logpaa.nemid.nord.20-214-170-172.cprapid.com Open in urlscan Pro
20.214.170.172 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://faperta.unkhair.ac.id/wp-admin/css/redirect.html
Effective URL:
https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/login.php
Submission: On August 24 via manual (August 24th 2022, 10:06:12 am UTC) from DK — Scanned from DK

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 6 domains to perform 20 HTTP transactions. The main IP is 20.214.170.172, located in Seoul, Korea, Republic Of and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is logpaa.nemid.nord.20-214-170-172.cprapid.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on August 22nd 2022. Valid for: 3 months.

This is the only time logpaa.nemid.nord.20-214-170-172.cprapid.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Nordea (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	103.11.132.4 103.11.132.4	138829 (CAPOENG-A...) (CAPOENG-AS-ID PT Capoeng Digital Nusantara)
2 8	20.214.170.172 20.214.170.172	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2606:4700:20:... 2606:4700:20::ac43:4739	() ()
20	4

1 103.11.132.4 (Indonesia)

ASN138829 (CAPOENG-AS-ID PT Capoeng Digital Nusantara, ID)
PTR: khairun.capoeng.id

faperta.unkhair.ac.id	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 20.214.170.172 (Seoul, Korea, Republic Of) 2 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

logpaa.nemid.nord.20-214-170-172.cprapid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:4739 (None, )

ASN- ()

waust.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	cprapid.com 2 redirects logpaa.nemid.nord.20-214-170-172.cprapid.com	125 KB
1	waust.at waust.at	7 KB
1	unkhair.ac.id faperta.unkhair.ac.id	323 B
0	gstatic.com Failed www.gstatic.com Failed
0	amung.us Failed whos.amung.us Failed
0	dtscout.com Failed t.dtscout.com Failed
20	6

	Domain	Requested by
8	logpaa.nemid.nord.20-214-170-172.cprapid.com	2 redirects logpaa.nemid.nord.20-214-170-172.cprapid.com
1	waust.at	logpaa.nemid.nord.20-214-170-172.cprapid.com
1	faperta.unkhair.ac.id
0	www.gstatic.com Failed	logpaa.nemid.nord.20-214-170-172.cprapid.com
0	whos.amung.us Failed	waust.at
0	t.dtscout.com Failed	waust.at
20	6

This site contains no links.

Subject Issuer	Validity	Valid
faperta.unkhair.ac.id cPanel, Inc. Certification Authority	`2022-06-28` - `2022-09-26`	3 months	crt.sh
logpaa.nemid.nord.20-214-170-172.cprapid.com cPanel, Inc. Certification Authority	`2022-08-22` - `2022-11-20`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-07-04` - `2023-07-04`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/login.php
Frame ID: 4911F137550B900D27FB3B88EC181E21
Requests: 19 HTTP requests in this frame

Frame: https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/frame/login.php
Frame ID: FB94ABB747B4402E98556018A435F517
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://faperta.unkhair.ac.id/wp-admin/css/redirect.html Page URL
https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa HTTP 301
https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/ HTTP 302
https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/login.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

20
Requests

40 %
HTTPS

33 %
IPv6

6
Domains

6
Subdomains

4
IPs

2
Countries

132 kB
Transfer

137 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://faperta.unkhair.ac.id/wp-admin/css/redirect.html Page URL
https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa HTTP 301
https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/ HTTP 302
https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 redirect.html Show response
faperta.unkhair.ac.id/wp-admin/css/ 106 B
323 B 729ms
232ms Document
text/html 103.11.132.4
CAPOENG-AS-ID PT ...

General

Check archive.org

Show headers Download Go to

Full URL

https://faperta.unkhair.ac.id/wp-admin/css/redirect.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

103.11.132.4 , Indonesia, ASN138829 (CAPOENG-AS-ID PT Capoeng Digital Nusantara, ID),

Reverse DNS

khairun.capoeng.id

Software

nginx /

Resource Hash

dc0184956e86bdc6e3c48a069860f364b2785ab39086b0fc226b41a5f98c576b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: da-DK,da;q=0.9

Response headers

accept-ranges: bytes
content-length: 106
content-type: text/html
date: Wed, 24 Aug 2022 10:06:07 GMT
last-modified: Fri, 01 Jul 2022 02:56:23 GMT
server: nginx
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

Primary Request login.php Show response
logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/
Redirect Chain

https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa
https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/
https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/login.php

18 KB
18 KB

290ms
290ms

Document
text/html

20.214.170.172
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/login.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.214.170.172 Seoul, Korea, Republic Of, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache /
Resource Hash: a23f7bb3b2b8a668f70cdf3b5224902cc3c929ae65de23f0307c679ecc218c5c

Request headers

Referer: https://faperta.unkhair.ac.id/wp-admin/css/redirect.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: da-DK,da;q=0.9

Response headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Wed, 24 Aug 2022 10:06:11 GMT
Keep-Alive: timeout=5, max=100
Server: Apache
Transfer-Encoding: chunked

