Report - gesit.io/A8T9rw?clickid=815617648938192896

Report Overview

Submitted URL
gesit.io/A8T9rw?clickid=815617648938192896
IP
172.67.178.14
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-18 08:46:31
Access
public
Website Title
COLOKSGP > Daftar Situs Togel Online Singapura Terpercaya
Final URL
128.199.186.40/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
sgp1.digitaloceanspaces.com	227353	2017-02-23	2018-02-14	2024-05-15	992 B	530 kB	103.253.144.208
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-18	552 B	25 kB	216.58.207.227
128.199.186.40	unknown	unknown	No data	No data	469 B	3.2 kB	128.199.186.40
cdn.ampproject.org	329	2015-08-31	2015-10-09	2024-05-17	879 B	79 kB	216.58.207.193
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-16	445 B	25 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-18	medium	128.199.186.40	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	cdn.ampproject.org/v0.js	285 kB	2024-05-15	2024-05-23
Pretty URL cdn.ampproject.org/v0.js IP 216.58.207.193 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-15 12:41:02 Last Seen2024-05-23 15:16:04 Times Seen174 Hash 37a0c3c4a1d4168fbb7e2495c2936cbb 07249e0f03da3cb12349087a40b793936fb01772 eea4072c2b7cb902ddb1dd07434f09fd105555039538d3546b36d3dcdfbc47f1 Loading...

	cdn.ampproject.org/rtv/012405022220000/v0/amp-auto-lightbox-0.1.js	7.8 kB	2024-05-15	2024-05-23
Pretty URL cdn.ampproject.org/rtv/012405022220000/v0/amp-auto-lightbox-0.1.js IP 216.58.207.193 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-15 12:41:02 Last Seen2024-05-23 12:19:39 Times Seen162 Hash bc2fe8ccf99dded31457631a59c8fa44 f384710ecb1a0274cd289eb70e0ba8581766c02f f1f25edc30e6b376bf4f8b518e99fc81885771cb393babd3978f62324a87f389 Loading...

HTTP Transactions (7)

URL IP Response Size

128.199.186.40/

128.199.186.40

200 OK

2.9 kB

URL User Request GET HTTP/2
128.199.186.40/
IP
128.199.186.40:443
ASN
#14061 DIGITALOCEAN-ASN

Certificate
IssuerZeroSSL
Subject128.199.186.40
FingerprintC4:8C:22:7C:CE:5D:E1:CA:E5:27:B4:B0:A9:A0:6A:D0:50:37:19:BD
ValiditySun, 21 Apr 2024 00:00:00 GMT - Sat, 20 Jul 2024 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text
Size
2.9 kB (2914 bytes)
Hash
8d6e687334186b2da621cf1bb33363f3
616dd52190a5a398ddfda93ad9e58fd4f00d7728
4bdab043d11bbbae52f9f69ea6b02dd8ce16a9d182361466824aa70bcc87194a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 128.199.186.40
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 18 May 2024 08:46:07 GMT
content-type: text/html; charset=UTF-8
content-length: 2914
cache-control: max-age=0, s-maxage=2592000
expires: Sat, 18 May 2024 05:06:43 GMT
vary: Accept-Encoding
content-encoding: gzip
age: 13164
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.ampproject.org/v0.js

216.58.207.193

73 kB

URL
cdn.ampproject.org/v0.js
IP
216.58.207.193:0
ASN
#15169 GOOGLE

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64654)
Size
73 kB (73067 bytes)
Hash
37a0c3c4a1d4168fbb7e2495c2936cbb
07249e0f03da3cb12349087a40b793936fb01772
eea4072c2b7cb902ddb1dd07434f09fd105555039538d3546b36d3dcdfbc47f1

HTTP Headers

GET /v0.js HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://128.199.186.40/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 73067
date: Sat, 18 May 2024 08:46:08 GMT
expires: Sat, 18 May 2024 08:46:08 GMT
cache-control: private, max-age=3000, stale-while-revalidate=1206600
etag: "0b3c227fb75e3151"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Karla:400,700&display=swap

142.250.74.106

25 kB

URL
fonts.googleapis.com/css?family=Karla:400,700&display=swap
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression
Size
25 kB (24773 bytes)
Hash
6b4ead520b9fc299c221d5354f6438f8
f9707b698a90a87ca370efbab03328a898396fe9
da5cb81657f378dddc9741f88373db125815947754c489091ffba746788fbccc

HTTP Headers

GET /css?family=Karla:400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://128.199.186.40/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 18 May 2024 08:46:07 GMT
date: Sat, 18 May 2024 08:46:07 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.ampproject.org/rtv/012405022220000/v0/amp-auto-lightbox-0.1.js

216.58.207.193

200 OK

3.0 kB

URL GET HTTP/3
cdn.ampproject.org/rtv/012405022220000/v0/amp-auto-lightbox-0.1.js
IP
216.58.207.193:443
ASN
#15169 GOOGLE

Requested by
https://128.199.186.40/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint81:C6:B2:1A:A6:AA:D7:F4:8B:85:58:AC:53:AE:6C:8D:68:78:C9:EA
ValidityMon, 06 May 2024 13:47:43 GMT - Mon, 29 Jul 2024 13:47:42 GMT

File type
JavaScript source, ASCII text, with very long lines (7690)
Size
3.0 kB (2975 bytes)
Hash
bc2fe8ccf99dded31457631a59c8fa44
f384710ecb1a0274cd289eb70e0ba8581766c02f
f1f25edc30e6b376bf4f8b518e99fc81885771cb393babd3978f62324a87f389

HTTP Headers

GET /rtv/012405022220000/v0/amp-auto-lightbox-0.1.js HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://128.199.186.40
DNT: 1
Connection: keep-alive
Referer: https://128.199.186.40/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 2975
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 16 May 2024 08:32:33 GMT
expires: Fri, 16 May 2025 08:32:33 GMT
cache-control: public, max-age=31536000
etag: "96b1871d1c29947c"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 173615
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

sgp1.digitaloceanspaces.com/colokimage/COLOK%20FIX%202/APK/logo%20apk%20colok%20180x180.png

103.253.144.208

200 OK

35 kB

URL GET HTTP/2
sgp1.digitaloceanspaces.com/colokimage/COLOK%20FIX%202/APK/logo%20apk%20colok%20180x180.png
IP
103.253.144.208:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://128.199.186.40/
Certificate
IssuerDigiCert Inc
Subject*.sgp1.digitaloceanspaces.com
FingerprintA8:92:F3:D1:4B:84:DB:36:4C:05:F4:43:5A:A4:13:0B:34:0E:47:00
ValidityFri, 01 Dec 2023 00:00:00 GMT - Tue, 17 Dec 2024 23:59:59 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Size
35 kB (35215 bytes)
Hash
fd8969d56c7b7b2e1ba2502089829482
156b242224f4faf589c67b66333c7a9358c97b14
5e5b8a5e516e2b4a057413a6013984f50d72d0b11b35dfe78c168db68e3d64c0

HTTP Headers

GET /colokimage/COLOK%20FIX%202/APK/logo%20apk%20colok%20180x180.png HTTP/1.1
Host: sgp1.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://128.199.186.40/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 35215
accept-ranges: bytes
last-modified: Wed, 13 Dec 2023 10:15:24 GMT
x-rgw-object-type: Normal
etag: "fd8969d56c7b7b2e1ba2502089829482"
x-amz-request-id: tx00000f4cfe5b026a5421f-0066486ad1-3bfb9463-sgp1b
content-type: image/png
date: Sat, 18 May 2024 08:46:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-envoy-upstream-healthchecked-cluster: 
X-Firefox-Spdy: h2

sgp1.digitaloceanspaces.com/colokimage/COLOK%20FIX%202/SLIDER/40%20slider%20new%20bonus%20%26%20event%20colok.png

103.253.144.208

200 OK

493 kB

URL GET HTTP/2
sgp1.digitaloceanspaces.com/colokimage/COLOK%20FIX%202/SLIDER/40%20slider%20new%20bonus%20%26%20event%20colok.png
IP
103.253.144.208:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://128.199.186.40/
Certificate
IssuerDigiCert Inc
Subject*.sgp1.digitaloceanspaces.com
FingerprintA8:92:F3:D1:4B:84:DB:36:4C:05:F4:43:5A:A4:13:0B:34:0E:47:00
ValidityFri, 01 Dec 2023 00:00:00 GMT - Tue, 17 Dec 2024 23:59:59 GMT

File type
PNG image data, 840 x 473, 8-bit/color RGBA, non-interlaced
Size
493 kB (493277 bytes)
Hash
be406d21948e53d010543bf85ad59127
8a806f50c2b968ad02bb6daa237a09863ee48257
94a860dd28977ea0e93789b16ab32e5a1a04af2a2f8bca1c50486516199eef27

HTTP Headers

GET /colokimage/COLOK%20FIX%202/SLIDER/40%20slider%20new%20bonus%20%26%20event%20colok.png HTTP/1.1
Host: sgp1.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://128.199.186.40/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 493277
accept-ranges: bytes
last-modified: Wed, 13 Dec 2023 03:37:27 GMT
x-rgw-object-type: Normal
etag: "be406d21948e53d010543bf85ad59127"
x-amz-request-id: tx000007bd5ac4522ed23db-0066486ad1-3bfb881c-sgp1b
content-type: image/png
date: Sat, 18 May 2024 08:46:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-envoy-upstream-healthchecked-cluster: 
X-Firefox-Spdy: h2

fonts.gstatic.com/s/karla/v31/qkB9XvYC6trAT55ZBi1ueQVIjQTD-JrIH2G7nytkHRyQ8p4wUje6bg.woff2

216.58.207.227

200 OK

24 kB

URL GET HTTP/2
fonts.gstatic.com/s/karla/v31/qkB9XvYC6trAT55ZBi1ueQVIjQTD-JrIH2G7nytkHRyQ8p4wUje6bg.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://128.199.186.40/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE4:8A:04:4E:A9:40:14:A5:25:38:29:DB:90:36:5A:67:AE:85:31:6C
ValidityMon, 06 May 2024 14:43:26 GMT - Mon, 29 Jul 2024 14:43:25 GMT

File type
Web Open Font Format (Version 2), TrueType, length 24364, version 1.0
Size
24 kB (24364 bytes)
Hash
45abad169c69f55755dc7a3fa6d1964a
64f447983934a2db9bbb25ebc788c2f686343597
ef71f07257bf7ab1ff3b76ac3c0fa25b8686bbb26c5617c570c7528e337e48d0

HTTP Headers

GET /s/karla/v31/qkB9XvYC6trAT55ZBi1ueQVIjQTD-JrIH2G7nytkHRyQ8p4wUje6bg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://128.199.186.40
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 24364
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 16 May 2024 08:33:07 GMT
expires: Fri, 16 May 2025 08:33:07 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Sep 2023 15:41:12 GMT
content-type: font/woff2
age: 173581
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (7)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size