iquestion.my.id Open in urlscan Pro
2a06:98c1:3120::3  Malicious Activity! Public Scan

Submitted URL: http://iquestion.my.id/
Effective URL: https://iquestion.my.id/
Submission: On May 26 via manual from IN — Scanned from NL

Summary

This website contacted 11 IPs in 3 countries across 9 domains to perform 22 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is iquestion.my.id.
TLS certificate: Issued by GTS CA 1P5 on May 2nd 2023. Valid for: 3 months.
This is the only time iquestion.my.id was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Google (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 192.243.61.225 39572 (ADVANCEDH...)
10 2606:4700:303... 13335 (CLOUDFLAR...)
1 192.243.61.227 39572 (ADVANCEDH...)
4 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 173.233.137.52 7979 (SERVERS-COM)
1 2a00:1450:400... 15169 (GOOGLE)
1 149.56.240.130 16276 (OVH)
1 2a00:1450:400... 15169 (GOOGLE)
22 11
Apex Domain
Subdomains
Transfer
10 goads.link
app.goads.link
74 KB
4 gstatic.com
fonts.gstatic.com
73 KB
2 histats.com
s10.histats.com — Cisco Umbrella Rank: 17397
s4.histats.com — Cisco Umbrella Rank: 15071
5 KB
2 iquestion.my.id
iquestion.my.id
51 KB
1 blogspot.com
1.bp.blogspot.com — Cisco Umbrella Rank: 11205
29 KB
1 google.com
accounts.google.com — Cisco Umbrella Rank: 33
1 academyblocked.com
academyblocked.com
1 foetusconductfold.com
foetusconductfold.com
1 recompensecombinedlooks.com
recompensecombinedlooks.com
22 9
Domain Requested by
10 app.goads.link iquestion.my.id
app.goads.link
4 fonts.gstatic.com iquestion.my.id
2 iquestion.my.id 1 redirects
1 1.bp.blogspot.com iquestion.my.id
1 s4.histats.com s10.histats.com
1 accounts.google.com app.goads.link
1 academyblocked.com app.goads.link
1 s10.histats.com app.goads.link
1 foetusconductfold.com iquestion.my.id
1 recompensecombinedlooks.com iquestion.my.id
22 10

This site contains no links.

Subject Issuer Validity Valid
iquestion.my.id
GTS CA 1P5
2023-05-02 -
2023-07-31
3 months crt.sh
recompensecombinedlooks.com
R3
2023-05-03 -
2023-08-01
3 months crt.sh
goads.link
GTS CA 1P5
2023-04-26 -
2023-07-25
3 months crt.sh
foetusconductfold.com
R3
2023-05-06 -
2023-08-04
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2023-05-08 -
2023-07-31
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-05-13 -
2024-05-11
a year crt.sh
*.academyblocked.com
R3
2023-04-09 -
2023-07-08
3 months crt.sh
accounts.google.com
GTS CA 1C3
2023-05-08 -
2023-07-31
3 months crt.sh
histats.com
R3
2023-03-15 -
2023-06-13
3 months crt.sh
misc-sni.blogspot.com
GTS CA 1C3
2023-05-08 -
2023-07-31
3 months crt.sh

This page contains 1 frames:

Primary Page: https://iquestion.my.id/
Frame ID: F5D6E888FF03DC524C782AC7B9C58F94
Requests: 24 HTTP requests in this frame

Screenshot

Page Title

Google Sites: Sign-in

Page URL History Show full URLs

  1. http://iquestion.my.id/ HTTP 301
    https://iquestion.my.id/ Page URL

Page Statistics

22
Requests

100 %
HTTPS

64 %
IPv6

9
Domains

10
Subdomains

11
IPs

3
Countries

231 kB
Transfer

772 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://iquestion.my.id/ HTTP 301
    https://iquestion.my.id/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
iquestion.my.id/
Redirect Chain
  • http://iquestion.my.id/
  • https://iquestion.my.id/
447 KB
51 KB
Document
General
Full URL
https://iquestion.my.id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
8176756dbf9609cf5d917d1842fe1b6fc33ad3e14d79aaca3de253e17933a9d3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
max-age=86400
cf-cache-status
DYNAMIC
cf-ray
7cd75dd95a4a75d2-LHR
content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 26 May 2023 16:24:08 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=towfkNHJ8XjNYtau8yR4FNG3pS%2B1oYDRCrRXoOiKZUblF4ICgKYATgv2xqdPFM5GHNoO9OsjoXMq4nrtY%2BKG14ZD3RS0YQnPlFbZRX9abvJeswaslo1ZnkFZ67yC4ziJydI9Iu3RjLXcEyqhW3M%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
Express

Redirect headers

CF-RAY
7cd75dd88eb6fa24-AMS
Cache-Control
max-age=3600
Connection
keep-alive
Date
Fri, 26 May 2023 16:24:07 GMT
Expires
Fri, 26 May 2023 17:24:07 GMT
Location
https://iquestion.my.id/
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g1leyh8mxiWVG5JDP6CiA2TEel1mb63%2FaQjEolkwucoWqXSudxZZSYI3NsPFDHS2Rd32R7gaFnRlzDQBFEiECsMfmnNzQGsv9Ubb4GlannX3e82ZEuqnHyduxkr8pBzI7IE9a2SyAzaulNLq5Gc%3D"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
alt-svc
h3=":443"; ma=86400
invoke.js
recompensecombinedlooks.com/6eac90e5d640c4d279a56c732a52d467/
0
0
Script
General
Full URL
https://recompensecombinedlooks.com/6eac90e5d640c4d279a56c732a52d467/invoke.js
Requested by
Host: iquestion.my.id
URL: https://iquestion.my.id/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.61.225 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.19.5 /
Resource Hash

Request headers

Referer
https://iquestion.my.id/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Fri, 26 May 2023 16:24:09 GMT
Server
nginx/1.19.5
Accept-CH
Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Content-Type
application/javascript
Connection
keep-alive
Content-Length
0
app.js
app.goads.link/
117 KB
36 KB
Script
General
Full URL
https://app.goads.link/app.js
Requested by
Host: iquestion.my.id
URL: https://iquestion.my.id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:3e6b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
891490d3259b636e7d468ccc560451b93f5f69310de57f3fe4f36c96147e20f0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://iquestion.my.id/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Fri, 26 May 2023 16:24:10 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Sun, 15 Jan 2023 20:32:38 GMT
server
cloudflare
etag
W/"63c462e6-1d5c6"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lOci%2B1eIZil1w5Av3WshrSudi7OcRRCfa2Z1SpD9YdOeTRK7qBfCRGCaJhpjGMx%2B2QAQBrvmPgpmtrqQHXQ%2Fvuym%2FydMzOfn6MZRN%2BLfaK1DE3qwIGRuqd6s9bdJ5lNRHhBxkgJ5J8tGnwZ8eA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=2592000
cf-ray
7cd75de3fcceb70c-AMS
expires
Sun, 25 Jun 2023 16:24:09 GMT
invoke.js
foetusconductfold.com/9ca62e71236f4c7f27cd2ef96bb55fa0/
0
0
Script
General
Full URL
https://foetusconductfold.com/9ca62e71236f4c7f27cd2ef96bb55fa0/invoke.js
Requested by
Host: iquestion.my.id
URL: https://iquestion.my.id/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.61.227 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.19.5 /
Resource Hash

Request headers

Referer
https://iquestion.my.id/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Fri, 26 May 2023 16:24:10 GMT
Server
nginx/1.19.5
Accept-CH
Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Content-Type
application/javascript
Connection
keep-alive
Content-Length
0
country.js
app.goads.link/
22 B
411 B
Script
General
Full URL
https://app.goads.link/country.js?hash=Yt7sfgw3RyL0
Requested by
Host: app.goads.link
URL: https://app.goads.link/app.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:3e6b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ab78784f702a8542dd72b1961af1df06523da00069f1ae79448e3f6bfdd258a5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://iquestion.my.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 26 May 2023 16:24:11 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
22
x-xss-protection
1; mode=block
last-modified
Thu, 10 Nov 2022 07:09:09 GMT
server
cloudflare
etag
"636ca395-16"
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GQQL%2BzQEH4WFrGNpMOqxXEvP0rT1xS0JUX5sHjzcLeMlcm9clw9VPfnJfee%2BfJw0lp6%2FqLBzUFSLqbebCA31pARCXBmgIbak6hM6FNo1l5LmvKQdg5wD2%2FRGD%2FCRkVsgpCbITkxRJCobfZExbw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
vary
Accept-Encoding
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
7cd75deaee61b70c-AMS
expires
Sun, 25 Jun 2023 16:24:10 GMT
analytic.js
app.goads.link/
2 KB
814 B
Script
General
Full URL
https://app.goads.link/analytic.js
Requested by
Host: app.goads.link
URL: https://app.goads.link/app.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:3e6b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e5324ffec23dfb9dbd64c37fd0f2ffc2872cf50cbbada8fbb7894ceb35d9e1b5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://iquestion.my.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 26 May 2023 16:24:11 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Thu, 06 Oct 2022 07:46:33 GMT
server
cloudflare
etag
W/"633e87d9-61e"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dBGoDIxYznJYHd3c99kyjKapHh%2Fk0cuK%2FUFWUJiu%2BJAJUxdDQOKHw%2B6dvlsHO420%2FfdTB405%2BKRYPr27agO8%2FxkepF2Oh3Tgnt6ZXlmePWGqVqe%2FQm66JyFFHZONB2CNlcRCOHpiAj3oTJ4LSA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=2592000
cf-ray
7cd75deaee67b70c-AMS
expires
Sun, 25 Jun 2023 16:24:10 GMT
anti-adblock.js
app.goads.link/
428 B
601 B
Script
General
Full URL
https://app.goads.link/anti-adblock.js
Requested by
Host: app.goads.link
URL: https://app.goads.link/app.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:3e6b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
11d20d113d06aea4e2a7eb2f21012b649e041d225d13d7ab722c06d00ecf1b59
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://iquestion.my.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 26 May 2023 16:24:11 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Thu, 06 Oct 2022 07:47:08 GMT
server
cloudflare
etag
W/"633e87fc-1ac"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7Z9z8yESAIAbQd6G6dc6tx1H65ToY5mNNegoFJfSnbNDpEnCxtk33AZsNB%2B1WjC%2Fhm7U9rL5CpvFr%2BL6QBOjt1g1GPBFIASO5sJ0zh4A9z%2BVw7aJz5H0uGIv7Kwk9gs%2Fc%2BZsgSadIFqJiUG9Ug%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=2592000
cf-ray
7cd75deafe82b70c-AMS
expires
Sun, 25 Jun 2023 16:24:10 GMT
disable-costom-button-back.js
app.goads.link/
493 B
550 B
Script
General
Full URL
https://app.goads.link/disable-costom-button-back.js
Requested by
Host: app.goads.link
URL: https://app.goads.link/app.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:3e6b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
71d7ad444f58bfff8c9356dd6c328ee78ada76660d9c66fe6610b06f585c7cc0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://iquestion.my.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 26 May 2023 16:24:11 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Tue, 15 Nov 2022 08:30:49 GMT
server
cloudflare
etag
W/"63734e39-1ed"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W7%2BYC%2BXzH846OdrfINJyZh3Cya718taCK8QHE1KAdurT2%2Fw%2FGTLzUBNIkX5WZuI0%2F6VcTfTfV%2B%2BLo35%2BWuH10YDuc8kKVel8W50LnLjDbREt%2FcVXiiVUyKKiIJ1dbwHPBrpZEhfkm3DN3yOtpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=2592000
cf-ray
7cd75deafe85b70c-AMS
expires
Sun, 25 Jun 2023 16:24:10 GMT
popme.js
app.goads.link/
89 KB
32 KB
Script
General
Full URL
https://app.goads.link/popme.js
Requested by
Host: app.goads.link
URL: https://app.goads.link/app.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:3e6b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1258949e1889ca9d9d3c1705b5b49d403750d71edd4b2cce4c30f99360b2b70c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://iquestion.my.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 26 May 2023 16:24:11 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Sun, 15 Jan 2023 20:34:44 GMT
server
cloudflare
etag
W/"63c46364-1649e"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3MpkyfO87S1NOUYJdySgxmwdGEKLy6T4zD1hafXF0WHyANhptwmEVoot5zypYL0zv2IcE7WM49mJUs8siAaPeirDKV4EniJ9OyiRlOPsrLn0QdvbMHLXPrkZw3bVUzHs9%2BoANZLBQKBw3FJYKA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=2592000
cf-ray
7cd75deafe86b70c-AMS
expires
Sun, 25 Jun 2023 16:24:10 GMT
global.js
app.goads.link/
505 B
600 B
Script
General
Full URL
https://app.goads.link/global.js
Requested by
Host: app.goads.link
URL: https://app.goads.link/app.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:3e6b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9b5904d9e7b06c15eef0562d5b59f9642a6f4ea849974e0e6eed14b3fb8333d9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://iquestion.my.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 26 May 2023 16:24:11 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Wed, 22 Mar 2023 04:05:53 GMT
server
cloudflare
etag
W/"641a7ea1-1f9"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TQxGKM1WHoX2iC4shJwG8dmISQcDTsdYVg1KtwE0XN0778iuyz1nHMW7POvB07Z%2BTtV1aq9g5M%2BOSNOSSlmTob%2Fmob5o6meDF86o77AodjVLAZWOvNBP9YYMHXoO5O0N3fU2h2mOwdSYo%2BBg5w%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=2592000
cf-ray
7cd75deafe87b70c-AMS
expires
Sun, 25 Jun 2023 16:24:10 GMT
truncated
/
298 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
596e00978d5880392bd798b549957a30a59c409885affe284076fc8b253c7c55

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/
267 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
abfe5b27310a016303a0ede1f41a67d4adb8886b7c0ade3474cd44f60be50548

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=UTF-8
4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v14/
21 KB
21 KB
Font
General
Full URL
https://fonts.gstatic.com/s/googlesans/v14/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
Requested by
Host: iquestion.my.id
URL: https://iquestion.my.id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://iquestion.my.id/
Origin
https://iquestion.my.id
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Sat, 20 May 2023 15:18:07 GMT
x-content-type-options
nosniff
age
522363
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
21464
x-xss-protection
0
last-modified
Mon, 22 Apr 2019 23:42:59 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 19 May 2024 15:18:07 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: iquestion.my.id
URL: https://iquestion.my.id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://iquestion.my.id/
Origin
https://iquestion.my.id
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Sat, 20 May 2023 23:28:35 GMT
x-content-type-options
nosniff
age
492935
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 19 May 2024 23:28:35 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: iquestion.my.id
URL: https://iquestion.my.id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://iquestion.my.id/
Origin
https://iquestion.my.id
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Sat, 20 May 2023 17:47:45 GMT
x-content-type-options
nosniff
age
513385
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15552
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:02 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 19 May 2024 17:47:45 GMT
4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v14/
21 KB
21 KB
Font
General
Full URL
https://fonts.gstatic.com/s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
Requested by
Host: iquestion.my.id
URL: https://iquestion.my.id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://iquestion.my.id/
Origin
https://iquestion.my.id
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Sat, 20 May 2023 17:47:45 GMT
x-content-type-options
nosniff
age
513385
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
21700
x-xss-protection
0
last-modified
Mon, 22 Apr 2019 23:43:33 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 19 May 2024 17:47:45 GMT
js15_as.js
s10.histats.com/
11 KB
5 KB
Script
General
Full URL
https://s10.histats.com/js15_as.js
Requested by
Host: app.goads.link
URL: https://app.goads.link/analytic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://iquestion.my.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 26 May 2023 16:24:11 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 16 Apr 2020 10:44:16 GMT
server
cloudflare
age
84425
etag
W/"5e983700-2cb0"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=28800
cf-ray
7cd75dedbcd6b7ea-AMS
ads.js
app.goads.link/
29 B
556 B
Script
General
Full URL
https://app.goads.link/ads.js
Requested by
Host: app.goads.link
URL: https://app.goads.link/anti-adblock.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:3e6b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
67ff8f4d9d4872b129f5aeb75e97ec9287987067c83fa0b0594910ce7c137f1c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://iquestion.my.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 26 May 2023 16:24:11 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
29
x-xss-protection
1; mode=block
last-modified
Mon, 03 Oct 2022 17:12:31 GMT
server
cloudflare
etag
"633b17ff-1d"
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jFK4ryTCoxMKenFy3TaMdtnBCojmPCUDVM8LrV16NztVxA2ZRdrdp9hBDGwqOzDuU3941xDDJmEnCDdIwTeBGw3%2FXxunP3X%2F4saszFh54tOrpj5Fi89SE112P2fLaF172DDMxH%2F%2FTf3H87ut2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
vary
Accept-Encoding
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
7cd75ded5c50fa38-AMS
expires
Sun, 25 Jun 2023 16:24:11 GMT
04689e1b5f3534ef554850706bd7e3ea.js
academyblocked.com/04/68/9e/
0
0
Script
General
Full URL
https://academyblocked.com/04/68/9e/04689e1b5f3534ef554850706bd7e3ea.js
Requested by
Host: app.goads.link
URL: https://app.goads.link/global.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
173.233.137.52 , United States, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
nginx/1.19.5 /
Resource Hash

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://iquestion.my.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date
Fri, 26 May 2023 16:24:11 GMT
Server
nginx/1.19.5
Accept-CH
Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Content-Type
application/javascript
Connection
keep-alive
Content-Length
0
/
accounts.google.com/v3/signin/
0
0
Script
General
Full URL
https://accounts.google.com/v3/signin/
Requested by
Host: app.goads.link
URL: https://app.goads.link/global.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://iquestion.my.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

0.php
s4.histats.com/stats/
49 B
183 B
Script
General
Full URL
https://s4.histats.com/stats/0.php?4669170&@f16&@g1&@h1&@i1&@j1685118251179&@k0&@l1&@mGoogle%20Sites%3A%20Sign-in&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@b1:-196085861&@b3:1685118251&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fiquestion.my.id%2F&@w
Requested by
Host: s10.histats.com
URL: https://s10.histats.com/js15_as.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
149.56.240.130 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns534298.ip-149-56-240.net
Software
/
Resource Hash
f4788932ad63054757ffcba66a09958e9f3de1f04d8bb58ef4b4d4d1bd55164b

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://iquestion.my.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date
Fri, 26 May 2023 16:24:15 GMT
Connection
close
Content-Length
49
Content-Type
text/html;charset=UTF-8
popme-style.min.css
app.goads.link/
2 KB
1 KB
Stylesheet
General
Full URL
https://app.goads.link/popme-style.min.css
Requested by
Host: app.goads.link
URL: https://app.goads.link/popme.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:3e6b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d7b7f372d890aa0238e9c8449ac9eefdee7a0d890d082c432bbb9686820bcdcd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://iquestion.my.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 26 May 2023 16:24:11 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 30 Sep 2022 16:34:01 GMT
server
cloudflare
etag
W/"63371a79-6f4"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RtYv5JpTYZ88KkKui5zyaYyGhBUjs5gI5ENfBmR2BT4Pox8SXXpHwX5TCUnnZ%2F%2BliQL0165HI%2FVgzO62%2FDFqzZfmltwx3n7X6ylvnHhVctqdNUy0gp%2BLe86mkswOK8MAL9U3pqmckPlrq%2FdqZA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=2592000
cf-ray
7cd75dee7cdefa38-AMS
expires
Sun, 25 Jun 2023 16:24:11 GMT
popme-double-ads.js
app.goads.link/
1 KB
1 KB
Script
General
Full URL
https://app.goads.link/popme-double-ads.js
Requested by
Host: app.goads.link
URL: https://app.goads.link/popme.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:3e6b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6241fa6f92a5ca2738d925b707fee02946c06bfaddc49425b8b06ede0b2aafc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://iquestion.my.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 26 May 2023 16:24:11 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Sun, 15 Jan 2023 21:23:06 GMT
server
cloudflare
etag
W/"63c46eba-540"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JkrSCzf2IdRv%2Beb%2BY%2Fd0r%2FOK0YAaZXcpfqVQkW%2FiM5YkVeSdh4k6ORvUHzMCtgXfCLgs7%2BHy%2BcJ%2BNZVFydoH3YICjWjFQImvHFaiKCPtgGONarUF6Z9KUfNNHkQF5ni3ut3ojtGG9szbsUea7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=2592000
cf-ray
7cd75dee7cdffa38-AMS
expires
Sun, 25 Jun 2023 16:24:11 GMT
re.jpg
1.bp.blogspot.com/-y8AsxfEerDc/YFSyMPZF14I/AAAAAAAAAAM/JUegMgSE-3o5A_06mx0Fir2-dkB6fAGvACLcBGAsYHQ/s640/
28 KB
29 KB
Image
General
Full URL
https://1.bp.blogspot.com/-y8AsxfEerDc/YFSyMPZF14I/AAAAAAAAAAM/JUegMgSE-3o5A_06mx0Fir2-dkB6fAGvACLcBGAsYHQ/s640/re.jpg
Requested by
Host: iquestion.my.id
URL: https://iquestion.my.id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
f887562ecfcb59e0783afce6b9ade2336a7122ac3d04ad00673cc05bec1a7415
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://iquestion.my.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 26 May 2023 13:02:04 GMT
x-content-type-options
nosniff
age
12127
content-disposition
inline;filename="re.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
28955
x-xss-protection
0
server
fife
etag
"v4"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Sat, 27 May 2023 13:02:04 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Google (Online)

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| atOptions string| hostUri function| _0x4b97db object| _Hasync function| chfh function| chfh2 string| _HST_cntval object| Histats object| link string| go_current string| reff function| rChoice string| direct_link_ads string| ars string| dir_type undefined| pre_current function| include function| $ function| jQuery object| _HistatsCounterGraphics_0_setValues

8 Cookies

Domain/Path Name / Value
iquestion.my.id/ Name: HstCfa4669170
Value: 1685118251179
iquestion.my.id/ Name: HstCla4669170
Value: 1685118251179
iquestion.my.id/ Name: HstCmu4669170
Value: 1685118251179
iquestion.my.id/ Name: HstPn4669170
Value: 1
iquestion.my.id/ Name: HstPt4669170
Value: 1
iquestion.my.id/ Name: HstCnv4669170
Value: 1
iquestion.my.id/ Name: HstCns4669170
Value: 1
.google.com/ Name: NID
Value: 511=eqYQgeYSkDDuCCEFS-vly8VHz5TqxCKmYtpVTXji3ZXvG25arQY33f8gP4IBy_MF_-_kpVFaENR5chh0WzL3ZwvAEK8ZnQ5sWHI0bM4lNtST8ERbNtQR2n3MYKX_akkGj_LQ0veN9GIclzTcKFOwmEB7gBjdQSfutzuFXCxpII0

9 Console Messages

Source Level URL
Text
javascript warning URL: https://iquestion.my.id/(Line 12)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://recompensecombinedlooks.com/6eac90e5d640c4d279a56c732a52d467/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://iquestion.my.id/(Line 12)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://app.goads.link/app.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://iquestion.my.id/(Line 12)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://recompensecombinedlooks.com/6eac90e5d640c4d279a56c732a52d467/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://recompensecombinedlooks.com/6eac90e5d640c4d279a56c732a52d467/invoke.js
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript warning URL: https://iquestion.my.id/(Line 26)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://foetusconductfold.com/9ca62e71236f4c7f27cd2ef96bb55fa0/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://iquestion.my.id/(Line 26)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://foetusconductfold.com/9ca62e71236f4c7f27cd2ef96bb55fa0/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://foetusconductfold.com/9ca62e71236f4c7f27cd2ef96bb55fa0/invoke.js
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
network error URL: https://accounts.google.com/v3/signin/#AdURL2
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://academyblocked.com/04/68/9e/04689e1b5f3534ef554850706bd7e3ea.js
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1.bp.blogspot.com
academyblocked.com
accounts.google.com
app.goads.link
foetusconductfold.com
fonts.gstatic.com
iquestion.my.id
recompensecombinedlooks.com
s10.histats.com
s4.histats.com
149.56.240.130
173.233.137.52
192.243.61.225
192.243.61.227
2606:4700:10::6816:4fe
2606:4700:3034::6815:3e6b
2a00:1450:4001:80f::2003
2a00:1450:4001:828::2001
2a00:1450:4001:829::200d
2a06:98c1:3120::3
2a06:98c1:3121::3
11d20d113d06aea4e2a7eb2f21012b649e041d225d13d7ab722c06d00ecf1b59
1258949e1889ca9d9d3c1705b5b49d403750d71edd4b2cce4c30f99360b2b70c
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
596e00978d5880392bd798b549957a30a59c409885affe284076fc8b253c7c55
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
67ff8f4d9d4872b129f5aeb75e97ec9287987067c83fa0b0594910ce7c137f1c
6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
71d7ad444f58bfff8c9356dd6c328ee78ada76660d9c66fe6610b06f585c7cc0
8176756dbf9609cf5d917d1842fe1b6fc33ad3e14d79aaca3de253e17933a9d3
891490d3259b636e7d468ccc560451b93f5f69310de57f3fe4f36c96147e20f0
9b5904d9e7b06c15eef0562d5b59f9642a6f4ea849974e0e6eed14b3fb8333d9
ab78784f702a8542dd72b1961af1df06523da00069f1ae79448e3f6bfdd258a5
abfe5b27310a016303a0ede1f41a67d4adb8886b7c0ade3474cd44f60be50548
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
d7b7f372d890aa0238e9c8449ac9eefdee7a0d890d082c432bbb9686820bcdcd
e5324ffec23dfb9dbd64c37fd0f2ffc2872cf50cbbada8fbb7894ceb35d9e1b5
e6241fa6f92a5ca2738d925b707fee02946c06bfaddc49425b8b06ede0b2aafc
f4788932ad63054757ffcba66a09958e9f3de1f04d8bb58ef4b4d4d1bd55164b
f887562ecfcb59e0783afce6b9ade2336a7122ac3d04ad00673cc05bec1a7415