Redirect headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Wed, 24 Aug 2022 10:06:11 GMT
Keep-Alive: timeout=5, max=99
Server: Apache
Transfer-Encoding: chunked
location: login.php

GET
H2 200 d.js Show response
waust.at/ 14 KB
7 KB 224ms
62ms Script
application/x-javascript 2606:4700:20::ac43:4739

General

Check archive.org

Show headers Download Go to

Full URL: https://waust.at/d.js
Requested by: Host: logpaa.nemid.nord.20-214-170-172.cprapid.com
URL: https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/login.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4739 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 95c9628c1b9999a708886345c166c5234c9e0f4e8f540939a0e2fe66168d320c

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://logpaa.nemid.nord.20-214-170-172.cprapid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:06:11 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2243
last-modified: Mon, 08 Aug 2022 16:39:47 GMT
server: cloudflare
etag: W/"62f13c53-397a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2rf05FIWZNWt%2Bv35D5bSzoXv1Ljyz07jf3%2FjtHgWoW4rS%2BVp3x8C%2B183hGB%2FAbeiZ7Q5XASCYw%2FsJn2Us2igb558mifhNDmMb9boyuq02w78iXhddGCN91LXVHjmQVmIMhTRU0ee"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=86400
cf-ray: 73fb461c5bd49b3d-FRA
expires: Thu, 25 Aug 2022 09:28:48 GMT

GET
H/1.1 200
OK styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/all/ 45 KB
45 KB 265ms
265ms Stylesheet
text/css 20.214.170.172
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/all/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
Requested by: Host: logpaa.nemid.nord.20-214-170-172.cprapid.com
URL: https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/login.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.214.170.172 Seoul, Korea, Republic Of, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache /
Resource Hash: 068ee6c88c6d2629f9a797dac9288490b736f0c944d9a46d566da7cd8f913a1b

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 24 Aug 2022 10:06:11 GMT
Last-Modified: Sat, 06 Aug 2022 13:29:08 GMT
Server: Apache
Content-Type: text/css
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 46070
Expires: 0

GET
H/1.1 200
OK translateelement.css
logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/all/ 18 KB
19 KB 517ms
264ms Stylesheet
text/css 20.214.170.172
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/all/translateelement.css
Requested by: Host: logpaa.nemid.nord.20-214-170-172.cprapid.com
URL: https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/login.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.214.170.172 Seoul, Korea, Republic Of, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache /
Resource Hash: 5d0a6e3bc914db376bf187c380750b197c317e1bf40fab9ad959ad5facd8f9ed

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 24 Aug 2022 10:06:12 GMT
Last-Modified: Fri, 14 May 2021 01:23:30 GMT
Server: Apache
Content-Type: text/css
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 18724
Expires: 0

GET
H/1.1 200
OK banner.png
logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/all/ 39 KB
40 KB 280ms
280ms Image
image/png 20.214.170.172
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/all/banner.png
Requested by: Host: logpaa.nemid.nord.20-214-170-172.cprapid.com
URL: https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/login.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.214.170.172 Seoul, Korea, Republic Of, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache /
Resource Hash: 9fc5b5c44107cfc6701be07fa5d5a4d7ab066607dd7ab6e9f396ac709e28424f

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 24 Aug 2022 10:06:12 GMT
Last-Modified: Sat, 06 Aug 2022 12:35:04 GMT
Server: Apache
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 40339
Expires: 0

GET
H/1.1 200
OK nemid-830ab2367a74a48b4e61ce97be19c0bd.svg
logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/all/ 2 KB
3 KB 279ms
278ms Image
image/svg+xml 20.214.170.172
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/all/nemid-830ab2367a74a48b4e61ce97be19c0bd.svg
Requested by: Host: logpaa.nemid.nord.20-214-170-172.cprapid.com
URL: https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/login.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.214.170.172 Seoul, Korea, Republic Of, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache /
Resource Hash: 6bb27299ef7a2f71792920ae936f4f0800cf1a43ff5f8b4c835233fde4c1e387

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 24 Aug 2022 10:06:12 GMT
Last-Modified: Fri, 14 May 2021 01:23:30 GMT
Server: Apache
Content-Type: image/svg+xml
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 2285
Expires: 0

GET /
t.dtscout.com/i/ 0
0

GET something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg
logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/all/ 0
0

GET cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg
logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/all/ 0
0

GET no-connection-83f79e2367a313b468986e12a237c346.svg
logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/all/ 0
0

GET empty-3857ebe69f653487f8c9d99adde4657f.svg
logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/all/ 0
0

GET technical-error-91ca9eec9eed6ed945355d650bb10d41.svg
logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/all/ 0
0

GET
H/1.1 404
Not Found scripts-6db7f1f3edd0e72b01f4957bf91c3b91.js.download
logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/all/ 0
0 271ms
271ms Script
text/html 20.214.170.172
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/all/scripts-6db7f1f3edd0e72b01f4957bf91c3b91.js.download
Requested by: Host: logpaa.nemid.nord.20-214-170-172.cprapid.com
URL: https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/login.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.214.170.172 Seoul, Korea, Republic Of, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 24 Aug 2022 10:06:12 GMT
Server: Apache
Transfer-Encoding: chunked
Content-Type: text/html
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Expires: 0

GET translate_24dp.png
logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/all/ 0
0

GET login.php
logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/frame/ Frame FB94 0
0

GET b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff
logpaa.nemid.nord.20-214-170-172.cprapid.com/assets/ 0
0

GET aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff
logpaa.nemid.nord.20-214-170-172.cprapid.com/assets/ 0
0

GET /
whos.amung.us/pingjs/ 0
0

GET translate_24dp.png
www.gstatic.com/images/branding/product/2x/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: t.dtscout.com
URL: https://t.dtscout.com/i/?l=https%3A%2F%2Flogpaa.nemid.nord.20-214-170-172.cprapid.com%2Flogpaa%2Flogin.php&j=https%3A%2F%2Ffaperta.unkhair.ac.id%2F

Domain: logpaa.nemid.nord.20-214-170-172.cprapid.com
URL: https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/all/something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg

Domain: logpaa.nemid.nord.20-214-170-172.cprapid.com
URL: https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/all/cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg

Domain: logpaa.nemid.nord.20-214-170-172.cprapid.com
URL: https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/all/no-connection-83f79e2367a313b468986e12a237c346.svg

Domain: logpaa.nemid.nord.20-214-170-172.cprapid.com
URL: https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/all/empty-3857ebe69f653487f8c9d99adde4657f.svg

Domain: logpaa.nemid.nord.20-214-170-172.cprapid.com
URL: https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/all/technical-error-91ca9eec9eed6ed945355d650bb10d41.svg

Domain: logpaa.nemid.nord.20-214-170-172.cprapid.com
URL: https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/all/translate_24dp.png

Domain: logpaa.nemid.nord.20-214-170-172.cprapid.com
URL: https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/frame/login.php

Domain: logpaa.nemid.nord.20-214-170-172.cprapid.com
URL: https://logpaa.nemid.nord.20-214-170-172.cprapid.com/assets/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff

Domain: logpaa.nemid.nord.20-214-170-172.cprapid.com
URL: https://logpaa.nemid.nord.20-214-170-172.cprapid.com/assets/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff

Domain: whos.amung.us
URL: https://whos.amung.us/pingjs/?k=norddd02&t=Nordea%20identification&c=d&x=https%3A%2F%2Flogpaa.nemid.nord.20-214-170-172.cprapid.com%2Flogpaa%2Flogin.php&y=https%3A%2F%2Ffaperta.unkhair.ac.id%2F&a=0&v=27&r=9655

Domain: www.gstatic.com
URL: https://www.gstatic.com/images/branding/product/2x/translate_24dp.png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Nordea (Banking)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://logpaa.nemid.nord.20-214-170-172.cprapid.com/logpaa/all/scripts-6db7f1f3edd0e72b01f4957bf91c3b91.js.download Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

faperta.unkhair.ac.id
logpaa.nemid.nord.20-214-170-172.cprapid.com
t.dtscout.com
waust.at
whos.amung.us
www.gstatic.com
logpaa.nemid.nord.20-214-170-172.cprapid.com
t.dtscout.com
whos.amung.us
www.gstatic.com
103.11.132.4
20.214.170.172
2606:4700:20::ac43:4739
068ee6c88c6d2629f9a797dac9288490b736f0c944d9a46d566da7cd8f913a1b
5d0a6e3bc914db376bf187c380750b197c317e1bf40fab9ad959ad5facd8f9ed
6bb27299ef7a2f71792920ae936f4f0800cf1a43ff5f8b4c835233fde4c1e387
95c9628c1b9999a708886345c166c5234c9e0f4e8f540939a0e2fe66168d320c
9fc5b5c44107cfc6701be07fa5d5a4d7ab066607dd7ab6e9f396ac709e28424f
a23f7bb3b2b8a668f70cdf3b5224902cc3c929ae65de23f0307c679ecc218c5c
dc0184956e86bdc6e3c48a069860f364b2785ab39086b0fc226b41a5f98c576b

logpaa.nemid.nord.20-214-170-172.cprapid.com Open in urlscan Pro 20.214.170.172 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

20 Requests

40 %HTTPS

33 %IPv6

6 Domains

6 Subdomains

4 IPs

2 Countries

132 kBTransfer

137 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

0 Cookies

1 Console Messages

Security Headers

Indicators

logpaa.nemid.nord.20-214-170-172.cprapid.com Open in urlscan Pro
20.214.170.172 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

40 %
HTTPS

33 %
IPv6

6
Domains

6
Subdomains

4
IPs

2
Countries

132 kB
Transfer

137 kB
Size

0
Cookies

20 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!