Report - 103.120.175.20:7800/login

Report Overview

Submitted URL

103.120.175.20:7800/login
IP

103.120.175.20

ASN

#63859 PT. Eka Mas Republik
Submitted

2023-09-21T09:43:04Z

Access

public
Website Title

CA & Fleet System
Final URL

103.120.175.20:7800/login
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

8

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
use.fontawesome.com (2)	942	2017-01-30 05:43:25	2023-09-21 05:22:52	1017	130958	172.64.102.11
fonts.googleapis.com (1)	8877	2013-06-10 22:14:26	2023-09-21 05:48:25	433	2372	142.250.74.106
cdnjs.cloudflare.com (2)	235	2015-04-17 22:46:33	2023-09-21 05:12:35	916	6551	104.17.24.14
ocsp.pki.goog (2)	175	2018-07-01 08:43:07	2023-09-21 05:09:09	666	1398	142.250.74.131
103.120.175.20:7800 (8)	unknown	No data	No data	6612	1029794	103.120.175.20
code.ionicframework.com (1)	14473	2014-02-05 18:09:16	2023-09-21 09:17:34	452	365071	172.67.69.29

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-09-21	medium	103.120.175.20	Sinkholed
2023-09-21	medium	103.120.175.20	Sinkholed
2023-09-21	medium	103.120.175.20	Sinkholed
2023-09-21	medium	103.120.175.20	Sinkholed
2023-09-21	medium	103.120.175.20	Sinkholed
2023-09-21	medium	103.120.175.20	Sinkholed
2023-09-21	medium	103.120.175.20	Sinkholed
2023-09-21	medium	103.120.175.20	Sinkholed

ThreatFox

No alerts detected

JavaScript (7)

Pretty

URL

103.120.175.20:7800/login
IP

103.120.175.20:7800
ASN

#63859 PT. Eka Mas Republik

Introduced by

scriptElement
Inline HTML

true

Observations

First Seen2023-03-07 01:01:59

Last Seen2023-12-04 10:51:21

Times Seen32237546
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Pretty

URL

103.120.175.20:7800/plugins/jquery/jquery.min.js
IP

103.120.175.20:7800
ASN

#63859 PT. Eka Mas Republik

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-03-07 01:10:32

Last Seen2023-12-04 06:26:09

Times Seen3592
Hash

0732e3eabbf8aa7ce7f69eedbd07dfdd

4cd5ddc413b3024d7b56331c0d0d0b2bd933f27f

ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b

Pretty

URL

103.120.175.20:7800/js/app.js
IP

103.120.175.20:7800
ASN

#63859 PT. Eka Mas Republik

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-09-21 11:43:10

Last Seen2023-09-21 11:43:10

Times Seen1
Hash

6527e842b3df1e82f266724e72662156

944df77be8faadb718d2e7ab295aae66c3dc4044

e8a81e3955f57e277dff4bffd4ffa8d67277c9795b303e2ff48147d11d0ed6ab

Pretty

URL

103.120.175.20:7800/js/admin.js
IP

103.120.175.20:7800
ASN

#63859 PT. Eka Mas Republik

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-09-21 11:43:10

Last Seen2023-11-06 22:18:33

Times Seen4
Hash

7e19a8c7ac50ce7dba8a48a71148f7ad

bf2518468d5fc36dad975ea6d062eaa6efbb3d51

d2acb30ae6b758902448c385a50eb7c317dee6894e1fdbd20ca7130725a23847

Pretty

URL

cdnjs.cloudflare.com/ajax/libs/toastr.js/latest/js/toastr.min.js
IP

104.17.24.14:443
ASN

#13335 CLOUDFLARENET

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-03-07 01:28:39

Last Seen2023-12-03 18:46:44

Times Seen1178
Hash

b36f28de584845317de40a7219c82b1c

6de8657c8782561bc023478ab708179ed846db1a

ddb96c25de07962ffbc0243e6e68177ce74aee9fd950cb4f5d8d3c8e6c524a09

HTTP Transactions (16)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/toastr.js/latest/css/toastr.min.css

104.17.24.14

200 OK

2672

URL GET HTTP/2

cdnjs.cloudflare.com/ajax/libs/toastr.js/latest/css/toastr.min.css
IP

104.17.24.14:443
ASN

#13335 CLOUDFLARENET

Requested by

http://103.120.175.20:7800/login
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D

ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

Magic

ASCII text, with very long lines (6454), with CR line terminators

Size

2672
Hash

bc96861d9899e4e68fb2e59c363d8c60

573b1f76e7a9db37e4e0d1a59da78714e46bc2a2

10d159adb573ca535b8275f1d27dc8d60fffd9678ee3b5f1a0f7b4be4a77342f

HTTP Headers

                                        GET /ajax/libs/toastr.js/latest/css/toastr.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://103.120.175.20:7800/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Thu, 21 Sep 2023 09:42:48 GMT
content-type: text/css; charset=utf-8
content-length: 2672
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ffe-1a55"
last-modified: Mon, 04 May 2020 16:17:02 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 60449
expires: Tue, 10 Sep 2024 09:42:48 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=657C%2Bu8J4kwLAzBpVerMqjLO4VKGDmIAK5xy4jUI4gjVIIeZ7RosqJAxaxn46zpFprXrtMsqPXq9gw7BLsS4ILhyyTfygAQwYl%2F5MF8%2BGSBlLX4BropPylwwTfUMKhTaN1g93%2Fa%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 80a15c3a194056cc-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471

URL

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

aff723341f53f020db1ba26e898bbd48

23f915039b79b9247907a1395fa32f57cf3c1a41

6e996d55d168ee427fb70dc93c074a42c5f6eebd2756fa1ed79341f73b44c455

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 21 Sep 2023 09:42:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdnjs.cloudflare.com/ajax/libs/toastr.js/latest/js/toastr.min.js

104.17.24.14

200 OK

1885

URL GET HTTP/3

cdnjs.cloudflare.com/ajax/libs/toastr.js/latest/js/toastr.min.js
IP

104.17.24.14:443
ASN

#13335 CLOUDFLARENET

Requested by

http://103.120.175.20:7800/login
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D

ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

Magic

ASCII text, with very long lines (5215)

Size

1885
Hash

b36f28de584845317de40a7219c82b1c

6de8657c8782561bc023478ab708179ed846db1a

ddb96c25de07962ffbc0243e6e68177ce74aee9fd950cb4f5d8d3c8e6c524a09

HTTP Headers

                                        GET /ajax/libs/toastr.js/latest/js/toastr.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://103.120.175.20:7800/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Thu, 21 Sep 2023 09:42:48 GMT
content-type: application/javascript; charset=utf-8
content-length: 1885
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ffe-15a1"
last-modified: Mon, 04 May 2020 16:17:02 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 57759
expires: Tue, 10 Sep 2024 09:42:48 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S3Gpxz16p8FYoM0AVohtFTeaBmrxLYExTVIEgzV%2FVmB2R9nTdigvzuxuBEB7ohRmxzyhCO5ANxElzfsuRlyjd2TwixXBSv474x5VTohtQrwkXDFNk52GuYNHU%2B34Wj37WCNOvN2P"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 80a15c3bfcf756ba-OSL
alt-svc: h3=":443"; ma=86400

ocsp.pki.goog/gts1c3

142.250.74.131

471

URL

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

aff723341f53f020db1ba26e898bbd48

23f915039b79b9247907a1395fa32f57cf3c1a41

6e996d55d168ee427fb70dc93c074a42c5f6eebd2756fa1ed79341f73b44c455

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 21 Sep 2023 09:42:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

