Report - khdtk.ulm.ac.id/fbsecurity.ads-manager638700273/login.php

Report Overview

Submitted URL
khdtk.ulm.ac.id/fbsecurity.ads-manager638700273/login.php
IP
103.23.232.80
ASN
#58475 Universitas Lambung Mangkurat
Submitted
2022-09-19 20:07:47
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
62

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	55 kB	34.120.237.76
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.36
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	4.4 kB	23.36.76.226
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.49
khdtk.ulm.ac.id	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	8.7 kB	932 kB	103.23.232.80
cdn.popcash.net	109877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	346 B	37 kB	151.139.128.11
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	454 B	746 B	142.250.74.10
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	3.5 kB	142.250.74.3
ocsp2.globalsign.com	1544	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	345 B	1.9 kB	104.18.20.226
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	35.81.125.88
dcba.popcash.net	99174	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	377 B	194 B	52.203.170.34
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	938 B	34 kB	142.250.74.163

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-19	medium	khdtk.ulm.ac.id/fbsecurity.ads-manager638700273/login.php	Phishing
2022-09-19	medium	khdtk.ulm.ac.id/fbsecurity.ads-manager638700273/login.php	Phishing
2022-09-19	medium	khdtk.ulm.ac.id/wp-includes/css/dist/block-library/style.min.css?ver=5.5.10	Phishing
2022-09-19	medium	khdtk.ulm.ac.id/wp-content/themes/university-hub/third-party/sidr/css/jquery.sidr.dark.min.css?ver=2.2.1	Phishing
2022-09-19	medium	khdtk.ulm.ac.id/wp-content/themes/university-hub/js/skip-link-focus-fix.min.js?ver=20130115	Phishing
2022-09-19	medium	khdtk.ulm.ac.id/wp-includes/js/wp-emoji-release.min.js?ver=5.5.10	Phishing
2022-09-19	medium	khdtk.ulm.ac.id/wp-content/themes/university-hub/third-party/sidr/js/jquery.sidr.min.js?ver=2.2.1	Phishing
2022-09-19	medium	khdtk.ulm.ac.id/wp-content/themes/university-hub/third-party/cycle2/js/jquery.cycle2.min.js?ver=2.1.6	Phishing
2022-09-19	medium	khdtk.ulm.ac.id/wp-content/themes/university-hub/third-party/ticker/jquery.easy-ticker.min.js?ver=2.0	Phishing
2022-09-19	medium	khdtk.ulm.ac.id/wp-includes/js/wp-embed.min.js?ver=5.5.10	Phishing
2022-09-19	medium	khdtk.ulm.ac.id/wp-content/themes/university-hub/style.css?ver=1.0.8	Phishing
2022-09-19	medium	khdtk.ulm.ac.id/wp-content/themes/university-hub/third-party/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-09-19	medium	ulm.ac.id	Sinkholed
2022-09-19	medium	ulm.ac.id	Sinkholed
2022-09-19	medium	ulm.ac.id	Sinkholed
2022-09-19	medium	ulm.ac.id	Sinkholed
2022-09-19	medium	ulm.ac.id	Sinkholed
2022-09-19	medium	ulm.ac.id	Sinkholed
2022-09-19	medium	ulm.ac.id	Sinkholed
2022-09-19	medium	ulm.ac.id	Sinkholed
2022-09-19	medium	ulm.ac.id	Sinkholed
2022-09-19	medium	ulm.ac.id	Sinkholed
2022-09-19	medium	ulm.ac.id	Sinkholed
2022-09-19	medium	ulm.ac.id	Sinkholed
2022-09-19	medium	ulm.ac.id	Sinkholed
2022-09-19	medium	ulm.ac.id	Sinkholed
2022-09-19	medium	ulm.ac.id	Sinkholed
2022-09-19	medium	ulm.ac.id	Sinkholed
2022-09-19	medium	ulm.ac.id	Sinkholed
2022-09-19	medium	ulm.ac.id	Sinkholed
2022-09-19	medium	ulm.ac.id	Sinkholed

JavaScript (11)

	URL	Size	First Seen	Last Seen
	khdtk.ulm.ac.id/wp-content/themes/university-hub/js/skip-link-focus-fix.min.js?ver=20130115	557 B	2023-03-07	2024-04-25
Pretty URL khdtk.ulm.ac.id/wp-content/themes/university-hub/js/skip-link-focus-fix.min.js?ver=20130115 IP 103.23.232.80 ASN #58475 Universitas Lambung Mangkurat Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:05 Last Seen2024-04-25 20:11:40 Times Seen238 Hash dea2d1887d3a260af2791c5e97b8ba43 a13dc5c638242f2117cdde2121bbaed9fd538566 818266fe4b7bbf0fe187b6190933c99af05829f70c2d6023acab03f8af5a59b0 Loading...

	khdtk.ulm.ac.id/wp-content/themes/university-hub/js/custom.min.js?ver=1.0.2	716 B	2023-03-07	2023-11-16
Pretty URL khdtk.ulm.ac.id/wp-content/themes/university-hub/js/custom.min.js?ver=1.0.2 IP 103.23.232.80 ASN #58475 Universitas Lambung Mangkurat Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 18:29:05 Last Seen2023-11-16 11:43:29 Times Seen12 Hash 4ffcdb93f4b134997c47b784e1deaf66 9e75886e5fe9eb5986a09910fa120d516476b8f6 e5f3c2723546f57832f1578c7fbddf95047d039a65b53d242773fc1d4342ccfb Loading...

	khdtk.ulm.ac.id/wp-includes/js/wp-embed.min.js?ver=5.5.10	1.4 kB	2023-03-07	2024-04-26
Pretty URL khdtk.ulm.ac.id/wp-includes/js/wp-embed.min.js?ver=5.5.10 IP 103.23.232.80 ASN #58475 Universitas Lambung Mangkurat Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:18 Last Seen2024-04-26 10:10:59 Times Seen6878 Hash 905225d5711b559d3092387d5ffbedbd 6f6c39075263bafb9e8c10f1b34a1a0f7ee03c9d 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991 Loading...

	khdtk.ulm.ac.id/fbsecurity.ads-manager638700273/login.php	327 B	2023-03-07	2023-03-07
Pretty URL khdtk.ulm.ac.id/fbsecurity.ads-manager638700273/login.php IP 103.23.232.80 ASN #58475 Universitas Lambung Mangkurat Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 18:29:05 Last Seen2023-03-07 21:22:48 Times Seen1 Hash 9fbba8132251c332dd077ab6a7a5062b 13ec2efde0c16535e462d84aac8d436a066ee40a c4e022aabec83068e4300a296eb7864088268677613e26f552d0d64c1747f62b Loading...

	cdn.popcash.net/show.js	111 kB	2023-03-07	2024-04-15
Pretty URL cdn.popcash.net/show.js IP 151.139.128.11 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:25:57 Last Seen2024-04-15 01:22:43 Times Seen1006 Hash 193aeff4303e528029ed1d042fbc859a 060ecfa29d6f0d2832bba77b48bdea2c47e8c376 37d15fa7cac65825a007e165e4f8533b6aa1d1ee00bfcca2422289055709b42a Loading...

	khdtk.ulm.ac.id/wp-content/themes/university-hub/third-party/sidr/js/jquery.sidr.min.js?ver=2.2.1	7.0 kB	2023-03-07	2024-04-26
Pretty URL khdtk.ulm.ac.id/wp-content/themes/university-hub/third-party/sidr/js/jquery.sidr.min.js?ver=2.2.1 IP 103.23.232.80 ASN #58475 Universitas Lambung Mangkurat Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:26:05 Last Seen2024-04-26 10:54:36 Times Seen779 Hash 37ac88aac020d48f424ec4c64119f107 57c359f422507358cd667f4119bd54086a1e842d fd57ae7228574a83527cb8917ec5a0ff944aa787934ee5b85a7976f259b7ae31 Loading...

	khdtk.ulm.ac.id/wp-content/themes/university-hub/third-party/cycle2/js/jquery.cycle2.min.js?ver=2.1.6	23 kB	2023-03-07	2024-04-25
Pretty URL khdtk.ulm.ac.id/wp-content/themes/university-hub/third-party/cycle2/js/jquery.cycle2.min.js?ver=2.1.6 IP 103.23.232.80 ASN #58475 Universitas Lambung Mangkurat Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:09:01 Last Seen2024-04-25 20:11:40 Times Seen344 Hash b9bef20cec2d668923eb248733b3955e 8bbbca8502749ad9d770717c8dc39cf2892ea730 87a1a7e65f6ceed57d27b07cac22836a7682617932fc9d4376887b0ae1754a35 Loading...

	khdtk.ulm.ac.id/fbsecurity.ads-manager638700273/login.php	2.1 kB	2023-03-07	2023-03-07
Pretty URL khdtk.ulm.ac.id/fbsecurity.ads-manager638700273/login.php IP 103.23.232.80 ASN #58475 Universitas Lambung Mangkurat Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 18:29:05 Last Seen2023-03-07 21:22:48 Times Seen1 Hash 358134b8a22e5fe7130c0fd5fcaec807 e33ef192e9eaf8d8e2edeab6867a8eb43a6dc192 32ccb6aa33430a78bb724eab34ee30c07c4413b568d8a26b3afe8915be37847f Loading...

	khdtk.ulm.ac.id/wp-includes/js/wp-emoji-release.min.js?ver=5.5.10	14 kB	2023-03-07	2024-04-26
Pretty URL khdtk.ulm.ac.id/wp-includes/js/wp-emoji-release.min.js?ver=5.5.10 IP 103.23.232.80 ASN #58475 Universitas Lambung Mangkurat Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:38 Last Seen2024-04-26 09:56:43 Times Seen3532 Hash 878184c5d285d4d52d926d36ef19b718 dd260ffe0f8e3f38f58efd23cac8a1e5c788dad9 07e4203b9f313b587b1d53f896e63771ec85f9b0d4c2ac5fa64089457784d847 Loading...

	khdtk.ulm.ac.id/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp	97 kB	2023-03-07	2024-04-26
Pretty URL khdtk.ulm.ac.id/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp IP 103.23.232.80 ASN #58475 Universitas Lambung Mangkurat Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:38 Last Seen2024-04-26 15:59:47 Times Seen17762 Hash 49edccea2e7ba985cadc9ba0531cbed1 f8747f8ee704d9af31d0950015e01d3f9635b070 1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df Loading...

	khdtk.ulm.ac.id/wp-content/themes/university-hub/third-party/ticker/jquery.easy-ticker.min.js?ver=2.0	2.8 kB	2023-03-07	2024-04-19
Pretty URL khdtk.ulm.ac.id/wp-content/themes/university-hub/third-party/ticker/jquery.easy-ticker.min.js?ver=2.0 IP 103.23.232.80 ASN #58475 Universitas Lambung Mangkurat Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:36:45 Last Seen2024-04-19 11:36:08 Times Seen257 Hash 52383028795cabc648325291c0384659 5b23a1af773f4fc99baf0912fc028809064b9042 e708fe12174d8be13093cdb95f27dbb23e1c1f5ecf15cf06d18af852679acee7 Loading...

HTTP Transactions (47)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

143.204.55.36

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 19 Sep 2022 19:12:48 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: IslA_cP2k2eLgnbULVknRfDOJ2_GNRx3sdmDxwHVGVcZJHB7ftNmEQ==
Age: 3288

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
861cfa99de956423d917ed0ddbea4b9c
ad65dbc394b48b04a45c205f56af296c8d008db4
5c706b2718b1698995f4feb91223779aef4bf6dc967c31f9ef9a93873197d5f9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5C706B2718B1698995F4FEB91223779AEF4BF6DC967C31F9EF9A93873197D5F9"
Last-Modified: Sun, 18 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9821
Expires: Mon, 19 Sep 2022 22:51:17 GMT
Date: Mon, 19 Sep 2022 20:07:36 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

143.204.55.49

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
143.204.55.49:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 19 Sep 2022 04:35:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: _Pk7QgTmEw4hvczZhpfMVMkwFRpYsymcXoBkw4L-P1wAztfAPLXcVQ==
age: 55943
X-Firefox-Spdy: h2

khdtk.ulm.ac.id/fbsecurity.ads-manager638700273/login.php

103.23.232.80

301 Moved Permanently

273 B

URL HTTP/1.1
khdtk.ulm.ac.id/fbsecurity.ads-manager638700273/login.php
IP
103.23.232.80:0
ASN
#58475 Universitas Lambung Mangkurat

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
273 B (273 bytes)
Hash
f4eab933bad66c70cf71163e46847e30
587ab0e5030a3f2579e0764336ed6841d3eebf31
6fe0021a44331e11cc9aa3fa3d6cd60949724234fc8e52fc817f472f4dbbc711

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /fbsecurity.ads-manager638700273/login.php HTTP/1.1
Host: khdtk.ulm.ac.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Mon, 19 Sep 2022 20:07:36 GMT
Server: Apache
Location: https://khdtk.ulm.ac.id/fbsecurity.ads-manager638700273/login.php
Content-Length: 273
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 20:07:36 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.36

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Mon, 19 Sep 2022 20:03:22 GMT
Cache-Control: max-age=3600
Expires: Mon, 19 Sep 2022 20:30:03 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: PSbWwajd7k2ahxMTMXh3SlcnTH1Tjk3j9j7ezoQSNLMJXxWZ2hGq8A==
Age: 254

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
5c817aa82ca8ed4a4257fd1e1628b423
7905c62b6bbc582860c07b75eddae371a4b8d02b
dce1783ecfe50c83d30878b48d60e1cf3fe42a3fa4090fb5d318194de73e53d6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3604
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 20:07:37 GMT
Last-Modified: Mon, 19 Sep 2022 19:07:33 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

35.81.125.88

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.81.125.88:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: xF/VtV3MZ5yE0rEVGXdhsg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: cd8hDznB93C+nuyLYoKMGXL9+8E=

cdn.popcash.net/show.js

151.139.128.11

200 OK

36 kB

URL HTTP/2
cdn.popcash.net/show.js
IP
151.139.128.11:0
ASN
#20446 STACKPATH-CDN

File type
ASCII text, with very long lines (65387)
Size
36 kB (36402 bytes)
Hash
67006a1f5f35b63343332cbfec97cd85
9d5be86bebf78c5bc3aee39e74ced6631939ab5c
f82f11a982dc0602cdef4bc9eccfd26637a8b9bdd504a456a93426a376fff60b

HTTP Headers

GET /show.js HTTP/1.1
Host: cdn.popcash.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://khdtk.ulm.ac.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 19 Sep 2022 20:07:37 GMT
content-encoding: br
content-length: 36402
content-type: application/javascript
last-modified: Tue, 05 Jul 2022 13:28:20 GMT
accept-ranges: bytes
etag: W/"62c43c74-1b189"
cache-control: max-age=2592000, public
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aUwmSZ8jvagq9rT3laa5kdGAHTfTjtwSj%2BwydgCY8vz8Q2kuNQa0WJW0RlGhy%2BSc3FWh9O8omX33%2FtJFewrhiomS%2BLyvc9RfhLE64gY4AyMS2ld9GkMRNXLDVnwq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 72f659fe7a21be38-CPH
vary: Accept-Encoding
x-hw: 1663618057.cds026.sk1.hn,1663618057.cds015.sk1.c
access-control-allow-origin: *
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e34f594c2e3b9b6a81e4ae9fef80f363
b7f65f5fb0df328d3c863af6c9351923205645f2
bcedda132b602d90a62a5fbe07e7c37f69cce319fb4b84e1bed40b1200e9898b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 20:07:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

khdtk.ulm.ac.id/fbsecurity.ads-manager638700273/login.php

103.23.232.80

200 OK

22 kB

URL HTTP/1.1
khdtk.ulm.ac.id/fbsecurity.ads-manager638700273/login.php
IP
103.23.232.80:0
ASN
#58475 Universitas Lambung Mangkurat

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820)
Size
22 kB (21576 bytes)
Hash
602cb6a6ab9c10dc644b833c222ca4d0
c18f138cdcecfd4c79064672a9a04647062451be
eea4176339c2d7048c24360d839c07eec7e15aaf91546e33a126bb118e2e5b7d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /fbsecurity.ads-manager638700273/login.php HTTP/1.1
Host: khdtk.ulm.ac.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 20:07:36 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e34f594c2e3b9b6a81e4ae9fef80f363
b7f65f5fb0df328d3c863af6c9351923205645f2
bcedda132b602d90a62a5fbe07e7c37f69cce319fb4b84e1bed40b1200e9898b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 20:07:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp2.globalsign.com/gsalphasha2g2

104.18.20.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsalphasha2g2
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1423 bytes)
Hash
e9ffbdc6027cfa2db65e9aaf15f82ced
f0e51b42cb050464336f8d8b850872d0dfc0ef90
353152229370beb928e04527d45ed9dcd24137accad5f9d6e60881fc3b99d83b

HTTP Headers

POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 20:07:37 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Fri, 23 Sep 2022 16:31:23 GMT
ETag: "f0e51b42cb050464336f8d8b850872d0dfc0ef90"
Last-Modified: Mon, 19 Sep 2022 16:31:24 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2118
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74d4f2dd98500afa-OSL

dcba.popcash.net/znWaa3gu

52.203.170.34

204 No Content

0 B

URL HTTP/2
dcba.popcash.net/znWaa3gu
IP
52.203.170.34:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /znWaa3gu HTTP/1.1
Host: dcba.popcash.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://khdtk.ulm.ac.id
Connection: keep-alive
Referer: https://khdtk.ulm.ac.id/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Mon, 19 Sep 2022 20:07:37 GMT
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
X-Firefox-Spdy: h2

khdtk.ulm.ac.id/wp-includes/css/dist/block-library/style.min.css?ver=5.5.10

103.23.232.80

200 OK

54 kB

URL HTTP/1.1
khdtk.ulm.ac.id/wp-includes/css/dist/block-library/style.min.css?ver=5.5.10
IP
103.23.232.80:0
ASN
#58475 Universitas Lambung Mangkurat

File type
ASCII text, with very long lines (27100)
Size
54 kB (53907 bytes)
Hash
2e7e1d1c1d4d446a1b6b63295757d859
27a1d9dcbdc4aff486016b5c9f3ece6ad0c028c1
8c626f0f9b5c109539b256b73e72c02b300a184f46b4535c2eb86599215c78af

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=5.5.10 HTTP/1.1
Host: khdtk.ulm.ac.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://khdtk.ulm.ac.id/fbsecurity.ads-manager638700273/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 20:07:37 GMT
Server: Apache
Last-Modified: Tue, 01 Sep 2020 22:30:41 GMT
Accept-Ranges: bytes
Content-Length: 53907
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

khdtk.ulm.ac.id/wp-content/themes/university-hub/third-party/sidr/css/jquery.sidr.dark.min.css?ver=2.2.1

103.23.232.80

200 OK

3.5 kB

URL HTTP/1.1
khdtk.ulm.ac.id/wp-content/themes/university-hub/third-party/sidr/css/jquery.sidr.dark.min.css?ver=2.2.1
IP
103.23.232.80:0
ASN
#58475 Universitas Lambung Mangkurat

File type
ASCII text, with very long lines (3468)
Size
3.5 kB (3469 bytes)
Hash
21ee1a3e3c270aad5b0c0b3221150822
78d6bd21be9bc7c6f96639a5f38cdc65551e2bfa
bd8b0c2e9c07473382c21f9f245c7a24433c3a100eed41e6e0695d23942b0e4a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/university-hub/third-party/sidr/css/jquery.sidr.dark.min.css?ver=2.2.1 HTTP/1.1
Host: khdtk.ulm.ac.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://khdtk.ulm.ac.id/fbsecurity.ads-manager638700273/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 20:07:37 GMT
Server: Apache
Last-Modified: Mon, 21 May 2018 23:42:24 GMT
Accept-Ranges: bytes
Content-Length: 3469
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

khdtk.ulm.ac.id/wp-content/themes/university-hub/js/skip-link-focus-fix.min.js?ver=20130115

103.23.232.80

200 OK

557 B

URL HTTP/1.1
khdtk.ulm.ac.id/wp-content/themes/university-hub/js/skip-link-focus-fix.min.js?ver=20130115
IP
103.23.232.80:0
ASN
#58475 Universitas Lambung Mangkurat

File type
ASCII text, with very long lines (557), with no line terminators
Size
557 B (557 bytes)
Hash
dea2d1887d3a260af2791c5e97b8ba43
a13dc5c638242f2117cdde2121bbaed9fd538566
818266fe4b7bbf0fe187b6190933c99af05829f70c2d6023acab03f8af5a59b0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/university-hub/js/skip-link-focus-fix.min.js?ver=20130115 HTTP/1.1
Host: khdtk.ulm.ac.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://khdtk.ulm.ac.id/fbsecurity.ads-manager638700273/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 20:07:37 GMT
Server: Apache
Last-Modified: Mon, 21 May 2018 23:42:24 GMT
Accept-Ranges: bytes
Content-Length: 557
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

khdtk.ulm.ac.id/wp-includes/js/wp-emoji-release.min.js?ver=5.5.10

103.23.232.80

200 OK

14 kB

URL HTTP/1.1
khdtk.ulm.ac.id/wp-includes/js/wp-emoji-release.min.js?ver=5.5.10
IP
103.23.232.80:0
ASN
#58475 Universitas Lambung Mangkurat

File type
ASCII text, with very long lines (11272)
Size
14 kB (14229 bytes)
Hash
878184c5d285d4d52d926d36ef19b718
dd260ffe0f8e3f38f58efd23cac8a1e5c788dad9
07e4203b9f313b587b1d53f896e63771ec85f9b0d4c2ac5fa64089457784d847

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /wp-includes/js/wp-emoji-release.min.js?ver=5.5.10 HTTP/1.1
Host: khdtk.ulm.ac.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://khdtk.ulm.ac.id/fbsecurity.ads-manager638700273/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 20:07:37 GMT
Server: Apache
Last-Modified: Thu, 15 Apr 2021 10:51:14 GMT
Accept-Ranges: bytes
Content-Length: 14229
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

khdtk.ulm.ac.id/wp-content/themes/university-hub/third-party/font-awesome/css/font-awesome.min.css?ver=4.7.0

103.23.232.80

200 OK

31 kB

URL HTTP/1.1
khdtk.ulm.ac.id/wp-content/themes/university-hub/third-party/font-awesome/css/font-awesome.min.css?ver=4.7.0
IP
103.23.232.80:0
ASN
#58475 Universitas Lambung Mangkurat

File type
ASCII text, with very long lines (30837)
Size
31 kB (31000 bytes)
Hash
269550530cc127b6aa5a35925a7de6ce
512c7d79033e3028a9be61b540cf1a6870c896f8
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/university-hub/third-party/font-awesome/css/font-awesome.min.css?ver=4.7.0 HTTP/1.1
Host: khdtk.ulm.ac.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://khdtk.ulm.ac.id/fbsecurity.ads-manager638700273/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 20:07:37 GMT
Server: Apache
Last-Modified: Mon, 21 May 2018 23:42:24 GMT
Accept-Ranges: bytes
Content-Length: 31000
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

khdtk.ulm.ac.id/wp-content/themes/university-hub/third-party/sidr/js/jquery.sidr.min.js?ver=2.2.1

103.23.232.80

200 OK

7.0 kB

URL HTTP/1.1
khdtk.ulm.ac.id/wp-content/themes/university-hub/third-party/sidr/js/jquery.sidr.min.js?ver=2.2.1
IP
103.23.232.80:0
ASN
#58475 Universitas Lambung Mangkurat

File type
ASCII text, with very long lines (6911)
Size
7.0 kB (7034 bytes)
Hash
37ac88aac020d48f424ec4c64119f107
57c359f422507358cd667f4119bd54086a1e842d
fd57ae7228574a83527cb8917ec5a0ff944aa787934ee5b85a7976f259b7ae31

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/university-hub/third-party/sidr/js/jquery.sidr.min.js?ver=2.2.1 HTTP/1.1
Host: khdtk.ulm.ac.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://khdtk.ulm.ac.id/fbsecurity.ads-manager638700273/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 20:07:37 GMT
Server: Apache
Last-Modified: Mon, 21 May 2018 23:42:24 GMT
Accept-Ranges: bytes
Content-Length: 7034
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

khdtk.ulm.ac.id/wp-content/themes/university-hub/js/custom.min.js?ver=1.0.2

103.23.232.80

200 OK

716 B

URL HTTP/1.1
khdtk.ulm.ac.id/wp-content/themes/university-hub/js/custom.min.js?ver=1.0.2
IP
103.23.232.80:0
ASN
#58475 Universitas Lambung Mangkurat

File type
ASCII text, with very long lines (716), with no line terminators
Size
716 B (716 bytes)
Hash
4ffcdb93f4b134997c47b784e1deaf66
9e75886e5fe9eb5986a09910fa120d516476b8f6
e5f3c2723546f57832f1578c7fbddf95047d039a65b53d242773fc1d4342ccfb

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/university-hub/js/custom.min.js?ver=1.0.2 HTTP/1.1
Host: khdtk.ulm.ac.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://khdtk.ulm.ac.id/fbsecurity.ads-manager638700273/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 20:07:38 GMT
Server: Apache
Last-Modified: Mon, 21 May 2018 23:42:24 GMT
Accept-Ranges: bytes
Content-Length: 716
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

khdtk.ulm.ac.id/wp-content/themes/university-hub/third-party/cycle2/js/jquery.cycle2.min.js?ver=2.1.6

103.23.232.80

200 OK

23 kB

URL HTTP/1.1
khdtk.ulm.ac.id/wp-content/themes/university-hub/third-party/cycle2/js/jquery.cycle2.min.js?ver=2.1.6
IP
103.23.232.80:0
ASN
#58475 Universitas Lambung Mangkurat

File type
ASCII text, with very long lines (10280)
Size
23 kB (22940 bytes)
Hash
b9bef20cec2d668923eb248733b3955e
8bbbca8502749ad9d770717c8dc39cf2892ea730
87a1a7e65f6ceed57d27b07cac22836a7682617932fc9d4376887b0ae1754a35

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/university-hub/third-party/cycle2/js/jquery.cycle2.min.js?ver=2.1.6 HTTP/1.1
Host: khdtk.ulm.ac.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://khdtk.ulm.ac.id/fbsecurity.ads-manager638700273/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 20:07:37 GMT
Server: Apache
Last-Modified: Mon, 21 May 2018 23:42:24 GMT
Accept-Ranges: bytes
Content-Length: 22940
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

khdtk.ulm.ac.id/wp-content/themes/university-hub/third-party/ticker/jquery.easy-ticker.min.js?ver=2.0

103.23.232.80

200 OK

2.8 kB

URL HTTP/1.1
khdtk.ulm.ac.id/wp-content/themes/university-hub/third-party/ticker/jquery.easy-ticker.min.js?ver=2.0
IP
103.23.232.80:0
ASN
#58475 Universitas Lambung Mangkurat

File type
ASCII text, with very long lines (2709)
Size
2.8 kB (2810 bytes)
Hash
52383028795cabc648325291c0384659
5b23a1af773f4fc99baf0912fc028809064b9042
e708fe12174d8be13093cdb95f27dbb23e1c1f5ecf15cf06d18af852679acee7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/university-hub/third-party/ticker/jquery.easy-ticker.min.js?ver=2.0 HTTP/1.1
Host: khdtk.ulm.ac.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://khdtk.ulm.ac.id/fbsecurity.ads-manager638700273/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 20:07:38 GMT
Server: Apache
Last-Modified: Mon, 21 May 2018 23:42:24 GMT
Accept-Ranges: bytes
Content-Length: 2810
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7472
Expires: Mon, 19 Sep 2022 22:12:10 GMT
Date: Mon, 19 Sep 2022 20:07:38 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7472
Expires: Mon, 19 Sep 2022 22:12:10 GMT
Date: Mon, 19 Sep 2022 20:07:38 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7472
Expires: Mon, 19 Sep 2022 22:12:10 GMT
Date: Mon, 19 Sep 2022 20:07:38 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7472
Expires: Mon, 19 Sep 2022 22:12:10 GMT
Date: Mon, 19 Sep 2022 20:07:38 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a91bc33-86f4-4bda-af70-da083ceb7c72.jpeg

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a91bc33-86f4-4bda-af70-da083ceb7c72.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10894 bytes)
Hash
d3e70b2859ca89b353682d03f6b46b93
ebd83f29edd95217dfa4f4c7a94eddf34dd58b14
43ad8f8b0a664bbec39e0410c1201498a2d2e36e5bd7d5ece8d65b15230ec50b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a91bc33-86f4-4bda-af70-da083ceb7c72.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10894
x-amzn-requestid: f7aad96e-af80-4db7-8bc1-d1e09a9b37e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YeJQGHhOIAMFYuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322559a-538534e91448af217c59ab3d;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 22:28:42 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: P7aZQzmAvqn2rcHJUQjHo0Dcg8dsrqseey5mNOabfq1b857M4SUMDQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 10:33:00 GMT
age: 34478
etag: "ebd83f29edd95217dfa4f4c7a94eddf34dd58b14"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24f3f8eb-09f7-4c60-864d-3ff96da7c86a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.4 kB (6428 bytes)
Hash
893f3495f1f575e946a57c8e8411b2a5
480182fd29c7edd369339847b85e4e2580cef0f6
097d868881231eae089ac8b97d5dc290583477f63dc35b7458ed4898e0db3e0c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24f3f8eb-09f7-4c60-864d-3ff96da7c86a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6428
x-amzn-requestid: 7dd3072b-403a-4bb4-b8c4-58a6d7c254f7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YRmgCGJVIAMFk5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d5133-0756be8c75da02a857e36a2f;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 03:08:35 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: nD62kVNMZRvoZaM85m1kNlgU-KOj2X7tqhy9cPxGJFaBHCMVEsvWXQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 21:53:45 GMT
age: 80033
etag: "480182fd29c7edd369339847b85e4e2580cef0f6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e5b5676-18df-4d43-8bbd-b85ffe4f1a94.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.9 kB (5866 bytes)
Hash
1105b56cf779b6df1cbd081bbd0cda50
58c5d6f8ba1d3236d788ac55ff7cb2ec7863fb5c
10c1f0433baf51e06565ff905688075aaba8fec0a8b3f9cef34168e297f94c2c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e5b5676-18df-4d43-8bbd-b85ffe4f1a94.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5866
x-amzn-requestid: 3a7db39d-cd4f-486f-954b-39fc7464706c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YrNeAE67IAMFSoQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63278f8c-66a419ac7fbd977f5f41061b;Sampled=0
x-amzn-remapped-date: Sun, 18 Sep 2022 21:37:16 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: TdVz72qdwMdsuW1WsOq1qEZk2vmbXJlbppLTTsZ9PlrmN7GEph0dyQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 21:53:39 GMT
etag: "58c5d6f8ba1d3236d788ac55ff7cb2ec7863fb5c"
content-type: image/jpeg
age: 80039
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc97d270b-72af-4a6b-ae64-123f7b52851e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8735 bytes)
Hash
3d9fd171b51b27aa84e06e7d5a40116e
a81660dcace8f232018ce9a6d027b271d1f8a863
2c80ffd2c0c451c61623a677d1b17e8e58a40a0a7bdb5ef1cac2610bb0a7e0a8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc97d270b-72af-4a6b-ae64-123f7b52851e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8735
x-amzn-requestid: bee7087d-6431-457a-8fdc-a9eff7b14afd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YrOAZHcCIAMFTSw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63279068-4a7d282e1860a131491a4f2d;Sampled=0
x-amzn-remapped-date: Sun, 18 Sep 2022 21:40:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: EClCCFFn_OCwRqXC7W0g-msDSm1WsTRB5kDJsAQyxIPmIwSQBSbJ9g==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 21:57:01 GMT
etag: "a81660dcace8f232018ce9a6d027b271d1f8a863"
content-type: image/jpeg
age: 79837
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c670b93-3941-4322-a938-e74eba949ad6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11919 bytes)
Hash
f003d8b6e12692fb16dddd6827deead8
786c333cf08456aea446a55c547520572e1c2df9
d79ea50cfc0f237b3de8f1826cbae1de0b1dbc632a5a06b08d9640abedded935

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c670b93-3941-4322-a938-e74eba949ad6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11919
x-amzn-requestid: 2f547c1f-2f5d-4707-8f6c-fe9dfff51383
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YbfS4FI9oAMFScw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632145ab-3c967f2653d06c1c079f88c1;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 03:08:27 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: xG9XQItrQEJXCW9JRcI6aDELQKCTOlnwq1Xg5_vQcqCPNtHGWkScFw==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 22:00:17 GMT
age: 79641
etag: "786c333cf08456aea446a55c547520572e1c2df9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd460ce9f-ea5c-436e-8b02-8ec8233b9681.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.1 kB (5064 bytes)
Hash
e4098577adb98eae5ba4a8b5e143df71
b0ad467f2837d103f8a96fb732bd34176c4c7110
83aa54020ffc684690dfb58d78608411de38ab02fee50808a8243c6b388e77c0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd460ce9f-ea5c-436e-8b02-8ec8233b9681.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5064
x-amzn-requestid: 985dbd5b-3e8a-4e22-a974-1effa6c99112
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YrOS8FyBoAMFrCQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632790df-201df5494f1513b91eefe9d5;Sampled=0
x-amzn-remapped-date: Sun, 18 Sep 2022 21:42:55 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: GIhj3a2-SwYu2w4mLx7JiIJzFfV82-Et89ORRsx5fsGOx9nttPlCxA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 21:57:13 GMT
etag: "b0ad467f2837d103f8a96fb732bd34176c4c7110"
content-type: image/jpeg
age: 79825
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

khdtk.ulm.ac.id/wp-includes/js/wp-embed.min.js?ver=5.5.10

103.23.232.80

200 OK

1.4 kB

URL HTTP/1.1
khdtk.ulm.ac.id/wp-includes/js/wp-embed.min.js?ver=5.5.10
IP
103.23.232.80:0
ASN
#58475 Universitas Lambung Mangkurat

File type
ASCII text, with very long lines (1391)
Size
1.4 kB (1426 bytes)
Hash
905225d5711b559d3092387d5ffbedbd
6f6c39075263bafb9e8c10f1b34a1a0f7ee03c9d
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /wp-includes/js/wp-embed.min.js?ver=5.5.10 HTTP/1.1
Host: khdtk.ulm.ac.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://khdtk.ulm.ac.id/fbsecurity.ads-manager638700273/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 20:07:38 GMT
Server: Apache
Last-Modified: Thu, 15 Apr 2021 10:51:14 GMT
Accept-Ranges: bytes
Content-Length: 1426
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript

khdtk.ulm.ac.id/wp-content/themes/university-hub/style.css?ver=1.0.8

103.23.232.80

200 OK

99 kB

URL HTTP/1.1
khdtk.ulm.ac.id/wp-content/themes/university-hub/style.css?ver=1.0.8
IP
103.23.232.80:0
ASN
#58475 Universitas Lambung Mangkurat

File type
ASCII text, with very long lines (475)
Size
99 kB (98903 bytes)
Hash
2ce3f1cb2bfd77267cf802d20351ac58
25a40a1c0abe85421867404ca8d68a62fd44d94f
a1f53a99f27936a13a010ad123ab3b10cf8b61055e35836f695796527090b3d6

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/university-hub/style.css?ver=1.0.8 HTTP/1.1
Host: khdtk.ulm.ac.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://khdtk.ulm.ac.id/fbsecurity.ads-manager638700273/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 20:07:37 GMT
Server: Apache
Last-Modified: Mon, 23 Jul 2018 02:50:36 GMT
Accept-Ranges: bytes
Content-Length: 98903
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

khdtk.ulm.ac.id/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

103.23.232.80

200 OK

97 kB

URL HTTP/1.1
khdtk.ulm.ac.id/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
IP
103.23.232.80:0
ASN
#58475 Universitas Lambung Mangkurat

File type
ASCII text, with very long lines (31997)
Size
97 kB (96873 bytes)
Hash
49edccea2e7ba985cadc9ba0531cbed1
f8747f8ee704d9af31d0950015e01d3f9635b070
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /wp-includes/js/jquery/jquery.js?ver=1.12.4-wp HTTP/1.1
Host: khdtk.ulm.ac.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://khdtk.ulm.ac.id/fbsecurity.ads-manager638700273/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 20:07:37 GMT
Server: Apache
Last-Modified: Tue, 14 Jul 2020 01:32:42 GMT
Accept-Ranges: bytes
Content-Length: 96873
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a9323cf0781cad0d5ac23f0c81c105b1
772d0218be53da9f875bb96a287c904976c296da
5c808b03cd8dd26275f12a850d8a36b467246c1461ea65a4c717acb04f2ca722

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 20:07:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.163

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://khdtk.ulm.ac.id
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 19:34:08 GMT
expires: Thu, 14 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 434010
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a9323cf0781cad0d5ac23f0c81c105b1
772d0218be53da9f875bb96a287c904976c296da
5c808b03cd8dd26275f12a850d8a36b467246c1461ea65a4c717acb04f2ca722

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 20:07:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a9323cf0781cad0d5ac23f0c81c105b1
772d0218be53da9f875bb96a287c904976c296da
5c808b03cd8dd26275f12a850d8a36b467246c1461ea65a4c717acb04f2ca722

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 20:07:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

khdtk.ulm.ac.id/wp-content/uploads/2018/12/Logo-Unlam-mini.png

103.23.232.80

200 OK

7.5 kB

URL HTTP/1.1
khdtk.ulm.ac.id/wp-content/uploads/2018/12/Logo-Unlam-mini.png
IP
103.23.232.80:0
ASN
#58475 Universitas Lambung Mangkurat

File type
PNG image data, 56 x 56, 8-bit/color RGBA, non-interlaced\012- data
Size
7.5 kB (7491 bytes)
Hash
7a6e6110ccfbf6c9aef7158145281e51
da985728e11c6019e8653f6ffeab2757e1eb029d
877847c27c5f2a1337280dd50b351e7ba5a3d9a729d3be8d1683a58192f6fc20

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /wp-content/uploads/2018/12/Logo-Unlam-mini.png HTTP/1.1
Host: khdtk.ulm.ac.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://khdtk.ulm.ac.id/fbsecurity.ads-manager638700273/login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 20:07:38 GMT
Server: Apache
Last-Modified: Fri, 07 Dec 2018 06:08:31 GMT
Accept-Ranges: bytes
Content-Length: 7491
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.163

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://khdtk.ulm.ac.id
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 19:34:08 GMT
expires: Thu, 14 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 434010
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

khdtk.ulm.ac.id/wp-content/themes/university-hub/third-party/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0

103.23.232.80

200 OK

77 kB

URL HTTP/1.1
khdtk.ulm.ac.id/wp-content/themes/university-hub/third-party/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
IP
103.23.232.80:0
ASN
#58475 Universitas Lambung Mangkurat

File type
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Size
77 kB (77160 bytes)
Hash
af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/university-hub/third-party/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: khdtk.ulm.ac.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://khdtk.ulm.ac.id/wp-content/themes/university-hub/third-party/font-awesome/css/font-awesome.min.css?ver=4.7.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 20:07:38 GMT
Server: Apache
Last-Modified: Mon, 21 May 2018 23:42:24 GMT
Accept-Ranges: bytes
Content-Length: 77160
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: font/woff2

khdtk.ulm.ac.id/wp-content/uploads/2018/12/hutan2.jpg

103.23.232.80

200 OK

310 kB

URL HTTP/1.1
khdtk.ulm.ac.id/wp-content/uploads/2018/12/hutan2.jpg
IP
103.23.232.80:0
ASN
#58475 Universitas Lambung Mangkurat

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 1280x853, components 3\012- data
Size
310 kB (309882 bytes)
Hash
e847a8b7239104defb241f9383e054d7
610005ebf056abfaf4dcd4aa2b446cf8c946faa4
961abd3bf8d92774f0afe2041d4e3f63a2e69d6a57218d3ce1f386d46589c560

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /wp-content/uploads/2018/12/hutan2.jpg HTTP/1.1
Host: khdtk.ulm.ac.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://khdtk.ulm.ac.id/fbsecurity.ads-manager638700273/login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 20:07:38 GMT
Server: Apache
Last-Modified: Sat, 08 Dec 2018 11:50:32 GMT
Accept-Ranges: bytes
Content-Length: 309882
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/jpeg

khdtk.ulm.ac.id/wp-content/uploads/2018/09/Logo-Unlam-mini-298x300.png

103.23.232.80

200 OK

134 kB

URL HTTP/1.1
khdtk.ulm.ac.id/wp-content/uploads/2018/09/Logo-Unlam-mini-298x300.png
IP
103.23.232.80:0
ASN
#58475 Universitas Lambung Mangkurat

File type
PNG image data, 298 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size
134 kB (134377 bytes)
Hash
e2d406b7090881d762271692bee06f03
2bd00bed14d4f2a303838d1ad8ec9470cd1edf1b
5bf7cbb2baf8e4f86c502f83ffdfe1cf5f5a09b54aff7857e54b346b445fc39e

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /wp-content/uploads/2018/09/Logo-Unlam-mini-298x300.png HTTP/1.1
Host: khdtk.ulm.ac.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://khdtk.ulm.ac.id/fbsecurity.ads-manager638700273/login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 20:07:38 GMT
Server: Apache
Last-Modified: Wed, 26 Sep 2018 10:26:57 GMT
Accept-Ranges: bytes
Content-Length: 134377
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

khdtk.ulm.ac.id/wp-content/uploads/2018/09/Logo-Unlam-mini-150x150.png

103.23.232.80

200 OK

42 kB

URL HTTP/1.1
khdtk.ulm.ac.id/wp-content/uploads/2018/09/Logo-Unlam-mini-150x150.png
IP
103.23.232.80:0
ASN
#58475 Universitas Lambung Mangkurat

File type
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Size
42 kB (42236 bytes)
Hash
ef1c3f2aa0856fbb6df13310dc208f9e
87fc739d66bc12d24a35f2b80173511459ab7cb3
3c0ab7e7e6bc698a7867372cfe2fb14a64613ae9339597a8d92eb68cc67475d2

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /wp-content/uploads/2018/09/Logo-Unlam-mini-150x150.png HTTP/1.1
Host: khdtk.ulm.ac.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://khdtk.ulm.ac.id/fbsecurity.ads-manager638700273/login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 20:07:38 GMT
Server: Apache
Last-Modified: Wed, 26 Sep 2018 10:26:57 GMT
Accept-Ranges: bytes
Content-Length: 42236
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/png

fonts.googleapis.com/css?family=Roboto%3A400%2C700%2C900%2C400italic%2C700italic%2C900italic&subset=latin%2Clatin-ext

142.250.74.10

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Roboto%3A400%2C700%2C900%2C400italic%2C700italic%2C900italic&subset=latin%2Clatin-ext
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Roboto%3A400%2C700%2C900%2C400italic%2C700italic%2C900italic&subset=latin%2Clatin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://khdtk.ulm.ac.id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 19 Sep 2022 20:07:37 GMT
date: Mon, 19 Sep 2022 20:07:37 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations