iquestion.my.id
Open in
urlscan Pro
2a06:98c1:3120::3
Malicious Activity!
Public Scan
Effective URL: https://iquestion.my.id/
Submission: On May 26 via manual from IN — Scanned from NL
Summary
TLS certificate: Issued by GTS CA 1P5 on May 2nd 2023. Valid for: 3 months.
This is the only time iquestion.my.id was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Google (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a06:98c1:312... 2a06:98c1:3120::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 192.243.61.225 192.243.61.225 | 39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS) | |
10 | 2606:4700:303... 2606:4700:3034::6815:3e6b | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 192.243.61.227 192.243.61.227 | 39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS) | |
4 | 2a00:1450:400... 2a00:1450:4001:80f::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2606:4700:10:... 2606:4700:10::6816:4fe | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 173.233.137.52 173.233.137.52 | 7979 (SERVERS-COM) (SERVERS-COM) | |
1 | 2a00:1450:400... 2a00:1450:4001:829::200d | 15169 (GOOGLE) (GOOGLE) | |
1 | 149.56.240.130 149.56.240.130 | 16276 (OVH) (OVH) | |
1 | 2a00:1450:400... 2a00:1450:4001:828::2001 | 15169 (GOOGLE) (GOOGLE) | |
22 | 11 |
ASN39572 (ADVANCEDHOSTERS-AS, NL)
recompensecombinedlooks.com |
ASN16276 (OVH, FR)
PTR: ns534298.ip-149-56-240.net
s4.histats.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
goads.link
app.goads.link |
74 KB |
4 |
gstatic.com
fonts.gstatic.com |
73 KB |
2 |
histats.com
s10.histats.com — Cisco Umbrella Rank: 17397 s4.histats.com — Cisco Umbrella Rank: 15071 |
5 KB |
2 |
iquestion.my.id
1 redirects
iquestion.my.id |
51 KB |
1 |
blogspot.com
1.bp.blogspot.com — Cisco Umbrella Rank: 11205 |
29 KB |
1 |
google.com
accounts.google.com — Cisco Umbrella Rank: 33 |
|
1 |
academyblocked.com
academyblocked.com |
|
1 |
foetusconductfold.com
foetusconductfold.com |
|
1 |
recompensecombinedlooks.com
recompensecombinedlooks.com |
|
22 | 9 |
Domain | Requested by | |
---|---|---|
10 | app.goads.link |
iquestion.my.id
app.goads.link |
4 | fonts.gstatic.com |
iquestion.my.id
|
2 | iquestion.my.id | 1 redirects |
1 | 1.bp.blogspot.com |
iquestion.my.id
|
1 | s4.histats.com |
s10.histats.com
|
1 | accounts.google.com |
app.goads.link
|
1 | academyblocked.com |
app.goads.link
|
1 | s10.histats.com |
app.goads.link
|
1 | foetusconductfold.com |
iquestion.my.id
|
1 | recompensecombinedlooks.com |
iquestion.my.id
|
22 | 10 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
iquestion.my.id GTS CA 1P5 |
2023-05-02 - 2023-07-31 |
3 months | crt.sh |
recompensecombinedlooks.com R3 |
2023-05-03 - 2023-08-01 |
3 months | crt.sh |
goads.link GTS CA 1P5 |
2023-04-26 - 2023-07-25 |
3 months | crt.sh |
foetusconductfold.com R3 |
2023-05-06 - 2023-08-04 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-05-08 - 2023-07-31 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-05-13 - 2024-05-11 |
a year | crt.sh |
*.academyblocked.com R3 |
2023-04-09 - 2023-07-08 |
3 months | crt.sh |
accounts.google.com GTS CA 1C3 |
2023-05-08 - 2023-07-31 |
3 months | crt.sh |
histats.com R3 |
2023-03-15 - 2023-06-13 |
3 months | crt.sh |
misc-sni.blogspot.com GTS CA 1C3 |
2023-05-08 - 2023-07-31 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://iquestion.my.id/
Frame ID: F5D6E888FF03DC524C782AC7B9C58F94
Requests: 24 HTTP requests in this frame
Screenshot
Page Title
Google Sites: Sign-inPage URL History Show full URLs
-
http://iquestion.my.id/
HTTP 301
https://iquestion.my.id/ Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://iquestion.my.id/
HTTP 301
https://iquestion.my.id/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
iquestion.my.id/ Redirect Chain
|
447 KB 51 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
invoke.js
recompensecombinedlooks.com/6eac90e5d640c4d279a56c732a52d467/ |
0 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.js
app.goads.link/ |
117 KB 36 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
invoke.js
foetusconductfold.com/9ca62e71236f4c7f27cd2ef96bb55fa0/ |
0 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
country.js
app.goads.link/ |
22 B 411 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytic.js
app.goads.link/ |
2 KB 814 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
anti-adblock.js
app.goads.link/ |
428 B 601 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
disable-costom-button-back.js
app.goads.link/ |
493 B 550 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popme.js
app.goads.link/ |
89 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
global.js
app.goads.link/ |
505 B 600 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
298 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
267 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v14/ |
21 KB 21 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v14/ |
21 KB 21 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js15_as.js
s10.histats.com/ |
11 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ads.js
app.goads.link/ |
29 B 556 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
04689e1b5f3534ef554850706bd7e3ea.js
academyblocked.com/04/68/9e/ |
0 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
accounts.google.com/v3/signin/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0.php
s4.histats.com/stats/ |
49 B 183 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
popme-style.min.css
app.goads.link/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
popme-double-ads.js
app.goads.link/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
re.jpg
1.bp.blogspot.com/-y8AsxfEerDc/YFSyMPZF14I/AAAAAAAAAAM/JUegMgSE-3o5A_06mx0Fir2-dkB6fAGvACLcBGAsYHQ/s640/ |
28 KB 29 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Google (Online)21 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| atOptions string| hostUri function| _0x4b97db object| _Hasync function| chfh function| chfh2 string| _HST_cntval object| Histats object| link string| go_current string| reff function| rChoice string| direct_link_ads string| ars string| dir_type undefined| pre_current function| include function| $ function| jQuery object| _HistatsCounterGraphics_0_setValues8 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
iquestion.my.id/ | Name: HstCfa4669170 Value: 1685118251179 |
|
iquestion.my.id/ | Name: HstCla4669170 Value: 1685118251179 |
|
iquestion.my.id/ | Name: HstCmu4669170 Value: 1685118251179 |
|
iquestion.my.id/ | Name: HstPn4669170 Value: 1 |
|
iquestion.my.id/ | Name: HstPt4669170 Value: 1 |
|
iquestion.my.id/ | Name: HstCnv4669170 Value: 1 |
|
iquestion.my.id/ | Name: HstCns4669170 Value: 1 |
|
.google.com/ | Name: NID Value: 511=eqYQgeYSkDDuCCEFS-vly8VHz5TqxCKmYtpVTXji3ZXvG25arQY33f8gP4IBy_MF_-_kpVFaENR5chh0WzL3ZwvAEK8ZnQ5sWHI0bM4lNtST8ERbNtQR2n3MYKX_akkGj_LQ0veN9GIclzTcKFOwmEB7gBjdQSfutzuFXCxpII0 |
9 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
1.bp.blogspot.com
academyblocked.com
accounts.google.com
app.goads.link
foetusconductfold.com
fonts.gstatic.com
iquestion.my.id
recompensecombinedlooks.com
s10.histats.com
s4.histats.com
149.56.240.130
173.233.137.52
192.243.61.225
192.243.61.227
2606:4700:10::6816:4fe
2606:4700:3034::6815:3e6b
2a00:1450:4001:80f::2003
2a00:1450:4001:828::2001
2a00:1450:4001:829::200d
2a06:98c1:3120::3
2a06:98c1:3121::3
11d20d113d06aea4e2a7eb2f21012b649e041d225d13d7ab722c06d00ecf1b59
1258949e1889ca9d9d3c1705b5b49d403750d71edd4b2cce4c30f99360b2b70c
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
596e00978d5880392bd798b549957a30a59c409885affe284076fc8b253c7c55
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
67ff8f4d9d4872b129f5aeb75e97ec9287987067c83fa0b0594910ce7c137f1c
6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
71d7ad444f58bfff8c9356dd6c328ee78ada76660d9c66fe6610b06f585c7cc0
8176756dbf9609cf5d917d1842fe1b6fc33ad3e14d79aaca3de253e17933a9d3
891490d3259b636e7d468ccc560451b93f5f69310de57f3fe4f36c96147e20f0
9b5904d9e7b06c15eef0562d5b59f9642a6f4ea849974e0e6eed14b3fb8333d9
ab78784f702a8542dd72b1961af1df06523da00069f1ae79448e3f6bfdd258a5
abfe5b27310a016303a0ede1f41a67d4adb8886b7c0ade3474cd44f60be50548
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
d7b7f372d890aa0238e9c8449ac9eefdee7a0d890d082c432bbb9686820bcdcd
e5324ffec23dfb9dbd64c37fd0f2ffc2872cf50cbbada8fbb7894ceb35d9e1b5
e6241fa6f92a5ca2738d925b707fee02946c06bfaddc49425b8b06ede0b2aafc
f4788932ad63054757ffcba66a09958e9f3de1f04d8bb58ef4b4d4d1bd55164b
f887562ecfcb59e0783afce6b9ade2336a7122ac3d04ad00673cc05bec1a7415