kuotagratis.barux2022.my.id Open in urlscan Pro
51.142.95.55 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://kuotagratis.barux2022.my.id/
Submission: On April 10 via automatic, source phishtank (April 10th 2022, 8:13:50 am UTC) — Scanned from GB

Summary HTTP 24 Redirects Behaviour Indicators

Summary

This website contacted 13 IPs in 6 countries across 11 domains to perform 24 HTTP transactions. The main IP is 51.142.95.55, located in London, United Kingdom and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is kuotagratis.barux2022.my.id.

This is the only time kuotagratis.barux2022.my.id was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Gaming (Entertainment)

Domain & IP information

	IP Address	AS Autonomous System
1	51.142.95.55 51.142.95.55	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a06:98c1:312... 2a06:98c1:3121::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 4	2606:4700::68... 2606:4700::6810:7baf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:5914	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	118.98.229.148 118.98.229.148	18051 (JARDIKNAS...) (JARDIKNAS-AS-AP Pustekkom)
6	118.98.221.14 118.98.221.14	18051 (JARDIKNAS...) (JARDIKNAS-AS-AP Pustekkom)
1	103.31.135.171 103.31.135.171	131749 (MEDIAINDO...) (MEDIAINDOCYBER-AS-ID PT. Arthatama Adhiprima Persada)
1	107.161.50.42 107.161.50.42	395092 (SHOCK-1) (SHOCK-1)
1	118.98.227.101 118.98.227.101	18051 (JARDIKNAS...) (JARDIKNAS-AS-AP Pustekkom)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:3b	20446 (STACKPATH...) (STACKPATH-CDN)
3	2a00:1450:400... 2a00:1450:4001:803::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
1	129.226.2.89 129.226.2.89	132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building)
24	13

1 51.142.95.55 (London, United Kingdom)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

kuotagratis.barux2022.my.id	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3121::7 (United States)

ASN13335 (CLOUDFLARENET, US)

rawcdn.githack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:7baf (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5914 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 118.98.229.148 (Jakarta, Indonesia)

ASN18051 (JARDIKNAS-AS-AP Pustekkom, ID)
PTR: 229.148.cpt.kemdikbud.go.id

puslitjakdikbud.kemdikbud.go.id	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 118.98.221.14 (Indonesia)

ASN18051 (JARDIKNAS-AS-AP Pustekkom, ID)
PTR: 221.14.cpt.kemdikbud.go.id

kuota-belajar.kemdikbud.go.id	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.31.135.171 (Bekasi, Indonesia)

ASN131749 (MEDIAINDOCYBER-AS-ID PT. Arthatama Adhiprima Persada, ID)
PTR: cpanel.havjet.com

topsonia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 107.161.50.42 (United States)

ASN395092 (SHOCK-1, US)

i.im.ge	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 118.98.227.101 (Jakarta, Indonesia)

ASN18051 (JARDIKNAS-AS-AP Pustekkom, ID)
PTR: 227.101.cpt.kemdikbud.go.id

www.kemdikbud.go.id	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:3b (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 129.226.2.89 (Singapore, Singapore)

ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)

na.apps.amsoveasea.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	kemdikbud.go.id puslitjakdikbud.kemdikbud.go.id kuota-belajar.kemdikbud.go.id www.kemdikbud.go.id — Cisco Umbrella Rank: 972450	5 MB
4	unpkg.com 2 redirects unpkg.com — Cisco Umbrella Rank: 897	43 KB
3	gstatic.com fonts.gstatic.com	39 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 46	2 KB
2	githack.com rawcdn.githack.com — Cisco Umbrella Rank: 76445	25 KB
1	amsoveasea.com na.apps.amsoveasea.com — Cisco Umbrella Rank: 130812	179 B
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 647	30 KB
1	im.ge i.im.ge — Cisco Umbrella Rank: 648951	28 KB
1	topsonia.com topsonia.com	207 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 436	26 KB
1	barux2022.my.id kuotagratis.barux2022.my.id	20 KB
24	11

