Report - facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne

Report Overview

Visited public
2023-09-24 01:43:31
Tags
URL
facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne
Finishing URL
facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/
IP / ASN
104.21.0.238
#13335 CLOUDFLARENET
Title
Masuk Facebook | Facebook

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
facebooknevw2sp.lanjutkan.my.id	unknown	2023-07-11	2023-09-23 07:42:47	2023-09-23 10:36:56	2.9 kB	64 kB	104.21.0.238
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2023-09-23 20:51:25	1.1 kB	93 kB	104.17.25.14
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2023-09-23 18:14:21	1.6 kB	158 kB	151.101.1.229
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2023-09-23 20:51:22	427 B	32 kB	151.101.2.137
i.postimg.cc	23840	2016-06-11	2018-04-11 12:01:12	2023-09-23 21:38:08	459 B	36 kB	162.19.88.69
rawcdn.githack.com	72170	2013-10-12	2016-07-04 13:09:52	2023-09-23 22:52:19	1.5 kB	12 kB	104.21.234.231
ocsp.pki.goog	175	2016-06-13	2018-07-01 08:43:07	2023-09-23 18:12:07	1.7 kB	3.5 kB	142.250.74.131
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-09-24 00:09:38	1.8 kB	184 kB	142.250.74.106
z-m-static.xx.fbcdn.net	71988	2007-05-03	2015-07-28 05:58:08	2023-09-23 01:03:29	938 B	2.9 kB	157.240.240.36

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-09-24 01:43:14	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-09-24 01:43:14	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-09-24 01:43:14	medium	Client IP	Internal IP	ET DNS Query for .cc TLD

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-09-23	medium	facebooknevw2sp.lanjutkan.my.id/	Facebook, Inc.
2023-09-23	medium	facebooknevw2sp.lanjutkan.my.id/	Facebook, Inc.
2023-09-23	medium	facebooknevw2sp.lanjutkan.my.id/	Facebook, Inc.
2023-09-23	medium	facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne	Facebook, Inc.
2023-09-23	medium	facebooknevw2sp.lanjutkan.my.id/	Facebook, Inc.
2023-09-23	medium	facebooknevw2sp.lanjutkan.my.id/	Facebook, Inc.

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-09-24	medium	lanjutkan.my.id	Sinkholed
2023-09-24	medium	lanjutkan.my.id	Sinkholed
2023-09-24	medium	lanjutkan.my.id	Sinkholed
2023-09-24	medium	lanjutkan.my.id	Sinkholed
2023-09-24	medium	lanjutkan.my.id	Sinkholed
2023-09-24	medium	lanjutkan.my.id	Sinkholed

ThreatFox

No alerts detected

JavaScript (8)

	URL	From	Size	First Seen	Last Seen
	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-05-09
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.2.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 11:56 Times Seen205626 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/alexFrontEnd/js-AlexHost.js	ScriptElement	2.9 kB	2023-07-23	2024-08-21
Pretty URL facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/alexFrontEnd/js-AlexHost.js IP 172.67.128.119 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-23 09:10 Last Seen2024-08-21 07:06 Times Seen33 Hash b9d41304572e4a5cad0f7f5663136871 640d6a542f118329a98ef6d4490c52c4d16ceea7 854eb51436d7eebf0a7a074723f7bf906da52f20d6885f24e203f11b5c9c9ab5 Loading...

	rawcdn.githack.com/AlexHostX/protect/aaa1462a19b8d8b6cbd68101a5ac89f4955b49de/input-exception.js	ScriptElement	9.0 kB	2023-03-07	2023-10-03
Pretty URL rawcdn.githack.com/AlexHostX/protect/aaa1462a19b8d8b6cbd68101a5ac89f4955b49de/input-exception.js IP 104.21.234.231 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:09 Last Seen2023-10-03 01:24 Times Seen16 Hash 7564bfd8bfc61fec405528499f4ac348 6cf070419b896549ab1c859d5420ff88ad32a6a9 96df2f4735650bfe911e983781783284646ff7cc8109e0dfeb6de8056f1a7654 Loading...

	unknown	ScriptElement	879 B	2023-07-23	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-23 09:10 Last Seen2024-08-21 07:06 Times Seen7 Hash 33c9c1b4775e49d7dc3e0aaadf97b0ed 0b4b1b8dcf2c8a084dad1b5acc94fa8c6938707d b39befee8ed288d9c12bd8981350852bcc19b2c2bb857e3e2e3b662535683a91 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js	ScriptElement	90 kB	2023-03-07	2025-05-09
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 11:25 Times Seen108613 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js	ScriptElement	84 kB	2023-03-07	2025-05-09
Pretty URL ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 11:37 Times Seen8025 Hash e40ec2161fe7993196f23c8a07346306 afb90752e0a90c24b7f724faca86c5f3d15d1178 874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4 Loading...

	ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js	ScriptElement	84 kB	2023-03-07	2025-05-08
Pretty URL ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-08 17:05 Times Seen7258 Hash 32015dd42e9582a80a84736f5d9a44d7 41b4bfbaa96be6d1440db6e78004ade1c134e276 8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3 Loading...

		Size	First Seen	Last Seen
	#1 Write - 0824f182f905bf0c4e1a16849a08215a	741 B	2023-03-07 12:09	2024-08-21 09:13
Pretty Observations First Seen2023-03-07 12:09 Last Seen2024-08-21 09:13 Times Seen16 Hash 0824f182f905bf0c4e1a16849a08215a d2108a60bbc526d6216cc1aa5910207b8ac286f8 a64192afe2438d781ea2b21c5f33dccfd25b60d53099d24901c69f2a0f3358fa Loading...

HTTP Transactions (27)

URL IP Response Size

facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/

104.21.0.238

200 OK

0 B

URL User Request GET HTTP/3
facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/
IP
104.21.0.238:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectlanjutkan.my.id
Fingerprint4E:D8:96:03:D8:99:DE:D8:4A:47:33:0D:69:00:F2:65:B4:AE:DE:D4
ValidityFri, 08 Sep 2023 02:59:56 GMT - Thu, 07 Dec 2023 02:59:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Facebook, Inc.
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /e29ekeje92j2ne/ HTTP/1.1
Host: facebooknevw2sp.lanjutkan.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Sun, 24 Sep 2023 01:43:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 24 Sep 2023 02:43:13 GMT
Location: https://facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=82bIqjZmb1ViOB3FOy9%2FK6GBkzJrStt1WPT1q3EC9mkH1GWpFkwLCKQoTDm2f0DYMxMo%2FT6Pm%2B85O8gpMc1F9Xed7Nu7OGkLXZrRjoTwUY1GeiiJ2Ox1lkx%2BeUK0OoP8M2bdrHnP9mHBgiTn8eyXiDJu"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 80b755d6dc2f5684-OSL
alt-svc: h2=":443"; ma=60

cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.2/css/all.min.css

104.17.25.14

200 OK

10 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.2/css/all.min.css
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (59158)
Size
10 kB (10482 bytes)
Hash
c4af24ce595437830af0a401897698b2
06b7f92dd894a9edb0aeb9d040b489460ecff593
d1fb8d8337cd22568295b0ed998c85c58f0b4cd083af0b0db21cb0af80002f2d

HTTP Headers

GET /ajax/libs/font-awesome/5.15.2/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://facebooknevw2sp.lanjutkan.my.id
DNT: 1
Connection: keep-alive
Referer: https://facebooknevw2sp.lanjutkan.my.id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 24 Sep 2023 01:43:14 GMT
content-type: text/css; charset=utf-8
content-length: 10482
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64942a3b-28f2"
last-modified: Thu, 22 Jun 2023 11:02:19 GMT
cf-cdnjs-via: cfworker/r2
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1408656
expires: Fri, 13 Sep 2024 01:43:14 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hH45d8dtc%2B0eerIHjcBziaGd%2BRdqe7a%2Bk4Xwu7N%2FFN11s8PvoBRhw0Xp6IMPieXIFuSUJbt9OwGPb8lyTM%2BXTurfE7s%2FzXUbIBdGZJD3vIenLBmEWo3lU1MA7e9fTBWak%2FrxIjTM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 80b755da3b19b509-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/bootstrap-icons.css

151.101.1.229

200 OK

66 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/bootstrap-icons.css
IP
151.101.1.229:443
ASN
#54113 FASTLY

Requested by
https://facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint88:D1:D3:FA:BE:69:45:71:5A:74:78:14:1A:E8:F3:5A:88:69:9C:7F
ValidityFri, 23 Dec 2022 10:55:14 GMT - Wed, 24 Jan 2024 10:55:13 GMT

File type
ASCII text
Size
66 kB (65696 bytes)
Hash
ea83ae92c684331d2096c4d3306a04de
1865dddcbb7b67dcef4250e590cc9a9574aba673
3c325075337b768950583012228055ae392e384688d77ec5235e6ca88dcec6ef

