confirm-identification.my.id
Open in
urlscan Pro
2a06:98c1:3121::9
Malicious Activity!
Public Scan
Submission: On March 18 via automatic, source openphish — Scanned from NL
Summary
TLS certificate: Issued by E1 on March 18th 2024. Valid for: 3 months.
This is the only time confirm-identification.my.id was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2a06:98c1:312... 2a06:98c1:3121::9 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6810:5814 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 | 2606:4700:303... 2606:4700:3031::6815:14a8 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
7 | 4 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
asyu.de
wggxmjzx.asyu.de |
2 MB |
1 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 346 |
21 KB |
1 |
confirm-identification.my.id
confirm-identification.my.id |
801 B |
7 | 3 |
Domain | Requested by | |
---|---|---|
5 | wggxmjzx.asyu.de |
confirm-identification.my.id
wggxmjzx.asyu.de |
1 | cdn.jsdelivr.net |
confirm-identification.my.id
|
1 | confirm-identification.my.id | |
7 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
confirm-identification.my.id E1 |
2024-03-18 - 2024-06-16 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-05-02 - 2024-05-01 |
a year | crt.sh |
asyu.de GTS CA 1P5 |
2024-01-22 - 2024-04-21 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://confirm-identification.my.id/
Frame ID: C09F99853063B11331CADFCDDC9D30B6
Requests: 2 HTTP requests in this frame
Frame:
https://wggxmjzx.asyu.de/
Frame ID: F7A560692530061DDD3EFE6968815BE4
Requests: 6 HTTP requests in this frame
Screenshot
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
jsDelivr (CDN) Expand
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
confirm-identification.my.id/ |
848 B 801 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
cdn.jsdelivr.net/gh/penguasa-de/de@main/ |
118 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
wggxmjzx.asyu.de/ Frame F7A5 |
13 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style-pay.css
wggxmjzx.asyu.de/css/ Frame F7A5 |
443 KB 132 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pAy5sS6Se6DC.css
wggxmjzx.asyu.de/css/ Frame F7A5 |
43 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
dF5SId3UHWd.svg
wggxmjzx.asyu.de/ Frame F7A5 |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
data_portabilityprivacy_banner_003-1.gif
wggxmjzx.asyu.de/ Frame F7A5 |
2 MB 2 MB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame F7A5 |
135 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 00 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
confirm-identification.my.id
wggxmjzx.asyu.de
2606:4700:3031::6815:14a8
2606:4700::6810:5814
2a06:98c1:3121::9
3a289535b21e7592964b37c910789230947878dfdef5358aed9c24c924814928
4194fb4472202061ab0db48cd8908fdfc09e95ee60edd654cac0c4e5cef31806
4d75f785b402dd4e0cf48ea408a56c9d2550d87e0dbf1f860f1bae5b77911828
6d1121533db5ffa66c8e6b94d2fe9f751295a235ad54fc6b64766465486cb05b
839018dcfdd15fa04117988709203f996ca042c9be2ace387cac2e83a7361876
9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce
c2128b5b8a9ea02f0830a3b22c37023dae3f287e7ef5d91fbb4ff535c6b30675
ff2d01ed1d16e8b22d836440a3efa588452d6181df66f6aab6fd93741a4480c6