mitbakso.com - urlscan.io

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 2 HTTP transactions. The main IP is 153.92.13.56, located in Jakarta, Indonesia and belongs to AS-HOSTINGER, CY. The main domain is mitbakso.com.
TLS certificate: Issued by R3 on March 19th 2023. Valid for: 3 months.

This is the only time mitbakso.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Outlook Web Access (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	197.253.124.98 197.253.124.98	37313 (GGoC1-AS) (GGoC1-AS)
1 2	153.92.13.56 153.92.13.56	47583 (AS-HOSTINGER) (AS-HOSTINGER)
2	3

1 197.253.124.98 (Tema, Ghana)

ASN37313 (GGoC1-AS, GH)
PTR: mofad.gov.gh

atiwaeast.gov.gh	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 153.92.13.56 (Jakarta, Indonesia) 1 redirects

ASN47583 (AS-HOSTINGER, CY)
PTR: srv166.niagahoster.com

mitbakso.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	mitbakso.com 1 redirects mitbakso.com	19 KB
1	atiwaeast.gov.gh atiwaeast.gov.gh	1004 B
2	2

	Domain	Requested by
2	mitbakso.com	1 redirects
1	atiwaeast.gov.gh
2	2

This site contains no links.

Subject Issuer	Validity	Valid
atiwaeast.gov.gh R3	`2023-03-22` - `2023-06-20`	3 months	crt.sh
*.mitbakso.com R3	`2023-03-19` - `2023-06-17`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://mitbakso.com/Aln/cutokhov9uiE9VRQN3Rb-jkr2TiSoPoMNyHyqbfv3V-oduU35iPaLiSMgYGUyxT-ztNraub6FghDVh43VPUn-3RpzogKMM7G7H7xzdbRt-uCiCvGKC6MeRq5Zr4e3i-zKuoFEHQQgbjXbjRvmxT-sSK5FpRmfkaSMHYtnG6A-yJzrFHkUpHmAbXUXJsMN/
Frame ID: 518075002CCBDF0AF2E2FFCE2EA64807
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Outlook

Page URL History Show full URLs

https://atiwaeast.gov.gh/Adhk/ Page URL
https://mitbakso.com/Aln/cutokhov9uiE9VRQN3Rb-jkr2TiSoPoMNyHyqbfv3V-oduU35iPaLiSMgYGUyxT-ztNraub6... HTTP 301
https://mitbakso.com/Aln/cutokhov9uiE9VRQN3Rb-jkr2TiSoPoMNyHyqbfv3V-oduU35iPaLiSMgYGUyxT-ztNraub6... Page URL

Page Statistics

2
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

20 kB
Transfer

73 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://atiwaeast.gov.gh/Adhk/ Page URL
https://mitbakso.com/Aln/cutokhov9uiE9VRQN3Rb-jkr2TiSoPoMNyHyqbfv3V-oduU35iPaLiSMgYGUyxT-ztNraub6FghDVh43VPUn-3RpzogKMM7G7H7xzdbRt-uCiCvGKC6MeRq5Zr4e3i-zKuoFEHQQgbjXbjRvmxT-sSK5FpRmfkaSMHYtnG6A-yJzrFHkUpHmAbXUXJsMN HTTP 301
https://mitbakso.com/Aln/cutokhov9uiE9VRQN3Rb-jkr2TiSoPoMNyHyqbfv3V-oduU35iPaLiSMgYGUyxT-ztNraub6FghDVh43VPUn-3RpzogKMM7G7H7xzdbRt-uCiCvGKC6MeRq5Zr4e3i-zKuoFEHQQgbjXbjRvmxT-sSK5FpRmfkaSMHYtnG6A-yJzrFHkUpHmAbXUXJsMN/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
atiwaeast.gov.gh/Adhk/ 796 B
1004 B 1819ms
139ms Document
text/html 197.253.124.98
GGoC1-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://atiwaeast.gov.gh/Adhk/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 197.253.124.98 Tema, Ghana, ASN37313 (GGoC1-AS, GH),
Reverse DNS: mofad.gov.gh
Software: Apache /
Resource Hash: 6bdd20731bf4e9fc83ff38e71c93e15aff585ac959b3634b8ee1dcd0f2a626c3

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Tue, 28 Mar 2023 09:11:18 GMT
Keep-Alive: timeout=5, max=100
Server: Apache
Transfer-Encoding: chunked

GET
H2

200

Primary Request / Show response
mitbakso.com/Aln/cutokhov9uiE9VRQN3Rb-jkr2TiSoPoMNyHyqbfv3V-oduU35iPaLiSMgYGUyxT-ztNraub6FghDVh43VPUn-3RpzogKMM7G7H7xzdbRt-uCiCvGKC6MeRq5Zr4e3i-zKuoFEHQQgbjXbjRvmxT-sSK5FpRmfkaSMHYtnG6A-yJzrFHkUpHm...
Redirect Chain

https://mitbakso.com/Aln/cutokhov9uiE9VRQN3Rb-jkr2TiSoPoMNyHyqbfv3V-oduU35iPaLiSMgYGUyxT-ztNraub6FghDVh43VPUn-3RpzogKMM7G7H7xzdbRt-uCiCvGKC6MeRq5Zr4e3i-zKuoFEHQQgbjXbjRvmxT-sSK5FpRmfkaSMHYtnG6A-yJz...
https://mitbakso.com/Aln/cutokhov9uiE9VRQN3Rb-jkr2TiSoPoMNyHyqbfv3V-oduU35iPaLiSMgYGUyxT-ztNraub6FghDVh43VPUn-3RpzogKMM7G7H7xzdbRt-uCiCvGKC6MeRq5Zr4e3i-zKuoFEHQQgbjXbjRvmxT-sSK5FpRmfkaSMHYtnG6A-yJz...

41 KB
19 KB

400ms
399ms

Document
text/html

153.92.13.56
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://mitbakso.com/Aln/cutokhov9uiE9VRQN3Rb-jkr2TiSoPoMNyHyqbfv3V-oduU35iPaLiSMgYGUyxT-ztNraub6FghDVh43VPUn-3RpzogKMM7G7H7xzdbRt-uCiCvGKC6MeRq5Zr4e3i-zKuoFEHQQgbjXbjRvmxT-sSK5FpRmfkaSMHYtnG6A-yJzrFHkUpHmAbXUXJsMN/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

153.92.13.56 Jakarta, Indonesia, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

srv166.niagahoster.com

Software

LiteSpeed / Niagahoster

Resource Hash

10096526048418990b333927f01f373d95a7850c6c4ee500c83b7a52ded6d1dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://atiwaeast.gov.gh/Adhk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
content-encoding: br
content-length: 19028
content-type: text/html
date: Tue, 28 Mar 2023 09:11:21 GMT
last-modified: Mon, 27 Mar 2023 23:23:57 GMT
server: LiteSpeed
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding,User-Agent
x-content-type-options: nosniff
x-powered-by: Niagahoster
x-xss-protection: 1; mode=block

Redirect headers

alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 707
content-type: text/html
date: Tue, 28 Mar 2023 09:11:21 GMT
location: https://mitbakso.com/Aln/cutokhov9uiE9VRQN3Rb-jkr2TiSoPoMNyHyqbfv3V-oduU35iPaLiSMgYGUyxT-ztNraub6FghDVh43VPUn-3RpzogKMM7G7H7xzdbRt-uCiCvGKC6MeRq5Zr4e3i-zKuoFEHQQgbjXbjRvmxT-sSK5FpRmfkaSMHYtnG6A-yJzrFHkUpHmAbXUXJsMN/
server: LiteSpeed
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: User-Agent
x-content-type-options: nosniff
x-powered-by: Niagahoster
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ 20 KB
0 Stylesheet
text/css

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 379765ab31aed2e0d3cdef473f0c2a3f0ee46391724fc7a8024e901c261cdcba

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: text/css

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d9ed6586942003696afe4e52b09f343f8342244b51a9e175b75162d7e615207b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 8 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a7c14ee84d81a536a4cd54e3a144f388f2174a4a5c409ae118ea49f0da6b4aa6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 07f38b8b8c1f96ed85ecd96988f0454a95d1f665427086a507c72e55ff3ce0e7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Outlook Web Access (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

atiwaeast.gov.gh
mitbakso.com
153.92.13.56
197.253.124.98
07f38b8b8c1f96ed85ecd96988f0454a95d1f665427086a507c72e55ff3ce0e7
10096526048418990b333927f01f373d95a7850c6c4ee500c83b7a52ded6d1dd
379765ab31aed2e0d3cdef473f0c2a3f0ee46391724fc7a8024e901c261cdcba
6bdd20731bf4e9fc83ff38e71c93e15aff585ac959b3634b8ee1dcd0f2a626c3
a7c14ee84d81a536a4cd54e3a144f388f2174a4a5c409ae118ea49f0da6b4aa6
d9ed6586942003696afe4e52b09f343f8342244b51a9e175b75162d7e615207b

mitbakso.com Open in urlscan Pro 153.92.13.56 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

2 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

20 kBTransfer

73 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Indicators

mitbakso.com Open in urlscan Pro
153.92.13.56 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

20 kB
Transfer

73 kB
Size

0
Cookies

2 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!