bxwan.xpz.my.id Open in urlscan Pro
2606:4700:3036::6815:145a  Malicious Activity! Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response bxwan.xpz.my.id/	11 KB 5 KB	568ms 520ms	Document text/html	2606:4700:3036::6815:145a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bxwan.xpz.my.id/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::6815:145a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash acaf9a3dd1aed792839740e419804d02c5349b4fdfefc9d81c3da3df3abc9f14 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7a2ac2117f6a3803-FRA content-encoding br content-type text/html; charset=UTF-8 date Sat, 04 Mar 2023 14:20:07 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PzLoPVuRtPrVge73qm%2FDcJi%2FFXryO67TFjpSieBkcVulUx8ADdH9HRyDjs8EK7lPXFDouTxp3QLnSV4K3wDC8fGljgqaP%2FhGW5tuZt0NrrazKoJPwn4AZ1Y8liU7p48WGjP9hGPkksSIaBslYw4%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H2	200	style-info.css bxwan.xpz.my.id/css/info/	32 KB 8 KB	30ms 29ms	Stylesheet text/css	2606:4700:3036::6815:145a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bxwan.xpz.my.id/css/info/style-info.css Requested by Host: bxwan.xpz.my.id URL: https://bxwan.xpz.my.id/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::6815:145a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 99203a3144796646f9ebb1e3abe06c0e6306fcfe16bf2dd63af194a2eaaf1837 Request headers accept-language de-DE,de;q=0.9 Referer https://bxwan.xpz.my.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Sat, 04 Mar 2023 14:20:07 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 13713 cf-polished origSize=40425 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-bgj minify last-modified Fri, 13 Jan 2023 12:23:36 GMT server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rjrbVWIjoapbSwvGUQi8RAk7xzGdgxzIOnFfSRAM8GoITEbktW6uEYPnBtJSMR8wxFDKgPR1JtPLd3hDEjyDmwZkNAI8BuKvUuIbPzl9QKu92A7gmEgRv2woAHte8zFo0pQuzNYManrHR0K2884%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=604800 cf-ray 7a2ac214ccb93803-FRA expires Sat, 11 Mar 2023 10:31:33 GMT
GET H2	200	interview.css bxwan.xpz.my.id/css/info/	7 KB 2 KB	15ms 15ms	Stylesheet text/css	2606:4700:3036::6815:145a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bxwan.xpz.my.id/css/info/interview.css Requested by Host: bxwan.xpz.my.id URL: https://bxwan.xpz.my.id/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::6815:145a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5483a6488f64469e1fb125d11b69d7d82418c7b855cb1feedb39dd633e88921b Request headers accept-language de-DE,de;q=0.9 Referer https://bxwan.xpz.my.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Sat, 04 Mar 2023 14:20:07 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 13714 cf-polished origSize=10102 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-bgj minify last-modified Thu, 01 Sep 2022 06:15:16 GMT server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P7Ku73zlpAFqGrS68tBefjYnUqNJqQl9ycVjck1BM7wYF6Jlg%2BRY718V6%2BofE6jbQOco9nIHLkLgo9rC7PIQaxoME7cJmdpaOnkke4BizAsCnQlGcU4mnKZ6UwkcV9KNJAMr4ny%2FOMb1fUb3oC8%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=604800 cf-ray 7a2ac214ccbb3803-FRA expires Sat, 11 Mar 2023 10:31:33 GMT
GET H2	200	inF0loCk.png bxwan.xpz.my.id/img/	65 KB 66 KB	21ms 20ms	Image image/png	2606:4700:3036::6815:145a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://bxwan.xpz.my.id/img/inF0loCk.png Requested by Host: bxwan.xpz.my.id URL: https://bxwan.xpz.my.id/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::6815:145a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 579688068d5233880af95e437cd2761356187ca24b446fc02f2719eff5741382 Request headers accept-language de-DE,de;q=0.9 Referer https://bxwan.xpz.my.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Sat, 04 Mar 2023 14:20:07 GMT cf-cache-status HIT last-modified Fri, 13 Jan 2023 12:14:30 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 13712 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WvwTt5F4k7N1OMEiqRCvnPqix1lXWRmcU6l3eI4chw9HpS%2Blyw1jK8bl0lhyjPL0MpE6QXwp7KRvglaYCGaLMi03ibtS1%2F%2FQDIt4h8tuJVQajIQY5GMUx4X%2FWWIg9AH329vCv4SnLR4YhoqxMSc%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cf-ray 7a2ac214ece33803-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 67059 expires Sat, 11 Mar 2023 10:31:35 GMT
