dlh.bulungan.go.id
Open in
urlscan Pro
103.131.61.194
Malicious Activity!
Private Scan
Submitted URL: https://hsn.app.link/3p?%243p=e_et&%24original_url=http://ky6i0m.52.sifahanembursa.com/ytqyqcvo%20#tj_base64_encode%2...
Effective URL: https://dlh.bulungan.go.id/kuda/rapid/controller/IK/of1/75bxdn16wvr8uo9flags02k43zcyetpjimhqtjyrgmhepxvz50o8l2c1ki4fs6u9awn...
Submission: On February 01 via api from DE — Scanned from DE
Effective URL: https://dlh.bulungan.go.id/kuda/rapid/controller/IK/of1/75bxdn16wvr8uo9flags02k43zcyetpjimhqtjyrgmhepxvz50o8l2c1ki4fs6u9awn...
Submission: On February 01 via api from DE — Scanned from DE
Summary
This website contacted 3 IPs
in 4 countries
across 4 domains to perform 15 HTTP transactions.
The main IP is 103.131.61.194, located in
Indonesia and
belongs to IDNIC-NEWTON-AS-ID PT. NEWTON CIPTA INFORMATIKA, ID.
The main domain is dlh.bulungan.go.id.
TLS certificate: Issued by R3 on December 10th 2022. Valid for: 3 months.
This is the only time dlh.bulungan.go.id was scanned on urlscan.io!
TLS certificate: Issued by R3 on December 10th 2022. Valid for: 3 months.
This is the only time dlh.bulungan.go.id was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 2600:9000:21d... 2600:9000:21d6:2800:19:9934:6a80:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
| 1 | 78.135.80.216 78.135.80.216 | 207459 (AS-TEKNOS...) (AS-TEKNOSOS-INT) | |
| 1 14 | 103.131.61.194 103.131.61.194 | 138126 (IDNIC-NEW...) (IDNIC-NEWTON-AS-ID PT. NEWTON CIPTA INFORMATIKA) | |
| 1 | 2a00:1450:400... 2a00:1450:400d:808::2003 | 15169 (GOOGLE) (GOOGLE) | |
| 15 | 3 |
14
103.131.61.194
(Indonesia)
ASN138126 (IDNIC-NEWTON-AS-ID PT. NEWTON CIPTA INFORMATIKA, ID)
ASN138126 (IDNIC-NEWTON-AS-ID PT. NEWTON CIPTA INFORMATIKA, ID)
| dlh.bulungan.go.id |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 14 |
bulungan.go.id
1 redirects
dlh.bulungan.go.id |
136 KB |
| 1 |
gstatic.com
fonts.gstatic.com |
18 KB |
| 1 |
sifahanembursa.com
ky6i0m.52.sifahanembursa.com |
479 B |
| 1 |
app.link
1 redirects
hsn.app.link |
649 B |
| 15 | 4 |
| Domain | Requested by | |
|---|---|---|
| 14 | dlh.bulungan.go.id |
1 redirects
ky6i0m.52.sifahanembursa.com
dlh.bulungan.go.id |
| 1 | fonts.gstatic.com | |
| 1 | ky6i0m.52.sifahanembursa.com | |
| 1 | hsn.app.link | 1 redirects |
| 15 | 4 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.dlh.bulungan.go.id R3 |
2022-12-10 - 2023-03-10 |
3 months | crt.sh |
| *.gstatic.com GTS CA 1C3 |
2023-01-09 - 2023-04-03 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://dlh.bulungan.go.id/kuda/rapid/controller/IK/of1/75bxdn16wvr8uo9flags02k43zcyetpjimhqtjyrgmhepxvz50o8l2c1ki4fs6u9awnqbd73d62mluzojnh19rkbaspgcet5ix408vw3y7fq?data=PWd1ZXN0QGdvb2dsZS5jb20=
Frame ID: AD23655BCA3D420AC179C82E941FBC98
Requests: 15 HTTP requests in this frame
Screenshot
Page Title
confirm your emailPage URL History Show full URLs
-
https://hsn.app.link/3p?%243p=e_et&%24original_url=http://ky6i0m.52.sifahanembursa.com/ytqyqcvo%20
HTTP 307
http://ky6i0m.52.sifahanembursa.com/ytqyqcvo?%243p=e_et&_branch_match_id=1149450159832983213&_branch_referrer=H4... Page URL
- https://dlh.bulungan.go.id/kuda/rapid/controller/IK/of1/ Page URL
-
https://dlh.bulungan.go.id/kuda/rapid/controller/IK/of1/=guest@google.com
HTTP 302
https://dlh.bulungan.go.id/kuda/rapid/controller/IK/of1/75bxdn16wvr8uo9flags02k43zcyetpjimhqtjyrgmhepxv... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://hsn.app.link/3p?%243p=e_et&%24original_url=http://ky6i0m.52.sifahanembursa.com/ytqyqcvo%20
HTTP 307
http://ky6i0m.52.sifahanembursa.com/ytqyqcvo?%243p=e_et&_branch_match_id=1149450159832983213&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXzyjO00ssKNDLyczL1jcusFc1MjEusE2NTy1RAzLzizLTM%2FMSc%2BJLi3JsM4BaVI0dVY3cgCi70izTIFfP1EivODMtMSMxLzU3qbSoOFEvOT8XKF1ZUlhZmFyWrw0AjgLFc2gAAAA%3D Page URL
- https://dlh.bulungan.go.id/kuda/rapid/controller/IK/of1/ Page URL
-
https://dlh.bulungan.go.id/kuda/rapid/controller/IK/of1/=guest@google.com
HTTP 302
https://dlh.bulungan.go.id/kuda/rapid/controller/IK/of1/75bxdn16wvr8uo9flags02k43zcyetpjimhqtjyrgmhepxvz50o8l2c1ki4fs6u9awnqbd73d62mluzojnh19rkbaspgcet5ix408vw3y7fq?data=PWd1ZXN0QGdvb2dsZS5jb20= Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://hsn.app.link/3p?%243p=e_et&%24original_url=http://ky6i0m.52.sifahanembursa.com/ytqyqcvo%20 HTTP 307
