{"report_id":"04e08f1b-0fd6-47d5-8dc4-0925063bb6e8","version":6,"status":"done","tags":["phishing"],"date":"2026-06-07T00:34:32Z","url":{"schema":"http","addr":"trainingcenter.pkugombong.com/Update/login.htm","fqdn":"trainingcenter.pkugombong.com","domain":"pkugombong.com","tld":"com"},"ip":{"addr":"36.64.221.52","port":0,"asn":7713,"as":"PT Telekomunikasi Indonesia","country":"Indonesia","country_code":"ID"},"final":{"url":{"schema":"http","addr":"trainingcenter.pkugombong.com/Update/login.htm","fqdn":"trainingcenter.pkugombong.com","domain":"pkugombong.com","tld":"com"},"title":"Webmail Portal Login","dom":{"size":39,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"086707e4369f60afedcafb16050a7618","sha1":"8216b0cc6876cbd44f01c158e7dff3833ceccd41","sha256":"a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e","sha512":"aade21843813e2cab329b99185c6f61db7907a556ea974e0315dcf3ad967cab20fee66d4f10db0d0ec43a71e086ce6d700d5524103deaefa3ce5f6be74ba5737","ssdeep":"","tlshash":"6a9000fee0a2000efc303bc00cc2238a0c28c3a830028e002ac038b8c80822bcc032c8","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"trainingcenter.pkugombong.com/Update/login.htm","fqdn":"trainingcenter.pkugombong.com","domain":"pkugombong.com","tld":"com"},"ip":{"addr":"36.64.221.52","port":0,"asn":7713,"as":"PT Telekomunikasi Indonesia","country":"Indonesia","country_code":"ID"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-12T00:34:32Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":2,"urlquery":2,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-07T00:34:17Z","timestamp":1780792457,"ip_dst":{"addr":"Client IP","port":43930,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"36.64.221.52","port":80,"asn":7713,"as":"PT Telekomunikasi Indonesia","country":"Indonesia","country_code":"ID"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1","source":"{\"timestamp\":\"2026-06-07T00:34:17.306397+0000\",\"flow_id\":2137896148758716,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"36.64.221.52\",\"src_port\":80,\"dest_ip\":\"172.18.0.21\",\"dest_port\":43930,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036300,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"trainingcenter.pkugombong.com\",\"url\":\"/Update/login.htm\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":4744},\"files\":[{\"filename\":\"/Update/login.htm\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":10932,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":7,\"bytes_toserver\":900,\"bytes_toclient\":5553,\"start\":\"2026-06-07T00:34:11.749756+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-07T00:34:17Z","timestamp":1780792457,"ip_dst":{"addr":"Client IP","port":43930,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"36.64.221.52","port":80,"asn":7713,"as":"PT Telekomunikasi Indonesia","country":"Indonesia","country_code":"ID"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3","source":"{\"timestamp\":\"2026-06-07T00:34:17.306397+0000\",\"flow_id\":2137896148758716,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"36.64.221.52\",\"src_port\":80,\"dest_ip\":\"172.18.0.21\",\"dest_port\":43930,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036302,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"trainingcenter.pkugombong.com\",\"url\":\"/Update/login.htm\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":4744},\"files\":[{\"filename\":\"/Update/login.htm\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":10932,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":7,\"bytes_toserver\":900,\"bytes_toclient\":5553,\"start\":\"2026-06-07T00:34:11.749756+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Generic phishing","verdict":"phishing","severity":"medium","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Generic phishing","verdict":"phishing","severity":"medium","comment":"","tags":["phishing"],"meta":null}]},"summary":[{"fqdn":"firebasestorage.googleapis.com","ip":{"addr":"216.239.38.223","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":40974,"first_seen":"2017-01-30T02:42:50Z","last_seen":"2026-06-05T08:33:09.351383Z","alert_count":0,"request_count":2,"received_data":1078,"sent_data":1078,"comment":"","tags":null,"fingerprints":null},{"fqdn":"alphatrade-options.