![](/screenshots/f09bc050-bc6a-4f88-96f8-25d2a1ed80f9.png)
gaez.my.id
Open in
urlscan Pro
2606:4700:3032::ac43:d910
Malicious Activity!
Public Scan
Effective URL: https://gaez.my.id/32090d9?s1=ENYONG
Submission: On June 28 via manual from PL — Scanned from DE
Summary
TLS certificate: Issued by E1 on May 21st 2022. Valid for: 3 months.
This is the only time gaez.my.id was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 103.53.88.220 103.53.88.220 | 131426 (MISA-VN-A...) (MISA-VN-AS MISA-) | |
1 | 2001:df7:5300... 2001:df7:5300:2::38 | 138115 (IDNIC-DEN...) (IDNIC-DENEVA-AS-ID PT Deneva) | |
1 | 2606:4700::68... 2606:4700::6812:acf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 46.105.201.240 46.105.201.240 | 16276 (OVH) (OVH) | |
1 | 192.99.8.28 192.99.8.28 | 16276 (OVH) (OVH) | |
1 | 2606:4700:303... 2606:4700:3032::ac43:d910 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2600:9000:205... 2600:9000:2057:b600:d:dc73:ab80:21 | 16509 (AMAZON-02) (AMAZON-02) | |
11 | 2600:9000:205... 2600:9000:2057:0:11:ff71:2680:21 | 16509 (AMAZON-02) (AMAZON-02) | |
4 | 2600:9000:214... 2600:9000:214f:c400:1c:b3e3:eb40:21 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a00:1450:400... 2a00:1450:4001:810::200e | 15169 (GOOGLE) (GOOGLE) | |
3 | 2a00:1450:400... 2a00:1450:4001:82a::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:800::2003 | 15169 (GOOGLE) (GOOGLE) | |
26 | 11 |
ASN138115 (IDNIC-DENEVA-AS-ID PT Deneva, ID)
locker-sub.adsjozz.xyz |
ASN16509 (AMAZON-02, US)
dby7kx9z9yzse.cloudfront.net |
ASN16509 (AMAZON-02, US)
d3t3bxixsojwre.cloudfront.net |
ASN16509 (AMAZON-02, US)
d13pxqgp3ixdbh.cloudfront.net |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
cloudfront.net
dby7kx9z9yzse.cloudfront.net d3t3bxixsojwre.cloudfront.net d13pxqgp3ixdbh.cloudfront.net |
259 KB |
3 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 71 |
2 KB |
2 |
histats.com
s10.histats.com — Cisco Umbrella Rank: 16196 s4.histats.com — Cisco Umbrella Rank: 13665 |
5 KB |
1 |
gstatic.com
fonts.gstatic.com |
8 KB |
1 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 49 |
20 KB |
1 |
gaez.my.id
gaez.my.id |
875 B |
1 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 741 |
21 KB |
1 |
adsjozz.xyz
locker-sub.adsjozz.xyz |
1 KB |
1 |
mily.vn
1 redirects
mily.vn |
225 B |
26 | 9 |
Domain | Requested by | |
---|---|---|
11 | d3t3bxixsojwre.cloudfront.net |
dby7kx9z9yzse.cloudfront.net
d3t3bxixsojwre.cloudfront.net |
4 | d13pxqgp3ixdbh.cloudfront.net |
d3t3bxixsojwre.cloudfront.net
|
3 | fonts.googleapis.com |
d3t3bxixsojwre.cloudfront.net
|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | www.google-analytics.com |
d3t3bxixsojwre.cloudfront.net
|
1 | dby7kx9z9yzse.cloudfront.net |
gaez.my.id
|
1 | gaez.my.id | |
1 | s4.histats.com |
s10.histats.com
|
1 | s10.histats.com |
locker-sub.adsjozz.xyz
|
1 | maxcdn.bootstrapcdn.com |
locker-sub.adsjozz.xyz
|
1 | locker-sub.adsjozz.xyz | |
1 | mily.vn | 1 redirects |
26 | 12 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.locker-sub.adsjozz.xyz R3 |
2022-05-25 - 2022-08-23 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-01-29 - 2023-01-29 |
a year | crt.sh |
histats.com R3 |
2022-04-19 - 2022-07-18 |
3 months | crt.sh |
*.gaez.my.id E1 |
2022-05-21 - 2022-08-19 |
3 months | crt.sh |
*.cloudfront.net Amazon |
2022-02-01 - 2023-01-31 |
a year | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2022-06-06 - 2022-08-29 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-06-06 - 2022-08-29 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2022-06-06 - 2022-08-29 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://gaez.my.id/32090d9?s1=ENYONG
Frame ID: 16538983F5D40A9CD6EF23735221AC28
Requests: 13 HTTP requests in this frame
Frame:
https://d3t3bxixsojwre.cloudfront.net/public/ct?cpguid=225f1i4kz&s1=ENYONG&it=2382293&w=1600&h=1200&key=8844c&m=0&r=%1D%01%01%05%06OZZ%19%1A%16%1E%10%07X%06%00%17%5B%14%11%06%1F%1A%0F%0F%5B%0D%0C%0FZ
Frame ID: 2EEBDB3C55BE0CDD95985842FF98B2CD
Requests: 13 HTTP requests in this frame
Screenshot
![](/screenshots/f09bc050-bc6a-4f88-96f8-25d2a1ed80f9.png)
Page Title
LockedPage URL History Show full URLs
-
https://mily.vn/6UmJJGw
HTTP 301
https://locker-sub.adsjozz.xyz/?action=register&sub=ENYONG Page URL
- https://gaez.my.id/32090d9?s1=ENYONG Page URL
Detected technologies
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
![](/vendor/wappa/icons/Font Awesome.png)
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://mily.vn/6UmJJGw
HTTP 301
https://locker-sub.adsjozz.xyz/?action=register&sub=ENYONG Page URL
- https://gaez.my.id/32090d9?s1=ENYONG Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://mily.vn/6UmJJGw HTTP 301
- https://locker-sub.adsjozz.xyz/?action=register&sub=ENYONG
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
locker-sub.adsjozz.xyz/ Redirect Chain
|
4 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/ |
120 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js15_as.js
s10.histats.com/ |
11 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0.php
s4.histats.com/stats/ |
47 B 181 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
32090d9
gaez.my.id/ |
545 B 875 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5mF7rt.js
dby7kx9z9yzse.cloudfront.net/ |
23 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
html.2382293.8844c.0.js
d3t3bxixsojwre.cloudfront.net/public/external/v2/ |
11 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css_front.css
d3t3bxixsojwre.cloudfront.net/public/external/ |
6 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css.css
d3t3bxixsojwre.cloudfront.net/public/clockers/CustomButton/ |
1010 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ct
d3t3bxixsojwre.cloudfront.net/public/ Frame 2EEB |
28 KB 28 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
guid
d3t3bxixsojwre.cloudfront.net/public/ |
0 286 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
d13pxqgp3ixdbh.cloudfront.net/assets/landing_pages/fa/css/ Frame 2EEB |
28 KB 29 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ Frame 2EEB |
49 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ Frame 2EEB |
2 KB 606 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ Frame 2EEB |
1 KB 934 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ Frame 2EEB |
388 B 380 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1618220614f258c7348f24ef2072cb1250a8327850.jpg
d13pxqgp3ixdbh.cloudfront.net/uploads/ Frame 2EEB |
22 KB 22 KB |
Image
image/jpg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
161259242059a642d77e59012c30ee37046eda2d60.gif
d13pxqgp3ixdbh.cloudfront.net/uploads/ Frame 2EEB |
53 KB 53 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
guid.js
d3t3bxixsojwre.cloudfront.net/public/external/ Frame 2EEB |
862 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
t.js
d3t3bxixsojwre.cloudfront.net/public/external/ Frame 2EEB |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
d13pxqgp3ixdbh.cloudfront.net/assets/content_lockers/ Frame 2EEB |
95 KB 95 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
check.php
d3t3bxixsojwre.cloudfront.net/public/external/ Frame 2EEB |
78 B 371 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ Frame 2EEB |
8 KB 8 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
impression.php
d3t3bxixsojwre.cloudfront.net/public/external/ |
10 B 305 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
guid
d3t3bxixsojwre.cloudfront.net/public/ |
0 285 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
check.php
d3t3bxixsojwre.cloudfront.net/public/external/ |
78 B 372 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)24 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| CPABUILDSETTINGS object| CPABUILDContentLocker number| __cfRLUnblockHandlers function| CPBContentLocker function| CPABuildLock function| CPABuildGetFeedURL function| CPABuildGetIframeURL function| CPABuildGetIframeHTML function| CPABuildUnlock function| CPABuildOfferComplete function| CPABuildOffersComplete function| CPABuildCheckForLead function| og_load function| CPABuildComplete function| call_locker9 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
locker-sub.adsjozz.xyz/ | Name: PHPSESSID Value: 2c623bef75bdd9ab8dcd30cbbf8d53f6 |
|
locker-sub.adsjozz.xyz/ | Name: HstCfa4570086 Value: 1656409362449 |
|
locker-sub.adsjozz.xyz/ | Name: HstCla4570086 Value: 1656409362449 |
|
locker-sub.adsjozz.xyz/ | Name: HstCmu4570086 Value: 1656409362449 |
|
locker-sub.adsjozz.xyz/ | Name: HstPn4570086 Value: 1 |
|
locker-sub.adsjozz.xyz/ | Name: HstPt4570086 Value: 1 |
|
locker-sub.adsjozz.xyz/ | Name: HstCnv4570086 Value: 1 |
|
locker-sub.adsjozz.xyz/ | Name: HstCns4570086 Value: 1 |
|
gaez.my.id/ | Name: _cpguid Value: 225f1i4kz |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src * data: 'unsafe-eval' 'unsafe-inline' |
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload always |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
d13pxqgp3ixdbh.cloudfront.net
d3t3bxixsojwre.cloudfront.net
dby7kx9z9yzse.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
gaez.my.id
locker-sub.adsjozz.xyz
maxcdn.bootstrapcdn.com
mily.vn
s10.histats.com
s4.histats.com
www.google-analytics.com
103.53.88.220
192.99.8.28
2001:df7:5300:2::38
2600:9000:2057:0:11:ff71:2680:21
2600:9000:2057:b600:d:dc73:ab80:21
2600:9000:214f:c400:1c:b3e3:eb40:21
2606:4700:3032::ac43:d910
2606:4700::6812:acf
2a00:1450:4001:800::2003
2a00:1450:4001:810::200e
2a00:1450:4001:82a::200a
46.105.201.240
008a1d103902f15fdb1c191fcb1ce8954330e7b8de43d09abb08555ba609f420
0dabde244ca54751439b42b2bc6754887cf48d7d13835c2ed1fa37b253a4731a
1711e89a5ab3f0e2d009ab6b171bc8869acd8dd0da785e0dfe60c9c0bca48c6c
1ca0ad9b6db5c5549232ac0dc22e999c6ea0487107ca3844bfd3d7911a83281c
228145003d3f9068a57d94ce3c1c44a17d20a303e3295c01e18aab2bed9e7fed
28751a78a74116379e54275bbc3cc18a476281c6d3b30532f3068df7a13e150f
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede
31fbd99641c212a6ad3681a2397bde13c148c0ccd98385bce6a7eb7c81417d87
3efc61bcf3a2a65c875e501412e9db8b00b4b554e4351e01fab46c2793e87b3d
6d9d10d9b6520058b6a1abeaeb31a46eb7f0219cc958e5eb3d2c8928a88506cd
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
85c80d5f619f518e60e17f0985026ad57bca99f85eb46c4e1cda050462785f84
8dbcaa593b1d8871e34a605b1a7563d873198b8c4ebfb7b15571eae7af190919
95a527dace73f97a884967696583538d29fa71514d31e379810f56f7d9548516
9ef4a63fc5e0a14a7301d693d65d6acfc44cdf14853c4a20890198f2d5e52e3b
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a7081a117335212b9e7f2e348f7369a64423d51db1666310b3451e7375f0b7de
a7bd79b6fba60944ee3a9c153108ff0819d2db57850116ac7065a86db08af4ec
ce4b0bda27125b10a146a7e0748c2573d74869e3321f846015ef717b986fda95
d590f971e728a5cbf953df726e1751e53585f65baed23b25f51465df7f261632
e1996013bea18595368a7d2452d2a96a8a66b59bd08cde2935e36ffa0f985fda
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fff2c7e238400b24472e5d6c529d7f625ec50ec4383ac23d33ca05d9c1f07a7d