Report - accscnfrmtnfbacc.ftp.sh

Report Overview

Submitted URL
accscnfrmtnfbacc.ftp.sh
IP
103.181.142.63
ASN
#136052 PT Cloud Hosting Indonesia
Submitted
2024-05-10 07:23:28
Access
public
Website Title
Facebook
Final URL
accscnfrmtnfbacc.ftp.sh/
Tags
meta facebook phishing social
urlquery detections
Phishing - Facebook

Detections

urlquery
13
Network Intrusion Detection
24
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.gstatic.com	unknown	2008-02-11	2016-07-26	2024-05-10	532 B	5.0 kB	142.250.74.35
accscnfrmtnfbacc.ftp.sh	unknown	unknown	No data	No data	4.3 kB	274 kB	103.181.142.63
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-10	450 B	1.5 kB	142.250.74.170
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-10	459 B	4.2 kB	216.58.207.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-05-10 07:23:05	medium	Client IP	103.181.142.63	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
2024-05-10 07:23:05	medium	Client IP	103.181.142.63	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
2024-05-10 07:23:05	medium	Client IP	103.181.142.63	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
2024-05-10 07:23:05	medium	Client IP	103.181.142.63	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
2024-05-10 07:23:06	medium	Client IP	103.181.142.63	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
2024-05-10 07:23:06	medium	Client IP	103.181.142.63	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
2024-05-10 07:23:06	medium	Client IP	103.181.142.63	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
2024-05-10 07:23:06	medium	Client IP	103.181.142.63	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
2024-05-10 07:23:06	medium	Client IP	103.181.142.63	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
2024-05-10 07:23:06	medium	Client IP	103.181.142.63	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
2024-05-10 07:23:06	medium	Client IP	103.181.142.63	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
2024-05-10 07:23:06	medium	Client IP	103.181.142.63	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
2024-05-10 07:23:09	medium	Client IP	103.181.142.63	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
2024-05-10 07:23:09	medium	Client IP	103.181.142.63	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
2024-05-10 07:23:09	medium	Client IP	103.181.142.63	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
2024-05-10 07:23:09	medium	Client IP	103.181.142.63	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
2024-05-10 07:23:09	medium	Client IP	103.181.142.63	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
2024-05-10 07:23:09	medium	Client IP	103.181.142.63	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
2024-05-10 07:23:09	medium	Client IP	103.181.142.63	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
2024-05-10 07:23:09	medium	Client IP	103.181.142.63	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
2024-05-10 07:23:09	medium	Client IP	103.181.142.63	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
2024-05-10 07:23:09	medium	Client IP	103.181.142.63	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
2024-05-10 07:23:09	medium	Client IP	103.181.142.63	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
2024-05-10 07:23:09	medium	Client IP	103.181.142.63	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	accscnfrmtnfbacc.ftp.sh/asset/jquery.min.js	87 kB	2023-03-07	2024-05-20
Pretty URL accscnfrmtnfbacc.ftp.sh/asset/jquery.min.js IP 103.181.142.63 ASN #136052 PT Cloud Hosting Indonesia Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:01 Last Seen2024-05-20 20:53:24 Times Seen26715 Hash 4b57cf46dc8cb95c4cca54afc85e9540 05e1ad0cc600a057886deaf237ab6e3d4fcdb5ac a28ccf8a7b50522bdeea0cd83cdeca221c18fc1f9df3ee6b3d3c48d599206855 Loading...

	accscnfrmtnfbacc.ftp.sh/	560 B	2023-03-14	2024-05-19
Pretty URL accscnfrmtnfbacc.ftp.sh/ IP 103.181.142.63 ASN #136052 PT Cloud Hosting Indonesia Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-14 10:14:08 Last Seen2024-05-19 16:42:45 Times Seen35 Hash 20b0ce80be24380bbaaa98305a47c87d e851806040c565144c202fe5e314ac252c1fdf7a 5e97ec919bc36b4f79e884fadc3232c0f43bfc344e54538224e37846f8471cb7 Loading...

	accscnfrmtnfbacc.ftp.sh/	613 B	2023-07-02	2024-05-19
Pretty URL accscnfrmtnfbacc.ftp.sh/ IP 103.181.142.63 ASN #136052 PT Cloud Hosting Indonesia Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-02 19:44:01 Last Seen2024-05-19 16:42:45 Times Seen36 Hash 535d2e46ea8a4193e8fab0ea6aed14e6 f2d5d81b27f5f1dc4392e8ee09d2cf87e7ebfc13 5c3eb38d156539225ab29ac31610375add36bd9aeb64b2e2e7037d802c396882 Loading...

	accscnfrmtnfbacc.ftp.sh/	151 kB	2024-01-30	2024-05-19
Pretty URL accscnfrmtnfbacc.ftp.sh/ IP 103.181.142.63 ASN #136052 PT Cloud Hosting Indonesia Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-30 15:41:49 Last Seen2024-05-19 16:42:45 Times Seen17 Hash fd16bfbe98940fac59e766ac6e2c8227 2ff9b398e4b6d99be4273eef7d3ee948d0f81efb 448d6d343038ca7d8d87e221434de73ad290fa2dadb1d07b8763391f1eda0912 Loading...

	accscnfrmtnfbacc.ftp.sh/	149 B	2024-01-30	2024-05-19
Pretty URL accscnfrmtnfbacc.ftp.sh/ IP 103.181.142.63 ASN #136052 PT Cloud Hosting Indonesia Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-30 15:41:49 Last Seen2024-05-19 16:42:45 Times Seen17 Hash b947666c2a284d951474db234e045fbd aab66564e8a01015f7f4791ffa9ac2cc031ee785 90024f29c4c338c7c614c3ef3f2e4e096826f07dcaab5edb195ce599e911ba87 Loading...

	accscnfrmtnfbacc.ftp.sh/asset/load.js	1.1 kB	2023-03-10	2024-05-20
Pretty URL accscnfrmtnfbacc.ftp.sh/asset/load.js IP 103.181.142.63 ASN #136052 PT Cloud Hosting Indonesia Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 16:55:58 Last Seen2024-05-20 11:22:28 Times Seen122 Hash cdced71ad2a0c1ada5e6e12fe0485f52 15d1ab751afd0d0a0f66755becc360124e512c24 186c9530c90453f18f9d001a221c5c17ed497b925e93f30d34cb0dd1721a042c Loading...

		Size	First Seen	Last Seen
	#1 Write - 86b92c40125207573fe1735ae9715641	12 B	2024-05-10	2024-05-11
Pretty Observations First Seen2024-05-10 03:50:58 Last Seen2024-05-11 21:54:09 Times Seen4 Hash 86b92c40125207573fe1735ae9715641 00654d470d33187e969c34f499d06901a911105c fbf0a1ca5ec1f9563a1cfae61a429e13a81aa37998c8456ef91d4ee0a90ec519 Loading...

HTTP Transactions (15)

URL IP Response Size

www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.qhDXWpKopYk.L.W.O/am=wA/d=0/rs=AN8SPfq5gedF4FIOWZgYyMCNZA5tU966ig/m=el_main_css

142.250.74.35

200 OK

4.1 kB

URL GET HTTP/2
www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.qhDXWpKopYk.L.W.O/am=wA/d=0/rs=AN8SPfq5gedF4FIOWZgYyMCNZA5tU966ig/m=el_main_css
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
http://accscnfrmtnfbacc.ftp.sh/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
ASCII text, with very long lines (22367), with no line terminators
Size
4.1 kB (4144 bytes)
Hash
b0b46b807eee39af0aad8f5fefc9b3a2
0fb04f15599bc0844063a6ab776c86e73cb9fbfc
71ca2652e2b3ffd3c0ec966958604714ce6c7af01d961b44adc438518eb58cb3

HTTP Headers

GET /_/translate_http/_/ss/k=translate_http.tr.qhDXWpKopYk.L.W.O/am=wA/d=0/rs=AN8SPfq5gedF4FIOWZgYyMCNZA5tU966ig/m=el_main_css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://accscnfrmtnfbacc.ftp.sh/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 4144
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 10:23:10 GMT
expires: Fri, 09 May 2025 10:23:10 GMT
cache-control: public, max-age=31536000
age: 75595
last-modified: Sat, 15 Jul 2023 01:09:03 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

accscnfrmtnfbacc.ftp.sh/

103.181.142.63

25 kB

URL User Request GET
accscnfrmtnfbacc.ftp.sh/
IP
103.181.142.63:0
ASN
#136052 PT Cloud Hosting Indonesia

File type
HTML document, ASCII text, with very long lines (485), with CRLF line terminators
Size
25 kB (24745 bytes)
Hash
3bb4c3faa31db95e19158b2f46dc4e7e
0e49f42f01d1dbd7409c754c8d09b5155dc968c0
a6ba30d4a2957d3e1837a4b4029f65891261de42b9ba3dcdf34789e1e91149ff

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain

HTTP Headers

GET / HTTP/1.1
Host: accscnfrmtnfbacc.ftp.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
etag: "28db0-663bb097-fc8e8;gz"
last-modified: Wed, 08 May 2024 17:04:23 GMT
content-type: text/html
content-length: 24745
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Fri, 10 May 2024 07:23:04 GMT
server: LiteSpeed
connection: Keep-Alive

accscnfrmtnfbacc.ftp.sh/asset/styles.css

103.181.142.63

200 OK

1.8 kB

URL GET HTTP/1.1
accscnfrmtnfbacc.ftp.sh/asset/styles.css
IP
103.181.142.63:80
ASN
#136052 PT Cloud Hosting Indonesia

Requested by
http://accscnfrmtnfbacc.ftp.sh/

File type
ASCII text
Size
1.8 kB (1841 bytes)
Hash
b753875c6b971065559285355202c65d
0d0d3b7305e7355e41cc9ebc158b0024b589d4b4
f39266151ffccfe3a425ae17a6fb51671466df765081a6fe0738d5dab53c2bc6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain

HTTP Headers

GET /asset/styles.css HTTP/1.1
Host: accscnfrmtnfbacc.ftp.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://accscnfrmtnfbacc.ftp.sh/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Fri, 17 May 2024 07:23:05 GMT
etag: "2663-663bb0be-fc8fc;gz"
last-modified: Wed, 08 May 2024 17:05:02 GMT
content-type: text/css
content-length: 1841
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Fri, 10 May 2024 07:23:05 GMT
server: LiteSpeed
connection: Keep-Alive

accscnfrmtnfbacc.ftp.sh/asset/load.js

103.181.142.63

200 OK

389 B

URL GET HTTP/1.1
accscnfrmtnfbacc.ftp.sh/asset/load.js
IP
103.181.142.63:80
ASN
#136052 PT Cloud Hosting Indonesia

Requested by
http://accscnfrmtnfbacc.ftp.sh/

File type
JavaScript source, ASCII text
Size
389 B (389 bytes)
Hash
cdced71ad2a0c1ada5e6e12fe0485f52
15d1ab751afd0d0a0f66755becc360124e512c24
186c9530c90453f18f9d001a221c5c17ed497b925e93f30d34cb0dd1721a042c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain

HTTP Headers

GET /asset/load.js HTTP/1.1
Host: accscnfrmtnfbacc.ftp.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://accscnfrmtnfbacc.ftp.sh/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Fri, 17 May 2024 07:23:05 GMT
etag: "444-663bb0bb-fc8f6;gz"
last-modified: Wed, 08 May 2024 17:04:59 GMT
content-type: application/x-javascript
content-length: 389
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Fri, 10 May 2024 07:23:05 GMT
server: LiteSpeed
connection: Keep-Alive

accscnfrmtnfbacc.ftp.sh/asset/chunk1.css

103.181.142.63

200 OK

13 kB

URL GET HTTP/1.1
accscnfrmtnfbacc.ftp.sh/asset/chunk1.css
IP
103.181.142.63:80
ASN
#136052 PT Cloud Hosting Indonesia

Requested by
http://accscnfrmtnfbacc.ftp.sh/

File type
ASCII text, with very long lines (59102), with CRLF line terminators
Size
13 kB (12994 bytes)
Hash
2164074a81243a4b4f0597f8284d31f7
0f6a9ea3dfa82ae93b6ce14b7db626e7db4f447b
d059ebac9e5a7f3f7e5ae59ca137bb7224e38ad41d3ad36e1d65995b35524a22

