penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh Open in urlscan Pro
69.49.245.167 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://l.wl.co/l?u=https://abre.ai/ejY2?userid=sG3NuFMi
Effective URL:
http://penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/
Submission: On April 09 via automatic, source phishtank (April 9th 2022, 9:10:02 am UTC) — Scanned from DE

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 11 HTTP transactions. The main IP is 69.49.245.167, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh.

This is the only time penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1	2a03:2880:f01... 2a03:2880:f01c:800e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
1	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1 1	157.245.218.1 157.245.218.1	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
9	69.49.245.167 69.49.245.167	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
11	3

1 2a03:2880:f01c:800e:face:b00c:0:2 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

l.wl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.245.218.1 (Clifton, United States) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

abre.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 69.49.245.167 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 69-49-245-167.unifiedlayer.com

penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	nerdpol.ovh penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh	199 KB
1	abre.ai 1 redirects abre.ai — Cisco Umbrella Rank: 963636	702 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 100
1	wl.co l.wl.co — Cisco Umbrella Rank: 370530	839 B
11	4

	Domain	Requested by
9	penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh	l.wl.co penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh
1	abre.ai	1 redirects
1	www.facebook.com	l.wl.co
1	l.wl.co
11	4

This site contains no links.

Subject Issuer	Validity	Valid
*.wl.co DigiCert SHA2 High Assurance Server CA	`2022-01-18` - `2022-04-16`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-01-16` - `2022-04-16`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/
Frame ID: E902DA6F7794A57A732CBB4D65561C79
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

PayPal

Page URL History Show full URLs

https://l.wl.co/l?u=https://abre.ai/ejY2?userid=sG3NuFMi Page URL
https://abre.ai/ejY2?userid=sG3NuFMi HTTP 302
http://penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/ Page URL

Page Statistics

11
Requests

18 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

200 kB
Transfer

526 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://l.wl.co/l?u=https://abre.ai/ejY2?userid=sG3NuFMi Page URL
https://abre.ai/ejY2?userid=sG3NuFMi HTTP 302
http://penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 l
l.wl.co/ 230 B
839 B 450ms
416ms Document
text/html 2a03:2880:f01c:800e:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://l.wl.co/l?u=https://abre.ai/ejY2?userid=sG3NuFMi

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:800e:face:b00c:0:2 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' data: blob: https://.wl.co https://.fbcdn.net;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src 'self' 'unsafe-inline' data: blob: https://*.wl.co https://*.fbcdn.net;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: rollout
date: Sat, 09 Apr 2022 09:09:55 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
pragma: no-cache
priority: u=3,i
referrer-policy: origin
refresh: 1;URL=https://abre.ai/ejY2?userid=sG3NuFMi
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: hG6VeiSl4wHvF5pAsZ9oNrC3wnFFjJZk5uXkDG8E6G2T9YIzIPntVSfIePiFanqqBMOfxHNeN0Q4G9JhOPXGMA==
x-frame-options: DENY
x-robots-tag: noindex, nofollow
x-xss-protection: 0

POST
H2 200 /
www.facebook.com/csp/reporting/ 0
0 374ms
42ms Other
text/html 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL: https://www.facebook.com/csp/reporting/?m=c&minimize=0
Requested by: Host: l.wl.co
URL: https://l.wl.co/l?u=https://abre.ai/ejY2?userid=sG3NuFMi
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://l.wl.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/csp-report

Response headers

GET
H/1.1

200
OK

Primary Request / Show response
penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/
Redirect Chain

https://abre.ai/ejY2?userid=sG3NuFMi
http://penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/

3 KB
3 KB

1126ms
925ms

Document
text/html

69.49.245.167
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: http://penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/
Requested by: Host: l.wl.co
URL: https://l.wl.co/l?u=https://abre.ai/ejY2?userid=sG3NuFMi
Protocol: HTTP/1.1
Server: 69.49.245.167 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 69-49-245-167.unifiedlayer.com
Software: Apache /
Resource Hash: 78600bb1a7281bf5f5421c8fd45eef8081546bf955ee1d836d1eb2ed35854365

Request headers

Referer: https://l.wl.co/l?u=https://abre.ai/ejY2?userid=sG3NuFMi
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Sat, 09 Apr 2022 09:09:55 GMT
Keep-Alive: timeout=5, max=100
Server: Apache
Transfer-Encoding: chunked

Redirect headers

Cache-Control: no-cache
Connection: keep-alive
Content-Security-Policy: script-src 'self' https: 'unsafe-inline' *.jivosite.com
Content-Type: text/html; charset=utf-8
Date: Sat, 09 Apr 2022 09:09:56 GMT
Location: http://penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx/1.19.2
Strict-Transport-Security: max-age=63072000; includeSubDomains
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 79e3b2e8-c57f-4e4e-8ae8-264919170acd
X-Runtime: 0.035051
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK main.1bf05a09.chunk.css
penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/static/css/ 139 KB
40 KB 171ms
170ms Stylesheet
text/css 69.49.245.167
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

http://penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/static/css/main.1bf05a09.chunk.css

Requested by

Host: penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh
URL: http://penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/

Protocol

HTTP/1.1

Server

69.49.245.167 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),

Reverse DNS

69-49-245-167.unifiedlayer.com

Software

Apache /

Resource Hash

43b5cdf326dfa86bedb4dd03a7b32dbc0bff4d3311bec59fde969b2149fa5e75

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Sat, 09 Apr 2022 09:09:56 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive, Keep-Alive
Vary: Accept-Encoding,User-Agent
Content-Length: 40324
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Last-Modified: Fri, 08 Apr 2022 01:23:02 GMT
Server: Apache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Methods: POST, OPTIONS, GET
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000, public
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Expires: Sun, 09 Apr 2023 09:09:56 GMT

GET
H/1.1 200
OK 4.58260827.chunk.js Show response
penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/static/js/ 249 KB
77 KB 300ms
174ms Script
application/javascript 69.49.245.167
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

http://penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/static/js/4.58260827.chunk.js

Requested by

Host: penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh
URL: http://penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/

Protocol

HTTP/1.1

Server

69.49.245.167 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),

Reverse DNS

69-49-245-167.unifiedlayer.com

Software

Apache /

Resource Hash

36e7d155b52f78355950ebf7afa9aa0f395c144b4a6521c2a27c4ce6885c5a39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Sat, 09 Apr 2022 09:09:56 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive, Keep-Alive
Vary: Accept-Encoding,User-Agent
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Last-Modified: Fri, 08 Apr 2022 01:23:02 GMT
Server: Apache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Methods: POST, OPTIONS, GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000, public
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Expires: Sun, 09 Apr 2023 09:09:56 GMT

GET
H/1.1 200
OK main.e76a36df.chunk.js Show response
penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/static/js/ 65 KB
22 KB 296ms
168ms Script
application/javascript 69.49.245.167
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

http://penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/static/js/main.e76a36df.chunk.js

Requested by

Host: penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh
URL: http://penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/

Protocol

HTTP/1.1

Server

69.49.245.167 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),

Reverse DNS

69-49-245-167.unifiedlayer.com

Software

Apache /

Resource Hash

8aceeff521a579f6a7430e43c9ea51bacda74704b0b94fc01db95894a0fb94bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Sat, 09 Apr 2022 09:09:56 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive, Keep-Alive
Vary: Accept-Encoding,User-Agent
Content-Length: 21631
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Last-Modified: Fri, 08 Apr 2022 01:23:02 GMT
Server: Apache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Methods: POST, OPTIONS, GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000, public
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Expires: Sun, 09 Apr 2023 09:09:56 GMT

GET
H/1.1 200
OK 0.d7cff5fd.chunk.js Show response
penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/static/js/ 16 KB
6 KB 161ms
161ms Script
application/javascript 69.49.245.167
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

http://penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/static/js/0.d7cff5fd.chunk.js

Requested by

Host: penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh
URL: http://penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/

Protocol

HTTP/1.1

Server

69.49.245.167 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),

Reverse DNS

69-49-245-167.unifiedlayer.com

Software

Apache /

Resource Hash

11ffe052c67a9eff263d5da7a4f9409fdbb69f68dacaf9192599a09a6019b9ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/signin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Sat, 09 Apr 2022 09:09:57 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive, Keep-Alive
Vary: Accept-Encoding,User-Agent
Content-Length: 5869
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Last-Modified: Fri, 08 Apr 2022 01:23:02 GMT
Server: Apache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Methods: POST, OPTIONS, GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000, public
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Expires: Sun, 09 Apr 2023 09:09:57 GMT

GET
H/1.1 200
OK 15.2d48b28b.chunk.js Show response
penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/static/js/ 7 KB
3 KB 179ms
178ms Script
application/javascript 69.49.245.167
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

http://penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/static/js/15.2d48b28b.chunk.js

Requested by

Host: penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh
URL: http://penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/

Protocol

HTTP/1.1

Server

69.49.245.167 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),

Reverse DNS

69-49-245-167.unifiedlayer.com

Software

Apache /

Resource Hash

487140b7b870dce2edb84b58be90dcabdc2479b3669811afa02a0176d76ac8c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/signin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Sat, 09 Apr 2022 09:09:57 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive, Keep-Alive
Vary: Accept-Encoding,User-Agent
Content-Length: 2173
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Last-Modified: Fri, 08 Apr 2022 01:23:02 GMT
Server: Apache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Methods: POST, OPTIONS, GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000, public
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Expires: Sun, 09 Apr 2023 09:09:57 GMT

POST
H/1.1 200
OK supply Show response
penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/api/ 1 KB
2 KB 243ms
243ms XHR
text/html 69.49.245.167
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: http://penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/api/supply
Requested by: Host: penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh
URL: http://penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/static/js/4.58260827.chunk.js
Protocol: HTTP/1.1
Server: 69.49.245.167 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 69-49-245-167.unifiedlayer.com
Software: Apache /
Resource Hash: 8af845889b0e399c2804855bc7f7dfe5c5aba3e07fee679d2ad59fddce2e84ff

Request headers

Accept: application/json, text/plain, */*
Referer: http://penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/signin
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Sat, 09 Apr 2022 09:09:57 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

POST
H/1.1 200
OK ping Show response
penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/api/ 2 B
208 B 672ms
544ms XHR
text/html 69.49.245.167
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: http://penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/api/ping
Requested by: Host: penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh
URL: http://penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/static/js/4.58260827.chunk.js
Protocol: HTTP/1.1
Server: 69.49.245.167 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 69-49-245-167.unifiedlayer.com
Software: Apache /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Accept: application/json, text/plain, */*
Referer: http://penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/signin
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/json

Response headers

Date: Sat, 09 Apr 2022 09:09:57 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK PayPalSansSmall-Light.0df09b05.woff
penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/static/media/ 46 KB
46 KB 174ms
174ms Font
font/woff 69.49.245.167
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

http://penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/static/media/PayPalSansSmall-Light.0df09b05.woff

Requested by

Host: penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh
URL: http://penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/static/css/main.1bf05a09.chunk.css

Protocol

HTTP/1.1

Server

69.49.245.167 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),

Reverse DNS

69-49-245-167.unifiedlayer.com

Software

Apache /

Resource Hash

843e67ad522a908162007f4b7601819a5bbfef00e38ac7aec778766da8b7b2ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: http://penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/static/css/main.1bf05a09.chunk.css
Origin: http://penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Sat, 09 Apr 2022 09:09:57 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive, Keep-Alive
Vary: Accept-Encoding,User-Agent
Content-Length: 46674
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Last-Modified: Fri, 08 Apr 2022 01:23:02 GMT
Server: Apache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Methods: POST, OPTIONS, GET
Content-Type: font/woff
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Expires: Mon, 09 May 2022 09:09:57 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/	1970-01-20 02:11:38	Name: session Value: yCtVqRBO4JSvSqwwltbKyvPsVnWpSKyy
			penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh/	1970-01-20 02:11:38	Name: language Value: de

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' data: blob: https://.wl.co https://.fbcdn.net;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

abre.ai
l.wl.co
penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh
www.facebook.com
157.245.218.1
2a03:2880:f01c:800e:face:b00c:0:2
2a03:2880:f11c:8183:face:b00c:0:25de
69.49.245.167
11ffe052c67a9eff263d5da7a4f9409fdbb69f68dacaf9192599a09a6019b9ca
36e7d155b52f78355950ebf7afa9aa0f395c144b4a6521c2a27c4ce6885c5a39
43b5cdf326dfa86bedb4dd03a7b32dbc0bff4d3311bec59fde969b2149fa5e75
487140b7b870dce2edb84b58be90dcabdc2479b3669811afa02a0176d76ac8c4
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
78600bb1a7281bf5f5421c8fd45eef8081546bf955ee1d836d1eb2ed35854365
843e67ad522a908162007f4b7601819a5bbfef00e38ac7aec778766da8b7b2ab
8aceeff521a579f6a7430e43c9ea51bacda74704b0b94fc01db95894a0fb94bc
8af845889b0e399c2804855bc7f7dfe5c5aba3e07fee679d2ad59fddce2e84ff

penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh Open in urlscan Pro 69.49.245.167 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

11 Requests

18 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

3 IPs

2 Countries

200 kBTransfer

526 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

2 Cookies

Security Headers

Indicators

penjajahandiatasduniaharusdihapuskan122.nerdpol.ovh Open in urlscan Pro
69.49.245.167 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

18 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

200 kB
Transfer

526 kB
Size

2
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!