Report - 103.23.100.135/auth/login

Report Overview

Submitted URL
103.23.100.135/auth/login
IP
103.23.100.135
ASN
#58400 Universitas Negeri Semarang
Submitted
2024-05-04 08:58:51
Access
public
Website Title
SISTER
Final URL
103.23.100.135/auth/login
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
34

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
103.23.100.135	unknown	unknown	2022-07-17	2023-12-13	12 kB	869 kB	103.23.100.135
ekr.zdassets.com	2396	2013-01-28	2018-06-14	2024-05-02	460 B	9.7 kB	104.18.70.113
static.zdassets.com	2154	2013-01-28	2018-06-24	2024-05-03	1.3 kB	1.0 MB	104.18.72.113

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-04	medium	103.23.100.135	Sinkholed
2024-05-04	medium	103.23.100.135	Sinkholed
2024-05-04	medium	103.23.100.135	Sinkholed
2024-05-04	medium	103.23.100.135	Sinkholed
2024-05-04	medium	103.23.100.135	Sinkholed
2024-05-04	medium	103.23.100.135	Sinkholed
2024-05-04	medium	103.23.100.135	Sinkholed
2024-05-04	medium	103.23.100.135	Sinkholed
2024-05-04	medium	103.23.100.135	Sinkholed
2024-05-04	medium	103.23.100.135	Sinkholed
2024-05-04	medium	103.23.100.135	Sinkholed
2024-05-04	medium	103.23.100.135	Sinkholed
2024-05-04	medium	103.23.100.135	Sinkholed
2024-05-04	medium	103.23.100.135	Sinkholed
2024-05-04	medium	103.23.100.135	Sinkholed
2024-05-04	medium	103.23.100.135	Sinkholed
2024-05-04	medium	103.23.100.135	Sinkholed

ThreatFox

No alerts detected

JavaScript (12)

	URL	Size	First Seen	Last Seen
	103.23.100.135/auth/login	0 B	2023-03-07	2024-05-18
Pretty URL 103.23.100.135/auth/login IP 103.23.100.135 ASN #58400 Universitas Negeri Semarang Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-18 09:02:18 Times Seen37777212 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	103.23.100.135/js/plugins/iCheck/icheck.min.js	5.0 kB	2023-03-07	2024-05-15
Pretty URL 103.23.100.135/js/plugins/iCheck/icheck.min.js IP 103.23.100.135 ASN #58400 Universitas Negeri Semarang Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:55:05 Last Seen2024-05-15 11:34:39 Times Seen1331 Hash 65144d3f977f76227bc360430e50a929 071649224c800d4a1892bd9778ef169f6522fe24 9fcb2f4212989b54a867eb65c86910d89c8779de6e609e6a227c3c6c6a4cd1a7 Loading...

	static.zdassets.com/ekr/snippet.js?key=769f70e3-dc71-49d6-bccb-4f165b4c1a3b	10 kB	2024-01-15	2024-05-18
Pretty URL static.zdassets.com/ekr/snippet.js?key=769f70e3-dc71-49d6-bccb-4f165b4c1a3b IP 104.18.72.113 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-15 08:52:01 Last Seen2024-05-18 08:37:51 Times Seen3853 Hash c0053b411b753138af468db1bd3b19f3 7c3a187aa58f2b9e5446edb761b3d4d2ba506fe7 ce337ec7dda4b3a741363a2673c7edce5c736f1660e2aa908131ecfd9dd1343f Loading...

	103.23.100.135/auth/login	0 B	2023-03-07	2024-05-18
Pretty URL 103.23.100.135/auth/login IP 103.23.100.135 ASN #58400 Universitas Negeri Semarang Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-18 09:02:18 Times Seen37777212 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	static.zdassets.com/web_widget/classic/latest/web-widget-main-7bc1c0f.js	992 kB	2024-04-11	2024-05-07
Pretty URL static.zdassets.com/web_widget/classic/latest/web-widget-main-7bc1c0f.js IP 104.18.72.113 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-11 14:18:32 Last Seen2024-05-07 10:22:14 Times Seen276 Hash 3784cf5e1ddd3a68e335f3bb4a5e2fcd 617bebee8c2acfff41763b25aa8e2b65bdebc1d3 7f4ac95d1ab40c0d78d98acf1da862b901ce896b43f738c7b1731c986a612bf4 Loading...

	static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/en-us-json-7bc1c0f.js	26 kB	2023-11-01	2024-05-18
Pretty URL static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/en-us-json-7bc1c0f.js IP 104.18.72.113 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-01 04:40:16 Last Seen2024-05-18 08:37:48 Times Seen3433 Hash 6eb45e96a7cbb4b8ca10897f3cf09981 2a12b20d1ca65377448dce30519c629aa4273346 a48fd35c61908d912b5ac9e1face12e0962a0d9ecc8679e87db4031697cec54e Loading...

	103.23.100.135/js/plugins/toastr/toastr.min.js	4.3 kB	2023-03-07	2024-05-15
Pretty URL 103.23.100.135/js/plugins/toastr/toastr.min.js IP 103.23.100.135 ASN #58400 Universitas Negeri Semarang Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:55:05 Last Seen2024-05-15 11:34:39 Times Seen1336 Hash 302e74f93481e4a7c43e503b29a88d45 38aa32423f7253b26c2e14e07df9e29e66c4a52a b0c44a723b496d37458cac39aef81c478a426de72532d5adf7265274d69778d4 Loading...

	unknown	83 B	2023-04-13	2024-05-18
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-13 16:08:45 Last Seen2024-05-18 01:34:38 Times Seen1758 Hash 62cd50374f9e402baf5a7de635f1b832 8f48044d7fa09ae8d666ab4056e9f7a570dc1774 18de782ff83190db91cd321421564b77ca13c7953ab5831901095354b093c0ac Loading...

	unknown	77 B	2023-04-13	2024-05-18
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-13 16:08:45 Last Seen2024-05-18 01:34:38 Times Seen1756 Hash 5ada4f545e5b41cc9774b9c537654481 7aeac43d786855f9d50588ebf2ad0428aa7a08dd c95b3fc54062c581e2d235f25aa9074b000bd2c718804455238fc5ea286fb0c0 Loading...

