fuad.iainptk.ac.id Open in urlscan Pro
103.148.49.148 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://correosly-cliente-url.com/
Effective URL:
https://fuad.iainptk.ac.id/wp-content/upgrade/CrreosTrack/auth/billing.php
Submission: On September 28 via api (September 28th 2022, 4:04:18 am UTC) from JP — Scanned from FR

Summary HTTP 5 Redirects Links 38 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 5 HTTP transactions. The main IP is 103.148.49.148, located in Indonesia and belongs to BCMEDIA-AS-ID PT. Borneo Cakrawala Media, ID. The main domain is fuad.iainptk.ac.id.
TLS certificate: Issued by RapidSSL TLS DV RSA Mixed SHA256 2020... on October 25th 2021. Valid for: a year.

This is the only time fuad.iainptk.ac.id was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Correos Express (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 2	37.44.237.237 37.44.237.237	49434 (HARMONYHO...) (HARMONYHOSTING-AS)
2 6	103.148.49.148 103.148.49.148	139983 (BCMEDIA-A...) (BCMEDIA-AS-ID PT. Borneo Cakrawala Media)
5	3

2 37.44.237.237 (France) 1 redirects

ASN49434 (HARMONYHOSTING-AS, FR)

correosly-cliente-url.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 103.148.49.148 (Indonesia) 2 redirects

ASN139983 (BCMEDIA-AS-ID PT. Borneo Cakrawala Media, ID)

fuad.iainptk.ac.id	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	iainptk.ac.id 2 redirects fuad.iainptk.ac.id	3 MB
2	correosly-cliente-url.com 1 redirects correosly-cliente-url.com	453 B
5	2

	Domain	Requested by
6	fuad.iainptk.ac.id	2 redirects correosly-cliente-url.com fuad.iainptk.ac.id
2	correosly-cliente-url.com	1 redirects
5	2

This site contains links to these domains. Also see Links.

Domain
my.20i.com
correos-expres.com
www.stackstatus.com
twitter.com
www.facebook.com
www.instagram.com
www.youtube.com

Subject Issuer	Validity	Valid
correosly-cliente-url.com R3	`2022-09-27` - `2022-12-26`	3 months	crt.sh
*.iainptk.ac.id RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-10-25` - `2022-10-25`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://fuad.iainptk.ac.id/wp-content/upgrade/CrreosTrack/auth/billing.php
Frame ID: 7E8D6DA5B22ADED19AC94A4C320477BE
Requests: 28 HTTP requests in this frame

Frame: https://fuad.iainptk.ac.id/wp-content/upgrade/CrreosTrack/auth/css/saved_resource.html
Frame ID: E84E6C39FBC346FA01C3E970272AB5E5
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

CORREOS EXPRESS

Page URL History Show full URLs

http://correosly-cliente-url.com/ HTTP 301
https://correosly-cliente-url.com/ Page URL
https://fuad.iainptk.ac.id/wp-content/upgrade/CrreosTrack/ HTTP 302
https://fuad.iainptk.ac.id/wp-content/upgrade/CrreosTrack/auth/index.php HTTP 302
https://fuad.iainptk.ac.id/wp-content/upgrade/CrreosTrack/auth/billing.php Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

3172 kB
Transfer

3214 kB
Size

1
Cookies

38 Outgoing links

These are links going to different origins than the main page.

