fa.unjani.ac.id - urlscan.io

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 6 HTTP transactions. The main IP is 103.28.12.114, located in Jakarta, Indonesia and belongs to QWORDS-AS-ID PT Qwords Company International, ID. The main domain is fa.unjani.ac.id.
TLS certificate: Issued by R3 on August 12th 2021. Valid for: 3 months.

This is the only time fa.unjani.ac.id was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address		AS Autonomous System
6	103.28.12.114 103.28.12.114		58404 (QWORDS-AS...) (QWORDS-AS-ID PT Qwords Company International)
6	1

6 103.28.12.114 (Jakarta, Indonesia)

ASN58404 (QWORDS-AS-ID PT Qwords Company International, ID)
PTR: popcorn3.fastcloud.id

fa.unjani.ac.id	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	unjani.ac.id fa.unjani.ac.id	61 KB
6	1

	Domain	Requested by
6	fa.unjani.ac.id	fa.unjani.ac.id
6	1

This site contains no links.

Subject Issuer	Validity	Valid
fa.unjani.ac.id R3	`2021-08-12` - `2021-11-10`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://fa.unjani.ac.id/last/importon/422b08ca154b3fc83110f0b46a9c8444/signinsecure.php?country.x=&locale.x=_&customer.x=ID-PA
Frame ID: 5551E08A22941D0A70E765BB6E58B01E
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