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2023-10-23","domain_rank":0,"first_seen":"2020-08-05T06:26:24Z","last_seen":"2026-05-30T19:07:11.546596Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":465,"comment":"","tags":null,"fingerprints":null},{"fqdn":"trainingcenter.pkugombong.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2021-06-07","domain_rank":0,"first_seen":"2026-06-06T14:26:41.286464Z","last_seen":"2026-06-06T14:26:41.286464Z","alert_count":6,"request_count":2,"received_data":11271,"sent_data":944,"comment":"","tags":null,"fingerprints":[{"name":"jQuery:1.12.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"Apache HTTP Server:2.4.62","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Debian","description":"Debian is a Linux software which is a free open-source software.","website":"https://debian.org","common_platform_enumeration":"cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*","icon":"Debian.png","categories":["Operating systems"]}]},{"fqdn":"code.jquery.com","ip":{"addr":"151.101.1.155","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2005-12-10","domain_rank":4915,"first_seen":"2012-05-21T17:28:02Z","last_seen":"2026-05-31T23:27:05.834013Z","alert_count":0,"request_count":1,"received_data":294024,"sent_data":476,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Generic phishing","verdict":"phishing","severity":"medium","comment":"","tags":["phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"http","addr":"trainingcenter.pkugombong.com/Update/login.htm","fqdn":"trainingcenter.pkugombong.com","domain":"pkugombong.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"88a2a145c281e9d28670f0b6e011a364","sha1":"c85672799ded31e758416c66acb410d0ad5a897f","sha256":"c946e9fbc3f0e21a89f82ed6bcdd430500789d0a674f92b2d489dc471f823b47","sha512":"65c43bb3c21a7c89b667171ad90cd903f6cdc7376e385ec5a42dd622b9f87c59da0fe215c6e8194d6eaf12ec1e2803e1a72a58699a7f4b579e2ea8e2137b723e","ssdeep":"96:7M9FOM9m5ywRO7rYCFOUK1Oo8rozOmFXeqSFDv:cwkwE7k2Ro8rozFFXeqSFr","tlshash":"a8a162e4bdaa61d70373216c55ef410479a3d1e7771cd804b8bc91a01f9cf28a8dab9e","size":4798,"data":"","first_seen":"2026-06-06T14:26:45.600696Z","last_seen":"2026-06-07T00:34:36.271562Z","times_seen":2,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-07T00:34:17Z","timestamp":1780792457,"ip_dst":{"addr":"172.18.0.21","port":43930,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"36.64.221.52","port":80,"asn":7713,"as":"PT Telekomunikasi Indonesia","country":"Indonesia","country_code":"ID"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1","source":"{\"timestamp\":\"2026-06-07T00:34:17.306397+0000\",\"flow_id\":2137896148758716,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"36.64.221.52\",\"src_port\":80,\"dest_ip\":\"172.18.0.21\",\"dest_port\":43930,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036300,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"trainingcenter.pkugombong.com\",\"url\":\"/Update/login.htm\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":4744},\"files\":[{\"filename\":\"/Update/login.htm\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":10932,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":7,\"bytes_toserver\":900,\"bytes_toclient\":5553,\"start\":\"2026-06-07T00:34:11.749756+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-07T00:34:17Z","timestamp":1780792457,"ip_dst":{"addr":"172.18.0.21","port":43930,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"36.64.221.52","port":80,"asn":7713,"as":"PT Telekomunikasi Indonesia","country":"Indonesia","country_code":"ID"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3","source":"{\"timestamp\":\"2026-06-07T00:34:17.306397+0000\",\"flow_id\":2137896148758716,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"36.64.221.52\",\"src_port\":80,\"dest_ip\":\"172.18.0.21\",\"dest_port\":43930,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036302,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"trainingcenter.pkugombong.com\",\"url\":\"/Update/login.htm\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":4744},\"files\":[{\"filename\":\"/Update/login.htm\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":10932,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":7,\"bytes_toserver\":900,\"bytes_toclient\":5553,\"start\":\"2026-06-07T00:34:11.749756+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-1.12.4.