GET H3	200	invisible.js Show response bxwan.xpz.my.id/cdn-cgi/challenge-platform/h/g/scripts/alpha/ Frame 9C9C	35 KB 15 KB	22ms 21ms	Script application/javascript	2606:4700:3036::6815:145a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bxwan.xpz.my.id/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1677931200 Requested by Host: bxwan.xpz.my.id URL: https://bxwan.xpz.my.id/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::6815:145a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6796992d8621c695c214c2c7e4bb28c18bea8053612801c75f484c11fbdcc68b Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Sat, 04 Mar 2023 14:20:07 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary accept-encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XMxJPnWxAlyK2SiSYH177fPAONo0tREkudN5mNE5ADdXp9h%2BmNGC7xuSguLbpteu3AQeA7%2FzgPMJFOH3k%2BhdcePC1C5CGWbN1i8RxBxC06H6il%2BkAMIxQVdW1cajH8aVNBng5jU9mx7IDo3tFSo%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=14400, public x-control-type-options nosniff cf-ray 7a2ac2157b569be8-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	pica.js bxwan.xpz.my.id/cdn-cgi/challenge-platform/h/g/scripts/ Frame 9C9C	23 KB 10 KB	24ms 23ms	Other application/javascript	2606:4700:3036::6815:145a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bxwan.xpz.my.id/cdn-cgi/challenge-platform/h/g/scripts/pica.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::6815:145a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 160c02b84933a21b43c8cb476470320f9f8ea7670009034b71d9650fda591d61 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Sat, 04 Mar 2023 14:20:07 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary accept-encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xDnl0SkvuKAxIQDU32wdSBw9FiFSw2Yc4j6WxzouLwFjSbO9sN88w6vezobiqP1oGc8%2BWfyaEWKQ3vUvLKMXCPvh3d8aV9TLwtUZddmKix8V46K4vNvKysor6ugu2vVn4RzKZK%2FANFPSkBfWX38%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=14400, public x-control-type-options nosniff cf-ray 7a2ac215cbae9be8-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
POST H3	200	7a2ac2117f6a3803 Show response bxwan.xpz.my.id/cdn-cgi/challenge-platform/h/g/cv/result/ Frame 9C9C	2 B 674 B	40ms 40ms	XHR text/plain	2606:4700:3036::6815:145a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bxwan.xpz.my.id/cdn-cgi/challenge-platform/h/g/cv/result/7a2ac2117f6a3803 Requested by Host: bxwan.xpz.my.id URL: https://bxwan.xpz.my.id/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1677931200 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::6815:145a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df Request headers Referer accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Content-Type application/json Response headers date Sat, 04 Mar 2023 14:20:08 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZGERM5CzxxWCryxOwaQbc2vTCWU92%2FVL%2BmoOZw%2FmV8930%2Bhu%2BReEBK0FTqQzmRAc7JESkdT3h0bbmtnMpJItnck8g%2FFWlUsEw9%2Bcc3c87m9OH05DQquXptR9GtFJfwo9PdfaA2Sge6G9%2Bq9bs2I%3D"}],"group":"cf-nel","max_age":604800} content-type text/plain; charset=UTF-8 cf-ray 7a2ac2182fab9be8-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless string| tanggallengkap object| namahari object| namabulan object| tgl number| hari number| tanggal number| bulan number| tahun function| mousedwn

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.xpz.my.id/	1970-01-20 10:05:41	Name: __cf_bm Value: srtPuyXllOjnHHmpStl9Ht9WecnJ2jyHdtTxavRw4Nw-1677939608-0-AdbLyf9DyRO9EbF4HT69C9LZ4M4Vw/zBSw4KGmqddfRgi68jChoPqoMBa6oYO9qeEt2AibZdc8Z7ozeOMneAAi3MKkdrP0SElEZ8Z8fKvlizAw9nX8l4Obf9RHRnTmYX3eYYhEOwJyS5WltOoRCEv7Y=

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bxwan.xpz.my.id
2606:4700:3036::6815:145a
160c02b84933a21b43c8cb476470320f9f8ea7670009034b71d9650fda591d61
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
5483a6488f64469e1fb125d11b69d7d82418c7b855cb1feedb39dd633e88921b
579688068d5233880af95e437cd2761356187ca24b446fc02f2719eff5741382
6796992d8621c695c214c2c7e4bb28c18bea8053612801c75f484c11fbdcc68b
99203a3144796646f9ebb1e3abe06c0e6306fcfe16bf2dd63af194a2eaaf1837
acaf9a3dd1aed792839740e419804d02c5349b4fdfefc9d81c3da3df3abc9f14