| |  36.94.37.125 | 302 Found | 344 B |
URL User Request GET HTTP/1.1IP36.94.37.125:80 ASN#7713 PT Telekomunikasi Indonesia
File typeHTML document, ASCII text Hash61fa713fc8375e7cf2550e527ff8a5c0 627fc545f3dd426d7e56674bdb6c38f89f350e02 517592a405edefb5678518f97e0c05bb81073f4056321f727c4bf3e1aa7c5338
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 36.94.37.125
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Sat, 04 May 2024 11:35:47 GMT
Server: Apache/2.4.18 (Ubuntu)
Strict-Transport-Security: max-age=63072000; includeSubdomains
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Cache-Control: no-cache
Location: http://36.94.37.125/login
Set-Cookie: XSRF-TOKEN=eyJpdiI6ImZHSUZMY0MyQjdxTWVBZkhGdWNvRXc9PSIsInZhbHVlIjoidWNDVnZCQ3NNT1B6eWNNSUdJNEl5WTFsYVFaaGJoQzFtN3NWc2laKzFaMFloUmR2NWQxUUNJNzJyNUNxR1hQaHloOHQ4OXAwSldZb3RvZUdXU1VIS2c9PSIsIm1hYyI6ImY2MDJmY2E4MGExNmNkMDFmOTBkOGM3ZGQ2YTA5ZDVhODA2NDg4NTU0NTRhNTBhZmI1ZGVmYjM3OTBmZGU4NmEifQ%3D%3D; expires=Sat, 04-May-2024 13:35:47 GMT; Max-Age=7200; path=/
laravel_session=eyJpdiI6IlNhSkVORG5uZndES3QzVmxPM2VvSGc9PSIsInZhbHVlIjoiWFwvMm10M0RMVkFTY05BcmdKUTd6ekdqSDFERlBodXpyOTZBalhDTXE4TXhKR2dwXC9qWnJKY296aEZMa21WMHFKZktZdmw1VDhTNGRJc2RacWdla0NHdz09IiwibWFjIjoiMzkzYWE2OWQzMTAwM2Q4ZTVhYWE1ODNjZDhlYzFiODRiNDAyZDc1NDdmZjMyMGI5OTFlNmJhZjEzZmFhOWZiYyJ9; expires=Sat, 04-May-2024 13:35:47 GMT; Max-Age=7200; path=/; HttpOnly
Content-Length: 344
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| | 36.94.37.125 | 200 OK | 1.3 kB |
URL User Request GET HTTP/1.1IP36.94.37.125:80 ASN#7713 PT Telekomunikasi Indonesia
File typeHTML document, ASCII text Hash75863594e6d2d15b5bd4763dc4f20d22 434eb6beef96503d0e9e638e0f72b5589b34f2ef 8cbf872c3ad01e16a8530c991f867fde39f5d75d19936dbce142f570489bb797
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /login HTTP/1.1
Host: 36.94.37.125
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImZHSUZMY0MyQjdxTWVBZkhGdWNvRXc9PSIsInZhbHVlIjoidWNDVnZCQ3NNT1B6eWNNSUdJNEl5WTFsYVFaaGJoQzFtN3NWc2laKzFaMFloUmR2NWQxUUNJNzJyNUNxR1hQaHloOHQ4OXAwSldZb3RvZUdXU1VIS2c9PSIsIm1hYyI6ImY2MDJmY2E4MGExNmNkMDFmOTBkOGM3ZGQ2YTA5ZDVhODA2NDg4NTU0NTRhNTBhZmI1ZGVmYjM3OTBmZGU4NmEifQ%3D%3D; laravel_session=eyJpdiI6IlNhSkVORG5uZndES3QzVmxPM2VvSGc9PSIsInZhbHVlIjoiWFwvMm10M0RMVkFTY05BcmdKUTd6ekdqSDFERlBodXpyOTZBalhDTXE4TXhKR2dwXC9qWnJKY296aEZMa21WMHFKZktZdmw1VDhTNGRJc2RacWdla0NHdz09IiwibWFjIjoiMzkzYWE2OWQzMTAwM2Q4ZTVhYWE1ODNjZDhlYzFiODRiNDAyZDc1NDdmZjMyMGI5OTFlNmJhZjEzZmFhOWZiYyJ9
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 11:35:50 GMT
Server: Apache/2.4.18 (Ubuntu)
Strict-Transport-Security: max-age=63072000; includeSubdomains
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Cache-Control: no-cache
Set-Cookie: XSRF-TOKEN=eyJpdiI6IkVzVWp5TTdxN20rZkZ2eHY2d1hRXC9RPT0iLCJ2YWx1ZSI6IkJkanlER014NWVwNDNUQWJWS3BnaUpscng0bjlsSnRWcFlcL0dsK1BjeVNaR2dUQUdxaE5jOW9Dc3hwZnJYOW9XNkFqTmlLQmVrZFNxU3VSWEdCSm0yUT09IiwibWFjIjoiNWExODM0ZmI5YTA5MWMxNjE1YTQ0NzhhZTNkZjViZmE3YTE5MzYzNGYwNzQ4ODY5NWEwYmQ4NTgxNTQyYzE4ZCJ9; expires=Sat, 04-May-2024 13:35:50 GMT; Max-Age=7200; path=/
laravel_session=eyJpdiI6IkNwZXBEZ2tEcWVVV0lHR1BSTmZXbUE9PSIsInZhbHVlIjoielZEbklNcDlLVjdrZWppcW5ZR2lxUzFuVzZhWDVvdTJEdGcxelc2bGU2TTBKRFwvckg1SG91OUZ5YjhNRVY4c2xKUThObUxKWHk5TUdqeCtWa3dPNWZ3PT0iLCJtYWMiOiIzOGRjMTMwYTYzNjhlZjY1OGZiMmQxM2VhODJlMzVlZjBjZDYwOTFiODYzOWM0YmJkNTJkNmIwNGYyNDFiZTdkIn0%3D; expires=Sat, 04-May-2024 13:35:50 GMT; Max-Age=7200; path=/; HttpOnly
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1289
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| code.ionicframework.com/ionicons/2.0.0/css/ionicons.min.css |  172.67.69.29 | 200 OK | 8.3 kB |
URL GET HTTP/1.1code.ionicframework.com/ionicons/2.0.0/css/ionicons.min.css IP172.67.69.29:80
Requested byhttp://36.94.37.125/login
File typeUnicode text, UTF-8 text, with very long lines (50806) Hash0d6763b67616cb9183f3931313d42971 f0459300e39155df7aa5e94b3bdb8c8594f49a60 de2bbd8e0b32f53a53c1729bedb350cea59e9115fba4f2bed8e2e3dd1f76d9fa
GET /ionicons/2.0.0/css/ionicons.min.css HTTP/1.1
Host: code.ionicframework.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://36.94.37.125/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 11:35:51 GMT
Content-Type: text/css; charset=utf-8
Content-Length: 8313
Connection: keep-alive
x-origin-cache: HIT
Last-Modified: Thu, 13 Apr 2023 16:20:19 GMT
Access-Control-Allow-Origin: *
ETag: W/"64382bc3-c854"
expires: Fri, 03 May 2024 21:20:56 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
x-proxy-cache: HIT
X-GitHub-Request-Id: C996:2E8DCA:303FDB4:31846A7:663552F3
Age: 51874
Via: 1.1 varnish
X-Served-By: cache-osl6537-OSL
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1714770677.204713,VS0,VE111
Vary: Accept-Encoding
X-Fastly-Request-ID: de0de4f5a740058d67d760e7df43db34ad591aad
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cYpxTAbBPZHgJaUpyETxu64vvZDmz2Fd7LJljI606J8VBV3tki61M4iUGNYtmt1OW5JQ%2BhYKYYTnKW3oI32%2BYtu2BqU2eRKcU5HBIPBgL9RgICA2jeRLDyiERRmVQqJhA1FJMPnelTXl"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87e8308fc82a5694-OSL
alt-svc: h2=":443"; ma=60
|
|
| 36.94.37.125/bower_components/AdminLTE/bootstrap/css/bootstrap.min.css | 36.94.37.125 | 200 OK | 20 kB |
URL GET HTTP/1.136.94.37.125/bower_components/AdminLTE/bootstrap/css/bootstrap.min.css IP36.94.37.125:80 ASN#7713 PT Telekomunikasi Indonesia
Requested byhttp://36.94.37.125/login
File typeASCII text, with very long lines (65371) Hash2f624089c65f12185e79925bc5a7fc42 8eb176c70b9cfa6871b76d6dc98fb526e7e9b3de eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /bower_components/AdminLTE/bootstrap/css/bootstrap.min.css HTTP/1.1
Host: 36.94.37.125
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://36.94.37.125/login
Cookie: XSRF-TOKEN=eyJpdiI6IkVzVWp5TTdxN20rZkZ2eHY2d1hRXC9RPT0iLCJ2YWx1ZSI6IkJkanlER014NWVwNDNUQWJWS3BnaUpscng0bjlsSnRWcFlcL0dsK1BjeVNaR2dUQUdxaE5jOW9Dc3hwZnJYOW9XNkFqTmlLQmVrZFNxU3VSWEdCSm0yUT09IiwibWFjIjoiNWExODM0ZmI5YTA5MWMxNjE1YTQ0NzhhZTNkZjViZmE3YTE5MzYzNGYwNzQ4ODY5NWEwYmQ4NTgxNTQyYzE4ZCJ9; laravel_session=eyJpdiI6IkNwZXBEZ2tEcWVVV0lHR1BSTmZXbUE9PSIsInZhbHVlIjoielZEbklNcDlLVjdrZWppcW5ZR2lxUzFuVzZhWDVvdTJEdGcxelc2bGU2TTBKRFwvckg1SG91OUZ5YjhNRVY4c2xKUThObUxKWHk5TUdqeCtWa3dPNWZ3PT0iLCJtYWMiOiIzOGRjMTMwYTYzNjhlZjY1OGZiMmQxM2VhODJlMzVlZjBjZDYwOTFiODYzOWM0YmJkNTJkNmIwNGYyNDFiZTdkIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 11:35:51 GMT
Server: Apache/2.4.18 (Ubuntu)
Strict-Transport-Security: max-age=63072000; includeSubdomains
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Last-Modified: Fri, 06 Apr 2018 04:15:29 GMT
ETag: "1d9ac-569264e781679-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 19751
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
|
|
| 36.94.37.125/bower_components/AdminLTE/dist/css/AdminLTE.min.css | 36.94.37.125 | 200 OK | 15 kB |
URL GET HTTP/1.136.94.37.125/bower_components/AdminLTE/dist/css/AdminLTE.min.css IP36.94.37.125:80 ASN#7713 PT Telekomunikasi Indonesia
Requested byhttp://36.94.37.125/login
File typeASCII text, with very long lines (65196) Hash55fcc92148534f05657b02ff52000363 b5cdcfdcff9cd5d34c367a07062a4aaa78df7233 f9f6ce4016ba660818c4ba4c79031b9b3a626db9c5063d8d6551a18af0e4ed4b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /bower_components/AdminLTE/dist/css/AdminLTE.min.css HTTP/1.1
Host: 36.94.37.125
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://36.94.37.125/login
Cookie: XSRF-TOKEN=eyJpdiI6IkVzVWp5TTdxN20rZkZ2eHY2d1hRXC9RPT0iLCJ2YWx1ZSI6IkJkanlER014NWVwNDNUQWJWS3BnaUpscng0bjlsSnRWcFlcL0dsK1BjeVNaR2dUQUdxaE5jOW9Dc3hwZnJYOW9XNkFqTmlLQmVrZFNxU3VSWEdCSm0yUT09IiwibWFjIjoiNWExODM0ZmI5YTA5MWMxNjE1YTQ0NzhhZTNkZjViZmE3YTE5MzYzNGYwNzQ4ODY5NWEwYmQ4NTgxNTQyYzE4ZCJ9; laravel_session=eyJpdiI6IkNwZXBEZ2tEcWVVV0lHR1BSTmZXbUE9PSIsInZhbHVlIjoielZEbklNcDlLVjdrZWppcW5ZR2lxUzFuVzZhWDVvdTJEdGcxelc2bGU2TTBKRFwvckg1SG91OUZ5YjhNRVY4c2xKUThObUxKWHk5TUdqeCtWa3dPNWZ3PT0iLCJtYWMiOiIzOGRjMTMwYTYzNjhlZjY1OGZiMmQxM2VhODJlMzVlZjBjZDYwOTFiODYzOWM0YmJkNTJkNmIwNGYyNDFiZTdkIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 11:35:51 GMT
Server: Apache/2.4.18 (Ubuntu)
Strict-Transport-Security: max-age=63072000; includeSubdomains
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Last-Modified: Fri, 06 Apr 2018 04:15:29 GMT
ETag: "15fcf-569264e782619-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 14808
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
|
|
| 36.94.37.125/bower_components/AdminLTE/plugins/jQuery/jQuery-2.2.3.min.js | 36.94.37.125 | 500 Internal Server Error | 0 B |
URL GET HTTP/1.036.94.37.125/bower_components/AdminLTE/plugins/jQuery/jQuery-2.2.3.min.js IP36.94.37.125:80 ASN#7713 PT Telekomunikasi Indonesia
Requested byhttp://36.94.37.125/login
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /bower_components/AdminLTE/plugins/jQuery/jQuery-2.2.3.min.js HTTP/1.1
Host: 36.94.37.125
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://36.94.37.125/login
Cookie: XSRF-TOKEN=eyJpdiI6IkVzVWp5TTdxN20rZkZ2eHY2d1hRXC9RPT0iLCJ2YWx1ZSI6IkJkanlER014NWVwNDNUQWJWS3BnaUpscng0bjlsSnRWcFlcL0dsK1BjeVNaR2dUQUdxaE5jOW9Dc3hwZnJYOW9XNkFqTmlLQmVrZFNxU3VSWEdCSm0yUT09IiwibWFjIjoiNWExODM0ZmI5YTA5MWMxNjE1YTQ0NzhhZTNkZjViZmE3YTE5MzYzNGYwNzQ4ODY5NWEwYmQ4NTgxNTQyYzE4ZCJ9; laravel_session=eyJpdiI6IkNwZXBEZ2tEcWVVV0lHR1BSTmZXbUE9PSIsInZhbHVlIjoielZEbklNcDlLVjdrZWppcW5ZR2lxUzFuVzZhWDVvdTJEdGcxelc2bGU2TTBKRFwvckg1SG91OUZ5YjhNRVY4c2xKUThObUxKWHk5TUdqeCtWa3dPNWZ3PT0iLCJtYWMiOiIzOGRjMTMwYTYzNjhlZjY1OGZiMmQxM2VhODJlMzVlZjBjZDYwOTFiODYzOWM0YmJkNTJkNmIwNGYyNDFiZTdkIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.0 500 Internal Server Error
Date: Sat, 04 May 2024 11:35:51 GMT
Server: Apache/2.4.18 (Ubuntu)
Strict-Transport-Security: max-age=63072000; includeSubdomains
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
|
|
| fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic | 142.250.74.74 | 200 OK | 1.4 kB |
URL GET HTTP/2fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic IP142.250.74.74:443
Requested byhttp://36.94.37.125/login CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typegzip compressed data, max compression Hash888f4ce6c1c1d28925bacbc42ada2388 3bf1935b2c695594fdd5b44f491e513e1951857e bff45fdaad825a5e19b3df46bc3c6f7ea4ff566eceeef9953f1b002f75620a4c
GET /css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://36.94.37.125/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 11:35:51 GMT
date: Sat, 04 May 2024 11:35:51 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 36.94.37.125/bower_components/AdminLTE/bootstrap/js/bootstrap.min.js | 36.94.37.125 | 200 OK | 9.8 kB |
URL GET HTTP/1.136.94.37.125/bower_components/AdminLTE/bootstrap/js/bootstrap.min.js IP36.94.37.125:80 ASN#7713 PT Telekomunikasi Indonesia
Requested byhttp://36.94.37.125/login
File typeJavaScript source, ASCII text, with very long lines (32003) Hashc5b5b2fa19bd66ff23211d9f844e0131 791aa054a026bddc0de92bad6cf7a1c6e73713d5 2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /bower_components/AdminLTE/bootstrap/js/bootstrap.min.js HTTP/1.1
Host: 36.94.37.125
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://36.94.37.125/login
Cookie: XSRF-TOKEN=eyJpdiI6IkVzVWp5TTdxN20rZkZ2eHY2d1hRXC9RPT0iLCJ2YWx1ZSI6IkJkanlER014NWVwNDNUQWJWS3BnaUpscng0bjlsSnRWcFlcL0dsK1BjeVNaR2dUQUdxaE5jOW9Dc3hwZnJYOW9XNkFqTmlLQmVrZFNxU3VSWEdCSm0yUT09IiwibWFjIjoiNWExODM0ZmI5YTA5MWMxNjE1YTQ0NzhhZTNkZjViZmE3YTE5MzYzNGYwNzQ4ODY5NWEwYmQ4NTgxNTQyYzE4ZCJ9; laravel_session=eyJpdiI6IkNwZXBEZ2tEcWVVV0lHR1BSTmZXbUE9PSIsInZhbHVlIjoielZEbklNcDlLVjdrZWppcW5ZR2lxUzFuVzZhWDVvdTJEdGcxelc2bGU2TTBKRFwvckg1SG91OUZ5YjhNRVY4c2xKUThObUxKWHk5TUdqeCtWa3dPNWZ3PT0iLCJtYWMiOiIzOGRjMTMwYTYzNjhlZjY1OGZiMmQxM2VhODJlMzVlZjBjZDYwOTFiODYzOWM0YmJkNTJkNmIwNGYyNDFiZTdkIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 11:35:51 GMT
Server: Apache/2.4.18 (Ubuntu)
Strict-Transport-Security: max-age=63072000; includeSubdomains
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Last-Modified: Fri, 06 Apr 2018 04:15:29 GMT
ETag: "9004-569264e781679-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9765
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| 36.94.37.125/bower_components/AdminLTE/dist/css/skins/skin-red-light.min.css | 36.94.37.125 | 200 OK | 761 B |
URL GET HTTP/1.136.94.37.125/bower_components/AdminLTE/dist/css/skins/skin-red-light.min.css IP36.94.37.125:80 ASN#7713 PT Telekomunikasi Indonesia
Requested byhttp://36.94.37.125/login
File typeASCII text, with very long lines (3596), with no line terminators Hashb28d6794f58682c302b37cba0d8cc443 0208f6bd68d3f8a0d4a511fc55e1233db042fd14 954d3e87e1447387536897aaf9d8a8f344afa500be168c8180f5e90e75e66748
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /bower_components/AdminLTE/dist/css/skins/skin-red-light.min.css HTTP/1.1
Host: 36.94.37.125
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://36.94.37.125/login
Cookie: XSRF-TOKEN=eyJpdiI6IkVzVWp5TTdxN20rZkZ2eHY2d1hRXC9RPT0iLCJ2YWx1ZSI6IkJkanlER014NWVwNDNUQWJWS3BnaUpscng0bjlsSnRWcFlcL0dsK1BjeVNaR2dUQUdxaE5jOW9Dc3hwZnJYOW9XNkFqTmlLQmVrZFNxU3VSWEdCSm0yUT09IiwibWFjIjoiNWExODM0ZmI5YTA5MWMxNjE1YTQ0NzhhZTNkZjViZmE3YTE5MzYzNGYwNzQ4ODY5NWEwYmQ4NTgxNTQyYzE4ZCJ9; laravel_session=eyJpdiI6IkNwZXBEZ2tEcWVVV0lHR1BSTmZXbUE9PSIsInZhbHVlIjoielZEbklNcDlLVjdrZWppcW5ZR2lxUzFuVzZhWDVvdTJEdGcxelc2bGU2TTBKRFwvckg1SG91OUZ5YjhNRVY4c2xKUThObUxKWHk5TUdqeCtWa3dPNWZ3PT0iLCJtYWMiOiIzOGRjMTMwYTYzNjhlZjY1OGZiMmQxM2VhODJlMzVlZjBjZDYwOTFiODYzOWM0YmJkNTJkNmIwNGYyNDFiZTdkIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 11:35:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Strict-Transport-Security: max-age=63072000; includeSubdomains
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Last-Modified: Fri, 06 Apr 2018 04:15:29 GMT
ETag: "e0c-569264e782619-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 761
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
|
|
| fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 | 216.58.207.227 | 200 OK | 15 kB |
URL GET HTTP/2fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 IP216.58.207.227:443
Requested byhttp://36.94.37.125/login CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 14712, version 1.0 Hash3afeae0d768769f5e5f30ac9805c5b70 3ada17c2b462db3e7a1fd85c3f4670dfe7704f4d 0d0a6262c545e8bbc895116e5afb22579c468d7abb77e378f377d6fed57c1dce
GET /s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://36.94.37.125
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14712
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 18:02:35 GMT
expires: Fri, 02 May 2025 18:02:35 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 01 Jun 2023 22:52:57 GMT
content-type: font/woff2
age: 149597
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2 | 216.58.207.227 | 200 OK | 15 kB |
URL GET HTTP/2fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2 IP216.58.207.227:443
Requested byhttp://36.94.37.125/login CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 14780, version 1.0 Hash8dae809192c44690275a3624133293e7 969c98c4d7eb00386ebbd61a63288972d138ecb8 c3de27b2cbd6deda629c9b442700cf54c0dda74e494b1c75a57d822068a047f8
GET /s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://36.94.37.125
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14780
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:03:54 GMT
expires: Fri, 02 May 2025 02:03:54 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 01 Jun 2023 22:52:58 GMT
content-type: font/woff2
age: 207118
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 | 216.58.207.227 | 200 OK | 15 kB |
URL GET HTTP/2fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 IP216.58.207.227:443
Requested byhttp://36.94.37.125/login CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 14892, version 1.0 Hash9ec6deaf6bada919e20b98f9f7b718b1 501d36403ad8205e4644532600019ecb10f5cb0a 7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
GET /s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://36.94.37.125
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14892
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 10:17:48 GMT
expires: Sat, 03 May 2025 10:17:48 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 01 Jun 2023 22:52:56 GMT
content-type: font/woff2
age: 91084
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 36.94.37.125/favicon.ico | 36.94.37.125 | 200 OK | 0 B |
IP36.94.37.125:80 ASN#7713 PT Telekomunikasi Indonesia
Requested byhttp://36.94.37.125/login
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: 36.94.37.125
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://36.94.37.125/login
Cookie: XSRF-TOKEN=eyJpdiI6IkVzVWp5TTdxN20rZkZ2eHY2d1hRXC9RPT0iLCJ2YWx1ZSI6IkJkanlER014NWVwNDNUQWJWS3BnaUpscng0bjlsSnRWcFlcL0dsK1BjeVNaR2dUQUdxaE5jOW9Dc3hwZnJYOW9XNkFqTmlLQmVrZFNxU3VSWEdCSm0yUT09IiwibWFjIjoiNWExODM0ZmI5YTA5MWMxNjE1YTQ0NzhhZTNkZjViZmE3YTE5MzYzNGYwNzQ4ODY5NWEwYmQ4NTgxNTQyYzE4ZCJ9; laravel_session=eyJpdiI6IkNwZXBEZ2tEcWVVV0lHR1BSTmZXbUE9PSIsInZhbHVlIjoielZEbklNcDlLVjdrZWppcW5ZR2lxUzFuVzZhWDVvdTJEdGcxelc2bGU2TTBKRFwvckg1SG91OUZ5YjhNRVY4c2xKUThObUxKWHk5TUdqeCtWa3dPNWZ3PT0iLCJtYWMiOiIzOGRjMTMwYTYzNjhlZjY1OGZiMmQxM2VhODJlMzVlZjBjZDYwOTFiODYzOWM0YmJkNTJkNmIwNGYyNDFiZTdkIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 11:35:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Strict-Transport-Security: max-age=63072000; includeSubdomains
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Last-Modified: Fri, 06 Apr 2018 04:15:29 GMT
ETag: "0-569264e798d7c"
Accept-Ranges: bytes
Content-Length: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/vnd.microsoft.icon
|
|
| 36.94.37.125/bower_components/AdminLTE/bootstrap/fonts/glyphicons-halflings-regular.woff2 | 36.94.37.125 | 200 OK | 18 kB |
URL GET HTTP/1.136.94.37.125/bower_components/AdminLTE/bootstrap/fonts/glyphicons-halflings-regular.woff2 IP36.94.37.125:80 ASN#7713 PT Telekomunikasi Indonesia
Requested byhttp://36.94.37.125/login
File typeWeb Open Font Format (Version 2), TrueType, length 18028, version 1.589 Hash448c34a56d699c29117adc64c43affeb ca35b697d99cae4d1b60f2d60fcd37771987eb07 fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /bower_components/AdminLTE/bootstrap/fonts/glyphicons-halflings-regular.woff2 HTTP/1.1
Host: 36.94.37.125
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://36.94.37.125/bower_components/AdminLTE/bootstrap/css/bootstrap.min.css
Cookie: XSRF-TOKEN=eyJpdiI6IkVzVWp5TTdxN20rZkZ2eHY2d1hRXC9RPT0iLCJ2YWx1ZSI6IkJkanlER014NWVwNDNUQWJWS3BnaUpscng0bjlsSnRWcFlcL0dsK1BjeVNaR2dUQUdxaE5jOW9Dc3hwZnJYOW9XNkFqTmlLQmVrZFNxU3VSWEdCSm0yUT09IiwibWFjIjoiNWExODM0ZmI5YTA5MWMxNjE1YTQ0NzhhZTNkZjViZmE3YTE5MzYzNGYwNzQ4ODY5NWEwYmQ4NTgxNTQyYzE4ZCJ9; laravel_session=eyJpdiI6IkNwZXBEZ2tEcWVVV0lHR1BSTmZXbUE9PSIsInZhbHVlIjoielZEbklNcDlLVjdrZWppcW5ZR2lxUzFuVzZhWDVvdTJEdGcxelc2bGU2TTBKRFwvckg1SG91OUZ5YjhNRVY4c2xKUThObUxKWHk5TUdqeCtWa3dPNWZ3PT0iLCJtYWMiOiIzOGRjMTMwYTYzNjhlZjY1OGZiMmQxM2VhODJlMzVlZjBjZDYwOTFiODYzOWM0YmJkNTJkNmIwNGYyNDFiZTdkIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 11:35:53 GMT
Server: Apache/2.4.18 (Ubuntu)
Strict-Transport-Security: max-age=63072000; includeSubdomains
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Last-Modified: Fri, 06 Apr 2018 04:15:29 GMT
ETag: "466c-569264e781679"
Accept-Ranges: bytes
Content-Length: 18028
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
|
|
| maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css |  104.18.11.207 | 200 OK | 24 kB |
URL GET HTTP/2maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css IP104.18.11.207:443
Requested byhttp://36.94.37.125/login CertificateIssuerGoogle Trust Services LLC Subjectbootstrapcdn.com Fingerprint57:B4:25:B9:9C:88:A1:A3:3D:F7:31:74:02:E4:D1:E0:0A:F5:11:63 ValidityWed, 27 Mar 2024 00:22:09 GMT - Tue, 25 Jun 2024 00:22:08 GMT
File typeASCII text, with very long lines (23577) Hash04425bbdc6243fc6e54bf8984fe50330 8c15c6bd82c71e9ef1bb11cf24e502fe07518ac5 541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
GET /font-awesome/4.3.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://36.94.37.125/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 11:35:51 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
cdn-edgestorageid: 632, 617, 617
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 2021-06-08 21:08:57
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: e6a55b08fe5091f45c9e99ce9e9f98c2
cdn-status: 200
cdn-cache: HIT
cf-cache-status: HIT
age: 314643
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 87e8308fd94eb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|