Report - suramadu.pta-surabaya.go.id/auth

Report Overview

Submitted URL
suramadu.pta-surabaya.go.id/auth
IP
103.163.138.23
ASN
#55688 PT. Beon Intermedia
Submitted
2022-12-01 00:42:44
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
22

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.6 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
suramadu.pta-surabaya.go.id	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	8.1 kB	268 kB	103.163.138.23
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	35.163.62.5
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	58 kB	34.120.237.76
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	2.8 kB	142.250.74.131
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.36.76.226
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	491 B	17 kB	216.58.207.227
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	405 B	746 B	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-01	medium	suramadu.pta-surabaya.go.id/auth	Malware
2022-12-01	medium	suramadu.pta-surabaya.go.id/auth/masuk	Malware
2022-12-01	medium	suramadu.pta-surabaya.go.id/assets/js/jquery.min.js	Malware
2022-12-01	medium	suramadu.pta-surabaya.go.id/assets/js/popper.min.js	Malware
2022-12-01	medium	suramadu.pta-surabaya.go.id/assets/js/bootstrap.min.js	Malware
2022-12-01	medium	suramadu.pta-surabaya.go.id/assets/js/plugins/loaders/blockui.min.js	Malware
2022-12-01	medium	suramadu.pta-surabaya.go.id/assets/js/plugins/notifications/jgrowl.min.js	Malware
2022-12-01	medium	suramadu.pta-surabaya.go.id/assets/js/cak-js.js	Malware
2022-12-01	medium	suramadu.pta-surabaya.go.id/assets/js/sidebar-menu.js	Malware
2022-12-01	medium	suramadu.pta-surabaya.go.id/assets/js/app-script.js	Malware
2022-12-01	medium	suramadu.pta-surabaya.go.id/assets/js/sweetalert.min.js	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (12)

	URL	Size	First Seen	Last Seen
	suramadu.pta-surabaya.go.id/assets/js/bootstrap.min.js	58 kB	2023-03-07	2024-04-19
Pretty URL suramadu.pta-surabaya.go.id/assets/js/bootstrap.min.js IP 103.163.138.23 ASN #55688 PT. Beon Intermedia Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:33 Last Seen2024-04-19 11:01:29 Times Seen19521 Hash e1d98d47689e00f8ecbc5d9f61bdb42e 6778fed3cf095a318141a31f455c8f4663885bde 0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b Loading...

	suramadu.pta-surabaya.go.id/assets/js/plugins/loaders/blockui.min.js	9.2 kB	2023-03-07	2024-04-11
Pretty URL suramadu.pta-surabaya.go.id/assets/js/plugins/loaders/blockui.min.js IP 103.163.138.23 ASN #55688 PT. Beon Intermedia Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:17 Last Seen2024-04-11 13:50:12 Times Seen312 Hash b646c96530f38dc6e430cc490b599077 3c40ac9e81a226214377c90fbddf7439ebe296b5 6ad115fc2ea2de47b478b0df9796170bb182a41c5f4ac3b5d3ccbf0643d9771f Loading...

	suramadu.pta-surabaya.go.id/assets/js/cak-js.js	8.7 kB	2023-03-11	2023-03-11
Pretty URL suramadu.pta-surabaya.go.id/assets/js/cak-js.js IP 103.163.138.23 ASN #55688 PT. Beon Intermedia Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 23:16:18 Last Seen2023-03-11 23:16:18 Times Seen1 Hash bf78069f77e2ff965bb3d43e7d7a288e 8ce3e5da94c8b4097ec7566b9b738a8428728a46 6ea5210d776ccf666731b3ccfe52329eeadc263135431e5409f0df859759cfb0 Loading...

	unknown	0 B	2023-03-07	2024-04-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-19 11:18:35 Times Seen36957060 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	suramadu.pta-surabaya.go.id/assets/js/popper.min.js	20 kB	2023-03-07	2024-04-18
Pretty URL suramadu.pta-surabaya.go.id/assets/js/popper.min.js IP 103.163.138.23 ASN #55688 PT. Beon Intermedia Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:07 Last Seen2024-04-18 13:50:03 Times Seen4464 Hash 83fb8c4d9199dce0224da0206423106f d8503645c17f9856868a7def3dc0505e19a95ec7 f7cbc01a310318defd4e31e4616543e2cf3baef5a47562c73ece4c0b716f157e Loading...

	suramadu.pta-surabaya.go.id/auth/masuk	59 B	2023-03-11	2023-03-11
Pretty URL suramadu.pta-surabaya.go.id/auth/masuk IP 103.163.138.23 ASN #55688 PT. Beon Intermedia Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 23:16:19 Last Seen2023-03-11 23:16:19 Times Seen1 Hash 2904859117e2aad654a694fb1f97a6e7 218fb20e00f9be119bdd91991ba53b2fa4b26f3c 3a1eb6d933f76c533003e85cd91c94bb81c7ddcfca2406287bee5aab1fc66896 Loading...

	suramadu.pta-surabaya.go.id/assets/js/jquery.min.js	86 kB	2023-03-07	2024-04-19
Pretty URL suramadu.pta-surabaya.go.id/assets/js/jquery.min.js IP 103.163.138.23 ASN #55688 PT. Beon Intermedia Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-19 10:59:22 Times Seen380075 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

	suramadu.pta-surabaya.go.id/auth/masuk	757 B	2023-03-11	2023-03-11
Pretty URL suramadu.pta-surabaya.go.id/auth/masuk IP 103.163.138.23 ASN #55688 PT. Beon Intermedia Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 23:16:19 Last Seen2023-03-11 23:16:19 Times Seen1 Hash 19962d2b8b3ac9709a14f5e67c501b79 e30a9786f4d6f02b1c9bb76563e541f9ec0569aa 219630a8b7b0eeae7dceea5a472f6fc852f35d3d57cc4e5284b7e1fb4fa52117 Loading...

	suramadu.pta-surabaya.go.id/assets/js/sidebar-menu.js	1.3 kB	2023-03-11	2024-02-14
Pretty URL suramadu.pta-surabaya.go.id/assets/js/sidebar-menu.js IP 103.163.138.23 ASN #55688 PT. Beon Intermedia Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 23:16:19 Last Seen2024-02-14 00:56:22 Times Seen13 Hash 2944b5356f6212ddcc00b55d9f1fe831 dfdec2d3d69ed9b9d27a382e05a30e5c32b819e0 45693ec0627e91104ebba9c1f89360b636c2fa8908f86503c50e9b4b71dd1ca0 Loading...

	suramadu.pta-surabaya.go.id/assets/js/app-script.js	3.5 kB	2023-03-11	2023-03-13
Pretty URL suramadu.pta-surabaya.go.id/assets/js/app-script.js IP 103.163.138.23 ASN #55688 PT. Beon Intermedia Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 23:16:19 Last Seen2023-03-13 11:17:35 Times Seen1 Hash 75576254e7f8994d3c9cd611451212f9 87c8b7c94d592bb1cb8598af99b3af2ef7d4e5ac 5c12e36fc4cf8d4be44e99090b8052cf10368f8ba82d91b77eec2dadd9bd15d1 Loading...

	suramadu.pta-surabaya.go.id/assets/js/plugins/notifications/jgrowl.min.js	5.4 kB	2023-03-11	2023-03-11
Pretty URL suramadu.pta-surabaya.go.id/assets/js/plugins/notifications/jgrowl.min.js IP 103.163.138.23 ASN #55688 PT. Beon Intermedia Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 23:16:19 Last Seen2023-03-11 23:16:19 Times Seen1 Hash 93b8b25e236c447f85fdad9b55123dba fce876309bc416ab03a6bf76acd08a2e56a3cd7f 1ca01e31fd6290fdc6de1dd98ace30ac3222b72c885b19c498f38bff523e42bf Loading...

	suramadu.pta-surabaya.go.id/assets/js/sweetalert.min.js	17 kB	2023-03-07	2024-04-14
Pretty URL suramadu.pta-surabaya.go.id/assets/js/sweetalert.min.js IP 103.163.138.23 ASN #55688 PT. Beon Intermedia Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:37 Last Seen2024-04-14 14:31:25 Times Seen3446 Hash 0068f44b0aa1b83fa7679860ceb26590 20d5cdb9d2002442843baab241f2e883563d1de5 7a056fc64aba501090c8acd106b0c7bbc9a267914e695ae34aa42a6ae2a094a7 Loading...

HTTP Transactions (44)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a5daf4dc99951793ae2315d4795e8146
4427507ca4d3a5632cc8f598afbc85e2195d00bd
94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4211
Expires: Thu, 01 Dec 2022 01:52:44 GMT
Date: Thu, 01 Dec 2022 00:42:33 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
f3cf023c797da81728c0ac84c8759331
fa07c5e39e4b0741ea484101cccb2202acea9d9c
5206a0bac8bf78d6b84322519271a1ece2c1039a0090e583de6d6192d88873d0

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 639
Cache-Control: max-age=122365
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 00:42:33 GMT
Etag: "638730f7-1d7"
Expires: Fri, 02 Dec 2022 10:41:58 GMT
Last-Modified: Wed, 30 Nov 2022 10:31:19 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9fce5679881bf302a8978a0b462f01a9
b699fe030ea13ac73813e655c42ed9b531925e2b
a3ec545a8f9364ac9062eddb41279e1465687a1b60f9c1dec6b3a3df8b033eb3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3EC545A8F9364AC9062EDDB41279E1465687A1B60F9C1DEC6B3A3DF8B033EB3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4838
Expires: Thu, 01 Dec 2022 02:03:11 GMT
Date: Thu, 01 Dec 2022 00:42:33 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 01 Dec 2022 00:19:45 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1368
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: Imlohd5seimiN9nG29+i323zl7/cEUJu7pTOmNJNfXw47pKfHhUjMFotKw/ua9pFEuQFYCAm+9o=
x-amz-request-id: G6KN6WCT7ANZC9KY
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 30 Nov 2022 23:46:03 GMT
age: 3390
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 00:42:33 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 01 Dec 2022 00:11:15 GMT
cache-control: public,max-age=3600
age: 1878
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
cfdd00e67ee6ca21712b867eb5288ab6
b61d5d6ec3b7ad71619e13e32c87f2d01871b88a
f740cac6dfedc1bf0f82efb10dac4f6ffb22f9bb5d4a9b68a4cd971dd2f65793

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 633
Cache-Control: max-age=117290
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 00:42:34 GMT
Etag: "63871d2b-1d7"
Expires: Fri, 02 Dec 2022 09:17:24 GMT
Last-Modified: Wed, 30 Nov 2022 09:06:51 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

suramadu.pta-surabaya.go.id/auth

103.163.138.23

307 Temporary Redirect

0 B

URL HTTP/1.1
suramadu.pta-surabaya.go.id/auth
IP
103.163.138.23:0
ASN
#55688 PT. Beon Intermedia

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /auth HTTP/1.1
Host: suramadu.pta-surabaya.go.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 307 Temporary Redirect
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
set-cookie: ci_session=g2scdin64476hvonf4n343va97r1909e; expires=Thu, 01-Dec-2022 02:42:34 GMT; Max-Age=7200; path=/; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
location: https://suramadu.pta-surabaya.go.id/auth/masuk
content-type: text/html; charset=UTF-8
content-length: 0
date: Thu, 01 Dec 2022 00:42:34 GMT
server: LiteSpeed

push.services.mozilla.com/

35.163.62.5

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.163.62.5:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8/Npq843bIhQIYNHXXDWmw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Q0ihyMIqgjGn6hpqx4/ul6CU7dY=

suramadu.pta-surabaya.go.id/auth/masuk

103.163.138.23

200 OK

1.5 kB

URL HTTP/2
suramadu.pta-surabaya.go.id/auth/masuk
IP
103.163.138.23:0
ASN
#55688 PT. Beon Intermedia

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
1.5 kB (1475 bytes)
Hash
9b2957138d76bd4972828f7f70e3f82b
066ce23d3acf2c3e963dcfdb34ba6499d55226d9
a95e4e42aaa28242044f9ec517aded4c3dc45193ede990a46c085a25159888ac

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /auth/masuk HTTP/1.1
Host: suramadu.pta-surabaya.go.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
set-cookie: ci_session=ts0g4jjlgbrjj1gd2b0sifctr5qig2rr; expires=Thu, 01-Dec-2022 02:42:35 GMT; Max-Age=7200; path=/; HttpOnly; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
content-type: text/html; charset=UTF-8
content-length: 1475
content-encoding: br
vary: Accept-Encoding
date: Thu, 01 Dec 2022 00:42:35 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

suramadu.pta-surabaya.go.id/assets/js/sweetalert.min.css

103.163.138.23

200 OK

2.9 kB

URL HTTP/2
suramadu.pta-surabaya.go.id/assets/js/sweetalert.min.css
IP
103.163.138.23:0
ASN
#55688 PT. Beon Intermedia

File type
ASCII text, with very long lines (13748), with CRLF line terminators
Size
2.9 kB (2912 bytes)
Hash
b14cba43ed4e391d5b8c500e945e3d6f
5394f251b194bc490dd343ab553173a2506ce923
ec3db7bbaa289f61eb1fd40c950a923a777143f446e75a4c50622bcee33a4a0e

HTTP Headers

GET /assets/js/sweetalert.min.css HTTP/1.1
Host: suramadu.pta-surabaya.go.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://suramadu.pta-surabaya.go.id/auth/masuk
Cookie: ci_session=ts0g4jjlgbrjj1gd2b0sifctr5qig2rr
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 08 Dec 2022 00:42:35 GMT
content-type: text/css
last-modified: Mon, 24 Jun 2019 08:11:46 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2912
date: Thu, 01 Dec 2022 00:42:35 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13799
Expires: Thu, 01 Dec 2022 04:32:34 GMT
Date: Thu, 01 Dec 2022 00:42:35 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13799
Expires: Thu, 01 Dec 2022 04:32:34 GMT
Date: Thu, 01 Dec 2022 00:42:35 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13799
Expires: Thu, 01 Dec 2022 04:32:34 GMT
Date: Thu, 01 Dec 2022 00:42:35 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13799
Expires: Thu, 01 Dec 2022 04:32:34 GMT
Date: Thu, 01 Dec 2022 00:42:35 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13799
Expires: Thu, 01 Dec 2022 04:32:34 GMT
Date: Thu, 01 Dec 2022 00:42:35 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc1fe6f5b-2658-4434-b276-36d841c8ceee.jpeg