	103.23.100.135/js/jquery-2.1.1.js	84 kB	2023-03-07	2024-05-17
Pretty URL 103.23.100.135/js/jquery-2.1.1.js IP 103.23.100.135 ASN #58400 Universitas Negeri Semarang Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:07 Last Seen2024-05-17 09:14:37 Times Seen1809 Hash 6631a779321bc03f4a5281d3ff526254 5be8bf17be5085d803dfcbe59f8d6e584b516679 797e79e220fdb3c48f6df26b879543102479491611940c8acc81a905da5c6858 Loading...

	103.23.100.135/bower_components/sweetalert/dist/sweetalert.min.js	17 kB	2023-03-07	2024-05-17
Pretty URL 103.23.100.135/bower_components/sweetalert/dist/sweetalert.min.js IP 103.23.100.135 ASN #58400 Universitas Negeri Semarang Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:37 Last Seen2024-05-17 15:20:06 Times Seen3498 Hash 0068f44b0aa1b83fa7679860ceb26590 20d5cdb9d2002442843baab241f2e883563d1de5 7a056fc64aba501090c8acd106b0c7bbc9a267914e695ae34aa42a6ae2a094a7 Loading...

	unknown	82 B	2023-04-13	2024-05-18
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-13 16:08:45 Last Seen2024-05-18 01:34:38 Times Seen1759 Hash 67a24a8bdca5577b37d605ce6e8adfb2 82fa2a206316f4cb674e1f790bf21adc3eea8e88 b6ef6fee73d4f31312a27bc9609dddb02b4511d4f1c5e80ea8a1a896cae11f53 Loading...

HTTP Transactions (21)

URL IP Response Size

103.23.100.135/auth/login

103.23.100.135

2.3 kB

URL User Request GET
103.23.100.135/auth/login
IP
103.23.100.135:0
ASN
#58400 Universitas Negeri Semarang

File type
HTML document, ASCII text
Size
2.3 kB (2330 bytes)
Hash
46f4c27b0b2a96e87be5bc9cef8cd742
65d3e80efdb5d092c79e212b7ef6adc1d52beaad
9b25cfe5e4b38077ccfd33e3772ec2c136801c404a3cb902a8fe7b1bbc22f0f1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /auth/login HTTP/1.1
Host: 103.23.100.135
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 May 2024 08:32:17 GMT
Server: Apache/2.4.18 (Ubuntu)
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache
Set-Cookie: PHPSESSID=smd9mmca6gajf849lrtrdsvno4; path=/
laravel_session=eyJpdiI6IlhleFUySFhWblJKUlVEUUt3VWpBbUE9PSIsInZhbHVlIjoiSGxUQTFDRnpzMnhwYWU2aUpRcTltXC84M0JoUW43OFVJTE5QTGo3UGo3OGhDMTN0d2EwSXc5czNuOW1jcG5hcXlKTktNQkZieVZ4VFdJNFhmZkhVSXhRPT0iLCJtYWMiOiJkZDAzYzViZWJmZmM3OWRlMDRjOGQ0NjliZTYxODZkOGQzN2YyZjcyYzU4MGU3OTQ2YTdhOTQyZGFlNjlhYTAxIn0%3D; expires=Sat, 04-May-2024 10:32:22 GMT; Max-Age=7200; path=/; httponly
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2330
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

103.23.100.135/font-awesome/css/font-awesome.min.css

103.23.100.135

200 OK

5.4 kB

URL GET HTTP/1.1
103.23.100.135/font-awesome/css/font-awesome.min.css
IP
103.23.100.135:80
ASN
#58400 Universitas Negeri Semarang

Requested by
http://103.23.100.135/auth/login

File type
ASCII text, with very long lines (23577)
Size
5.4 kB (5443 bytes)
Hash
04425bbdc6243fc6e54bf8984fe50330
8c15c6bd82c71e9ef1bb11cf24e502fe07518ac5
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /font-awesome/css/font-awesome.min.css HTTP/1.1
Host: 103.23.100.135
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.23.100.135/auth/login
Cookie: PHPSESSID=smd9mmca6gajf849lrtrdsvno4; laravel_session=eyJpdiI6IlhleFUySFhWblJKUlVEUUt3VWpBbUE9PSIsInZhbHVlIjoiSGxUQTFDRnpzMnhwYWU2aUpRcTltXC84M0JoUW43OFVJTE5QTGo3UGo3OGhDMTN0d2EwSXc5czNuOW1jcG5hcXlKTktNQkZieVZ4VFdJNFhmZkhVSXhRPT0iLCJtYWMiOiJkZDAzYzViZWJmZmM3OWRlMDRjOGQ0NjliZTYxODZkOGQzN2YyZjcyYzU4MGU3OTQ2YTdhOTQyZGFlNjlhYTAxIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 May 2024 08:32:22 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 03 Aug 2023 07:47:43 GMT
ETag: "5cbb-601fffeccdc80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5443
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

103.23.100.135/bower_components/sweetalert/dist/sweetalert.css

103.23.100.135

200 OK

3.7 kB

URL GET HTTP/1.1
103.23.100.135/bower_components/sweetalert/dist/sweetalert.css
IP
103.23.100.135:80
ASN
#58400 Universitas Negeri Semarang

