hxxp:///promocashback?utm_source=tiktok&utm_medium=tiktok&utm_campaign=id_inv_acq_lender_cashbackMAY_Mei23&utm_content=video1&lpt=1&show_landingpage=1&ttclid=E[.]C[.]P[.]Cr0BVWtd93dqZjfL4U8sMW5GgsfRUnXseAmMzJCLYCiK77yTGZBS2PFXtD7bXLRO0ABhd9tRGWmPn5XmIPRjO9aDXbYrWfGSHneWN3_vKJqi3Bu6nfRsPwRVMrCEDEeWe5R92a4qdQum705ipfeEpKTY_uXcJ1l7OE4Swu35WZG97JOGOutRooT_Ol6LdMRtGuHrfJaozeAwpq9CN5jWigqahXv13JUmcmChvTwj263f7ZUjOMuhdM29L4pgQL8qEgR2Mi4wGiCRQYmTiRAIwr9yBPEoVzGvrzoEcQ5ZWlv_RP3z9DFXUg&orientation=portra ClientRequestUserAgent[:] Mozilla/5[.]0 (Windows NT 6[.]1; WOW64; rv[:]70[.]0) Gecko/20100101 Firefox/70[.]0 ClientSSLCipher[:] ECDHE-ECDSA-AES128-GCM-SHA256 ClientSSLProtocol[:] TLSv1[.]2 ClientSrcPort[:] 8877 ClientXRequestedWith[:] EdgeColoCode[:] WAW EdgeColoID[:] 73 EdgeEndTimestamp[:] 2023-05-20T11[:]36[:]23Z EdgePathingOp[:] wl EdgePathingSrc[:] macro EdgePathingStatus[:] nr EdgeRateLimitAction[:] EdgeRateLimitID[:] 0 EdgeRequestHost[:] modalku[.]co[.]id EdgeResponseBytes[:] 87076 EdgeResponseCompressionRatio[:] 1 EdgeResponseContentType[:] text/html EdgeResponseStatus[:] 200 EdgeServerIP[:] EdgeStartTimestamp[:] 2023-05-20T11[:]36[:]23Z FirewallMatchesActions[:] [ + ] FirewallMatchesRuleIDs[:] [ + ] FirewallMatchesSources[:] [ + ] OriginIP[:] OriginResponseBytes[:] 0 OriginResponseHTTPExpires[:] OriginResponseHTTPLastModified[:] OriginResponseStatus[:] 0 OriginResponseTime[:] 0 OriginSSLProtocol[:] unknown ParentRayID[:] 00 RayID[:] 7ca4481d78d25049 SecurityLevel[:] high WAFAction[:] unknown WAFFlags[:] 0 WAFMatchedVar[:] WAFProfile[:] unknown WAFRuleID[:] WAFRuleMessage[:] WorkerCPUTime[:] 986 WorkerStatus[:] ok WorkerSubrequest[:] false WorkerSubrequestCount[:] 1 ZoneID[:] 17708350 } Show as raw text WAFAction = unknowndest = modalku[.]co[.]iddest_ip = host = sh-i-00e04df032f3927c8[.]fundingsocieties[.]splunkcloud[.]comsource = s3[://]fs-logs-cloudflare/modalku[.]co[.]id/20230520/20230520T113500Z_20230520T114000Z_c4d83605[.]log[.]gz/modalku[.]co[.]id/20230520/20230520T113500Z_20230520T114000Z_c4d83605[.]logsourcetype = cloudflare[:]jsonsrc_ip = 37[.]225[.]64[.]8url = modalku[.]co[.]id/promocashback?utm_source=tiktok&utm_medium=tiktok&utm_campaign=id_inv_acq_lender_cashbackMAY_Mei23&utm_content=video1&lpt=1&show_landingpage=1&ttclid=E[.]C[.]P[.]Cr0BVWtd93dqZjfL4U8sMW5GgsfRUnXseAmMzJCLYCiK77yTGZBS2PFXtD7bXLRO0ABhd9tRGWmPn5XmIPRjO9aDXbYrWfGSHneWN3_vKJqi3Bu6nfRsPwRVMrCEDEeWe5R92a4qdQum705ipfeEpKTY_uXcJ1l7OE4Swu35WZG97JOGOutRooT_Ol6LdMRtGuHrfJaozeAwpq9CN5jWigqahXv13JUmcmChvTwj263f7ZUjOMuhdM29L4pgQL8qEgR2Mi4wGiCRQYmTiRAIwr9yBPEoVzGvrzoEcQ5ZWlv_RP3z9DFXUg&orientation=portra 5/20/23 7[:]36[:]23[.]000 PM { - CacheCacheStatus[:] dynamic CacheResponseBytes[:] 88354 CacheResponseStatus[:] 200 CacheTieredFill[:] false ClientASN[:] 5617 ClientCountry[:] pl ClientDeviceType[:] desktop ClientIP[:] 37[.]225[.]64[.]8 ClientIPClass[:] noRecord ClientRequestBytes[:] 4364 ClientRequestHost[:] modalku[.]co[.]id ClientRequestMethod[:] GET ClientRequestPath[:] /promocashback ClientRequestProtocol[:] HTTP/1[.]1 ClientRequestReferer[:] ClientRequestURI[:] /promocashback?utm_source=tiktok&utm_medium=tiktok&utm_campaign=id_inv_acq_lender_cashbackMAY_Mei23&utm_content=video1&lpt=1&show_landingpage=1&ttclid=E[.]C[.]P[.]Cr0BVWtd93dqZjfL4U8sMW5GgsfRUnXseAmMzJCLYCiK77yTGZBS2PFXtD7bXLRO0ABhd9tRGWmPn5XmIPRjO9aDXbYrWfGSHneWN3_vKJqi3Bu6nfRsPwRVMrCEDEeWe5R92a4qdQum705ipfeEpKTY_uXcJ1l7OE4Swu35WZG97JOGOutRooT_Ol6LdMRtGuHrfJaozeAwpq9CN5jWigqahXv13JUmcmChvTwj263f7ZUjOMuhdM29L4pgQL8qEgR2Mi4wGiCRQYmTiRAIwr9yBPEoVzGvrzoEcQ5ZWlv_RP3z9DFXUg&orientation=portra ClientRequestUserAgent[:] Mozilla/5[.]0 (Windows NT 6[.]1; WOW64; rv[:]70[.]0) Gecko/20100101 Firefox/70[.]0 ClientSSLCipher[:] NONE ClientSSLProtocol[:] none ClientSrcPort[:] 0 ClientXRequestedWith[:] EdgeColoCode[:] WAW EdgeColoID[:] 73 EdgeEndTimestamp[:] 2023-05-20T11[:]36[:]23Z EdgePathingOp[:] wl EdgePathingSrc[:] macro EdgePathingStatus[:] nr EdgeRateLimitAction[:] EdgeRateLimitID[:] 0 EdgeRequestHost[:] modalku[.]co[.]id EdgeResponseBytes[:] 87093 EdgeResponseCompressionRatio[:] 1 EdgeResponseContentType[:] text/html EdgeResponseStatus[:] 200 EdgeServerIP[:] 172[.]68[.]138[.]187 EdgeStartTimestamp[:] 2023-05-20T11[:]36[:]23Z FirewallMatchesActions[:] [ + ] FirewallMatchesRuleIDs[:] [ + ] FirewallMatchesSources[:] [ + ] OriginIP[:] 52[.]222[.]214[.]15 OriginResponseBytes[:] 0 OriginResponseHTTPExpires[:] OriginResponseHTTPLastModified[:] Fri, 19 May 2023 09[:]02[:]20 UTC OriginResponseStatus[:] 200 OriginResponseTime[:] 77000000 OriginSSLProtocol[:] TLSv1[.]3 ParentRayID[:] 7ca4481d78d25049 RayID[:] 7ca4481d87dd5049 SecurityLevel[:] off WAFAction[:] unknown WAFFlags[:] 0 WAFMatchedVar[:] WAFProfile[:] unknown WAFRuleID[:] WAFRuleMessage[:] WorkerCPUTime[:] 0 WorkerStatus[:] unknown WorkerSubrequest[:] true WorkerSubrequestCount[:] 0 ZoneID[:] 17708350 } Show as raw text WAFAction = unknowndest = modalku[.]co[.]iddest_ip = 52[.]222[.]214[.]15host = sh-i-00e04df032f3927c8[.]fundingsocieties[.]splunkcloud[.]comsource = s3[://]fs-logs-cloudflare/modalku[.]co[.]id/20230520/20230520T113500Z_20230520T114000Z_c4d83605[.]log[.]gz/modalku[.]co[.]id/20230520/20230520T113500Z_20230520T114000Z_c4d83605[.]logsourcetype = cloudflare[:]jsonsrc_ip = 37[.]225[.]64[.]8url = modalku[.]co[.]id/promocashback?utm_source=tiktok&utm_medium=tiktok&utm_campaign=id_inv_acq_lender_cashbackMAY_Mei23&utm_content=video1&lpt=1&show_landingpage=1&ttclid=E[.]C[.]P[.]Cr0BVWtd93dqZjfL4U8sMW5GgsfRUnXseAmMzJCLYCiK77yTGZBS2PFXtD7bXLRO0ABhd9tRGWmPn5XmIPRjO9aDXbYrWfGSHneWN3_vKJqi3Bu6nfRsPwRVMrCEDEeWe5R92a4qdQum705ipfeEpKTY_uXcJ1l7OE4Swu35WZG97JOGOutRooT_Ol6LdMRtGuHrfJaozeAwpq9CN5jWigqahXv13JUmcmChvTwj263f7ZUjOMuhdM29L4pgQL8qEgR2Mi4wGiCRQYmTiRAIwr9yBPEoVzGvrzoEcQ5ZWlv_RP3z9DFXUg&orientation=portra

Sharing

Copy URL

Twitter E-mail

General

Target

http:///promocashback?utm_source=tiktok&utm_medium=tiktok&utm_campaign=id_inv_acq_lender_cashbackMAY_Mei23&utm_content=video1&lpt=1&show_landingpage=1&ttclid=E.C.P.Cr0BVWtd93dqZjfL4U8sMW5GgsfRUnXseAmMzJCLYCiK77yTGZBS2PFXtD7bXLRO0ABhd9tRGWmPn5XmIPRjO9aDXbYrWfGSHneWN3_vKJqi3Bu6nfRsPwRVMrCEDEeWe5R92a4qdQum705ipfeEpKTY_uXcJ1l7OE4Swu35WZG97JOGOutRooT_Ol6LdMRtGuHrfJaozeAwpq9CN5jWigqahXv13JUmcmChvTwj263f7ZUjOMuhdM29L4pgQL8qEgR2Mi4wGiCRQYmTiRAIwr9yBPEoVzGvrzoEcQ5ZWlv_RP3z9DFXUg&orientation=portra ClientRequestUserAgent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:70.0) Gecko/20100101 Firefox/70.0 ClientSSLCipher: ECDHE-ECDSA-AES128-GCM-SHA256 ClientSSLProtocol: TLSv1.2 ClientSrcPort: 8877 ClientXRequestedWith: EdgeColoCode: WAW EdgeColoID: 73 EdgeEndTimestamp: 2023-05-20T11:36:23Z EdgePathingOp: wl EdgePathingSrc: macro EdgePathingStatus: nr EdgeRateLimitAction: EdgeRateLimitID: 0 EdgeRequestHost: modalku.co.id EdgeResponseBytes: 87076 EdgeResponseCompressionRatio: 1 EdgeResponseContentType: text/html EdgeResponseStatus: 200 EdgeServerIP: EdgeStartTimestamp: 2023-05-20T11:36:23Z FirewallMatchesActions: [ + ] FirewallMatchesRuleIDs: [ + ] FirewallMatchesSources: [ + ] OriginIP: OriginResponseBytes: 0 OriginResponseHTTPExpires: OriginResponseHTTPLastModified: OriginResponseStatus: 0 OriginResponseTime: 0 OriginSSLProtocol: unknown ParentRayID: 00 RayID: 7ca4481d78d25049 SecurityLevel: high WAFAction: unknown WAFFlags: 0 WAFMatchedVar: WAFProfile: unknown WAFRuleID: WAFRuleMessage: WorkerCPUTime: 986 WorkerStatus: ok WorkerSubrequest: false WorkerSubrequestCount: 1 ZoneID: 17708350 } Show as raw text WAFAction = unknowndest = modalku.co.iddest_ip = host = sh-i-00e04df032f3927c8.fundingsocieties.splunkcloud.comsource = s3://fs-logs-cloudflare/modalku.co.id/20230520/20230520T113500Z_20230520T114000Z_c4d83605.log.gz/modalku.co.id/20230520/20230520T113500Z_20230520T114000Z_c4d83605.logsourcetype = cloudflare:jsonsrc_ip = 37.225.64.8url = modalku.co.id/promocashback?utm_source=tiktok&utm_medium=tiktok&utm_campaign=id_inv_acq_lender_cashbackMAY_Mei23&utm_content=video1&lpt=1&show_landingpage=1&ttclid=E.C.P.Cr0BVWtd93dqZjfL4U8sMW5GgsfRUnXseAmMzJCLYCiK77yTGZBS2PFXtD7bXLRO0ABhd9tRGWmPn5XmIPRjO9aDXbYrWfGSHneWN3_vKJqi3Bu6nfRsPwRVMrCEDEeWe5R92a4qdQum705ipfeEpKTY_uXcJ1l7OE4Swu35WZG97JOGOutRooT_Ol6LdMRtGuHrfJaozeAwpq9CN5jWigqahXv13JUmcmChvTwj263f7ZUjOMuhdM29L4pgQL8qEgR2Mi4wGiCRQYmTiRAIwr9yBPEoVzGvrzoEcQ5ZWlv_RP3z9DFXUg&orientation=portra 5/20/23 7:36:23.000 PM { - CacheCacheStatus: dynamic CacheResponseBytes: 88354 CacheResponseStatus: 200 CacheTieredFill: false ClientASN: 5617 ClientCountry: pl ClientDeviceType: desktop ClientIP: 37.225.64.8 ClientIPClass: noRecord ClientRequestBytes: 4364 ClientRequestHost: modalku.co.id ClientRequestMethod: GET ClientRequestPath: /promocashback ClientRequestProtocol: HTTP/1.1 ClientRequestReferer: ClientRequestURI: /promocashback?utm_source=tiktok&utm_medium=tiktok&utm_campaign=id_inv_acq_lender_cashbackMAY_Mei23&utm_content=video1&lpt=1&show_landingpage=1&ttclid=E.C.P.Cr0BVWtd93dqZjfL4U8sMW5GgsfRUnXseAmMzJCLYCiK77yTGZBS2PFXtD7bXLRO0ABhd9tRGWmPn5XmIPRjO9aDXbYrWfGSHneWN3_vKJqi3Bu6nfRsPwRVMrCEDEeWe5R92a4qdQum705ipfeEpKTY_uXcJ1l7OE4Swu35WZG97JOGOutRooT_Ol6LdMRtGuHrfJaozeAwpq9CN5jWigqahXv13JUmcmChvTwj263f7ZUjOMuhdM29L4pgQL8qEgR2Mi4wGiCRQYmTiRAIwr9yBPEoVzGvrzoEcQ5ZWlv_RP3z9DFXUg&orientation=portra ClientRequestUserAgent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:70.0) Gecko/20100101 Firefox/70.0 ClientSSLCipher: NONE ClientSSLProtocol: none ClientSrcPort: 0 ClientXRequestedWith: EdgeColoCode: WAW EdgeColoID: 73 EdgeEndTimestamp: 2023-05-20T11:36:23Z EdgePathingOp: wl EdgePathingSrc: macro EdgePathingStatus: nr EdgeRateLimitAction: EdgeRateLimitID: 0 EdgeRequestHost: modalku.co.id EdgeResponseBytes: 87093 EdgeResponseCompressionRatio: 1 EdgeResponseContentType: text/html EdgeResponseStatus: 200 EdgeServerIP: 172.68.138.187 EdgeStartTimestamp: 2023-05-20T11:36:23Z FirewallMatchesActions: [ + ] FirewallMatchesRuleIDs: [ + ] FirewallMatchesSources: [ + ] OriginIP: 52.222.214.15 OriginResponseBytes: 0 OriginResponseHTTPExpires: OriginResponseHTTPLastModified: Fri, 19 May 2023 09:02:20 UTC OriginResponseStatus: 200 OriginResponseTime: 77000000 OriginSSLProtocol: TLSv1.3 ParentRayID: 7ca4481d78d25049 RayID: 7ca4481d87dd5049 SecurityLevel: off WAFAction: unknown WAFFlags: 0 WAFMatchedVar: WAFProfile: unknown WAFRuleID: WAFRuleMessage: WorkerCPUTime: 0 WorkerStatus: unknown WorkerSubrequest: true WorkerSubrequestCount: 0 ZoneID: 17708350 } Show as raw text WAFAction = unknowndest = modalku.co.iddest_ip = 52.222.214.15host = sh-i-00e04df032f3927c8.fundingsocieties.splunkcloud.comsource = s3://fs-logs-cloudflare/modalku.co.id/20230520/20230520T113500Z_20230520T114000Z_c4d83605.log.gz/modalku.co.id/20230520/20230520T113500Z_20230520T114000Z_c4d83605.logsourcetype = cloudflare:jsonsrc_ip = 37.225.64.8url = modalku.co.id/promocashback?utm_source=tiktok&utm_medium=tiktok&utm_campaign=id_inv_acq_lender_cashbackMAY_Mei23&utm_content=video1&lpt=1&show_landingpage=1&ttclid=E.C.P.Cr0BVWtd93dqZjfL4U8sMW5GgsfRUnXseAmMzJCLYCiK77yTGZBS2PFXtD7bXLRO0ABhd9tRGWmPn5XmIPRjO9aDXbYrWfGSHneWN3_vKJqi3Bu6nfRsPwRVMrCEDEeWe5R92a4qdQum705ipfeEpKTY_uXcJ1l7OE4Swu35WZG97JOGOutRooT_Ol6LdMRtGuHrfJaozeAwpq9CN5jWigqahXv13JUmcmChvTwj263f7ZUjOMuhdM29L4pgQL8qEgR2Mi4wGiCRQYmTiRAIwr9yBPEoVzGvrzoEcQ5ZWlv_RP3z9DFXUg&orientation=portra

Sharing

General

Malware Config

Signatures

Files