bmctx-65912171f3e5c4172c165111cc0c425a07a975.lp2msasbabel.ac.id
Open in
urlscan Pro
5.22.221.225
Malicious Activity!
Public Scan
Submitted URL: https://baghlan.gov.af/web/core/lib/
Effective URL: https://bmctx-65912171f3e5c4172c165111cc0c425a07a975.lp2msasbabel.ac.id/id-logs-5221225/poc/LoginServices/main/umzug.php
Submission: On October 17 via manual from AT — Scanned from AT
Effective URL: https://bmctx-65912171f3e5c4172c165111cc0c425a07a975.lp2msasbabel.ac.id/id-logs-5221225/poc/LoginServices/main/umzug.php
Submission: On October 17 via manual from AT — Scanned from AT
Summary
This website contacted 5 IPs
in 4 countries
across 4 domains to perform 11 HTTP transactions.
The main IP is 5.22.221.225, located in
Finland and
belongs to UPCLOUD, FI.
The main domain is bmctx-65912171f3e5c4172c165111cc0c425a07a975.lp2msasbabel.ac.id.
TLS certificate: Issued by R3 on October 5th 2023. Valid for: 3 months.
This is the only time bmctx-65912171f3e5c4172c165111cc0c425a07a975.lp2msasbabel.ac.id was scanned on urlscan.io!
TLS certificate: Issued by R3 on October 5th 2023. Valid for: 3 months.
This is the only time bmctx-65912171f3e5c4172c165111cc0c425a07a975.lp2msasbabel.ac.id was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Österreichische Post (Transportation)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 | 103.132.98.224 103.132.98.224 | 58469 (MOCI-AS-A...) (MOCI-AS-AP Ministry of Communication & IT) | |
| 2 6 | 5.22.221.225 5.22.221.225 | 202053 (UPCLOUD) (UPCLOUD) | |
| 2 | 152.199.21.175 152.199.21.175 | 15133 (EDGECAST) (EDGECAST) | |
| 4 | 104.17.24.14 104.17.24.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 11 | 5 |
1
103.132.98.224
(Afghanistan)
ASN58469 (MOCI-AS-AP Ministry of Communication & IT, AF)
PTR: rate.afghanpost.gov.af
ASN58469 (MOCI-AS-AP Ministry of Communication & IT, AF)
PTR: rate.afghanpost.gov.af
| baghlan.gov.af |
6
5.22.221.225
(Finland)
ASN202053 (UPCLOUD, FI)
PTR: 5-22-221-225.pl-waw1.upcloud.host
ASN202053 (UPCLOUD, FI)
PTR: 5-22-221-225.pl-waw1.upcloud.host
| bmctx-65912171f3e5c4172c165111cc0c425a07a975.lp2msasbabel.ac.id |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 6 |
lp2msasbabel.ac.id
2 redirects
bmctx-65912171f3e5c4172c165111cc0c425a07a975.lp2msasbabel.ac.id |
2 MB |
| 4 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 250 |
76 KB |
| 2 |
post.at
assets.post.at |
15 KB |
| 1 |
baghlan.gov.af
baghlan.gov.af |
681 B |
| 11 | 4 |
| Domain | Requested by | |
|---|---|---|
| 6 | bmctx-65912171f3e5c4172c165111cc0c425a07a975.lp2msasbabel.ac.id |
2 redirects
bmctx-65912171f3e5c4172c165111cc0c425a07a975.lp2msasbabel.ac.id
|
| 4 | cdnjs.cloudflare.com |
bmctx-65912171f3e5c4172c165111cc0c425a07a975.lp2msasbabel.ac.id
|
| 2 | assets.post.at |
bmctx-65912171f3e5c4172c165111cc0c425a07a975.lp2msasbabel.ac.id
|
| 1 | baghlan.gov.af | |
| 11 | 4 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.facebook.com |
| www.youtube.com |
| www.linkedin.com |
| www.instagram.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| www.baghlan.gov.af R3 |
2023-09-28 - 2023-12-27 |
3 months | crt.sh |
| bmctx-65912171f3e5c4172c165111cc0c425a07a975.lp2msasbabel.ac.id R3 |
2023-10-05 - 2024-01-03 |
3 months | crt.sh |
| assets.post.at EuropeanSSL Server CA 2 |
2023-04-12 - 2024-05-12 |
a year | crt.sh |
| sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://bmctx-65912171f3e5c4172c165111cc0c425a07a975.lp2msasbabel.ac.id/id-logs-5221225/poc/LoginServices/main/umzug.php
Frame ID: BEAEF10CF99AB35DB6008A3B009A723B
Requests: 21 HTTP requests in this frame
Screenshot
Page Title
Post AgUmzug - PostAGPage URL History Show full URLs
- https://baghlan.gov.af/web/core/lib/ Page URL
-
https://bmctx-65912171f3e5c4172c165111cc0c425a07a975.lp2msasbabel.ac.id/id-logs-5221225/poc
HTTP 301
https://bmctx-65912171f3e5c4172c165111cc0c425a07a975.lp2msasbabel.ac.id/id-logs-5221225/poc/ HTTP 302
https://bmctx-65912171f3e5c4172c165111cc0c425a07a975.lp2msasbabel.ac.id/id-logs-5221225/poc/LoginServices/index.php?execution=e2s1 Page URL
- https://bmctx-65912171f3e5c4172c165111cc0c425a07a975.lp2msasbabel.ac.id/id-logs-5221225/poc/LoginServices/main/umzug.php Page URL
Detected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
URL: https://www.facebook.com/unserepost
Title: Post auf facebook
Title: Post auf facebook
Search URL Search Domain Scan URL
URL: https://www.youtube.com/user/unserepost
Title: Post auf YouTube
Title: Post auf YouTube
Search URL Search Domain Scan URL
URL: https://www.linkedin.com/company/%C3%B6sterreichische-post-ag
Title: Post auf LinkedIn
Title: Post auf LinkedIn
Search URL Search Domain Scan URL
URL: https://www.instagram.com/unserepost/
Title: Post auf Instagram
Title: Post auf Instagram
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://baghlan.gov.af/web/core/lib/ Page URL
-
https://bmctx-65912171f3e5c4172c165111cc0c425a07a975.lp2msasbabel.ac.id/id-logs-5221225/poc
HTTP 301
https://bmctx-65912171f3e5c4172c165111cc0c425a07a975.lp2msasbabel.ac.id/id-logs-5221225/poc/ HTTP 302
https://bmctx-65912171f3e5c4172c165111cc0c425a07a975.lp2msasbabel.ac.id/id-logs-5221225/poc/LoginServices/index.php?execution=e2s1 Page URL
- https://bmctx-65912171f3e5c4172c165111cc0c425a07a975.lp2msasbabel.ac.id/id-logs-5221225/poc/LoginServices/main/umzug.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://bmctx-65912171f3e5c4172c165111cc0c425a07a975.lp2msasbabel.ac.id/id-logs-5221225/poc HTTP 301
- https://bmctx-65912171f3e5c4172c165111cc0c425a07a975.lp2msasbabel.ac.id/id-logs-5221225/poc/ HTTP 302
- https://bmctx-65912171f3e5c4172c165111cc0c425a07a975.lp2msasbabel.ac.id/id-logs-5221225/poc/LoginServices/index.php?execution=e2s1
11 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
/
baghlan.gov.af/web/core/lib/ |
233 B 681 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
index.php
bmctx-65912171f3e5c4172c165111cc0c425a07a975.lp2msasbabel.ac.id/id-logs-5221225/poc/LoginServices/ Redirect Chain
|
1 MB 492 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Post_Horn_Mini_positiv_RGB_Neu.png
assets.post.at/-/media/Bilder/Investor-Relations/Logos/ |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
box.png
bmctx-65912171f3e5c4172c165111cc0c425a07a975.lp2msasbabel.ac.id/id-logs-5221225/poc/LoginServices/ |
452 KB 452 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.1.0/ |
84 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
imask.min.js
cdnjs.cloudflare.com/ajax/libs/imask/3.4.0/ |
45 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
534 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
21 KB 21 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
108 KB 108 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
21 KB 21 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
21 KB 21 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Primary Request
umzug.php
bmctx-65912171f3e5c4172c165111cc0c425a07a975.lp2msasbabel.ac.id/id-logs-5221225/poc/LoginServices/main/ |
1 MB 491 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Post_Horn_Mini_positiv_RGB_Neu.png
assets.post.at/-/media/Bilder/Investor-Relations/Logos/ |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
box.png
bmctx-65912171f3e5c4172c165111cc0c425a07a975.lp2msasbabel.ac.id/id-logs-5221225/poc/LoginServices/ |
452 KB 452 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.1.0/ |
84 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
imask.min.js
cdnjs.cloudflare.com/ajax/libs/imask/3.4.0/ |
45 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
534 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
21 KB 21 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
108 KB 108 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
21 KB 21 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
21 KB 21 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Österreichische Post (Transportation)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| date number| year number| month number| day function| $ function| jQuery object| __core-js_shared__ object| core function| IMask0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.post.at
baghlan.gov.af
bmctx-65912171f3e5c4172c165111cc0c425a07a975.lp2msasbabel.ac.id
cdnjs.cloudflare.com
103.132.98.224
104.17.24.14
152.199.21.175
5.22.221.225
032dc5bfa56b44c946b2c85427784bfa7142591036cbe9e359cfb0a0f4f80e86
26715b46bcef43103c5f59b1d6434631585bf4da036d61862c5ea14bdb028249
281442cf45996ccfa2562eab455e17d37f070b15fad6faa1f90db74b6fa0ab5d
517c71cee30a3ff535c61b6dc8b1708bc9b4afadb809c7440216e065b4f4b8c4
702b9e051e82b32038ffdb33a4f7eb5f7b38f4cf6f514e4182d8898f4eb0b7fb
83c1036474a804140d06a88fb47b00145f2b772ee6a732f2b1a169dcbadbf27e
8b76b3502583edddf22df0b9c6ee640053a2cdfeaa113ceff3ea9b61d1f6410d
92ccff15c08a6f16916e3ee6356f4a19e16451acbba3b364df2c34ba84670698
933bff0361186c08db1d4359090544c77cf38d9e6fde710c61d67bb2dbb6a832
a3b9b469d31790096180616fae0155d3af8088924ef1d724bfd085ff3d12f075
e1a6432e8aff5d2e64ebbcb411139e62ac9225ac7ea6a4cc904965c8ab83a4ed
e66c55a13e8ff83ac2b52a952007ad7a20f633872d94645ebcf7671948c390a6