() Log in to your account

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

61 kB
Transfer

204 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request signinsecure.php Show response fa.unjani.ac.id/last/importon/422b08ca154b3fc83110f0b46a9c8444/	8 KB 2 KB	2921ms 248ms	Document text/html	103.28.12.114 QWORDS-AS-ID PT Q...
General Check archive.org Show headers Download Go to Full URL https://fa.unjani.ac.id/last/importon/422b08ca154b3fc83110f0b46a9c8444/signinsecure.php?country.x=&locale.x=_&customer.x=ID-PA Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 103.28.12.114 Jakarta, Indonesia, ASN58404 (QWORDS-AS-ID PT Qwords Company International, ID), Reverse DNS popcorn3.fastcloud.id Software Apache/2 / Resource Hash `b0b030e0f813e0b52688bf89e1d73ee929099df6b7943dd545f29ec6837bb790` Request headers :method GET :authority fa.unjani.ac.id :scheme https :path /last/importon/422b08ca154b3fc83110f0b46a9c8444/signinsecure.php?country.x=&locale.x=_&customer.x=ID-PA pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers date Mon, 04 Oct 2021 23:10:38 GMT server Apache/2 expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate pragma no-cache set-cookie PHPSESSID=8d63335seb4ed04emgroei255t; path=/ vary Accept-Encoding,User-Agent content-encoding gzip content-length 2016 content-type text/html; charset=UTF-8
GET H2	200	log.css fa.unjani.ac.id/last/importon/422b08ca154b3fc83110f0b46a9c8444/asset/css/	88 KB 14 KB	180ms 179ms	Stylesheet text/css	103.28.12.114 QWORDS-AS-ID PT Q...
General Check archive.org Show headers Download Go to Full URL https://fa.unjani.ac.id/last/importon/422b08ca154b3fc83110f0b46a9c8444/asset/css/log.css Requested by Host: fa.unjani.ac.id URL: https://fa.unjani.ac.id/last/importon/422b08ca154b3fc83110f0b46a9c8444/signinsecure.php?country.x=&locale.x=_&customer.x=ID-PA Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 103.28.12.114 Jakarta, Indonesia, ASN58404 (QWORDS-AS-ID PT Qwords Company International, ID), Reverse DNS popcorn3.fastcloud.id Software Apache/2 / Resource Hash `487d67b6889d258911ed6d158c4c164638064eae3dc37a95acea0587afcb212b` Request headers :path /last/importon/422b08ca154b3fc83110f0b46a9c8444/asset/css/log.css pragma no-cache cookie PHPSESSID=8d63335seb4ed04emgroei255t accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode no-cors accept text/css,/;q=0.1 cache-control no-cache sec-fetch-dest style :authority fa.unjani.ac.id referer https://fa.unjani.ac.id/last/importon/422b08ca154b3fc83110f0b46a9c8444/signinsecure.php?country.x=&locale.x=_&customer.x=ID-PA :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://fa.unjani.ac.id/last/importon/422b08ca154b3fc83110f0b46a9c8444/signinsecure.php?country.x=&locale.x=_&customer.x=ID-PA User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Mon, 04 Oct 2021 23:10:39 GMT content-encoding gzip last-modified Sun, 03 Oct 2021 23:55:44 GMT server Apache/2 etag "15fa5-5cd7b88e22a0d-gzip" vary Accept-Encoding,User-Agent content-type text/css accept-ranges bytes content-length 13762
GET H2	200	jquery.min.js Show response fa.unjani.ac.id/last/importon/422b08ca154b3fc83110f0b46a9c8444/asset/js/	85 KB 30 KB	346ms 346ms	Script application/javascript	103.28.12.114 QWORDS-AS-ID PT Q...
General Check archive.org Show headers Download Go to Full URL https://fa.unjani.ac.id/last/importon/422b08ca154b3fc83110f0b46a9c8444/asset/js/jquery.min.js Requested by Host: fa.unjani.ac.id URL: https://fa.unjani.ac.id/last/importon/422b08ca154b3fc83110f0b46a9c8444/signinsecure.php?country.x=&locale.x=_&customer.x=ID-PA Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 103.28.12.114 Jakarta, Indonesia, ASN58404 (QWORDS-AS-ID PT Qwords Company International, ID), Reverse DNS popcorn3.fastcloud.id Software Apache/2 / Resource Hash `a28ccf8a7b50522bdeea0cd83cdeca221c18fc1f9df3ee6b3d3c48d599206855` Request headers :path /last/importon/422b08ca154b3fc83110f0b46a9c8444/asset/js/jquery.min.js pragma no-cache cookie PHPSESSID=8d63335seb4ed04emgroei255t accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode no-cors accept / cache-control no-cache sec-fetch-dest script :authority fa.unjani.ac.id referer https://fa.unjani.ac.id/last/importon/422b08ca154b3fc83110f0b46a9c8444/signinsecure.php?country.x=&locale.x=_&customer.x=ID-PA :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://fa.unjani.ac.id/last/importon/422b08ca154b3fc83110f0b46a9c8444/signinsecure.php?country.x=&locale.x=_&customer.x=ID-PA User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Mon, 04 Oct 2021 23:10:39 GMT content-encoding gzip last-modified Sun, 03 Oct 2021 23:55:48 GMT server Apache/2 etag "1538e-5cd7b8920adf5-gzip" vary Accept-Encoding,User-Agent content-type application/javascript accept-ranges bytes content-length 30305
GET H2	200	sign.js Show response fa.unjani.ac.id/last/importon/422b08ca154b3fc83110f0b46a9c8444/asset/js/	6 KB 2 KB	177ms 177ms	Script application/javascript	103.28.12.114 QWORDS-AS-ID PT Q...