34.120.237.76

200 OK

8.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc1fe6f5b-2658-4434-b276-36d841c8ceee.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.1 kB (8124 bytes)
Hash
42c762f71487f8e0285dd2129700f069
ec0fd74a981603e197df26c6fb79ef039f737557
8a40883d87b1e2c6e116e3cf881a8b39c987200a8556b651f78a376b3ddbaa26

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc1fe6f5b-2658-4434-b276-36d841c8ceee.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8124
x-amzn-requestid: e000c0d5-82d0-41a8-8def-b36970226969
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb0UqEd1oAMFakQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cdb7-27efd8c92b8f6e4f257cec3b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:40:07 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 1GIxjB2nXfoxuqJHLtkXl4OJT_Po5DJA_w26E2K8WOmm_PZw1qU3IQ==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 22:19:35 GMT
etag: "ec0fd74a981603e197df26c6fb79ef039f737557"
content-type: image/jpeg
age: 8580
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F38aeadfb-098c-4e6a-8abc-40288efe2526.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.8 kB (3751 bytes)
Hash
609419f1a2c58ae67febde5e2cb91c9f
bfb37735a2500848338a8fa12f28516a1ad9b5ba
32a4a65c8bd4da715b5331537bd606bab2767ad8c07af3b8aebbe5cad5591812

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F38aeadfb-098c-4e6a-8abc-40288efe2526.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3751
x-amzn-requestid: 80396218-5515-4f77-9d57-95b323e1f1c0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbzNHHGGoAMF8mA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cbed-09f83d1a5b7f65175fb137ab;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:32:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _mQdH9J5CaTiYNIQf5xVn-HGUP5tKhW_1foVDdpsVIoG_NKb9wZOJg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:49:45 GMT
age: 10370
etag: "bfb37735a2500848338a8fa12f28516a1ad9b5ba"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4762 bytes)
Hash
d2dd5a4bcfd47db8f38544bf39ce3031
fa2217bae05b7beca2e12597eaad835298276b82
3266004f5e73af5359b71622eea31f1e28abb4bbc443b5f9e481b5a8b2e9249e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4762
x-amzn-requestid: 52b09ca3-705b-4c86-9f56-172637553f87
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7TVG58oAMFQTw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830c15-4577a47243ad190672f8ac89;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:04:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Y0-NAp2LMMG5TjQQ9ENHwDyKXLObKTYqzPPOWvZhs7Y9WJIC6LoblQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 08:50:17 GMT
age: 57138
etag: "fa2217bae05b7beca2e12597eaad835298276b82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

2.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabcce497-e838-40ff-ab98-af5f631b766f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
2.4 kB (2382 bytes)
Hash
f5469e846da1e0f21cfc480f56a656a6
b3eaec75f854d22cd1dcd6aa42e37f6d0df50036
d5701207a8b6b358359ebfd85a6916af7a3abf79acba235bf7d4131b0bc2e9b5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabcce497-e838-40ff-ab98-af5f631b766f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 2382
x-amzn-requestid: 7279ff68-1e32-4c57-9b9d-f5803a19e8e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cJYQuEmEIAMFkeg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63806d9e-2cf28dc150b53b9f3c60bb4c;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 07:24:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UaUyc03Gw0P7G_7gjAyp-c3XxjIDbllO7lmG_8UWVCuBP4WgEgSydQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 14:26:41 GMT
age: 36954
etag: "b3eaec75f854d22cd1dcd6aa42e37f6d0df50036"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7837c610-4f38-4ecd-b984-5752ff89a1f8.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (7957 bytes)
Hash
37004182402c955f288eb1fa8df7aef4
01a07f9a5725f608fafeced7b3d1ebdbcb776c29
c90c80dd5cadbde3fef20a9c4561b1efa47401e5f6bdf64c91246553c50204f0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7837c610-4f38-4ecd-b984-5752ff89a1f8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7957
x-amzn-requestid: 54f43d6b-cf41-4067-b459-6b8d98869354
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cV91PGgNIAMF2Xg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63857687-069ac54c22797a511c69a220;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 03:03:35 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5et72pBhP9fdm4fNy6V5AJjs7B5N3HUGgaToNJV3LbA59D-0QDAMvw==
via: 1.1 6c90b631453c435bd0022caa657b67e8.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 03:31:51 GMT
age: 76244
etag: "01a07f9a5725f608fafeced7b3d1ebdbcb776c29"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff41bace1-a7a5-42ae-b255-862c9cbac9de.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10437 bytes)
Hash
291127b670135b42b6e9687aa2a13237
99b5ef2d6a4d1a1251a06d9d9f989b01d089a8d1
49b082a738bcd15a0bb4e9f96a180797ffcfa368977ac1927df882a0343664d3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff41bace1-a7a5-42ae-b255-862c9cbac9de.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10437
x-amzn-requestid: 2a8183c4-47ec-42bb-8e67-3e742dc3750c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb0YpEeooAMFfvg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cdd0-2014fd4d49dcd4087bf1db4d;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:40:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Q9y5-OF59ODaZRd9YFFdM2rIH0bYYyIT40rCwr8cBwBQd0GOqtNobg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 22:08:51 GMT
age: 9224
etag: "99b5ef2d6a4d1a1251a06d9d9f989b01d089a8d1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

suramadu.pta-surabaya.go.id/assets/css/bootstrap.min.css

103.163.138.23

200 OK

21 kB

URL HTTP/2
suramadu.pta-surabaya.go.id/assets/css/bootstrap.min.css
IP
103.163.138.23:0
ASN
#55688 PT. Beon Intermedia

File type
ASCII text, with very long lines (65324)
Size
21 kB (20941 bytes)
Hash
123062a501318cc73759315eaeffca9c
0542dbfd3008893ffcf9cfbd31783b14523adf4e
e37a08be15644b88b5b90bad49a9282d36ececef5f1bd98b74640728bcfa0a3c

HTTP Headers

GET /assets/css/bootstrap.min.css HTTP/1.1
Host: suramadu.pta-surabaya.go.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://suramadu.pta-surabaya.go.id/auth/masuk
Cookie: ci_session=ts0g4jjlgbrjj1gd2b0sifctr5qig2rr
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 08 Dec 2022 00:42:35 GMT
content-type: text/css
last-modified: Wed, 13 Feb 2019 13:17:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 20941
date: Thu, 01 Dec 2022 00:42:35 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

suramadu.pta-surabaya.go.id/assets/css/animate.css

103.163.138.23

200 OK

4.2 kB

URL HTTP/2
suramadu.pta-surabaya.go.id/assets/css/animate.css
IP
103.163.138.23:0
ASN
#55688 PT. Beon Intermedia

File type
ASCII text
Size
4.2 kB (4191 bytes)
Hash
1abea7ddafd72d634b2b238b3fbf85cd
530da8af51fb447511de1badd9a671e0b3e57fc1
3dbbe2d83380af61c35e1f28af901cdfb2a5e7d99a99040cc3eff537748c1523

HTTP Headers

GET /assets/css/animate.css HTTP/1.1
Host: suramadu.pta-surabaya.go.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://suramadu.pta-surabaya.go.id/auth/masuk
Cookie: ci_session=ts0g4jjlgbrjj1gd2b0sifctr5qig2rr
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 08 Dec 2022 00:42:35 GMT
content-type: text/css
last-modified: Sun, 28 Jan 2018 05:19:30 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4191
date: Thu, 01 Dec 2022 00:42:35 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

suramadu.pta-surabaya.go.id/assets/css/icons.css

103.163.138.23

200 OK

25 kB

URL HTTP/2
suramadu.pta-surabaya.go.id/assets/css/icons.css
IP
103.163.138.23:0
ASN
#55688 PT. Beon Intermedia

File type
ASCII text
Size
25 kB (24553 bytes)
Hash
3d2191207fece42db4406a44782cafea
aafc81b60d9b792b74b3e3a05242a777f645879a
7f6154fa6a32df1a062124e2b3f683a09cfbbd9ff7716a241069f6e2f8c6bd7c

HTTP Headers

GET /assets/css/icons.css HTTP/1.1
Host: suramadu.pta-surabaya.go.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://suramadu.pta-surabaya.go.id/auth/masuk
Cookie: ci_session=ts0g4jjlgbrjj1gd2b0sifctr5qig2rr
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 08 Dec 2022 00:42:35 GMT
content-type: text/css
last-modified: Sun, 16 Dec 2018 15:46:10 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 24553
date: Thu, 01 Dec 2022 00:42:35 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

suramadu.pta-surabaya.go.id/assets/css/app-style.css

103.163.138.23

200 OK

20 kB

URL HTTP/2
suramadu.pta-surabaya.go.id/assets/css/app-style.css
IP
103.163.138.23:0
ASN
#55688 PT. Beon Intermedia

File type
ASCII text
Size
20 kB (19783 bytes)
Hash
2e8749a4ca5a60c7c9a5be8c42e985b8
dd3b6c7cd138f29979ad1589ff03a549b63329a3
b30612b71b705e0b4a552624e7af10659cf74cf13db19f272c8242bcb8f078ef

HTTP Headers

GET /assets/css/app-style.css HTTP/1.1
Host: suramadu.pta-surabaya.go.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://suramadu.pta-surabaya.go.id/auth/masuk
Cookie: ci_session=ts0g4jjlgbrjj1gd2b0sifctr5qig2rr
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 08 Dec 2022 00:42:35 GMT
content-type: text/css
last-modified: Sun, 15 Dec 2019 14:49:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 19783
date: Thu, 01 Dec 2022 00:42:35 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
146dac10a93604a686550631e14eefb9
b4af601ce6d515d9ec124938ce626060e0d43099
bac5bc94c1a95af45522dadbf1639aff31e691fa2314314c6cce1ab1e70bba87

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 00:42:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
146dac10a93604a686550631e14eefb9
b4af601ce6d515d9ec124938ce626060e0d43099
bac5bc94c1a95af45522dadbf1639aff31e691fa2314314c6cce1ab1e70bba87

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 00:42:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

suramadu.pta-surabaya.go.id/assets/js/jquery.min.js

103.163.138.23

200 OK

29 kB

URL HTTP/2
suramadu.pta-surabaya.go.id/assets/js/jquery.min.js
IP
103.163.138.23:0
ASN
#55688 PT. Beon Intermedia

File type
ASCII text, with very long lines (32065)
Size
29 kB (29167 bytes)
Hash
8f1b13eb9cbc7933090aca626528e7b2
5efc266830b751a2959266be2b8e87658858a9d4
0f383802c1d44e249d83044d53aaa035b3caea8d393e42dbe25e11f10c4b3006

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/js/jquery.min.js HTTP/1.1
Host: suramadu.pta-surabaya.go.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://suramadu.pta-surabaya.go.id/auth/masuk
Cookie: ci_session=ts0g4jjlgbrjj1gd2b0sifctr5qig2rr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 08 Dec 2022 00:42:35 GMT
content-type: application/javascript
last-modified: Fri, 26 Jan 2018 18:14:42 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 29167
date: Thu, 01 Dec 2022 00:42:35 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

suramadu.pta-surabaya.go.id/assets/js/popper.min.js

103.163.138.23

200 OK

6.9 kB

URL HTTP/2
suramadu.pta-surabaya.go.id/assets/js/popper.min.js
IP
103.163.138.23:0
ASN
#55688 PT. Beon Intermedia

File type
ASCII text, with very long lines (20164)
Size
6.9 kB (6948 bytes)
Hash
bb7ba3879587d2e59f4363e709a5a689
3add438b94664f3e726c662909c8f267f2ce49fb
d25ab1ae785cf7c86701acab65aacd08e1a17f1d7dcf0e9d0463f6115289e918

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/js/popper.min.js HTTP/1.1
Host: suramadu.pta-surabaya.go.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://suramadu.pta-surabaya.go.id/auth/masuk
Cookie: ci_session=ts0g4jjlgbrjj1gd2b0sifctr5qig2rr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 08 Dec 2022 00:42:35 GMT
content-type: application/javascript
last-modified: Wed, 28 Nov 2018 12:34:08 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6948
date: Thu, 01 Dec 2022 00:42:35 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

suramadu.pta-surabaya.go.id/assets/js/bootstrap.min.js

103.163.138.23

200 OK

15 kB

URL HTTP/2
suramadu.pta-surabaya.go.id/assets/js/bootstrap.min.js
IP
103.163.138.23:0
ASN
#55688 PT. Beon Intermedia

File type
ASCII text, with very long lines (57791)
Size
15 kB (14764 bytes)
Hash
56b563ea6a4e8a1534ad78d64f535359
15330d7d7e4352d317895143e4bda406cc5929ec
11613db4d76ea4bf9d08f7888227cb833c9456b7c51c8b88ee6272f6eff88a6f

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/js/bootstrap.min.js HTTP/1.1
Host: suramadu.pta-surabaya.go.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://suramadu.pta-surabaya.go.id/auth/masuk
Cookie: ci_session=ts0g4jjlgbrjj1gd2b0sifctr5qig2rr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 08 Dec 2022 00:42:35 GMT
content-type: application/javascript
last-modified: Wed, 13 Feb 2019 13:17:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 14764
date: Thu, 01 Dec 2022 00:42:35 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

suramadu.pta-surabaya.go.id/assets/js/plugins/loaders/blockui.min.js

103.163.138.23

200 OK

3.1 kB

URL HTTP/2
suramadu.pta-surabaya.go.id/assets/js/plugins/loaders/blockui.min.js
IP
103.163.138.23:0
ASN
#55688 PT. Beon Intermedia

File type
ASCII text, with very long lines (9164), with no line terminators
Size
3.1 kB (3074 bytes)
Hash
89ffd5989478c250ebd4fe7272a8b9ae
a1dc718628bf3c61b257677acb5b80ac20ea6663
a8dc890105196240ae4cfaedd37cbd039daa26b767abf3a5a9d4bad5bcb06d99

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/js/plugins/loaders/blockui.min.js HTTP/1.1
Host: suramadu.pta-surabaya.go.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://suramadu.pta-surabaya.go.id/auth/masuk
Cookie: ci_session=ts0g4jjlgbrjj1gd2b0sifctr5qig2rr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 08 Dec 2022 00:42:35 GMT
content-type: application/javascript
last-modified: Mon, 24 Jun 2019 08:11:46 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3074
date: Thu, 01 Dec 2022 00:42:35 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

suramadu.pta-surabaya.go.id/assets/js/plugins/notifications/jgrowl.min.js

103.163.138.23

200 OK

1.5 kB

URL HTTP/2
suramadu.pta-surabaya.go.id/assets/js/plugins/notifications/jgrowl.min.js
IP
103.163.138.23:0
ASN
#55688 PT. Beon Intermedia

File type
ASCII text, with very long lines (5332), with CRLF line terminators
Size
1.5 kB (1482 bytes)
Hash
b6b1e50cd51109f4600fa90f811b8c25
0e7e2c8d5f5351d5f3783bab7f4c381b072ead82
1f82c8d7e6823c1fecc4ef2830cde4ab5194e6119a9cc8d58fb73b4762cd1418

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/js/plugins/notifications/jgrowl.min.js HTTP/1.1
Host: suramadu.pta-surabaya.go.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://suramadu.pta-surabaya.go.id/auth/masuk
Cookie: ci_session=ts0g4jjlgbrjj1gd2b0sifctr5qig2rr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 08 Dec 2022 00:42:35 GMT
content-type: application/javascript
last-modified: Mon, 24 Jun 2019 08:11:46 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1482
date: Thu, 01 Dec 2022 00:42:35 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

suramadu.pta-surabaya.go.id/assets/js/cak-js.js

103.163.138.23

200 OK

2.7 kB

URL HTTP/2
suramadu.pta-surabaya.go.id/assets/js/cak-js.js
IP
103.163.138.23:0
ASN
#55688 PT. Beon Intermedia

File type
Algol 68 source text\012- Pascal source, ASCII text, with CRLF line terminators
Size
2.7 kB (2679 bytes)
Hash
9c7688fb94cbaafd204ed32ac33bc5d3
1ffaf40489ead10ce759ac944cde549cea82c174
649a8b5d6bac281cd5681a59f3a8a795ffd0a5990463c4cab32e3172b8d66143

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/js/cak-js.js HTTP/1.1
Host: suramadu.pta-surabaya.go.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://suramadu.pta-surabaya.go.id/auth/masuk
Cookie: ci_session=ts0g4jjlgbrjj1gd2b0sifctr5qig2rr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 08 Dec 2022 00:42:35 GMT
content-type: application/javascript
last-modified: Mon, 24 Jun 2019 08:11:42 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2679
date: Thu, 01 Dec 2022 00:42:35 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

suramadu.pta-surabaya.go.id/assets/js/sidebar-menu.js

103.163.138.23

200 OK

480 B

URL HTTP/2
suramadu.pta-surabaya.go.id/assets/js/sidebar-menu.js
IP
103.163.138.23:0
ASN
#55688 PT. Beon Intermedia

File type
ASCII text
Size
480 B (480 bytes)
Hash
02847705ad1012059cc047d2d979a54c
41429be75396e7464a083fcb6826dcf0ae6a24cc
b59296624e18e75667815209e101dd1fa8820b723e433b1b0541a27b1554f231

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/js/sidebar-menu.js HTTP/1.1
Host: suramadu.pta-surabaya.go.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://suramadu.pta-surabaya.go.id/auth/masuk
Cookie: ci_session=ts0g4jjlgbrjj1gd2b0sifctr5qig2rr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 08 Dec 2022 00:42:35 GMT
content-type: application/javascript
last-modified: Sun, 22 Jul 2018 16:57:22 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 480
date: Thu, 01 Dec 2022 00:42:35 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

suramadu.pta-surabaya.go.id/assets/js/app-script.js

103.163.138.23

200 OK

776 B

URL HTTP/2
suramadu.pta-surabaya.go.id/assets/js/app-script.js
IP
103.163.138.23:0
ASN
#55688 PT. Beon Intermedia

File type
ASCII text
Size
776 B (776 bytes)
Hash
131021291aab3d3c51efea08bfb26bc5
a1e295d89790c1c09631dc68097fda6b1c4bae19
8aca1176445d50cec257b0dfd5ed3229839b6f6d277894aa22a1530bacfc077d

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/js/app-script.js HTTP/1.1
Host: suramadu.pta-surabaya.go.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://suramadu.pta-surabaya.go.id/auth/masuk
Cookie: ci_session=ts0g4jjlgbrjj1gd2b0sifctr5qig2rr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 08 Dec 2022 00:42:35 GMT
content-type: application/javascript
last-modified: Tue, 03 Dec 2019 08:53:54 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 776
date: Thu, 01 Dec 2022 00:42:35 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
980f31229421fd11df958496bea34502
648e03f048e6741beb1d4e10099b1429b79e4f00
887d1a1020b73fa3221c168713525f99474ac02fa10e251b5b23f6c0c519afce

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 00:42:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://suramadu.pta-surabaya.go.id
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:54 GMT
expires: Thu, 30 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 18522
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

suramadu.pta-surabaya.go.id/assets/images/website/config/logo/logo8.png

103.163.138.23

200 OK

129 kB

URL HTTP/2
suramadu.pta-surabaya.go.id/assets/images/website/config/logo/logo8.png
IP
103.163.138.23:0
ASN
#55688 PT. Beon Intermedia

File type
PNG image data, 322 x 405, 8-bit/color RGBA, non-interlaced\012- data
Size
129 kB (128805 bytes)
Hash
ad8fcfc6e57da6dfe3385c61907db25c
ec5e5f7b9c6098462f46730aa1d2271ff738a88e
8da2c684881d65b3404cb97cc0eddb006705e8b37564266db40d57a2196b3d67

HTTP Headers

GET /assets/images/website/config/logo/logo8.png HTTP/1.1
Host: suramadu.pta-surabaya.go.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://suramadu.pta-surabaya.go.id/auth/masuk
Cookie: ci_session=ts0g4jjlgbrjj1gd2b0sifctr5qig2rr
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 08 Dec 2022 00:42:35 GMT
content-type: image/png
last-modified: Mon, 06 Jan 2020 03:02:18 GMT
accept-ranges: bytes
content-length: 128805
date: Thu, 01 Dec 2022 00:42:35 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
608e4d04a251ebcd51660e801f388303
fcb9aa48fd6ed504a1a9fed7990c5ccde63e6a1d
cc1a34cd0a99e301df97cf184ab0ded2e229659f86f43e4eff479dee221695dc

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 00:42:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c95c82f-93f9-4783-a6c2-2c737a51d52c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12655 bytes)
Hash
1039182464db1365a476dd88029b97d8
06b395b4fbad5ad9c9fb6a4fb24c1eee607aa8ac
2e081da1464a18d755a841558f63303634a9e22df888c9c43246565abfc3d48d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c95c82f-93f9-4783-a6c2-2c737a51d52c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 12655
x-amzn-requestid: db51cc10-5e13-4d63-a15b-a1c62b159f7b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbzNfFvloAMFgqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cbef-67ec32d74521865c7f800ac6;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:32:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: mctLVf0ho2G4skGRA0gpSH5HVoAUeH7YOyY1QA4_abODLKqRIX0eTg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 22:09:11 GMT
etag: "06b395b4fbad5ad9c9fb6a4fb24c1eee607aa8ac"
content-type: image/jpeg
age: 9211
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Mukta|Roboto

142.250.74.106

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Mukta|Roboto
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Mukta|Roboto HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://suramadu.pta-surabaya.go.id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 01 Dec 2022 00:42:36 GMT
date: Thu, 01 Dec 2022 00:42:36 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

suramadu.pta-surabaya.go.id/assets/js/sweetalert.min.js

103.163.138.23

200 OK

0 B

URL HTTP/2
suramadu.pta-surabaya.go.id/assets/js/sweetalert.min.js
IP
103.163.138.23:0
ASN
#55688 PT. Beon Intermedia

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/js/sweetalert.min.js HTTP/1.1
Host: suramadu.pta-surabaya.go.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://suramadu.pta-surabaya.go.id/auth/masuk
Cookie: ci_session=ts0g4jjlgbrjj1gd2b0sifctr5qig2rr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 08 Dec 2022 00:42:35 GMT
content-type: application/javascript
last-modified: Mon, 24 Jun 2019 08:11:46 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 5138
date: Thu, 01 Dec 2022 00:42:35 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP