kopertais02.or.id
Open in
urlscan Pro
103.129.220.6
Malicious Activity!
Public Scan
Submission: On March 21 via automatic, source phishtank — Scanned from DE
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on February 21st 2023. Valid for: 3 months.
This is the only time kopertais02.or.id was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Web.de (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
10 | 103.129.220.6 103.129.220.6 | 138062 (IDNIC-PAA...) (IDNIC-PAAS-AS-ID PT. Awan Kilat Semesta) | |
2 | 23.211.9.43 23.211.9.43 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
12 | 2 |
ASN138062 (IDNIC-PAAS-AS-ID PT. Awan Kilat Semesta, ID)
PTR: iix71.cloudhost.id
kopertais02.or.id |
ASN16625 (AKAMAI-AS, US)
PTR: a23-211-9-43.deploy.static.akamaitechnologies.com
img.ui-portal.de |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
kopertais02.or.id
kopertais02.or.id |
249 KB |
2 |
ui-portal.de
img.ui-portal.de — Cisco Umbrella Rank: 22700 |
36 KB |
12 | 2 |
Domain | Requested by | |
---|---|---|
10 | kopertais02.or.id |
kopertais02.or.id
|
2 | img.ui-portal.de |
kopertais02.or.id
|
12 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
kopertais02.or.id cPanel, Inc. Certification Authority |
2023-02-21 - 2023-05-22 |
3 months | crt.sh |
img.ui-portal.de GeoTrust RSA CA 2018 |
2022-07-25 - 2023-07-25 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://kopertais02.or.id/zde/?email=redacted@abuse.ionos.com
Frame ID: 9C1A976FE35DCCAB336F330B318C13CF
Requests: 12 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
kopertais02.or.id/zde/ |
6 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.4.1-ver-220AFD743D9E9643852E31A135A9F3AE.js.download
kopertais02.or.id/zde/ |
86 KB 86 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tcf-api.js.download
kopertais02.or.id/zde/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tracklib.poly.min.js.download
kopertais02.or.id/zde/ |
51 KB 51 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
90496.js.download
kopertais02.or.id/zde/ |
28 KB 28 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wicket-ajax-jquery-ver-3A8C326A8436172FC95523D517EBC88B.js.download
kopertais02.or.id/zde/ |
43 KB 43 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4006.js.download
kopertais02.or.id/zde/ |
28 KB 28 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
uni_main-ver-2F06E2EA6A77BCF71A9F481935549BAC.js.download
kopertais02.or.id/zde/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
uni-ver-F48D7E3FA01D857E0F31A9DDBEEB4BF4.css
kopertais02.or.id/zde/ |
47 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
weblogo.png
kopertais02.or.id/zde/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
web.de-sans-light.woff
img.ui-portal.de/ci/webde/global/fonts/web.de-sans/ |
18 KB 18 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
web.de-sans-medium.woff
img.ui-portal.de/ci/webde/global/fonts/web.de-sans/ |
18 KB 18 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Web.de (Online)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| $ function| jQuery object| __core-js_shared__ object| core function| TrackLib object| NSfTIF string| szmvars object| iom string| gtmId object| Wicket0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
img.ui-portal.de
kopertais02.or.id
103.129.220.6
23.211.9.43
01e773facc13e915276219573795dcf3f2a0fe00fca0841af95b21769872ff48
02f13374c089384098c4c0359e09967e2a136d78f4abf61fc32b81a659f0c43f
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
42bc50e6d6a0a054f02487d5e284f5de3a8299cf8e3b182e9dca83072244bb58
54477e08b67d141ecf9efb74d9a9a2fd9be9946aa09a01146c7150f666edfefa
6c47681bf3f507dfd98869f2e51e17293cf9c1c12e7282736637363d32e668d5
7676e0d97793004054c4ec3e7cbd2d98c52fabc90479b7e3d5cfbb62f4e7a5af
814d708ae7117c643892517043641d0802ae58402b8eacab4b52084321fc9ec4
be2cabde6c68a36dfff252bb391dee1648210318908119d3933353d5b06abfb9
c289bc1dad2d9f0ea8203e78cb8340c44ce7f00127a2892d745cb159467ecbb4