| | 128.36.64.127 | 200 OK | 0 B |
URL User Request GET HTTP/1.1IP128.36.64.127:443
CertificateIssuerGlobalSign nv-sa Subjectlotis.internal.yale.edu FingerprintD7:AC:E4:84:00:6D:AB:D6:5A:D0:61:76:76:23:D7:70:18:31:42:2C ValidityTue, 11 Jul 2023 10:16:56 GMT - Sun, 11 Aug 2024 10:16:55 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 128.36.64.127
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.0 302 Moved Temporarily
Location: https://128.36.64.127/
Server: BigIP
Connection: Keep-Alive
Content-Length: 0
|
|
| | 128.36.64.127 | 200 OK | 11 kB |
URL User Request GET HTTP/1.1IP128.36.64.127:443
CertificateIssuerGlobalSign nv-sa Subjectlotis.internal.yale.edu FingerprintD7:AC:E4:84:00:6D:AB:D6:5A:D0:61:76:76:23:D7:70:18:31:42:2C ValidityTue, 11 Jul 2023 10:16:56 GMT - Sun, 11 Aug 2024 10:16:55 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (478) Hash084560261cdc00e5dfa0c8cdb55daf3e f14ed332dc266db9835af3b31bcbb02af16fe75d 09636b6ef4acb1529ba9cdcee2f0bcd88ac1cd061f5a22819b70bddd2ea6d78f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 128.36.64.127
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Thu, 04 Apr 2024 13:39:23 GMT
Accept-Ranges: bytes
ETag: "80b7cc809586da1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: 127.0.0.1
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 26 Apr 2024 08:43:03 GMT
Content-Length: 11316
|
|
| 128.36.64.127/lotis%20index%20page%20files/css_xE-rWrJf-fncB6ztZfd2huxqgxu4WO-qwma6Xer30m4.css | 128.36.64.127 | 200 OK | 2.2 kB |
URL GET HTTP/1.1128.36.64.127/lotis%20index%20page%20files/css_xE-rWrJf-fncB6ztZfd2huxqgxu4WO-qwma6Xer30m4.css IP128.36.64.127:443
CertificateIssuerGlobalSign nv-sa Subjectlotis.internal.yale.edu FingerprintD7:AC:E4:84:00:6D:AB:D6:5A:D0:61:76:76:23:D7:70:18:31:42:2C ValidityTue, 11 Jul 2023 10:16:56 GMT - Sun, 11 Aug 2024 10:16:55 GMT
File typeASCII text, with very long lines (3007) Hash795b30fdbf5d29ebd7b4c7bebd2ad97e 47aab8a79f77c9f93a90cf0bfcae5fd9781aa590 c44fab5ab25ff9f9dc07aced65f77686ec6a831bb858efaac266ba5deaf7d26e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lotis%20index%20page%20files/css_xE-rWrJf-fncB6ztZfd2huxqgxu4WO-qwma6Xer30m4.css HTTP/1.1
Host: 128.36.64.127
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://128.36.64.127/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Mon, 26 Nov 2018 13:19:38 GMT
Accept-Ranges: bytes
ETag: "0117dae8a85d41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: 127.0.0.1
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 26 Apr 2024 08:43:03 GMT
Content-Length: 2222
|
|
| 128.36.64.127/lotis%20index%20page%20files/css_hoiQXryj9ti3tEjBoADx71Uq1_hFdlZEfZf1MyBGxyo.css | 128.36.64.127 | 200 OK | 1.8 kB |
URL GET HTTP/1.1128.36.64.127/lotis%20index%20page%20files/css_hoiQXryj9ti3tEjBoADx71Uq1_hFdlZEfZf1MyBGxyo.css IP128.36.64.127:443
CertificateIssuerGlobalSign nv-sa Subjectlotis.internal.yale.edu FingerprintD7:AC:E4:84:00:6D:AB:D6:5A:D0:61:76:76:23:D7:70:18:31:42:2C ValidityTue, 11 Jul 2023 10:16:56 GMT - Sun, 11 Aug 2024 10:16:55 GMT
File typeASCII text, with very long lines (4102) Hash9491aab5b51384f1625112e2ff0d4548 c1c34e0648906c367a0c87b24702b2d6aa8ea62b 8688905ebca3f6d8b7b448c1a000f1ef552ad7f8457656447d97f5332046c72a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lotis%20index%20page%20files/css_hoiQXryj9ti3tEjBoADx71Uq1_hFdlZEfZf1MyBGxyo.css HTTP/1.1
Host: 128.36.64.127
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://128.36.64.127/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Mon, 26 Nov 2018 13:19:38 GMT
Accept-Ranges: bytes
ETag: "0117dae8a85d41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: 127.0.0.1
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 26 Apr 2024 08:43:03 GMT
Content-Length: 1806
|
|
| 128.36.64.127/lotis%20index%20page%20files/css_059BxwQdO3W6gC_prw0ohrQj1fWv8MiFJkqt4YP0qJk.css | 128.36.64.127 | 200 OK | 1.1 kB |
URL GET HTTP/1.1128.36.64.127/lotis%20index%20page%20files/css_059BxwQdO3W6gC_prw0ohrQj1fWv8MiFJkqt4YP0qJk.css IP128.36.64.127:443
CertificateIssuerGlobalSign nv-sa Subjectlotis.internal.yale.edu FingerprintD7:AC:E4:84:00:6D:AB:D6:5A:D0:61:76:76:23:D7:70:18:31:42:2C ValidityTue, 11 Jul 2023 10:16:56 GMT - Sun, 11 Aug 2024 10:16:55 GMT
File typeASCII text, with very long lines (3165) Hash7a28d92e6f8850adda3644df6353f32d 2c73adc82a69e5db392cd8cf0982ef9bad6e12b4 d39f41c7041d3b75ba802fe9af0d2886b423d5f5aff0c885264aade183f4a899
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lotis%20index%20page%20files/css_059BxwQdO3W6gC_prw0ohrQj1fWv8MiFJkqt4YP0qJk.css HTTP/1.1
Host: 128.36.64.127
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://128.36.64.127/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Mon, 26 Nov 2018 13:19:38 GMT
Accept-Ranges: bytes
ETag: "0117dae8a85d41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: 127.0.0.1
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 26 Apr 2024 08:43:03 GMT
Content-Length: 1119
|
|
| 128.36.64.127/lotis%20index%20page%20files/css_4Tf1QIlMI-rnRezhTZ3kgdrE1DWNCzM5RY_EzqbbbzM.css | 128.36.64.127 | 200 OK | 5.1 kB |
URL GET HTTP/1.1128.36.64.127/lotis%20index%20page%20files/css_4Tf1QIlMI-rnRezhTZ3kgdrE1DWNCzM5RY_EzqbbbzM.css IP128.36.64.127:443
CertificateIssuerGlobalSign nv-sa Subjectlotis.internal.yale.edu FingerprintD7:AC:E4:84:00:6D:AB:D6:5A:D0:61:76:76:23:D7:70:18:31:42:2C ValidityTue, 11 Jul 2023 10:16:56 GMT - Sun, 11 Aug 2024 10:16:55 GMT
File typeASCII text, with very long lines (10835) Hash1ce7c0e7bf8c5f9685bd4226894a94b0 1f4b84fd70db67f4386fd09f13fffc57e535d716 e137f540894c23eae745ece14d9de481dac4d4358d0b3339458fc4cea6db6f33
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lotis%20index%20page%20files/css_4Tf1QIlMI-rnRezhTZ3kgdrE1DWNCzM5RY_EzqbbbzM.css HTTP/1.1
Host: 128.36.64.127
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://128.36.64.127/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Mon, 26 Nov 2018 13:19:38 GMT
Accept-Ranges: bytes
ETag: "0117dae8a85d41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: 127.0.0.1
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 26 Apr 2024 08:43:03 GMT
Content-Length: 5077
|
|
| 128.36.64.127/lotis%20index%20page%20files/font-awesome.min.css | 128.36.64.127 | 200 OK | 7.0 kB |
URL GET HTTP/1.1128.36.64.127/lotis%20index%20page%20files/font-awesome.min.css IP128.36.64.127:443
CertificateIssuerGlobalSign nv-sa Subjectlotis.internal.yale.edu FingerprintD7:AC:E4:84:00:6D:AB:D6:5A:D0:61:76:76:23:D7:70:18:31:42:2C ValidityTue, 11 Jul 2023 10:16:56 GMT - Sun, 11 Aug 2024 10:16:55 GMT
File typeASCII text, with very long lines (30837) Hash269550530cc127b6aa5a35925a7de6ce 512c7d79033e3028a9be61b540cf1a6870c896f8 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lotis%20index%20page%20files/font-awesome.min.css HTTP/1.1
Host: 128.36.64.127
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://128.36.64.127/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Mon, 26 Nov 2018 13:19:38 GMT
Accept-Ranges: bytes
ETag: "0117dae8a85d41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: 127.0.0.1
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 26 Apr 2024 08:43:03 GMT
Content-Length: 6989
|
|
| 128.36.64.127/lotis%20index%20page%20files/siteanalyze_66356571.js | 128.36.64.127 | 200 OK | 7.9 kB |
URL GET HTTP/1.1128.36.64.127/lotis%20index%20page%20files/siteanalyze_66356571.js IP128.36.64.127:443
CertificateIssuerGlobalSign nv-sa Subjectlotis.internal.yale.edu FingerprintD7:AC:E4:84:00:6D:AB:D6:5A:D0:61:76:76:23:D7:70:18:31:42:2C ValidityTue, 11 Jul 2023 10:16:56 GMT - Sun, 11 Aug 2024 10:16:55 GMT
File typeJavaScript source, ASCII text, with very long lines (22376), with no line terminators Hash1bd3e185bee9aee1b345a1cde6adcdc5 9f540711443fea1be96c7e808b4e8dd136c371ca 905b0cdbfc770d301b474e1f710deb4af8ba79cd720b5ef5e391d51bc89b8141
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lotis%20index%20page%20files/siteanalyze_66356571.js HTTP/1.1
Host: 128.36.64.127
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://128.36.64.127/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 26 Nov 2018 13:19:38 GMT
Accept-Ranges: bytes
ETag: "0117dae8a85d41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: 127.0.0.1
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 26 Apr 2024 08:43:03 GMT
Content-Length: 7883
|
|
| 128.36.64.127/lotis%20index%20page%20files/css_injector_6.css | 128.36.64.127 | 200 OK | 2.1 kB |
URL GET HTTP/1.1128.36.64.127/lotis%20index%20page%20files/css_injector_6.css IP128.36.64.127:443
CertificateIssuerGlobalSign nv-sa Subjectlotis.internal.yale.edu FingerprintD7:AC:E4:84:00:6D:AB:D6:5A:D0:61:76:76:23:D7:70:18:31:42:2C ValidityTue, 11 Jul 2023 10:16:56 GMT - Sun, 11 Aug 2024 10:16:55 GMT
File typeASCII text, with CRLF line terminators Hash5b7591930ba1181e6d269be41202a8c5 d9e60869d4d8855028e7f6791da37b61c6740988 0c3f3c4a80bb0647064da3e5fa9b97f91bd924ca39d108329ab9fc9ea8dfb2fb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lotis%20index%20page%20files/css_injector_6.css HTTP/1.1
Host: 128.36.64.127
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://128.36.64.127/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Mon, 26 Nov 2018 13:19:38 GMT
Accept-Ranges: bytes
ETag: "0117dae8a85d41:0"
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: 127.0.0.1
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 26 Apr 2024 08:43:03 GMT
Content-Length: 2075
|
|
| 128.36.64.127/lotis%20index%20page%20files/css_9vBB99ixuztvwPOEJeUKUuWX_sQ7iWMAm-HTGcIUeyc.css | 128.36.64.127 | 200 OK | 2.6 kB |
URL GET HTTP/1.1128.36.64.127/lotis%20index%20page%20files/css_9vBB99ixuztvwPOEJeUKUuWX_sQ7iWMAm-HTGcIUeyc.css IP128.36.64.127:443
CertificateIssuerGlobalSign nv-sa Subjectlotis.internal.yale.edu FingerprintD7:AC:E4:84:00:6D:AB:D6:5A:D0:61:76:76:23:D7:70:18:31:42:2C ValidityTue, 11 Jul 2023 10:16:56 GMT - Sun, 11 Aug 2024 10:16:55 GMT
File typeASCII text, with very long lines (1304) Hashc2471d3c510c4daf06cf773fb260fe39 a706a65046d051dea16d73b699d57672a28836ed f6f041f7d8b1bb3b6fc0f38425e50a52e597fec43b8963009be1d319c2147b27
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lotis%20index%20page%20files/css_9vBB99ixuztvwPOEJeUKUuWX_sQ7iWMAm-HTGcIUeyc.css HTTP/1.1
Host: 128.36.64.127
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://128.36.64.127/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Mon, 26 Nov 2018 13:19:38 GMT
Accept-Ranges: bytes
ETag: "0117dae8a85d41:0"
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: 127.0.0.1
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 26 Apr 2024 08:43:03 GMT
Content-Length: 2631
|
|
| 128.36.64.127/lotis%20index%20page%20files/analytics.js | 128.36.64.127 | 200 OK | 17 kB |
URL GET HTTP/1.1128.36.64.127/lotis%20index%20page%20files/analytics.js IP128.36.64.127:443
CertificateIssuerGlobalSign nv-sa Subjectlotis.internal.yale.edu FingerprintD7:AC:E4:84:00:6D:AB:D6:5A:D0:61:76:76:23:D7:70:18:31:42:2C ValidityTue, 11 Jul 2023 10:16:56 GMT - Sun, 11 Aug 2024 10:16:55 GMT
File typeJavaScript source, ASCII text, with very long lines (1933) Hash2288a7f0b8dafb9384355f3cd86c0e83 77cc1b529acc9bf11aab466970f5e5bf292dc90d b688a3bcd1297cc0fe08e6e52fea14ba9108ee4b9a2052c03e7bac6e19347255
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lotis%20index%20page%20files/analytics.js HTTP/1.1
Host: 128.36.64.127
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://128.36.64.127/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 26 Nov 2018 13:19:38 GMT
Accept-Ranges: bytes
ETag: "0117dae8a85d41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: 127.0.0.1
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 26 Apr 2024 08:43:03 GMT
Content-Length: 17445
|
|
| 128.36.64.127/lotis%20index%20page%20files/respond.min.js | 128.36.64.127 | 200 OK | 2.1 kB |
URL GET HTTP/1.1128.36.64.127/lotis%20index%20page%20files/respond.min.js IP128.36.64.127:443
CertificateIssuerGlobalSign nv-sa Subjectlotis.internal.yale.edu FingerprintD7:AC:E4:84:00:6D:AB:D6:5A:D0:61:76:76:23:D7:70:18:31:42:2C ValidityTue, 11 Jul 2023 10:16:56 GMT - Sun, 11 Aug 2024 10:16:55 GMT
File typeJavaScript source, ASCII text, with very long lines (4170) Hashfc61ef5c6e00f16238afe673cd289b97 54bb2c577f00d867eb6a63c755db8377ee29d19b b86d3f451534200ba9f251b5eab7acbf923ff7e677a8851d1110ba646867483b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lotis%20index%20page%20files/respond.min.js HTTP/1.1
Host: 128.36.64.127
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://128.36.64.127/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 26 Nov 2018 13:19:38 GMT
Accept-Ranges: bytes
ETag: "0117dae8a85d41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: 127.0.0.1
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 26 Apr 2024 08:43:03 GMT
Content-Length: 2134
|
|
| 128.36.64.127/lotis%20index%20page%20files/css_XRP-XaBL79JeZJK1GSb4SHbLjBUlpvH4vV7AjFW8INA.css | 128.36.64.127 | 200 OK | 22 kB |
URL GET HTTP/1.1128.36.64.127/lotis%20index%20page%20files/css_XRP-XaBL79JeZJK1GSb4SHbLjBUlpvH4vV7AjFW8INA.css IP128.36.64.127:443
CertificateIssuerGlobalSign nv-sa Subjectlotis.internal.yale.edu FingerprintD7:AC:E4:84:00:6D:AB:D6:5A:D0:61:76:76:23:D7:70:18:31:42:2C ValidityTue, 11 Jul 2023 10:16:56 GMT - Sun, 11 Aug 2024 10:16:55 GMT
File typeASCII text, with very long lines (40876) Hashf097318b0d6743966bfb2f0e9861b7f5 16bf2d119e68083ab67149fd18a6914d0eafc024 5d13fe5da04befd25e6492b51926f84876cb8c1525a6f1f8bd5ec08c55bc20d0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lotis%20index%20page%20files/css_XRP-XaBL79JeZJK1GSb4SHbLjBUlpvH4vV7AjFW8INA.css HTTP/1.1
Host: 128.36.64.127
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://128.36.64.127/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Mon, 26 Nov 2018 13:19:38 GMT
Accept-Ranges: bytes
ETag: "0117dae8a85d41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: 127.0.0.1
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 26 Apr 2024 08:43:03 GMT
Content-Length: 21776
|
|
| 128.36.64.127/lotis%20index%20page%20files/js_vSmhpx_T-AShyt_WMW5_TcwwxJP1imoVOa8jvwL_mxE.js | 128.36.64.127 | 200 OK | 7.8 kB |
URL GET HTTP/1.1128.36.64.127/lotis%20index%20page%20files/js_vSmhpx_T-AShyt_WMW5_TcwwxJP1imoVOa8jvwL_mxE.js IP128.36.64.127:443
CertificateIssuerGlobalSign nv-sa Subjectlotis.internal.yale.edu FingerprintD7:AC:E4:84:00:6D:AB:D6:5A:D0:61:76:76:23:D7:70:18:31:42:2C ValidityTue, 11 Jul 2023 10:16:56 GMT - Sun, 11 Aug 2024 10:16:55 GMT
File typeJavaScript source, ASCII text Hash197468e86088b4bea0749da721f167c4 5c58fddb1e7260e5fef8c218a42942131644ccd4 bd29a1a71fd3f804a1cadfd6316e7f4dcc30c493f58a6a1539af23bf02ff9b11
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lotis%20index%20page%20files/js_vSmhpx_T-AShyt_WMW5_TcwwxJP1imoVOa8jvwL_mxE.js HTTP/1.1
Host: 128.36.64.127
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://128.36.64.127/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 26 Nov 2018 13:19:38 GMT
Accept-Ranges: bytes
ETag: "0117dae8a85d41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: 127.0.0.1
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 26 Apr 2024 08:43:03 GMT
Content-Length: 7802
|
|
| 128.36.64.127/lotis%20index%20page%20files/js_NpX2cwCeepkWZZ194B6-ViyVBHleaYLOx5R9EWBOMRU.js | 128.36.64.127 | 200 OK | 2.0 kB |
URL GET HTTP/1.1128.36.64.127/lotis%20index%20page%20files/js_NpX2cwCeepkWZZ194B6-ViyVBHleaYLOx5R9EWBOMRU.js IP128.36.64.127:443
CertificateIssuerGlobalSign nv-sa Subjectlotis.internal.yale.edu FingerprintD7:AC:E4:84:00:6D:AB:D6:5A:D0:61:76:76:23:D7:70:18:31:42:2C ValidityTue, 11 Jul 2023 10:16:56 GMT - Sun, 11 Aug 2024 10:16:55 GMT
File typeJavaScript source, ASCII text Hash09169837d716c63b211a4c265bac1eef 927c8869cf6622ff159c26245096bb9ebae96be5 3695f673009e7a9916659d7de01ebe562c9504795e6982cec7947d11604e3115
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lotis%20index%20page%20files/js_NpX2cwCeepkWZZ194B6-ViyVBHleaYLOx5R9EWBOMRU.js HTTP/1.1
Host: 128.36.64.127
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://128.36.64.127/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 26 Nov 2018 13:19:38 GMT
Accept-Ranges: bytes
ETag: "0117dae8a85d41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: 127.0.0.1
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 26 Apr 2024 08:43:03 GMT
Content-Length: 1966
|
|
| 128.36.64.127/lotis%20index%20page%20files/js_d8HfRfSnQZH-whu7j0OTbu1fVCbkQ-Arod-ChtEJBu4.js | 128.36.64.127 | 200 OK | 9.0 kB |
URL GET HTTP/1.1128.36.64.127/lotis%20index%20page%20files/js_d8HfRfSnQZH-whu7j0OTbu1fVCbkQ-Arod-ChtEJBu4.js IP128.36.64.127:443
CertificateIssuerGlobalSign nv-sa Subjectlotis.internal.yale.edu FingerprintD7:AC:E4:84:00:6D:AB:D6:5A:D0:61:76:76:23:D7:70:18:31:42:2C ValidityTue, 11 Jul 2023 10:16:56 GMT - Sun, 11 Aug 2024 10:16:55 GMT
File typeJavaScript source, ASCII text, with very long lines (10151) Hash50cad8b45060b0574ef726a344a9eb26 b17697c2303e11391aa63810e9d91b936bf71243 77c1df45f4a74191fec21bbb8f43936eed5f5426e443e02ba1df8286d10906ee
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lotis%20index%20page%20files/js_d8HfRfSnQZH-whu7j0OTbu1fVCbkQ-Arod-ChtEJBu4.js HTTP/1.1
Host: 128.36.64.127
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://128.36.64.127/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 26 Nov 2018 13:19:38 GMT
Accept-Ranges: bytes
ETag: "0117dae8a85d41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: 127.0.0.1
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 26 Apr 2024 08:43:03 GMT
Content-Length: 9018
|
|
| 128.36.64.127/lotis%20index%20page%20files/jsapi.js | 128.36.64.127 | 200 OK | 6.2 kB |
URL GET HTTP/1.1128.36.64.127/lotis%20index%20page%20files/jsapi.js IP128.36.64.127:443
CertificateIssuerGlobalSign nv-sa Subjectlotis.internal.yale.edu FingerprintD7:AC:E4:84:00:6D:AB:D6:5A:D0:61:76:76:23:D7:70:18:31:42:2C ValidityTue, 11 Jul 2023 10:16:56 GMT - Sun, 11 Aug 2024 10:16:55 GMT
File typeJavaScript source, ASCII text, with very long lines (10607) Hash1d9d7b6b482c1f30970639aa27c32086 525e111b7d33db41d31a34d45322b8ca6fb5a315 db071b1c910a86c6a598ee4734aae4231af54187632d351f14007e11d3d41105
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lotis%20index%20page%20files/jsapi.js HTTP/1.1
Host: 128.36.64.127
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://128.36.64.127/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 26 Nov 2018 13:19:38 GMT
Accept-Ranges: bytes
ETag: "0117dae8a85d41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: 127.0.0.1
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 26 Apr 2024 08:43:03 GMT
Content-Length: 6156
|
|
| 128.36.64.127/lotis%20index%20page%20files/js_2UBeAIPwl9ORKxW_zkQf4dVnRvIrf5eW1fpck9_xYVI.js | 128.36.64.127 | 200 OK | 8.2 kB |
URL GET HTTP/1.1128.36.64.127/lotis%20index%20page%20files/js_2UBeAIPwl9ORKxW_zkQf4dVnRvIrf5eW1fpck9_xYVI.js IP128.36.64.127:443
CertificateIssuerGlobalSign nv-sa Subjectlotis.internal.yale.edu FingerprintD7:AC:E4:84:00:6D:AB:D6:5A:D0:61:76:76:23:D7:70:18:31:42:2C ValidityTue, 11 Jul 2023 10:16:56 GMT - Sun, 11 Aug 2024 10:16:55 GMT
File typeJavaScript source, ASCII text, with very long lines (4031), with CRLF, LF line terminators Hashd7204cf08ae7a66e9b707ebe0861a838 9ec1ec8bcb8656636e3943da34b8a82ed4ad607b d9405e0083f097d3912b15bfce441fe1d56746f22b7f9796d5fa5c93dff16152
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lotis%20index%20page%20files/js_2UBeAIPwl9ORKxW_zkQf4dVnRvIrf5eW1fpck9_xYVI.js HTTP/1.1
Host: 128.36.64.127
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://128.36.64.127/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 26 Nov 2018 13:19:38 GMT
Accept-Ranges: bytes
ETag: "0117dae8a85d41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: 127.0.0.1
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 26 Apr 2024 08:43:03 GMT
Content-Length: 8172
|
|
| 128.36.64.127/lotis%20index%20page%20files/jquery.min.js | 128.36.64.127 | 200 OK | 34 kB |
URL GET HTTP/1.1128.36.64.127/lotis%20index%20page%20files/jquery.min.js IP128.36.64.127:443
CertificateIssuerGlobalSign nv-sa Subjectlotis.internal.yale.edu FingerprintD7:AC:E4:84:00:6D:AB:D6:5A:D0:61:76:76:23:D7:70:18:31:42:2C ValidityTue, 11 Jul 2023 10:16:56 GMT - Sun, 11 Aug 2024 10:16:55 GMT
File typeJavaScript source, ASCII text, with very long lines (65483) Hash3576a6e73c9dccdbbc4a2cf8ff544ad7 06e872300088b9ba8a08427d28ed0efcdf9c6ff5 61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lotis%20index%20page%20files/jquery.min.js HTTP/1.1
Host: 128.36.64.127
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://128.36.64.127/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 26 Nov 2018 13:19:38 GMT
Accept-Ranges: bytes
ETag: "0117dae8a85d41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: 127.0.0.1
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 26 Apr 2024 08:43:03 GMT
Content-Length: 33504
|
|
| 128.36.64.127/lotis%20index%20page%20files/js_dVt2YJ6cRQJSv4Pm_lTLWJDk0ckZzBV6hBXrJqUHqdA.js | 128.36.64.127 | 200 OK | 15 kB |
URL GET HTTP/1.1128.36.64.127/lotis%20index%20page%20files/js_dVt2YJ6cRQJSv4Pm_lTLWJDk0ckZzBV6hBXrJqUHqdA.js IP128.36.64.127:443
CertificateIssuerGlobalSign nv-sa Subjectlotis.internal.yale.edu FingerprintD7:AC:E4:84:00:6D:AB:D6:5A:D0:61:76:76:23:D7:70:18:31:42:2C ValidityTue, 11 Jul 2023 10:16:56 GMT - Sun, 11 Aug 2024 10:16:55 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (16235), with CRLF, LF line terminators Hash53720dcd083d53e1a324f7ba76117373 450146c39434cbdfbd6b769f1f3f0faa460a83b7 755b76609e9c450252bf83e6fe54cb5890e4d1c919cc157a8415eb26a507a9d0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lotis%20index%20page%20files/js_dVt2YJ6cRQJSv4Pm_lTLWJDk0ckZzBV6hBXrJqUHqdA.js HTTP/1.1
Host: 128.36.64.127
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://128.36.64.127/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 26 Nov 2018 13:19:38 GMT
Accept-Ranges: bytes
ETag: "0117dae8a85d41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: 127.0.0.1
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 26 Apr 2024 08:43:03 GMT
Content-Length: 14972
|
|
| 128.36.64.127/LOTIS/lib/moment.min.js | 128.36.64.127 | 200 OK | 15 kB |
URL GET HTTP/1.1128.36.64.127/LOTIS/lib/moment.min.js IP128.36.64.127:443
CertificateIssuerGlobalSign nv-sa Subjectlotis.internal.yale.edu FingerprintD7:AC:E4:84:00:6D:AB:D6:5A:D0:61:76:76:23:D7:70:18:31:42:2C ValidityTue, 11 Jul 2023 10:16:56 GMT - Sun, 11 Aug 2024 10:16:55 GMT
File typeJavaScript source, ASCII text, with very long lines (32010) Hash03c1d3ad0acf482f87368e3ea7af14c2 a8ca7eea2616fa92e2e85ba6291af6ea012fd190 4e411c99fe4a486db34e801a53392ae86f8659eccc438944b5a062c9aaba25be
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /LOTIS/lib/moment.min.js HTTP/1.1
Host: 128.36.64.127
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://128.36.64.127/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 10 May 2016 13:25:23 GMT
Accept-Ranges: bytes
ETag: "8063f467bfaad11:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: 127.0.0.1
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 26 Apr 2024 08:43:03 GMT
Content-Length: 15283
|
|
| 128.36.64.127/LOTIS/lib/moment-range.js | 128.36.64.127 | 200 OK | 2.2 kB |
URL GET HTTP/1.1128.36.64.127/LOTIS/lib/moment-range.js IP128.36.64.127:443
CertificateIssuerGlobalSign nv-sa Subjectlotis.internal.yale.edu FingerprintD7:AC:E4:84:00:6D:AB:D6:5A:D0:61:76:76:23:D7:70:18:31:42:2C ValidityTue, 11 Jul 2023 10:16:56 GMT - Sun, 11 Aug 2024 10:16:55 GMT
File typeJavaScript source, ASCII text Hash6fafeca5dd6478b51075371503f51317 7754539668fb95baf69990086f2aac1686fa331f 0b22d6e7f18b29dae0b2dee1be1fc3c17bfaaf10ee9eff942c0f70bbc4fb1339
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /LOTIS/lib/moment-range.js HTTP/1.1
Host: 128.36.64.127
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://128.36.64.127/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 10 May 2016 13:25:23 GMT
Accept-Ranges: bytes
ETag: "8063f467bfaad11:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: 127.0.0.1
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 26 Apr 2024 08:43:03 GMT
Content-Length: 2234
|
|
| 128.36.64.127/lotis%20index%20page%20files/js_p4E-eBjXanNzvwx8r7khJqwcntEMZ06QCNQZgJtaDes.js | 128.36.64.127 | 200 OK | 1.4 kB |
URL GET HTTP/1.1128.36.64.127/lotis%20index%20page%20files/js_p4E-eBjXanNzvwx8r7khJqwcntEMZ06QCNQZgJtaDes.js IP128.36.64.127:443
CertificateIssuerGlobalSign nv-sa Subjectlotis.internal.yale.edu FingerprintD7:AC:E4:84:00:6D:AB:D6:5A:D0:61:76:76:23:D7:70:18:31:42:2C ValidityTue, 11 Jul 2023 10:16:56 GMT - Sun, 11 Aug 2024 10:16:55 GMT
File typeJavaScript source, ASCII text, with CRLF, LF line terminators Hash406c405ecbd85c0d6121ef423dba86b5 bfbf3084fa242e51cdbdd46273efec32bb60e558 a7813e7818d76a7373bf0c7cafb92126ac1c9ed10c674e9008d419809b5a0deb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lotis%20index%20page%20files/js_p4E-eBjXanNzvwx8r7khJqwcntEMZ06QCNQZgJtaDes.js HTTP/1.1
Host: 128.36.64.127
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://128.36.64.127/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Last-Modified: Mon, 26 Nov 2018 13:19:38 GMT
Accept-Ranges: bytes
ETag: "0117dae8a85d41:0"
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: 127.0.0.1
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 26 Apr 2024 08:43:03 GMT
Content-Length: 1396
|
|
| 128.36.64.127/sites/all/themes/yalenew_base/images/extlink_s.png | 128.36.64.127 | 200 OK | 15 kB |
URL GET HTTP/1.1128.36.64.127/sites/all/themes/yalenew_base/images/extlink_s.png IP128.36.64.127:443
CertificateIssuerGlobalSign nv-sa Subjectlotis.internal.yale.edu FingerprintD7:AC:E4:84:00:6D:AB:D6:5A:D0:61:76:76:23:D7:70:18:31:42:2C ValidityTue, 11 Jul 2023 10:16:56 GMT - Sun, 11 Aug 2024 10:16:55 GMT
File typePNG image data, 32 x 10, 8-bit gray+alpha, non-interlaced Hash67584ec3573ceb7a0e802cba9a356dcc a2feb02c37e533ffee1ffa00b61bc2ebf5d518b6 7cd36f62570f78634ceed07942ab14ef932f3aa40a821fca0a9dbc7124b3ad7a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /sites/all/themes/yalenew_base/images/extlink_s.png HTTP/1.1
Host: 128.36.64.127
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://128.36.64.127/lotis%20index%20page%20files/css_XRP-XaBL79JeZJK1GSb4SHbLjBUlpvH4vV7AjFW8INA.css
Cookie: adaptive_image=1280; has_js=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 01 Apr 2019 13:18:53 GMT
Accept-Ranges: bytes
ETag: "801cb7738de8d41:0"
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: 127.0.0.1
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 26 Apr 2024 08:43:03 GMT
Content-Length: 14606
|
|
| 128.36.64.127/sites/all/themes/yalenew_base/fonts/YaleNew/YaleNew-marks/yalemarks-webfont.ttf | 128.36.64.127 | 200 OK | 6.4 kB |
URL GET HTTP/1.1128.36.64.127/sites/all/themes/yalenew_base/fonts/YaleNew/YaleNew-marks/yalemarks-webfont.ttf IP128.36.64.127:443
CertificateIssuerGlobalSign nv-sa Subjectlotis.internal.yale.edu FingerprintD7:AC:E4:84:00:6D:AB:D6:5A:D0:61:76:76:23:D7:70:18:31:42:2C ValidityTue, 11 Jul 2023 10:16:56 GMT - Sun, 11 Aug 2024 10:16:55 GMT
File typeTrueType Font data, 14 tables, 1st "FFTM", 14 names, Macintosh, type 1 string, new Font Regular Webfont Hash1d493f3a313fd3f4c2857a353cef3fc5 6c5ac12eeb62344a44c1751f2981a9c446f07be5 d26028046cc59e89a5dd1cd1354443f5be3c2e2182186d49f20fb2b558ac742b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /sites/all/themes/yalenew_base/fonts/YaleNew/YaleNew-marks/yalemarks-webfont.ttf HTTP/1.1
Host: 128.36.64.127
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://128.36.64.127/lotis%20index%20page%20files/css_XRP-XaBL79JeZJK1GSb4SHbLjBUlpvH4vV7AjFW8INA.css
Cookie: adaptive_image=1280; has_js=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Last-Modified: Mon, 01 Apr 2019 13:23:57 GMT
Accept-Ranges: bytes
ETag: "80d4e9288ee8d41:0"
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: 127.0.0.1
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 26 Apr 2024 08:43:03 GMT
Content-Length: 6384
|
|
| siteimproveanalytics.com/js/siteanalyze_66356571.js | 188.114.96.1 | 200 OK | 26 kB |
URL GET HTTP/2siteimproveanalytics.com/js/siteanalyze_66356571.js IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subjectsiteimproveanalytics.com FingerprintAF:D6:9C:F7:A0:DC:1A:1D:90:B8:5F:FF:5B:F3:8A:31:24:E2:E3:2B ValidityTue, 23 Apr 2024 07:22:16 GMT - Mon, 22 Jul 2024 07:22:15 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65531), with no line terminators Hash4d73968994a88f6551393f239e83cf9f 96c2426998db0bbdf44e0bc1fb3b0e09967de2ce 930fd08434fe396b21647dff19775f15e513adf271ed90e6b039bdcfc73e033f
GET /js/siteanalyze_66356571.js HTTP/1.1
Host: siteimproveanalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://128.36.64.127/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 08:43:04 GMT
content-type: application/javascript; charset=utf-8
content-length: 25814
x-amz-id-2: f0BNwUEH0BruOQpY8aU7fDFi9oqrGSorJTPW+Cv6FUS03BTTQK81naoU8r78n6JkUVC8mbcC3cc=
x-amz-request-id: EJCR4606F33P3284
cache-control: max-age=86400, no-transform
content-encoding: gzip
last-modified: Fri, 19 Apr 2024 20:25:05 GMT
etag: "7db88f9e655fd3f4fd28fc4f46472800"
cf-cache-status: HIT
age: 6906
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XShMczSHJw%2Bm3dkcox8m8rase%2FA68c76e%2B4mLU%2FKuRoRBr0p7sOyER5TK9gXH0Iaf2n8Rvrg%2B1n0NBwO4kvy4Q%2F9IpcbCALez9ZMPDby6KgDhNLigSCliQYlcQ8eISB9JhWOxegwm7D2kQk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a548787c420b31-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 128.36.64.127/sites/all/themes/yalenew_base/fonts/Mallory/Mallory/Mallory-BoldItalic.woff | 128.36.64.127 | 404 Not Found | 1.2 kB |
URL GET HTTP/1.1128.36.64.127/sites/all/themes/yalenew_base/fonts/Mallory/Mallory/Mallory-BoldItalic.woff IP128.36.64.127:443
CertificateIssuerGlobalSign nv-sa Subjectlotis.internal.yale.edu FingerprintD7:AC:E4:84:00:6D:AB:D6:5A:D0:61:76:76:23:D7:70:18:31:42:2C ValidityTue, 11 Jul 2023 10:16:56 GMT - Sun, 11 Aug 2024 10:16:55 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hash5343c1a8b203c162a3bf3870d9f50fd4 04b5b886c20d88b57eea6d8ff882624a4ac1e51d dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /sites/all/themes/yalenew_base/fonts/Mallory/Mallory/Mallory-BoldItalic.woff HTTP/1.1
Host: 128.36.64.127
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://128.36.64.127/lotis%20index%20page%20files/css_XRP-XaBL79JeZJK1GSb4SHbLjBUlpvH4vV7AjFW8INA.css
Cookie: adaptive_image=1280; has_js=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: 127.0.0.1
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 26 Apr 2024 08:43:03 GMT
Content-Length: 1245
|
|
| 128.36.64.127/sites/all/themes/yalenew_base/fonts/Mallory/Mallory/Mallory-Book.woff | 128.36.64.127 | 200 OK | 74 kB |
URL GET HTTP/1.1128.36.64.127/sites/all/themes/yalenew_base/fonts/Mallory/Mallory/Mallory-Book.woff IP128.36.64.127:443
CertificateIssuerGlobalSign nv-sa Subjectlotis.internal.yale.edu FingerprintD7:AC:E4:84:00:6D:AB:D6:5A:D0:61:76:76:23:D7:70:18:31:42:2C ValidityTue, 11 Jul 2023 10:16:56 GMT - Sun, 11 Aug 2024 10:16:55 GMT
File typeWeb Open Font Format, TrueType, length 74066, version 1.0 Hash1311291b66a9945865aa60201ee69d16 33242842058a1555c4a884bf8a98da5904f40577 81ad3db05aff00b912518c41c2acd6ce92c08492ed59f2c570ac2511949ce309
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /sites/all/themes/yalenew_base/fonts/Mallory/Mallory/Mallory-Book.woff HTTP/1.1
Host: 128.36.64.127
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://128.36.64.127/lotis%20index%20page%20files/css_XRP-XaBL79JeZJK1GSb4SHbLjBUlpvH4vV7AjFW8INA.css
Cookie: adaptive_image=1280; has_js=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: font/x-woff
Last-Modified: Mon, 01 Apr 2019 13:22:17 GMT
Accept-Ranges: bytes
ETag: "80a4fed8de8d41:0"
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: 127.0.0.1
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 26 Apr 2024 08:43:03 GMT
Content-Length: 74066
|
|
| 128.36.64.127/sites/all/themes/yalenew_base/fonts/YaleNew/YaleNew-normal-normal/yalenew-roman-webfont.woff2 | 128.36.64.127 | 200 OK | 47 kB |
URL GET HTTP/1.1128.36.64.127/sites/all/themes/yalenew_base/fonts/YaleNew/YaleNew-normal-normal/yalenew-roman-webfont.woff2 IP128.36.64.127:443
CertificateIssuerGlobalSign nv-sa Subjectlotis.internal.yale.edu FingerprintD7:AC:E4:84:00:6D:AB:D6:5A:D0:61:76:76:23:D7:70:18:31:42:2C ValidityTue, 11 Jul 2023 10:16:56 GMT - Sun, 11 Aug 2024 10:16:55 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 47052, version 1.262 Hashd128271e1283ba3bd126bcbc7c65ee33 69c4f641d60e82aabc9f2b279a231a9926b509a5 11410d9e521435a78d5199c4e31c156a957bbfcc2144a33cd9e196b7142fa4d3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /sites/all/themes/yalenew_base/fonts/YaleNew/YaleNew-normal-normal/yalenew-roman-webfont.woff2 HTTP/1.1
Host: 128.36.64.127
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://128.36.64.127/lotis%20index%20page%20files/css_XRP-XaBL79JeZJK1GSb4SHbLjBUlpvH4vV7AjFW8INA.css
Cookie: adaptive_image=1280; has_js=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/font-woff2
Last-Modified: Mon, 01 Apr 2019 13:24:24 GMT
Accept-Ranges: bytes
ETag: "0b41398ee8d41:0"
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: 127.0.0.1
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 26 Apr 2024 08:43:03 GMT
Content-Length: 47052
|
|
| 128.36.64.127/sites/all/themes/yalenew_base/fonts/Mallory/Mallory/Mallory-BoldItalic.woff2 | 128.36.64.127 | 404 Not Found | 1.2 kB |
URL GET HTTP/1.1128.36.64.127/sites/all/themes/yalenew_base/fonts/Mallory/Mallory/Mallory-BoldItalic.woff2 IP128.36.64.127:443
CertificateIssuerGlobalSign nv-sa Subjectlotis.internal.yale.edu FingerprintD7:AC:E4:84:00:6D:AB:D6:5A:D0:61:76:76:23:D7:70:18:31:42:2C ValidityTue, 11 Jul 2023 10:16:56 GMT - Sun, 11 Aug 2024 10:16:55 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hash5343c1a8b203c162a3bf3870d9f50fd4 04b5b886c20d88b57eea6d8ff882624a4ac1e51d dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /sites/all/themes/yalenew_base/fonts/Mallory/Mallory/Mallory-BoldItalic.woff2 HTTP/1.1
Host: 128.36.64.127
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://128.36.64.127/lotis%20index%20page%20files/css_XRP-XaBL79JeZJK1GSb4SHbLjBUlpvH4vV7AjFW8INA.css
Cookie: adaptive_image=1280; has_js=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: 127.0.0.1
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 26 Apr 2024 08:43:04 GMT
Content-Length: 1245
|
|
| 128.36.64.127/sites/all/themes/yalenew_base/fonts/Mallory/Mallory/Mallory-BookItalic.woff | 128.36.64.127 | 200 OK | 78 kB |
URL GET HTTP/1.1128.36.64.127/sites/all/themes/yalenew_base/fonts/Mallory/Mallory/Mallory-BookItalic.woff IP128.36.64.127:443
CertificateIssuerGlobalSign nv-sa Subjectlotis.internal.yale.edu FingerprintD7:AC:E4:84:00:6D:AB:D6:5A:D0:61:76:76:23:D7:70:18:31:42:2C ValidityTue, 11 Jul 2023 10:16:56 GMT - Sun, 11 Aug 2024 10:16:55 GMT
File typeWeb Open Font Format, TrueType, length 78106, version 1.0 Hash5927c367a70504f104583bb750810020 2e2204828d261e769656df2f8a27c404bbe2a6a2 26a418b5d2755d32f47958843c390fe3d9f2edf976973b191a6219199cbf719d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /sites/all/themes/yalenew_base/fonts/Mallory/Mallory/Mallory-BookItalic.woff HTTP/1.1
Host: 128.36.64.127
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://128.36.64.127/lotis%20index%20page%20files/css_XRP-XaBL79JeZJK1GSb4SHbLjBUlpvH4vV7AjFW8INA.css
Cookie: adaptive_image=1280; has_js=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: font/x-woff
Last-Modified: Mon, 13 May 2019 16:32:22 GMT
Accept-Ranges: bytes
ETag: "06f9170a99d51:0"
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: 127.0.0.1
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 26 Apr 2024 08:43:03 GMT
Content-Length: 78106
|
|
| usability.yale.edu/sites/all/themes/yalenew_base/images/touch-icon-228.png | 23.185.0.4 | 200 OK | 1.1 kB |
URL GET HTTP/2usability.yale.edu/sites/all/themes/yalenew_base/images/touch-icon-228.png IP23.185.0.4:443
CertificateIssuerLet's Encrypt Subjectusability.yale.edu Fingerprint3C:F5:B0:38:EB:7E:B7:F1:8D:39:FE:C2:61:73:0D:55:BC:FA:D6:47 ValidityFri, 15 Mar 2024 00:42:45 GMT - Thu, 13 Jun 2024 00:42:44 GMT
File typePNG image data, 228 x 228, 8-bit colormap, non-interlaced Hash05987a35fefd31d2d2957d8dd77bb74b 803f6972b30315cef5207ac0d3f4ac79205324de 2f9eabfa0a39d6ccdf12d90dbf0832c2a31fb50bdb215bd42facc2716a4eed84
GET /sites/all/themes/yalenew_base/images/touch-icon-228.png HTTP/1.1
Host: usability.yale.edu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://128.36.64.127/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: max-age=31622400
content-type: image/png
etag: "660f97a1-45f"
expires: Sun, 06 Apr 2025 14:08:17 GMT
last-modified: Fri, 05 Apr 2024 06:18:09 GMT
server: nginx
strict-transport-security: max-age=31622400
x-pantheon-styx-hostname: styx-fe4-b-7997d8f9fb-mff56
x-styx-req-id: f36dbdbd-f355-11ee-9778-2aaa3e620e5b
date: Fri, 26 Apr 2024 08:43:04 GMT
x-served-by: cache-chi-klot8100031-CHI, cache-hel1410028-HEL
x-cache: HIT, HIT
x-cache-hits: 0, 0
x-timer: S1714120985.866470,VS0,VE3
age: 1794887
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish
content-length: 1119
X-Firefox-Spdy: h2
|
|
| usability.yale.edu/sites/all/themes/yalenew_base/images/favicon.ico | 23.185.0.4 | | 1.1 kB |
URL GET usability.yale.edu/sites/all/themes/yalenew_base/images/favicon.ico IP23.185.0.4:0
CertificateIssuerLet's Encrypt Subjectusability.yale.edu Fingerprint3C:F5:B0:38:EB:7E:B7:F1:8D:39:FE:C2:61:73:0D:55:BC:FA:D6:47 ValidityFri, 15 Mar 2024 00:42:45 GMT - Thu, 13 Jun 2024 00:42:44 GMT
File typeMS Windows icon resource - 5 icons, 64x64, 8 bits/pixel, 48x48, 8 bits/pixel Hash3fb45c08ba02bdcb0258aa23884cb22b 66cd0f26c030c1417920600eb8e10fdfe29ce8a8 f69997d09d630910e66eff13cdbf1ea5895733bcfece3c7f17515f5d59be6d29
GET /sites/all/themes/yalenew_base/images/favicon.ico HTTP/1.1
Host: usability.yale.edu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://128.36.64.127/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: max-age=31622400
content-type: image/x-icon
etag: "661155e1-39fe"
expires: Tue, 08 Apr 2025 07:49:20 GMT
last-modified: Sat, 06 Apr 2024 14:02:09 GMT
server: nginx
strict-transport-security: max-age=31622400
x-pantheon-styx-hostname: styx-fe4-b-7997d8f9fb-ddvzb
x-styx-req-id: 581daef3-f4b3-11ee-9a14-56fdaa3a1a0c
content-encoding: gzip
date: Fri, 26 Apr 2024 08:43:04 GMT
x-served-by: cache-chi-klot8100175-CHI, cache-hel1410028-HEL
x-cache: HIT, HIT
x-cache-hits: 0, 0
x-timer: S1714120985.879865,VS0,VE3
vary: Accept-Encoding
age: 1644823
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish
content-length: 1121
X-Firefox-Spdy: h2
|
|