urlscan.io logo urlscan.io
SecurityTrails logo

lockedaccountsdd.vastserve.com Open in urlscan Pro
185.27.134.59  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://s.bnpb.go.id/ama
Effective URL: https://lockedaccountsdd.vastserve.com/v?micorosftsa&i=1
Submission: On February 22 via automatic, source phishtank — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 4 countries across 7 domains to perform 20 HTTP transactions. The main IP is 185.27.134.59, located in United Kingdom and belongs to WILDCARD-AS Wildcard UK Limited, GB. The main domain is lockedaccountsdd.vastserve.com.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on February 15th 2023. Valid for: 3 months.
This is the only time lockedaccountsdd.vastserve.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Amazon (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
6 185.27.134.59 34119 (WILDCARD-...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
4 2606:4700:10:... 13335 (CLOUDFLAR...)
6 45.143.81.35 47583 (AS-HOSTINGER)
20 6
1    2606:4700:3033::ac43:c298 (United States)

ASN13335 (CLOUDFLARENET, US)
s.bnpb.go.id
6    185.27.134.59 (United Kingdom)

ASN34119 (WILDCARD-AS Wildcard UK Limited, GB)
lockedaccountsdd.vastserve.com
1    2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2606:4700:20::ac43:475c (United States)

ASN13335 (CLOUDFLARENET, US)
fonts.cdnfonts.com
4    2606:4700:10::ac43:1147 (United States)

ASN13335 (CLOUDFLARENET, US)
api.ipgeolocation.io
6    45.143.81.35 (Singapore)

ASN47583 (AS-HOSTINGER, CY)
PTR: srv136.niagahoster.com
result.fajrul.id
Apex Domain
Subdomains		 Transfer
6 fajrul.id
result.fajrul.id
910 B
6 vastserve.com
lockedaccountsdd.vastserve.com
280 KB
4 ipgeolocation.io
api.ipgeolocation.io — Cisco Umbrella Rank: 28858
2 KB
2 cdnfonts.com
fonts.cdnfonts.com — Cisco Umbrella Rank: 14013
101 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 43
1 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 196
11 KB
1 bnpb.go.id
s.bnpb.go.id
490 B
20 7
Domain Requested by
6 result.fajrul.id lockedaccountsdd.vastserve.com
6 lockedaccountsdd.vastserve.com lockedaccountsdd.vastserve.com
4 api.ipgeolocation.io lockedaccountsdd.vastserve.com
2 fonts.cdnfonts.com lockedaccountsdd.vastserve.com
fonts.cdnfonts.com
1 fonts.googleapis.com lockedaccountsdd.vastserve.com
1 cdnjs.cloudflare.com lockedaccountsdd.vastserve.com
1 s.bnpb.go.id 1 redirects
20 7

This site contains no links.

Subject Issuer Validity Valid
lockedaccountsdd.vastserve.com
ZeroSSL RSA Domain Secure Site CA		 2023-02-15 -
2023-05-16		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-08-03 -
2023-08-02		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-02-08 -
2023-05-03		 3 months crt.sh
*.cdnfonts.com
GTS CA 1P5		 2023-02-07 -
2023-05-08		 3 months crt.sh
result.fajrul.id
R3		 2023-01-23 -
2023-04-23		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://lockedaccountsdd.vastserve.com/v?micorosftsa&i=1
Frame ID: 5EC334753434EC251DB29BC7B3B6B850
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Amazon.com

Page URL History Show full URLs

  1. https://s.bnpb.go.id/ama HTTP 301
    https://lockedaccountsdd.vastserve.com/v?micorosftsa Page URL
  2. https://lockedaccountsdd.vastserve.com/v?micorosftsa&i=1 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

20
Requests

100 %
HTTPS

71 %
IPv6

7
Domains

7
Subdomains

6
IPs

4
Countries

396 kB
Transfer

750 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://s.bnpb.go.id/ama HTTP 301
    https://lockedaccountsdd.vastserve.com/v?micorosftsa Page URL
  2. https://lockedaccountsdd.vastserve.com/v?micorosftsa&i=1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://s.bnpb.go.id/ama HTTP 301
  • https://lockedaccountsdd.vastserve.com/v?micorosftsa

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
v
lockedaccountsdd.vastserve.com/
Redirect Chain
  • https://s.bnpb.go.id/ama
  • https://lockedaccountsdd.vastserve.com/v?micorosftsa
855 B
710 B 		Document
General
Check archive.org
Download Go to
Full URL
https://lockedaccountsdd.vastserve.com/v?micorosftsa
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.27.134.59 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software
nginx /
Resource Hash
5985a585ffe0169a86de3147e23a39fe1881ff9b6e946afe115e2c48bd49bc96

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache
content-encoding
gzip
content-type
text/html
date
Wed, 22 Feb 2023 13:52:58 GMT
expires
Thu, 01 Jan 1970 00:00:01 GMT
server
nginx
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
79d8348e996d9001-FRA
content-type
text/html; charset=UTF-8
date
Wed, 22 Feb 2023 13:52:59 GMT
location
https://lockedaccountsdd.vastserve.com/v?micorosftsa
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PTVawZ872iKfJJEn3s1wo0fYfp4PcVkVs7b93ea6V5p2Ap6YJ9nhdUlYXiNkA8kKIwIiCZR7vk72LX%2BU9iunkYa62pFySC9O7bitSQAVxDtN8TZitIM5NzUNT09GAgZrbwCGEmJCrOdOpzQ%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-robots-tag
noindex
aes.js
lockedaccountsdd.vastserve.com/ 		30 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lockedaccountsdd.vastserve.com/aes.js
Requested by
Host: lockedaccountsdd.vastserve.com
URL: https://lockedaccountsdd.vastserve.com/v?micorosftsa
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.27.134.59 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software
nginx /
Resource Hash
d2701c86a2a31a641520e72121749dbbabeed4b1a59aece20bbf14f9c9de82bc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://lockedaccountsdd.vastserve.com/v?micorosftsa
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Wed, 22 Feb 2023 13:52:58 GMT
last-modified
Sat, 08 Aug 2015 08:10:59 GMT
server
nginx
accept-ranges
bytes
etag
"55c5b993-79e6"
content-length
31206
content-type
application/javascript
Primary Request v
lockedaccountsdd.vastserve.com/ 		610 B
622 B 		Document
General
Check archive.org
Download Go to
Full URL
https://lockedaccountsdd.vastserve.com/v?micorosftsa&i=1
Requested by
Host: lockedaccountsdd.vastserve.com
URL: https://lockedaccountsdd.vastserve.com/v?micorosftsa
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.27.134.59 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software
nginx /
Resource Hash
616d350fcb69c9958ebba383f04dda8b1b639f27fe20d7f5bb5e7b98ea9ff2c3

Request headers

Referer
https://lockedaccountsdd.vastserve.com/v?micorosftsa
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=2592000, public, proxy-revalidate, public, proxy-revalidate
content-encoding
gzip
content-type
text/html
date
Wed, 22 Feb 2023 13:52:58 GMT
expires
Fri, 24 Mar 2023 13:52:58 GMT
last-modified
Wed, 22 Feb 2023 12:03:04 GMT
server
nginx
vary
Accept-Encoding
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/ 		58 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css
Requested by
Host: lockedaccountsdd.vastserve.com
URL: https://lockedaccountsdd.vastserve.com/v?micorosftsa&i=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d87ddf917b7a1449ab45e2b8e3c98354629bdd65b6659c37e6023bbea1ce1386
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://lockedaccountsdd.vastserve.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Wed, 22 Feb 2023 13:52:59 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
3523461
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
10480
last-modified
Tue, 16 Mar 2021 19:29:58 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"60510736-e7d0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iHM1xR84vACNwtrwqD7yIICVTOO4uHoIEs92vHjtcGGJwMxvdrSH5HMIjT3fDUMqnrRxtqb8v8NDGzgR0Lbwh%2BpnSzLuPbJxvyQJzu19nBY79ox80RuG6%2FAQdLEJiCq4pYxhhefNOwV%2BdVLYHwcyDEn6"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
79d83493fdd29a41-FRA
expires
Mon, 12 Feb 2024 13:52:59 GMT
main.6729f4a6.js
lockedaccountsdd.vastserve.com/static/js/ 		348 KB
119 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lockedaccountsdd.vastserve.com/static/js/main.6729f4a6.js
Requested by
Host: lockedaccountsdd.vastserve.com
URL: https://lockedaccountsdd.vastserve.com/v?micorosftsa&i=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.27.134.59 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software
nginx /
Resource Hash
29242f502c61cbf936be5411ac68a5d323aab58dc7f01b67edabd9c1cbe4a398