103.120.175.20:7800/js/admin.js

103.120.175.20

200 OK

25001

URL GET HTTP/1.1

103.120.175.20:7800/js/admin.js
IP

103.120.175.20:7800
ASN

#63859 PT. Eka Mas Republik

Requested by

http://103.120.175.20:7800/login

Magic

ASCII text, with very long lines (24768), with CRLF line terminators

Size

25001
Hash

7e19a8c7ac50ce7dba8a48a71148f7ad

bf2518468d5fc36dad975ea6d062eaa6efbb3d51

d2acb30ae6b758902448c385a50eb7c317dee6894e1fdbd20ca7130725a23847

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

                                        GET /js/admin.js HTTP/1.1
Host: 103.120.175.20:7800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.120.175.20:7800/login
Cookie: XSRF-TOKEN=eyJpdiI6Ik9xSlQvVkZkUEQvMWlmaGRobjdlaEE9PSIsInZhbHVlIjoiVklQWTNFTUp6eUlQcnRQWUVJazhLWDlLTHNZLys4UmE0Tnd3RzZGNmdXY0doNEFLN05ZTHdON0VqVHdkSlNpciIsIm1hYyI6ImRkOGE1YjBiYTBiOTYxZjI0ZTc4ZWY1MDQ5ZGEwMDg3ZTVkMDI0NTJiY2NlNjBiNWYxYTliZTVmNzI5Mjg4N2EifQ%3D%3D; cash_advance_session=eyJpdiI6Ik5VMzBHQ0x3SFoxQk1SNlFsVVRxMFE9PSIsInZhbHVlIjoiWkhJRGI5RHJtc3lSZnBVWnA4RVo5d1NlYWdyMXNPVXhlVTN1RGVJL0F6OWhlTHgyNUhGUlJQeWZlTVZhKzM1eiIsIm1hYyI6IjMyNzgzM2UxOGViZWYxYzQwYWFhMmU3NTQ2MGY3YzdhNzk0YzA3YWMwYjUzYmQ1MTRlMzI5ZmM2MGQ4ZjUwMWQifQ%3D%3D
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Host: 103.120.175.20:7800
Date: Thu, 21 Sep 2023 11:42:59 +0200
Connection: close
Content-Type: application/javascript
Content-Length: 25001

103.120.175.20:7800/plugins/jquery/jquery.min.js

103.120.175.20

200 OK

89503

URL GET HTTP/1.1

103.120.175.20:7800/plugins/jquery/jquery.min.js
IP

103.120.175.20:7800
ASN

#63859 PT. Eka Mas Republik

Requested by

http://103.120.175.20:7800/login

Magic

ASCII text, with very long lines (65446), with CRLF line terminators

Size

89503
Hash

0732e3eabbf8aa7ce7f69eedbd07dfdd

4cd5ddc413b3024d7b56331c0d0d0b2bd933f27f

ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

                                        GET /plugins/jquery/jquery.min.js HTTP/1.1
Host: 103.120.175.20:7800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.120.175.20:7800/login
Cookie: XSRF-TOKEN=eyJpdiI6Ik9xSlQvVkZkUEQvMWlmaGRobjdlaEE9PSIsInZhbHVlIjoiVklQWTNFTUp6eUlQcnRQWUVJazhLWDlLTHNZLys4UmE0Tnd3RzZGNmdXY0doNEFLN05ZTHdON0VqVHdkSlNpciIsIm1hYyI6ImRkOGE1YjBiYTBiOTYxZjI0ZTc4ZWY1MDQ5ZGEwMDg3ZTVkMDI0NTJiY2NlNjBiNWYxYTliZTVmNzI5Mjg4N2EifQ%3D%3D; cash_advance_session=eyJpdiI6Ik5VMzBHQ0x3SFoxQk1SNlFsVVRxMFE9PSIsInZhbHVlIjoiWkhJRGI5RHJtc3lSZnBVWnA4RVo5d1NlYWdyMXNPVXhlVTN1RGVJL0F6OWhlTHgyNUhGUlJQeWZlTVZhKzM1eiIsIm1hYyI6IjMyNzgzM2UxOGViZWYxYzQwYWFhMmU3NTQ2MGY3YzdhNzk0YzA3YWMwYjUzYmQ1MTRlMzI5ZmM2MGQ4ZjUwMWQifQ%3D%3D
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Host: 103.120.175.20:7800
Date: Thu, 21 Sep 2023 11:42:59 +0200
Connection: close
Content-Type: application/javascript
Content-Length: 89503

103.120.175.20:7800/css/app.css

103.120.175.20

200 OK

145376

URL GET HTTP/1.1

103.120.175.20:7800/css/app.css
IP

103.120.175.20:7800
ASN

#63859 PT. Eka Mas Republik

Requested by

http://103.120.175.20:7800/login

Magic

ASCII text, with very long lines (65255), with CRLF line terminators

Size

145376
Hash

c13edbe07a5fd87fbb9c303f7aa1f1de

e22aced7d4b0fc936487ff151322cbd6802167b8

a97ddcc408cc34bb0f8d69943205911da2dc5f0287563b9729c5eab753b62db3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

                                        GET /css/app.css HTTP/1.1
Host: 103.120.175.20:7800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.120.175.20:7800/login
Cookie: XSRF-TOKEN=eyJpdiI6Ik9xSlQvVkZkUEQvMWlmaGRobjdlaEE9PSIsInZhbHVlIjoiVklQWTNFTUp6eUlQcnRQWUVJazhLWDlLTHNZLys4UmE0Tnd3RzZGNmdXY0doNEFLN05ZTHdON0VqVHdkSlNpciIsIm1hYyI6ImRkOGE1YjBiYTBiOTYxZjI0ZTc4ZWY1MDQ5ZGEwMDg3ZTVkMDI0NTJiY2NlNjBiNWYxYTliZTVmNzI5Mjg4N2EifQ%3D%3D; cash_advance_session=eyJpdiI6Ik5VMzBHQ0x3SFoxQk1SNlFsVVRxMFE9PSIsInZhbHVlIjoiWkhJRGI5RHJtc3lSZnBVWnA4RVo5d1NlYWdyMXNPVXhlVTN1RGVJL0F6OWhlTHgyNUhGUlJQeWZlTVZhKzM1eiIsIm1hYyI6IjMyNzgzM2UxOGViZWYxYzQwYWFhMmU3NTQ2MGY3YzdhNzk0YzA3YWMwYjUzYmQ1MTRlMzI5ZmM2MGQ4ZjUwMWQifQ%3D%3D
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Host: 103.120.175.20:7800
Date: Thu, 21 Sep 2023 11:43:00 +0200
Connection: close
Content-Type: text/css; charset=UTF-8
Content-Length: 145376

code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css

172.67.69.29

200 OK

364039

URL GET HTTP/2

code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css
IP

172.67.69.29:443
ASN

#13335 CLOUDFLARENET

Requested by

http://103.120.175.20:7800/login
Certificate

IssuerCloudflare, Inc.

Subjectionicframework.com

FingerprintF0:95:87:C3:E4:A0:31:2D:83:93:BF:FD:9F:E3:6A:84:64:FB:AC:2E

ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

Magic

Unicode text, UTF-8 text, with very long lines (50806)

Size

364039
Hash

1690997909aae14b023a6580d4a2f33f

a4fd9551382a3b5c9c43e14adb8c4c4149cd2352

92ac508220f5bb60ec94e07650528eb66625f82a4740ada068cde05365781286

HTTP Headers

                                        GET /ionicons/2.0.1/css/ionicons.min.css HTTP/1.1
Host: code.ionicframework.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://103.120.175.20:7800/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Thu, 21 Sep 2023 09:42:48 GMT
content-type: text/css; charset=utf-8
last-modified: Thu, 13 Apr 2023 16:20:19 GMT
access-control-allow-origin: *
etag: W/"64382bc3-c854"
expires: Wed, 20 Sep 2023 02:37:39 GMT
cache-control: max-age=31536000
x-proxy-cache: MISS
x-github-request-id: 3B94:8406:E16C77:E7B298:650A5899
via: 1.1 varnish
age: 13762
x-served-by: cache-bma1679-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1695275607.870533,VS0,VE1
vary: Accept-Encoding
x-fastly-request-id: 39bc44ff8248a171fd1e79d34925a8b6a794ee8f
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ifj7rZ7FSKllP%2FkYVyQSFoQ1ZUK97dHJNw7QJzi4KhxOf4beeaMQ2DAVHd3fRZ6lClxMOJlJ8rCU1%2FssByfm2JwQr8L6v9lQ8tl47dtZzszRIp1IYEJTCjf4miLz6V1gngXXuDLkNqOI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80a15c3a2d73b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

103.120.175.20:7800/css/admin.css

103.120.175.20

200 OK

393226

URL GET HTTP/1.1

103.120.175.20:7800/css/admin.css
IP

103.120.175.20:7800
ASN

#63859 PT. Eka Mas Republik

Requested by

http://103.120.175.20:7800/login

Magic

ASCII text, with very long lines (65148), with CRLF line terminators

Size

393226
Hash

83e60ea66a743c1b98831d9a24defc8c

28826702f118ae36fcb96e67d9386f60ead764a5

bb70aa43298a3d63dc1563722953af67c8c5d61d109addc7f06057ecdb3a5048

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

                                        GET /css/admin.css HTTP/1.1
Host: 103.120.175.20:7800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.120.175.20:7800/login
Cookie: XSRF-TOKEN=eyJpdiI6Ik9xSlQvVkZkUEQvMWlmaGRobjdlaEE9PSIsInZhbHVlIjoiVklQWTNFTUp6eUlQcnRQWUVJazhLWDlLTHNZLys4UmE0Tnd3RzZGNmdXY0doNEFLN05ZTHdON0VqVHdkSlNpciIsIm1hYyI6ImRkOGE1YjBiYTBiOTYxZjI0ZTc4ZWY1MDQ5ZGEwMDg3ZTVkMDI0NTJiY2NlNjBiNWYxYTliZTVmNzI5Mjg4N2EifQ%3D%3D; cash_advance_session=eyJpdiI6Ik5VMzBHQ0x3SFoxQk1SNlFsVVRxMFE9PSIsInZhbHVlIjoiWkhJRGI5RHJtc3lSZnBVWnA4RVo5d1NlYWdyMXNPVXhlVTN1RGVJL0F6OWhlTHgyNUhGUlJQeWZlTVZhKzM1eiIsIm1hYyI6IjMyNzgzM2UxOGViZWYxYzQwYWFhMmU3NTQ2MGY3YzdhNzk0YzA3YWMwYjUzYmQ1MTRlMzI5ZmM2MGQ4ZjUwMWQifQ%3D%3D
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Host: 103.120.175.20:7800
Date: Thu, 21 Sep 2023 11:42:59 +0200
Connection: close
Content-Type: text/css; charset=UTF-8
Content-Length: 393226

use.fontawesome.com/releases/v5.7.0/webfonts/fa-solid-900.woff2

172.64.102.11

200 OK

74316

URL GET HTTP/2

use.fontawesome.com/releases/v5.7.0/webfonts/fa-solid-900.woff2
IP

172.64.102.11:443
ASN

#13335 CLOUDFLARENET

Requested by

http://103.120.175.20:7800/login
Certificate

IssuerGoogle Trust Services LLC

Subjectuse.fontawesome.com

Fingerprint23:04:2D:9B:C5:BA:9D:AA:AC:6A:FD:14:B0:96:18:D6:EB:A5:B3:65

ValidityFri, 01 Sep 2023 05:27:58 GMT - Thu, 30 Nov 2023 05:27:57 GMT

Magic

Web Open Font Format (Version 2), TrueType, length 74316, version 329.30932\012- data

Size

74316
Hash

52134b924fd61958f88323845deffc64

cfccdf2c8be593220ea949989a5abc0b380ea2ac

658cf43db24e9d4c57890e958aa74656a13139754de24f19e706f0a355279e4d

HTTP Headers

                                        GET /releases/v5.7.0/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://103.120.175.20:7800
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
date: Thu, 21 Sep 2023 09:42:58 GMT
content-type: font/woff2
content-length: 74316
x-amz-id-2: uYpMTBfus9juIRTSjD1qjgZhAvrA/tDWGgnjrBaX1oMU30XBFlgOEWTnvtfbX3jAmdGMQWdoz9U=
x-amz-request-id: 3QPPQ0NNNY7K06AS
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:37 GMT
etag: "52134b924fd61958f88323845deffc64"
cache-control: max-age=31556926
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0PvxItrFDSN7vwlEN7kOsOKF1p8xoFkdmKthDVqhcSyuqFIx6p8I7FmPvLcOebraUUApU0IQLlrm2Ns3TClIbkEPTBlbChxhqjGILAS5dNCTWOAC5toXfr2TRNm2x8mC04MigAMX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80a15c76fc793860-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

103.120.175.20:7800/img/logo4.png

103.120.175.20

200 OK

1703

URL GET HTTP/1.1

103.120.175.20:7800/img/logo4.png
IP

103.120.175.20:7800
ASN

#63859 PT. Eka Mas Republik

Requested by

http://103.120.175.20:7800/login

Magic

PNG image data, 128 x 35, 8-bit/color RGBA, non-interlaced\012- data

Size

1703
Hash

d8b144919ba3bbdd7674e937604206d7

197dfc4f02acefcb465c4ab6787dc9b562053f9b

ef026ea05779a2d24dcc94a35f63e9f4ed74d246e9efc520fbe19179be076644

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

                                        GET /img/logo4.png HTTP/1.1
Host: 103.120.175.20:7800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.120.175.20:7800/login
Cookie: XSRF-TOKEN=eyJpdiI6Ik9xSlQvVkZkUEQvMWlmaGRobjdlaEE9PSIsInZhbHVlIjoiVklQWTNFTUp6eUlQcnRQWUVJazhLWDlLTHNZLys4UmE0Tnd3RzZGNmdXY0doNEFLN05ZTHdON0VqVHdkSlNpciIsIm1hYyI6ImRkOGE1YjBiYTBiOTYxZjI0ZTc4ZWY1MDQ5ZGEwMDg3ZTVkMDI0NTJiY2NlNjBiNWYxYTliZTVmNzI5Mjg4N2EifQ%3D%3D; cash_advance_session=eyJpdiI6Ik5VMzBHQ0x3SFoxQk1SNlFsVVRxMFE9PSIsInZhbHVlIjoiWkhJRGI5RHJtc3lSZnBVWnA4RVo5d1NlYWdyMXNPVXhlVTN1RGVJL0F6OWhlTHgyNUhGUlJQeWZlTVZhKzM1eiIsIm1hYyI6IjMyNzgzM2UxOGViZWYxYzQwYWFhMmU3NTQ2MGY3YzdhNzk0YzA3YWMwYjUzYmQ1MTRlMzI5ZmM2MGQ4ZjUwMWQifQ%3D%3D
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Host: 103.120.175.20:7800
Date: Thu, 21 Sep 2023 11:43:08 +0200
Connection: close
Content-Type: image/png
Content-Length: 1703

103.120.175.20:7800/favicon.ico

103.120.175.20

200 OK

9662

URL GET HTTP/1.1

103.120.175.20:7800/favicon.ico
IP

103.120.175.20:7800
ASN

#63859 PT. Eka Mas Republik

Requested by

http://103.120.175.20:7800/login

Magic

MS Windows icon resource - 1 icon, 48x48, 32 bits/pixel\012- data

Size

9662
Hash

778a2f193fe92147ad0a3761358d2ff2

f41092eb77fe8df57ef31d37d61b007031b5dc8c

c0240f3d1a1d802f6fcbf8d3526501b8265711f9f536c21c319a5ac73540c5c5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

                                        GET /favicon.ico HTTP/1.1
Host: 103.120.175.20:7800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.120.175.20:7800/login
Cookie: XSRF-TOKEN=eyJpdiI6Ik9xSlQvVkZkUEQvMWlmaGRobjdlaEE9PSIsInZhbHVlIjoiVklQWTNFTUp6eUlQcnRQWUVJazhLWDlLTHNZLys4UmE0Tnd3RzZGNmdXY0doNEFLN05ZTHdON0VqVHdkSlNpciIsIm1hYyI6ImRkOGE1YjBiYTBiOTYxZjI0ZTc4ZWY1MDQ5ZGEwMDg3ZTVkMDI0NTJiY2NlNjBiNWYxYTliZTVmNzI5Mjg4N2EifQ%3D%3D; cash_advance_session=eyJpdiI6Ik5VMzBHQ0x3SFoxQk1SNlFsVVRxMFE9PSIsInZhbHVlIjoiWkhJRGI5RHJtc3lSZnBVWnA4RVo5d1NlYWdyMXNPVXhlVTN1RGVJL0F6OWhlTHgyNUhGUlJQeWZlTVZhKzM1eiIsIm1hYyI6IjMyNzgzM2UxOGViZWYxYzQwYWFhMmU3NTQ2MGY3YzdhNzk0YzA3YWMwYjUzYmQ1MTRlMzI5ZmM2MGQ4ZjUwMWQifQ%3D%3D
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Host: 103.120.175.20:7800
Date: Thu, 21 Sep 2023 11:43:08 +0200
Connection: close
Content-Type: image/x-icon
Content-Length: 9662

fonts.googleapis.com/css?family=Nunito

142.250.74.106

200 OK

1740

URL GET HTTP/2

fonts.googleapis.com/css?family=Nunito
IP

142.250.74.106:443
ASN

#15169 GOOGLE

Requested by

http://103.120.175.20:7800/login
Certificate

IssuerGoogle Trust Services LLC

Subjectupload.video.google.com

Fingerprint09:AB:BF:F5:D0:04:69:59:E1:EA:AC:DA:8B:68:CF:62:94:2E:50:38

ValidityMon, 14 Aug 2023 08:22:09 GMT - Mon, 06 Nov 2023 08:22:08 GMT

Magic

ASCII text, with very long lines (1780), with no line terminators

Size

1740
Hash

8d0ca3b40eb2a27620a70f14358d4f97

9b0101009754fb7e015fd91bfe5130836c8309a9

c420e66aeb609b5f6a569fbcb52033fab763c776da219cc35b4cfeb6cc691a58

HTTP Headers

                                        GET /css?family=Nunito HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://103.120.175.20:7800/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 21 Sep 2023 09:42:48 GMT
date: Thu, 21 Sep 2023 09:42:48 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

103.120.175.20:7800/js/app.js

103.120.175.20

200 OK

356034

URL GET HTTP/1.1

103.120.175.20:7800/js/app.js
IP

103.120.175.20:7800
ASN

#63859 PT. Eka Mas Republik

Requested by

http://103.120.175.20:7800/login

Magic

Size

356034
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

                                        GET /js/app.js HTTP/1.1
Host: 103.120.175.20:7800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.120.175.20:7800/login
Cookie: XSRF-TOKEN=eyJpdiI6Ik9xSlQvVkZkUEQvMWlmaGRobjdlaEE9PSIsInZhbHVlIjoiVklQWTNFTUp6eUlQcnRQWUVJazhLWDlLTHNZLys4UmE0Tnd3RzZGNmdXY0doNEFLN05ZTHdON0VqVHdkSlNpciIsIm1hYyI6ImRkOGE1YjBiYTBiOTYxZjI0ZTc4ZWY1MDQ5ZGEwMDg3ZTVkMDI0NTJiY2NlNjBiNWYxYTliZTVmNzI5Mjg4N2EifQ%3D%3D; cash_advance_session=eyJpdiI6Ik5VMzBHQ0x3SFoxQk1SNlFsVVRxMFE9PSIsInZhbHVlIjoiWkhJRGI5RHJtc3lSZnBVWnA4RVo5d1NlYWdyMXNPVXhlVTN1RGVJL0F6OWhlTHgyNUhGUlJQeWZlTVZhKzM1eiIsIm1hYyI6IjMyNzgzM2UxOGViZWYxYzQwYWFhMmU3NTQ2MGY3YzdhNzk0YzA3YWMwYjUzYmQ1MTRlMzI5ZmM2MGQ4ZjUwMWQifQ%3D%3D
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Host: 103.120.175.20:7800
Date: Thu, 21 Sep 2023 11:42:59 +0200
Connection: close
Content-Type: application/javascript
Content-Length: 356034

103.120.175.20:7800/login

103.120.175.20

200 OK

7229

URL User Request GET HTTP/1.1

103.120.175.20:7800/login
IP

103.120.175.20:7800
ASN

#63859 PT. Eka Mas Republik

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (7829), with no line terminators

Size

7229
Hash

7e1d40d7e718dc152abb045b6d1ea26c

c2cfb3a8bcbeadf90414fd61ad21783acca3b848

71ee8b889e332e294cce8f7effa0ce076b47bfd9901984fed0bccfeac0fa427c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

                                        GET /login HTTP/1.1
Host: 103.120.175.20:7800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Host: 103.120.175.20:7800
Connection: close
X-Powered-By: PHP/7.3.1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, private
Date: Thu, 21 Sep 2023 16:42:58 +0700, Thu, 21 Sep 2023 09:42:58 GMT
Set-Cookie: XSRF-TOKEN=eyJpdiI6Ik9xSlQvVkZkUEQvMWlmaGRobjdlaEE9PSIsInZhbHVlIjoiVklQWTNFTUp6eUlQcnRQWUVJazhLWDlLTHNZLys4UmE0Tnd3RzZGNmdXY0doNEFLN05ZTHdON0VqVHdkSlNpciIsIm1hYyI6ImRkOGE1YjBiYTBiOTYxZjI0ZTc4ZWY1MDQ5ZGEwMDg3ZTVkMDI0NTJiY2NlNjBiNWYxYTliZTVmNzI5Mjg4N2EifQ%3D%3D; expires=Thu, 21-Sep-2023 11:42:58 GMT; Max-Age=7200; path=/; samesite=lax
cash_advance_session=eyJpdiI6Ik5VMzBHQ0x3SFoxQk1SNlFsVVRxMFE9PSIsInZhbHVlIjoiWkhJRGI5RHJtc3lSZnBVWnA4RVo5d1NlYWdyMXNPVXhlVTN1RGVJL0F6OWhlTHgyNUhGUlJQeWZlTVZhKzM1eiIsIm1hYyI6IjMyNzgzM2UxOGViZWYxYzQwYWFhMmU3NTQ2MGY3YzdhNzk0YzA3YWMwYjUzYmQ1MTRlMzI5ZmM2MGQ4ZjUwMWQifQ%3D%3D; expires=Thu, 21-Sep-2023 11:42:58 GMT; Max-Age=7200; path=/; httponly; samesite=lax

use.fontawesome.com/releases/v5.7.0/css/all.css

172.64.102.11

200 OK

54641

URL GET HTTP/2

use.fontawesome.com/releases/v5.7.0/css/all.css
IP

172.64.102.11:443
ASN

#13335 CLOUDFLARENET

Requested by

http://103.120.175.20:7800/login
Certificate

IssuerGoogle Trust Services LLC

Subjectuse.fontawesome.com

Fingerprint23:04:2D:9B:C5:BA:9D:AA:AC:6A:FD:14:B0:96:18:D6:EB:A5:B3:65

ValidityFri, 01 Sep 2023 05:27:58 GMT - Thu, 30 Nov 2023 05:27:57 GMT

Magic

ASCII text, with very long lines (54456)

Size

54641
Hash

251d28bd755f5269a4531df8a81d5664

c0f035b41b23c6e8fab735f618aa3cff0897b4f9

afdc6bf2de981ffd7d370b76f44e7580572f197efbe214b9cfa4005d189d8eae

HTTP Headers

                                        GET /releases/v5.7.0/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://103.120.175.20:7800
DNT: 1
Connection: keep-alive
Referer: http://103.120.175.20:7800/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Thu, 21 Sep 2023 09:42:49 GMT
content-type: text/css
x-amz-id-2: ji9GB0yHrR42gVJBBBK6WcMUxPuPEj18x7wnfB8ICSNRcczrxgjbw61hgvadAirfjwhw1EqSo2s=
x-amz-request-id: NF4Y91C7HJEW6ZYM
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:15 GMT
etag: W/"251d28bd755f5269a4531df8a81d5664"
cache-control: max-age=31556926
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PyFLp6SsouWcEMwcpyErv4zKQkzfCVcZGZ09WGVyakElyZty403McHTgbt%2BQ%2FRwt2RVMRk3IXZ5UAAUTO%2FhtSqDNnAW%2FbiuXzfROnPcxycQ6LYSSZYfifMzyc%2BIWtyR%2FkV1JfVRq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80a15c3a6d4e3860-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

#1 JS:Script (size: 0)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#2 JS:Script (size: 89503)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#3 JS:Script (size: 356034)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#4 JS:Script (size: 50)

Introduced by

Inline HTML

Observations

Hash

#5 JS:Script (size: 3268)

Introduced by

Inline HTML

Observations

Hash

#6 JS:Script (size: 25001)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#7 JS:Script (size: 5537)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

HTTP Transactions (16)

URL GET HTTP/2

IP