trqckaimvs28.adsfor.my.id Open in urlscan Pro
2606:4700:3037::6815:598f Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://trqckaimvs28.adsfor.my.id/
Submission: On January 09 via automatic, source openphish (January 9th 2024, 1:08:45 pm UTC) — Scanned from DE

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 2606:4700:3037::6815:598f, located in United States and belongs to CLOUDFLARENET, US. The main domain is trqckaimvs28.adsfor.my.id.
TLS certificate: Issued by E1 on December 27th 2023. Valid for: 3 months.

This is the only time trqckaimvs28.adsfor.my.id was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Gaming (Entertainment)

Domain & IP information

	IP Address		AS Autonomous System
8	2606:4700:303... 2606:4700:3037::6815:598f		13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2

8 2606:4700:3037::6815:598f (United States)

ASN13335 (CLOUDFLARENET, US)

trqckaimvs28.adsfor.my.id	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	adsfor.my.id trqckaimvs28.adsfor.my.id	158 KB
8	1

	Domain	Requested by
8	trqckaimvs28.adsfor.my.id	trqckaimvs28.adsfor.my.id
8	1

This site contains no links.

Subject Issuer	Validity	Valid
adsfor.my.id E1	`2023-12-27` - `2024-03-26`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://trqckaimvs28.adsfor.my.id/
Frame ID: 9EF7C8D0C75D69F9C24176CF49BAA842
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Garena Free Fire

Detected technologies

animate.css (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css

Page Statistics

8
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

158 kB
Transfer

268 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response trqckaimvs28.adsfor.my.id/	1 KB 992 B	590ms 542ms	Document text/html	2606:4700:3037::6815:598f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://trqckaimvs28.adsfor.my.id/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::6815:598f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ff1b96a6fe948e37d8426a7faeb082385671287a33708854da621b79c859a57a` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 842ce907bbddf8cd-CDG content-encoding br content-type text/html; charset=UTF-8 date Tue, 09 Jan 2024 13:08:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ul2hzadCrjo0pyfPHSpvvS6qaisY3aehRUVG5yJUrLKCvUPbl%2Bep1s28f21QHQmOyksLvZh9Ge0EjTpVKXhiFZGFfQeb9WhSaUcZetPhf6Bobzk%2B11cTpMaoSemKORvZ7B9YJHQ3Y5p6eeXYJun0p%2BFSI8g4t6dc"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-turbo-charged-by LiteSpeed
GET H2	200	miraipedia.css trqckaimvs28.adsfor.my.id/assets/css/	7 KB 2 KB	770ms 768ms	Stylesheet text/css	2606:4700:3037::6815:598f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://trqckaimvs28.adsfor.my.id/assets/css/miraipedia.css Requested by Host: trqckaimvs28.adsfor.my.id URL: https://trqckaimvs28.adsfor.my.id/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::6815:598f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a5d9548e18dfb24c5b2d2c30874d5771a0109e605f1c7bac9996f6c854d8fd00` Request headers accept-language de-DE,de;q=0.9 Referer https://trqckaimvs28.adsfor.my.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 09 Jan 2024 13:08:41 GMT content-encoding br cf-cache-status MISS last-modified Tue, 13 Nov 2018 03:08:12 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FCjZilFi1nlC2NCIgIUsytNsRA6%2B5vV9EEdSDXIXvcQ7u%2FnPUjhr363umfJivC0Tj4dq0uFtUTmxXk3OKDEHnDgnNzsuFUqezY5hlCBEsOF50YJwdNnw0hj%2F4IAzO2rR5USa0fFmnkf0yylfvYIl81ProZK3Mx6w"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 842ce90b1aaff8cd-CDG alt-svc h3=":443"; ma=86400 expires Tue, 16 Jan 2024 13:08:41 GMT
GET H2	200	animate.css trqckaimvs28.adsfor.my.id/assets/css/	77 KB 5 KB	770ms 770ms	Stylesheet text/css	2606:4700:3037::6815:598f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://trqckaimvs28.adsfor.my.id/assets/css/animate.css Requested by Host: trqckaimvs28.adsfor.my.id URL: https://trqckaimvs28.adsfor.my.id/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::6815:598f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d7b8111c9653407bf8fc77d886392cda6dc03cccf15c4ad5a4fbec06d4585e8a` Request headers accept-language de-DE,de;q=0.9 Referer https://trqckaimvs28.adsfor.my.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 09 Jan 2024 13:08:41 GMT content-encoding br cf-cache-status MISS last-modified Sat, 17 Mar 2018 15:28:22 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AWYP%2B9oCFJ2nFm%2F%2FtTTfRks0tP%2BYpKU6fuBQJ0JbiwDg2kzNSc2GVrW7h2QeZM4kd%2FdiM2hrDKxfAF1leYkgKDtSXqVGBpv0JlGFmJsaCYA19pmFnWVHzkGTC0hg7B5jDVbMYXdjgjj3Pq4vnOq72seYMAJw5tO2"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 842ce90b1ab2f8cd-CDG alt-svc h3=":443"; ma=86400 expires Tue, 16 Jan 2024 13:08:41 GMT
GET H2	200	man1.png trqckaimvs28.adsfor.my.id/freeman08/	18 KB 18 KB	774ms 774ms	Image image/png	2606:4700:3037::6815:598f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://trqckaimvs28.adsfor.my.id/freeman08/man1.png Requested by Host: trqckaimvs28.adsfor.my.id URL: https://trqckaimvs28.adsfor.my.id/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::6815:598f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `34705417e78998428dd9c0561319cc16b0dcee4ef42f2cdbdf3606663b034604` Request headers accept-language de-DE,de;q=0.9 Referer https://trqckaimvs28.adsfor.my.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 09 Jan 2024 13:08:41 GMT cf-cache-status MISS last-modified Sat, 02 Mar 2019 15:19:58 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uZMBM61V65u5EAicai5NUAouVIha1tJOOIDcB%2BRkqJa7sO951MmdDen2IIm75rdID%2Fytdjvc20MKGA%2BmqnybWgyyJ4Wkxzl7REAmtB5YGQBg94l2NPe%2FvCOZJlwmQdFBdHY%2BwZWX3SUXNa9izVwlDJQHdgLUDfS6"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 842ce90b1ab5f8cd-CDG alt-svc h3=":443"; ma=86400 content-length 18079 expires Tue, 16 Jan 2024 13:08:41 GMT
GET H2	200	man2.png trqckaimvs28.adsfor.my.id/freeman08/	26 KB 27 KB	772ms 771ms	Image image/png	2606:4700:3037::6815:598f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://trqckaimvs28.adsfor.my.id/freeman08/man2.png Requested by Host: trqckaimvs28.adsfor.my.id URL: https://trqckaimvs28.adsfor.my.id/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::6815:598f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8b8db899ae975de4da47e91a410308165d261b3184d44cb0d710f85237faead0` Request headers accept-language de-DE,de;q=0.9 Referer https://trqckaimvs28.adsfor.my.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 09 Jan 2024 13:08:41 GMT cf-cache-status MISS last-modified Sat, 02 Mar 2019 15:21:06 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P9TYRClm4eRbBW1Q8FaHyffglRNw8eFD9IYweKUuPdy5uTnMfGGmSVBI5vIDPkGl%2FWMvYJKpmYr95tL1vVi7zL5P95vKhKqnBb4PiiEF3eNn4rgy7jHnaYRcA%2FAIoT860ZrPZ3IyNfSssySYQK8NAnVFXXRaJtVy"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 842ce90b1ab6f8cd-CDG alt-svc h3=":443"; ma=86400 content-length 27037 expires Tue, 16 Jan 2024 13:08:41 GMT
GET H2	200	man7.png trqckaimvs28.adsfor.my.id/freeman08/	44 KB 44 KB	1043ms 1042ms	Image image/png	2606:4700:3037::6815:598f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://trqckaimvs28.adsfor.my.id/freeman08/man7.png Requested by Host: trqckaimvs28.adsfor.my.id URL: https://trqckaimvs28.adsfor.my.id/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::6815:598f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `db98a1f80bdd68e6a043cf0b21499159ac5ff6eefe0d14fa5864095a4fa957f0` Request headers accept-language de-DE,de;q=0.9 Referer https://trqckaimvs28.adsfor.my.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 09 Jan 2024 13:08:41 GMT cf-cache-status MISS last-modified Sat, 02 Mar 2019 15:23:41 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Ow%2F5T6JH7Q2EY2Fgv7azD6zD28Pw113S8devUSvtb3GfnChp9ha1ZRAE7DnNPb6Pwbz%2BwfHOoei49UnrEFYir%2FFN5Gy4YTzm66kssIkdT2ZCqya09KukuEqe45J7p64xHptOvC8FRsgG2LI0%2B5kpO%2FGHzQBsDYI"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 842ce90b1ab7f8cd-CDG alt-svc h3=":443"; ma=86400 content-length 45053 expires Tue, 16 Jan 2024 13:08:41 GMT
GET H2	200	man6.png trqckaimvs28.adsfor.my.id/freeman08/	39 KB 40 KB	779ms 778ms	Image image/png	2606:4700:3037::6815:598f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://trqckaimvs28.adsfor.my.id/freeman08/man6.png Requested by Host: trqckaimvs28.adsfor.my.id URL: https://trqckaimvs28.adsfor.my.id/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::6815:598f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `02688411eeb6f2011335823a606dda4d47391bb3d8523ec8d165bbf6ebc28585` Request headers accept-language de-DE,de;q=0.9 Referer https://trqckaimvs28.adsfor.my.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 09 Jan 2024 13:08:41 GMT cf-cache-status MISS last-modified Sat, 02 Mar 2019 15:23:03 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jbUhOz9RaexvfEcnHERDxo7RInuFATAJcUoYaKzoNuFeFAfdC4ngBgcdxk1rs2uo1gnxn9yFgrUXPMG%2BTxYeDJ23rKbtLuuVeDUsJJOlS1y4nPtiHXl7Qh406xCufa1iruJWSdQkTJ7%2Bvds6bKX%2FMh7A7hCV9UME"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 842ce90b1ab9f8cd-CDG alt-svc h3=":443"; ma=86400 content-length 40250 expires Tue, 16 Jan 2024 13:08:41 GMT
GET DATA	200 OK	truncated /	144 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `24a0052e8ed044c7d7da48ad195e31817b07429beca33fb399e537d4b367dd81` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers Content-Type image/png
GET H3	200	idhaam69.ttf trqckaimvs28.adsfor.my.id/assets/fonts/	55 KB 21 KB	720ms 719ms	Font font/ttf	2606:4700:3037::6815:598f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://trqckaimvs28.adsfor.my.id/assets/fonts/idhaam69.ttf Requested by Host: trqckaimvs28.adsfor.my.id URL: https://trqckaimvs28.adsfor.my.id/assets/css/miraipedia.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::6815:598f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b0523267152c98cfdae6f4b5cfef8f6163140aea389fa16fc0c1ff10473db95e` Request headers Referer https://trqckaimvs28.adsfor.my.id/assets/css/miraipedia.css Origin https://trqckaimvs28.adsfor.my.id accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 09 Jan 2024 13:08:42 GMT content-encoding br cf-cache-status MISS last-modified Fri, 20 Jul 2012 15:08:20 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5l4sLJ64rmC3gH6HVnVVn%2Fmd8UyN4zn5uLt93T31HaHt1OtQ1iug4oWlVHdpoxij87j8SDvJ6fJf26ueRY29LSTq97ZOnjT%2BrvcKQGOSLcgYhX%2Bv%2FP4HgTrIIKtwugA1VB4aKK7JKa6alz%2FZF3%2Fo%2FK8UYwOMqNrP"}],"group":"cf-nel","max_age":604800} content-type font/ttf cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 842ce90ffedf1ca7-AMS alt-svc h3=":443"; ma=86400 expires Tue, 16 Jan 2024 13:08:41 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Gaming (Entertainment)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

