lockedaccountsdd.vastserve.com
Open in
urlscan Pro
185.27.134.59
Malicious Activity!
Public Scan
Effective URL: https://lockedaccountsdd.vastserve.com/v?micorosftsa&i=1
Submission: On February 22 via automatic, source phishtank — Scanned from DE
Summary
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on February 15th 2023. Valid for: 3 months.
This is the only time lockedaccountsdd.vastserve.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Amazon (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:303... 2606:4700:3033::ac43:c298 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 185.27.134.59 185.27.134.59 | 34119 (WILDCARD-...) (WILDCARD-AS Wildcard UK Limited) | |
1 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:809::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 2606:4700:20:... 2606:4700:20::ac43:475c | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 2606:4700:10:... 2606:4700:10::ac43:1147 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 45.143.81.35 45.143.81.35 | 47583 (AS-HOSTINGER) (AS-HOSTINGER) | |
20 | 6 |
ASN34119 (WILDCARD-AS Wildcard UK Limited, GB)
lockedaccountsdd.vastserve.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
fajrul.id
result.fajrul.id |
910 B |
6 |
vastserve.com
lockedaccountsdd.vastserve.com |
280 KB |
4 |
ipgeolocation.io
api.ipgeolocation.io — Cisco Umbrella Rank: 28858 |
2 KB |
2 |
cdnfonts.com
fonts.cdnfonts.com — Cisco Umbrella Rank: 14013 |
101 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 43 |
1 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 196 |
11 KB |
1 |
bnpb.go.id
1 redirects
s.bnpb.go.id |
490 B |
20 | 7 |
Domain | Requested by | |
---|---|---|
6 | result.fajrul.id |
lockedaccountsdd.vastserve.com
|
6 | lockedaccountsdd.vastserve.com |
lockedaccountsdd.vastserve.com
|
4 | api.ipgeolocation.io |
lockedaccountsdd.vastserve.com
|
2 | fonts.cdnfonts.com |
lockedaccountsdd.vastserve.com
fonts.cdnfonts.com |
1 | fonts.googleapis.com |
lockedaccountsdd.vastserve.com
|
1 | cdnjs.cloudflare.com |
lockedaccountsdd.vastserve.com
|
1 | s.bnpb.go.id | 1 redirects |
20 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
lockedaccountsdd.vastserve.com ZeroSSL RSA Domain Secure Site CA |
2023-02-15 - 2023-05-16 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-03 - 2023-08-02 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-02-08 - 2023-05-03 |
3 months | crt.sh |
*.cdnfonts.com GTS CA 1P5 |
2023-02-07 - 2023-05-08 |
3 months | crt.sh |
result.fajrul.id R3 |
2023-01-23 - 2023-04-23 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://lockedaccountsdd.vastserve.com/v?micorosftsa&i=1
Frame ID: 5EC334753434EC251DB29BC7B3B6B850
Requests: 17 HTTP requests in this frame
Screenshot
Page Title
Amazon.comPage URL History Show full URLs
-
https://s.bnpb.go.id/ama
HTTP 301
https://lockedaccountsdd.vastserve.com/v?micorosftsa Page URL
- https://lockedaccountsdd.vastserve.com/v?micorosftsa&i=1 Page URL
Detected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://s.bnpb.go.id/ama
HTTP 301
https://lockedaccountsdd.vastserve.com/v?micorosftsa Page URL
- https://lockedaccountsdd.vastserve.com/v?micorosftsa&i=1 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://s.bnpb.go.id/ama HTTP 301
- https://lockedaccountsdd.vastserve.com/v?micorosftsa
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
v
lockedaccountsdd.vastserve.com/ Redirect Chain
|
855 B 710 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aes.js
lockedaccountsdd.vastserve.com/ |
30 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
v
lockedaccountsdd.vastserve.com/ |
610 B 622 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/ |
58 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.6729f4a6.js
lockedaccountsdd.vastserve.com/static/js/ |
348 KB 119 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.69c2a101.css
lockedaccountsdd.vastserve.com/static/css/ |
97 KB 42 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
19 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
amazon-ember
fonts.cdnfonts.com/css/ |
6 KB 965 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
user-agent
api.ipgeolocation.io/ |
479 B 317 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ipgeo
api.ipgeolocation.io/ |
750 B 777 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
visitor
result.fajrul.id/api/ |
46 B 149 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
visitor
result.fajrul.id/api/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ipgeo
api.ipgeolocation.io/ |
751 B 521 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
visitor
result.fajrul.id/api/ |
380 B 369 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
visitor
result.fajrul.id/api/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
visitor
result.fajrul.id/api/ |
380 B 392 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
visitor
result.fajrul.id/api/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ipgeo
api.ipgeolocation.io/ |
751 B 767 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Amazon_logo.svg.png
lockedaccountsdd.vastserve.com/ |
87 KB 87 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Amazon%20Ember%20Bold.woff
fonts.cdnfonts.com/s/67521/ |
99 KB 100 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Amazon (Online)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| oncontentvisibilityautostatechange object| webpackChunkapple_scam function| Payment1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
lockedaccountsdd.vastserve.com/ | Name: __test Value: 4c3038d6c1ff8e49b3a5c6da46ea64c4 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.ipgeolocation.io
cdnjs.cloudflare.com
fonts.cdnfonts.com
fonts.googleapis.com
lockedaccountsdd.vastserve.com
result.fajrul.id
s.bnpb.go.id
185.27.134.59
2606:4700:10::ac43:1147
2606:4700:20::ac43:475c
2606:4700:3033::ac43:c298
2606:4700::6811:180e
2a00:1450:4001:809::200a
45.143.81.35
18037086b9b632898bac825195e0ddd5c4e493ccef6e7de403c86d36079b7f64
210326004f3e7dc0c4e5d35fbf7da819d21c9b27d29e2b6e0c99e7919d189a43
2458c6e69ec960015408bcff5b6e3c679da9a9e7cb3149cc810ef75158c0acf1
29242f502c61cbf936be5411ac68a5d323aab58dc7f01b67edabd9c1cbe4a398
39cb4dc5546bd73994f2a1184bf4a1aaa5dbee198049a1d8120b664974dd01e5
45d33141605a28cd908f5d298c3c2f6ee3aa8bb20f942e16304d15c84eac6bb3
5985a585ffe0169a86de3147e23a39fe1881ff9b6e946afe115e2c48bd49bc96
6118142e4e7218c7c9016f20cae3d8e5a0bad378d638d1c2cfac1454c2b2cd44
616d350fcb69c9958ebba383f04dda8b1b639f27fe20d7f5bb5e7b98ea9ff2c3
6978c3f0ff346f8a6ae7e1276159fe5b6cae013317dfe4c648eae097b4586d61
a43b3fa504c6a9bc849c91180718c8cc6522e7b260dc41409dbad0c7b6c63e08
b52cafed090d1a45049f1d72049cb8d704c987ea4e1533a7ee1123eba7797c66
c6d88e1853bf2bab51a6dcadf95bdea4c2fefebcc12e37d727921a284353a4d5
d2701c86a2a31a641520e72121749dbbabeed4b1a59aece20bbf14f9c9de82bc
d510c43d942b0011a755dcaca2e0236212f28eb07e7bf47f88deb08ea71861b9
d87ddf917b7a1449ab45e2b8e3c98354629bdd65b6659c37e6023bbea1ce1386
efebb9efd3cf27b040ba77ae1cfbfb0f8a6879e8a705d358419de62a6f550f86