Requested by
http://103.23.100.135/auth/login

File type
ASCII text
Size
3.7 kB (3705 bytes)
Hash
196c08c89f0c8a9b688a16d3435ac327
4890c9d16b0f2bb368bcc065ed00b72de15707c5
93ae81483be2e9705db4cd911fa410bc2cf6c24f355dc5ac899de49fab854e63

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bower_components/sweetalert/dist/sweetalert.css HTTP/1.1
Host: 103.23.100.135
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.23.100.135/auth/login
Cookie: PHPSESSID=smd9mmca6gajf849lrtrdsvno4; laravel_session=eyJpdiI6IlhleFUySFhWblJKUlVEUUt3VWpBbUE9PSIsInZhbHVlIjoiSGxUQTFDRnpzMnhwYWU2aUpRcTltXC84M0JoUW43OFVJTE5QTGo3UGo3OGhDMTN0d2EwSXc5czNuOW1jcG5hcXlKTktNQkZieVZ4VFdJNFhmZkhVSXhRPT0iLCJtYWMiOiJkZDAzYzViZWJmZmM3OWRlMDRjOGQ0NjliZTYxODZkOGQzN2YyZjcyYzU4MGU3OTQ2YTdhOTQyZGFlNjlhYTAxIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 May 2024 08:32:23 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 03 Aug 2023 07:47:43 GMT
ETag: "595f-601fffecbd2e0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3705
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

103.23.100.135/css/bootstrap.min.css

103.23.100.135

200 OK

20 kB

URL GET HTTP/1.1
103.23.100.135/css/bootstrap.min.css
IP
103.23.100.135:80
ASN
#58400 Universitas Negeri Semarang

Requested by
http://103.23.100.135/auth/login

File type
ASCII text, with very long lines (65371)
Size
20 kB (19889 bytes)
Hash
faf0fa69259c08912ec2f23fc8b96b54
fa0c5ba479172c8c292028f9eea55e44c25036f5
aff3a131f05022ee849741b525bca40426a4674693305841946b3ecfa773a0ad

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/bootstrap.min.css HTTP/1.1
Host: 103.23.100.135
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.23.100.135/auth/login
Cookie: PHPSESSID=smd9mmca6gajf849lrtrdsvno4; laravel_session=eyJpdiI6IlhleFUySFhWblJKUlVEUUt3VWpBbUE9PSIsInZhbHVlIjoiSGxUQTFDRnpzMnhwYWU2aUpRcTltXC84M0JoUW43OFVJTE5QTGo3UGo3OGhDMTN0d2EwSXc5czNuOW1jcG5hcXlKTktNQkZieVZ4VFdJNFhmZkhVSXhRPT0iLCJtYWMiOiJkZDAzYzViZWJmZmM3OWRlMDRjOGQ0NjliZTYxODZkOGQzN2YyZjcyYzU4MGU3OTQ2YTdhOTQyZGFlNjlhYTAxIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 May 2024 08:32:22 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 03 Aug 2023 07:47:43 GMT
ETag: "1deac-601fffecbf220-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 19889
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

103.23.100.135/js/plugins/iCheck/icheck.min.js

103.23.100.135

200 OK

2.3 kB

URL GET HTTP/1.1
103.23.100.135/js/plugins/iCheck/icheck.min.js
IP
103.23.100.135:80
ASN
#58400 Universitas Negeri Semarang

Requested by
http://103.23.100.135/auth/login

File type
JavaScript source, ASCII text, with very long lines (531)
Size
2.3 kB (2253 bytes)
Hash
65144d3f977f76227bc360430e50a929
071649224c800d4a1892bd9778ef169f6522fe24
9fcb2f4212989b54a867eb65c86910d89c8779de6e609e6a227c3c6c6a4cd1a7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/plugins/iCheck/icheck.min.js HTTP/1.1
Host: 103.23.100.135
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.23.100.135/auth/login
Cookie: PHPSESSID=smd9mmca6gajf849lrtrdsvno4; laravel_session=eyJpdiI6IlhleFUySFhWblJKUlVEUUt3VWpBbUE9PSIsInZhbHVlIjoiSGxUQTFDRnpzMnhwYWU2aUpRcTltXC84M0JoUW43OFVJTE5QTGo3UGo3OGhDMTN0d2EwSXc5czNuOW1jcG5hcXlKTktNQkZieVZ4VFdJNFhmZkhVSXhRPT0iLCJtYWMiOiJkZDAzYzViZWJmZmM3OWRlMDRjOGQ0NjliZTYxODZkOGQzN2YyZjcyYzU4MGU3OTQ2YTdhOTQyZGFlNjlhYTAxIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 May 2024 08:32:23 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 03 Aug 2023 07:47:43 GMT
ETag: "137b-601fffecd0b60-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2253
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

103.23.100.135/css/plugins/toastr/toastr.min.css

103.23.100.135

200 OK

2.8 kB

URL GET HTTP/1.1
103.23.100.135/css/plugins/toastr/toastr.min.css
IP
103.23.100.135:80
ASN
#58400 Universitas Negeri Semarang

Requested by
http://103.23.100.135/auth/login

File type
ASCII text, with very long lines (820)
Size
2.8 kB (2763 bytes)
Hash
7f843b9c2098d8eb97d45f0464df3e60
faa7022661fe8d4be33465824e884a84e43182a8
f3b9b25322f0c3147802385e299b3da7b488aad99aa0ba514345f3af80319849

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/plugins/toastr/toastr.min.css HTTP/1.1
Host: 103.23.100.135
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.23.100.135/auth/login
Cookie: PHPSESSID=smd9mmca6gajf849lrtrdsvno4; laravel_session=eyJpdiI6IlhleFUySFhWblJKUlVEUUt3VWpBbUE9PSIsInZhbHVlIjoiSGxUQTFDRnpzMnhwYWU2aUpRcTltXC84M0JoUW43OFVJTE5QTGo3UGo3OGhDMTN0d2EwSXc5czNuOW1jcG5hcXlKTktNQkZieVZ4VFdJNFhmZkhVSXhRPT0iLCJtYWMiOiJkZDAzYzViZWJmZmM3OWRlMDRjOGQ0NjliZTYxODZkOGQzN2YyZjcyYzU4MGU3OTQ2YTdhOTQyZGFlNjlhYTAxIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 May 2024 08:32:23 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 03 Aug 2023 07:47:43 GMT
ETag: "1a05-601fffecc01c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2763
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

103.23.100.135/js/plugins/toastr/toastr.min.js

103.23.100.135

200 OK

1.7 kB

URL GET HTTP/1.1
103.23.100.135/js/plugins/toastr/toastr.min.js
IP
103.23.100.135:80
ASN
#58400 Universitas Negeri Semarang

Requested by
http://103.23.100.135/auth/login

File type
JavaScript source, ASCII text, with very long lines (4285)
Size
1.7 kB (1671 bytes)
Hash
302e74f93481e4a7c43e503b29a88d45
38aa32423f7253b26c2e14e07df9e29e66c4a52a
b0c44a723b496d37458cac39aef81c478a426de72532d5adf7265274d69778d4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/plugins/toastr/toastr.min.js HTTP/1.1
Host: 103.23.100.135
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.23.100.135/auth/login
Cookie: PHPSESSID=smd9mmca6gajf849lrtrdsvno4; laravel_session=eyJpdiI6IlhleFUySFhWblJKUlVEUUt3VWpBbUE9PSIsInZhbHVlIjoiSGxUQTFDRnpzMnhwYWU2aUpRcTltXC84M0JoUW43OFVJTE5QTGo3UGo3OGhDMTN0d2EwSXc5czNuOW1jcG5hcXlKTktNQkZieVZ4VFdJNFhmZkhVSXhRPT0iLCJtYWMiOiJkZDAzYzViZWJmZmM3OWRlMDRjOGQ0NjliZTYxODZkOGQzN2YyZjcyYzU4MGU3OTQ2YTdhOTQyZGFlNjlhYTAxIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 May 2024 08:32:23 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 03 Aug 2023 07:47:43 GMT
ETag: "10e1-601fffecd1b00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1671
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

103.23.100.135/eak/ejs/css/classy.css

103.23.100.135

200 OK

1.4 kB

URL GET HTTP/1.1
103.23.100.135/eak/ejs/css/classy.css
IP
103.23.100.135:80
ASN
#58400 Universitas Negeri Semarang

Requested by
http://103.23.100.135/auth/login

File type
ASCII text
Size
1.4 kB (1351 bytes)
Hash
559a44f65371898d61715fdcb052551d
255ddb983b212d89f451264216098f0f70beb3e3
5123ca3f8a59ac8f5bc0dfc2868a6923417b77a7b5fedec75f6d5a0e65485176

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /eak/ejs/css/classy.css HTTP/1.1
Host: 103.23.100.135
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.23.100.135/auth/login
Cookie: PHPSESSID=smd9mmca6gajf849lrtrdsvno4; laravel_session=eyJpdiI6IlhleFUySFhWblJKUlVEUUt3VWpBbUE9PSIsInZhbHVlIjoiSGxUQTFDRnpzMnhwYWU2aUpRcTltXC84M0JoUW43OFVJTE5QTGo3UGo3OGhDMTN0d2EwSXc5czNuOW1jcG5hcXlKTktNQkZieVZ4VFdJNFhmZkhVSXhRPT0iLCJtYWMiOiJkZDAzYzViZWJmZmM3OWRlMDRjOGQ0NjliZTYxODZkOGQzN2YyZjcyYzU4MGU3OTQ2YTdhOTQyZGFlNjlhYTAxIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 May 2024 08:32:23 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 03 Aug 2023 07:47:43 GMT
ETag: "14a0-601fffecc1160-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1351
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

103.23.100.135/js/jquery-2.1.1.js

103.23.100.135

200 OK

30 kB

URL GET HTTP/1.1
103.23.100.135/js/jquery-2.1.1.js
IP
103.23.100.135:80
ASN
#58400 Universitas Negeri Semarang

Requested by
http://103.23.100.135/auth/login

File type
JavaScript source, ASCII text, with very long lines (32061)
Size
30 kB (29496 bytes)
Hash
6631a779321bc03f4a5281d3ff526254
5be8bf17be5085d803dfcbe59f8d6e584b516679
797e79e220fdb3c48f6df26b879543102479491611940c8acc81a905da5c6858

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/jquery-2.1.1.js HTTP/1.1
Host: 103.23.100.135
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.23.100.135/auth/login
Cookie: PHPSESSID=smd9mmca6gajf849lrtrdsvno4; laravel_session=eyJpdiI6IlhleFUySFhWblJKUlVEUUt3VWpBbUE9PSIsInZhbHVlIjoiSGxUQTFDRnpzMnhwYWU2aUpRcTltXC84M0JoUW43OFVJTE5QTGo3UGo3OGhDMTN0d2EwSXc5czNuOW1jcG5hcXlKTktNQkZieVZ4VFdJNFhmZkhVSXhRPT0iLCJtYWMiOiJkZDAzYzViZWJmZmM3OWRlMDRjOGQ0NjliZTYxODZkOGQzN2YyZjcyYzU4MGU3OTQ2YTdhOTQyZGFlNjlhYTAxIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 May 2024 08:32:23 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 03 Aug 2023 07:47:43 GMT
ETag: "14914-601fffeccfbc0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 29496
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

103.23.100.135/css/plugins/iCheck/custom.css

103.23.100.135

200 OK

451 B

URL GET HTTP/1.1
103.23.100.135/css/plugins/iCheck/custom.css
IP
103.23.100.135:80
ASN
#58400 Universitas Negeri Semarang

Requested by
http://103.23.100.135/auth/login

File type
ASCII text
Size
451 B (451 bytes)
Hash
c79aa66bf5da894fca5bc298bb7df246
a2aefc3b5937e266c787703dfe736e57b6c16887
03704b3fb6fc6a839e8d117a2fbabb08aaad03cc43bef8cd9de092ecbdf72287

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/plugins/iCheck/custom.css HTTP/1.1
Host: 103.23.100.135
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.23.100.135/auth/login
Cookie: PHPSESSID=smd9mmca6gajf849lrtrdsvno4; laravel_session=eyJpdiI6IlhleFUySFhWblJKUlVEUUt3VWpBbUE9PSIsInZhbHVlIjoiSGxUQTFDRnpzMnhwYWU2aUpRcTltXC84M0JoUW43OFVJTE5QTGo3UGo3OGhDMTN0d2EwSXc5czNuOW1jcG5hcXlKTktNQkZieVZ4VFdJNFhmZkhVSXhRPT0iLCJtYWMiOiJkZDAzYzViZWJmZmM3OWRlMDRjOGQ0NjliZTYxODZkOGQzN2YyZjcyYzU4MGU3OTQ2YTdhOTQyZGFlNjlhYTAxIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 May 2024 08:32:23 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 03 Aug 2023 07:47:43 GMT
ETag: "576-601fffecc01c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 451
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

103.23.100.135/css/login.css

103.23.100.135

200 OK

619 B

URL GET HTTP/1.1
103.23.100.135/css/login.css
IP
103.23.100.135:80
ASN
#58400 Universitas Negeri Semarang

Requested by
http://103.23.100.135/auth/login

File type
ASCII text
Size
619 B (619 bytes)
Hash
a628fed5580b3508ad1ebdc3e7936673
b775ad0e74eec65ea7e3943efaf7922d3be84942
7e208bec70080c8d8656fd86256d0ca9c34569ac00f94cbf0b5facee3973e989

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/login.css HTTP/1.1
Host: 103.23.100.135
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.23.100.135/auth/login
Cookie: PHPSESSID=smd9mmca6gajf849lrtrdsvno4; laravel_session=eyJpdiI6IlhleFUySFhWblJKUlVEUUt3VWpBbUE9PSIsInZhbHVlIjoiSGxUQTFDRnpzMnhwYWU2aUpRcTltXC84M0JoUW43OFVJTE5QTGo3UGo3OGhDMTN0d2EwSXc5czNuOW1jcG5hcXlKTktNQkZieVZ4VFdJNFhmZkhVSXhRPT0iLCJtYWMiOiJkZDAzYzViZWJmZmM3OWRlMDRjOGQ0NjliZTYxODZkOGQzN2YyZjcyYzU4MGU3OTQ2YTdhOTQyZGFlNjlhYTAxIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 May 2024 08:32:23 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 03 Aug 2023 07:47:43 GMT
ETag: "72a-601fffecbf220-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 619
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

103.23.100.135/bower_components/sweetalert/dist/sweetalert.min.js

103.23.100.135

200 OK

5.4 kB

URL GET HTTP/1.1
103.23.100.135/bower_components/sweetalert/dist/sweetalert.min.js
IP
103.23.100.135:80
ASN
#58400 Universitas Negeri Semarang

Requested by
http://103.23.100.135/auth/login

File type
JavaScript source, ASCII text, with very long lines (16977), with no line terminators
Size
5.4 kB (5412 bytes)
Hash
0068f44b0aa1b83fa7679860ceb26590
20d5cdb9d2002442843baab241f2e883563d1de5
7a056fc64aba501090c8acd106b0c7bbc9a267914e695ae34aa42a6ae2a094a7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bower_components/sweetalert/dist/sweetalert.min.js HTTP/1.1
Host: 103.23.100.135
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.23.100.135/auth/login
Cookie: PHPSESSID=smd9mmca6gajf849lrtrdsvno4; laravel_session=eyJpdiI6IlhleFUySFhWblJKUlVEUUt3VWpBbUE9PSIsInZhbHVlIjoiSGxUQTFDRnpzMnhwYWU2aUpRcTltXC84M0JoUW43OFVJTE5QTGo3UGo3OGhDMTN0d2EwSXc5czNuOW1jcG5hcXlKTktNQkZieVZ4VFdJNFhmZkhVSXhRPT0iLCJtYWMiOiJkZDAzYzViZWJmZmM3OWRlMDRjOGQ0NjliZTYxODZkOGQzN2YyZjcyYzU4MGU3OTQ2YTdhOTQyZGFlNjlhYTAxIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 May 2024 08:32:23 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 03 Aug 2023 07:47:43 GMT
ETag: "4251-601fffecbd2e0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5412
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

103.23.100.135/css/style.css

103.23.100.135

200 OK

32 kB

URL GET HTTP/1.1
103.23.100.135/css/style.css
IP
103.23.100.135:80
ASN
#58400 Universitas Negeri Semarang

Requested by
http://103.23.100.135/auth/login

File type
ASCII text, with very long lines (2166)
Size
32 kB (32012 bytes)
Hash
b82e453be5f0789e86027aa7c52dfa0d
40e6feb51efda56be79ecb3e0b1efdb8c5b038b8
2da2553e1c42f31830bb4567fdcacc4d37c61c9b2475d3f8a652f13120921dbc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/style.css HTTP/1.1
Host: 103.23.100.135
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.23.100.135/auth/login
Cookie: PHPSESSID=smd9mmca6gajf849lrtrdsvno4; laravel_session=eyJpdiI6IlhleFUySFhWblJKUlVEUUt3VWpBbUE9PSIsInZhbHVlIjoiSGxUQTFDRnpzMnhwYWU2aUpRcTltXC84M0JoUW43OFVJTE5QTGo3UGo3OGhDMTN0d2EwSXc5czNuOW1jcG5hcXlKTktNQkZieVZ4VFdJNFhmZkhVSXhRPT0iLCJtYWMiOiJkZDAzYzViZWJmZmM3OWRlMDRjOGQ0NjliZTYxODZkOGQzN2YyZjcyYzU4MGU3OTQ2YTdhOTQyZGFlNjlhYTAxIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 May 2024 08:32:23 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 03 Aug 2023 07:47:43 GMT
ETag: "2a60c-601fffecc01c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 32012
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

103.23.100.135/bg_login_new.jpg

103.23.100.135

200 OK

37 kB

URL GET HTTP/1.1
103.23.100.135/bg_login_new.jpg
IP
103.23.100.135:80
ASN
#58400 Universitas Negeri Semarang

Requested by
http://103.23.100.135/auth/login

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 1384x779, components 3
Size
37 kB (36734 bytes)
Hash
ceb48201582e8baf4e26528c25d063a3
c16de7c7a91b314c7001d21fb3799efbc97d2656
3a577a4056f74a5c1402a567ac768ae373a6a1f13ca366c61c7a4fd54292f644

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bg_login_new.jpg HTTP/1.1
Host: 103.23.100.135
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.23.100.135/auth/login
Cookie: PHPSESSID=smd9mmca6gajf849lrtrdsvno4; laravel_session=eyJpdiI6IlhleFUySFhWblJKUlVEUUt3VWpBbUE9PSIsInZhbHVlIjoiSGxUQTFDRnpzMnhwYWU2aUpRcTltXC84M0JoUW43OFVJTE5QTGo3UGo3OGhDMTN0d2EwSXc5czNuOW1jcG5hcXlKTktNQkZieVZ4VFdJNFhmZkhVSXhRPT0iLCJtYWMiOiJkZDAzYzViZWJmZmM3OWRlMDRjOGQ0NjliZTYxODZkOGQzN2YyZjcyYzU4MGU3OTQ2YTdhOTQyZGFlNjlhYTAxIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 May 2024 08:32:24 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 03 Aug 2023 07:47:43 GMT
ETag: "8f7e-601fffec98120"
Accept-Ranges: bytes
Content-Length: 36734
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/jpeg

103.23.100.135/favicon.png

103.23.100.135

200 OK

7.1 kB

URL GET HTTP/1.1
103.23.100.135/favicon.png
IP
103.23.100.135:80
ASN
#58400 Universitas Negeri Semarang

Requested by
http://103.23.100.135/auth/login

File type
PNG image data, 44 x 45, 8-bit/color RGBA, non-interlaced
Size
7.1 kB (7144 bytes)
Hash
a25d188928c0a60d4305d771bf49a2cb
b232efdb819766bd0c05e71f67054b1ef4570b25
d34f00c6549674b2e97aed7a5671dae032b7c92e9f3f72051fd1da8828088fb5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.png HTTP/1.1
Host: 103.23.100.135
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.23.100.135/auth/login
Cookie: PHPSESSID=smd9mmca6gajf849lrtrdsvno4; laravel_session=eyJpdiI6IlhleFUySFhWblJKUlVEUUt3VWpBbUE9PSIsInZhbHVlIjoiSGxUQTFDRnpzMnhwYWU2aUpRcTltXC84M0JoUW43OFVJTE5QTGo3UGo3OGhDMTN0d2EwSXc5czNuOW1jcG5hcXlKTktNQkZieVZ4VFdJNFhmZkhVSXhRPT0iLCJtYWMiOiJkZDAzYzViZWJmZmM3OWRlMDRjOGQ0NjliZTYxODZkOGQzN2YyZjcyYzU4MGU3OTQ2YTdhOTQyZGFlNjlhYTAxIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 May 2024 08:32:24 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 03 Aug 2023 07:47:43 GMT
ETag: "1be8-601fffecc2100"
Accept-Ranges: bytes
Content-Length: 7144
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

103.23.100.135/font-awesome/fonts/fontawesome-webfont.woff2?v=4.3.0

103.23.100.135

200 OK

57 kB

URL GET HTTP/1.1
103.23.100.135/font-awesome/fonts/fontawesome-webfont.woff2?v=4.3.0
IP
103.23.100.135:80
ASN
#58400 Universitas Negeri Semarang

Requested by
http://103.23.100.135/auth/login

File type
Web Open Font Format (Version 2), TrueType, length 56780, version 4.197
Size
57 kB (56780 bytes)
Hash
97493d3f11c0a3bd5cbd959f5d19b699
1075231650f579955905bb2f6527148a8e2b4b16
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /font-awesome/fonts/fontawesome-webfont.woff2?v=4.3.0 HTTP/1.1
Host: 103.23.100.135
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://103.23.100.135/font-awesome/css/font-awesome.min.css
Cookie: PHPSESSID=smd9mmca6gajf849lrtrdsvno4; laravel_session=eyJpdiI6IlhleFUySFhWblJKUlVEUUt3VWpBbUE9PSIsInZhbHVlIjoiSGxUQTFDRnpzMnhwYWU2aUpRcTltXC84M0JoUW43OFVJTE5QTGo3UGo3OGhDMTN0d2EwSXc5czNuOW1jcG5hcXlKTktNQkZieVZ4VFdJNFhmZkhVSXhRPT0iLCJtYWMiOiJkZDAzYzViZWJmZmM3OWRlMDRjOGQ0NjliZTYxODZkOGQzN2YyZjcyYzU4MGU3OTQ2YTdhOTQyZGFlNjlhYTAxIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 May 2024 08:32:24 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 03 Aug 2023 07:47:43 GMT
ETag: "ddcc-601fffeccec20"
Accept-Ranges: bytes
Content-Length: 56780
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive

ekr.zdassets.com/compose/769f70e3-dc71-49d6-bccb-4f165b4c1a3b

104.18.70.113

200 OK

8.4 kB

URL GET HTTP/2
ekr.zdassets.com/compose/769f70e3-dc71-49d6-bccb-4f165b4c1a3b
IP
104.18.70.113:443
ASN
#13335 CLOUDFLARENET

Requested by
http://103.23.100.135/auth/login
Certificate
IssuerLet's Encrypt
Subjectzdassets.com
Fingerprint91:4E:55:88:20:64:B8:AA:0E:42:DA:60:4E:C8:0C:21:93:4F:B1:F7
ValidityWed, 01 May 2024 21:55:19 GMT - Tue, 30 Jul 2024 21:55:18 GMT

File type
JSON text data
Size
8.4 kB (8414 bytes)
Hash
73f365f7d864157eab81f3fac1a22faa
cb588f5e58908d37825863f110abd6e018316590
4945c7aeabb3d19e60a0824657af5b1328a5882e1606487ec0e39b0fe06014c7

HTTP Headers

GET /compose/769f70e3-dc71-49d6-bccb-4f165b4c1a3b HTTP/1.1
Host: ekr.zdassets.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://103.23.100.135/
Origin: http://103.23.100.135
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 08:58:32 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-expose-headers: 
access-control-max-age: 7200
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cdn-cache-control: max-age=60
vary: Accept, Origin, Accept-Encoding
cache-control: max-age=300, public, stale-while-revalidate=300, stale-if-error=21600
etag: W/"4945c7aeabb3d19e60a0824657af5b13"
x-request-id: 87e74a20cd3ab500-SEA, 87e74a20cd3ab500-SEA
x-runtime: 0.003814
x-zendesk-zorg: yes
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AwQwKm7N35oc%2Fzu94IsaV7s7FUZ8GHKAQqdV3owh%2Fm%2BVlWYUhPKytaPMYhlYdplQ9YMIwZXB%2BKXZn4Af8FLafynWiMSih6p5FNV7l5xId89liEgve3%2BObu6vNlCqf%2BhKrqo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 87e74a20cd3ab500-OSL
content-encoding: br
X-Firefox-Spdy: h2

103.23.100.135/logo.png

103.23.100.135

200 OK

655 kB

URL GET HTTP/1.1
103.23.100.135/logo.png
IP
103.23.100.135:80
ASN
#58400 Universitas Negeri Semarang

Requested by
http://103.23.100.135/auth/login

File type
PNG image data, 2196 x 2228, 8-bit/color RGBA, non-interlaced
Size
655 kB (655079 bytes)
Hash
0d4efeaed44fad40e6e47e7855f23125
518568d49b096ef4c70360a74190addf09a3cecf
2457e780681c1645b275bbafe73f90292e344895f0e469a89371168ec0e0cfc0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logo.png HTTP/1.1
Host: 103.23.100.135
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.23.100.135/auth/login
Cookie: PHPSESSID=smd9mmca6gajf849lrtrdsvno4; laravel_session=eyJpdiI6IlhleFUySFhWblJKUlVEUUt3VWpBbUE9PSIsInZhbHVlIjoiSGxUQTFDRnpzMnhwYWU2aUpRcTltXC84M0JoUW43OFVJTE5QTGo3UGo3OGhDMTN0d2EwSXc5czNuOW1jcG5hcXlKTktNQkZieVZ4VFdJNFhmZkhVSXhRPT0iLCJtYWMiOiJkZDAzYzViZWJmZmM3OWRlMDRjOGQ0NjliZTYxODZkOGQzN2YyZjcyYzU4MGU3OTQ2YTdhOTQyZGFlNjlhYTAxIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 May 2024 08:32:24 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 03 Aug 2023 07:47:43 GMT
ETag: "9fee7-601fffecd8860"
Accept-Ranges: bytes
Content-Length: 655079
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

static.zdassets.com/web_widget/classic/latest/web-widget-main-7bc1c0f.js

104.18.72.113

200 OK

992 kB

URL GET HTTP/2
static.zdassets.com/web_widget/classic/latest/web-widget-main-7bc1c0f.js
IP
104.18.72.113:443
ASN
#13335 CLOUDFLARENET

Requested by
http://103.23.100.135/auth/login
Certificate
IssuerLet's Encrypt
Subjectzdassets.com
Fingerprint91:4E:55:88:20:64:B8:AA:0E:42:DA:60:4E:C8:0C:21:93:4F:B1:F7
ValidityWed, 01 May 2024 21:55:19 GMT - Tue, 30 Jul 2024 21:55:18 GMT

File type

Size
992 kB (992059 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /web_widget/classic/latest/web-widget-main-7bc1c0f.js HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 08:58:32 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: ldH41+NY0+fYAgvbqFIJmvudIE2j/SxzaKSwKqxB3P/vSWpJ08HqoFV2mSP6KWgMbK8lgvcvTvmD4moNqUmffw==
x-amz-request-id: 64S1GV9HNQKB0DVA
x-amz-replication-status: COMPLETED
last-modified: Mon, 08 Apr 2024 13:46:13 GMT
etag: W/"3784cf5e1ddd3a68e335f3bb4a5e2fcd"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
expires: Tue, 08 Apr 2025 13:46:12 GMT
x-amz-version-id: _IYDenNVju8wHXIpAa8FJzBqmTlghdyK
cf-cache-status: HIT
age: 310821
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=amhtuotn6wiSbjgmPiQpZ%2Bo01bxI%2BA2n1l2YwA9SRmcvKQNieu0UxXt8Bka2pUtZLBRXNdGIMYLnxrrN66nQAczOzjZ6A%2FDcrPlhLebzG6Ws2qF0Q5HhcY21m%2F0Mk03%2BDMdiZps%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
access-control-allow-headers: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
access-control-max-age: 0
server: cloudflare
cf-ray: 87e74a224eae712b-OSL
content-encoding: br
X-Firefox-Spdy: h2

static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/en-us-json-7bc1c0f.js

104.18.72.113

200 OK

26 kB

URL GET HTTP/2
static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/en-us-json-7bc1c0f.js
IP
104.18.72.113:443
ASN
#13335 CLOUDFLARENET

Requested by
http://103.23.100.135/auth/login
Certificate
IssuerLet's Encrypt
Subjectzdassets.com
Fingerprint91:4E:55:88:20:64:B8:AA:0E:42:DA:60:4E:C8:0C:21:93:4F:B1:F7
ValidityWed, 01 May 2024 21:55:19 GMT - Tue, 30 Jul 2024 21:55:18 GMT

File type

Size
26 kB (25711 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /web_widget/classic/latest/web-widget-locales/classic/en-us-json-7bc1c0f.js HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 08:58:33 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: W9B1SBtAeKjZ8kR3+2GgpY7yqrRwEUd74ifS+fdKkR32Prbx0bEwMeNV6dGVRlF6Cg02ybWPMLk=
x-amz-request-id: DKWT4SJ3NP0VX855
x-amz-replication-status: COMPLETED
last-modified: Mon, 08 Apr 2024 13:46:15 GMT
etag: W/"6eb45e96a7cbb4b8ca10897f3cf09981"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
expires: Tue, 08 Apr 2025 13:46:13 GMT
x-amz-version-id: LLNIVxZ_bojnmbOmqAvI_43_VNrKfel_
cf-cache-status: HIT
age: 1977203
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QIknOeDjrSo3%2Fiy7Eo5S2WR14JnfnHEEx8S5M%2F8zoWKoCcJVYQ%2B7JbwxetmqJ0ARkXK59PfBlAAgCBICwGiHFbbJOB1TWb%2F%2BoX57zXXcjLB%2FYr0uO%2F4G8KDslDvW0ya5ma0wCXs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
access-control-allow-headers: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
access-control-max-age: 0
server: cloudflare
cf-ray: 87e74a24b8c2712b-OSL
content-encoding: br
X-Firefox-Spdy: h2

static.zdassets.com/ekr/snippet.js?key=769f70e3-dc71-49d6-bccb-4f165b4c1a3b

104.18.72.113

200 OK

10 kB

URL GET HTTP/2
static.zdassets.com/ekr/snippet.js?key=769f70e3-dc71-49d6-bccb-4f165b4c1a3b
IP
104.18.72.113:443
ASN
#13335 CLOUDFLARENET

Requested by
http://103.23.100.135/auth/login
Certificate
IssuerLet's Encrypt
Subjectzdassets.com
Fingerprint91:4E:55:88:20:64:B8:AA:0E:42:DA:60:4E:C8:0C:21:93:4F:B1:F7
ValidityWed, 01 May 2024 21:55:19 GMT - Tue, 30 Jul 2024 21:55:18 GMT

File type
JavaScript source, ASCII text, with very long lines (10187), with no line terminators
Size
10 kB (10187 bytes)
Hash
c0053b411b753138af468db1bd3b19f3
7c3a187aa58f2b9e5446edb761b3d4d2ba506fe7
ce337ec7dda4b3a741363a2673c7edce5c736f1660e2aa908131ecfd9dd1343f

HTTP Headers

GET /ekr/snippet.js?key=769f70e3-dc71-49d6-bccb-4f165b4c1a3b HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://103.23.100.135/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 08:58:31 GMT
content-type: application/javascript
x-amz-id-2: z1V/NuijnK7Md6R8xho26aVzAi5YWZpIy2l2KX04qLLf562XDGukX+pnpGWp4oLzz96OIYLMddM=
x-amz-request-id: 16EJPM9K30XP37FF
x-amz-replication-status: COMPLETED
last-modified: Mon, 15 Jan 2024 02:56:11 GMT
etag: W/"c0053b411b753138af468db1bd3b19f3"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=3600, s-maxage=60
x-amz-version-id: sR7NItkX1i3nKckB5vEat7T2DUmPnRiJ
cf-cache-status: HIT
age: 54
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QdOCIXMHv582rUF4UsJHgk1F9gwcOtq1hcuYyxF%2BemNCA4t8DrNDQHKTrx8BlYCts3PVHnusokCTJFnp1xA8U37sbfQj6eC1XM6nGHdtFLsEgYYaUNtb1ueNIIhCz8k0%2BRU%2BV%2BE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
access-control-allow-headers: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
access-control-max-age: 0
server: cloudflare
cf-ray: 87e74a180e71712b-OSL
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by