Report - 170.210.52.199/

Report Overview

Submitted URL
170.210.52.199/
IP
170.210.52.199
ASN
#263186 Universidad Nacional de General Sarmiento
Submitted
2024-05-10 22:51:19
Access
public
Website Title
170.210.52.199/login?redir=%2Fng
Final URL
170.210.52.199/login?redir=%2Fng
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
28

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
170.210.52.199	unknown	unknown	No data	No data	6.8 kB	482 kB	170.210.52.199

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-05-10 22:50:54	medium	170.210.52.199	Client IP	ET 3CORESec Poor Reputation IP group 4
2024-05-10 22:50:54	medium	170.210.52.199	Client IP	ET 3CORESec Poor Reputation IP group 4

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	170.210.52.199	Sinkholed
2024-05-10	medium	170.210.52.199	Sinkholed
2024-05-10	medium	170.210.52.199	Sinkholed
2024-05-10	medium	170.210.52.199	Sinkholed
2024-05-10	medium	170.210.52.199	Sinkholed
2024-05-10	medium	170.210.52.199	Sinkholed
2024-05-10	medium	170.210.52.199	Sinkholed
2024-05-10	medium	170.210.52.199	Sinkholed
2024-05-10	medium	170.210.52.199	Sinkholed
2024-05-10	medium	170.210.52.199	Sinkholed
2024-05-10	medium	170.210.52.199	Sinkholed
2024-05-10	medium	170.210.52.199	Sinkholed
2024-05-10	medium	170.210.52.199	Sinkholed
2024-05-10	medium	170.210.52.199	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	170.210.52.199/login?redir=%2Fng	0 B	2023-03-07	2024-06-04
Pretty URL 170.210.52.199/login?redir=%2Fng IP 170.210.52.199 ASN #263186 Universidad Nacional de General Sarmiento Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-06-04 11:18:52 Times Seen38941396 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	170.210.52.199/login?redir=%2Fng	0 B	2023-03-07	2024-06-04
Pretty URL 170.210.52.199/login?redir=%2Fng IP 170.210.52.199 ASN #263186 Universidad Nacional de General Sarmiento Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-06-04 11:18:52 Times Seen38941396 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	170.210.52.199/login?redir=%2Fng	0 B	2023-03-07	2024-06-04
Pretty URL 170.210.52.199/login?redir=%2Fng IP 170.210.52.199 ASN #263186 Universidad Nacional de General Sarmiento Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-06-04 11:18:52 Times Seen38941396 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	170.210.52.199/407e654613459af18e0d82f8c7d3ec7f/js/login.js	12 kB	2023-03-13	2024-06-02
Pretty URL 170.210.52.199/407e654613459af18e0d82f8c7d3ec7f/js/login.js IP 170.210.52.199 ASN #263186 Universidad Nacional de General Sarmiento Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:33:18 Last Seen2024-06-02 23:06:02 Times Seen11 Hash 21d494772fe87b3288d99b072c8e03a6 5113fd8275c042073d74cd63aa4e8ba2f4a5d128 4f66b45e0ad808f90f6c60ee6d63a82e7f707123bee71d5005807a15f22da255 Loading...

HTTP Transactions (14)

URL IP Response Size

170.210.52.199/

170.210.52.199

211 B

URL
170.210.52.199/
IP
170.210.52.199:0
ASN
#263186 Universidad Nacional de General Sarmiento

File type
HTML document, ASCII text
Size
211 B (211 bytes)
Hash
54caac2eac70b0b2d9afbe8ffde8b2a7
1bc9d3be95cb1d07dd6476f4598202eac832dad3
daa5165904535920e25aef41ec2622768f10d04d444ffb3e1e4a234c88658534

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 170.210.52.199
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Fri, 10 May 2024 22:50:54 GMT
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Location: https://170.210.52.199:443/
Content-Length: 211
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

170.210.52.199/

170.210.52.199

209 B

URL
170.210.52.199/
IP
170.210.52.199:0
ASN
#263186 Universidad Nacional de General Sarmiento

File type
HTML document, ASCII text
Size
209 B (209 bytes)
Hash
b208f5880f5a41a3e12ff7f3eee37b72
aa1e8f0e46dade496b9109d7fbe1c0b4d6637563
fabafff1492d7b7e0a4278fc1b706ac08db18e93fbc8a82ef6a7775e50b74835

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 170.210.52.199
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Fri, 10 May 2024 22:50:57 GMT
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000
Location: https://170.210.52.199/ng
Content-Length: 209
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

170.210.52.199/ng

170.210.52.199

1.2 kB

URL
170.210.52.199/ng
IP
170.210.52.199:0
ASN
#263186 Universidad Nacional de General Sarmiento

File type
HTML document, ASCII text
Size
1.2 kB (1206 bytes)
Hash
ad8d454f3754d45a284302b56d941401
5b09cc05e052d5cf06186984b3650439c2d792be
61fd3191acffc86d9a8d930447ce938f975b51690d12a671d19c686595a4fa43

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ng HTTP/1.1
Host: 170.210.52.199
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 22:50:57 GMT
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000
Vary: Accept-encoding
Cache-Control: no-cache
Last-Modified: Wed, 25 Aug 2021 22:00:27 GMT
Accept-Ranges: bytes
Content-Length: 1206
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html
Content-Encoding: gzip

170.210.52.199/407e654613459af18e0d82f8c7d3ec7f/ng/ng.bundle.js

170.210.52.199

123 B

URL
170.210.52.199/407e654613459af18e0d82f8c7d3ec7f/ng/ng.bundle.js
IP
170.210.52.199:0
ASN
#263186 Universidad Nacional de General Sarmiento

File type
HTML document, ASCII text, with no line terminators
Size
123 B (123 bytes)
Hash
54c8f699322a7eca202a9f16f96728a0
28af5c7cb40f0c9b32aaad47fe73dbb21b1c37d9
748aff55ce918b0ecefe33dc4e951392177c0254e800f06a6836f5a82dc8586e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /407e654613459af18e0d82f8c7d3ec7f/ng/ng.bundle.js HTTP/1.1
Host: 170.210.52.199
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://170.210.52.199/ng
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 401 Unauthorized
Date: Fri, 10 May 2024 22:50:57 GMT
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000
Content-Length: 123
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive

170.210.52.199/logout?redir=%2Fng

170.210.52.199

76 B

URL
170.210.52.199/logout?redir=%2Fng
IP
170.210.52.199:0
ASN
#263186 Universidad Nacional de General Sarmiento

File type
HTML document, ASCII text
Size
76 B (76 bytes)
Hash
941b6f2a3f248c40b8fabb6fa87530eb
917e45ab69acb71a126c01cec85241df31b6a7a1
8f4c598d30a387a23539cb31d559ef1ac61e4a10380570c4f5e470d3614be8e7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logout?redir=%2Fng HTTP/1.1
Host: 170.210.52.199
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://170.210.52.199/ng
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 22:50:58 GMT
Set-Cookie: APSCOOKIE_10827317591082779165="0%260"; path=/; expires=Thu, 23-May-1974 22:50:58 GMT; secure; SameSite=Strict
VDOM_10827317591082779165="0%260"; path=/; expires=Thu, 23-May-1974 22:50:58 GMT; secure; SameSite=Strict
CENTRAL_MGMT_OVERRIDE_10827317591082779165="0%260"; path=/; expires=Thu, 23-May-1974 22:50:58 GMT; secure; SameSite=Strict
EDIT_HISTORY_10827317591082779165="0%260"; path=/; expires=Thu, 23-May-1974 22:50:58 GMT; secure; SameSite=Strict
FILE_DOWNLOADING_10827317591082779165="0%260"; path=/; expires=Thu, 23-May-1974 22:50:58 GMT; secure; SameSite=Strict
ccsrftoken_10827317591082779165="0%260"; path=/; expires=Thu, 23-May-1974 22:50:58 GMT; secure; SameSite=Strict
ccsrftoken="0%260"; path=/; expires=Thu, 23-May-1974 22:50:58 GMT; secure; SameSite=Strict
session_key_10827317591082779165="0%260"; path=/; expires=Thu, 23-May-1974 22:50:58 GMT; secure; SameSite=Strict
AUTOSCALE_CONFIG_REC_OVERRIDE_10827317591082779165="0%260"; path=/; expires=Thu, 23-May-1974 22:50:58 GMT; secure; SameSite=Strict
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000
Content-Length: 76
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html

170.210.52.199/login?redir=%2Fng

170.210.52.199

200 OK

2.6 kB

URL User Request GET HTTP/1.1
170.210.52.199/login?redir=%2Fng
IP
170.210.52.199:443
ASN
#263186 Universidad Nacional de General Sarmiento

Certificate
IssuerFortinet Ltd.
SubjectFortiGate
FingerprintB6:79:F1:5F:49:86:14:E7:3D:B0:59:12:CB:85:93:EA:10:BB:9B:B9
ValidityMon, 22 Jan 2024 15:29:03 GMT - Sun, 26 Apr 2026 15:29:03 GMT

File type
HTML document, ASCII text
Size
2.6 kB (2635 bytes)
Hash
59f08f6b4df03ed22906542ced08085f
0f68af6205215acc3ba91c85e321c7e55185cbb9
f2b1b1c28f6de71380fdf5e5f9b66f91713c79076ff29305cb546a0cfac7a10c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login?redir=%2Fng HTTP/1.1
Host: 170.210.52.199
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://170.210.52.199/logout?redir=%2Fng
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 22:50:58 GMT
Set-Cookie: APSCOOKIE_10827317591082779165="0%260"; path=/; expires=Thu, 23-May-1974 22:50:58 GMT; secure; SameSite=Strict
VDOM_10827317591082779165="0%260"; path=/; expires=Thu, 23-May-1974 22:50:58 GMT; secure; SameSite=Strict
CENTRAL_MGMT_OVERRIDE_10827317591082779165="0%260"; path=/; expires=Thu, 23-May-1974 22:50:58 GMT; secure; SameSite=Strict
EDIT_HISTORY_10827317591082779165="0%260"; path=/; expires=Thu, 23-May-1974 22:50:58 GMT; secure; SameSite=Strict
FILE_DOWNLOADING_10827317591082779165="0%260"; path=/; expires=Thu, 23-May-1974 22:50:58 GMT; secure; SameSite=Strict
ccsrftoken_10827317591082779165="0%260"; path=/; expires=Thu, 23-May-1974 22:50:58 GMT; secure; SameSite=Strict
ccsrftoken="0%260"; path=/; expires=Thu, 23-May-1974 22:50:58 GMT; secure; SameSite=Strict
session_key_10827317591082779165="0%260"; path=/; expires=Thu, 23-May-1974 22:50:58 GMT; secure; SameSite=Strict
AUTOSCALE_CONFIG_REC_OVERRIDE_10827317591082779165="0%260"; path=/; expires=Thu, 23-May-1974 22:50:58 GMT; secure; SameSite=Strict
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000
Content-Length: 2635
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html

170.210.52.199/407e654613459af18e0d82f8c7d3ec7f/js/login.js

170.210.52.199

200 OK

3.6 kB

URL GET HTTP/1.1
170.210.52.199/407e654613459af18e0d82f8c7d3ec7f/js/login.js
IP
170.210.52.199:443
ASN
#263186 Universidad Nacional de General Sarmiento

Requested by
https://170.210.52.199/login?redir=%2Fng
Certificate
IssuerFortinet Ltd.
SubjectFortiGate
FingerprintB6:79:F1:5F:49:86:14:E7:3D:B0:59:12:CB:85:93:EA:10:BB:9B:B9
ValidityMon, 22 Jan 2024 15:29:03 GMT - Sun, 26 Apr 2026 15:29:03 GMT

File type
JavaScript source, ASCII text
Size
3.6 kB (3597 bytes)
Hash
21d494772fe87b3288d99b072c8e03a6
5113fd8275c042073d74cd63aa4e8ba2f4a5d128
4f66b45e0ad808f90f6c60ee6d63a82e7f707123bee71d5005807a15f22da255

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /407e654613459af18e0d82f8c7d3ec7f/js/login.js HTTP/1.1
Host: 170.210.52.199
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://170.210.52.199/login?redir=%2Fng
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 22:50:59 GMT
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000
Vary: Accept-encoding
Cache-Control: max-age=31536000, immutable
Last-Modified: Wed, 25 Aug 2021 22:00:27 GMT
Accept-Ranges: bytes
Content-Length: 3597
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
Content-Encoding: gzip

170.210.52.199/407e654613459af18e0d82f8c7d3ec7f/css/main-green.css

170.210.52.199

200 OK

88 kB

URL GET HTTP/1.1
170.210.52.199/407e654613459af18e0d82f8c7d3ec7f/css/main-green.css
IP
170.210.52.199:443
ASN
#263186 Universidad Nacional de General Sarmiento

Requested by
https://170.210.52.199/login?redir=%2Fng
Certificate
IssuerFortinet Ltd.
SubjectFortiGate
FingerprintB6:79:F1:5F:49:86:14:E7:3D:B0:59:12:CB:85:93:EA:10:BB:9B:B9
ValidityMon, 22 Jan 2024 15:29:03 GMT - Sun, 26 Apr 2026 15:29:03 GMT

File type
Unicode text, UTF-8 text, with very long lines (65530), with no line terminators
Size
88 kB (88347 bytes)
Hash
c07ba9d3e190aa9ca019456786b41d91
2e558ffcda19835dcfda3dc845ebee6d2a418238
ed366af443ea2ae885f5670d95150b172e43c1486aea0194983fa5e76ba07408

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /407e654613459af18e0d82f8c7d3ec7f/css/main-green.css HTTP/1.1
Host: 170.210.52.199
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://170.210.52.199/login?redir=%2Fng
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 22:50:58 GMT
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000
Vary: Accept-encoding
Cache-Control: max-age=31536000, immutable
Last-Modified: Wed, 25 Aug 2021 22:00:27 GMT
Accept-Ranges: bytes
Content-Length: 88347
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/css
Content-Encoding: gzip

170.210.52.199/407e654613459af18e0d82f8c7d3ec7f/lang/en.json

170.210.52.199

200 OK

236 kB

URL GET HTTP/1.1
170.210.52.199/407e654613459af18e0d82f8c7d3ec7f/lang/en.json
IP
170.210.52.199:443
ASN
#263186 Universidad Nacional de General Sarmiento

Requested by
https://170.210.52.199/login?redir=%2Fng
Certificate
IssuerFortinet Ltd.
SubjectFortiGate
FingerprintB6:79:F1:5F:49:86:14:E7:3D:B0:59:12:CB:85:93:EA:10:BB:9B:B9
ValidityMon, 22 Jan 2024 15:29:03 GMT - Sun, 26 Apr 2026 15:29:03 GMT

File type
JSON text data
Size
236 kB (235677 bytes)
Hash
aff3180ae0eb8abd00e4bfe5c1fda27e
2e1a08bc9bf58e8c618ecaea633cb6aa175c7447
f279f76a5be2b505a2c65e73acbd47ace8cd3411a6a632563f2323cde1ef21ed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /407e654613459af18e0d82f8c7d3ec7f/lang/en.json HTTP/1.1
Host: 170.210.52.199
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://170.210.52.199/login?redir=%2Fng
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 22:51:00 GMT
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000
Vary: Accept-encoding
Cache-Control: max-age=31536000, immutable
Last-Modified: Wed, 25 Aug 2021 22:00:27 GMT
Accept-Ranges: bytes
Content-Length: 235677
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/json
Content-Encoding: gzip

170.210.52.199/407e654613459af18e0d82f8c7d3ec7f/fonts/lato-regular.woff2

170.210.52.199

200 OK

28 kB

URL GET HTTP/1.1
170.210.52.199/407e654613459af18e0d82f8c7d3ec7f/fonts/lato-regular.woff2
IP
170.210.52.199:443
ASN
#263186 Universidad Nacional de General Sarmiento

Requested by
https://170.210.52.199/login?redir=%2Fng
Certificate
IssuerFortinet Ltd.
SubjectFortiGate
FingerprintB6:79:F1:5F:49:86:14:E7:3D:B0:59:12:CB:85:93:EA:10:BB:9B:B9
ValidityMon, 22 Jan 2024 15:29:03 GMT - Sun, 26 Apr 2026 15:29:03 GMT

File type
Web Open Font Format (Version 2), TrueType, length 27892, version 1.6816
Size
28 kB (27892 bytes)
Hash
f7ff2a6ff8699952646b5592de084dfa
a63534a9fe94054bcfa4e96457871452ad9ab44d
2ee055921e5460e768980da0e441063d23f4320ea15e232a4f77ffcbe5b4f74f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /407e654613459af18e0d82f8c7d3ec7f/fonts/lato-regular.woff2 HTTP/1.1
Host: 170.210.52.199
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://170.210.52.199/407e654613459af18e0d82f8c7d3ec7f/css/main-green.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 22:51:01 GMT
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000
Cache-Control: max-age=31536000, immutable
Last-Modified: Wed, 25 Aug 2021 22:00:27 GMT
Accept-Ranges: bytes
Content-Length: 27892
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: font/woff2

170.210.52.199/407e654613459af18e0d82f8c7d3ec7f/fonts/lato-regular.woff2

170.210.52.199

200 OK

28 kB

URL GET HTTP/1.1
170.210.52.199/407e654613459af18e0d82f8c7d3ec7f/fonts/lato-regular.woff2
IP
170.210.52.199:443
ASN
#263186 Universidad Nacional de General Sarmiento

Requested by
https://170.210.52.199/login?redir=%2Fng
Certificate
IssuerFortinet Ltd.
SubjectFortiGate
FingerprintB6:79:F1:5F:49:86:14:E7:3D:B0:59:12:CB:85:93:EA:10:BB:9B:B9
ValidityMon, 22 Jan 2024 15:29:03 GMT - Sun, 26 Apr 2026 15:29:03 GMT

File type
Web Open Font Format (Version 2), TrueType, length 27892, version 1.6816
Size
28 kB (27892 bytes)
Hash
f7ff2a6ff8699952646b5592de084dfa
a63534a9fe94054bcfa4e96457871452ad9ab44d
2ee055921e5460e768980da0e441063d23f4320ea15e232a4f77ffcbe5b4f74f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /407e654613459af18e0d82f8c7d3ec7f/fonts/lato-regular.woff2 HTTP/1.1
Host: 170.210.52.199
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://170.210.52.199/407e654613459af18e0d82f8c7d3ec7f/css/main-green.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 22:51:01 GMT
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000
Cache-Control: max-age=31536000, immutable
Last-Modified: Wed, 25 Aug 2021 22:00:27 GMT
Accept-Ranges: bytes
Content-Length: 27892
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: font/woff2

170.210.52.199/407e654613459af18e0d82f8c7d3ec7f/fonts/ftnt-icons.woff

170.210.52.199

200 OK

43 kB

URL GET HTTP/1.1
170.210.52.199/407e654613459af18e0d82f8c7d3ec7f/fonts/ftnt-icons.woff
IP
170.210.52.199:443
ASN
#263186 Universidad Nacional de General Sarmiento

Requested by
https://170.210.52.199/login?redir=%2Fng
Certificate
IssuerFortinet Ltd.
SubjectFortiGate
FingerprintB6:79:F1:5F:49:86:14:E7:3D:B0:59:12:CB:85:93:EA:10:BB:9B:B9
ValidityMon, 22 Jan 2024 15:29:03 GMT - Sun, 26 Apr 2026 15:29:03 GMT

File type
Web Open Font Format, TrueType, length 43292, version 1.0
Size
43 kB (43292 bytes)
Hash
23d62c07605060a8b71fea47bb546b86
86782c1d2842567bd9aa4acaa41ce85b927affa7
916470c96461fce30511594f599d7ef0ed7c2537e8cb1f608492715ab6ec8e4c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /407e654613459af18e0d82f8c7d3ec7f/fonts/ftnt-icons.woff HTTP/1.1
Host: 170.210.52.199
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://170.210.52.199/407e654613459af18e0d82f8c7d3ec7f/css/main-green.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 22:51:01 GMT
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000
Cache-Control: max-age=31536000, immutable
Last-Modified: Wed, 25 Aug 2021 22:00:27 GMT
Accept-Ranges: bytes
Content-Length: 43292
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: font/woff

170.210.52.199/favicon.ico

170.210.52.199

200 OK

318 B

URL GET HTTP/1.1
170.210.52.199/favicon.ico
IP
170.210.52.199:443
ASN
#263186 Universidad Nacional de General Sarmiento

Requested by
https://170.210.52.199/login?redir=%2Fng
Certificate
IssuerFortinet Ltd.
SubjectFortiGate
FingerprintB6:79:F1:5F:49:86:14:E7:3D:B0:59:12:CB:85:93:EA:10:BB:9B:B9
ValidityMon, 22 Jan 2024 15:29:03 GMT - Sun, 26 Apr 2026 15:29:03 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 16 colors
Size
318 B (318 bytes)
Hash
e462005902f81094ab3de44e4381de19
684d6a3783a92305592c4211412ad0e17d402195
d18b3c9feb76c3c1cfdcc51c732f113327e3c33fb3f63b479951f7da6ed1216f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 170.210.52.199
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://170.210.52.199/login?redir=%2Fng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 22:51:02 GMT
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000
Cache-Control: no-cache
Last-Modified: Wed, 25 Aug 2021 22:00:27 GMT
Accept-Ranges: bytes
Content-Length: 318
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: image/x-icon

170.210.52.199/407e654613459af18e0d82f8c7d3ec7f/fonts/ftnt-icons.woff

170.210.52.199

200 OK

43 kB

URL GET HTTP/1.1
170.210.52.199/407e654613459af18e0d82f8c7d3ec7f/fonts/ftnt-icons.woff
IP
170.210.52.199:443
ASN
#263186 Universidad Nacional de General Sarmiento

Requested by
https://170.210.52.199/login?redir=%2Fng
Certificate
IssuerFortinet Ltd.
SubjectFortiGate
FingerprintB6:79:F1:5F:49:86:14:E7:3D:B0:59:12:CB:85:93:EA:10:BB:9B:B9
ValidityMon, 22 Jan 2024 15:29:03 GMT - Sun, 26 Apr 2026 15:29:03 GMT

File type
Web Open Font Format, TrueType, length 43292, version 1.0
Size
43 kB (43292 bytes)
Hash
23d62c07605060a8b71fea47bb546b86
86782c1d2842567bd9aa4acaa41ce85b927affa7
916470c96461fce30511594f599d7ef0ed7c2537e8cb1f608492715ab6ec8e4c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /407e654613459af18e0d82f8c7d3ec7f/fonts/ftnt-icons.woff HTTP/1.1
Host: 170.210.52.199
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://170.210.52.199/407e654613459af18e0d82f8c7d3ec7f/css/main-green.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 22:51:01 GMT
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000
Cache-Control: max-age=31536000, immutable
Last-Modified: Wed, 25 Aug 2021 22:00:27 GMT
Accept-Ranges: bytes
Content-Length: 43292
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (14)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL