjectce1.uicdn.net

FingerprintD1:33:C1:A2:B9:9A:07:8A:31:FE:65:07:D0:52:2A:70:A1:3C:54:43

ValidityTue, 25 Feb 2025 00:00:00 GMT - Wed, 25 Feb 2026 23:59:59 GMT

HTTP Headers

GET /exos/fonts/open-sans/opensans-regular.woff2 HTTP/1.1
Host: ce1.uicdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mgcreativeworld.com
DNT: 1
Connection: keep-alive
Referer: https://ce1.uicdn.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 12 Jul 2025 19:13:08 GMT
content-type: application/font-woff2
content-length: 18668
set-cookie: DPX=v1:MHnJaZjTiR:DE82Y9fS:6872c1d9:gb; Path=/; Expires=Sat, 12-Jul-25 20:13:08 GMT; HttpOnly; Secure; SameSite=Lax
server: Apache
last-modified: Mon, 02 Jun 2025 11:49:21 GMT
cache-control: max-age=31536000
expires: Wed, 24 Jun 2026 14:11:57 GMT
access-control-allow-origin: *
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET ce1.uicdn.net/exos/fonts/overpass/overpass-semibold.woff2

213.165.66.58

200 OK

33 kB

URL GET HTTPS

ce1.uicdn.net/exos/fonts/overpass/overpass-semibold.woff2

IP / ASN

213.165.66.58

#8560 IONOS SE

Requested byhttps://mgcreativeworld.com/new.html

Resource Info

File typeWeb Open Font Format (Version 2), TrueType, length 33252, version 3.0

First Seen2024-08-30

Last Seen2025-08-08

Times Seen185

Size33 kB (33252 bytes)

MD5dc461a1d2d82d3751bf3e267372e3de8

SHA146a8f730dd1297bb02670e9ae750a555b9f89637

SHA25612da6857fa2a0c01d0474860bc4a6e4c636faafce7cc93fe184f412b961e01f1

Certificate Info

IssuerSectigo Limited

Subjectce1.uicdn.net

FingerprintD1:33:C1:A2:B9:9A:07:8A:31:FE:65:07:D0:52:2A:70:A1:3C:54:43

ValidityTue, 25 Feb 2025 00:00:00 GMT - Wed, 25 Feb 2026 23:59:59 GMT

HTTP Headers

GET /exos/fonts/overpass/overpass-semibold.woff2 HTTP/1.1
Host: ce1.uicdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mgcreativeworld.com
DNT: 1
Connection: keep-alive
Referer: https://ce1.uicdn.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 12 Jul 2025 19:13:08 GMT
content-type: application/font-woff2
content-length: 33252
set-cookie: DPX=v1:KXP8g3dHvm:XsiL78hJ:6872c1d9:gb; Path=/; Expires=Sat, 12-Jul-25 20:13:08 GMT; HttpOnly; Secure; SameSite=Lax
server: Apache
last-modified: Tue, 12 Jun 2018 09:26:11 GMT
cache-control: max-age=31536000
expires: Wed, 24 Jun 2026 14:11:57 GMT
access-control-allow-origin: *
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET ce1.uicdn.net/exos/fonts/open-sans/opensans-semibold.woff2

213.165.66.58

200 OK

19 kB

URL GET HTTPS

ce1.uicdn.net/exos/fonts/open-sans/opensans-semibold.woff2

IP / ASN

213.165.66.58

#8560 IONOS SE

Requested byhttps://mgcreativeworld.com/new.html

Resource Info

File typeWeb Open Font Format (Version 2), TrueType, length 18596, version 1.0

First Seen2023-12-15

Last Seen2025-08-08

Times Seen838

Size19 kB (18596 bytes)

MD5c1422f94ea801088e9b159a80afd514b

SHA1b49d3cb83589976dde1166aa38dcb553620a0498

SHA2567f7fcda5f37c18def2314b911b02417b773c4f459df0d25931ffa7389b872b89

Certificate Info

IssuerSectigo Limited

Subjectce1.uicdn.net

FingerprintD1:33:C1:A2:B9:9A:07:8A:31:FE:65:07:D0:52:2A:70:A1:3C:54:43

ValidityTue, 25 Feb 2025 00:00:00 GMT - Wed, 25 Feb 2026 23:59:59 GMT

HTTP Headers

GET /exos/fonts/open-sans/opensans-semibold.woff2 HTTP/1.1
Host: ce1.uicdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mgcreativeworld.com
DNT: 1
Connection: keep-alive
Referer: https://ce1.uicdn.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 12 Jul 2025 19:13:08 GMT
content-type: application/font-woff2
content-length: 18596
set-cookie: DPX=v1:/FMkU49iaH:45XPQz4N:6872c1d9:gb; Path=/; Expires=Sat, 12-Jul-25 20:13:08 GMT; HttpOnly; Secure; SameSite=Lax
server: Apache
last-modified: Mon, 02 Jun 2025 11:49:21 GMT
cache-control: max-age=31536000
expires: Wed, 24 Jun 2026 14:11:57 GMT
access-control-allow-origin: *
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET mgcreativeworld.com/new.html

34.68.50.78

200 OK

59 kB

URL User Request GET HTTPS

mgcreativeworld.com/new.html

IP / ASN

34.68.50.78

#396982 GOOGLE-CLOUD-PLATFORM

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (59134), with CRLF line terminators

First Seen2025-04-10

Last Seen2025-07-12

Times Seen3

Size59 kB (59186 bytes)

MD54ad6f721b4f50fbe053a929efddd436a

SHA1cd02f74b9ae479bc77a913e59234c47b291c8f5a

SHA256924ed1b9b2e753295d16f97f83cfd14c0e2ebdb45b651c5c60f84be8fcbd6edb

Certificate Info

IssuerLet's Encrypt

Subjectmgcreativeworld.com

Fingerprint5D:C4:D7:04:9F:EB:8E:26:38:F3:6E:EA:12:E3:FF:5F:37:10:F4:45

ValiditySun, 08 Jun 2025 04:24:37 GMT - Sat, 06 Sep 2025 04:24:36 GMT

Detections

Analyzer	Verdict	Alert
PhishTank	phishing	Other
urlquery	suspicious	Suspicious - Suspicious Javascript code

HTTP Headers

GET /new.html HTTP/1.1
Host: mgcreativeworld.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 19:13:07 GMT
content-type: text/html
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie
last-modified: Tue, 11 Mar 2025 08:27:53 GMT
etag: W/"67cff409-e732"
x-cacheable: SHORT
cache-control: max-age=600, must-revalidate
x-cache: HIT: 13
x-cache-group: normal
content-encoding: br
X-Firefox-Spdy: h2

GET ce1.uicdn.net/exos/framework/3.0/ionos.min.css

213.165.66.58

200 OK

425 kB

URL GET HTTPS

ce1.uicdn.net/exos/framework/3.0/ionos.min.css

IP / ASN

213.165.66.58

#8560 IONOS SE

Requested byhttps://mgcreativeworld.com/new.html

Resource Info

File typeUnicode text, UTF-8 text, with very long lines (65455)

First Seen2025-07-12

Last Seen2025-07-13

Times Seen3

Size425 kB (425226 bytes)

MD588ceb0cf35d563d0bc8c9e2862a86622

SHA1c4f4af6c7f41c48277652ea4785c1b7c242bc508

SHA2562ef68c7a8171054edb038729128ce79967cc99889f7e01974dcb1e8d71f5bf17

Certificate Info

IssuerSectigo Limited

Subjectce1.uicdn.net

FingerprintD1:33:C1:A2:B9:9A:07:8A:31:FE:65:07:D0:52:2A:70:A1:3C:54:43

ValidityTue, 25 Feb 2025 00:00:00 GMT - Wed, 25 Feb 2026 23:59:59 GMT

HTTP Headers

GET /exos/framework/3.0/ionos.min.css HTTP/1.1
Host: ce1.uicdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mgcreativeworld.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 12 Jul 2025 19:13:08 GMT
content-type: text/css
content-length: 55859
set-cookie: DPX=v1:i++19mmSKE:DQvTuzI1:6872c1d9:gb; Path=/; Expires=Sat, 12-Jul-25 20:13:08 GMT; HttpOnly; Secure; SameSite=Lax
server: Apache
last-modified: Fri, 11 Jul 2025 21:23:03 GMT
vary: Accept-Encoding
content-encoding: br
cache-control: max-age=43200, public
expires: Sun, 12 Jul 2026 14:36:06 GMT
access-control-allow-origin: *
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2