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://lockedaccountsdd.vastserve.com/v?micorosftsa&i=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Wed, 22 Feb 2023 13:52:58 GMT
content-encoding
gzip
last-modified
Wed, 22 Feb 2023 12:03:23 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000, public, proxy-revalidate, public, proxy-revalidate, must-revalidate
expires
Fri, 24 Mar 2023 13:52:58 GMT
main.69c2a101.css
lockedaccountsdd.vastserve.com/static/css/ 		97 KB
42 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://lockedaccountsdd.vastserve.com/static/css/main.69c2a101.css
Requested by
Host: lockedaccountsdd.vastserve.com
URL: https://lockedaccountsdd.vastserve.com/v?micorosftsa&i=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.27.134.59 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software
nginx /
Resource Hash
210326004f3e7dc0c4e5d35fbf7da819d21c9b27d29e2b6e0c99e7919d189a43

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://lockedaccountsdd.vastserve.com/v?micorosftsa&i=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Wed, 22 Feb 2023 13:52:58 GMT
content-encoding
gzip
last-modified
Wed, 22 Feb 2023 12:03:11 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000, public, proxy-revalidate, public, proxy-revalidate, must-revalidate
expires
Fri, 24 Mar 2023 13:52:58 GMT
css2
fonts.googleapis.com/ 		19 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap
Requested by
Host: lockedaccountsdd.vastserve.com
URL: https://lockedaccountsdd.vastserve.com/static/css/main.69c2a101.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2458c6e69ec960015408bcff5b6e3c679da9a9e7cb3149cc810ef75158c0acf1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://lockedaccountsdd.vastserve.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 22 Feb 2023 13:52:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 22 Feb 2023 13:34:19 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 22 Feb 2023 13:52:59 GMT
amazon-ember
fonts.cdnfonts.com/css/ 		6 KB
965 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.cdnfonts.com/css/amazon-ember
Requested by
Host: lockedaccountsdd.vastserve.com
URL: https://lockedaccountsdd.vastserve.com/static/css/main.69c2a101.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:475c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6978c3f0ff346f8a6ae7e1276159fe5b6cae013317dfe4c648eae097b4586d61

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://lockedaccountsdd.vastserve.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Wed, 22 Feb 2023 13:52:59 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Sat, 22 Oct 2022 13:35:50 GMT
server
cloudflare
age
10628229
cf-polished
origSize=7548
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ANAPddaek2Dfz1NZLraqk0%2FY8b8AzdcyQwxTXKNRJw4DwLBhJ5BgNw3NXu6zU%2FPaDHtkRsIj3Kln%2BomI2RtChJ2FeH%2FCQfo8dHQA4NANQqKfKzZrE%2Bhc3UMyrCqMu7IuH1sMamfCgJ3bUnychvJxSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=2678400
cf-ray
79d83494fb869b76-FRA
user-agent
api.ipgeolocation.io/ 		479 B
317 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipgeolocation.io/user-agent?apiKey=da57979de0254e79b72ba8f3116b5ad9
Requested by
Host: lockedaccountsdd.vastserve.com
URL: https://lockedaccountsdd.vastserve.com/static/js/main.6729f4a6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:1147 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
18037086b9b632898bac825195e0ddd5c4e493ccef6e7de403c86d36079b7f64
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept
application/json, text/plain, */*
Referer
https://lockedaccountsdd.vastserve.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Wed, 22 Feb 2023 13:52:59 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
application/json;charset=utf-8
access-control-allow-origin
https://lockedaccountsdd.vastserve.com
access-control-allow-credentials
true
cf-ray
79d83495af166967-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-application-context
application:production:8002
ipgeo
api.ipgeolocation.io/ 		750 B
777 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipgeolocation.io/ipgeo?apiKey=43a70c0c2ebb415bb218b06fe0defe57
Requested by
Host: lockedaccountsdd.vastserve.com
URL: https://lockedaccountsdd.vastserve.com/static/js/main.6729f4a6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:1147 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6118142e4e7218c7c9016f20cae3d8e5a0bad378d638d1c2cfac1454c2b2cd44
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept
application/json, text/plain, */*
Referer
https://lockedaccountsdd.vastserve.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Wed, 22 Feb 2023 13:52:59 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
application/json;charset=utf-8
access-control-allow-origin
https://lockedaccountsdd.vastserve.com
access-control-allow-credentials
true
cf-ray
79d83495af1e6967-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-application-context
application:production:8002
visitor
result.fajrul.id/api/ 		46 B
149 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://result.fajrul.id/api/visitor
Requested by
Host: lockedaccountsdd.vastserve.com
URL: https://lockedaccountsdd.vastserve.com/static/js/main.6729f4a6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.143.81.35 , Singapore, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
srv136.niagahoster.com
Software
LiteSpeed / Niagahoster
Resource Hash
39cb4dc5546bd73994f2a1184bf4a1aaa5dbee198049a1d8120b664974dd01e5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://lockedaccountsdd.vastserve.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 22 Feb 2023 13:53:01 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
server
LiteSpeed
x-powered-by
Niagahoster
etag
W/"2e-dh3aMsRnLwlg4Z1nlqwUy5bou58"
vary
User-Agent
content-type
application/json; charset=utf-8
access-control-allow-origin
*
content-length
46
x-xss-protection
1; mode=block
visitor
result.fajrul.id/api/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://result.fajrul.id/api/visitor
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.143.81.35 , Singapore, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
srv136.niagahoster.com
Software
LiteSpeed / Niagahoster
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://lockedaccountsdd.vastserve.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
0
date
Wed, 22 Feb 2023 13:53:01 GMT
server
LiteSpeed
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Access-Control-Request-Headers,User-Agent
x-content-type-options
nosniff
x-powered-by
Niagahoster
x-xss-protection
1; mode=block
ipgeo
api.ipgeolocation.io/ 		751 B
521 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipgeolocation.io/ipgeo?apiKey=43a70c0c2ebb415bb218b06fe0defe57
Requested by
Host: lockedaccountsdd.vastserve.com
URL: https://lockedaccountsdd.vastserve.com/static/js/main.6729f4a6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:1147 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a43b3fa504c6a9bc849c91180718c8cc6522e7b260dc41409dbad0c7b6c63e08
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept
application/json, text/plain, */*
Referer
https://lockedaccountsdd.vastserve.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Wed, 22 Feb 2023 13:52:59 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
application/json;charset=utf-8
access-control-allow-origin
https://lockedaccountsdd.vastserve.com
access-control-allow-credentials
true
cf-ray
79d83495efaa6967-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-application-context
application:production:8002
visitor
result.fajrul.id/api/ 		380 B
369 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://result.fajrul.id/api/visitor
Requested by
Host: lockedaccountsdd.vastserve.com
URL: https://lockedaccountsdd.vastserve.com/static/js/main.6729f4a6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.143.81.35 , Singapore, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
srv136.niagahoster.com
Software
LiteSpeed / Niagahoster
Resource Hash
b52cafed090d1a45049f1d72049cb8d704c987ea4e1533a7ee1123eba7797c66
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://lockedaccountsdd.vastserve.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 22 Feb 2023 13:53:01 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
server
LiteSpeed
x-powered-by
Niagahoster
etag
W/"17c-3uZKkcmGG8sFArQa5Ctjlh6lEWw"
vary
Accept-Encoding,User-Agent
content-type
application/json; charset=utf-8
access-control-allow-origin
*
content-length
295
x-xss-protection
1; mode=block
visitor
result.fajrul.id/api/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://result.fajrul.id/api/visitor
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.143.81.35 , Singapore, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
srv136.niagahoster.com
Software
LiteSpeed / Niagahoster
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://lockedaccountsdd.vastserve.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
0
date
Wed, 22 Feb 2023 13:53:01 GMT
server
LiteSpeed
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Access-Control-Request-Headers,User-Agent
x-content-type-options
nosniff
x-powered-by
Niagahoster
x-xss-protection
1; mode=block
visitor
result.fajrul.id/api/ 		380 B
392 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://result.fajrul.id/api/visitor
Requested by
Host: lockedaccountsdd.vastserve.com
URL: https://lockedaccountsdd.vastserve.com/static/js/main.6729f4a6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.143.81.35 , Singapore, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
srv136.niagahoster.com
Software
LiteSpeed / Niagahoster
Resource Hash
efebb9efd3cf27b040ba77ae1cfbfb0f8a6879e8a705d358419de62a6f550f86
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://lockedaccountsdd.vastserve.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 22 Feb 2023 13:53:01 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
server
LiteSpeed
x-powered-by
Niagahoster
etag
W/"17c-eYVodTKF5mp7rom2VcwutM/9bD8"
vary
Accept-Encoding,User-Agent
content-type
application/json; charset=utf-8
access-control-allow-origin
*
content-length
296
x-xss-protection
1; mode=block
visitor
result.fajrul.id/api/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://result.fajrul.id/api/visitor
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.143.81.35 , Singapore, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
srv136.niagahoster.com
Software
LiteSpeed / Niagahoster
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://lockedaccountsdd.vastserve.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
0
date
Wed, 22 Feb 2023 13:53:01 GMT
server
LiteSpeed
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Access-Control-Request-Headers,User-Agent
x-content-type-options
nosniff
x-powered-by
Niagahoster
x-xss-protection
1; mode=block
ipgeo
api.ipgeolocation.io/ 		751 B
767 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipgeolocation.io/ipgeo?apiKey=43a70c0c2ebb415bb218b06fe0defe57
Requested by
Host: lockedaccountsdd.vastserve.com
URL: https://lockedaccountsdd.vastserve.com/static/js/main.6729f4a6.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::ac43:1147 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d510c43d942b0011a755dcaca2e0236212f28eb07e7bf47f88deb08ea71861b9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept
application/json, text/plain, */*
Referer
https://lockedaccountsdd.vastserve.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Wed, 22 Feb 2023 13:53:01 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
application/json;charset=utf-8
access-control-allow-origin
https://lockedaccountsdd.vastserve.com
access-control-allow-credentials
true
cf-ray
79d834a0cad49bb3-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-application-context
application:production:8002
Amazon_logo.svg.png
lockedaccountsdd.vastserve.com/ 		87 KB
87 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lockedaccountsdd.vastserve.com/Amazon_logo.svg.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.27.134.59 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software
nginx /
Resource Hash
45d33141605a28cd908f5d298c3c2f6ee3aa8bb20f942e16304d15c84eac6bb3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://lockedaccountsdd.vastserve.com/ap/signin?appIdKey?=U2FsdGVkX18bkF3tZWhEiJjW3ercwTPf8ZUknPIfWG0=&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fyour-account%3Fref_%3Dnav_ya_signin&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.assoc_handle=usflex&openid.mode=checkid_setup&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Wed, 22 Feb 2023 13:53:00 GMT
last-modified
Wed, 22 Feb 2023 12:02:59 GMT
server
nginx
content-type
image/png
cache-control
max-age=2592000, public, proxy-revalidate, public, proxy-revalidate
accept-ranges
bytes
content-length
88829
expires
Fri, 24 Mar 2023 13:53:00 GMT
Amazon%20Ember%20Bold.woff
fonts.cdnfonts.com/s/67521/ 		99 KB
100 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.cdnfonts.com/s/67521/Amazon%20Ember%20Bold.woff
Requested by
Host: fonts.cdnfonts.com
URL: https://fonts.cdnfonts.com/css/amazon-ember
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:475c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c6d88e1853bf2bab51a6dcadf95bdea4c2fefebcc12e37d727921a284353a4d5

Request headers

Referer
https://fonts.cdnfonts.com/css/amazon-ember
Origin
https://lockedaccountsdd.vastserve.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Wed, 22 Feb 2023 13:53:01 GMT
cf-cache-status
HIT
last-modified
Sat, 05 Feb 2022 02:00:57 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
8205
etag
"18cd0-5d73bbd025c98"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5ZGi39CguPUKBiYM4qUoHlm%2BGN%2B6jLzKYPoqiVUKFX3PSOg0QE896FO2YH8Z1WEpFhrlyGV%2BpTF5IBPtG4qwgnDAqdfbnG3kmC9kiFyKA52836zsq39ZA0nScpvhWI0Yd7Zjdy8Pfcz%2B%2FMxy2aDS6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff
access-control-allow-origin
*
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
79d834a13e4f2beb-FRA
content-length
101584

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Amazon (Online)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| oncontentvisibilityautostatechange object| webpackChunkapple_scam function| Payment

1 Cookies

Domain/Path Name / Value
lockedaccountsdd.vastserve.com/ Name: __test
Value: 4c3038d6c1ff8e49b3a5c6da46ea64c4

1 Console Messages

Source Level URL
Text
network error URL: https://result.fajrul.id/api/visitor
Message:
Failed to load resource: the server responded with a status of 400 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.ipgeolocation.io
cdnjs.cloudflare.com
fonts.cdnfonts.com
fonts.googleapis.com
lockedaccountsdd.vastserve.com
result.fajrul.id
s.bnpb.go.id
185.27.134.59
2606:4700:10::ac43:1147
2606:4700:20::ac43:475c
2606:4700:3033::ac43:c298
2606:4700::6811:180e
2a00:1450:4001:809::200a
45.143.81.35
18037086b9b632898bac825195e0ddd5c4e493ccef6e7de403c86d36079b7f64
210326004f3e7dc0c4e5d35fbf7da819d21c9b27d29e2b6e0c99e7919d189a43
2458c6e69ec960015408bcff5b6e3c679da9a9e7cb3149cc810ef75158c0acf1
29242f502c61cbf936be5411ac68a5d323aab58dc7f01b67edabd9c1cbe4a398
39cb4dc5546bd73994f2a1184bf4a1aaa5dbee198049a1d8120b664974dd01e5
45d33141605a28cd908f5d298c3c2f6ee3aa8bb20f942e16304d15c84eac6bb3
5985a585ffe0169a86de3147e23a39fe1881ff9b6e946afe115e2c48bd49bc96
6118142e4e7218c7c9016f20cae3d8e5a0bad378d638d1c2cfac1454c2b2cd44
616d350fcb69c9958ebba383f04dda8b1b639f27fe20d7f5bb5e7b98ea9ff2c3
6978c3f0ff346f8a6ae7e1276159fe5b6cae013317dfe4c648eae097b4586d61
a43b3fa504c6a9bc849c91180718c8cc6522e7b260dc41409dbad0c7b6c63e08
b52cafed090d1a45049f1d72049cb8d704c987ea4e1533a7ee1123eba7797c66
c6d88e1853bf2bab51a6dcadf95bdea4c2fefebcc12e37d727921a284353a4d5
d2701c86a2a31a641520e72121749dbbabeed4b1a59aece20bbf14f9c9de82bc
d510c43d942b0011a755dcaca2e0236212f28eb07e7bf47f88deb08ea71861b9
d87ddf917b7a1449ab45e2b8e3c98354629bdd65b6659c37e6023bbea1ce1386
efebb9efd3cf27b040ba77ae1cfbfb0f8a6879e8a705d358419de62a6f550f86