	Domain	Requested by
6	kuota-belajar.kemdikbud.go.id	kuotagratis.barux2022.my.id
4	unpkg.com	2 redirects kuotagratis.barux2022.my.id
3	fonts.gstatic.com	fonts.googleapis.com
3	fonts.googleapis.com	rawcdn.githack.com
2	rawcdn.githack.com	kuotagratis.barux2022.my.id
1	na.apps.amsoveasea.com	code.jquery.com
1	code.jquery.com	kuotagratis.barux2022.my.id
1	www.kemdikbud.go.id	kuotagratis.barux2022.my.id
1	i.im.ge	kuotagratis.barux2022.my.id
1	topsonia.com	kuotagratis.barux2022.my.id
1	puslitjakdikbud.kemdikbud.go.id	kuotagratis.barux2022.my.id
1	cdn.jsdelivr.net	kuotagratis.barux2022.my.id
1	kuotagratis.barux2022.my.id
24	13

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-10` - `2022-07-09`	a year	crt.sh
*.kemdikbud.go.id DigiCert SHA2 Secure Server CA	`2021-03-31` - `2022-04-05`	a year	crt.sh
kuota-belajar.kemdikbud.go.id cPanel, Inc. Certification Authority	`2022-02-13` - `2022-05-14`	3 months	crt.sh
topsonia.com cPanel, Inc. Certification Authority	`2022-03-14` - `2022-06-12`	3 months	crt.sh
i.im.ge Sectigo RSA Domain Validation Secure Server CA	`2021-09-25` - `2022-09-25`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
na.apps.amsoveasea.com TrustAsia TLS RSA CA	`2021-05-31` - `2022-05-30`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://kuotagratis.barux2022.my.id/
Frame ID: AE27C33257B2C204EB0542FDF2D2C305
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Bantuan Kuota Data Internet 2022 - Kemendikbud

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

24
Requests

83 %
HTTPS

46 %
IPv6

11
Domains

13
Subdomains

13
IPs

6
Countries

5229 kB
Transfer

5473 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://unpkg.com/swiper@7/swiper-bundle.min.css HTTP 302
https://unpkg.com/swiper@7.4.1/swiper-bundle.min.css

Request Chain 3

https://unpkg.com/swiper@7/swiper-bundle.min.js HTTP 302
https://unpkg.com/swiper@7.4.1/swiper-bundle.min.js

24 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
kuotagratis.barux2022.my.id/ 20 KB
20 KB 123ms
57ms Document
text/html 51.142.95.55
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: http://kuotagratis.barux2022.my.id/
Protocol: HTTP/1.1
Server: 51.142.95.55 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache /
Resource Hash: 4711dd3c0f3e1dacff15d62a78847e3704b1bcc76b936ce5ea78a62f1fb9fbbf

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Length: 20071
Content-Type: text/html
Date: Sun, 10 Apr 2022 08:13:39 GMT
Keep-Alive: timeout=5, max=100
Last-Modified: Sun, 06 Feb 2022 09:04:54 GMT
Server: Apache

GET
H2 200 kuota.css
rawcdn.githack.com/rndytech/assets/a44d809db389994cee22fc9c62d2fe3824179544/ 12 KB
3 KB 146ms
51ms Stylesheet
text/css 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://rawcdn.githack.com/rndytech/assets/a44d809db389994cee22fc9c62d2fe3824179544/kuota.css

Requested by

Host: kuotagratis.barux2022.my.id
URL: http://kuotagratis.barux2022.my.id/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a3d162844ac424f7af492d35ae30818bce073d4b586c502128b9d12a2d0edba

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: http://kuotagratis.barux2022.my.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-fastly-request-id: 5d3e46fe2d47b68f50b7872016c7de924a9e0ef5
date: Sun, 10 Apr 2022 08:13:40 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 123
source-age: 0
x-cache: MISS
expires: Sun, 09 Apr 2023 23:38:49 GMT
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-hel1410034-HEL
x-robots-tag: none
server: cloudflare
x-github-request-id: 166C:721E:19CD9FA:1ADFF2F:62503937
x-timer: S1649424696.530165,VS0,VE198
etag: W/"32eaf214d8f8bde2199ff9d6ecbd670db4ab8311b73c6cbd803be3623a684c3f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Authorization,Accept-Encoding,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hp0ymJzV5rX2PVH9Wyj3Pnxjj3MknApbPg0AoyjSRVhHweqY2cEDCk7XbsesThSSEXG87QFeQa0J1VIWagMuRcoyENuQhTSB8z2qVbwVwK0o1AvFkK%2Br8Td0%2FW479BjRuN9WF5%2FUWkXo%2BXD5jsakRiE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
x-githack-cache-status: STALE
cache-control: max-age=31536000, public, immutable
cf-ray: 6f9a06466b2775a5-LHR
x-cache-hits: 0

GET
H2

200

swiper-bundle.min.css
unpkg.com/swiper@7.4.1/
Redirect Chain

https://unpkg.com/swiper@7/swiper-bundle.min.css
https://unpkg.com/swiper@7.4.1/swiper-bundle.min.css

15 KB
5 KB

52ms
52ms

Stylesheet
text/css

2606:4700::6810:7baf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/swiper@7.4.1/swiper-bundle.min.css

Requested by

Host: kuotagratis.barux2022.my.id
URL: http://kuotagratis.barux2022.my.id/

Protocol

Server

2606:4700::6810:7baf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b4c36bd623e62bea63b81dabb7ce6f9e3ae05c5d22f11d2c3a5802ced3c9c499

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: http://kuotagratis.barux2022.my.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sun, 10 Apr 2022 08:13:40 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 9233118
fly-request-id: 01FQP35XD4Q36HX6NYSJZ5BFEC
content-encoding: br
vary: Accept-Encoding
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"3ccb-5Koe10fACH1gYqRziowpfORPwas"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 6f9a0646cf6c745b-LHR

Redirect headers

date: Sun, 10 Apr 2022 08:13:40 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
fly-request-id: 01G098AWQ9H7KA2AYJZWPJN7FD-lhr
server: cloudflare
age: 243
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
location: /swiper@7.4.1/swiper-bundle.min.css
cache-control: public, s-maxage=600, max-age=60
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6f9a06466f09745b-LHR
access-control-allow-origin: *

GET
H2 200 jquery.js Show response
cdn.jsdelivr.net/gh/jsdelivr-cdn/jquery/ 63 KB
26 KB 235ms
141ms Script
application/javascript 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/jsdelivr-cdn/jquery/jquery.js

Requested by

Host: kuotagratis.barux2022.my.id
URL: http://kuotagratis.barux2022.my.id/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c40903435e5592b1acc9d6b4566ca0fdc2543a18797e9bf7b016e8e1ef1af251

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: http://kuotagratis.barux2022.my.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sun, 10 Apr 2022 08:13:40 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-jsd-version: master
x-cache: MISS, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19124-FRA, cache-iad-kiad7000152-IAD
timing-allow-origin: *
x-jsd-version-type: branch
server: cloudflare
etag: W/"fbcc-YTxZ7m7TdaY1tdZninfb+zFJAMw"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=00tyiZ8yhomCRRjQunh7h6Xmno6BX97tyR3rhAnPh25J%2BI3e6XIWOqk5itebx81iG24m0Bh23pukdhcuOkkQ5gpFT6umRPLrRz%2BID1BRzNTeQuU4pjOZFfJlXcNoYNsXUKQWo7xzkIbjtBHKvsY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=604800, s-maxage=43200
cf-ray: 6f9a06466c0c76c9-LHR
access-control-expose-headers: *

GET
H2

200

swiper-bundle.min.js Show response
unpkg.com/swiper@7.4.1/
Redirect Chain

https://unpkg.com/swiper@7/swiper-bundle.min.js
https://unpkg.com/swiper@7.4.1/swiper-bundle.min.js

133 KB
38 KB

55ms
55ms

Script
application/javascript

2606:4700::6810:7baf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/swiper@7.4.1/swiper-bundle.min.js

Requested by

Host: kuotagratis.barux2022.my.id
URL: http://kuotagratis.barux2022.my.id/

Protocol

Server

2606:4700::6810:7baf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8954ae9654aea5d46a68bc5d91c063a3896a0d8a5927822049e4e06a4252b4a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: http://kuotagratis.barux2022.my.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sun, 10 Apr 2022 08:13:40 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 9233006
fly-request-id: 01FQP39AQN1C74E7DVSPQ7DH5N
content-encoding: br
vary: Accept-Encoding
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"212e8-+9I9CUbhY1/BprAUcnI5oGYQ/d0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 6f9a0646cf6b745b-LHR

Redirect headers

date: Sun, 10 Apr 2022 08:13:40 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
fly-request-id: 01G0980YE49H3J1RQGB3QVP7QY-lhr
server: cloudflare
age: 569
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
location: /swiper@7.4.1/swiper-bundle.min.js
cache-control: public, s-maxage=600, max-age=60
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6f9a06466f0b745b-LHR
access-control-allow-origin: *

GET
H/1.1 200
OK loading.gif
puslitjakdikbud.kemdikbud.go.id/assets_front/images/ 137 KB
137 KB 1291ms
245ms Image
image/gif 118.98.229.148
JARDIKNAS-AS-AP P...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://puslitjakdikbud.kemdikbud.go.id/assets_front/images/loading.gif
Requested by: Host: kuotagratis.barux2022.my.id
URL: http://kuotagratis.barux2022.my.id/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 118.98.229.148 Jakarta, Indonesia, ASN18051 (JARDIKNAS-AS-AP Pustekkom, ID),
Reverse DNS: 229.148.cpt.kemdikbud.go.id
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: 6b5345ff2738cf9fef7130f578c743295a3b48e23a475ecd4afc44aad586cf8f

Request headers

accept-language: en-GB,en;q=0.9
Referer: http://kuotagratis.barux2022.my.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Sun, 10 Apr 2022 08:13:41 GMT
Last-Modified: Tue, 07 Apr 2020 02:49:05 GMT
Server: Apache/2.4.29 (Ubuntu)
ETag: "22411-5a2aa6d460a40"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 140305

GET
H/1.1 200
OK logo-kemdikbud-ori.png
kuota-belajar.kemdikbud.go.id/ 71 KB
72 KB 1758ms
437ms Image
image/png 118.98.221.14
JARDIKNAS-AS-AP P...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kuota-belajar.kemdikbud.go.id/logo-kemdikbud-ori.png
Requested by: Host: kuotagratis.barux2022.my.id
URL: http://kuotagratis.barux2022.my.id/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 118.98.221.14 , Indonesia, ASN18051 (JARDIKNAS-AS-AP Pustekkom, ID),
Reverse DNS: 221.14.cpt.kemdikbud.go.id
Software: Apache /
Resource Hash: 240cac09e954fbf88954e8777b54041e1fb0677541e56a4efa17730b03f8e201

Request headers

accept-language: en-GB,en;q=0.9
Referer: http://kuotagratis.barux2022.my.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Sun, 10 Apr 2022 08:13:40 GMT
Last-Modified: Wed, 30 Sep 2020 09:36:09 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 72993

GET
H/1.1 200
OK banner%20periode%202%20-1.jpg
kuota-belajar.kemdikbud.go.id/ 2 MB
2 MB 1757ms
436ms Image
image/jpeg 118.98.221.14
JARDIKNAS-AS-AP P...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kuota-belajar.kemdikbud.go.id/banner%20periode%202%20-1.jpg
Requested by: Host: kuotagratis.barux2022.my.id
URL: http://kuotagratis.barux2022.my.id/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 118.98.221.14 , Indonesia, ASN18051 (JARDIKNAS-AS-AP Pustekkom, ID),
Reverse DNS: 221.14.cpt.kemdikbud.go.id
Software: Apache /
Resource Hash: a251cf441d31034b97db0ef83e7bfcb9ab854c3d40ed46c97ab1730185b0f01a

Request headers

accept-language: en-GB,en;q=0.9
Referer: http://kuotagratis.barux2022.my.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Sun, 10 Apr 2022 08:13:40 GMT
Last-Modified: Mon, 02 Aug 2021 06:40:48 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1627407

GET
H/1.1 200
OK Kuota%20Belajar-Baner%202_RRR.png
kuota-belajar.kemdikbud.go.id/ 464 KB
465 KB 1809ms
458ms Image
image/png 118.98.221.14
JARDIKNAS-AS-AP P...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kuota-belajar.kemdikbud.go.id/Kuota%20Belajar-Baner%202_RRR.png
Requested by: Host: kuotagratis.barux2022.my.id
URL: http://kuotagratis.barux2022.my.id/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 118.98.221.14 , Indonesia, ASN18051 (JARDIKNAS-AS-AP Pustekkom, ID),
Reverse DNS: 221.14.cpt.kemdikbud.go.id
Software: Apache /
Resource Hash: d46c2ff429fdc2c84f1b914bb69f3b98f96ab4f4d8d061fe9d2dc74cab8f7ee0

