tentnepof.ml Open in urlscan Pro
2606:4700:3034::6815:e83 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://sambalandaliman.id/zbral/ATTNew/AT&T%20-%20Login.htm
Effective URL:
https://tentnepof.ml/help/?23071650902120
Submission Tags: phishing
Submission: On June 20 via api (June 20th 2022, 2:02:58 pm UTC) from US — Scanned from DE

Summary HTTP 19 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 5 domains to perform 19 HTTP transactions. The main IP is 2606:4700:3034::6815:e83, located in United States and belongs to CLOUDFLARENET, US. The main domain is tentnepof.ml.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 26th 2021. Valid for: a year.

This is the only time tentnepof.ml was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
10	38.242.219.162 38.242.219.162	51167 (CONTABO) (CONTABO)
3 7	101.99.95.147 101.99.95.147	201133 (VERDINA) (VERDINA)
1 1	185.177.94.152 185.177.94.152	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1 1	185.177.94.108 185.177.94.108	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1	2606:4700:303... 2606:4700:3034::6815:e83	13335 (CLOUDFLAR...) (CLOUDFLARENET)
19	4

10 38.242.219.162 (United States)

ASN51167 (CONTABO, DE)
PTR: vmi801126.contaboserver.net

sambalandaliman.id	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 101.99.95.147 (Malaysia) 3 redirects

ASN201133 (VERDINA, BZ)
PTR: vps.euromeds.to

track.greengoplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
front.greengoplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.177.94.152 (Amsterdam, Netherlands) 1 redirects

ASN39572 (ADVANCEDHOSTERS-AS, NL)
PTR: ip-185-177-94-152.ah-server.com

flytobluebase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.177.94.108 (Amsterdam, Netherlands) 1 redirects

ASN39572 (ADVANCEDHOSTERS-AS, NL)
PTR: ip-185-177-94-108.ah-server.com

lightredstep.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3034::6815:e83 (United States)

ASN13335 (CLOUDFLARENET, US)

tentnepof.ml	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	sambalandaliman.id sambalandaliman.id	168 KB
7	greengoplatform.com 3 redirects track.greengoplatform.com — Cisco Umbrella Rank: 317295 front.greengoplatform.com — Cisco Umbrella Rank: 311510 Failed	3 KB
1	tentnepof.ml tentnepof.ml Failed	636 B
1	lightredstep.com lightredstep.com Failed	339 B
1	flytobluebase.com flytobluebase.com Failed	340 B
19	5

	Domain	Requested by
10	sambalandaliman.id	sambalandaliman.id
6	front.greengoplatform.com	sambalandaliman.id front.greengoplatform.com
1	tentnepof.ml	front.greengoplatform.com
1	lightredstep.com	front.greengoplatform.com
1	flytobluebase.com	front.greengoplatform.com
1	track.greengoplatform.com	sambalandaliman.id
19	6

This site contains no links.

Subject Issuer	Validity	Valid
sambalandaliman.id R3	`2022-04-27` - `2022-07-26`	3 months	crt.sh
transportgoline.com R3	`2022-06-05` - `2022-09-03`	3 months	crt.sh
front.greengoplatform.com R3	`2022-06-05` - `2022-09-03`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-12-26` - `2022-12-25`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://tentnepof.ml/help/?23071650902120
Frame ID: 5281050DCD69A4EE2D07567C6F49F001
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

403 Forbidden

Page URL History Show full URLs

https://sambalandaliman.id/zbral/ATTNew/AT&T%20-%20Login.htm Page URL
https://front.greengoplatform.com/go.php?lid=3337&pid=9646&cid=114733 HTTP 302
https://front.greengoplatform.com/go.php?sid=6856&pid=9954&cid=347853 Page URL
https://flytobluebase.com/go/mvstimztmy5doobvha?sub1=spokle&sub2=backback3 HTTP 302
https://front.greengoplatform.com/back.php?lid=6856&pid=9954&cid=347853 HTTP 302
https://front.greengoplatform.com/back.php?sid=6856&pid=9954&cid=347853 Page URL
https://lightredstep.com/?p=mvqtsylggu5gi3bpg4ytqmy&sub1=speacker&sub2=fexlight HTTP 302
https://front.greengoplatform.com/fork.php?lid=7853&pid=8446&cid=112848 HTTP 302
https://front.greengoplatform.com/fork.php?sid=326367&id=1193&cid=996457 Page URL
https://tentnepof.ml/help/?23071650902120 Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

19
Requests

79 %
HTTPS

20 %
IPv6

5
Domains

6
Subdomains

4
IPs

3
Countries

171 kB
Transfer

1100 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://sambalandaliman.id/zbral/ATTNew/AT&T%20-%20Login.htm Page URL
https://front.greengoplatform.com/go.php?lid=3337&pid=9646&cid=114733 HTTP 302
https://front.greengoplatform.com/go.php?sid=6856&pid=9954&cid=347853 Page URL
https://flytobluebase.com/go/mvstimztmy5doobvha?sub1=spokle&sub2=backback3 HTTP 302
https://front.greengoplatform.com/back.php?lid=6856&pid=9954&cid=347853 HTTP 302
https://front.greengoplatform.com/back.php?sid=6856&pid=9954&cid=347853 Page URL
https://lightredstep.com/?p=mvqtsylggu5gi3bpg4ytqmy&sub1=speacker&sub2=fexlight HTTP 302
https://front.greengoplatform.com/fork.php?lid=7853&pid=8446&cid=112848 HTTP 302
https://front.greengoplatform.com/fork.php?sid=326367&id=1193&cid=996457 Page URL
https://tentnepof.ml/help/?23071650902120 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

https://front.greengoplatform.com/go.php?lid=3337&pid=9646&cid=114733 HTTP 302
https://front.greengoplatform.com/go.php?sid=6856&pid=9954&cid=347853

Request Chain 14

https://flytobluebase.com/go/mvstimztmy5doobvha?sub1=spokle&sub2=backback3 HTTP 302
https://front.greengoplatform.com/back.php?lid=6856&pid=9954&cid=347853 HTTP 302
https://front.greengoplatform.com/back.php?sid=6856&pid=9954&cid=347853

Request Chain 16

https://lightredstep.com/?p=mvqtsylggu5gi3bpg4ytqmy&sub1=speacker&sub2=fexlight HTTP 302
https://front.greengoplatform.com/fork.php?lid=7853&pid=8446&cid=112848 HTTP 302
https://front.greengoplatform.com/fork.php?sid=326367&id=1193&cid=996457

19 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	404	AT&T%20-%20Login.htm Show response sambalandaliman.id/zbral/ATTNew/	28 KB 6 KB	4740ms 4300ms	Document text/html	38.242.219.162 CONTABO
General Check archive.org Show headers Download Go to Full URL https://sambalandaliman.id/zbral/ATTNew/AT&T%20-%20Login.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 38.242.219.162 , United States, ASN51167 (CONTABO, DE), Reverse DNS vmi801126.contaboserver.net Software nginx / Resource Hash `07d0e0dbc72ffb0b6665abf8016344e7125c78641c0af6bb2b6b68ba7800b8c2` Request headers Upgrade-Insecure-Requests 1 User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) accept-language de-DE,de;q=0.9 Response headers cache-control no-cache, must-revalidate, max-age=0 content-encoding br content-type text/html; charset=UTF-8 date Mon, 20 Jun 2022 14:02:52 GMT expires Wed, 11 Jan 1984 05:00:00 GMT link <https://sambalandaliman.id/wp-json/>; rel="https://api.w.org/" server nginx vary Accept-Encoding
GET H/1.1	200 OK	smile.js Show response track.greengoplatform.com/	4 KB 1016 B	998ms 365ms	Script text/plain	101.99.95.147 VERDINA
General Check archive.org Show headers Download Go to Full URL https://track.greengoplatform.com/smile.js?v=1.1.1 Requested by Host: sambalandaliman.id URL: https://sambalandaliman.id/zbral/ATTNew/AT&T%20-%20Login.htm Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 101.99.95.147 , Malaysia, ASN201133 (VERDINA, BZ), Reverse DNS vps.euromeds.to Software nginx / Resource Hash `9f2407325a9ea969c54abe49367c6e5a3e9d390f1e607444004d8347cdab4bab` Request headers accept-language de-DE,de;q=0.9 Referer https://sambalandaliman.id/ User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Response headers Date Mon, 20 Jun 2022 14:02:50 GMT Content-Encoding gzip Transfer-Encoding chunked Server nginx Connection keep-alive Vary Accept-Encoding Content-Type text/plain; charset=utf-8
GET H2	200	style.min.css sambalandaliman.id/wp-includes/css/dist/block-library/	87 KB 11 KB	35ms 35ms	Stylesheet text/css	38.242.219.162 CONTABO
General Check archive.org Show headers Download Go to Full URL https://sambalandaliman.id/wp-includes/css/dist/block-library/style.min.css?ver=6.0 Requested by Host: sambalandaliman.id URL: https://sambalandaliman.id/zbral/ATTNew/AT&T%20-%20Login.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 38.242.219.162 , United States, ASN51167 (CONTABO, DE), Reverse DNS vmi801126.contaboserver.net Software nginx / Resource Hash `d678ab3b4e7dddf5615012cc1a930e50dfbc967181b8fbeb1b98d61549f5ed08` Request headers accept-language de-DE,de;q=0.9 Referer https://sambalandaliman.id/zbral/ATTNew/AT&T%20-%20Login.htm User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Response headers date Mon, 20 Jun 2022 14:02:52 GMT content-encoding br last-modified Tue, 24 May 2022 21:33:21 GMT server nginx etag W/"628d4f21-15b26" vary Accept-Encoding content-type text/css access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	style.css sambalandaliman.id/wp-content/themes/twentytwentyone/	152 KB 20 KB	109ms 108ms	Stylesheet text/css	38.242.219.162 CONTABO
General Check archive.org Show headers Download Go to Full URL https://sambalandaliman.id/wp-content/themes/twentytwentyone/style.css?ver=1.4 Requested by Host: sambalandaliman.id URL: https://sambalandaliman.id/zbral/ATTNew/AT&T%20-%20Login.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 38.242.219.162 , United States, ASN51167 (CONTABO, DE), Reverse DNS vmi801126.contaboserver.net Software nginx / Resource Hash `911c68ef3d2106a0b2295297caf1813e616ca53e9c7bf6bb8f003371f5c1ed5b` Request headers accept-language de-DE,de;q=0.9 Referer https://sambalandaliman.id/zbral/ATTNew/AT&T%20-%20Login.htm User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Response headers date Mon, 20 Jun 2022 14:02:52 GMT content-encoding br last-modified Tue, 09 Nov 2021 07:29:49 GMT server nginx etag W/"618a236d-261f9" vary Accept-Encoding content-type text/css access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	bootstrap.min.css sambalandaliman.id/wp-content/plugins/master-addons/assets/css/	152 KB 19 KB	119ms 118ms	Stylesheet text/css	38.242.219.162 CONTABO
General Check archive.org Show headers Download Go to Full URL https://sambalandaliman.id/wp-content/plugins/master-addons/assets/css/bootstrap.min.css?ver=6.0 Requested by Host: sambalandaliman.id URL: https://sambalandaliman.id/zbral/ATTNew/AT&T%20-%20Login.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 38.242.219.162 , United States, ASN51167 (CONTABO, DE), Reverse DNS vmi801126.contaboserver.net Software nginx / Resource Hash `9f42027545df7f10baab920566466a66e04358d9a0b76390394a0ff2e5693027` Request headers accept-language de-DE,de;q=0.9 Referer https://sambalandaliman.id/zbral/ATTNew/AT&T%20-%20Login.htm User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Response headers date Mon, 20 Jun 2022 14:02:52 GMT content-encoding br last-modified Tue, 09 Nov 2021 07:29:49 GMT server nginx etag W/"618a236d-26049" vary Accept-Encoding content-type text/css access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	master-addons-styles.css sambalandaliman.id/wp-content/plugins/master-addons/assets/css/	412 KB 49 KB	237ms 236ms	Stylesheet text/css	38.242.219.162 CONTABO
General Check archive.org Show headers Download Go to Full URL https://sambalandaliman.id/wp-content/plugins/master-addons/assets/css/master-addons-styles.css?ver=6.0 Requested by Host: sambalandaliman.id URL: https://sambalandaliman.id/zbral/ATTNew/AT&T%20-%20Login.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 38.242.219.162 , United States, ASN51167 (CONTABO, DE), Reverse DNS vmi801126.contaboserver.net Software nginx / Resource Hash `7fc6295525ad0b685bdbde173381603ae524bdf42287f8ce3908eef7265c7772` Request headers accept-language de-DE,de;q=0.9 Referer https://sambalandaliman.id/zbral/ATTNew/AT&T%20-%20Login.htm User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Response headers date Mon, 20 Jun 2022 14:02:52 GMT content-encoding br last-modified Tue, 09 Nov 2021 07:29:49 GMT server nginx etag W/"618a236d-670b1" vary Accept-Encoding content-type text/css access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	jquery.min.js Show response sambalandaliman.id/wp-includes/js/jquery/	87 KB 30 KB	310ms 309ms	Script application/javascript	38.242.219.162 CONTABO
General Check archive.org Show headers Download Go to Full URL https://sambalandaliman.id/wp-includes/js/jquery/jquery.min.js?ver=3.6.0 Requested by Host: sambalandaliman.id URL: https://sambalandaliman.id/zbral/ATTNew/AT&T%20-%20Login.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 38.242.219.162 , United States, ASN51167 (CONTABO, DE), Reverse DNS vmi801126.contaboserver.net Software nginx / Resource Hash `bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea` Request headers accept-language de-DE,de;q=0.9 Referer https://sambalandaliman.id/zbral/ATTNew/AT&T%20-%20Login.htm User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Response headers date Mon, 20 Jun 2022 14:02:52 GMT content-encoding br last-modified Tue, 09 Nov 2021 07:29:49 GMT server nginx etag W/"618a236d-15db1" vary Accept-Encoding content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	jquery-migrate.min.js Show response sambalandaliman.id/wp-includes/js/jquery/	11 KB 4 KB	314ms 313ms	Script application/javascript	38.242.219.162 CONTABO
General Check archive.org Show headers Download Go to Full URL https://sambalandaliman.id/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 Requested by Host: sambalandaliman.id URL: https://sambalandaliman.id/zbral/ATTNew/AT&T%20-%20Login.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 38.242.219.162 , United States, ASN51167 (CONTABO, DE), Reverse DNS vmi801126.contaboserver.net Software nginx / Resource Hash `029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300` Request headers accept-language de-DE,de;q=0.9 Referer https://sambalandaliman.id/zbral/ATTNew/AT&T%20-%20Login.htm User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Response headers date Mon, 20 Jun 2022 14:02:52 GMT content-encoding br last-modified Tue, 09 Nov 2021 07:29:49 GMT server nginx etag W/"618a236d-2bd8" vary Accept-Encoding content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	responsive-embeds.js Show response sambalandaliman.id/wp-content/themes/twentytwentyone/assets/js/	1 KB 701 B	318ms 318ms	Script application/javascript	38.242.219.162 CONTABO
General Check archive.org Show headers Download Go to Full URL https://sambalandaliman.id/wp-content/themes/twentytwentyone/assets/js/responsive-embeds.js?ver=1.4 Requested by Host: sambalandaliman.id URL: https://sambalandaliman.id/zbral/ATTNew/AT&T%20-%20Login.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 38.242.219.162 , United States, ASN51167 (CONTABO, DE), Reverse DNS vmi801126.contaboserver.net Software nginx / Resource Hash `c84b9432dad75b6cce98abcd62eecccc82cf4e293e92f80678d8d50bd1060cfe` Request headers accept-language de-DE,de;q=0.9 Referer https://sambalandaliman.id/zbral/ATTNew/AT&T%20-%20Login.htm User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Response headers date Mon, 20 Jun 2022 14:02:52 GMT content-encoding br last-modified Tue, 09 Nov 2021 07:29:49 GMT server nginx etag W/"618a236d-467" vary Accept-Encoding content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	plugins.js Show response sambalandaliman.id/wp-content/plugins/master-addons/assets/js/	36 KB 9 KB	504ms 504ms	Script application/javascript	38.242.219.162 CONTABO
General Check archive.org Show headers Download Go to Full URL https://sambalandaliman.id/wp-content/plugins/master-addons/assets/js/plugins.js?ver=1.6.6 Requested by Host: sambalandaliman.id URL: https://sambalandaliman.id/zbral/ATTNew/AT&T%20-%20Login.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 38.242.219.162 , United States, ASN51167 (CONTABO, DE), Reverse DNS vmi801126.contaboserver.net Software nginx / Resource Hash `c7fba2ee7e1af666e73b0d8e4a724a8833601a505cc31e2f2470c6457ebf7103` Request headers accept-language de-DE,de;q=0.9 Referer https://sambalandaliman.id/zbral/ATTNew/AT&T%20-%20Login.htm User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Response headers date Mon, 20 Jun 2022 14:02:52 GMT content-encoding br last-modified Tue, 09 Nov 2021 07:29:49 GMT server nginx etag W/"618a236d-911d" vary Accept-Encoding content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	master-addons-scripts.js Show response sambalandaliman.id/wp-content/plugins/master-addons/assets/js/	127 KB 19 KB	512ms 512ms	Script application/javascript	38.242.219.162 CONTABO
General Check archive.org Show headers Download Go to Full URL https://sambalandaliman.id/wp-content/plugins/master-addons/assets/js/master-addons-scripts.js?ver=1.6.6 Requested by Host: sambalandaliman.id URL: https://sambalandaliman.id/zbral/ATTNew/AT&T%20-%20Login.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 38.242.219.162 , United States, ASN51167 (CONTABO, DE), Reverse DNS vmi801126.contaboserver.net Software nginx / Resource Hash `ad2aaac956beb86691204af07cb4659d79787e224a7a078e4fa071fee61f37ad` Request headers accept-language de-DE,de;q=0.9 Referer https://sambalandaliman.id/zbral/ATTNew/AT&T%20-%20Login.htm User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Response headers date Mon, 20 Jun 2022 14:02:52 GMT content-encoding br last-modified Tue, 09 Nov 2021 07:29:49 GMT server nginx etag W/"618a236d-1fa73" vary Accept-Encoding content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET		go.php front.greengoplatform.com/	0 0

GET H/1.1	200 OK	go.php front.greengoplatform.com/ Redirect Chain https://front.greengoplatform.com/go.php?lid=3337&pid=9646&cid=114733 https://front.greengoplatform.com/go.php?sid=6856&pid=9954&cid=347853	842 B 616 B	35ms 34ms	Document text/html	101.99.95.147 VERDINA
General Check archive.org Show headers Download Go to Full URL https://front.greengoplatform.com/go.php?sid=6856&pid=9954&cid=347853 Requested by Host: sambalandaliman.id URL: https://sambalandaliman.id/zbral/ATTNew/AT&T%20-%20Login.htm Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 101.99.95.147 , Malaysia, ASN201133 (VERDINA, BZ), Reverse DNS vps.euromeds.to Software nginx / Resource Hash Request headers Referer https://sambalandaliman.id/ Upgrade-Insecure-Requests 1 User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) accept-language de-DE,de;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Length 413 Content-Type text/html; charset=UTF-8 Date Mon, 20 Jun 2022 14:02:51 GMT Server nginx Vary Accept-Encoding Redirect headers Connection keep-alive Content-Length 0 Content-Type text/html; charset=UTF-8 Date Mon, 20 Jun 2022 14:02:51 GMT Location https://front.greengoplatform.com/go.php?sid=6856&pid=9954&cid=347853 Server nginx
GET		mvstimztmy5doobvha flytobluebase.com/go/	0 0

GET H/1.1	200 OK	back.php front.greengoplatform.com/ Redirect Chain https://flytobluebase.com/go/mvstimztmy5doobvha?sub1=spokle&sub2=backback3 https://front.greengoplatform.com/back.php?lid=6856&pid=9954&cid=347853 https://front.greengoplatform.com/back.php?sid=6856&pid=9954&cid=347853	862 B 620 B	95ms 95ms	Document text/html	101.99.95.147 VERDINA
General Check archive.org Show headers Download Go to Full URL https://front.greengoplatform.com/back.php?sid=6856&pid=9954&cid=347853 Requested by Host: front.greengoplatform.com URL: https://front.greengoplatform.com/go.php?sid=6856&pid=9954&cid=347853 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 101.99.95.147 , Malaysia, ASN201133 (VERDINA, BZ), Reverse DNS vps.euromeds.to Software nginx / Resource Hash Request headers Referer https://front.greengoplatform.com/ Upgrade-Insecure-Requests 1 User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) accept-language de-DE,de;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Length 417 Content-Type text/html; charset=UTF-8 Date Mon, 20 Jun 2022 14:02:52 GMT Server nginx Vary Accept-Encoding Redirect headers Connection keep-alive Content-Length 0 Content-Type text/html; charset=UTF-8 Date Mon, 20 Jun 2022 14:02:52 GMT Location https://front.greengoplatform.com/back.php?sid=6856&pid=9954&cid=347853 Server nginx
GET		/ lightredstep.com/	0 0

GET H/1.1	200 OK	fork.php front.greengoplatform.com/ Redirect Chain https://lightredstep.com/?p=mvqtsylggu5gi3bpg4ytqmy&sub1=speacker&sub2=fexlight https://front.greengoplatform.com/fork.php?lid=7853&pid=8446&cid=112848 https://front.greengoplatform.com/fork.php?sid=326367&id=1193&cid=996457	710 B 593 B	45ms 45ms	Document text/html	101.99.95.147 VERDINA
General Check archive.org Show headers Download Go to Full URL https://front.greengoplatform.com/fork.php?sid=326367&id=1193&cid=996457 Requested by Host: front.greengoplatform.com URL: https://front.greengoplatform.com/back.php?sid=6856&pid=9954&cid=347853 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 101.99.95.147 , Malaysia, ASN201133 (VERDINA, BZ), Reverse DNS vps.euromeds.to Software nginx / Resource Hash Request headers Referer https://front.greengoplatform.com/ Upgrade-Insecure-Requests 1 User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) accept-language de-DE,de;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Length 390 Content-Type text/html; charset=UTF-8 Date Mon, 20 Jun 2022 14:02:53 GMT Server nginx Vary Accept-Encoding Redirect headers Connection keep-alive Content-Length 0 Content-Type text/html; charset=UTF-8 Date Mon, 20 Jun 2022 14:02:53 GMT Location https://front.greengoplatform.com/fork.php?sid=326367&id=1193&cid=996457 Server nginx
GET		/ tentnepof.ml/help/	0 0

GET H2	403	Primary Request / Show response tentnepof.ml/help/	169 B 636 B	800ms 574ms	Document text/html	2606:4700:3034::6815:e83 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://tentnepof.ml/help/?23071650902120 Requested by Host: front.greengoplatform.com URL: https://front.greengoplatform.com/fork.php?sid=326367&id=1193&cid=996457 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::6815:e83 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f0f154f69c9be2087b3e0f101e71c94dbc0ccee6e9140f3081ad6dead2014515` Request headers Referer https://front.greengoplatform.com/ Upgrade-Insecure-Requests 1 User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 71e50b759eaf0f82-MXP content-encoding br content-type text/html date Mon, 20 Jun 2022 14:02:54 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rnhltoppqMk5DEmOREIERccERTe4hh6ZQ1%2B6DJSz7SQbRjTppYruoob31x2p%2FjGi%2BmFxH6MaJNekLVQOMaTBxiN7XJ9OH60zQzdZ2armj0h7yA7Ay2yt3YP1oYhvVSQ2q5b5l7CPEBYt76E%3D"}],"group":"cf-nel","max_age":604800} server cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: front.greengoplatform.com
URL: https://front.greengoplatform.com/go.php?lid=3337&pid=9646&cid=114733

Domain: flytobluebase.com
URL: https://flytobluebase.com/go/mvstimztmy5doobvha?sub1=spokle&sub2=backback3

Domain: lightredstep.com
URL: https://lightredstep.com/?p=mvqtsylggu5gi3bpg4ytqmy&sub1=speacker&sub2=fexlight

Domain: tentnepof.ml
URL: https://tentnepof.ml/help/?23071650902120

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.flytobluebase.com/	1970-01-20 04:38:45	Name: uuid Value: 1cb8be0c-657e-469d-9129-0800f93ecf1b
			.lightredstep.com/	1970-01-20 04:38:45	Name: uuid Value: ccf81518-548a-48b4-bbe0-54cd5ba11b6b

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://sambalandaliman.id/zbral/ATTNew/AT&T%20-%20Login.htm Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://tentnepof.ml/help/?23071650902120 Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

flytobluebase.com
front.greengoplatform.com
lightredstep.com
sambalandaliman.id
tentnepof.ml
track.greengoplatform.com
flytobluebase.com
front.greengoplatform.com
lightredstep.com
tentnepof.ml
101.99.95.147
185.177.94.108
185.177.94.152
2606:4700:3034::6815:e83
38.242.219.162
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
07d0e0dbc72ffb0b6665abf8016344e7125c78641c0af6bb2b6b68ba7800b8c2
7fc6295525ad0b685bdbde173381603ae524bdf42287f8ce3908eef7265c7772
911c68ef3d2106a0b2295297caf1813e616ca53e9c7bf6bb8f003371f5c1ed5b
9f2407325a9ea969c54abe49367c6e5a3e9d390f1e607444004d8347cdab4bab
9f42027545df7f10baab920566466a66e04358d9a0b76390394a0ff2e5693027
ad2aaac956beb86691204af07cb4659d79787e224a7a078e4fa071fee61f37ad
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
c7fba2ee7e1af666e73b0d8e4a724a8833601a505cc31e2f2470c6457ebf7103
c84b9432dad75b6cce98abcd62eecccc82cf4e293e92f80678d8d50bd1060cfe
d678ab3b4e7dddf5615012cc1a930e50dfbc967181b8fbeb1b98d61549f5ed08
f0f154f69c9be2087b3e0f101e71c94dbc0ccee6e9140f3081ad6dead2014515

tentnepof.ml Open in urlscan Pro 2606:4700:3034::6815:e83 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

19 Requests

79 %HTTPS

20 %IPv6

5 Domains

6 Subdomains

4 IPs

3 Countries

171 kBTransfer

1100 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

2 Cookies

2 Console Messages

Indicators

tentnepof.ml Open in urlscan Pro
2606:4700:3034::6815:e83 Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

79 %
HTTPS

20 %
IPv6

5
Domains

6
Subdomains

4
IPs

3
Countries

171 kB
Transfer

1100 kB
Size

2
Cookies

19 HTTP transactions
0 data transactions