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain

HTTP Headers

GET /asset/chunk1.css HTTP/1.1
Host: accscnfrmtnfbacc.ftp.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://accscnfrmtnfbacc.ftp.sh/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Fri, 17 May 2024 07:23:05 GMT
etag: "e7c9-663bb0ba-fc8f4;gz"
last-modified: Wed, 08 May 2024 17:04:58 GMT
content-type: text/css
content-length: 12994
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Fri, 10 May 2024 07:23:05 GMT
server: LiteSpeed
connection: Keep-Alive

accscnfrmtnfbacc.ftp.sh/asset/jquery.min.js

103.181.142.63

200 OK

30 kB

URL GET HTTP/1.1
accscnfrmtnfbacc.ftp.sh/asset/jquery.min.js
IP
103.181.142.63:80
ASN
#136052 PT Cloud Hosting Indonesia

Requested by
http://accscnfrmtnfbacc.ftp.sh/

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
30 kB (30348 bytes)
Hash
4b57cf46dc8cb95c4cca54afc85e9540
05e1ad0cc600a057886deaf237ab6e3d4fcdb5ac
a28ccf8a7b50522bdeea0cd83cdeca221c18fc1f9df3ee6b3d3c48d599206855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain

HTTP Headers

GET /asset/jquery.min.js HTTP/1.1
Host: accscnfrmtnfbacc.ftp.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://accscnfrmtnfbacc.ftp.sh/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Fri, 17 May 2024 07:23:05 GMT
etag: "1538e-663bb0bb-fc8f5;gz"
last-modified: Wed, 08 May 2024 17:04:59 GMT
content-type: application/x-javascript
content-length: 30348
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Fri, 10 May 2024 07:23:05 GMT
server: LiteSpeed
connection: Keep-Alive

accscnfrmtnfbacc.ftp.sh/asset/main.chunk.css

103.181.142.63

200 OK

65 kB

URL GET HTTP/1.1
accscnfrmtnfbacc.ftp.sh/asset/main.chunk.css
IP
103.181.142.63:80
ASN
#136052 PT Cloud Hosting Indonesia

Requested by
http://accscnfrmtnfbacc.ftp.sh/

File type
ASCII text, with very long lines (65536), with no line terminators
Size
65 kB (64743 bytes)
Hash
874043c9317d5e3fa72a9fc55b963a57
a0eaa6f6b7458abb0870b11d9b335a6c58677e65
ecc0293c033edc95eedad6bb294a121546ce61c8b1a8973886f551b6702157fe

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain

HTTP Headers

GET /asset/main.chunk.css HTTP/1.1
Host: accscnfrmtnfbacc.ftp.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://accscnfrmtnfbacc.ftp.sh/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Fri, 17 May 2024 07:23:05 GMT
etag: "7b7d1-663bb0bd-fc8f8;gz"
last-modified: Wed, 08 May 2024 17:05:01 GMT
content-type: text/css
content-length: 64743
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Fri, 10 May 2024 07:23:05 GMT
server: LiteSpeed
connection: Keep-Alive

fonts.googleapis.com/css?family=Khula&display=swap&.css

142.250.74.170

200 OK

893 B

URL GET HTTP/2
fonts.googleapis.com/css?family=Khula&display=swap&.css
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
http://accscnfrmtnfbacc.ftp.sh/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
gzip compressed data, max compression
Size
893 B (893 bytes)
Hash
df29723bcb74a85c5c96480c13c9b78b
b3c06a500837c4260dc0ff4eb719bfe473a8022c
3148704728a654bcaafa9b22db1bd56db8f6c8a2bb0eaf41b3b8c2a6628fc536

HTTP Headers

GET /css?family=Khula&display=swap&.css HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://accscnfrmtnfbacc.ftp.sh/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 10 May 2024 07:23:08 GMT
date: Fri, 10 May 2024 07:23:08 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

accscnfrmtnfbacc.ftp.sh/asset/sound-mobile.svg

103.181.142.63

200 OK

1.1 kB

URL GET HTTP/1.1
accscnfrmtnfbacc.ftp.sh/asset/sound-mobile.svg
IP
103.181.142.63:80
ASN
#136052 PT Cloud Hosting Indonesia

Requested by
http://accscnfrmtnfbacc.ftp.sh/

File type
SVG Scalable Vector Graphics image
Size
1.1 kB (1092 bytes)
Hash
ebd8798bc32c86494851a07770e04e63
b5461dc8f5f5f848033441d506ee05d48742438b
9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain

HTTP Headers

GET /asset/sound-mobile.svg HTTP/1.1
Host: accscnfrmtnfbacc.ftp.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://accscnfrmtnfbacc.ftp.sh/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Fri, 17 May 2024 07:23:08 GMT
etag: "951-663bb0be-fc8fb;gz"
last-modified: Wed, 08 May 2024 17:05:02 GMT
content-type: image/svg+xml
content-length: 1092
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Fri, 10 May 2024 07:23:08 GMT
server: LiteSpeed
connection: Keep-Alive

accscnfrmtnfbacc.ftp.sh/asset/Lock.png

103.181.142.63

200 OK

3.0 kB

URL GET HTTP/1.1
accscnfrmtnfbacc.ftp.sh/asset/Lock.png
IP
103.181.142.63:80
ASN
#136052 PT Cloud Hosting Indonesia

Requested by
http://accscnfrmtnfbacc.ftp.sh/

File type
PNG image data, 117 x 120, 8-bit/color RGBA, non-interlaced
Size
3.0 kB (2987 bytes)
Hash
2e00ac35746887d77fada7370b8d5e42
a0d8c20d749b3e63e93282d7ba90b35be9c15458
9fc2fe17fa35dc50cbac42366d82e564d0a6e29a6b18f966ba78641b92850514

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain

HTTP Headers

GET /asset/Lock.png HTTP/1.1
Host: accscnfrmtnfbacc.ftp.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://accscnfrmtnfbacc.ftp.sh/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Fri, 17 May 2024 07:23:08 GMT
etag: "bab-663bb0bb-fc8f7;;;"
last-modified: Wed, 08 May 2024 17:04:59 GMT
content-type: image/png
content-length: 2987
accept-ranges: bytes
date: Fri, 10 May 2024 07:23:08 GMT
server: LiteSpeed
connection: Keep-Alive

fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg

216.58.207.227

200 OK

3.3 kB

URL GET HTTP/2
fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
http://accscnfrmtnfbacc.ftp.sh/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
SVG Scalable Vector Graphics image
Size
3.3 kB (3340 bytes)
Hash
2bd5c073a88b83ed74db88282a56ddfb
d0ebfc376f8c6a44a8d4cd216817dcd7d0c33650
ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09

HTTP Headers

GET /s/i/productlogos/translate/v14/24px.svg HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://accscnfrmtnfbacc.ftp.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-length: 3340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 May 2024 13:00:35 GMT
expires: Tue, 06 May 2025 13:00:35 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 20 Apr 2022 14:24:23 GMT
content-type: image/svg+xml
vary: Accept-Encoding
age: 325354
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

accscnfrmtnfbacc.ftp.sh/asset/metalock.png

103.181.142.63

200 OK

26 kB

URL GET HTTP/1.1
accscnfrmtnfbacc.ftp.sh/asset/metalock.png
IP
103.181.142.63:80
ASN
#136052 PT Cloud Hosting Indonesia

Requested by
http://accscnfrmtnfbacc.ftp.sh/

File type
PNG image data, 483 x 482, 8-bit/color RGBA, non-interlaced
Size
26 kB (25775 bytes)
Hash
d9bef559aedbc918ebb7ecc8b4bb1dcd
9377521802f54c5db26beff2a61b456e28b260ba
0800a9ba4e13276927f4b3e2c4e2df4f30b9c4350c241b4a6ff963591f518176

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain

HTTP Headers

GET /asset/metalock.png HTTP/1.1
Host: accscnfrmtnfbacc.ftp.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://accscnfrmtnfbacc.ftp.sh/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Fri, 17 May 2024 07:23:08 GMT
etag: "64af-663bb0bd-fc8f9;;;"
last-modified: Wed, 08 May 2024 17:05:01 GMT
content-type: image/png
content-length: 25775
accept-ranges: bytes
date: Fri, 10 May 2024 07:23:08 GMT
server: LiteSpeed
connection: Keep-Alive

accscnfrmtnfbacc.ftp.sh/asset/icon.png

103.181.142.63

404 Not Found

705 B

URL GET HTTP/1.1
accscnfrmtnfbacc.ftp.sh/asset/icon.png
IP
103.181.142.63:80
ASN
#136052 PT Cloud Hosting Indonesia

Requested by
http://accscnfrmtnfbacc.ftp.sh/

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
705 B (705 bytes)
Hash
30a9aa3e2018df9e4d5a7dea65c283f6
6abb0707a87dd0140ae3488c3f2a378726e2ca53
230d91b44ffd4de6a3cfe521b2560e5ed59763df51a5de76fc01513787fb1682

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain

HTTP Headers

GET /asset/icon.png HTTP/1.1
Host: accscnfrmtnfbacc.ftp.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://accscnfrmtnfbacc.ftp.sh/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
content-type: text/html
cache-control: private, no-cache, max-age=0
pragma: no-cache
date: Fri, 10 May 2024 07:23:09 GMT
server: LiteSpeed
content-encoding: gzip
vary: Accept-Encoding
transfer-encoding: chunked
connection: Keep-Alive

accscnfrmtnfbacc.ftp.sh/asset/sound-mobile.png

103.181.142.63

200 OK

52 kB

URL GET HTTP/1.1
accscnfrmtnfbacc.ftp.sh/asset/sound-mobile.png
IP
103.181.142.63:80
ASN
#136052 PT Cloud Hosting Indonesia

Requested by
http://accscnfrmtnfbacc.ftp.sh/

File type
PNG image data, 1138 x 1138, 8-bit/color RGBA, non-interlaced
Size
52 kB (52387 bytes)
Hash
78aea8095f96a7cb42ac2b9aac854496
ed52f502bf0db4731c475c3c9828dd30aab3536a
c150037ca397366d56aa0b6bba6a1dc69898a62ff25777e3a180ba56beaea0e0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain

HTTP Headers

GET /asset/sound-mobile.png HTTP/1.1
Host: accscnfrmtnfbacc.ftp.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://accscnfrmtnfbacc.ftp.sh/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Fri, 17 May 2024 07:23:08 GMT
etag: "cca3-663bb0be-fc8fa;;;"
last-modified: Wed, 08 May 2024 17:05:02 GMT
content-type: image/png
content-length: 52387
accept-ranges: bytes
date: Fri, 10 May 2024 07:23:08 GMT
server: LiteSpeed
connection: Keep-Alive

accscnfrmtnfbacc.ftp.sh/asset/sound-mobile.png

103.181.142.63

200 OK

52 kB

URL GET HTTP/1.1
accscnfrmtnfbacc.ftp.sh/asset/sound-mobile.png
IP
103.181.142.63:80
ASN
#136052 PT Cloud Hosting Indonesia

Requested by
http://accscnfrmtnfbacc.ftp.sh/

File type
PNG image data, 1138 x 1138, 8-bit/color RGBA, non-interlaced
Size
52 kB (52387 bytes)
Hash
78aea8095f96a7cb42ac2b9aac854496
ed52f502bf0db4731c475c3c9828dd30aab3536a
c150037ca397366d56aa0b6bba6a1dc69898a62ff25777e3a180ba56beaea0e0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain

HTTP Headers

GET /asset/sound-mobile.png HTTP/1.1
Host: accscnfrmtnfbacc.ftp.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://accscnfrmtnfbacc.ftp.sh/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Fri, 17 May 2024 07:23:09 GMT
etag: "cca3-663bb0be-fc8fa;;;"
last-modified: Wed, 08 May 2024 17:05:02 GMT
content-type: image/png
content-length: 52387
accept-ranges: bytes
date: Fri, 10 May 2024 07:23:09 GMT
server: LiteSpeed
connection: Keep-Alive

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (15)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers