Report - tesshju.web.id/verify.php

Report Overview

Visitedpublic

2025-06-24 07:53:58

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
file.g-code.co.id	unknown	2022-11-19	2025-06-05	2025-06-21	427 B	18 kB	104.21.64.1
tesshju.web.id	unknown	2025-03-21	2025-06-24	2025-06-24	493 B	10 kB	172.67.146.209
file.gifan.id	unknown	2020-09-05	2022-05-26	2025-06-23	412 B	408 kB	104.21.7.246

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-06-24	medium	g-code.co.id	Sinkholed

ThreatFox

No alerts detected

JavaScript (12)

	URL	From	Size	First Seen	Last Seen
	file.gifan.id/tailwind.js	ScriptElement	407 kB	2025-02-12	2025-07-13
URL file.gifan.id/tailwind.js IP / ASN 104.21.7.246 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2025-02-12 Last Seen 2025-07-13 Times Seen 55 Size 407 kB (407360 bytes) MD5 07fc10e56e57b4c39d843de1c5f55d4a SHA1 538e8772f047a79288071a864a4b3d4b7bd8aee4 SHA256 6c3d46e49008030c958ea3498f615c9f35e4545daf18db15c398820655bb2ecc Format Code Loading...

	tesshju.web.id/verify.php	Eval	259 B	2025-06-14	2025-08-07
URL tesshju.web.id/verify.php IP / ASN 172.67.146.209 #13335 CLOUDFLARENET Introduced by Eval Embedded false Resource Info First Seen 2025-06-14 Last Seen 2025-08-07 Times Seen 101 Size 259 B (259 bytes) MD5 9f08cd122fb9a5c8fcf295b4e503c0be SHA1 b6614f729a79b1e67951e8612eb9ea6e89a4b688 SHA256 d57fe91b2ac1c3bcbb6301e37a9d10c8c094fcd51a8a75c9d3679e43ca476497 Format Code Loading...

	tesshju.web.id/verify.php	ScriptElement	5.8 kB	2025-06-14	2025-08-07
URL tesshju.web.id/verify.php IP / ASN 172.67.146.209 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2025-06-14 Last Seen 2025-08-07 Times Seen 100 Size 5.8 kB (5761 bytes) MD5 c7559cc257dfd0609d1f43a91db07f32 SHA1 1ac79b1792bb58390af256150c2946dbe63896f2 SHA256 2c75fb8270416bf7a827ccf7e2dadc91f9c2ba0f8a43216761b8ce946bbeb7b2 Format Code Loading...

	file.g-code.co.id/npm/protection@latest/	ScriptElement	17 kB	2025-06-14	2025-06-29
URL file.g-code.co.id/npm/protection@latest/ IP / ASN 104.21.64.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2025-06-14 Last Seen 2025-06-29 Times Seen 27 Size 17 kB (17422 bytes) MD5 723ad397a1f6402ac487a4707e9d4f0e SHA1 b4333fb209b47d04bbbc990ba7eee8a0cbd8b961 SHA256 93459f3bbe13b5e7bc0446e5286731ac5443d95fa5fc2ec4c5c26462746ec895 Format Code Loading...

	tesshju.web.id/verify.php	Eval	4.8 kB	2025-06-14	2025-08-07
URL tesshju.web.id/verify.php IP / ASN 172.67.146.209 #13335 CLOUDFLARENET Introduced by Eval Embedded false Resource Info First Seen 2025-06-14 Last Seen 2025-08-07 Times Seen 101 Size 4.8 kB (4849 bytes) MD5 cdaa5669bd18e611b6d49d6b09a289b9 SHA1 15c6433afab7eeee5b283fef50855c483d35a44e SHA256 2b1497ac45fcfb42ffc5ab2cb80958e938a03adcecce06f3b8132b1959b159d8 Format Code Loading...

	tesshju.web.id/verify.php	ScriptElement	3.7 kB	2025-06-14	2025-08-07
URL tesshju.web.id/verify.php IP / ASN 172.67.146.209 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2025-06-14 Last Seen 2025-08-07 Times Seen 101 Size 3.7 kB (3700 bytes) MD5 e23314a225fc7a9c4c1c1cf3549c3d0e SHA1 190249fca7b8b1193f8a50faa44ef5c02c92730d SHA256 2999929acb9066c812f3e659250bee9ac58fd40e6047cb89f00c06400f164cc6 Format Code Loading...

	tesshju.web.id/verify.php	Eval	2.8 kB	2025-06-14	2025-08-07
URL tesshju.web.id/verify.php IP / ASN 172.67.146.209 #13335 CLOUDFLARENET Introduced by Eval Embedded false Resource Info First Seen 2025-06-14 Last Seen 2025-08-07 Times Seen 101 Size 2.8 kB (2791 bytes) MD5 a51519218086d66c21fab99107ed0ba2 SHA1 c364d06c71741c1b475f49f8735736c6cbdb9996 SHA256 b4a925456658fdda89ac72bb3fd9b9ce27f81694b6bef708546fcb0ce0c3a11e Format Code Loading...

	tesshju.web.id/verify.php	Eval	260 B	2025-06-14	2025-08-07
URL tesshju.web.id/verify.php IP / ASN 172.67.146.209 #13335 CLOUDFLARENET Introduced by Eval Embedded false Resource Info First Seen 2025-06-14 Last Seen 2025-08-07 Times Seen 101 Size 260 B (260 bytes) MD5 0ef261136a2568e8c7a3c24e0c5ece78 SHA1 17f9811de8f63391a3a486cc6a95e702d14960ce SHA256 3b758b638b76a94e1b505b7b55062ee8befd32387b11fc1c3bc774b481a2c705 Format Code Loading...

	tesshju.web.id/verify.php	ScriptElement	546 B	2025-06-14	2025-08-07
URL tesshju.web.id/verify.php IP / ASN 172.67.146.209 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2025-06-14 Last Seen 2025-08-07 Times Seen 101 Size 546 B (546 bytes) MD5 7928b20e5ddfb6f1a31ce3447a847e83 SHA1 ebf732e8636519f3b18e7e81c239e2ad98d97835 SHA256 009cdef3ca49c799a346ec57a9eaa2b1ba430d9f156fcc20696d48e69fad4719 Format Code Loading...

	HASH	FROM	Size	First Seen	Last Seen
	25788448f6c7163cdeedb449ccc852be	DocumentWrite	1.6 kB	2025-06-14	2025-08-07
Introduced by DocumentWrite First Seen 2025-06-14 Last Seen 2025-08-07 Times Seen 101 Size 1.6 kB (1597 bytes) MD5 25788448f6c7163cdeedb449ccc852be SHA1 8deed5a2ae5ed9a5b5e6592a513a528ebdb61405 SHA256 3e4a5419a8a85a65f68da0f6173d786b5acfafd25fa107c483b3c30072462adc Format Code Loading...

	5b1f727fbaab67f0890239da3dded79b	DocumentWrite	911 B	2025-06-14	2025-08-07
Introduced by DocumentWrite First Seen 2025-06-14 Last Seen 2025-08-07 Times Seen 101 Size 911 B (911 bytes) MD5 5b1f727fbaab67f0890239da3dded79b SHA1 7c7fb0171df871f36aa8f9faa878678ec566c304 SHA256 c5588838b37d1a974f46e4f5e95ed5c83048194a86edd713ea91605e8f8e5b8b Format Code Loading...

	d41d8cd98f00b204e9800998ecf8427e	DocumentWrite	0 B	0001-01-01	2025-08-10
Introduced by DocumentWrite First Seen 0001-01-01 Last Seen 2025-08-10 Times Seen 5753478 Size 0 B (0 bytes) MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Format Code Loading...

HTTP Transactions (3)

URL IP Response Size

GET file.g-code.co.id/npm/protection@latest/

104.21.64.1

200 OK

17 kB

URL GET HTTPS

file.g-code.co.id/npm/protection@latest/

IP / ASN

104.21.64.1

#13335 CLOUDFLARENET

Requested byhttps://tesshju.web.id/verify.php

Resource Info

File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (17187)

First Seen2025-06-14

Last Seen2025-06-29

Times Seen27

Size17 kB (17422 bytes)

MD5723ad397a1f6402ac487a4707e9d4f0e

SHA1b4333fb209b47d04bbbc990ba7eee8a0cbd8b961

SHA25693459f3bbe13b5e7bc0446e5286731ac5443d95fa5fc2ec4c5c26462746ec895

Certificate Info

IssuerGoogle Trust Services

Subjectg-code.co.id

FingerprintA5:74:BA:FB:53:27:D4:07:4D:BD:0F:56:23:CB:DA:79:BB:C2:23:CC

ValiditySat, 24 May 2025 12:35:02 GMT - Fri, 22 Aug 2025 13:33:24 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /npm/protection@latest/ HTTP/1.1
Host: file.g-code.co.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tesshju.web.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 24 Jun 2025 07:53:27 GMT
content-type: application/javascript
content-length: 6544
cache-control: no-store, no-cache, must-revalidate
content-encoding: br
vary: Accept-Encoding,User-Agent
server: cloudflare
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=ToK3vMvsm5Mk2m9AZvICWFhvQIdmJwPum6yRQwd%2Bej5LC36nHaV5CS%2B95iUGUmFuLzgbTtlLUuSI9k0oFovW87i0gMLohSbkg58WcJSQjg%3D%3D"}]}
cf-ray: 954aa6c9aaa856c4-OSL
X-Firefox-Spdy: h2

GET tesshju.web.id/verify.php

172.67.146.209

200 OK

9.6 kB

URL User Request GET HTTPS

tesshju.web.id/verify.php

IP / ASN

172.67.146.209

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (4946)

First Seen2025-06-14

Last Seen2025-08-07

Times Seen78

Size9.6 kB (9609 bytes)

MD5fdd0b48c2806e64835748c9c7c450847

SHA1912a100cb5183de8f1f1a6f833c422e5997f79d7

SHA25674b0c971765236d32209117970aa43c7dc8bde96f0bee80e99cbb38dc1588985

Certificate Info

IssuerGoogle Trust Services

Subjecttesshju.web.id

Fingerprint60:8C:6F:D8:8E:B0:44:16:44:4D:37:55:E1:90:CC:62:39:02:FD:A3

ValidityFri, 09 May 2025 03:18:04 GMT - Thu, 07 Aug 2025 04:16:33 GMT

HTTP Headers

GET /verify.php HTTP/1.1
Host: tesshju.web.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 24 Jun 2025 07:53:26 GMT
content-type: text/html; charset=UTF-8
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=2koOb12rhHWGHW6Ol4WQUTf1IH0sxiUlqGcCCEIepCmZyEleCCR9AGwD%2F0RaxP%2BejxhXmmtRHC2E7MeGfhhWyh1ZOWC3udi1q50R8A%3D%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding
server: cloudflare
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 954aa6c42e710b51-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET file.gifan.id/tailwind.js

104.21.7.246

200 OK

407 kB

URL GET HTTPS

file.gifan.id/tailwind.js

IP / ASN

104.21.7.246

#13335 CLOUDFLARENET

Requested byhttps://tesshju.web.id/verify.php

Resource Info

File typeJavaScript source, ASCII text, with very long lines (52853), with CRLF line terminators

First Seen2025-02-12

Last Seen2025-07-13

Times Seen55

Size407 kB (407360 bytes)

MD507fc10e56e57b4c39d843de1c5f55d4a

SHA1538e8772f047a79288071a864a4b3d4b7bd8aee4

SHA2566c3d46e49008030c958ea3498f615c9f35e4545daf18db15c398820655bb2ecc

Certificate Info

IssuerGoogle Trust Services

Subjectgifan.id

Fingerprint00:10:0D:35:FD:2F:62:D1:F0:15:DE:C0:B9:FF:2E:EF:53:D8:6E:B7

ValidityMon, 12 May 2025 23:44:24 GMT - Mon, 11 Aug 2025 00:42:56 GMT

HTTP Headers

GET /tailwind.js HTTP/1.1
Host: file.gifan.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tesshju.web.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 24 Jun 2025 07:53:26 GMT
content-type: text/javascript
content-length: 117825
last-modified: Sat, 16 Nov 2024 15:34:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
server: cloudflare
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: public, max-age=604800
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
etag: 
age: 403899
cf-cache-status: HIT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=XMuVp9ilr%2B%2FS9SKU8ZJDjLDw4ednliCVclqmSUHDXOM4Yst72t9ibGtIsnpMhSnSv0w2E%2BmTKKx7EC7L1T3OColvj1zeuxQjuDYk"}]}
cf-ray: 954aa6c61dc9b51e-OSL
X-Firefox-Spdy: h2