urlscan.io logo urlscan.io
SecurityTrails logo

pafikotabadui.org Open in urlscan Pro
2606:4700:3036::6815:11ac  Public Scan

Go To Rescan Add Verdict Report
URL: https://pafikotabadui.org/bocil-kematian
Submission Tags: @phish_report
Submission: On November 12 via api from FI — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 4 domains to perform 3 HTTP transactions. The main IP is 2606:4700:3036::6815:11ac, located in United States and belongs to CLOUDFLARENET, US. The main domain is pafikotabadui.org.
TLS certificate: Issued by WE1 on September 25th 2024. Valid for: 3 months.
This is the only time pafikotabadui.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 172.67.201.233 13335 (CLOUDFLAR...)
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 172.67.71.48 13335 (CLOUDFLAR...)
3 3
Apex Domain
Subdomains		 Transfer
1 jali.me
e2.jali.me — Cisco Umbrella Rank: 807329
9 KB
1 indotogelku.bar
ww1.indotogelku.bar
1 bioqoo.com
bioqoo.com
897 B
1 pafikotabadui.org
pafikotabadui.org
1 KB
3 4
Domain Requested by
1 e2.jali.me
1 ww1.indotogelku.bar pafikotabadui.org
1 bioqoo.com 1 redirects
1 pafikotabadui.org
3 4

This site contains no links.

Subject Issuer Validity Valid
pafikotabadui.org
WE1		 2024-09-25 -
2024-12-24		 3 months crt.sh
indotogelku.bar
WE1		 2024-10-04 -
2025-01-02		 3 months crt.sh
jali.me
WE1		 2024-11-03 -
2025-02-01		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://pafikotabadui.org/bocil-kematian
Frame ID: 317BF9852EC9B0BB933645A760F115F9
Requests: 2 HTTP requests in this frame

Frame: https://ww1.indotogelku.bar/register?referral_code=budiharim
Frame ID: D4830A79842053AA9DFB414BA5AD3CBC
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Invalid Referral

Page Statistics

3
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

1
Countries

10 kB
Transfer

9 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://bioqoo.com/pabloescobar HTTP 301
  • https://ww1.indotogelku.bar/register?referral_code=budiharim

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request bocil-kematian
pafikotabadui.org/ 		716 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pafikotabadui.org/bocil-kematian
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6815:11ac , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
19afdd166271706904f19b4f0948ee7fd4f5e7494e7587000a98d735d726bd73

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

access-control-allow-headers
Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
7200
alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8e19c780fbcab4fa-OSL
content-encoding
zstd
content-type
text/html; charset=UTF-8
date
Tue, 12 Nov 2024 21:57:43 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oOUUybxrhykAfIGfL%2FADrkMqWFsLFMcM08uph9SutPsKGGS2Q2f3eobBB9DJZ7AKwcvdPZkaaM3WA15GjhqBehe%2BGoHrXcZQFZ%2FQNovz3WYEQJWOKlJCV40RZSNbvNoJ3lmr2z0k%2BbQ%2FyeYJJ2sauQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=TCP&rtt=64990&sent=8&recv=12&lost=0&retrans=0&sent_bytes=4017&recv_bytes=2358&delivery_rate=62225&cwnd=253&unsent_bytes=0&cid=31d8b5faee33ad75&ts=764&x=0"
vary
Accept-Encoding
register
ww1.indotogelku.bar/ Frame D483
Redirect Chain
  • https://bioqoo.com/pabloescobar
  • https://ww1.indotogelku.bar/register?referral_code=budiharim
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ww1.indotogelku.bar/register?referral_code=budiharim
Requested by
Host: pafikotabadui.org
URL: https://pafikotabadui.org/bocil-kematian
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://pafikotabadui.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

age
160
alt-svc
h3=":443"; ma=86400
cache-control
public, s-maxage=900
cf-cache-status
DYNAMIC
cf-ray
8e19c78c18f11bfa-OSL
content-encoding
zstd
content-type
text/html; charset=UTF-8
date
Tue, 12 Nov 2024 21:57:45 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ExRnO981efBNgtWaUbu6IjbgGrYufCJ2IefcCk9F46os3kMPrcgn%2Be7k00Sqv1HZR%2BUdrqwPo4IzqrkfyPgmTQlYpgMYcsFfJs12vW9ouLwpmGLw7XlhrbDF8Sbb%2FeWK1qN9JsrjJh%2B8IcmDQtwIVlCt"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=TCP&rtt=65247&sent=9&recv=13&lost=0&retrans=0&sent_bytes=4011&recv_bytes=2448&delivery_rate=61920&cwnd=254&unsent_bytes=0&cid=0bd4723877276672&ts=487&x=0"
strict-transport-security
max-age=31536000;includeSubDomains
vary
Accept-Encoding
x-cache
HIT
x-cache-hits
1
x-cacheable
1
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

access-control-allow-headers
Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
7200
alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8e19c78679440b65-OSL
content-type
text/html; charset=UTF-8
date
Tue, 12 Nov 2024 21:57:44 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
https://ww1.indotogelku.bar/register?referral_code=budiharim
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N1aruxApb72W1n58pKVn8pyCAC0fg5JrafbLM%2Bp0yjo0u60R%2FsbeEjTvAOMVAblfzYkAG67Yj8jqDEvnpkoLMc3eWOl%2BCoG6cSo%2BUBbypZg97nfVoRrKpQfx3ohM"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=58782&sent=12&recv=10&lost=0&retrans=0&sent_bytes=4200&recv_bytes=4526&delivery_rate=333&cwnd=12000&unsent_bytes=0&cid=39dc70bf8de01dc7&ts=736&x=1" cfHdrFlush;dur=0
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cc5b809d8d728cb460be64d466f715d6.png
e2.jali.me/uploads/favicons/ 		8 KB
9 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://e2.jali.me/uploads/favicons/cc5b809d8d728cb460be64d466f715d6.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.71.48 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29852eadd0a6797ba4457795db3767d568c77ce94ed9fc57c25e386c72a3e00e
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://pafikotabadui.org/

Response headers

cf-bgj
h2pri,csam-hash
etag
"726af9ca0660a1101206233994bb8d6c"
x-amz-version-id
null
cf-cache-status
HIT
expect-ct
max-age=86400, enforce
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pzPv8sk0qqIyUyoBXaUnJIsNJ1Oo7vJu%2Fl8E8pLCcplRMg6yeS3Iws5kIAu1PB3Ytgn3RzUyhD9lRnbveUTkpr7J9hmvcbB4FuBB3SLMIlF7d7YAYaX3K3DQ8XSe"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=32607&sent=11&recv=10&lost=0&retrans=0&sent_bytes=4160&recv_bytes=4499&delivery_rate=483&cwnd=12000&unsent_bytes=0&cid=a08638ea0e886331&ts=630&x=1", cfExtPri, cfHdrFlush;dur=0
date
Tue, 12 Nov 2024 21:57:46 GMT
content-type
image/png
last-modified
Wed, 06 Nov 2024 12:35:46 GMT
vary
Origin, Accept-Encoding
x-amz-server-side-encryption-aws-kms-key-id
arn:aws:kms:h7w3_sg_idrivee2-50_com
priority
u=1,i
strict-transport-security
max-age=15552000
content-security-policy
block-all-mixed-content
cache-control
public, max-age=31536000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
same-origin
x-amz-request-id
1806C881EC79F4F0
x-amz-meta-erid
35
accept-ranges
bytes
content-length
8262
x-xss-protection
1; mode=block
cf-ray
8e19c78fabd48d5c-HEL
server
cloudflare
x-amz-server-side-encryption
aws:kms

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

2 Cookies

Domain/Path Name / Value
pafikotabadui.org/ Name: PHPSESSID
Value: pakj8fhkjpohomk8co2faojcnk
pafikotabadui.org/ Name: s_statistics_1387859
Value: 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bioqoo.com
e2.jali.me
pafikotabadui.org
ww1.indotogelku.bar
172.67.201.233
172.67.71.48
2606:4700:3036::6815:11ac
2a06:98c1:3121::3
19afdd166271706904f19b4f0948ee7fd4f5e7494e7587000a98d735d726bd73
29852eadd0a6797ba4457795db3767d568c77ce94ed9fc57c25e386c72a3e00e