URL: https://my.20i.com/account/security-details
Title: Security Details

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ correosly-cliente-url.com/ Redirect Chain http://correosly-cliente-url.com/ https://correosly-cliente-url.com/	94 B 251 B	72ms 27ms	Document text/html	37.44.237.237 HARMONYHOSTING-AS
General Check archive.org Show headers Download Go to Full URL https://correosly-cliente-url.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 37.44.237.237 , France, ASN49434 (HARMONYHOSTING-AS, FR), Reverse DNS Software nginx / PHP/8.0.23 PleskLin Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers content-encoding gzip content-length 103 content-type text/html; charset=UTF-8 date Wed, 28 Sep 2022 04:04:05 GMT server nginx vary Accept-Encoding x-powered-by PHP/8.0.23 PleskLin Redirect headers Connection keep-alive Content-Length 162 Content-Type text/html Date Wed, 28 Sep 2022 04:04:05 GMT Location https://correosly-cliente-url.com/ Server nginx
GET H/1.1	200 OK	Primary Request billing.php Show response fuad.iainptk.ac.id/wp-content/upgrade/CrreosTrack/auth/ Redirect Chain https://fuad.iainptk.ac.id/wp-content/upgrade/CrreosTrack/ https://fuad.iainptk.ac.id/wp-content/upgrade/CrreosTrack/auth/index.php https://fuad.iainptk.ac.id/wp-content/upgrade/CrreosTrack/auth/billing.php	3 MB 3 MB	301ms 300ms	Document text/html	103.148.49.148 BCMEDIA-AS-ID PT....
General Check archive.org Show headers Download Go to Full URL https://fuad.iainptk.ac.id/wp-content/upgrade/CrreosTrack/auth/billing.php Requested by Host: correosly-cliente-url.com URL: https://correosly-cliente-url.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.148.49.148 , Indonesia, ASN139983 (BCMEDIA-AS-ID PT. Borneo Cakrawala Media, ID), Reverse DNS Software Apache / Resource Hash `6961a8cba3c786a64899204a9176862ee8b62eb7de409161001c3a5130536901` Request headers Referer https://correosly-cliente-url.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Wed, 28 Sep 2022 04:04:09 GMT Keep-Alive timeout=5, max=98 Server Apache Transfer-Encoding chunked Redirect headers Connection Keep-Alive Content-Length 0 Content-Type text/html; charset=UTF-8 Date Wed, 28 Sep 2022 04:04:08 GMT Keep-Alive timeout=5, max=99 Location ./billing.php Server Apache
GET DATA	200 OK	truncated /	87 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a6a264fcf8de3aa65725d522d1961a7cf0f9ff1684c8bfa39b694a587f498838` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	678 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5094cde015900dde7aa2d5599921a9304459be5a7e85291796731ee908b0c747` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	316 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `0e21ef24acc232692acbdc6e1d807b8676f303cb6aa712b034eac57b1c1bd7e8` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	640 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `40a4a34e9ea55da951b61b66e108e2305d825b1b11e28ac1c4d4d09dca1b5a80` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	87 KB 87 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `58b7c61e1b6d4cba2e3ccd1bd081481f7d48a1da5b35e47ef029cb6d28ec52b4` Request headers Referer Origin https://fuad.iainptk.ac.id accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	86 KB 86 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `61d8968ed8c08aa50e640cf07b221f92fbc26007d20c68a2cc5412b24c663f68` Request headers Referer Origin https://fuad.iainptk.ac.id accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	87 KB 87 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `e617708035d1a5f61ca23a9efcaa30f7b65649b560a3dd7477282230a8840879` Request headers Referer Origin https://fuad.iainptk.ac.id accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	414 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `8e15466c672a38900ae958b7e18ee8a25589f5bfb6998678a5b30493cb47f6da` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Content-Type image/svg+xml
GET H/1.1	200 OK	log.png fuad.iainptk.ac.id/wp-content/upgrade/CrreosTrack/auth/css/	52 KB 53 KB	281ms 281ms	Image image/png	103.148.49.148 BCMEDIA-AS-ID PT....
General Check archive.org Show headers Download Go to Show image Full URL https://fuad.iainptk.ac.id/wp-content/upgrade/CrreosTrack/auth/css/log.png Requested by Host: fuad.iainptk.ac.id URL: https://fuad.iainptk.ac.id/wp-content/upgrade/CrreosTrack/auth/billing.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.148.49.148 , Indonesia, ASN139983 (BCMEDIA-AS-ID PT. Borneo Cakrawala Media, ID), Reverse DNS Software Apache / Resource Hash `14c0e71a41f3252a93770c009b1bd81abd8337b565091b71291d925f44f92422` Request headers accept-language fr-FR,fr;q=0.9 Referer https://fuad.iainptk.ac.id/wp-content/upgrade/CrreosTrack/auth/billing.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Wed, 28 Sep 2022 04:04:12 GMT Last-Modified Sat, 07 May 2022 09:59:26 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 53646
GET DATA	200 OK	truncated /	835 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5c62667f8f886c1a6dec5977964e4db9b814405157181384ec5a773822ee5778` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	987 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `1ec6e82748f284a0d8222517f684c837ee5433334c2cd5a9b6a3687524e68188` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	86 KB 86 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `12a76aff22e9d36b99a6273b904c5d2752c3d9ccf1e1ee1e1f304dc0db2aab49` Request headers Referer Origin https://fuad.iainptk.ac.id accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	44 KB 44 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `408fe165dff48eb2f8cb3a2fcbc1dd92b94d56b4ab11813be55c776871c691cf` Request headers Referer Origin https://fuad.iainptk.ac.id accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	1 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d7410816cb59cb68f2ccca6194eaf3c91ee8414d79bd6a1e6b81bc552ad26ded` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	3 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `e4421c3e170b31a73c9b330433ba42f74522ed5387a7f45ef86901f96894ec2f` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	4 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `cd980630b27cc13bd3daa9b8b23887afca163eb1cdde71e917df1912c44ce81a` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	87 KB 87 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5e2ac34e292b6f15c645dc4e756f01a452cf63dc0817301ad34b1c9bc6a0afa3` Request headers Referer Origin https://fuad.iainptk.ac.id accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	45 KB 45 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `46b518780343f2262e168bea5146d1ff30a6253191cc61b486657c76a58fb2bb` Request headers Referer Origin https://fuad.iainptk.ac.id accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Content-Type font/woff2

fuad.iainptk.ac.id Open in urlscan Pro 103.148.49.148 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

5 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

3172 kBTransfer

3214 kBSize

1 Cookies

38 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 24 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

fuad.iainptk.ac.id Open in urlscan Pro
103.148.49.148 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

3172 kB
Transfer

3214 kB
Size

1
Cookies

5 HTTP transactions
24 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!