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.1.155","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"fb2d334dabf4902825df4fe6c2298b4b","sha1":"433836da7e015f2eb3fc386817de88b78248f6ef","sha256":"430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575","sha512":"8cac69ec91c437aa5e126ce683a6bb5c904e44d4c1d084c3d8f8bee85524735e8f09a340257d9a859d5e8e7d69d6e637ecfc728ab9ffd0e30d65b2136c48378f","ssdeep":"6144:pCLfh6nicf8Z5wPTdpM4mDoz1EsnFyyyHh3zOxPnS8kVLkIVfzYAK6k1PC:pfw4mDiTFyA6TVfMAKNZC","tlshash":"e754a4d8f78d112e4232316aad2f52cdbb7cd1b1561054aebd8d497c24a083d42faf7a","size":293430,"data":"","first_seen":"2023-03-07T01:16:13Z","last_seen":"2026-06-28T11:19:42.089933Z","times_seen":4150,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"trainingcenter.pkugombong.com/Update/login.htm","fqdn":"trainingcenter.pkugombong.com","domain":"pkugombong.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"3fddac30a4e049baf25b38b4141df638","sha1":"5e4e28d44cfbb0484bfe6a9707152906fa0e60bf","sha256":"64ee7b2838382af8dec9811df08ed364dc194d89279a8d33c9b686bdae73aedd","sha512":"92c83cd6deee3c015a1c97e5e878d13c6cd095ac94894b944050b34dfcd13b4924dbb40c9aa64cda6f10d19ef55e5323bb7f6a3c9f794714225fcbb29575a656","ssdeep":"","tlshash":"83d0a96a36d688b084ffbabf238e9a48393140837808a640382c4e604f20d2547b6a50","size":221,"data":"","first_seen":"2023-03-07T01:24:27Z","last_seen":"2026-06-07T00:37:02.658118Z","times_seen":438,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-07T00:34:17Z","timestamp":1780792457,"ip_dst":{"addr":"172.18.0.21","port":43930,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"36.64.221.52","port":80,"asn":7713,"as":"PT Telekomunikasi Indonesia","country":"Indonesia","country_code":"ID"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1","source":"{\"timestamp\":\"2026-06-07T00:34:17.306397+0000\",\"flow_id\":2137896148758716,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"36.64.221.52\",\"src_port\":80,\"dest_ip\":\"172.18.0.21\",\"dest_port\":43930,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036300,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"trainingcenter.pkugombong.com\",\"url\":\"/Update/login.htm\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":4744},\"files\":[{\"filename\":\"/Update/login.htm\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":10932,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":7,\"bytes_toserver\":900,\"bytes_toclient\":5553,\"start\":\"2026-06-07T00:34:11.749756+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-07T00:34:17Z","timestamp":1780792457,"ip_dst":{"addr":"172.18.0.21","port":43930,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"36.64.221.52","port":80,"asn":7713,"as":"PT Telekomunikasi Indonesia","country":"Indonesia","country_code":"ID"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3","source":"{\"timestamp\":\"2026-06-07T00:34:17.306397+0000\",\"flow_id\":2137896148758716,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"36.64.221.52\",\"src_port\":80,\"dest_ip\":\"172.18.0.21\",\"dest_port\":43930,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036302,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"trainingcenter.pkugombong.com\",\"url\":\"/Update/login.htm\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":4744},\"files\":[{\"filename\":\"/Update/login.htm\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":10932,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":7,\"bytes_toserver\":900,\"bytes_toclient\":5553,\"start\":\"2026-06-07T00:34:11.749756+0000\"}}"}],"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"firebasestorage.googleapis.com/v0/b/portal-aa363.appspot.com/o/favicons.png?alt=media\u0026token=805fb0ef-a2d9-4a7f-85e6-d68384e166e3","fqdn":"firebasestorage.googleapis.com","domain":"firebasestorage.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"216.239.38.223","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://trainingcenter.pkugombong.com/Update/login.htm","date":"2026-06-07T00:34:13.290Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 18 May 2026 18:37:16 GMT","end":"Mon, 10 Aug 2026 18:37:15 GMT"},"fingerprint":{"sha1":"09:88:B4:58:98:CB:16:E7:42:DB:9C:A2:35:B9:AF:71:86:4E:CE:DC","sha256":"BC:85:CA:D5:EB:95:2C:69:27:A2:C6:A5:30:E3:30:B9:BA:A2:1F:28:92:95:79:F8:F3:4A:68:7A:24:26:E6:F9"}}},"request":{"raw":"GET /v0/b/portal-aa363.appspot.com/o/favicons.png?alt=media\u0026token=805fb0ef-a2d9-4a7f-85e6-d68384e166e3 HTTP/1.1\r\nHost: firebasestorage.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://trainingcenter.pkugombong.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 402 Payment Required\r\ncontent-type: application/json; charset=UTF-8\r\nx-guploader-uploadid: AJ5rDhGcMm9zqH_q1fGe8QtWnSpu8lYz2jdlRxW66CZNFAhxn5Gl3XWn9_ZrGjufAGVOH8NGHBpanpA\r\nx-content-type-options: nosniff\r\naccess-control-expose-headers: Content-Range, X-Firebase-Storage-XSRF\r\naccess-control-allow-origin: *\r\ndate: Sun, 07 Jun 2026 00:34:13 GMT\r\nexpires: Sun, 07 Jun 2026 00:34:13 GMT\r\ncache-control: private, max-age=0\r\ncontent-length: 406\r\nserver: UploadServer\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"402","status_text":"Payment Required","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-28T19:32:20.062066Z","times_seen":16802106,"resource_available":true,"data":null}},"time_used":485,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":485,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"alphatrade-options.com/git/rand/favicon.png","fqdn":"alphatrade-options.com","domain":"alphatrade-options.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://trainingcenter.pkugombong.com/Update/login.htm","date":"2026-06-07T00:34:13.293Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /git/rand/favicon.png HTTP/1.1\r\nHost: alphatrade-options.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://trainingcenter.pkugombong.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-28T19:32:20.062066Z","times_seen":16802106,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"trainingcenter.pkugombong.com/Update/login.htm","fqdn":"trainingcenter.pkugombong.com","domain":"pkugombong.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-07T00:34:10.593Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Update/login.htm HTTP/1.1\r\nHost: trainingcenter.pkugombong.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-28T19:32:20.062066Z","times_seen":16802106,"resource_available":true,"data":null}},"time_used":872,"timings":{"blocked":872,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-07T00:34:17Z","timestamp":1780792457,"ip_dst":{"addr":"172.18.0.21","port":43930,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"36.64.221.52","port":80,"asn":7713,"as":"PT Telekomunikasi Indonesia","country":"Indonesia","country_code":"ID"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1","source":"{\"timestamp\":\"2026-06-07T00:34:17.306397+0000\",\"flow_id\":2137896148758716,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"36.64.221.52\",\"src_port\":80,\"dest_ip\":\"172.18.0.21\",\"dest_port\":43930,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036300,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"trainingcenter.pkugombong.com\",\"url\":\"/Update/login.htm\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":4744},\"files\":[{\"filename\":\"/Update/login.htm\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":10932,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":7,\"bytes_toserver\":900,\"bytes_toclient\":5553,\"start\":\"2026-06-07T00:34:11.749756+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-07T00:34:17Z","timestamp":1780792457,"ip_dst":{"addr":"172.18.0.21","port":43930,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"36.64.221.52","port":80,"asn":7713,"as":"PT Telekomunikasi Indonesia","country":"Indonesia","country_code":"ID"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3","source":"{\"timestamp\":\"2026-06-07T00:34:17.306397+0000\",\"flow_id\":2137896148758716,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"36.64.221.52\",\"src_port\":80,\"dest_ip\":\"172.18.0.21\",\"dest_port\":43930,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036302,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"trainingcenter.pkugombong.com\",\"url\":\"/Update/login.htm\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":4744},\"files\":[{\"filename\":\"/Update/login.htm\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":10932,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":7,\"bytes_toserver\":900,\"bytes_toclient\":5553,\"start\":\"2026-06-07T00:34:11.749756+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Generic phishing","verdict":"phishing","severity":"medium","comment":"","tags":["phishing"],"meta":null}]}},{"url":{"schema":"http","addr":"trainingcenter.pkugombong.com/Update/login.htm","fqdn":"trainingcenter.pkugombong.com","domain":"pkugombong.com","tld":"com"},"ip":{"addr":"36.64.221.52","port":80,"asn":7713,"as":"PT Telekomunikasi Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-07T00:34:11.749Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Update/login.htm HTTP/1.1\r\nHost: trainingcenter.pkugombong.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 07 Jun 2026 00:35:12 GMT\r\nServer: Apache/2.4.62 (Debian)\r\nLast-Modified: Fri, 05 Jun 2026 14:11:20 GMT\r\nETag: \"2ab4-653823c225200-gzip\"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 4744\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery:1.12.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"Apache HTTP Server:2.4.62","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Debian","description":"Debian is a Linux software which is a free open-source software.","website":"https://debian.org","common_platform_enumeration":"cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*","icon":"Debian.png","categories":["Operating systems"]}],"data":{"size":10932,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (1700)","md5":"7b45f5aa01e61465b9a75653a53674ae","sha1":"e05bf0ad2b38d1cf0cbfa779a32958762d1f8679","sha256":"bc653b228c744916edda6b97f6def86f5e3139aae4c7919c5c585ce492ccdf33","sha512":"9d80a28cafdc5ed5fe8a512e101b8db33bd8d07e8b1ef81dd733e65030725a1313dbcd5faf45319e90b8b9b360950ea5a0106d74a29b0698d797df8168bc1f0b","ssdeep":"192:AyXYWaHdYkA/Luxx5QswkwE7k2Ro8rozFFXeqSFYo9rOL3:5oJhrHbwENo8ro48b","tlshash":"50323971b9a820875567507cb3da82083c538193fb099914b8bc92b05fdcf79adf278e","first_seen":"2026-06-06T14:26:45.599671Z","last_seen":"2026-06-07T00:34:36.269494Z","times_seen":2,"resource_available":true,"data":null}},"time_used":832,"timings":{"blocked":275,"dns":1,"connect":275,"send":0,"wait":277,"receive":4,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-07T00:34:17Z","timestamp":1780792457,"ip_dst":{"addr":"172.18.0.21","port":43930,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"36.64.221.52","port":80,"asn":7713,"as":"PT Telekomunikasi Indonesia","country":"Indonesia","country_code":"ID"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1","source":"{\"timestamp\":\"2026-06-07T00:34:17.306397+0000\",\"flow_id\":2137896148758716,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"36.64.221.52\",\"src_port\":80,\"dest_ip\":\"172.18.0.21\",\"dest_port\":43930,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036300,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"trainingcenter.pkugombong.com\",\"url\":\"/Update/login.htm\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":4744},\"files\":[{\"filename\":\"/Update/login.htm\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":10932,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":7,\"bytes_toserver\":900,\"bytes_toclient\":5553,\"start\":\"2026-06-07T00:34:11.749756+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-07T00:34:17Z","timestamp":1780792457,"ip_dst":{"addr":"172.18.0.21","port":43930,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"36.64.221.52","port":80,"asn":7713,"as":"PT Telekomunikasi Indonesia","country":"Indonesia","country_code":"ID"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3","source":"{\"timestamp\":\"2026-06-07T00:34:17.306397+0000\",\"flow_id\":2137896148758716,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"36.64.221.52\",\"src_port\":80,\"dest_ip\":\"172.18.0.21\",\"dest_port\":43930,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036302,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"trainingcenter.pkugombong.com\",\"url\":\"/Update/login.htm\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":4744},\"files\":[{\"filename\":\"/Update/login.htm\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":10932,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":7,\"bytes_toserver\":900,\"bytes_toclient\":5553,\"start\":\"2026-06-07T00:34:11.749756+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Generic phishing","verdict":"phishing","severity":"medium","comment":"","tags":["phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"firebasestorage.googleapis.com/v0/b/portal-aa363.appspot.com/o/jquery-1.js?alt=media\u0026token=be637750-133e-4219-9149-f23352276b75","fqdn":"firebasestorage.googleapis.com","domain":"firebasestorage.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"216.239.38.223","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://trainingcenter.pkugombong.com/Update/login.htm","date":"2026-06-07T00:34:12.407Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 18 May 2026 18:37:16 GMT","end":"Mon, 10 Aug 2026 18:37:15 GMT"},"fingerprint":{"sha1":"09:88:B4:58:98:CB:16:E7:42:DB:9C:A2:35:B9:AF:71:86:4E:CE:DC","sha256":"BC:85:CA:D5:EB:95:2C:69:27:A2:C6:A5:30:E3:30:B9:BA:A2:1F:28:92:95:79:F8:F3:4A:68:7A:24:26:E6:F9"}}},"request":{"raw":"GET /v0/b/portal-aa363.appspot.com/o/jquery-1.js?alt=media\u0026token=be637750-133e-4219-9149-f23352276b75 HTTP/1.1\r\nHost: firebasestorage.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://trainingcenter.pkugombong.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 402 Payment Required\r\ncontent-type: application/json; charset=UTF-8\r\nx-guploader-uploadid: AJ5rDhGCFzkFHBZ0HUKXPfnKF9EyDDStNOSChUE1u5u661l-JWgExu-gaDXVN0dEYEPHHggwhE_zmNE\r\nx-content-type-options: nosniff\r\naccess-control-expose-headers: Content-Range, X-Firebase-Storage-XSRF\r\naccess-control-allow-origin: *\r\ndate: Sun, 07 Jun 2026 00:34:13 GMT\r\nexpires: Sun, 07 Jun 2026 00:34:13 GMT\r\ncache-control: private, max-age=0\r\ncontent-length: 406\r\nserver: UploadServer\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"402","status_text":"Payment Required","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-28T19:32:20.062066Z","times_seen":16802106,"resource_available":true,"data":null}},"time_used":913,"timings":{"blocked":248,"dns":41,"connect":22,"send":0,"wait":411,"receive":0,"ssl":187},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-1.12.4.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.1.155","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://trainingcenter.pkugombong.com/Update/login.htm","date":"2026-06-07T00:34:12.409Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV E36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 20 May 2026 00:00:00 GMT","end":"Fri, 04 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DE:F8:0F:C4:8F:BC:F5:01:B1:66:91:CC:15:DC:D8:6E:5D:2F:45:4E","sha256":"05:8E:2E:14:85:E2:41:28:F5:18:A4:37:49:31:2B:0E:24:53:64:3F:02:15:BE:63:EF:F4:B8:53:5A:8B:6D:29"}}},"request":{"raw":"GET /jquery-1.12.4.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://trainingcenter.pkugombong.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://trainingcenter.pkugombong.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-47a36\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Sun, 07 Jun 2026 00:34:12 GMT\r\nage: 2208956\r\nx-served-by: cache-lga21970-LGA, cache-hel1410030-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 26406, 20410\r\nx-timer: S1780792452.457414,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 87176\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}],"data":{"size":293430,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text","md5":"fb2d334dabf4902825df4fe6c2298b4b","sha1":"433836da7e015f2eb3fc386817de88b78248f6ef","sha256":"430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575","sha512":"8cac69ec91c437aa5e126ce683a6bb5c904e44d4c1d084c3d8f8bee85524735e8f09a340257d9a859d5e8e7d69d6e637ecfc728ab9ffd0e30d65b2136c48378f","ssdeep":"6144:pCLfh6nicf8Z5wPTdpM4mDoz1EsnFyyyHh3zOxPnS8kVLkIVfzYAK6k1PC:pfw4mDiTFyA6TVfMAKNZC","tlshash":"e754a4d8f78d112e4232316aad2f52cdbb7cd1b1561054aebd8d497c24a083d42faf7a","first_seen":"2023-03-07T01:16:13Z","last_seen":"2026-06-28T11:19:42.089933Z","times_seen":4150,"resource_available":true,"data":null}},"time_used":121,"timings":{"blocked":39,"dns":1,"connect":15,"send":0,"wait":15,"receive":21,"ssl":27},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}