HTTP Headers

GET /npm/bootstrap-icons@1.5.0/font/bootstrap-icons.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebooknevw2sp.lanjutkan.my.id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 1.5.0
x-jsd-version-type: version
etag: W/"100a0-GGXd3Lt7Z9zvQlDlkMyalXSrpnM"
accept-ranges: bytes
date: Sun, 24 Sep 2023 01:43:14 GMT
age: 16634611
x-served-by: cache-fra-eddf8230101-FRA, cache-bma1645-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 65696
X-Firefox-Spdy: h2

cdn.jsdelivr.net/gh/AlexHostX/logAlex@main/mobile_icon_fb.png

151.101.1.229

404 Not Found

55 B

URL GET HTTP/2
cdn.jsdelivr.net/gh/AlexHostX/logAlex@main/mobile_icon_fb.png
IP
151.101.1.229:443
ASN
#54113 FASTLY

Requested by
https://facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint88:D1:D3:FA:BE:69:45:71:5A:74:78:14:1A:E8:F3:5A:88:69:9C:7F
ValidityFri, 23 Dec 2022 10:55:14 GMT - Wed, 24 Jan 2024 10:55:13 GMT

File type
ASCII text, with no line terminators
Size
55 B (55 bytes)
Hash
7bff872b950f6daefb87d35a1d490833
7f33b7b54f376eda612d48ab08a99ce093153ee3
beb43c3e32bda4c312e7da138559058174177792bfff22e33ebe32762b497e7f

HTTP Headers

GET /gh/AlexHostX/logAlex@main/mobile_icon_fb.png HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebooknevw2sp.lanjutkan.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=600, s-maxage=600
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/plain; charset=utf-8
etag: W/"33-fzO3tU83btphLUirCKmc4JMVPuM"
content-encoding: br
accept-ranges: bytes
date: Sun, 24 Sep 2023 01:43:14 GMT
age: 172
x-served-by: cache-fra-eddf8230053-FRA, cache-bma1645-BMA
x-cache: HIT, MISS
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 55
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.6.0.min.js

151.101.2.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.2.137:443
ASN
#54113 FASTLY

Requested by
https://facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65447)
Size
31 kB (30875 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebooknevw2sp.lanjutkan.my.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sun, 24 Sep 2023 01:43:14 GMT
age: 281694
x-served-by: cache-lga21931-LGA, cache-bma1650-BMA
x-cache: HIT, HIT
x-cache-hits: 30, 79482
x-timer: S1695519794.406112,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
99734170fcdad2d52884412f61321bf8
25163901dbdc047070a12d8afadcaa7009d8b595
f2a2590ac5fa2bcc9db8c46b3b4ad45f0a03b03193f601a2636e900fe851cf59

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 24 Sep 2023 01:43:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

i.postimg.cc/L8qRDfPQ/fbsesi.jpg

162.19.88.69

200 OK

36 kB

URL GET HTTP/2
i.postimg.cc/L8qRDfPQ/fbsesi.jpg
IP
162.19.88.69:443
ASN
#16276 OVH SAS

Requested by
https://facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/
Certificate
IssuerLet's Encrypt
Subjectpostimg.cc
Fingerprint7C:A2:32:CE:24:3E:C2:52:E5:FD:21:44:88:CF:35:01:74:B6:8D:5A
ValidityWed, 23 Aug 2023 05:13:18 GMT - Tue, 21 Nov 2023 05:13:17 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 842x748, components 3\012- data
Size
36 kB (35678 bytes)
Hash
d80b79a152b88f84a5a031d13a8ba552
8d0a3b3c294e0a19f9159a144e75c9494a7c84f2
8474304468ae321be76c829655cd11cd7a21a6310e85427e49b9b11ddd7e15bd

HTTP Headers

GET /L8qRDfPQ/fbsesi.jpg HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebooknevw2sp.lanjutkan.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 24 Sep 2023 01:43:14 GMT
content-type: image/jpeg
content-length: 35678
last-modified: Thu, 13 Oct 2022 11:27:15 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
99734170fcdad2d52884412f61321bf8
25163901dbdc047070a12d8afadcaa7009d8b595
f2a2590ac5fa2bcc9db8c46b3b4ad45f0a03b03193f601a2636e900fe851cf59

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 24 Sep 2023 01:43:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
99734170fcdad2d52884412f61321bf8
25163901dbdc047070a12d8afadcaa7009d8b595
f2a2590ac5fa2bcc9db8c46b3b4ad45f0a03b03193f601a2636e900fe851cf59

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 24 Sep 2023 01:43:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
99734170fcdad2d52884412f61321bf8
25163901dbdc047070a12d8afadcaa7009d8b595
f2a2590ac5fa2bcc9db8c46b3b4ad45f0a03b03193f601a2636e900fe851cf59

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 24 Sep 2023 01:43:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js

142.250.74.106

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintBE:40:3A:A6:DE:CC:A7:8B:75:43:68:F2:F9:56:63:71:49:61:06:49
ValidityMon, 04 Sep 2023 08:23:18 GMT - Mon, 27 Nov 2023 08:23:17 GMT

File type
ASCII text, with very long lines (32061)
Size
30 kB (29671 bytes)
Hash
e40ec2161fe7993196f23c8a07346306
afb90752e0a90c24b7f724faca86c5f3d15d1178
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4

HTTP Headers

GET /ajax/libs/jquery/2.1.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebooknevw2sp.lanjutkan.my.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29671
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 20 Sep 2023 04:23:58 GMT
expires: Thu, 19 Sep 2024 04:23:58 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 335956
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js

142.250.74.106

200 OK

31 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintBE:40:3A:A6:DE:CC:A7:8B:75:43:68:F2:F9:56:63:71:49:61:06:49
ValidityMon, 04 Sep 2023 08:23:18 GMT - Mon, 27 Nov 2023 08:23:17 GMT

File type
ASCII text, with very long lines (65447)
Size
31 kB (31017 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebooknevw2sp.lanjutkan.my.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31017
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 20 Sep 2023 02:19:30 GMT
expires: Thu, 19 Sep 2024 02:19:30 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 343424
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.2/webfonts/fa-solid-900.woff2

104.17.25.14

200 OK

80 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.2/webfonts/fa-solid-900.woff2
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 80252, version 331.-31327\012- data
Size
80 kB (80252 bytes)
Hash
9ae050d1876ac1763eb6afe4264e6d5a
72344eab2e7431eec313caa21f266cbfda7caf60
6c916669cf923b4f1b2db5c5107c83b6ca205e7ad0dcd840b251e63f0c8d28a2

HTTP Headers

GET /ajax/libs/font-awesome/5.15.2/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://facebooknevw2sp.lanjutkan.my.id
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 24 Sep 2023 01:43:14 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 80252
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "64942a3b-1397c"
last-modified: Thu, 22 Jun 2023 11:02:19 GMT
cf-cdnjs-via: cfworker/r2
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2034430
expires: Fri, 13 Sep 2024 01:43:14 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xIKoL3xcg7rTMgpjzMWhpc20Wgpk3halIP0ZO1C%2BT1eANU4A1dTYOoe9jP%2BAb9AndNf8svJQ3aWIn6mXjVChEO1kpDDZkjlHEHa4iER6H4KfL4sme12%2BezJcrRc4MQSqQl1Ot9uX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 80b755dccbc0b509-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/

172.67.128.119

200 OK

34 kB

URL User Request GET HTTP/3
facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/
IP
172.67.128.119:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectlanjutkan.my.id
Fingerprint4E:D8:96:03:D8:99:DE:D8:4A:47:33:0D:69:00:F2:65:B4:AE:DE:D4
ValidityFri, 08 Sep 2023 02:59:56 GMT - Thu, 07 Dec 2023 02:59:55 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (351), with CRLF line terminators
Size
34 kB (34440 bytes)
Hash
6b44bd21c8779b0a902c34d502b8341a
83c70f44b2fa1f962fbec1098606be2b07b053f4
b55b6e1f8c5926e199b916bfd3b9a6bcfbcc4e5ebdb36bace8175559ed801369

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Facebook, Inc.
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /e29ekeje92j2ne/ HTTP/1.1
Host: facebooknevw2sp.lanjutkan.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 24 Sep 2023 01:43:13 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=17DhkBHQG0jUMcM0uE%2B%2Brg029B5zfGAv%2Bboz3dTRDLCYyn%2FUz43l1%2B9k08O1MbYDN5JX4%2FG8JDRDL%2BmhzsB9XRIrf7TiQdDbRRrp1vzH4SzMJPQR5StdsBngZEslj3XIqlR9saw4VMIwmwAqHMxx2MiK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b755d6fc4956bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js

142.250.74.106

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintBE:40:3A:A6:DE:CC:A7:8B:75:43:68:F2:F9:56:63:71:49:61:06:49
ValidityMon, 04 Sep 2023 08:23:18 GMT - Mon, 27 Nov 2023 08:23:17 GMT

File type
ASCII text, with very long lines (32180)
Size
30 kB (29707 bytes)
Hash
32015dd42e9582a80a84736f5d9a44d7
41b4bfbaa96be6d1440db6e78004ade1c134e276
8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3

HTTP Headers

GET /ajax/libs/jquery/2.1.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebooknevw2sp.lanjutkan.my.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29707
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 19 Sep 2023 09:58:09 GMT
expires: Wed, 18 Sep 2024 09:58:09 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 402305
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/fonts/bootstrap-icons.woff2?856008caa5eb66df68595e734e59580d

151.101.1.229

200 OK

90 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/fonts/bootstrap-icons.woff2?856008caa5eb66df68595e734e59580d
IP
151.101.1.229:443
ASN
#54113 FASTLY

Requested by
https://facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint88:D1:D3:FA:BE:69:45:71:5A:74:78:14:1A:E8:F3:5A:88:69:9C:7F
ValidityFri, 23 Dec 2022 10:55:14 GMT - Wed, 24 Jan 2024 10:55:13 GMT

File type
Web Open Font Format (Version 2), TrueType, length 90528, version 1.0\012- data
Size
90 kB (90528 bytes)
Hash
e07b538aa51b6fa77f32828af21cb591
4649877868a0068ce50b105d0d2a235e8010c98f
76506e128f2b47b7179f5037bd885a1674455ffeb6b5093cdb4c7eefbf436ce8

HTTP Headers

GET /npm/bootstrap-icons@1.5.0/font/fonts/bootstrap-icons.woff2?856008caa5eb66df68595e734e59580d HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://facebooknevw2sp.lanjutkan.my.id
DNT: 1
Connection: keep-alive
Referer: https://cdn.jsdelivr.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff2
x-jsd-version: 1.5.0
x-jsd-version-type: version
etag: W/"161a0-RkmHeGigBozlCxBdDSojXoAQyY8"
accept-ranges: bytes
date: Sun, 24 Sep 2023 01:43:14 GMT
age: 3454174
x-served-by: cache-fra-eddf8230031-FRA, cache-bma1645-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 90528
X-Firefox-Spdy: h2

rawcdn.githack.com/AlexHostX/protect/a64076479559076b6e31356a0fb6188d291204ce/watermark.css

104.21.234.231

404 Not Found

14 B

URL GET HTTP/3
rawcdn.githack.com/AlexHostX/protect/a64076479559076b6e31356a0fb6188d291204ce/watermark.css
IP
104.21.234.231:443
ASN
#13335 CLOUDFLARENET

Requested by
https://facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/
Certificate
IssuerGoogle Trust Services LLC
Subjectgithack.com
FingerprintF9:A7:8D:3D:46:18:FA:47:58:5E:20:64:C4:FC:74:3F:E1:EE:C4:85
ValidityTue, 05 Sep 2023 12:49:52 GMT - Mon, 04 Dec 2023 12:49:51 GMT

File type
ASCII text, with no line terminators
Size
14 B (14 bytes)
Hash
3be7b8b182ccd96e48989b4e57311193
78fb38f212fa49029aff24c669a39648d9b4e68b
d5558cd419c8d46bdc958064cb97f963d1ea793866414c025906ec15033512ed

HTTP Headers

GET /AlexHostX/protect/a64076479559076b6e31356a0fb6188d291204ce/watermark.css HTTP/1.1
Host: rawcdn.githack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebooknevw2sp.lanjutkan.my.id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Sun, 24 Sep 2023 01:43:14 GMT
content-length: 14
x-content-type-options: nosniff
x-github-request-id: B6F2:4937:169C669:17A0E8D:650F9221
via: 1.1 varnish
x-served-by: cache-hel1410022-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1695519267.516016,VS0,VE144
vary: Authorization,Accept-Encoding,Origin
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 711b91f7760bf682866a92585ef0ccec71e1ab7b
source-age: 0
cache-control: max-age=300, public
x-githack-cache-status: STALE
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LT65IDUjeqjUCSSUcn2Kg1pX7Ajp7a%2F3z%2BgIe5Z9sIBdpAnBU8SiCG71F%2FJ%2FnYj5SGfdy2fjCWeUmC8Og1%2FjXLlJMEN1LHa4HkOtaAphu1sZn6XAXO7aCyhquhg12G7iGQ9qOAo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b755dcceda23f4-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
99734170fcdad2d52884412f61321bf8
25163901dbdc047070a12d8afadcaa7009d8b595
f2a2590ac5fa2bcc9db8c46b3b4ad45f0a03b03193f601a2636e900fe851cf59

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 24 Sep 2023 01:43:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

rawcdn.githack.com/AlexHostX/protect/a64076479559076b6e31356a0fb6188d291204ce/watermark.css

104.21.234.231

404 Not Found

14 B

URL GET HTTP/3
rawcdn.githack.com/AlexHostX/protect/a64076479559076b6e31356a0fb6188d291204ce/watermark.css
IP
104.21.234.231:443
ASN
#13335 CLOUDFLARENET

Requested by
https://facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/
Certificate
IssuerGoogle Trust Services LLC
Subjectgithack.com
FingerprintF9:A7:8D:3D:46:18:FA:47:58:5E:20:64:C4:FC:74:3F:E1:EE:C4:85
ValidityTue, 05 Sep 2023 12:49:52 GMT - Mon, 04 Dec 2023 12:49:51 GMT

File type
ASCII text, with no line terminators
Size
14 B (14 bytes)
Hash
3be7b8b182ccd96e48989b4e57311193
78fb38f212fa49029aff24c669a39648d9b4e68b
d5558cd419c8d46bdc958064cb97f963d1ea793866414c025906ec15033512ed

HTTP Headers

GET /AlexHostX/protect/a64076479559076b6e31356a0fb6188d291204ce/watermark.css HTTP/1.1
Host: rawcdn.githack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebooknevw2sp.lanjutkan.my.id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Sun, 24 Sep 2023 01:43:14 GMT
content-length: 14
x-content-type-options: nosniff
x-github-request-id: B6F2:4937:169C669:17A0E8D:650F9221
via: 1.1 varnish
x-served-by: cache-hel1410022-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1695519267.516016,VS0,VE144
vary: Authorization,Accept-Encoding,Origin
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 711b91f7760bf682866a92585ef0ccec71e1ab7b
source-age: 0
cache-control: max-age=300, public
x-githack-cache-status: STALE
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ovf81c4e53oRz%2FbIL1loDYGKieX7ZnAWLEch%2F6yJE9tykHU5qwKYmDUhdAmg%2F1EX4B1FJVq7F7BZWDYdMA%2Bajd7Xp3DXC7q63Dmh5CmqFUa5XORuvYgRhTKRBHmdgS82ThE5B20%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b755de4a910691-LHR
alt-svc: h3=":443"; ma=86400

z-m-static.xx.fbcdn.net/rsrc.php/v3/ya/r/O2aKM2iSbOw.png

157.240.240.36

404 Not Found

0 B

URL GET HTTP/2
z-m-static.xx.fbcdn.net/rsrc.php/v3/ya/r/O2aKM2iSbOw.png
IP
157.240.240.36:443
ASN
#32934 FACEBOOK

Requested by
https://facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/
Certificate
IssuerDigiCert Inc
Subject*.facebook.com
FingerprintFA:94:39:28:1E:FD:F7:03:71:D9:D9:82:67:36:1B:71:EE:CE:1B:B1
ValidityFri, 07 Jul 2023 00:00:00 GMT - Sun, 01 Oct 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /rsrc.php/v3/ya/r/O2aKM2iSbOw.png HTTP/1.1
Host: z-m-static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebooknevw2sp.lanjutkan.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
x-fatal-request: static.xx.fbcdn.net
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
timing-allow-origin: *
content-security-policy-report-only: default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self';script-src *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src 'unsafe-inline';connect-src *.fbcdn.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-xss-protection: 0
origin-agent-cluster: ?0
content-type: text/html; charset="utf-8"
x-fb-debug: w/b5giyHJxQ3QAm+k703Larp4P5O0DVpx5IQnOG0xdwNq5kDeINOWZ42wyYMhpgdTjsl26epG7MBJheFvss45A==
content-length: 0
date: Sun, 24 Sep 2023 01:43:15 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

z-m-static.xx.fbcdn.net/rsrc.php/v3/ya/r/O2aKM2iSbOw.png

157.240.240.36

404 Not Found

0 B

URL GET HTTP/2
z-m-static.xx.fbcdn.net/rsrc.php/v3/ya/r/O2aKM2iSbOw.png
IP
157.240.240.36:443
ASN
#32934 FACEBOOK

Requested by
https://facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/
Certificate
IssuerDigiCert Inc
Subject*.facebook.com
FingerprintFA:94:39:28:1E:FD:F7:03:71:D9:D9:82:67:36:1B:71:EE:CE:1B:B1
ValidityFri, 07 Jul 2023 00:00:00 GMT - Sun, 01 Oct 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /rsrc.php/v3/ya/r/O2aKM2iSbOw.png HTTP/1.1
Host: z-m-static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebooknevw2sp.lanjutkan.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
x-fatal-request: static.xx.fbcdn.net
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
timing-allow-origin: *
content-security-policy-report-only: default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self';script-src *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src 'unsafe-inline';connect-src *.fbcdn.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-xss-protection: 0
origin-agent-cluster: ?0
content-type: text/html; charset="utf-8"
x-fb-debug: w/b5giyHJxQ3QAm+k703Larp4P5O0DVpx5IQnOG0xdwNq5kDeINOWZ42wyYMhpgdTjsl26epG7MBJheFvss45A==
content-length: 0
date: Sun, 24 Sep 2023 01:43:15 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

142.250.74.106

200 OK

90 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintBE:40:3A:A6:DE:CC:A7:8B:75:43:68:F2:F9:56:63:71:49:61:06:49
ValidityMon, 04 Sep 2023 08:23:18 GMT - Mon, 27 Nov 2023 08:23:17 GMT

File type
ASCII text, with very long lines (65451)
Size
90 kB (89476 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebooknevw2sp.lanjutkan.my.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31021
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 20 Sep 2023 17:40:44 GMT
expires: Thu, 19 Sep 2024 17:40:44 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 288150
last-modified: Fri, 08 May 2020 07:05:03 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

rawcdn.githack.com/AlexHostX/protect/aaa1462a19b8d8b6cbd68101a5ac89f4955b49de/input-exception.js

104.21.234.231

200 OK

9.0 kB

URL GET HTTP/2
rawcdn.githack.com/AlexHostX/protect/aaa1462a19b8d8b6cbd68101a5ac89f4955b49de/input-exception.js
IP
104.21.234.231:443
ASN
#13335 CLOUDFLARENET

Requested by
https://facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/
Certificate
IssuerGoogle Trust Services LLC
Subjectgithack.com
FingerprintF9:A7:8D:3D:46:18:FA:47:58:5E:20:64:C4:FC:74:3F:E1:EE:C4:85
ValidityTue, 05 Sep 2023 12:49:52 GMT - Mon, 04 Dec 2023 12:49:51 GMT

File type
ASCII text, with very long lines (11208), with no line terminators
Size
9.0 kB (8975 bytes)
Hash
770f98a636355aaa5ae7448849f61cf9
213b0101bd1647aada34fc754cdb9822acf01524
c7095605e6123afd9ee4a3cd4684990d5ba73ef24c44272a63b6a2c736cdaed7

HTTP Headers

GET /AlexHostX/protect/aaa1462a19b8d8b6cbd68101a5ac89f4955b49de/input-exception.js HTTP/1.1
Host: rawcdn.githack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebooknevw2sp.lanjutkan.my.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 24 Sep 2023 01:43:14 GMT
content-type: application/javascript; charset=utf-8
etag: W/"7efc1fe69d2bae7cf5f7f6503e53cd6825675b937514a5660fadff678c23ad05"
x-content-type-options: nosniff
x-github-request-id: BFC8:13DE2:381BBB:3C3E84:620D4605
via: 1.1 varnish
x-served-by: cache-bma1631-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1645044130.872247,VS0,VE184
vary: Authorization,Accept-Encoding,Origin
x-fastly-request-id: bf3b051db80155bbd014f6542505d017efdca279
source-age: 0
expires: Sat, 05 Aug 2023 05:14:31 GMT
cache-control: max-age=31536000, public, immutable
x-robots-tag: none
access-control-allow-origin: *
x-githack-cache-status: STALE
cf-cache-status: HIT
age: 6369820
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TdkHB8KnueoGr5bTi9nQuj2nwx4Ktd3LCquNUaaR8IQgcOva6DyIlk9NaFQ3ZB2FKqzvMEdMDrCtSkIUL55pfKuWV7LhzxU8NH84dS3jMIqCZ%2B%2BRp5aTTFctzcARqkq7yFmae4s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b755dcced823f4-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/alexFrontEnd/style-AlexHost.css

172.67.128.119

200 OK

6.0 kB

URL GET HTTP/3
facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/alexFrontEnd/style-AlexHost.css
IP
172.67.128.119:443
ASN
#13335 CLOUDFLARENET

Requested by
https://facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/
Certificate
IssuerLet's Encrypt
Subjectlanjutkan.my.id
Fingerprint4E:D8:96:03:D8:99:DE:D8:4A:47:33:0D:69:00:F2:65:B4:AE:DE:D4
ValidityFri, 08 Sep 2023 02:59:56 GMT - Thu, 07 Dec 2023 02:59:55 GMT

File type
ASCII text, with very long lines (6714), with no line terminators
Size
6.0 kB (5994 bytes)
Hash
4aa0bce4f2afc8184e2c6aba698a5847
52b7deffcfa7af72412e29ebdc8af23c05db294e
2fdddf72f74bb070beb84495ab225d7c55f10ab33c6e772758eae2fe89fef29a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Facebook, Inc.
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /e29ekeje92j2ne/alexFrontEnd/style-AlexHost.css HTTP/1.1
Host: facebooknevw2sp.lanjutkan.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 24 Sep 2023 01:43:14 GMT
content-type: text/css
last-modified: Sun, 06 Feb 2022 14:52:44 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 829
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2amZqcxPuG4g5Uwjsr9s71OKtv5z9H%2FSFyYkDy1HQxohi9KnAAFXIMP6J4XHAsgDn0GWpIfmogmQOc9t7wq7tPDJFiROq7FWIJy9vYt%2BJsb7aZBdtW07R%2Biq0ZmTeATrbP%2FTljK7ByaWjeBC%2F0zpFBXp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b755da1cf856bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne

172.67.128.119

301 Moved Permanently

11 kB

URL User Request GET HTTP/2
facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne
IP
172.67.128.119:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectlanjutkan.my.id
Fingerprint4E:D8:96:03:D8:99:DE:D8:4A:47:33:0D:69:00:F2:65:B4:AE:DE:D4
ValidityFri, 08 Sep 2023 02:59:56 GMT - Thu, 07 Dec 2023 02:59:55 GMT

File type

Size
11 kB (11400 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Facebook, Inc.
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /e29ekeje92j2ne HTTP/1.1
Host: facebooknevw2sp.lanjutkan.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sun, 24 Sep 2023 01:43:13 GMT
content-type: text/html; charset=iso-8859-1
location: http://facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r3yu1fSPJjkv5uSrWWTFvzf%2B9usuwzr%2B7dU0%2FoVFw%2BqyPEMvFB3yC3lRX5iN5IqqMayqTXQ29Lwmrwwymxbv2MIx6lZaidg4STEFGeS3wX6rs8Qftr5wH46u5bl1ulX0g6zMHSvueCs%2Bbrgh4Px57%2FJr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b755d19864b511-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/bagas/bagas.css

172.67.128.119

200 OK

5.2 kB

URL GET HTTP/3
facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/bagas/bagas.css
IP
172.67.128.119:443
ASN
#13335 CLOUDFLARENET

Requested by
https://facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/
Certificate
IssuerLet's Encrypt
Subjectlanjutkan.my.id
Fingerprint4E:D8:96:03:D8:99:DE:D8:4A:47:33:0D:69:00:F2:65:B4:AE:DE:D4
ValidityFri, 08 Sep 2023 02:59:56 GMT - Thu, 07 Dec 2023 02:59:55 GMT

File type
ASCII text, with very long lines (5644), with no line terminators
Size
5.2 kB (5185 bytes)
Hash
6c6eede9c902bf0866eeddd6e031b122
25ae33158196270672483a1e0dbda68509485a5f
80b152572eaf6ad6ebc58b3983d99fede9df16c73de5d0e9bf4a8857bcce7201

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Facebook, Inc.
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /e29ekeje92j2ne/bagas/bagas.css HTTP/1.1
Host: facebooknevw2sp.lanjutkan.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 24 Sep 2023 01:43:14 GMT
content-type: text/css
last-modified: Thu, 13 Oct 2022 10:52:10 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 829
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uwjzrhymtuTUpZAY0dOYiRSIFDY0%2BaSy4SV9WQ7g5JayAc5Dir5Fja458PEIUQXvqJ8k6%2BOYvVERrEEp%2B%2FEgON4Q6TRZ%2FbGIGXbBb6zfQqA0cO5QTmEbpXfWvjnCCinttJ2tHZA15wGCaMBQuxqJlDgZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b755da1cf956bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/alexFrontEnd/js-AlexHost.js

172.67.128.119

200 OK

2.9 kB

URL GET HTTP/3
facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/alexFrontEnd/js-AlexHost.js
IP
172.67.128.119:443
ASN
#13335 CLOUDFLARENET

Requested by
https://facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/
Certificate
IssuerLet's Encrypt
Subjectlanjutkan.my.id
Fingerprint4E:D8:96:03:D8:99:DE:D8:4A:47:33:0D:69:00:F2:65:B4:AE:DE:D4
ValidityFri, 08 Sep 2023 02:59:56 GMT - Thu, 07 Dec 2023 02:59:55 GMT

File type
ASCII text, with very long lines (3057), with no line terminators
Size
2.9 kB (2854 bytes)
Hash
30c70dcc228d7e4f41fd2da850f7b62e
8c58fe2f0d02b7e303f858c9130be50d44ffff51
b042931d2c7cef7cf3b90e77071831e5dabf2b0c9afb92c9af01686edaa684a9

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Facebook, Inc.
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /e29ekeje92j2ne/alexFrontEnd/js-AlexHost.js HTTP/1.1
Host: facebooknevw2sp.lanjutkan.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebooknevw2sp.lanjutkan.my.id/e29ekeje92j2ne/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 24 Sep 2023 01:43:14 GMT
content-type: application/javascript
last-modified: Thu, 22 Jun 2023 12:57:28 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 830
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kCCQK2DnK3JIIknPkuNOmv2JvFqGVA8TLsCIuLC6U9qBVzKzns2zD5%2BYk3XZF3U1NB6Exkoyeaq2rOvTwz0MlqzldF%2F8r%2B%2BQ4wmWyGlePKLVslz%2FEeA%2BJmZftgzKrdlmt0zSXyrYPlhI01mhnYhY6Ppw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b755daed2956bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (27)

URL User Request GET HTTP/3

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers