simpeg.kalbarprov.go.id Open in urlscan Pro
103.134.19.92  Malicious Activity! Public Scan

4 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request confirm.php Show response simpeg.kalbarprov.go.id/simpeg2020/aolm/aolre/	10 KB 10 KB	1566ms 1150ms	Document text/html	103.134.19.92 IDNIC-BROTHER-AS-...
General Check archive.org Show headers Download Go to Full URL https://simpeg.kalbarprov.go.id/simpeg2020/aolm/aolre/confirm.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.134.19.92 , Indonesia, ASN138141 (IDNIC-BROTHER-AS-ID PT. Waluya Istana Nusantara, ID), Reverse DNS Software Apache / Resource Hash b81939d0a067c1ec4c5c575a9980088a7bf22389024f7f86bf1e86ad01806327 Request headers Upgrade-Insecure-Requests 1 User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) accept-language de-DE,de;q=0.9 Response headers Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Tue, 31 May 2022 11:56:20 GMT Keep-Alive timeout=5, max=100 Server Apache Transfer-Encoding chunked
GET H2	200	combo s.yimg.com/zz/	28 KB 6 KB	290ms 13ms	Stylesheet text/css	2a00:1288:80:807::1 YAHOO-DEB
General Check archive.org Show headers Download Go to Full URL https://s.yimg.com/zz/combo?yui-s:pure/0.5.0/pure-min.css&yui-s:pure/0.5.0/grids-responsive-min.css Requested by Host: simpeg.kalbarprov.go.id URL: https://simpeg.kalbarprov.go.id/simpeg2020/aolm/aolre/confirm.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB), Reverse DNS Software ATS / Resource Hash 56509fcb8d84185984927217765bf1afab5b5e217a3c06377bf1388377bb0d1b Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://simpeg.kalbarprov.go.id/ User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Response headers date Thu, 05 May 2022 18:30:10 GMT content-encoding gzip referrer-policy no-referrer-when-downgrade last-modified Thu, 05 May 2022 18:30:10 GMT server ATS age 2222773 expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" vary Accept-Encoding content-type text/css; charset=utf-8 x-xss-protection 1; mode=block cache-control max-age=31536000, Public strict-transport-security max-age=15552000 content-length 5607 x-content-type-options nosniff expires Sat, 05 Sep 2026 00:00:00 GMT
GET H2	200	aol-main.css s.yimg.com/wm/mbr/2f308471ab1a6da2448769b5cdba9a5fec09b8da/	209 KB 48 KB	289ms 12ms	Stylesheet text/css	2a00:1288:80:807::1 YAHOO-DEB
General Check archive.org Show headers Download Go to Full URL https://s.yimg.com/wm/mbr/2f308471ab1a6da2448769b5cdba9a5fec09b8da/aol-main.css Requested by Host: simpeg.kalbarprov.go.id URL: https://simpeg.kalbarprov.go.id/simpeg2020/aolm/aolre/confirm.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB), Reverse DNS Software ATS / Resource Hash ede45bcb9c471636bb30c78141af29bbd617ff762b8791cec1a8d31361f3bd66 Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://simpeg.kalbarprov.go.id/ User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Response headers date Mon, 16 May 2022 02:03:43 GMT content-encoding gzip x-content-type-options nosniff age 1331561 x-amz-server-side-encryption AES256 vary Origin, Accept-Encoding x-amz-request-id KF45J9FNNARZBN7N x-amz-id-2 UA0wgpquk7IZig/+DpypbEAiIgQ4roaA0McpdM/TuQG/MpykW3UXoR2TDEGrPCoosUMe5SzG40k= referrer-policy no-referrer-when-downgrade last-modified Mon, 27 Aug 2018 17:09:15 GMT server ATS etag "9f5f453c052f3b9f9b27eabc53d289fe-df" expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" strict-transport-security max-age=15552000 content-type text/css x-xss-protection 1; mode=block cache-control public,max-age=315360000 accept-ranges bytes
GET H2	200	aol-logo-black-v.0.0.2.png s.yimg.com/wm/assets/images/ns/	16 KB 16 KB	15ms 15ms	Image image/png	2a00:1288:80:807::1 YAHOO-DEB
General Check archive.org Show headers Download Go to Show image Full URL https://s.yimg.com/wm/assets/images/ns/aol-logo-black-v.0.0.2.png Requested by Host: simpeg.kalbarprov.go.id URL: https://simpeg.kalbarprov.go.id/simpeg2020/aolm/aolre/confirm.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB), Reverse DNS Software ATS / Resource Hash f3e22262b472ee52e51e9f053856daf9a3f7ce59dd66d51f201f1ee7faaf5690 Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://simpeg.kalbarprov.go.id/ User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Response headers date Tue, 31 May 2022 09:14:59 GMT x-amz-meta-created-date Thu, 16 Nov 2017 19:59:27 GMT age 9684 x-amz-server-side-encryption AES256 x-amz-meta-x-ysws-mbst-vtime 1510862367682930 vary Origin x-amz-request-id 889QJNQ5NN309EFA x-amz-id-2 /JoXfJBw3ENa1J8EIwDq48y43bh3B4uPT15ZqKF176VvGAzaWLxxqQ9yuuHptdRQ3DFk1qJfjuE= accept-ranges bytes referrer-policy no-referrer-when-downgrade last-modified Fri, 04 May 2018 01:23:57 GMT server ATS etag "f9e0f24b60732cd95150a37fb003b871" expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" strict-transport-security max-age=15552000 content-type image/png x-xss-protection 1; mode=block cache-control max-age=31536000; public content-length 16340 x-amz-meta-x-ysws-access public x-amz-meta-mbst-etag "YM:1:3570f846-88d6-4c90-bd91-179d937c363c00055e1f0ebaf172" x-content-type-options nosniff expires Sat, 04 May 2019 01:23:56 GMT
GET H2	200	bundle.js Show response s.yimg.com/wm/mbr/2f308471ab1a6da2448769b5cdba9a5fec09b8da/	125 KB 34 KB	14ms 14ms	Script application/javascript	2a00:1288:80:807::1 YAHOO-DEB
General Check archive.org Show headers Download Go to Full URL https://s.yimg.com/wm/mbr/2f308471ab1a6da2448769b5cdba9a5fec09b8da/bundle.js Requested by Host: simpeg.kalbarprov.go.id URL: https://simpeg.kalbarprov.go.id/simpeg2020/aolm/aolre/confirm.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB), Reverse DNS Software ATS / Resource Hash f1e1b9390d4497fbd0f027e3d3562d2a8fbe4a7acd829c904a6cbeea07883eee Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://simpeg.kalbarprov.go.id/ User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Response headers date Sun, 15 May 2022 11:14:24 GMT content-encoding gzip x-content-type-options nosniff age 1384920 x-amz-server-side-encryption AES256 vary Origin, Accept-Encoding x-amz-request-id JKHHC3T9WMDKT9KX x-amz-id-2 8Log51HsQ/tP4p5bOFaz74K+HO88WOYhfC4UKRlcgco7xoPlmHqVUWQXhZCvRV/jhqw+8BH7Cpk= referrer-policy no-referrer-when-downgrade last-modified Mon, 27 Aug 2018 17:09:14 GMT server ATS etag "11305ce4ad122ee44d98fad6158137da-df" expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" strict-transport-security max-age=15552000 content-type application/javascript x-xss-protection 1; mode=block cache-control public,max-age=315360000 accept-ranges bytes
GET H2	403	client.php fc.yahoo.com/sdarla/php/	0 0	80ms 51ms	Script text/html	2a00:1288:80:807::1 YAHOO-DEB
General Check archive.org Show headers Download Go to Full URL https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=150003036&ref=https%3A%2F%2Flogin.aol.com%2Faccount%2Fchallenge%2Fpassword Requested by Host: s.yimg.com URL: https://s.yimg.com/wm/mbr/2f308471ab1a6da2448769b5cdba9a5fec09b8da/bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB), Reverse DNS Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://simpeg.kalbarprov.go.id/ User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Response headers

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online) AOL (Online)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation object| oldError boolean| isGoodJS object| YUI_config object| I13N_config string| COMET_URL object| darlaConfig object| challenge function| mbrSendError object| jsModules boolean| mbrJSLoaded function| checkAssets object| DARLA_CONFIG

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=150003036&ref=https%3A%2F%2Flogin.aol.com%2Faccount%2Fchallenge%2Fpassword Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fc.yahoo.com
s.yimg.com
simpeg.kalbarprov.go.id
103.134.19.92
2a00:1288:80:807::1
56509fcb8d84185984927217765bf1afab5b5e217a3c06377bf1388377bb0d1b
b81939d0a067c1ec4c5c575a9980088a7bf22389024f7f86bf1e86ad01806327
ede45bcb9c471636bb30c78141af29bbd617ff762b8791cec1a8d31361f3bd66
f1e1b9390d4497fbd0f027e3d3562d2a8fbe4a7acd829c904a6cbeea07883eee
f3e22262b472ee52e51e9f053856daf9a3f7ce59dd66d51f201f1ee7faaf5690