trqckaimvs28.adsfor.my.id
2606:4700:3037::6815:598f
02688411eeb6f2011335823a606dda4d47391bb3d8523ec8d165bbf6ebc28585
24a0052e8ed044c7d7da48ad195e31817b07429beca33fb399e537d4b367dd81
34705417e78998428dd9c0561319cc16b0dcee4ef42f2cdbdf3606663b034604
8b8db899ae975de4da47e91a410308165d261b3184d44cb0d710f85237faead0
a5d9548e18dfb24c5b2d2c30874d5771a0109e605f1c7bac9996f6c854d8fd00
b0523267152c98cfdae6f4b5cfef8f6163140aea389fa16fc0c1ff10473db95e
d7b8111c9653407bf8fc77d886392cda6dc03cccf15c4ad5a4fbec06d4585e8a
db98a1f80bdd68e6a043cf0b21499159ac5ff6eefe0d14fa5864095a4fa957f0
ff1b96a6fe948e37d8426a7faeb082385671287a33708854da621b79c859a57a

trqckaimvs28.adsfor.my.id Open in urlscan Pro 2606:4700:3037::6815:598f Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

158 kBTransfer

268 kBSize

0 Cookies

0 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Indicators

trqckaimvs28.adsfor.my.id Open in urlscan Pro
2606:4700:3037::6815:598f Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

158 kB
Transfer

268 kB
Size

0
Cookies

8 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!