r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash bea3185dd820a31c1981317f37c3456d
1a548a5d27270fc11df9011837a7149571cedd78
469b97bf9f57401b3c9571039483589f2815f4794212b75c7c85cfefe0ae71e9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "469B97BF9F57401B3C9571039483589F2815F4794212B75C7C85CFEFE0AE71E9"
Last-Modified: Wed, 22 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3468
Expires: Fri, 24 Mar 2023 18:13:25 GMT
Date: Fri, 24 Mar 2023 17:15:37 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 210a2a42cfc4f4aced144f5de9babcc6
ece6ecfb2db8d036c3bfc7f02f8ea387e3f965db
59553a312d3fb34f1f0aea469f7e7cc810ff9993481ddbd73ea5d461cf97ed51
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "59553A312D3FB34F1F0AEA469F7E7CC810FF9993481DDBD73EA5D461CF97ED51"
Last-Modified: Wed, 22 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10441
Expires: Fri, 24 Mar 2023 20:09:38 GMT
Date: Fri, 24 Mar 2023 17:15:37 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 51a5d4696a6090c295850554508b51ce
c44e143c2223546e64b19f543b8101aaf3b11e97
8794223d5e8d4d276c35e2fdcc24bf99694240634dd749cd9b5bf874dec055cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8794223D5E8D4D276C35E2FDCC24BF99694240634DD749CD9B5BF874DEC055CF"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12447
Expires: Fri, 24 Mar 2023 20:43:04 GMT
Date: Fri, 24 Mar 2023 17:15:37 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bc86ef2a0cee04915bc360f5821adc8f
3658f9028cce204d38f7f48fcfaa2a8e4f54383a
aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 24 Mar 2023 17:15:17 GMT
content-type: application/json
age: 20
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 39rOsAPyvSNpfbUXjPK94KICkFHH16TBzUW7VugNpXfmN8VZJKLXfZpSqoc1Kslktk9nMSyOuGc=
x-amz-request-id: FFVAXY4MJM0X7X3A
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 24 Mar 2023 17:00:26 GMT
age: 911
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 24 Mar 2023 17:15:37 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
36.91.159.82/
36.91.159.82200 OK 165 B IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
File type HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 7b87d957034cc84218414f44100a93dc
3215688ca555df9918d9fa0457bb7cdd74c88eb9
adbdc4bfe73cfbebc0ce3f3823eaa276b5fa5c6583e90cf418027528bdf42e42
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Fri, 17 Jul 2020 05:41:50 GMT
Accept-Ranges: bytes
ETag: "023b9f7fc5bd61:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:37 GMT
Content-Length: 165
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Last-Modified, Retry-After, Content-Length, Alert, Cache-Control, Expires, Content-Type, Backoff, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 24 Mar 2023 16:17:23 GMT
age: 3495
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 050ca4dc2182e0a27573b0d9f32b7834
bec14dc5af0d0b32210470673511acd8db404308
b6129b9d1848f75265dca4446c5399927bdaf15c7b49c083765847b0fe276eaf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B6129B9D1848F75265DCA4446C5399927BDAF15C7B49C083765847B0FE276EAF"
Last-Modified: Wed, 22 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5949
Expires: Fri, 24 Mar 2023 18:54:47 GMT
Date: Fri, 24 Mar 2023 17:15:38 GMT
Connection: keep-alive
36.91.159.82/default.aspx
36.91.159.82200 OK 19 kB URL HTTP/1.1 36.91.159.82/default.aspx
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (476), with CRLF line terminators
Hash ddcfa5a08a25a7ad3de619985551b149
6a4a2c117ce8f40ce2093c04e01a54c51236aef3
39c565dc9fbb0f54ea838fe04622909444e286b53a99fb1195f2e840ca6a9de9
Analyzer Verdict Alert quad9 Sinkholed
GET /default.aspx HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: private, no-store,no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Content-Type: text/html; charset=utf-8
Expires: Fri, 24 Mar 2023 17:14:38 GMT
Set-Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; path=/; HttpOnly; SameSite=Lax
ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; path=/; HttpOnly; SameSite=Lax
__AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; path=/; HttpOnly
nosso=; expires=Thu, 23-Mar-2023 17:15:38 GMT; path=/
START_UP_PAGE=FALSE; path=/
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:37 GMT
Content-Length: 19410
push.services.mozilla.com/
52.34.13.204101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.34.13.204:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: JgxjnOMGOmkrP8QsH2QfvQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: r25H2gqbuQ72HQTybq7tfGxWp8E=
36.91.159.82/css/reset.css?ver=20200717124158000000
36.91.159.82200 OK 1.7 kB URL HTTP/1.1 36.91.159.82/css/reset.css?ver=20200717124158000000
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
File type Unicode text, UTF-8 (with BOM) text, with CRLF, LF line terminators
Hash 06d9d44d9e400391ea358fc2169bca4f
f2cb685dbf0aba2bde2752c31cb9d4fc98fbdba0
93535ef2a85b4085acd263d6dac2fc591d3e77d1c0e9daebc7b73830d90102a6
Analyzer Verdict Alert quad9 Sinkholed
GET /css/reset.css?ver=20200717124158000000 HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Content-Type: text/css
Last-Modified: Fri, 17 Jul 2020 05:41:58 GMT
Accept-Ranges: bytes
ETag: "0d77dfcfc5bd61:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:37 GMT
Content-Length: 1686
36.91.159.82/css/login.css?ver=20211112102500000000
36.91.159.82200 OK 13 kB URL HTTP/1.1 36.91.159.82/css/login.css?ver=20211112102500000000
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
File type assembler source, Unicode text, UTF-8 (with BOM) text, with very long lines (1453), with CRLF line terminators
Hash e581e756dc1466c33027b25886261e99
1b4e10ccd3ce5f6cb566a37f44c026d7832a08b8
fa03252bbfd744679e19d3c5d833552f7ee1f188bc0b08589be4dd1675f809dc
Analyzer Verdict Alert quad9 Sinkholed
GET /css/login.css?ver=20211112102500000000 HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Content-Type: text/css
Last-Modified: Fri, 12 Nov 2021 03:25:00 GMT
Accept-Ranges: bytes
ETag: "0ceb3df74d7d71:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:39 GMT
Content-Length: 12653
36.91.159.82/scripts/base64.js
36.91.159.82200 OK 7.2 kB URL HTTP/1.1 36.91.159.82/scripts/base64.js
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash a5270843bc5abdc9374f041d8bbfe81d
a7a868140e9964248aaab8bab774cf149cee3a22
52321821d0b87abaa40e0b248228f7803aea0cb2aa9c8adbe18d3416ab0a8968
Analyzer Verdict Alert quad9 Sinkholed
GET /scripts/base64.js HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Content-Type: application/javascript
Last-Modified: Fri, 17 Jul 2020 05:42:16 GMT
Accept-Ranges: bytes
ETag: "06c387fd5bd61:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:39 GMT
Content-Length: 7218
36.91.159.82/scripts/library/JSON-js-master/json2.js
36.91.159.82200 OK 18 kB URL HTTP/1.1 36.91.159.82/scripts/library/JSON-js-master/json2.js
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
Hash f97cd64fa7f3d3d3728786288fef56c8
adccfcf83e6ffb151f7853cd70b76c50028cf512
49341399c4801527cc40f534238ec5bfb28e4f88a219d094f0a9d339107d7f26
Analyzer Verdict Alert quad9 Sinkholed
GET /scripts/library/JSON-js-master/json2.js HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Content-Type: application/javascript
Last-Modified: Fri, 17 Jul 2020 05:42:18 GMT
Accept-Ranges: bytes
ETag: "099698fd5bd61:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:39 GMT
Content-Length: 17524
36.91.159.82/scripts/library/htmlencoder.js?ver=20210622133436000000
36.91.159.82200 OK 14 kB URL HTTP/1.1 36.91.159.82/scripts/library/htmlencoder.js?ver=20210622133436000000
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
File type Unicode text, UTF-8 (with BOM) text, with very long lines (2687), with CRLF line terminators
Hash 20a2530b74cf99cc404dea0c0689292c
0f17aba1d64d41d2b8c2f2f823a31e70c8e45074
896864ae3a3944f96d1c5c2a0b7e46b09317a044c6b618763c82946023255ea8
Analyzer Verdict Alert quad9 Sinkholed
GET /scripts/library/htmlencoder.js?ver=20210622133436000000 HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Content-Type: application/javascript
Last-Modified: Tue, 22 Jun 2021 06:34:36 GMT
Accept-Ranges: bytes
ETag: "06641ab3067d71:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:39 GMT
Content-Length: 14182
36.91.159.82/scripts/common_adm.js?ver=20210716130112000000
36.91.159.82200 OK 20 kB URL HTTP/1.1 36.91.159.82/scripts/common_adm.js?ver=20210716130112000000
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash c912c6adae89084882e56ef82b652184
b1d372b13379625bfe0207c135c15fbab727efce
166adeb1bd6314867e2f5ec4ea906779e1be1d8124626ab34726397c95f943f8
Analyzer Verdict Alert quad9 Sinkholed
GET /scripts/common_adm.js?ver=20210716130112000000 HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Content-Type: application/javascript
Last-Modified: Fri, 16 Jul 2021 06:01:12 GMT
Accept-Ranges: bytes
ETag: "044b1fa77ad71:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:39 GMT
Content-Length: 20270
36.91.159.82/scripts/jquery/jquery-migrate-3.3.0.js
36.91.159.82200 OK 24 kB URL HTTP/1.1 36.91.159.82/scripts/jquery/jquery-migrate-3.3.0.js
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
Hash 36878060991ae8e9a67af23eb0809154
5af534ef345cec012528316d33f5cece6213f869
2c78abbdfd0a760eb8d5f8de8f0e1076520f3d82ad4aa1e80d4a5451e4e71ccb
Analyzer Verdict Alert quad9 Sinkholed
GET /scripts/jquery/jquery-migrate-3.3.0.js HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Content-Type: application/javascript
Last-Modified: Fri, 17 Jul 2020 05:42:48 GMT
Accept-Ranges: bytes
ETag: "03c4b1afd5bd61:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:39 GMT
Content-Length: 24514
36.91.159.82/scripts/sha256.js?ver=20200717124250000000
36.91.159.82200 OK 11 kB URL HTTP/1.1 36.91.159.82/scripts/sha256.js?ver=20200717124250000000
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
