confirm-identification.my.id Open in urlscan Pro
2a06:98c1:3121::9  Malicious Activity! Public Scan

URL: https://confirm-identification.my.id/
Submission: On March 18 via automatic, source openphish — Scanned from NL

Summary

This website contacted 4 IPs in 1 countries across 3 domains to perform 7 HTTP transactions. The main IP is 2a06:98c1:3121::9, located in United States and belongs to CLOUDFLARENET, US. The main domain is confirm-identification.my.id.
TLS certificate: Issued by E1 on March 18th 2024. Valid for: 3 months.
This is the only time confirm-identification.my.id was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
5 2606:4700:303... 13335 (CLOUDFLAR...)
7 4
Apex Domain
Subdomains
Transfer
5 asyu.de
wggxmjzx.asyu.de
2 MB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 346
21 KB
1 confirm-identification.my.id
confirm-identification.my.id
801 B
7 3
Domain Requested by
5 wggxmjzx.asyu.de confirm-identification.my.id
wggxmjzx.asyu.de
1 cdn.jsdelivr.net confirm-identification.my.id
1 confirm-identification.my.id
7 3

This site contains no links.

Subject Issuer Validity Valid
confirm-identification.my.id
E1
2024-03-18 -
2024-06-16
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-05-02 -
2024-05-01
a year crt.sh
asyu.de
GTS CA 1P5
2024-01-22 -
2024-04-21
3 months crt.sh

This page contains 2 frames:

Primary Page: https://confirm-identification.my.id/
Frame ID: C09F99853063B11331CADFCDDC9D30B6
Requests: 2 HTTP requests in this frame

Frame: https://wggxmjzx.asyu.de/
Frame ID: F7A560692530061DDD3EFE6968815BE4
Requests: 6 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

7
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

4
IPs

1
Countries

1941 kB
Transfer

2395 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
confirm-identification.my.id/
848 B
801 B
Document
General
Full URL
https://confirm-identification.my.id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4d75f785b402dd4e0cf48ea408a56c9d2550d87e0dbf1f860f1bae5b77911828

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-ray
8665bfde1fe406d0-AMS
content-encoding
br
content-type
text/html;charset=UTF-8
date
Mon, 18 Mar 2024 14:00:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pGM7%2BI9L5I3yRwTXtvrfgcPP4n3jGEv38IFBYm9DEWcvhBt7m144jmif%2B5m4hb6rdfRUipy%2BLqYsuGLRmw1DLIBbUZ3fF1CCLVLMFAEKpp4RYz51xqu2xuE1j11dFrSacqUBoWA7tOJNPe8zBzipNTYnFo0BU5HtHFmq"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
bootstrap.min.css
cdn.jsdelivr.net/gh/penguasa-de/de@main/
118 KB
21 KB
Stylesheet
General
Full URL
https://cdn.jsdelivr.net/gh/penguasa-de/de@main/bootstrap.min.css
Requested by
Host: confirm-identification.my.id
URL: https://confirm-identification.my.id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4194fb4472202061ab0db48cd8908fdfc09e95ee60edd654cac0c4e5cef31806
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://confirm-identification.my.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Mon, 18 Mar 2024 14:00:31 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
23830
x-jsd-version
main
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-etou8220065-FRA, cache-lga21923-LGA
x-jsd-version-type
branch
server
cloudflare
etag
W/"1d971-csHKU8+zexcbroKPl8kUrk+yAh4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=asL89bOecpvr%2BTrDhxwA4Xl7XvbsmJOq8foMccvKoU%2BZE1ipHTEEkDwVptzGoNVOfTaqxBQFzou%2FII2jZiKLn35v7NhmZI%2Fgn1NY3RPudOCP%2FDe55XeWOh9d%2FGNobYzUeRpaIrnqHYL7j8ni%2BUs%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
cf-ray
8665bfde7e876702-AMS
/
wggxmjzx.asyu.de/ Frame F7A5
13 KB
6 KB
Document
General
Full URL
https://wggxmjzx.asyu.de/
Requested by
Host: confirm-identification.my.id
URL: https://confirm-identification.my.id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:14a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3a289535b21e7592964b37c910789230947878dfdef5358aed9c24c924814928

Request headers

Referer
https://confirm-identification.my.id/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8665bfdf8ed466bd-AMS
content-encoding
br
content-type
text/html; charset=UTF-8
date
Mon, 18 Mar 2024 14:00:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a7PC1%2Bg7EMWMj2oYHm5%2FPxDClFnnYjw2f0grdxNHLCoUQvYWLVaz98ff%2BW0UnuhrGuDWc%2Bs6n%2FkFqDyi1wO8jZjhwokyU38Z23XOo81vgOhiC%2FLxmDYISDSjg0DY1PoMS3mXhDGNRJBLqmd2ctcy"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-turbo-charged-by
LiteSpeed
style-pay.css
wggxmjzx.asyu.de/css/ Frame F7A5
443 KB
132 KB
Stylesheet
General
Full URL
https://wggxmjzx.asyu.de/css/style-pay.css
Requested by
Host: wggxmjzx.asyu.de
URL: https://wggxmjzx.asyu.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:14a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d1121533db5ffa66c8e6b94d2fe9f751295a235ad54fc6b64766465486cb05b

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://wggxmjzx.asyu.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Mon, 18 Mar 2024 14:00:32 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
148283
cf-polished
origSize=457226
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Sun, 05 Feb 2023 19:54:18 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RZPUzlWyyUzgGGQxNVT1VC6tiaFTxrN4rIoqrKYnrEmaJjD00DnyH0F%2FSpFP7vcqy8KZHDHIUby2hTXvUwgGrr8yE2wbCBY2WTGmsp%2BUCkPqN0dDQDT0lv%2BuRoSP0yctkvCLRL4tuNNPk%2Fw%2FdsOb"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=31536000
x-turbo-charged-by
LiteSpeed
cf-ray
8665bfe0e92c66bd-AMS
expires
Sat, 23 Mar 2024 20:49:09 GMT
pAy5sS6Se6DC.css
wggxmjzx.asyu.de/css/ Frame F7A5
43 KB
5 KB
Stylesheet
General
Full URL
https://wggxmjzx.asyu.de/css/pAy5sS6Se6DC.css
Requested by
Host: wggxmjzx.asyu.de
URL: https://wggxmjzx.asyu.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:14a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
839018dcfdd15fa04117988709203f996ca042c9be2ace387cac2e83a7361876

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://wggxmjzx.asyu.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Mon, 18 Mar 2024 14:00:32 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
148283
cf-polished
origSize=45728
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Sun, 05 Feb 2023 19:54:06 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X6Qk1ucVb55xDzTdQaKUxT3lvwslZpenxIXm5A%2FQfiAAlnR%2B7CB4OymifsKgOoS1yxS5j%2B9T7KyhuaL9qnup%2B2Rr3zF6hTE66%2Bf%2BhDniBMVDM4z5JWNs%2F%2FfwDljSuCpaWKyCYT7KnReeSjOslYhZ"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=31536000
x-turbo-charged-by
LiteSpeed
cf-ray
8665bfe0e92d66bd-AMS
expires
Sat, 23 Mar 2024 20:49:09 GMT
dF5SId3UHWd.svg
wggxmjzx.asyu.de/ Frame F7A5
2 KB
2 KB
Image
General
Full URL
https://wggxmjzx.asyu.de/dF5SId3UHWd.svg
Requested by
Host: wggxmjzx.asyu.de
URL: https://wggxmjzx.asyu.de/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:14a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://wggxmjzx.asyu.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Mon, 18 Mar 2024 14:00:32 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 05 Feb 2023 19:54:36 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
148283
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LKyDVVtHYsnaZRplDWObhCaXmbg2vEETW1wCK5oelz90trw3QVOQmRybUDqof08AkYXMx0ZOwbrliMaS%2FMhzhOkcMt9yz72NVEVACeKfsB7Q6JWK44QOPyIsVL%2FKNEljaNg0ubvNj%2FgzMp3OLiHW"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=31536000
x-turbo-charged-by
LiteSpeed
cf-ray
8665bfe16b9d0bc8-AMS
alt-svc
h3=":443"; ma=86400
expires
Sat, 23 Mar 2024 20:49:09 GMT
data_portabilityprivacy_banner_003-1.gif
wggxmjzx.asyu.de/ Frame F7A5
2 MB
2 MB
Image
General
Full URL
https://wggxmjzx.asyu.de/data_portabilityprivacy_banner_003-1.gif
Requested by
Host: wggxmjzx.asyu.de
URL: https://wggxmjzx.asyu.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:14a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ff2d01ed1d16e8b22d836440a3efa588452d6181df66f6aab6fd93741a4480c6

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://wggxmjzx.asyu.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Mon, 18 Mar 2024 14:00:32 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
148283
alt-svc
h3=":443"; ma=86400
content-length
1816161
last-modified
Sun, 05 Feb 2023 19:54:38 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tG2Q3cqUsKljXI9hpJ0fu6OxujfPJBK%2Fkn13k6RRI5DX6g2Ylcoec5N%2B%2FyzUDIjEnzKKTp2y5gOWROI%2FSimQLmwAJ8LB%2F6GX8yOA12%2FdIWfD1QyHhQGmVX%2BPOwIHuBBwPCV0658TfKu%2Fpd%2FxiPNH"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
public, max-age=31536000
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
cf-ray
8665bfe0f92e66bd-AMS
expires
Sat, 23 Mar 2024 20:49:09 GMT
truncated
/ Frame F7A5
135 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c2128b5b8a9ea02f0830a3b22c37023dae3f287e7ef5d91fbb4ff535c6b30675

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

0 Cookies