General Check archive.org Show headers Download Go to Full URL https://fa.unjani.ac.id/last/importon/422b08ca154b3fc83110f0b46a9c8444/asset/js/sign.js Requested by Host: fa.unjani.ac.id URL: https://fa.unjani.ac.id/last/importon/422b08ca154b3fc83110f0b46a9c8444/signinsecure.php?country.x=&locale.x=_&customer.x=ID-PA Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 103.28.12.114 Jakarta, Indonesia, ASN58404 (QWORDS-AS-ID PT Qwords Company International, ID), Reverse DNS popcorn3.fastcloud.id Software Apache/2 / Resource Hash `0dd58a1acdf47594117cec814c8cfa1fd99b67981f235a44a7145805e1e7b169` Request headers :path /last/importon/422b08ca154b3fc83110f0b46a9c8444/asset/js/sign.js pragma no-cache cookie PHPSESSID=8d63335seb4ed04emgroei255t accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode no-cors accept / cache-control no-cache sec-fetch-dest script :authority fa.unjani.ac.id referer https://fa.unjani.ac.id/last/importon/422b08ca154b3fc83110f0b46a9c8444/signinsecure.php?country.x=&locale.x=_&customer.x=ID-PA :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://fa.unjani.ac.id/last/importon/422b08ca154b3fc83110f0b46a9c8444/signinsecure.php?country.x=&locale.x=_&customer.x=ID-PA User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Mon, 04 Oct 2021 23:10:39 GMT content-encoding gzip last-modified Sun, 03 Oct 2021 23:55:48 GMT server Apache/2 etag "196a-5cd7b8920b1dd-gzip" vary Accept-Encoding,User-Agent content-type application/javascript accept-ranges bytes content-length 1542
GET H2	200	loginlogo.svg fa.unjani.ac.id/last/importon/422b08ca154b3fc83110f0b46a9c8444/asset/img/	5 KB 2 KB	177ms 176ms	Image image/svg+xml	103.28.12.114 QWORDS-AS-ID PT Q...
General Check archive.org Show headers Download Go to Show image Full URL https://fa.unjani.ac.id/last/importon/422b08ca154b3fc83110f0b46a9c8444/asset/img/loginlogo.svg Requested by Host: fa.unjani.ac.id URL: https://fa.unjani.ac.id/last/importon/422b08ca154b3fc83110f0b46a9c8444/asset/css/log.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 103.28.12.114 Jakarta, Indonesia, ASN58404 (QWORDS-AS-ID PT Qwords Company International, ID), Reverse DNS popcorn3.fastcloud.id Software Apache/2 / Resource Hash `17d949ef8f2a0abe7289d7af4bb7d55fb2e25873adb8567e15ec1133d9388a08` Request headers :path /last/importon/422b08ca154b3fc83110f0b46a9c8444/asset/img/loginlogo.svg pragma no-cache cookie PHPSESSID=8d63335seb4ed04emgroei255t accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority fa.unjani.ac.id referer https://fa.unjani.ac.id/last/importon/422b08ca154b3fc83110f0b46a9c8444/asset/css/log.css :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://fa.unjani.ac.id/last/importon/422b08ca154b3fc83110f0b46a9c8444/asset/css/log.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Mon, 04 Oct 2021 23:10:39 GMT content-encoding gzip last-modified Sun, 03 Oct 2021 23:55:47 GMT server Apache/2 etag "131a-5cd7b8904dcdd-gzip" vary Accept-Encoding,User-Agent content-type image/svg+xml accept-ranges bytes content-length 1923
GET H2	200	sprite_forms_2x.png fa.unjani.ac.id/last/importon/422b08ca154b3fc83110f0b46a9c8444/asset/img/	11 KB 12 KB	176ms 176ms	Image image/png	103.28.12.114 QWORDS-AS-ID PT Q...
General Check archive.org Show headers Download Go to Show image Full URL https://fa.unjani.ac.id/last/importon/422b08ca154b3fc83110f0b46a9c8444/asset/img/sprite_forms_2x.png Requested by Host: fa.unjani.ac.id URL: https://fa.unjani.ac.id/last/importon/422b08ca154b3fc83110f0b46a9c8444/asset/css/log.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 103.28.12.114 Jakarta, Indonesia, ASN58404 (QWORDS-AS-ID PT Qwords Company International, ID), Reverse DNS popcorn3.fastcloud.id Software Apache/2 / Resource Hash `f5ebe9655b2bc4fbf5fc7468725ef3e3a143e881451d59b2cca680c29fa70cd8` Request headers :path /last/importon/422b08ca154b3fc83110f0b46a9c8444/asset/img/sprite_forms_2x.png pragma no-cache cookie PHPSESSID=8d63335seb4ed04emgroei255t accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority fa.unjani.ac.id referer https://fa.unjani.ac.id/last/importon/422b08ca154b3fc83110f0b46a9c8444/asset/css/log.css :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://fa.unjani.ac.id/last/importon/422b08ca154b3fc83110f0b46a9c8444/asset/css/log.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Mon, 04 Oct 2021 23:10:39 GMT last-modified Sun, 03 Oct 2021 23:55:47 GMT server Apache/2 accept-ranges bytes etag "2d7b-5cd7b89050fa5" content-length 11643 content-type image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster function| $ function| jQuery

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			fa.unjani.ac.id/	1969-12-31 23:59:59	Name: PHPSESSID Value: 8d63335seb4ed04emgroei255t

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fa.unjani.ac.id
103.28.12.114
0dd58a1acdf47594117cec814c8cfa1fd99b67981f235a44a7145805e1e7b169
17d949ef8f2a0abe7289d7af4bb7d55fb2e25873adb8567e15ec1133d9388a08
487d67b6889d258911ed6d158c4c164638064eae3dc37a95acea0587afcb212b
a28ccf8a7b50522bdeea0cd83cdeca221c18fc1f9df3ee6b3d3c48d599206855
b0b030e0f813e0b52688bf89e1d73ee929099df6b7943dd545f29ec6837bb790
f5ebe9655b2bc4fbf5fc7468725ef3e3a143e881451d59b2cca680c29fa70cd8

fa.unjani.ac.id Open in urlscan Pro 103.28.12.114 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

6 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

61 kBTransfer

204 kBSize

1 Cookies

0 Outgoing links

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

Indicators

fa.unjani.ac.id Open in urlscan Pro
103.28.12.114 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

61 kB
Transfer

204 kB
Size

1
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!