urlscan.io logo urlscan.io
SecurityTrails logo

writer.alineaku.co.id Open in urlscan Pro
45.130.230.53  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://writer.alineaku.co.id/content/34KPR4/zd/clients
Effective URL: https://writer.alineaku.co.id/content/34KPR4/zd/clients/
Submission: On May 09 via manual from PH — Scanned from SG
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 1 HTTP transactions. The main IP is 45.130.230.53, located in Singapore and belongs to AS-HOSTINGER, CY. The main domain is writer.alineaku.co.id.
TLS certificate: Issued by R3 on March 25th 2023. Valid for: 3 months.
This is the only time writer.alineaku.co.id was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Postbank (Banking)

Domain & IP information

IP Address AS Autonomous System
2 3 45.130.230.53 47583 (AS-HOSTINGER)
1 2
Apex Domain
Subdomains		 Transfer
3 alineaku.co.id
writer.alineaku.co.id
563 KB
1 1
Domain Requested by
3 writer.alineaku.co.id 2 redirects
1 1

This site contains links to these domains. Also see Links.

Domain
www.postbank.de
Subject Issuer Validity Valid
writer.alineaku.co.id
R3		 2023-03-25 -
2023-06-23		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://writer.alineaku.co.id/content/34KPR4/zd/clients/
Frame ID: 648093E95BB32D60D9E8045238920DAC
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Postbank Banking & Brokerage

Page URL History Show full URLs

  1. http://writer.alineaku.co.id/content/34KPR4/zd/clients HTTP 301
    https://writer.alineaku.co.id/content/34KPR4/zd/clients HTTP 301
    https://writer.alineaku.co.id/content/34KPR4/zd/clients/ Page URL

Page Statistics

1
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

613 kB
Transfer

1561 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://writer.alineaku.co.id/content/34KPR4/zd/clients HTTP 301
    https://writer.alineaku.co.id/content/34KPR4/zd/clients HTTP 301
    https://writer.alineaku.co.id/content/34KPR4/zd/clients/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
writer.alineaku.co.id/content/34KPR4/zd/clients/
Redirect Chain
  • http://writer.alineaku.co.id/content/34KPR4/zd/clients
  • https://writer.alineaku.co.id/content/34KPR4/zd/clients
  • https://writer.alineaku.co.id/content/34KPR4/zd/clients/
1 MB
563 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://writer.alineaku.co.id/content/34KPR4/zd/clients/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.130.230.53 , Singapore, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
srv93.niagahoster.com
Software
LiteSpeed / Niagahoster
Resource Hash
039d3f592f13a313b222347d081def6d3e91dc571f445c5a557bf6bc617d9148
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language
zh-SG,zh;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 09 May 2023 03:41:58 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
LiteSpeed
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding,User-Agent
x-content-type-options
nosniff
x-powered-by
Niagahoster
x-xss-protection
1; mode=block

Redirect headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
707
content-type
text/html
date
Tue, 09 May 2023 03:41:58 GMT
location
https://writer.alineaku.co.id/content/34KPR4/zd/clients/
server
LiteSpeed
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
User-Agent
x-content-type-options
nosniff
x-powered-by
Niagahoster
x-xss-protection
1; mode=block
truncated
/ 		44 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
97fe447ddc107dc8b5f84af5b559f36c71eb2da143a98ef3080014d1f17c994a

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		243 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8c477933a91763dd80d66840a72f9b25bee4250bc4adb2ec15932d5f6a473ecf

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		7 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d4664dd3d67bd3bbe6653fe5273756db06a66ed9f6b2e3d317a28c5bd04ecb90

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fdff80a70c9c788e4c93d02eff684aa381d0f26bf9565edfd1bfdb15c602b4e4

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
be4beee7d867a4c4702b8ab281d1d11884a6b7ae9a5e74aac6b141000cb248de

Request headers

Referer
Origin
https://writer.alineaku.co.id
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
55cb206a77ff71092c309352fcb5927a389382ae678bab55f85ab13ed6239d31

Request headers

Referer
Origin
https://writer.alineaku.co.id
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Type
font/woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Postbank (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless

1 Cookies

Domain/Path Name / Value
writer.alineaku.co.id/ Name: PHPSESSID
Value: c13e07fb5b99b2eecdc0e739c575546e

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block