| GET gejeo.sguosb.web.id/verify.php |  104.21.49.252 | 200 OK | 9.6 kB |
URL User Request GET gejeo.sguosb.web.id/verify.php IP104.21.49.252:443
CertificateIssuerGoogle Trust Services Subjectsguosb.web.id Fingerprint06:65:B1:7E:8B:1C:97:AD:77:54:98:00:FC:12:1D:82:39:5C:FA:37 ValidityMon, 09 Jun 2025 07:42:22 GMT - Sun, 07 Sep 2025 08:39:58 GMT
File typeHTML document, ASCII text, with very long lines (4946) Hashfdd0b48c2806e64835748c9c7c450847 912a100cb5183de8f1f1a6f833c422e5997f79d7 74b0c971765236d32209117970aa43c7dc8bde96f0bee80e99cbb38dc1588985
GET /verify.php HTTP/1.1
Host: gejeo.sguosb.web.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 24 Jun 2025 07:51:24 GMT
content-type: text/html; charset=UTF-8
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=rMCQdcVlBzmp4VM4Q%2Fev6hLmJEeqByyhkq4zbDXipI%2BHX52A49RnJIZX1HQF2lqe7NdTAu3CshKxDdehedcuscXPfbNNPBKI1qmRZC22Zuo6"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding
server: cloudflare
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 954aa3c73ba4b4ee-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
| GET file.gifan.id/tailwind.js | 104.21.7.246 | 200 OK | 407 kB |
URL GET file.gifan.id/tailwind.js IP104.21.7.246:443
Requested byhttps://gejeo.sguosb.web.id/verify.php CertificateIssuerGoogle Trust Services Subjectgifan.id Fingerprint00:10:0D:35:FD:2F:62:D1:F0:15:DE:C0:B9:FF:2E:EF:53:D8:6E:B7 ValidityMon, 12 May 2025 23:44:24 GMT - Mon, 11 Aug 2025 00:42:56 GMT
File typeJavaScript source, ASCII text, with very long lines (52853), with CRLF line terminators Size407 kB (407360 bytes) Hash07fc10e56e57b4c39d843de1c5f55d4a 538e8772f047a79288071a864a4b3d4b7bd8aee4 6c3d46e49008030c958ea3498f615c9f35e4545daf18db15c398820655bb2ecc
GET /tailwind.js HTTP/1.1
Host: file.gifan.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gejeo.sguosb.web.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 24 Jun 2025 07:51:24 GMT
content-type: text/javascript
content-length: 117825
last-modified: Sat, 16 Nov 2024 15:34:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
server: cloudflare
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: public, max-age=604800
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
etag:
age: 403776
cf-cache-status: HIT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=29Mi2zMKcT7G5pHnjjfwGxHwtax8ozQiEAyNk3U5qOidkMvMKV59qSKv3Q56A9Xwt%2FwUnbuZKuV8lRGjPRA%2B7rhxkSC8Xmcz1iBl"}]}
cf-ray: 954aa3c9ae72b4ee-OSL
X-Firefox-Spdy: h2
|
| GET file.g-code.co.id/npm/protection@latest/ | 104.21.64.1 | 200 OK | 17 kB |
URL GET file.g-code.co.id/npm/protection@latest/ IP104.21.64.1:443
Requested byhttps://gejeo.sguosb.web.id/verify.php CertificateIssuerGoogle Trust Services Subjectg-code.co.id FingerprintA5:74:BA:FB:53:27:D4:07:4D:BD:0F:56:23:CB:DA:79:BB:C2:23:CC ValiditySat, 24 May 2025 12:35:02 GMT - Fri, 22 Aug 2025 13:33:24 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (17187) Hash723ad397a1f6402ac487a4707e9d4f0e b4333fb209b47d04bbbc990ba7eee8a0cbd8b961 93459f3bbe13b5e7bc0446e5286731ac5443d95fa5fc2ec4c5c26462746ec895
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /npm/protection@latest/ HTTP/1.1
Host: file.g-code.co.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gejeo.sguosb.web.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 24 Jun 2025 07:51:25 GMT
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate
content-encoding: br
vary: Accept-Encoding,User-Agent
server: cloudflare
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=i7CXbHV4SF4CulmRRMT1GVw1YrfW8nE6ExchWQcZSMesIe5SSK4aQuM%2B6GuH7p1gVyCzXhzbE04DM2ZOcCwmVGH5kNOJtOaeCQGv4kX0RQ%3D%3D"}]}
cf-ray: 954aa3ce091b7129-OSL
X-Firefox-Spdy: h2
|