b0kepfbnewf5aw.infoxyz1.my.id
Open in
urlscan Pro
172.67.148.62
Malicious Activity!
Public Scan
Effective URL: https://b0kepfbnewf5aw.infoxyz1.my.id/vhsfhqpdhdsih6/
Submission: On March 31 via api from US — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on March 20th 2024. Valid for: 3 months.
This is the only time b0kepfbnewf5aw.infoxyz1.my.id was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: WhatsApp (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 3 | 2606:4700:303... 2606:4700:3035::ac43:943e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 | 172.67.148.62 172.67.148.62 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
7 | 172.67.192.254 172.67.192.254 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 162.19.58.159 162.19.58.159 | 16276 (OVH) (OVH) | |
4 | 149.154.164.13 149.154.164.13 | 62041 (TELEGRAM) (TELEGRAM) | |
2 | 188.40.164.54 188.40.164.54 | 24940 (HETZNER-AS) (HETZNER-AS) | |
2 | 104.16.88.20 104.16.88.20 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700::68... 2606:4700::6810:7daf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
28 | 8 |
ASN13335 (CLOUDFLARENET, US)
b0kepfbnewf5aw.infoxyz1.my.id |
ASN24940 (HETZNER-AS, DE)
PTR: static.54.164.40.188.clients.your-server.de
s9.gifyu.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
infoxyz1.my.id
1 redirects
b0kepfbnewf5aw.infoxyz1.my.id |
12 KB |
7 |
aureatedreams.com
aureatedreams.com |
24 KB |
4 |
telegra.ph
telegra.ph — Cisco Umbrella Rank: 77901 |
26 KB |
4 |
ibb.co
i.ibb.co — Cisco Umbrella Rank: 11763 |
1 MB |
2 |
unpkg.com
unpkg.com — Cisco Umbrella Rank: 725 |
5 KB |
2 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 310 |
35 KB |
2 |
gifyu.com
s9.gifyu.com — Cisco Umbrella Rank: 268918 |
140 KB |
28 | 7 |
Domain | Requested by | |
---|---|---|
8 | b0kepfbnewf5aw.infoxyz1.my.id |
1 redirects
b0kepfbnewf5aw.infoxyz1.my.id
|
7 | aureatedreams.com |
b0kepfbnewf5aw.infoxyz1.my.id
|
4 | telegra.ph |
b0kepfbnewf5aw.infoxyz1.my.id
|
4 | i.ibb.co |
b0kepfbnewf5aw.infoxyz1.my.id
|
2 | unpkg.com |
cdn.jsdelivr.net
b0kepfbnewf5aw.infoxyz1.my.id |
2 | cdn.jsdelivr.net |
b0kepfbnewf5aw.infoxyz1.my.id
cdn.jsdelivr.net |
2 | s9.gifyu.com |
b0kepfbnewf5aw.infoxyz1.my.id
|
28 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
infoxyz1.my.id GTS CA 1P5 |
2024-03-20 - 2024-06-18 |
3 months | crt.sh |
aureatedreams.com GTS CA 1P5 |
2024-03-19 - 2024-06-17 |
3 months | crt.sh |
ibb.co R3 |
2024-02-07 - 2024-05-07 |
3 months | crt.sh |
*.telegra.ph Go Daddy Secure Certificate Authority - G2 |
2023-09-05 - 2024-10-06 |
a year | crt.sh |
s9.gifyu.com R3 |
2024-02-14 - 2024-05-14 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-05-02 - 2024-05-01 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://b0kepfbnewf5aw.infoxyz1.my.id/vhsfhqpdhdsih6/
Frame ID: 6C7ACC1076673AA52A65BE7F238B6219
Requests: 28 HTTP requests in this frame
Screenshot
Page Title
Videos 18+Page URL History Show full URLs
-
http://b0kepfbnewf5aw.infoxyz1.my.id/
HTTP 307
https://b0kepfbnewf5aw.infoxyz1.my.id/ Page URL
-
https://b0kepfbnewf5aw.infoxyz1.my.id/vhsfhqpdhdsih6
HTTP 301
https://b0kepfbnewf5aw.infoxyz1.my.id/vhsfhqpdhdsih6/ Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://b0kepfbnewf5aw.infoxyz1.my.id/
HTTP 307
https://b0kepfbnewf5aw.infoxyz1.my.id/ Page URL
-
https://b0kepfbnewf5aw.infoxyz1.my.id/vhsfhqpdhdsih6
HTTP 301
https://b0kepfbnewf5aw.infoxyz1.my.id/vhsfhqpdhdsih6/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://b0kepfbnewf5aw.infoxyz1.my.id/ HTTP 307
- https://b0kepfbnewf5aw.infoxyz1.my.id/
28 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
b0kepfbnewf5aw.infoxyz1.my.id/ Redirect Chain
|
111 B 556 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
/
b0kepfbnewf5aw.infoxyz1.my.id/vhsfhqpdhdsih6/ Redirect Chain
|
28 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
b0kepfbnewf5aw.infoxyz1.my.id/ |
315 B 545 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
style_1.css
b0kepfbnewf5aw.infoxyz1.my.id/vhsfhqpdhdsih6/css/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
style.css
b0kepfbnewf5aw.infoxyz1.my.id/vhsfhqpdhdsih6/css/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bell.png
aureatedreams.com/utility/video-app-default/adult/fb_video/1/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
arrow-left.svg
aureatedreams.com/utility/video-app-default/adult/fb_video/1/img/ |
317 B 677 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
user-loupe.png
aureatedreams.com/utility/video-app-default/adult/fb_video/1/img/ |
10 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Screenshot-483.png
i.ibb.co/ssNMFTh/ |
713 KB 714 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
gl.png
aureatedreams.com/utility/video-app-default/adult/fb_video/1/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
dots.svg
aureatedreams.com/utility/video-app-default/adult/fb_video/1/img/ |
226 B 608 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
8bb5c6646dea32c0fa2db.jpg
telegra.ph/file/ |
6 KB 6 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
play.png
aureatedreams.com/utility/video-app-default/adult/fb_video/1/img/ |
456 B 960 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
like.png
aureatedreams.com/utility/video-app-default/adult/fb_video/1/img/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
46534653647534676.png
i.ibb.co/zPGxWr0/ |
90 KB 90 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
774e54073de92403ece29.jpg
telegra.ph/file/ |
8 KB 8 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
9429795792947.png
i.ibb.co/gRDdQ9b/ |
155 KB 155 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4ea4e39d81f21754279b7.jpg
telegra.ph/file/ |
6 KB 7 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Screenshot-473.png
i.ibb.co/crNShLW/ |
521 KB 522 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
201963f29206aaa866285.jpg
telegra.ph/file/ |
5 KB 5 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
download-2a77f9e2794f2bd6a.png
s9.gifyu.com/images/ |
31 KB 31 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SFjY4.png
s9.gifyu.com/images/ |
109 KB 109 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ionicons.js
cdn.jsdelivr.net/gh/styleiconss/jquery3.6.0@master/ |
1012 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
map.png
b0kepfbnewf5aw.infoxyz1.my.id/vhsfhqpdhdsih6/images/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ionicons.esm.js
unpkg.com/ionicons@5.0.0/dist/ionicons/ |
262 B 549 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon.io.js
cdn.jsdelivr.net/gh/styleiconss/jquery.3.6.0@main/ |
105 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p-af480238.js
unpkg.com/ionicons@5.0.0/dist/ionicons/ |
9 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fav.png
b0kepfbnewf5aw.infoxyz1.my.id/vhsfhqpdhdsih6/images/ |
315 B 663 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: WhatsApp (Instant Messenger)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onpagereveal object| d function| login function| $ function| jQuery function| __sc_import_ionicons0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aureatedreams.com
b0kepfbnewf5aw.infoxyz1.my.id
cdn.jsdelivr.net
i.ibb.co
s9.gifyu.com
telegra.ph
unpkg.com
104.16.88.20
149.154.164.13
162.19.58.159
172.67.148.62
172.67.192.254
188.40.164.54
2606:4700:3035::ac43:943e
2606:4700::6810:7daf
00ee7dba82f915d3871a147b1a69772da41b6d0d15c4e6b6f1be5632131358cd
06220fd6dd8510131c7769e0df2e9847354981a9bbf262dd7281ba3cae3c6e61
11cf76ec8ed2d0a701018df622b3a3da12faf2dfab9c38a3b1894103cd9e2ff4
17a12593d9f142f0b16dfe99328a719e0ed301ee48736acc54cf8fed99fa7187
1915f608e3d5593a22dc63f399186e9f0cfca9a2d59a027a60be437f812421ec
19f19993e675232c0574f5c5a609779f0bf68a0947ed48fd56f1d80dbbed5a86
206904e37c062cf801840493f3b17c2c8a53f8ac94a8c3c9815e649de403f76c
2406f95d911017d83cae8d8c2e52bd946e76080676d7c00079c633f33c2b8fc0
28a06f4491def3fdc69ddefa5c850a2583ff312997aef3498e2f12e384c45115
35a79935107f53fa3b2f923363b50be53bd42e446f64f457c5e74a526bfa29b9
377ca57bb1eeaa23b60958ef2552015626df047726a02e097467750ce7b6d2d4
4256e8caf9b1ec39378834c37f8ce7c3d277bf3c9838890f2f506bb9396f6a1a
5a574efb77e8690faf8f57000749456bb7e466dad430f46f64c497f86fd7f06a
6edda5ae05f52b19ae02a052c1ddb0dda8108725498920862f18590d3a83df8b
754a78e912ba7d714a7513e696d8ae7570d09ef28f441c6359de8362ff06452b
7d0186b072835eea6c1d0dcbedb7349691c2a68ad3527299eb62193bd518e2ed
85d368f3aee584106cb2a0d1ebe7b185706054696c82ad28c5ddb18e1ce95007
8df6dc3a07990bf5407fb04ce3a8ecb77d4f554dd59dd45206b319b20964a529
b1183da21eea529cd6196304a23d4ec2fde989b7615cacc7704e04e4ed8485af
d1eb885bf0fc4dd2cb8e590ed40b9188a5b2d09f2799c2df230e04d397d3f6bd
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
d735452708a796a67f9d45feabeec79253f7a11a68ad252e4a4e24b1b645f158
d85ea4058e89186a0c61d478e435538971435f59abddd31245fb9ed031a2fff9
decd3b29897db404a8663c6c872d2e9dec0b412617c363a1b94e7a4fa0e87693
f2f8d61dd888d32e637c54a248874a4fe551c8ed2002d3addb36f65303e9da54