Hash ddd089bbfa6a19a5fed5cb809f7d441d
d97e871db9d98735a054f6a401db1b183ad81ef6
2211a10a2ed8d3b23189ae512064151187dfa1050745295b2ec54d0262ae20e9
Analyzer Verdict Alert quad9 Sinkholed
GET /scripts/sha256.js?ver=20200717124250000000 HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Content-Type: application/javascript
Last-Modified: Fri, 17 Jul 2020 05:42:50 GMT
Accept-Ranges: bytes
ETag: "0697c1bfd5bd61:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:39 GMT
Content-Length: 10863
36.91.159.82/scripts/library/bluebird.min.js
36.91.159.82200 OK 77 kB URL HTTP/1.1 36.91.159.82/scripts/library/bluebird.min.js
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
File type ASCII text, with very long lines (32044), with escape sequences
Hash ad58638eca677ab0314b116d3194f27a
66bf0499c3488b461abd9c0ed62f8ec71a9594ea
4a8df52b71e0fc738da41e818f6b0e5e9d8fc116b65b56d017a237245b4383fa
Analyzer Verdict Alert quad9 Sinkholed
GET /scripts/library/bluebird.min.js HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Content-Type: application/javascript
Last-Modified: Fri, 17 Jul 2020 05:42:18 GMT
Accept-Ranges: bytes
ETag: "099698fd5bd61:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:39 GMT
Content-Length: 76607
36.91.159.82/fonts/ris-font-icon.css?ver=20200717124252000000
36.91.159.82200 OK 11 kB URL HTTP/1.1 36.91.159.82/fonts/ris-font-icon.css?ver=20200717124252000000
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
File type ASCII text, with very long lines (7970), with CRLF, LF line terminators
Hash 5887e9af541478313c8b4fad71d93f45
88583f6e3aa89a8fb264690a4cb46dd473536095
c6ee25b6d6d4636f02b253dbdde3ac93555f7f2256faf5635a816bb1b12d9e7e
Analyzer Verdict Alert quad9 Sinkholed
GET /fonts/ris-font-icon.css?ver=20200717124252000000 HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Content-Type: text/css
Last-Modified: Fri, 17 Jul 2020 05:42:52 GMT
Accept-Ranges: bytes
ETag: "096ad1cfd5bd61:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:39 GMT
Content-Length: 10781
36.91.159.82/scripts/util.js?ver=20200717124200000000
36.91.159.82200 OK 78 kB URL HTTP/1.1 36.91.159.82/scripts/util.js?ver=20200717124200000000
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
Hash 2b57b364917ee80248609bb0716a13fe
3590c3d3c93e5e621852a6f779ccc08a414229f6
4d7ebb6d099573ddd3a5160425168b8fe163188ab59c72207217b981903f19f2
Analyzer Verdict Alert quad9 Sinkholed
GET /scripts/util.js?ver=20200717124200000000 HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Content-Type: application/javascript
Last-Modified: Fri, 17 Jul 2020 05:42:00 GMT
Accept-Ranges: bytes
ETag: "04affdfc5bd61:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:39 GMT
Content-Length: 77901
36.91.159.82/css/main.css?ver=20210322124826000000
36.91.159.82200 OK 41 kB URL HTTP/1.1 36.91.159.82/css/main.css?ver=20210322124826000000
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
File type Unicode text, UTF-8 (with BOM) text, with very long lines (1799), with CRLF line terminators
Hash 7ff5a8aec6f8f719529515852d70a3f8
f153465aeec872ba6d98b2d41fda27f579668593
5f14c0ba7cbe2d9f7429c799b0f6cf50817ebd4e4cec7706cf561b08f9f16c86
Analyzer Verdict Alert quad9 Sinkholed
GET /css/main.css?ver=20210322124826000000 HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Content-Type: text/css
Last-Modified: Mon, 22 Mar 2021 05:48:26 GMT
Accept-Ranges: bytes
ETag: "0f133fade1ed71:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:39 GMT
Content-Length: 40872
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16407
Expires: Fri, 24 Mar 2023 21:49:06 GMT
Date: Fri, 24 Mar 2023 17:15:39 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16407
Expires: Fri, 24 Mar 2023 21:49:06 GMT
Date: Fri, 24 Mar 2023 17:15:39 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16407
Expires: Fri, 24 Mar 2023 21:49:06 GMT
Date: Fri, 24 Mar 2023 17:15:39 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16407
Expires: Fri, 24 Mar 2023 21:49:06 GMT
Date: Fri, 24 Mar 2023 17:15:39 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd4aeb81c-baed-41b0-91c6-0a3439c6f3aa.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd4aeb81c-baed-41b0-91c6-0a3439c6f3aa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6cdbc190c56cfc889845d881cf88fed4
106075aa275beeaa40d4fa0587c3cee93b763bcf
5959109c9d987617bdcbb6e1ca8553d970b365390140906d41ff9a84462f1b2b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd4aeb81c-baed-41b0-91c6-0a3439c6f3aa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4970
x-amzn-requestid: d55dee06-0562-4a17-8109-595ec62cc440
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CQPHzHu2IAMFgfQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641cc564-2f3b14aa47db00ba68b963b8;Sampled=0
x-amzn-remapped-date: Thu, 23 Mar 2023 21:32:20 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: ypBVMdGLEmHeFdKuIcGWPOXwDKy2hwIlTCudH7oKauDUUqNnzvVCBg==
via: 1.1 ec27e2bbc77d9805bead471453d2094c.cloudfront.net (CloudFront), 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 22:25:11 GMT
age: 67828
etag: "106075aa275beeaa40d4fa0587c3cee93b763bcf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 85351059b67b0a42eda7e69a31b3b4b4
b798268806dc2f79f033e5872676019faf0e0cc1
86e163b7159b197d6358ab01333ac6da221de0ebe1c5da8d5cef2977d38625fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4000
x-amzn-requestid: 68dc01d7-3eed-48f6-8532-8efaa96cc1ec
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJpraEqyoAMFgNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2315-3852cc8961365a560d1fa02f;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:17 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Ncagzm12kJaHQtYhhjUUhcfXVfbwMdonoNYqpK-QXEmLfyyENgFnFA==
via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 42ef990e439ae115ff739f04e3945234.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 06:10:34 GMT
age: 39905
etag: "b798268806dc2f79f033e5872676019faf0e0cc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d9f0256-f2a3-48d2-9cbe-230433c09812.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d9f0256-f2a3-48d2-9cbe-230433c09812.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9bb55b1044454d0db2324a4af956cd51
5aa34545aa2274453b301c74a083034273177cbd
fb7fa8b91ff7374ac6be2df05e1e98194f2adf3ce728b02a66323993145975ef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d9f0256-f2a3-48d2-9cbe-230433c09812.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7405
x-amzn-requestid: 9865b715-ff9b-498d-95b3-c728fd3430be
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CQPt7E46oAMF1Fg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641cc658-78b66faf317a7aaf689de782;Sampled=0
x-amzn-remapped-date: Thu, 23 Mar 2023 21:36:24 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: MOdi4IjE6ooc_bhXhjI2pikpJfBxxg7kS8qHmvDRZD169vLef4FKYw==
via: 1.1 e39f48cc8f516dc1072afdb086c71f32.cloudfront.net (CloudFront), 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 21:42:31 GMT
age: 70388
etag: "5aa34545aa2274453b301c74a083034273177cbd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F63daf6ae-a4e7-49b4-8e18-aea9506a9ae6.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F63daf6ae-a4e7-49b4-8e18-aea9506a9ae6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 725b558c5b217b40ec923c072a764dc9
f3a16cf007c5793b3abc4978fe023f60d375315b
543d159b2fe8680fcaebd19ed567ea7725030f8c564784be0c542deed456144d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F63daf6ae-a4e7-49b4-8e18-aea9506a9ae6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10649
x-amzn-requestid: e8bfb59a-ccad-4150-9dfa-a9ae7966500b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM7CIHrFoAMFTXg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b720d-0ef87c8a6a55d9c77f2faa03;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:24:29 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: MZAWLd0V6aOwfS3stOcabNJMrPjvrfMHg8lLXDrdEL6y-8XPZTgydQ==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 f313d3df80c4dab8f5399614116801cc.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 15:48:16 GMT
age: 5243
etag: "f3a16cf007c5793b3abc4978fe023f60d375315b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08561a1f-1d19-45db-be98-107d6b1ed25d.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08561a1f-1d19-45db-be98-107d6b1ed25d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6f0b9e85381489dcf646c251722b21d4
5f7ea91288a2170bcabdca6be296718c4191eacd
911f803271ad9053ebac3787bdde9b75ec604acc6aa28692cc8e4c5c4fb61483
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08561a1f-1d19-45db-be98-107d6b1ed25d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10480
x-amzn-requestid: 58aa8272-4b4e-4a2f-9d6e-d47f70891c49
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJptHG7JoAMFSwA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2320-2fd6502b1271d5c13b4ebbe9;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:28 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: pFCYGtd2b7lK7OBFHjCsgqqLfhtMAQDB0vyYFyf1sv-3CkSHbEh3mA==
via: 1.1 2241406ac19fffc8f35d6ddef8e22f56.cloudfront.net (CloudFront), 1.1 4c48e9fb20d53d40e9fe273dbdae1098.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 22:16:43 GMT
age: 68336
etag: "5f7ea91288a2170bcabdca6be296718c4191eacd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8f2a5e3-1443-4c66-9b07-bbc789ebd9ab.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8f2a5e3-1443-4c66-9b07-bbc789ebd9ab.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3d6ed667dad0c17b3f1697f6ad5f1dd2
9eff2b1900bc9788dfbff11fce69cc7c944b1fc1
ec0f7b928c7efd46d2679477acd9f3bf0b335f31b9739c4e925b23bd5cd16a05
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8f2a5e3-1443-4c66-9b07-bbc789ebd9ab.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8385
x-amzn-requestid: 7b1e47a8-7adb-48d9-9b0e-036305a77957
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B9xbmGJsoAMF-5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641562b0-2e4e7a3b14bfce4210def298;Sampled=0
x-amzn-remapped-date: Sat, 18 Mar 2023 07:05:20 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 61beGZuZOIgOsG91c3VjhfcAEk4jwLQ1wyZ8OufNOLMkPwRSCcHo7Q==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 04:34:28 GMT
age: 45671
etag: "9eff2b1900bc9788dfbff11fce69cc7c944b1fc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
36.91.159.82/scripts/common.js?ver=20210622133436000000
36.91.159.82200 OK 20 kB URL HTTP/1.1 36.91.159.82/scripts/common.js?ver=20210622133436000000
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
File type Non-ISO extended-ASCII text, with CRLF line terminators
Hash 75face125a472f88c9186abb1e7dedfa
8e2d4541b2865868217f54e6f439609819720b71
e17d9ee7cd2254493323e128840d2bfcb3f60dffe6f07bd8d27a236f1dab60c5
Analyzer Verdict Alert quad9 Sinkholed
GET /scripts/common.js?ver=20210622133436000000 HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Content-Type: application/javascript
Last-Modified: Tue, 22 Jun 2021 06:34:36 GMT
Accept-Ranges: bytes
ETag: "06641ab3067d71:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:39 GMT
Content-Length: 20408
36.91.159.82/css/import.css
36.91.159.82200 OK 13 kB URL HTTP/1.1 36.91.159.82/css/import.css
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
File type Unicode text, UTF-8 (with BOM) text, with very long lines (1454), with CRLF line terminators
Hash eb658105d0e43e12e5e12d7049cb8268
9e14b545f931379b4e4a6188113ff38f75e266a5
edd9b5bf99ca90a5428a94ac5ba6bf7778e269051e1bc9a91ac9d53067a5b7ff
Analyzer Verdict Alert quad9 Sinkholed
GET /css/import.css HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/css/main.css?ver=20210322124826000000
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Content-Type: text/css
Last-Modified: Fri, 17 Jul 2020 05:41:58 GMT
Accept-Ranges: bytes
ETag: "0d77dfcfc5bd61:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:40 GMT
Content-Length: 13160
36.91.159.82/scripts/jquery/jquery-3.5.1.min.js
36.91.159.82200 OK 90 kB URL HTTP/1.1 36.91.159.82/scripts/jquery/jquery-3.5.1.min.js
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
File type ASCII text, with very long lines (65451)
Hash dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Analyzer Verdict Alert quad9 Sinkholed
GET /scripts/jquery/jquery-3.5.1.min.js HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Content-Type: application/javascript
Last-Modified: Fri, 17 Jul 2020 05:42:48 GMT
Accept-Ranges: bytes
ETag: "03c4b1afd5bd61:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:39 GMT
Content-Length: 89476
36.91.159.82/fonts/fontawesome-5.0.8/css/fontawesome-all.min.css?ver=20200717124252000000
36.91.159.82200 OK 350 kB URL HTTP/1.1 36.91.159.82/fonts/fontawesome-5.0.8/css/fontawesome-all.min.css?ver=20200717124252000000
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
File type ASCII text, with very long lines (65356)
Size 350 kB (349787 bytes)
Hash 9db0bd365a9b3a7d9b22d45547260f6e
a36ceb6ca1da796f50e346da0227f609d9bdd332
cbeb44f3fc17c9e4c8ccdcbc1e9f92dbda1beebdaae1b928f7776b8ebf2eac67
Analyzer Verdict Alert quad9 Sinkholed
GET /fonts/fontawesome-5.0.8/css/fontawesome-all.min.css?ver=20200717124252000000 HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Content-Type: text/css
Last-Modified: Fri, 17 Jul 2020 05:42:52 GMT
Accept-Ranges: bytes
ETag: "096ad1cfd5bd61:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:39 GMT
Content-Length: 349787
36.91.159.82/fonts/ris-font-icon.woff?98jrtb
36.91.159.82200 OK 5.8 kB URL HTTP/1.1 36.91.159.82/fonts/ris-font-icon.woff?98jrtb
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
File type Web Open Font Format, TrueType, length 5800, version 1.0\012- data
Hash 7be59a10d31256c62824580ec8441409
7d37d8034ce47578c72490475295d8c87053d233
ec3f47ada384a81d84c6df69f271a50bd8e47f2c1f9b930f140b8740793b684d
Analyzer Verdict Alert quad9 Sinkholed
GET /fonts/ris-font-icon.woff?98jrtb HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://36.91.159.82/fonts/ris-font-icon.css?ver=20200717124252000000
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Content-Type: application/font-woff
Last-Modified: Fri, 17 Jul 2020 05:42:52 GMT
Accept-Ranges: bytes
ETag: "096ad1cfd5bd61:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:40 GMT
Content-Length: 5800
36.91.159.82/default.aspx
36.91.159.82200 OK 19 kB URL HTTP/1.1 36.91.159.82/default.aspx
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (476), with CRLF line terminators
Hash f926b2196f4b5d44fca96ca8c6a9b33c
3aa70b5204af6f080b8886dc5018cdf3a3e23fa2
74302a4929fee8dc230e2fe349352fe4598f161159f898e310e9212c5334b8bb
Analyzer Verdict Alert quad9 Sinkholed
POST /default.aspx HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 598
Origin: http://36.91.159.82
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: private, no-store,no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Content-Type: text/html; charset=utf-8
Expires: Fri, 24 Mar 2023 17:14:41 GMT
Set-Cookie: nosso=; expires=Thu, 23-Mar-2023 17:15:41 GMT; path=/
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:40 GMT
Content-Length: 18979
36.91.159.82/fonts/ris-font-icon.css?ver=20200717124252000000
36.91.159.82304 Not Modified 0 B URL HTTP/1.1 36.91.159.82/fonts/ris-font-icon.css?ver=20200717124252000000
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /fonts/ris-font-icon.css?ver=20200717124252000000 HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
If-Modified-Since: Fri, 17 Jul 2020 05:42:52 GMT
If-None-Match: "096ad1cfd5bd61:0"
HTTP/1.1 304 Not Modified
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Accept-Ranges: bytes
ETag: "096ad1cfd5bd61:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:41 GMT
36.91.159.82/css/reset.css?ver=20200717124158000000
36.91.159.82304 Not Modified 0 B URL HTTP/1.1 36.91.159.82/css/reset.css?ver=20200717124158000000
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /css/reset.css?ver=20200717124158000000 HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
If-Modified-Since: Fri, 17 Jul 2020 05:41:58 GMT
If-None-Match: "0d77dfcfc5bd61:0"
HTTP/1.1 304 Not Modified
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Accept-Ranges: bytes
ETag: "0d77dfcfc5bd61:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:41 GMT
36.91.159.82/css/login.css?ver=20211112102500000000
36.91.159.82304 Not Modified 0 B URL HTTP/1.1 36.91.159.82/css/login.css?ver=20211112102500000000
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /css/login.css?ver=20211112102500000000 HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
If-Modified-Since: Fri, 12 Nov 2021 03:25:00 GMT
If-None-Match: "0ceb3df74d7d71:0"
HTTP/1.1 304 Not Modified
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Accept-Ranges: bytes
ETag: "0ceb3df74d7d71:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:41 GMT
36.91.159.82/scripts/base64.js
36.91.159.82304 Not Modified 0 B URL HTTP/1.1 36.91.159.82/scripts/base64.js
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /scripts/base64.js HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
If-Modified-Since: Fri, 17 Jul 2020 05:42:16 GMT
If-None-Match: "06c387fd5bd61:0"
HTTP/1.1 304 Not Modified
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Accept-Ranges: bytes
ETag: "06c387fd5bd61:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:41 GMT
36.91.159.82/scripts/jquery/jquery-3.5.1.min.js
36.91.159.82304 Not Modified 0 B URL HTTP/1.1 36.91.159.82/scripts/jquery/jquery-3.5.1.min.js
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /scripts/jquery/jquery-3.5.1.min.js HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
If-Modified-Since: Fri, 17 Jul 2020 05:42:48 GMT
If-None-Match: "03c4b1afd5bd61:0"
HTTP/1.1 304 Not Modified
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Accept-Ranges: bytes
ETag: "03c4b1afd5bd61:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:41 GMT
36.91.159.82/scripts/jquery/jquery-migrate-3.3.0.js
36.91.159.82304 Not Modified 0 B URL HTTP/1.1 36.91.159.82/scripts/jquery/jquery-migrate-3.3.0.js
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /scripts/jquery/jquery-migrate-3.3.0.js HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
If-Modified-Since: Fri, 17 Jul 2020 05:42:48 GMT
If-None-Match: "03c4b1afd5bd61:0"
HTTP/1.1 304 Not Modified
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Accept-Ranges: bytes
ETag: "03c4b1afd5bd61:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:41 GMT
36.91.159.82/scripts/library/JSON-js-master/json2.js
36.91.159.82304 Not Modified 0 B URL HTTP/1.1 36.91.159.82/scripts/library/JSON-js-master/json2.js
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /scripts/library/JSON-js-master/json2.js HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
If-Modified-Since: Fri, 17 Jul 2020 05:42:18 GMT
If-None-Match: "099698fd5bd61:0"
HTTP/1.1 304 Not Modified
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Accept-Ranges: bytes
ETag: "099698fd5bd61:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:41 GMT
36.91.159.82/scripts/library/htmlencoder.js?ver=20210622133436000000
36.91.159.82304 Not Modified 0 B URL HTTP/1.1 36.91.159.82/scripts/library/htmlencoder.js?ver=20210622133436000000
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /scripts/library/htmlencoder.js?ver=20210622133436000000 HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
If-Modified-Since: Tue, 22 Jun 2021 06:34:36 GMT
If-None-Match: "06641ab3067d71:0"
HTTP/1.1 304 Not Modified
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Accept-Ranges: bytes
ETag: "06641ab3067d71:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:41 GMT
36.91.159.82/scripts/common_adm.js?ver=20210716130112000000
36.91.159.82304 Not Modified 0 B URL HTTP/1.1 36.91.159.82/scripts/common_adm.js?ver=20210716130112000000
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /scripts/common_adm.js?ver=20210716130112000000 HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
If-Modified-Since: Fri, 16 Jul 2021 06:01:12 GMT
If-None-Match: "044b1fa77ad71:0"
HTTP/1.1 304 Not Modified
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Accept-Ranges: bytes
ETag: "044b1fa77ad71:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:41 GMT
36.91.159.82/scripts/library/bluebird.min.js
36.91.159.82304 Not Modified 0 B URL HTTP/1.1 36.91.159.82/scripts/library/bluebird.min.js
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /scripts/library/bluebird.min.js HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
If-Modified-Since: Fri, 17 Jul 2020 05:42:18 GMT
If-None-Match: "099698fd5bd61:0"
HTTP/1.1 304 Not Modified
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Accept-Ranges: bytes
ETag: "099698fd5bd61:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:41 GMT
36.91.159.82/scripts/util.js?ver=20200717124200000000
36.91.159.82304 Not Modified 0 B URL HTTP/1.1 36.91.159.82/scripts/util.js?ver=20200717124200000000
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /scripts/util.js?ver=20200717124200000000 HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
If-Modified-Since: Fri, 17 Jul 2020 05:42:00 GMT
If-None-Match: "04affdfc5bd61:0"
HTTP/1.1 304 Not Modified
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Accept-Ranges: bytes
ETag: "04affdfc5bd61:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:41 GMT
36.91.159.82/scripts/sha256.js?ver=20200717124250000000
36.91.159.82304 Not Modified 0 B URL HTTP/1.1 36.91.159.82/scripts/sha256.js?ver=20200717124250000000
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /scripts/sha256.js?ver=20200717124250000000 HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
If-Modified-Since: Fri, 17 Jul 2020 05:42:50 GMT
If-None-Match: "0697c1bfd5bd61:0"
HTTP/1.1 304 Not Modified
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Accept-Ranges: bytes
ETag: "0697c1bfd5bd61:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:41 GMT
36.91.159.82/scripts/common.js?ver=20210622133436000000
36.91.159.82304 Not Modified 0 B URL HTTP/1.1 36.91.159.82/scripts/common.js?ver=20210622133436000000
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /scripts/common.js?ver=20210622133436000000 HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
If-Modified-Since: Tue, 22 Jun 2021 06:34:36 GMT
If-None-Match: "06641ab3067d71:0"
HTTP/1.1 304 Not Modified
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Accept-Ranges: bytes
ETag: "06641ab3067d71:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:41 GMT
36.91.159.82/fonts/fontawesome-5.0.8/css/fontawesome-all.min.css?ver=20200717124252000000
36.91.159.82304 Not Modified 0 B URL HTTP/1.1 36.91.159.82/fonts/fontawesome-5.0.8/css/fontawesome-all.min.css?ver=20200717124252000000
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /fonts/fontawesome-5.0.8/css/fontawesome-all.min.css?ver=20200717124252000000 HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
If-Modified-Since: Fri, 17 Jul 2020 05:42:52 GMT
If-None-Match: "096ad1cfd5bd61:0"
HTTP/1.1 304 Not Modified
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Accept-Ranges: bytes
ETag: "096ad1cfd5bd61:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:41 GMT
36.91.159.82/css/main.css?ver=20210322124826000000
36.91.159.82304 Not Modified 0 B URL HTTP/1.1 36.91.159.82/css/main.css?ver=20210322124826000000
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /css/main.css?ver=20210322124826000000 HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
If-Modified-Since: Mon, 22 Mar 2021 05:48:26 GMT
If-None-Match: "0f133fade1ed71:0"
HTTP/1.1 304 Not Modified
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Accept-Ranges: bytes
ETag: "0f133fade1ed71:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:41 GMT
36.91.159.82/images/edge.png
36.91.159.82200 OK 2.4 kB URL HTTP/1.1 36.91.159.82/images/edge.png
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 36dc01a981cffae4a0830eb02e64dd40
7e0d0193ce94913fc08a54279e55df0608b6e235
45f8fa87580504960f792ac4d08b3cf324a9a8da32cee10a39dea8ef150b5981
Analyzer Verdict Alert quad9 Sinkholed
GET /images/edge.png HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Content-Type: image/png
Last-Modified: Fri, 17 Jul 2020 05:43:30 GMT
Accept-Ranges: bytes
ETag: "0ed5333fd5bd61:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:41 GMT
Content-Length: 2380
36.91.159.82/images/chrome.png
36.91.159.82200 OK 2.5 kB URL HTTP/1.1 36.91.159.82/images/chrome.png
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash bebfa17cb1114338a1eeeee7a4cc4ee1
7666a75334b8caa147d0b902b5a54ee5d4029229
9769fe49299c26098b2e75f0d8cb369f4571c97da9749c67d81c6c755ea91848
Analyzer Verdict Alert quad9 Sinkholed
GET /images/chrome.png HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Content-Type: image/png
Last-Modified: Fri, 17 Jul 2020 05:43:30 GMT
Accept-Ranges: bytes
ETag: "0ed5333fd5bd61:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:41 GMT
Content-Length: 2522
36.91.159.82/images/ie.png
36.91.159.82200 OK 3.1 kB URL HTTP/1.1 36.91.159.82/images/ie.png
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 61e9c51171561f3385b08fac8f093c80
cbe5f26ed53f2c55fbc97e1689f48c635c6731a2
b17bbc53ad38abb593c32bbed71a6ff89a6c9ef367ae84fc5e0a6865d7090f53
Analyzer Verdict Alert quad9 Sinkholed
GET /images/ie.png HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Content-Type: image/png
Last-Modified: Fri, 17 Jul 2020 05:43:30 GMT
Accept-Ranges: bytes
ETag: "0ed5333fd5bd61:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:41 GMT
Content-Length: 3059
36.91.159.82/css/import.css
36.91.159.82304 Not Modified 0 B URL HTTP/1.1 36.91.159.82/css/import.css
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /css/import.css HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/css/main.css?ver=20210322124826000000
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
If-Modified-Since: Fri, 17 Jul 2020 05:41:58 GMT
If-None-Match: "0d77dfcfc5bd61:0"
HTTP/1.1 304 Not Modified
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Accept-Ranges: bytes
ETag: "0d77dfcfc5bd61:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:41 GMT
36.91.159.82/blank.pdf
36.91.159.82200 OK 1.4 kB IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
File type PDF document, version 1.7, 1 pages\012- data
Hash da2112508788f4bacd127bd38ce05a87
0ad015d6ef221c7fe78285528384549a0a7afa4a
2b5b620bfe326b11bf13d60d5b8562be01552ae43e35fa810522ae5809d61e70
Analyzer Verdict Alert quad9 Sinkholed
NIDS Severity Alert suricata medium ET INFO Dotted Quad Host PDF Request
suricata medium ET INFO Dotted Quad Host PDF Request
GET /blank.pdf HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Content-Type: application/pdf
Last-Modified: Fri, 03 Dec 2021 02:11:48 GMT
Accept-Ranges: bytes
ETag: "08a8a20ebe7d71:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:42 GMT
Content-Length: 1438
36.91.159.82/fonts/ris-font-icon.ttf?98jrtb
36.91.159.82200 OK 5.7 kB URL HTTP/1.1 36.91.159.82/fonts/ris-font-icon.ttf?98jrtb
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
File type TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, ris-font-icon\012- data
Hash a903334be8d7842a6f65588b5d53a64b
1769c0631935330507b39d9b4b7c940aaf57a10b
6a2dd96a0441009b0609c4eecab65349a99e951bc04a452c81ec62db26b96e4e
Analyzer Verdict Alert quad9 Sinkholed
GET /fonts/ris-font-icon.ttf?98jrtb HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/fonts/ris-font-icon.css?ver=20200717124252000000
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Content-Type: application/octet-stream
Last-Modified: Fri, 17 Jul 2020 05:42:52 GMT
Accept-Ranges: bytes
ETag: "096ad1cfd5bd61:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:42 GMT
Content-Length: 5724
36.91.159.82/images/login_bg_logo.png
36.91.159.82200 OK 19 kB URL HTTP/1.1 36.91.159.82/images/login_bg_logo.png
IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
File type PNG image data, 578 x 578, 8-bit/color RGBA, non-interlaced\012- data
Hash 699d19c12ee4bf5e1948cacc8e60a3bb
f9e405013e80a55503ed522b74efcf35f10a16dd
a6eb3b82609c809a8ee4b12f8e9020ba65a658f7fb886584946a5b4cc0cd5d92
Analyzer Verdict Alert quad9 Sinkholed
GET /images/login_bg_logo.png HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/css/login.css?ver=20211112102500000000
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Content-Type: image/png
Last-Modified: Fri, 17 Jul 2020 05:43:28 GMT
Accept-Ranges: bytes
ETag: "0c02232fd5bd61:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:42 GMT
Content-Length: 19385
36.91.159.82/favicon.ico
36.91.159.82200 OK 9.2 kB IP 36.91.159.82:0
ASN #7713 PT Telekomunikasi Indonesia
File type MS Windows icon resource - 4 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel\012- data
Hash 0cd46e0cba3abd067cd28e70eb7f2a5f
6627782848be777b62cd45e85c228c9a78b673d4
897f917136e69d1ec181bac86412f762093bb68ee452d8171290bf81169c1ab0
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 36.91.159.82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://36.91.159.82/default.aspx
Cookie: ASP.NET_SessionId=fyqtbvgfybvkq04ikyhvsrdp; __AntiXsrfToken_SystemManager=83092d87fc794f6fbf266c35091fcefb; START_UP_PAGE=FALSE
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Content-Type: image/x-icon
Last-Modified: Fri, 17 Jul 2020 05:43:52 GMT
Accept-Ranges: bytes
ETag: "0dc7040fd5bd61:0"
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
X-UA-Compatible: IE=Edge
Date: Fri, 24 Mar 2023 17:15:42 GMT
Content-Length: 9158