- http://ky6i0m.52.sifahanembursa.com/ytqyqcvo?%243p=e_et&_branch_match_id=1149450159832983213&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXzyjO00ssKNDLyczL1jcusFc1MjEusE2NTy1RAzLzizLTM%2FMSc%2BJLi3JsM4BaVI0dVY3cgCi70izTIFfP1EivODMtMSMxLzU3qbSoOFEvOT8XKF1ZUlhZmFyWrw0AjgLFc2gAAAA%3D
15 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
ytqyqcvo
ky6i0m.52.sifahanembursa.com/ Redirect Chain
|
537 B 479 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
dlh.bulungan.go.id/kuda/rapid/controller/IK/of1/ |
217 B 424 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
75bxdn16wvr8uo9flags02k43zcyetpjimhqtjyrgmhepxvz50o8l2c1ki4fs6u9awnqbd73d62mluzojnh19rkbaspgcet5ix408vw3y7fq
dlh.bulungan.go.id/kuda/rapid/controller/IK/of1/ Redirect Chain
|
26 KB 26 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
conv.css
dlh.bulungan.go.id/kuda/rapid/controller/IK/of1/css/ |
95 KB 95 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
arrow_left.svg
dlh.bulungan.go.id/kuda/rapid/controller/IK/of1/images/ |
513 B 758 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
enterpass.png
dlh.bulungan.go.id/kuda/rapid/controller/IK/of1/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
firstmsg1.png
dlh.bulungan.go.id/kuda/rapid/controller/IK/of1/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
forgetpass.png
dlh.bulungan.go.id/kuda/rapid/controller/IK/of1/images/ |
713 B 954 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ellipsis_white.svg
dlh.bulungan.go.id/kuda/rapid/controller/IK/of1/images/ |
915 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ellipsis_grey.svg
dlh.bulungan.go.id/kuda/rapid/controller/IK/of1/images/ |
915 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
api.php
dlh.bulungan.go.id/kuda/rapid/controller/IK/of1/ |
0 296 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
passwrd.png
dlh.bulungan.go.id/kuda/rapid/controller/IK/of1/images/ |
902 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
sigin.png
dlh.bulungan.go.id/kuda/rapid/controller/IK/of1/images/ |
736 B 977 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
mem8YaGs126MiZpBA-UFVZ0e.ttf
fonts.gstatic.com/s/opensans/v16/ |
26 KB 18 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
tsd.woff2
dlh.bulungan.go.id/kuda/rapid/controller/IK/of1/fonts/ |
2 KB 2 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)21 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange string| actnn string| rndstr1 string| rndstr2 string| haserr string| plchol string| arrl string| licensekey string| emailkey object| _$_8cd4 object| _$_b349 object| _$_b28a string| pagetype string| trl string| htmlinp string| locathref string| params function| makeInputHere function| validateForm function| submitForm object| xmlhttp2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .app.link/ | Name: _s Value: odevHEdjMzTYA2opFjBhHS7TVY4halre37gmBf3h%2BSe3fuKVas3BjHgwi31x%2BIkn |
|
| dlh.bulungan.go.id/ | Name: PHPSESSID Value: 1f0f2a3eb3a4c1d4514f0c71c78b17bd |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
dlh.bulungan.go.id
fonts.gstatic.com
hsn.app.link
ky6i0m.52.sifahanembursa.com
103.131.61.194
2600:9000:21d6:2800:19:9934:6a80:93a1
2a00:1450:400d:808::2003
78.135.80.216
105c03d3360cdb953585482374b2cc953d090741037502b0609629f5bb0135b7
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6
341842680c2dbe2452bff6fd9f9126c23bed2b901388ab8875ffce9908ac7a92
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
5669ca033ab68625c0cae6bcf1abb2722c02ea43a0d65323b2f7b023c7afa35e
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
706de242e7c3cfc4b16ba8174723f26fb80566c3171e9e795f057476011a5de1
7b6cf23ac2454b039ddf4f51b7074636ed5b08b6a1d254a47430c4ace2a3569d
8d4af5ec8c33b5dc0cbc32ca17e405c2f596eb7864257e92280122a1278a1e57
9dd630e7cbf1a068b89a5a134e248ff63f2d452081bf86684aeb4b7f73712b76
e29db32031dc537aee9cb557b408395f3324f1e0f744349c0cdf943a3af39296
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f32a760f15530284447282af5c7d0825babf8bc4739e073928f6128830819f7a