Request headers

accept-language: en-GB,en;q=0.9
Referer: http://kuotagratis.barux2022.my.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Sun, 10 Apr 2022 08:13:40 GMT
Last-Modified: Tue, 03 Aug 2021 16:06:48 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 475459

GET
H/1.1 200
OK Banner%20periode%202-2%20rev.png
kuota-belajar.kemdikbud.go.id/ 889 KB
889 KB 1845ms
473ms Image
image/png 118.98.221.14
JARDIKNAS-AS-AP P...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kuota-belajar.kemdikbud.go.id/Banner%20periode%202-2%20rev.png
Requested by: Host: kuotagratis.barux2022.my.id
URL: http://kuotagratis.barux2022.my.id/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 118.98.221.14 , Indonesia, ASN18051 (JARDIKNAS-AS-AP Pustekkom, ID),
Reverse DNS: 221.14.cpt.kemdikbud.go.id
Software: Apache /
Resource Hash: 9a19b2488d8657db5e0ca1cc4946b2f73da0f5213a810829e75288fe82c43266

Request headers

accept-language: en-GB,en;q=0.9
Referer: http://kuotagratis.barux2022.my.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Sun, 10 Apr 2022 08:13:40 GMT
Last-Modified: Mon, 30 Aug 2021 10:46:51 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 910538

GET
H/1.1 200
OK banner%20periode%202%20-3.jpg
kuota-belajar.kemdikbud.go.id/ 893 KB
893 KB 1880ms
486ms Image
image/jpeg 118.98.221.14
JARDIKNAS-AS-AP P...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kuota-belajar.kemdikbud.go.id/banner%20periode%202%20-3.jpg
Requested by: Host: kuotagratis.barux2022.my.id
URL: http://kuotagratis.barux2022.my.id/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 118.98.221.14 , Indonesia, ASN18051 (JARDIKNAS-AS-AP Pustekkom, ID),
Reverse DNS: 221.14.cpt.kemdikbud.go.id
Software: Apache /
Resource Hash: 7658bd6bbd2a17a9af379dc008df7954e1933f8eb7bfb2f3dd4b2175d3233582

Request headers

accept-language: en-GB,en;q=0.9
Referer: http://kuotagratis.barux2022.my.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Sun, 10 Apr 2022 08:13:40 GMT
Last-Modified: Tue, 03 Aug 2021 15:59:25 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 914013

GET
H/1.1 200
OK Kuota%20Belajar-Baner%205_RRR.png
kuota-belajar.kemdikbud.go.id/ 574 KB
574 KB 1896ms
491ms Image
image/png 118.98.221.14
JARDIKNAS-AS-AP P...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kuota-belajar.kemdikbud.go.id/Kuota%20Belajar-Baner%205_RRR.png
Requested by: Host: kuotagratis.barux2022.my.id
URL: http://kuotagratis.barux2022.my.id/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 118.98.221.14 , Indonesia, ASN18051 (JARDIKNAS-AS-AP Pustekkom, ID),
Reverse DNS: 221.14.cpt.kemdikbud.go.id
Software: Apache /
Resource Hash: d30e12c2857fe96cec572ad2629bccadf2a82b1baf8a2eb8dcd2541390b85728

Request headers

accept-language: en-GB,en;q=0.9
Referer: http://kuotagratis.barux2022.my.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Sun, 10 Apr 2022 08:13:40 GMT
Last-Modified: Tue, 03 Aug 2021 16:06:48 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 587302

GET
H/1.1 200
OK success%20transparent.gif
topsonia.com/asset/gif/ 207 KB
207 KB 3904ms
222ms Image
image/gif 103.31.135.171
MEDIAINDOCYBER-AS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://topsonia.com/asset/gif/success%20transparent.gif?x=1631022947
Requested by: Host: kuotagratis.barux2022.my.id
URL: http://kuotagratis.barux2022.my.id/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 103.31.135.171 Bekasi, Indonesia, ASN131749 (MEDIAINDOCYBER-AS-ID PT. Arthatama Adhiprima Persada, ID),
Reverse DNS: cpanel.havjet.com
Software: Apache /
Resource Hash: cd8e017992b79b58d4f41fb1355f05d2099f2ddfe8128dcd46f733aba030fcb1

Request headers

accept-language: en-GB,en;q=0.9
Referer: http://kuotagratis.barux2022.my.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Sun, 10 Apr 2022 08:13:44 GMT
Last-Modified: Tue, 30 Mar 2021 04:47:36 GMT
Server: Apache
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 211513

GET
H2 200 Tw3QNy.png
i.im.ge/2021/09/15/ 28 KB
28 KB 390ms
112ms Image
image/png 107.161.50.42
SHOCK-1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.im.ge/2021/09/15/Tw3QNy.png

Requested by

Host: kuotagratis.barux2022.my.id
URL: http://kuotagratis.barux2022.my.id/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

107.161.50.42 , United States, ASN395092 (SHOCK-1, US),

Reverse DNS

Software

nginx /

Resource Hash

092a3cd5f86b3f039feefdeb86694cd16ae545af214cfda614bdbbe2d1bde401

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000, max-age=31536000

Request headers

accept-language: en-GB,en;q=0.9
Referer: http://kuotagratis.barux2022.my.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sun, 10 Apr 2022 08:13:40 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/png
cache-control: max-age=31536000
strict-transport-security: max-age=31536000, max-age=31536000
expires: Mon, 10 Apr 2023 08:13:40 GMT

GET
H/1.1 200
OK 83790f2b43f00be
www.kemdikbud.go.id/main/files/large/ 189 KB
190 KB 2116ms
770ms Image
image/png 118.98.227.101
JARDIKNAS-AS-AP P...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.kemdikbud.go.id/main/files/large/83790f2b43f00be
Requested by: Host: kuotagratis.barux2022.my.id
URL: http://kuotagratis.barux2022.my.id/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 118.98.227.101 Jakarta, Indonesia, ASN18051 (JARDIKNAS-AS-AP Pustekkom, ID),
Reverse DNS: 227.101.cpt.kemdikbud.go.id
Software: Apache /
Resource Hash: bd7ecf5a220f23a27808ce946071e557c86238f9ae62e091bd7ebde76e2a888a

Request headers

accept-language: en-GB,en;q=0.9
Referer: http://kuotagratis.barux2022.my.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: public
Date: Sun, 10 Apr 2022 08:13:40 GMT
Last-Modified: Thu, 09 Jan 2020 10:32:44 GMT
Server: Apache
Transfer-Encoding: chunked
Content-Type: image/png
Cache-Control: public
Expires: Sun, 10 Apr 2022 09:13:41 GMT

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 199ms
52ms Script
application/javascript 2001:4de0:ac18::1:a:3b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: kuotagratis.barux2022.my.id
URL: http://kuotagratis.barux2022.my.id/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

accept-language: en-GB,en;q=0.9
Referer: http://kuotagratis.barux2022.my.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sun, 10 Apr 2022 08:13:40 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-15d9d"
vary: Accept-Encoding
x-hw: 1649578420.dop111.am5.t,1649578420.cds305.am5.hn,1649578420.cds007.am5.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30875

GET
H2 200 kuota.js Show response
rawcdn.githack.com/43836292/428362939/c075081bd068e37d6bc89cbfb13dec3d68b708e4/ 58 KB
22 KB 53ms
52ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://rawcdn.githack.com/43836292/428362939/c075081bd068e37d6bc89cbfb13dec3d68b708e4/kuota.js

Requested by

Host: kuotagratis.barux2022.my.id
URL: http://kuotagratis.barux2022.my.id/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a95f0c9055ebeddb471a2e76f82e0a56077a5c87623d749109e4e90792eff6d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: http://kuotagratis.barux2022.my.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-fastly-request-id: 6c26914f0dc0ab87111b62f0492b557d7f0d973f
date: Sun, 10 Apr 2022 08:13:40 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 123
source-age: 0
x-cache: MISS
expires: Sun, 09 Apr 2023 23:38:54 GMT
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-hel1410034-HEL
x-robots-tag: none
server: cloudflare
x-github-request-id: 9544:13D0A:103728B:10DC6FB:62503938
x-timer: S1649424697.726731,VS0,VE219
etag: W/"f73b68fd6b1fe995d344db4a51acaf2aa86d53d97a20c17e53b05670f38c2633"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Authorization,Accept-Encoding,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gnggkMcvgrjLLNcyY2P%2BU23DKdgKK6eCasxIx65sg21WC9h%2Bp6cdwaHvF4bul9U6tuw2femRF86FdRoEcoJ68nXVbGsoFYJtOTHml0j%2BjcU9EkYAktZdyz86W4tUYGDN%2Fuy5F44qO%2BSyeB9%2FuscoerE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-githack-cache-status: STALE
cache-control: max-age=31536000, public, immutable
cf-ray: 6f9a0647fcfb75a5-LHR
x-cache-hits: 0

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
1 KB 182ms
63ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Play&display=swap

Requested by

Host: rawcdn.githack.com
URL: https://rawcdn.githack.com/rndytech/assets/a44d809db389994cee22fc9c62d2fe3824179544/kuota.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

eb55b2c525f01b77ad16108f31c5f1c9391fa78898464fb3cde0e3ddd7af5e1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://rawcdn.githack.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 10 Apr 2022 06:47:11 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sun, 10 Apr 2022 08:13:40 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 10 Apr 2022 08:13:40 GMT

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
621 B 184ms
65ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Exo&family=Secular+One&display=swap

Requested by

Host: rawcdn.githack.com
URL: https://rawcdn.githack.com/rndytech/assets/a44d809db389994cee22fc9c62d2fe3824179544/kuota.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

08dac51f73650a910bbfd05d3af45c760e8e3dd0de94d4a22e2be5665555a42c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://rawcdn.githack.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 10 Apr 2022 08:13:40 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sun, 10 Apr 2022 08:13:40 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 10 Apr 2022 08:13:40 GMT

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
622 B 191ms
73ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto&display=swap

Requested by

Host: rawcdn.githack.com
URL: https://rawcdn.githack.com/rndytech/assets/a44d809db389994cee22fc9c62d2fe3824179544/kuota.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8c4967c13572e41e718dfbb3d84dddeacc748aa14cb2d65ad91ecdde60f50664

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://rawcdn.githack.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 10 Apr 2022 07:42:52 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sun, 10 Apr 2022 08:13:40 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 10 Apr 2022 08:13:40 GMT

GET
H2 200 6aez4K2oVqwIvtU2Hw.woff2
fonts.gstatic.com/s/play/v16/ 17 KB
17 KB 172ms
55ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/play/v16/6aez4K2oVqwIvtU2Hw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Play&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6cdceb438e41ee07d58b7214785e14651205d8cc4b158a9a3ab988515f66c1cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: http://kuotagratis.barux2022.my.id
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 19:45:43 GMT
x-content-type-options: nosniff
age: 304077
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17164
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:12:21 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 06 Apr 2023 19:45:43 GMT

GET
H2 200 8QINdiTajsj_87rMuMdKyqDiOOg.woff2
fonts.gstatic.com/s/secularone/v10/ 11 KB
11 KB 189ms
74ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/secularone/v10/8QINdiTajsj_87rMuMdKyqDiOOg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Exo&family=Secular+One&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

46989820a9b0643099415ba7b00bd0e2e48ba06142c0b5ab3035818c2b303e0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: http://kuotagratis.barux2022.my.id
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 00:46:21 GMT
x-content-type-options: nosniff
age: 372439
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11256
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 22:03:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 06 Apr 2023 00:46:21 GMT

GET
H2 200 4UaZrEtFpBI4f1ZSIK9d4LjJ4lM3OwRmOw.woff2
fonts.gstatic.com/s/exo/v18/ 11 KB
11 KB 230ms
115ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/exo/v18/4UaZrEtFpBI4f1ZSIK9d4LjJ4lM3OwRmOw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Exo&family=Secular+One&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97f06d0b35800d508f677b54fd49cd4ab415e799a5b80a3ab0c4c258d8c17748

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: http://kuotagratis.barux2022.my.id
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 19:45:45 GMT
x-content-type-options: nosniff
age: 217675
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11056
x-xss-protection: 0
last-modified: Thu, 03 Feb 2022 00:36:34 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 07 Apr 2023 19:45:45 GMT

GET
H2 200 / Show response
na.apps.amsoveasea.com/swoole/ 37 B
179 B 869ms
287ms XHR
text/html 129.226.2.89
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to

Full URL: https://na.apps.amsoveasea.com/swoole/?actid=2020&r=index/getCountry&_only_service_response_=1
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.0.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 129.226.2.89 Singapore, Singapore, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 924b95ec9a65611a3da976461d12dc54d19b2016393d4b1223727a8129097ff2

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: http://kuotagratis.barux2022.my.id/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 10 Apr 2022 08:13:41 GMT
content-encoding: gzip
server: nginx/1.20.1
content-length: 56
content-type: text/html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Gaming (Entertainment)

33 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
i.im.ge
kuota-belajar.kemdikbud.go.id
kuotagratis.barux2022.my.id
na.apps.amsoveasea.com
puslitjakdikbud.kemdikbud.go.id
rawcdn.githack.com
topsonia.com
unpkg.com
www.kemdikbud.go.id
103.31.135.171
107.161.50.42
118.98.221.14
118.98.227.101
118.98.229.148
129.226.2.89
2001:4de0:ac18::1:a:3b
2606:4700::6810:5914
2606:4700::6810:7baf
2a00:1450:4001:803::200a
2a00:1450:4001:82a::2003
2a06:98c1:3121::7
51.142.95.55
08dac51f73650a910bbfd05d3af45c760e8e3dd0de94d4a22e2be5665555a42c
092a3cd5f86b3f039feefdeb86694cd16ae545af214cfda614bdbbe2d1bde401
0a3d162844ac424f7af492d35ae30818bce073d4b586c502128b9d12a2d0edba
240cac09e954fbf88954e8777b54041e1fb0677541e56a4efa17730b03f8e201
46989820a9b0643099415ba7b00bd0e2e48ba06142c0b5ab3035818c2b303e0f
4711dd3c0f3e1dacff15d62a78847e3704b1bcc76b936ce5ea78a62f1fb9fbbf
6b5345ff2738cf9fef7130f578c743295a3b48e23a475ecd4afc44aad586cf8f
6cdceb438e41ee07d58b7214785e14651205d8cc4b158a9a3ab988515f66c1cc
7658bd6bbd2a17a9af379dc008df7954e1933f8eb7bfb2f3dd4b2175d3233582
8954ae9654aea5d46a68bc5d91c063a3896a0d8a5927822049e4e06a4252b4a6
8c4967c13572e41e718dfbb3d84dddeacc748aa14cb2d65ad91ecdde60f50664
924b95ec9a65611a3da976461d12dc54d19b2016393d4b1223727a8129097ff2
97f06d0b35800d508f677b54fd49cd4ab415e799a5b80a3ab0c4c258d8c17748
9a19b2488d8657db5e0ca1cc4946b2f73da0f5213a810829e75288fe82c43266
a251cf441d31034b97db0ef83e7bfcb9ab854c3d40ed46c97ab1730185b0f01a
a95f0c9055ebeddb471a2e76f82e0a56077a5c87623d749109e4e90792eff6d2
b4c36bd623e62bea63b81dabb7ce6f9e3ae05c5d22f11d2c3a5802ced3c9c499
bd7ecf5a220f23a27808ce946071e557c86238f9ae62e091bd7ebde76e2a888a
c40903435e5592b1acc9d6b4566ca0fdc2543a18797e9bf7b016e8e1ef1af251
cd8e017992b79b58d4f41fb1355f05d2099f2ddfe8128dcd46f733aba030fcb1
d30e12c2857fe96cec572ad2629bccadf2a82b1baf8a2eb8dcd2541390b85728
d46c2ff429fdc2c84f1b914bb69f3b98f96ab4f4d8d061fe9d2dc74cab8f7ee0
eb55b2c525f01b77ad16108f31c5f1c9391fa78898464fb3cde0e3ddd7af5e1d
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

kuotagratis.barux2022.my.id Open in urlscan Pro 51.142.95.55 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

24 Requests

83 %HTTPS

46 %IPv6

11 Domains

13 Subdomains

13 IPs

6 Countries

5229 kBTransfer

5473 kBSize

0 Cookies

0 Outgoing links

Redirected requests

24 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

33 JavaScript Global Variables

0 Cookies

Indicators

kuotagratis.barux2022.my.id Open in urlscan Pro
51.142.95.55 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

24
Requests

83 %
HTTPS

46 %
IPv6

11
Domains

13
Subdomains

13
IPs

6
Countries

5229 kB
Transfer

5473 kB
Size

0
Cookies

24 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!