just4dev.id - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 6 HTTP transactions. The main IP is 103.167.112.141, located in Indonesia and belongs to IDNIC-ANTMEDIAHOST-AS-ID PT Semut Data Indonesia, ID. The main domain is just4dev.id.
TLS certificate: Issued by cPanel, Inc. Certification Authority on March 15th 2022. Valid for: 3 months.

This is the only time just4dev.id was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	192.185.164.99 192.185.164.99	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1 5	103.167.112.141 103.167.112.141	139457 (IDNIC-ANT...) (IDNIC-ANTMEDIAHOST-AS-ID PT Semut Data Indonesia)
2	152.199.23.72 152.199.23.72	15133 (EDGECAST) (EDGECAST)
6	2

1 192.185.164.99 (United States) 1 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 192-185-164-99.unifiedlayer.com

tullowoil.walllightsfixture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 103.167.112.141 (Indonesia) 1 redirects

ASN139457 (IDNIC-ANTMEDIAHOST-AS-ID PT Semut Data Indonesia, ID)

just4dev.id	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 152.199.23.72 (United States)

ASN15133 (EDGECAST, US)

aadcdn.msauthimages.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	just4dev.id 1 redirects just4dev.id	113 KB
2	msauthimages.net aadcdn.msauthimages.net — Cisco Umbrella Rank: 3891	116 KB
1	walllightsfixture.com 1 redirects tullowoil.walllightsfixture.com	327 B
6	3

	Domain	Requested by
5	just4dev.id	1 redirects just4dev.id
2	aadcdn.msauthimages.net	just4dev.id
1	tullowoil.walllightsfixture.com	1 redirects
6	3

This site contains no links.

Subject Issuer	Validity	Valid
just4dev.id cPanel, Inc. Certification Authority	`2022-03-15` - `2022-06-13`	3 months	crt.sh
aadcdn.msauthimages.net Microsoft Azure TLS Issuing CA 02	`2021-06-08` - `2022-06-03`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://just4dev.id/ce/login.php?ss=2&ea=5746f6d2e736861726d616e4074756c6c6f776f696c2e636f6d
Frame ID: D146CB9E234DCD902D8A591033E03C9D
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in

Page URL History Show full URLs

http://tullowoil.walllightsfixture.com/5746f6d2e736861726d616e4074756c6c6f776f696c2e636f6d HTTP 302
https://just4dev.id/ce/index?ss=2&ea=5746f6d2e736861726d616e4074756c6c6f776f696c2e636f6d HTTP 302
https://just4dev.id/ce/login.php?ss=2&ea=5746f6d2e736861726d616e4074756c6c6f776f696c2e636f6d Page URL

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

229 kB
Transfer

227 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://tullowoil.walllightsfixture.com/5746f6d2e736861726d616e4074756c6c6f776f696c2e636f6d HTTP 302
https://just4dev.id/ce/index?ss=2&ea=5746f6d2e736861726d616e4074756c6c6f776f696c2e636f6d HTTP 302
https://just4dev.id/ce/login.php?ss=2&ea=5746f6d2e736861726d616e4074756c6c6f776f696c2e636f6d Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request login.php Show response just4dev.id/ce/ Redirect Chain http://tullowoil.walllightsfixture.com/5746f6d2e736861726d616e4074756c6c6f776f696c2e636f6d https://just4dev.id/ce/index?ss=2&ea=5746f6d2e736861726d616e4074756c6c6f776f696c2e636f6d https://just4dev.id/ce/login.php?ss=2&ea=5746f6d2e736861726d616e4074756c6c6f776f696c2e636f6d	11 KB 11 KB	892ms 892ms	Document text/html	103.167.112.141 IDNIC-ANTMEDIAHOS...
General Check archive.org Show headers Download Go to Full URL https://just4dev.id/ce/login.php?ss=2&ea=5746f6d2e736861726d616e4074756c6c6f776f696c2e636f6d Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.167.112.141 , Indonesia, ASN139457 (IDNIC-ANTMEDIAHOST-AS-ID PT Semut Data Indonesia, ID), Reverse DNS Software Apache / Resource Hash `6b50bb72f47e346c4ff3ee79c2e001eddec41f01b99d8e11a0b8435ccdd88044` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Mon, 25 Apr 2022 11:52:38 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=99 Pragma no-cache Server Apache Transfer-Encoding chunked Redirect headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Length 0 Content-Type text/html; charset=UTF-8 Date Mon, 25 Apr 2022 11:52:38 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=100 Pragma no-cache Server Apache location login.php?ss=2&ea=5746f6d2e736861726d616e4074756c6c6f776f696c2e636f6d
GET H/1.1	200 OK	Converged1033.css just4dev.id/ce/files/	99 KB 100 KB	197ms 196ms	Stylesheet text/css	103.167.112.141 IDNIC-ANTMEDIAHOS...
General Check archive.org Show headers Download Go to Full URL https://just4dev.id/ce/files/Converged1033.css Requested by Host: just4dev.id URL: https://just4dev.id/ce/login.php?ss=2&ea=5746f6d2e736861726d616e4074756c6c6f776f696c2e636f6d Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.167.112.141 , Indonesia, ASN139457 (IDNIC-ANTMEDIAHOST-AS-ID PT Semut Data Indonesia, ID), Reverse DNS Software Apache / Resource Hash `c7813d74ea586bd46be064ae15384fcb9f3a2279cc108adf711d8fa8ea523435` Request headers accept-language en-GB,en;q=0.9 Referer https://just4dev.id/ce/login.php?ss=2&ea=5746f6d2e736861726d616e4074756c6c6f776f696c2e636f6d User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers Date Mon, 25 Apr 2022 11:52:39 GMT Last-Modified Sat, 17 Oct 2020 05:15:48 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 101751
GET H2	200	bannerlogo aadcdn.msauthimages.net/c1c6b6c8-xvkienrbwb-u5fdvcoc-rn8qbhi-my7rq9kpowhoiru/logintenantbranding/0/	5 KB 6 KB	159ms 31ms	Image image/*	152.199.23.72 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://aadcdn.msauthimages.net/c1c6b6c8-xvkienrbwb-u5fdvcoc-rn8qbhi-my7rq9kpowhoiru/logintenantbranding/0/bannerlogo?ts=637064182756707630 Requested by Host: just4dev.id URL: https://just4dev.id/ce/login.php?ss=2&ea=5746f6d2e736861726d616e4074756c6c6f776f696c2e636f6d Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.23.72 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (lha/8D2E) / Resource Hash `a5059a0a64284e1dab7a25c9bde18f637f55d7adfdec2549797e952748293c61` Request headers accept-language en-GB,en;q=0.9 Referer https://just4dev.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob date Mon, 25 Apr 2022 11:52:39 GMT last-modified Fri, 11 Oct 2019 19:17:55 GMT server ECAcc (lha/8D2E) content-md5 IUaDt3D5swBRqPQKe20cEA== age 10684 etag 0x8D74E7FB887DAC9 x-cache HIT content-type image/* x-ms-request-id 85306ee3-801e-0051-0382-5832c7000000 cache-control public, max-age=86400 x-ms-version 2009-09-19 accept-ranges bytes content-length 5587
GET H/1.1	200 OK	arrow_left.png just4dev.id/ce/files/	240 B 482 B	585ms 195ms	Image image/png	103.167.112.141 IDNIC-ANTMEDIAHOS...
General Check archive.org Show headers Download Go to Show image Full URL https://just4dev.id/ce/files/arrow_left.png Requested by Host: just4dev.id URL: https://just4dev.id/ce/login.php?ss=2&ea=5746f6d2e736861726d616e4074756c6c6f776f696c2e636f6d Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.167.112.141 , Indonesia, ASN139457 (IDNIC-ANTMEDIAHOST-AS-ID PT Semut Data Indonesia, ID), Reverse DNS Software Apache / Resource Hash `ab50358475adae73a435466c72d1a48ab124e8ae06614663716a46dce5ac8b83` Request headers accept-language en-GB,en;q=0.9 Referer https://just4dev.id/ce/login.php?ss=2&ea=5746f6d2e736861726d616e4074756c6c6f776f696c2e636f6d User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers Date Mon, 25 Apr 2022 11:52:40 GMT Last-Modified Sat, 17 Oct 2020 05:15:48 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 240
GET H/1.1	200 OK	1-small.jpg just4dev.id/ce/files2/	987 B 1 KB	196ms 196ms	Image image/jpeg	103.167.112.141 IDNIC-ANTMEDIAHOS...
General Check archive.org Show headers Download Go to Show image Full URL https://just4dev.id/ce/files2/1-small.jpg Requested by Host: just4dev.id URL: https://just4dev.id/ce/login.php?ss=2&ea=5746f6d2e736861726d616e4074756c6c6f776f696c2e636f6d Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.167.112.141 , Indonesia, ASN139457 (IDNIC-ANTMEDIAHOST-AS-ID PT Semut Data Indonesia, ID), Reverse DNS Software Apache / Resource Hash `8b34a475187302935336bf43a2bf2a4e0adb9a1e87953ea51f6fcf0ef52a4a1d` Request headers accept-language en-GB,en;q=0.9 Referer https://just4dev.id/ce/login.php?ss=2&ea=5746f6d2e736861726d616e4074756c6c6f776f696c2e636f6d User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers Date Mon, 25 Apr 2022 11:52:40 GMT Last-Modified Sat, 17 Oct 2020 05:15:48 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 987
GET H2	200	illustration aadcdn.msauthimages.net/c1c6b6c8-xvkienrbwb-u5fdvcoc-rn8qbhi-my7rq9kpowhoiru/logintenantbranding/0/	110 KB 110 KB	30ms 30ms	Image image/*	152.199.23.72 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://aadcdn.msauthimages.net/c1c6b6c8-xvkienrbwb-u5fdvcoc-rn8qbhi-my7rq9kpowhoiru/logintenantbranding/0/illustration?ts=637064182748968363 Requested by Host: just4dev.id URL: https://just4dev.id/ce/login.php?ss=2&ea=5746f6d2e736861726d616e4074756c6c6f776f696c2e636f6d Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.23.72 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (lha/8C9F) / Resource Hash `2a5292148efc4d6e45267f1892851e11a5f7219fef8b62dedbd21846b471b069` Request headers accept-language en-GB,en;q=0.9 Referer https://just4dev.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob date Mon, 25 Apr 2022 11:52:40 GMT last-modified Fri, 11 Oct 2019 19:17:55 GMT server ECAcc (lha/8C9F) content-md5 XdQMK7CXNJCb5roLrIh+Pg== age 10685 etag 0x8D74E7FB81527FD x-cache HIT content-type image/* x-ms-request-id 64276578-001e-004b-4b82-581da8000000 cache-control public, max-age=86400 x-ms-version 2009-09-19 accept-ranges bytes content-length 112729

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			just4dev.id/	1969-12-31 23:59:59	Name: PHPSESSID Value: d5876dfffd7dd3be323e06a6252bdc42

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msauthimages.net
just4dev.id
tullowoil.walllightsfixture.com
103.167.112.141
152.199.23.72
192.185.164.99
2a5292148efc4d6e45267f1892851e11a5f7219fef8b62dedbd21846b471b069
6b50bb72f47e346c4ff3ee79c2e001eddec41f01b99d8e11a0b8435ccdd88044
8b34a475187302935336bf43a2bf2a4e0adb9a1e87953ea51f6fcf0ef52a4a1d
a5059a0a64284e1dab7a25c9bde18f637f55d7adfdec2549797e952748293c61
ab50358475adae73a435466c72d1a48ab124e8ae06614663716a46dce5ac8b83
c7813d74ea586bd46be064ae15384fcb9f3a2279cc108adf711d8fa8ea523435

just4dev.id Open in urlscan Pro 103.167.112.141 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

6 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

2 IPs

2 Countries

229 kBTransfer

227 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

1 Cookies

Indicators

just4dev.id Open in urlscan Pro
103.167.112.141 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

229 kB
Transfer

227 kB
Size

1
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!