Report - smart.semgu.kz/login.php

Report Overview

Submitted URL
smart.semgu.kz/login.php
IP
193.193.254.218
ASN
#8393 Astel Jsc
Submitted
2024-05-08 11:10:18
Access
public
Website Title
SemGU AIS | Log in
Final URL
smart.semgu.kz/login.php
Tags
botpanel malware
urlquery detections
Malware - Botnet panel

Detections

urlquery
5
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
smart.semgu.kz	unknown	unknown	2021-12-02	2023-01-27	4.4 kB	282 kB	193.193.254.218
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-08	1.6 kB	40 kB	216.58.207.227
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-07	468 B	1.7 kB	142.250.74.138

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	smart.semgu.kz/plugins/jquery/jquery.min.js	90 kB	2023-03-07	2024-05-19
Pretty URL smart.semgu.kz/plugins/jquery/jquery.min.js IP 193.193.254.218 ASN #8393 Astel Jsc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-05-19 21:23:40 Times Seen275199 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	smart.semgu.kz/plugins/bootstrap/js/bootstrap.bundle.min.js	84 kB	2023-03-07	2024-05-19
Pretty URL smart.semgu.kz/plugins/bootstrap/js/bootstrap.bundle.min.js IP 193.193.254.218 ASN #8393 Astel Jsc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-05-19 15:37:51 Times Seen5514 Hash f81d0a1705048649befc8b595e455a94 aec551e4d573463088fca7d14fb644eb389f1839 b0212543cc5a4a0a31c1b5a9d1e8973261992116b4cfde3e7dfcf33b4e81a97b Loading...

	smart.semgu.kz/dist/js/adminlte.min.js	46 kB	2023-03-07	2024-05-08
Pretty URL smart.semgu.kz/dist/js/adminlte.min.js IP 193.193.254.218 ASN #8393 Astel Jsc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:26:31 Last Seen2024-05-08 13:10:21 Times Seen9 Hash 95d9135654edc2c3b87c2bc97ee051a0 632522f8f117f5c607425aa718aaae24b1c0a788 926884074c7d295bbd857710ae53183a1921130e5b7be81ff691f3686887e244 Loading...

HTTP Transactions (13)

URL IP Response Size

smart.semgu.kz/login.php

193.193.254.218

200 OK

856 B

URL User Request GET HTTP/1.1
smart.semgu.kz/login.php
IP
193.193.254.218:443
ASN
#8393 Astel Jsc

Certificate
IssuerLet's Encrypt
Subjectpt.semgu.kz
FingerprintAA:7A:06:2A:67:F8:26:88:B8:C3:22:4C:48:9D:08:2C:25:28:10:27
ValiditySat, 16 Mar 2024 01:47:34 GMT - Fri, 14 Jun 2024 01:47:33 GMT

File type
HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
856 B (856 bytes)
Hash
82f939c908260bf86844dd7fef00bcc5
dc5e6266dbd39d2375b897d8595ec28fe841c378
206dceda053c55fb4e72f3bd20c924d5fc030061e5397d8d54a1c468a2174914

HTTP Headers

GET /login.php HTTP/1.1
Host: smart.semgu.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 11:09:52 GMT
Server: Apache/2.4.41 (Ubuntu)
Set-Cookie: PHPSESSID=qkto0kfb68odieomk8ht57umqq; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 856
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

smart.semgu.kz/plugins/fontawesome-free/css/all.min.css

193.193.254.218

200 OK

13 kB

URL GET HTTP/1.1
smart.semgu.kz/plugins/fontawesome-free/css/all.min.css
IP
193.193.254.218:443
ASN
#8393 Astel Jsc

Requested by
https://smart.semgu.kz/login.php
Certificate
IssuerLet's Encrypt
Subjectpt.semgu.kz
FingerprintAA:7A:06:2A:67:F8:26:88:B8:C3:22:4C:48:9D:08:2C:25:28:10:27
ValiditySat, 16 Mar 2024 01:47:34 GMT - Fri, 14 Jun 2024 01:47:33 GMT

File type
ASCII text, with very long lines (59119)
Size
13 kB (12858 bytes)
Hash
ecd507b3125edc4d2a03aa6ae5d07da9
a57ee68d11601b0fd8e5037fc241ff65a754473c
99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e

HTTP Headers

GET /plugins/fontawesome-free/css/all.min.css HTTP/1.1
Host: smart.semgu.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smart.semgu.kz/login.php
Cookie: PHPSESSID=qkto0kfb68odieomk8ht57umqq
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 11:09:52 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 22 Sep 2021 02:42:34 GMT
ETag: "e7a9-5cc8c77639517-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 12858
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css

smart.semgu.kz/plugins/icheck-bootstrap/icheck-bootstrap.min.css

193.193.254.218

200 OK

1.6 kB

URL GET HTTP/1.1
smart.semgu.kz/plugins/icheck-bootstrap/icheck-bootstrap.min.css
IP
193.193.254.218:443
ASN
#8393 Astel Jsc

Requested by
https://smart.semgu.kz/login.php
Certificate
IssuerLet's Encrypt
Subjectpt.semgu.kz
FingerprintAA:7A:06:2A:67:F8:26:88:B8:C3:22:4C:48:9D:08:2C:25:28:10:27
ValiditySat, 16 Mar 2024 01:47:34 GMT - Fri, 14 Jun 2024 01:47:33 GMT

File type
ASCII text, with very long lines (12293), with CRLF line terminators
Size
1.6 kB (1590 bytes)
Hash
e067d8454ea71a421ac69892bc0f1bdf
3185a60f3cafa077277c925bb83a80517a1ed9a7
7f1c6f368fef383f3c0107eb1a1f3c0fbe308187b1e3b93dfac6b76d69827a52

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel

HTTP Headers

GET /plugins/icheck-bootstrap/icheck-bootstrap.min.css HTTP/1.1
Host: smart.semgu.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smart.semgu.kz/login.php
Cookie: PHPSESSID=qkto0kfb68odieomk8ht57umqq
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 11:09:52 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 22 Sep 2021 02:42:34 GMT
ETag: "30d9-5cc8c7763f2d7-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1590
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css

smart.semgu.kz/dist/js/adminlte.min.js

193.193.254.218

200 OK

11 kB

URL GET HTTP/1.1
smart.semgu.kz/dist/js/adminlte.min.js
IP
193.193.254.218:443
ASN
#8393 Astel Jsc

Requested by
https://smart.semgu.kz/login.php
Certificate
IssuerLet's Encrypt
Subjectpt.semgu.kz
FingerprintAA:7A:06:2A:67:F8:26:88:B8:C3:22:4C:48:9D:08:2C:25:28:10:27
ValiditySat, 16 Mar 2024 01:47:34 GMT - Fri, 14 Jun 2024 01:47:33 GMT

File type
JavaScript source, ASCII text, with very long lines (45966)
Size
11 kB (10876 bytes)
Hash
95d9135654edc2c3b87c2bc97ee051a0
632522f8f117f5c607425aa718aaae24b1c0a788
926884074c7d295bbd857710ae53183a1921130e5b7be81ff691f3686887e244

HTTP Headers

GET /dist/js/adminlte.min.js HTTP/1.1
Host: smart.semgu.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smart.semgu.kz/login.php
Cookie: PHPSESSID=qkto0kfb68odieomk8ht57umqq
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 11:09:52 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 22 Sep 2021 02:42:33 GMT
ETag: "b475-5cc8c77537840-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10876
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript

smart.semgu.kz/plugins/jquery/jquery.min.js

193.193.254.218

200 OK

31 kB

URL GET HTTP/1.1
smart.semgu.kz/plugins/jquery/jquery.min.js
IP
193.193.254.218:443
ASN
#8393 Astel Jsc

Requested by
https://smart.semgu.kz/login.php
Certificate
IssuerLet's Encrypt
Subjectpt.semgu.kz
FingerprintAA:7A:06:2A:67:F8:26:88:B8:C3:22:4C:48:9D:08:2C:25:28:10:27
ValiditySat, 16 Mar 2024 01:47:34 GMT - Fri, 14 Jun 2024 01:47:33 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
31 kB (30902 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel

HTTP Headers

GET /plugins/jquery/jquery.min.js HTTP/1.1
Host: smart.semgu.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smart.semgu.kz/login.php
Cookie: PHPSESSID=qkto0kfb68odieomk8ht57umqq
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 11:09:52 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 22 Sep 2021 02:42:34 GMT
ETag: "15d9d-5cc8c776440f8-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 30902
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript

smart.semgu.kz/plugins/bootstrap/js/bootstrap.bundle.min.js

193.193.254.218

200 OK

22 kB

URL GET HTTP/1.1
smart.semgu.kz/plugins/bootstrap/js/bootstrap.bundle.min.js
IP
193.193.254.218:443
ASN
#8393 Astel Jsc

Requested by
https://smart.semgu.kz/login.php
Certificate
IssuerLet's Encrypt
Subjectpt.semgu.kz
FingerprintAA:7A:06:2A:67:F8:26:88:B8:C3:22:4C:48:9D:08:2C:25:28:10:27
ValiditySat, 16 Mar 2024 01:47:34 GMT - Fri, 14 Jun 2024 01:47:33 GMT

File type
JavaScript source, ASCII text, with very long lines (65299)
Size
22 kB (21848 bytes)
Hash
f81d0a1705048649befc8b595e455a94
aec551e4d573463088fca7d14fb644eb389f1839
b0212543cc5a4a0a31c1b5a9d1e8973261992116b4cfde3e7dfcf33b4e81a97b

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel

HTTP Headers

GET /plugins/bootstrap/js/bootstrap.bundle.min.js HTTP/1.1
Host: smart.semgu.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smart.semgu.kz/login.php
Cookie: PHPSESSID=qkto0kfb68odieomk8ht57umqq
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 11:09:52 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 22 Sep 2021 02:42:33 GMT
ETag: "1499a-5cc8c77624cf6-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 21848
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript

smart.semgu.kz/dist/css/adminlte.min.css

193.193.254.218

200 OK

122 kB

URL GET HTTP/1.1
smart.semgu.kz/dist/css/adminlte.min.css
IP
193.193.254.218:443
ASN
#8393 Astel Jsc

Requested by
https://smart.semgu.kz/login.php
Certificate
IssuerLet's Encrypt
Subjectpt.semgu.kz
FingerprintAA:7A:06:2A:67:F8:26:88:B8:C3:22:4C:48:9D:08:2C:25:28:10:27
ValiditySat, 16 Mar 2024 01:47:34 GMT - Fri, 14 Jun 2024 01:47:33 GMT

File type
ASCII text, with very long lines (65155)
Size
122 kB (121821 bytes)
Hash
ed701b8cbbe637bc19a92bd8806de9b0
dce2fada12e64d4e366a07bb02a4c16e4d60f14c
8f5e2dc020c8ba1d5862f018a1d3c839205e5bd58589daf72c7b1724c8dff340

HTTP Headers

GET /dist/css/adminlte.min.css HTTP/1.1
Host: smart.semgu.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smart.semgu.kz/login.php
Cookie: PHPSESSID=qkto0kfb68odieomk8ht57umqq
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 11:09:52 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 22 Sep 2021 02:42:33 GMT
ETag: "14eb10-5cc8c775f8dd2-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css

fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2

216.58.207.227

200 OK

15 kB

URL GET HTTP/2
fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://smart.semgu.kz/login.php
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 14712, version 1.0
Size
15 kB (14712 bytes)
Hash
3afeae0d768769f5e5f30ac9805c5b70
3ada17c2b462db3e7a1fd85c3f4670dfe7704f4d
0d0a6262c545e8bbc895116e5afb22579c468d7abb77e378f377d6fed57c1dce

HTTP Headers

GET /s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://smart.semgu.kz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14712
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 18:02:35 GMT
expires: Fri, 02 May 2025 18:02:35 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 01 Jun 2023 22:52:57 GMT
content-type: font/woff2
age: 493638
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

216.58.207.227

200 OK

15 kB

URL GET HTTP/2
fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://smart.semgu.kz/login.php
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 14892, version 1.0
Size
15 kB (14892 bytes)
Hash
9ec6deaf6bada919e20b98f9f7b718b1
501d36403ad8205e4644532600019ecb10f5cb0a
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762

HTTP Headers

GET /s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://smart.semgu.kz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14892
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 10:17:48 GMT
expires: Sat, 03 May 2025 10:17:48 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 01 Jun 2023 22:52:56 GMT
content-type: font/woff2
age: 435125
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qPK7lqDY.woff2

216.58.207.227

200 OK

8.0 kB

URL GET HTTP/2
fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qPK7lqDY.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://smart.semgu.kz/login.php
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7972, version 1.0
Size
8.0 kB (7972 bytes)
Hash
305b1ef8bbeccc8358118e470dea8bf7
696b6944e29938cdd6e977f3a25c045a0b5b880b
c73c9d2639ee4ecc555040bb05de136847ae936b885925b56972549ccfe16a97

HTTP Headers

GET /s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qPK7lqDY.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://smart.semgu.kz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7972
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:33:15 GMT
expires: Fri, 02 May 2025 02:33:15 GMT
cache-control: public, max-age=31536000
age: 549398
last-modified: Thu, 01 Jun 2023 22:52:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

smart.semgu.kz/plugins/fontawesome-free/webfonts/fa-solid-900.woff2

193.193.254.218

200 OK

78 kB

URL GET HTTP/1.1
smart.semgu.kz/plugins/fontawesome-free/webfonts/fa-solid-900.woff2
IP
193.193.254.218:443
ASN
#8393 Astel Jsc

Requested by
https://smart.semgu.kz/login.php
Certificate
IssuerLet's Encrypt
Subjectpt.semgu.kz
FingerprintAA:7A:06:2A:67:F8:26:88:B8:C3:22:4C:48:9D:08:2C:25:28:10:27
ValiditySat, 16 Mar 2024 01:47:34 GMT - Fri, 14 Jun 2024 01:47:33 GMT

File type
Web Open Font Format (Version 2), TrueType, length 78268, version 331.-31196
Size
78 kB (78268 bytes)
Hash
d824df7eb2e268626a2dd9a6a741ac4e
0ccb2c814a7e4ca12c4778821633809cb0361eaa
9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel

HTTP Headers

GET /plugins/fontawesome-free/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: smart.semgu.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://smart.semgu.kz/plugins/fontawesome-free/css/all.min.css
Cookie: PHPSESSID=qkto0kfb68odieomk8ht57umqq
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 11:09:53 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 22 Sep 2021 02:42:34 GMT
ETag: "131bc-5cc8c7763c3f7"
Accept-Ranges: bytes
Content-Length: 78268
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: font/woff2

fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700&display=fallback

142.250.74.138

200 OK

1.1 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700&display=fallback
IP
142.250.74.138:443
ASN
#15169 GOOGLE

Requested by
https://smart.semgu.kz/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
gzip compressed data, max compression
Size
1.1 kB (1106 bytes)
Hash
04ee103314ba39b2c24ac59aefe5ca4e
62805a5c9103495f8d887f1a4a50ae711a6b65ff
5ba17d69542e2992dcda1c7fb18f3c31934b241ba989a30506b903c93fe3f070

HTTP Headers

GET /css?family=Source+Sans+Pro:300,400,400i,700&display=fallback HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smart.semgu.kz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 08 May 2024 11:09:52 GMT
date: Wed, 08 May 2024 11:09:52 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

smart.semgu.kz/favicon.ico

193.193.254.218

404 Not Found

277 B

URL GET HTTP/1.1
smart.semgu.kz/favicon.ico
IP
193.193.254.218:443
ASN
#8393 Astel Jsc

Requested by
https://smart.semgu.kz/login.php
Certificate
IssuerLet's Encrypt
Subjectpt.semgu.kz
FingerprintAA:7A:06:2A:67:F8:26:88:B8:C3:22:4C:48:9D:08:2C:25:28:10:27
ValiditySat, 16 Mar 2024 01:47:34 GMT - Fri, 14 Jun 2024 01:47:33 GMT

File type
HTML document, ASCII text, with no line terminators
Size
277 B (277 bytes)
Hash
537e9052bb15a68b1a5362884a0de3fc
a1438176b77a6c1dc10ee14e712cf985cd99db7a
2391eb88ff3dc7894dae712d39180a8ccdb9ed8666edfa99e297312c83fb1a2e

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: smart.semgu.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smart.semgu.kz/login.php
Cookie: PHPSESSID=qkto0kfb68odieomk8ht57umqq
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Wed, 08 May 2024 11:09:53 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 277
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (13)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate