urlscan.io logo urlscan.io
SecurityTrails logo

malaysia.ip1-kd.com Open in urlscan Pro
2a06:98c1:3121::3  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://malaysia.ip1-kd.com/aplly/
Submission: On February 14 via api from BE — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 7 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is malaysia.ip1-kd.com.
This is the only time malaysia.ip1-kd.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telegram (Instant Messenger)

Domain & IP information

IP Address AS Autonomous System
1 7 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 2a04:4e42::649 54113 (FASTLY)
7 3
Apex Domain
Subdomains		 Transfer
7 ip1-kd.com
malaysia.ip1-kd.com
47 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 940
30 KB
7 2
Domain Requested by
7 malaysia.ip1-kd.com 1 redirects malaysia.ip1-kd.com
1 code.jquery.com malaysia.ip1-kd.com
7 2

This site contains no links.

Subject Issuer Validity Valid
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2023-07-11 -
2024-07-14		 a year crt.sh

This page contains 1 frames:

Primary Page: http://malaysia.ip1-kd.com/aplly/
Frame ID: 4696C8DC1F6A96FD17AF4000CCEE5515
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Telegram Web

Page URL History Show full URLs

  1. http://malaysia.ip1-kd.com/aplly HTTP 301
    http://malaysia.ip1-kd.com/aplly/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

7
Requests

14 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

76 kB
Transfer

198 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://malaysia.ip1-kd.com/aplly HTTP 301
    http://malaysia.ip1-kd.com/aplly/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
malaysia.ip1-kd.com/aplly/
Redirect Chain
  • http://malaysia.ip1-kd.com/aplly
  • http://malaysia.ip1-kd.com/aplly/
7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://malaysia.ip1-kd.com/aplly/
Protocol
HTTP/1.1
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6062c84dad8214905441068499eab28629a11de5dd651c0aed48f6481eaacba
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

CF-Cache-Status
DYNAMIC
CF-RAY
85557bacdcbb2c1b-FRA
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
DN-Request-Id
fecd2cd4b508abcfded88656c121e8d2
Date
Wed, 14 Feb 2024 12:58:31 GMT
Dynamic-Cache-Status
REVALIDATED
Last-Modified
Wed, 06 Dec 2023 02:04:49 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sDBmseGe2gRLmAOykQl0swVbW3IOLS8TangssUu1aQFqgtBNwWpp50hnz1rwjwEaVz8ta7eL2nacaStkfZw%2F0lavEeQDbk0XlvMA%2Fzbw1Xm5EiuN8YxXOxmqOFcdhrK74m2mplD48BFSmOXc94x87qLe"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Transfer-Encoding
chunked
Vary
Accept-Encoding Accept-Encoding
alt-svc
h3=":443"; ma=86400

Redirect headers

CF-Cache-Status
DYNAMIC
CF-RAY
85557baa79e62c1b-FRA
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
DN-Request-Id
d10131166a00b4851d6a27243a2a0c3e
Date
Wed, 14 Feb 2024 12:58:31 GMT
Dynamic-Cache-Status
MISS
Location
http://malaysia.ip1-kd.com/aplly/
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eNXs2RJSbOFd7q1v9%2FAx67w5%2BT4FHp7QFwCg6iMt8iBw2C5NTbwkwRMKzUH3LOTfr3N5PXIQRGrC%2F31bp7DPW8ZiNU63B3PqMlBUI71sJl5RmK3xhA2avkufoguMmD%2BdzbO9vVKELx5AAJXbFGBfo0yS"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Transfer-Encoding
chunked
alt-svc
h3=":443"; ma=86400
main.3c9dcec00d5a12b9aa18.css
malaysia.ip1-kd.com/aplly/lib/ 		81 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://malaysia.ip1-kd.com/aplly/lib/main.3c9dcec00d5a12b9aa18.css
Requested by
Host: malaysia.ip1-kd.com
URL: http://malaysia.ip1-kd.com/aplly/
Protocol
HTTP/1.1
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a3e7b79bd9246592718746c638b735658b01250633aacd35dcc7dcff8a4546d8
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://malaysia.ip1-kd.com/aplly/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date
Wed, 14 Feb 2024 12:58:32 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
DN-Request-Id
c5236ecd612a474438bc8a1eda3bdd99
CF-Cache-Status
MISS
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Last-Modified
Wed, 06 Dec 2023 02:04:49 GMT
Server
cloudflare
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z90XWKdA34hCw0pKFExVq%2BKWal06olx2cpNjnpNeBKJ0lzXzyE6eZ2thGBNpksdHFCL8k5xK%2FCazPlD4ulxAXWNbqXy1ewpP7S4SFw8XZhRdZKWxYMUz8731Tm0DkmPtL8dH%2Fy7pk3x8FBuphUL%2BL8V0"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Static-Cache-Status
MISS
Cache-Control
max-age=2592000
CF-RAY
85557bae2e6d2c1b-FRA
Expires
Fri, 15 Mar 2024 12:58:32 GMT
1f1f2-1f1fe.png
malaysia.ip1-kd.com/aplly/lib/img-apple-160/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://malaysia.ip1-kd.com/aplly/lib/img-apple-160/1f1f2-1f1fe.png
Requested by
Host: malaysia.ip1-kd.com
URL: http://malaysia.ip1-kd.com/aplly/
Protocol
HTTP/1.1
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c5b1e0817a7504af4900ccb7ea89256070d1fa4c9e773292a3774d04f647f82
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://malaysia.ip1-kd.com/aplly/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date
Wed, 14 Feb 2024 12:58:32 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
DN-Request-Id
da4d440f69363bd0af1690a794bfb881
CF-Cache-Status
MISS
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Content-Length
19985
Last-Modified
Wed, 06 Dec 2023 02:04:49 GMT
Server
cloudflare
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w%2ByNHB5eLfMjFZdOrvl7FJq%2BrDsqdBNaNN%2FqndubrPqq9Bvdkq4jnvlUEDilIiBB4D%2FpPOjpCy9IT1MdxpYfEjRtRMyclkGrVr7GyBTuCDOik3Ze8B6IylHeOuKeGTL7q7FqpN%2BWeXYOWtbrzxZhKsBw"}],"group":"cf-nel","max_age":604800}
Content-Type
image/png
Static-Cache-Status
MISS
Cache-Control
max-age=2592000
Accept-Ranges
bytes
CF-RAY
85557bae496c1e4d-FRA
Expires
Fri, 15 Mar 2024 12:58:32 GMT
jquery-3.5.1.min.js
code.jquery.com/ 		87 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.5.1.min.js
Requested by
Host: malaysia.ip1-kd.com
URL: http://malaysia.ip1-kd.com/aplly/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://malaysia.ip1-kd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Wed, 14 Feb 2024 12:58:32 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
9460823
x-cache
HIT, HIT
content-length
30879
x-served-by
cache-lga21981-LGA, cache-ams21083-AMS
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1707915512.058636,VS0,VE0
etag
W/"28feccc0-15d84"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
314657, 902572
chat-bg-br.f34cc96fbfb048812820.png
malaysia.ip1-kd.com/aplly/lib/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://malaysia.ip1-kd.com/aplly/lib/chat-bg-br.f34cc96fbfb048812820.png
Requested by
Host: malaysia.ip1-kd.com
URL: http://malaysia.ip1-kd.com/aplly/lib/main.3c9dcec00d5a12b9aa18.css
Protocol
HTTP/1.1
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d80914f88d808659bbcc36107686953d6739f93e681b28dcf6fb4d8fa5a365ca

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://malaysia.ip1-kd.com/aplly/lib/main.3c9dcec00d5a12b9aa18.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date
Wed, 14 Feb 2024 12:58:33 GMT
Content-Encoding
gzip
DN-Request-Id
184f16b717f7ab245974190bc7f64bca
CF-Cache-Status
MISS
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/html; charset=utf-8
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UBlYb6cDfkmnIyUoBL3Kh5sl5u8kXQbZeNUC8Tz3Ey6YskGrP%2BfrlDHQjXODd6pqTOBHRk2aH8aOutFsFikdfYUcAX8ioNlO427nAi5anXRuaCZcdN6uY5NuFKz7yMYksTPqRe3N7TlL%2FzsRqHmkg7XD"}],"group":"cf-nel","max_age":604800}
Cache-Control
max-age=14400
Connection
keep-alive
CF-RAY
85557bb2ac3a2c1b-FRA
alt-svc
h3=":443"; ma=86400
chat-bg-pattern-light.ee148af944f6580293ae.png
malaysia.ip1-kd.com/aplly/lib/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://malaysia.ip1-kd.com/aplly/lib/chat-bg-pattern-light.ee148af944f6580293ae.png
Requested by
Host: malaysia.ip1-kd.com
URL: http://malaysia.ip1-kd.com/aplly/lib/main.3c9dcec00d5a12b9aa18.css
Protocol
HTTP/1.1
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9b25fe0a8ffd906e6afcb2b0cbe2ce64e16bd05c82a352903555c4e4e9cce2a4

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://malaysia.ip1-kd.com/aplly/lib/main.3c9dcec00d5a12b9aa18.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date
Wed, 14 Feb 2024 12:58:33 GMT
Content-Encoding
gzip
DN-Request-Id
018f433adb3966efd88bc8fb6f1d71de
CF-Cache-Status
MISS
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/html; charset=utf-8
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y%2BYxoThu3sJpPt6j6ka1U3w4460%2FDdnu7aBJvGhutK9SdHoN4teNjCm9SG0A6gt959M6Zj43RwPPOALQKnVAylqUkue0kBg3vqcoQvoH5MmtDQCVrFYIs0QC1gBqtrLQqSt7BwFAQPVY6wGkzUL%2BHzEb"}],"group":"cf-nel","max_age":604800}
Cache-Control
max-age=14400
Connection
keep-alive
CF-RAY
85557bb2ae561e4d-FRA
alt-svc
h3=":443"; ma=86400
telegram-logo.1b2bb5b107f046ea9325.svg
malaysia.ip1-kd.com/aplly/lib/ 		932 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://malaysia.ip1-kd.com/aplly/lib/telegram-logo.1b2bb5b107f046ea9325.svg
Requested by
Host: malaysia.ip1-kd.com
URL: http://malaysia.ip1-kd.com/aplly/lib/main.3c9dcec00d5a12b9aa18.css
Protocol
HTTP/1.1
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ade1ddec66f6e98e30d8a56b01e7dd9d2c84a8f4dac51bc88d2ab5bc6e5d1a62
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://malaysia.ip1-kd.com/aplly/lib/main.3c9dcec00d5a12b9aa18.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date
Wed, 14 Feb 2024 12:58:33 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
DN-Request-Id
a6f94efb040a0c9b5fce1ece2293a3ae
CF-Cache-Status
MISS
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Last-Modified
Wed, 06 Dec 2023 02:04:49 GMT
Server
cloudflare
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1V4iDSHRTJVmXeyrXJM%2FK%2Bdg2%2BsRVsM4eN3RJ9KuoYXHfegOz1cjfbJe8yn7icPds%2BAaX9%2BGn8NOKtZdTa%2B3ocJqaJmhbqorCOavr37Qebgb5YsmGaLYzZTg6RpJl0Qa%2Fcr5dNVRivrBtgwgy%2B6%2FxBHy"}],"group":"cf-nel","max_age":604800}
Content-Type
image/svg+xml
Static-Cache-Status
MISS
Cache-Control
max-age=2592000
CF-RAY
85557bb2cca13802-FRA
Expires
Fri, 15 Mar 2024 12:58:33 GMT
truncated
/ 		244 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6b9e73b25890fe9c309feff6ef849db08babba9c055b169c20815866d264f3ef

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://malaysia.ip1-kd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telegram (Instant Messenger)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| flag object| backdrop object| backd object| inpHp object| btnnext function| set_item function| aktip function| loadd

0 Cookies

2 Console Messages

Source Level URL
Text
network error URL: http://malaysia.ip1-kd.com/aplly/lib/chat-bg-br.f34cc96fbfb048812820.png
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: http://malaysia.ip1-kd.com/aplly/lib/chat-bg-pattern-light.ee148af944f6580293ae.png
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload