{"report_id":"1e8d533f-cb8b-474d-8966-c5a1e3b98490","version":0,"status":"done","tags":["fedex","logistics","phishing"],"date":"2026-06-22T10:11:24Z","url":{"schema":"http","addr":"lms.beexfit-academy.com/app","fqdn":"lms.beexfit-academy.com","domain":"beexfit-academy.com","tld":"com"},"ip":{"addr":"185.125.27.76","port":0,"asn":29222,"as":"Infomaniak Network SA","country":"Switzerland","country_code":"CH"},"final":{"url":{"schema":"https","addr":"lms.beexfit-academy.com/app/","fqdn":"lms.beexfit-academy.com","domain":"beexfit-academy.com","tld":"com"},"title":"FedEx Info | FedEx","dom":{"size":32323,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"14cf28a8a7910459c9b0001784b586b0","sha1":"3b9000ce4b1cf05ef24ba7c1a8f455058846b269","sha256":"1c8d7acb58b6fb1bf6c24cfe0603276398c8bfa0f846001d2073627d1b4bffd6","sha512":"a2a0a547f913716edf1b70c50e5fe52019a1bebbb64983a7454479ff81d0b76bc660022a47d1fdf9c5883d9229da6f61218defb0538a84aead19e663243b49df","ssdeep":"192:79rjC9n4kcyvidcybN7VupIu81L3mcSr+8KurLj:79rjC9iN7VJu81L3J0+8Kurn","tlshash":"b6e2dc10a8f4dcb240fb58da55629e2a9cf98703e1550289fa5d8bf60fb3d6ecb33514","dom_hash":"domhashfb9a4b4b808a4b7fa55345cb6aeaa798","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"lms.beexfit-academy.com/app","fqdn":"lms.beexfit-academy.com","domain":"beexfit-academy.com","tld":"com"},"ip":{"addr":"185.125.27.76","port":0,"asn":29222,"as":"Infomaniak Network SA","country":"Switzerland","country_code":"CH"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-27T10:11:24Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"lms.beexfit-academy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"lms.beexfit-academy.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - FedEx","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with FedEx phishing","tags":["fedex","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - FedEx","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with FedEx phishing","tags":["fedex","logistics","phishing"],"meta":null}]},"summary":[{"fqdn":"lms.beexfit-academy.com","ip":{"addr":"185.125.27.76","port":443,"asn":29222,"as":"Infomaniak Network SA","country":"Switzerland","country_code":"CH"},"domain_registered":"2025-02-24","domain_rank":0,"first_seen":"2026-06-22T00:58:37.029561Z","last_seen":"2026-06-22T00:58:37.029561Z","alert_count":39,"request_count":13,"received_data":400539,"sent_data":7083,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jQuery:3.5.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"pro.fontawesome.com","ip":{"addr":"172.64.147.188","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-10-18","domain_rank":56192,"first_seen":"2018-03-17T18:03:41Z","last_seen":"2026-06-19T04:02:57.525519Z","alert_count":0,"request_count":1,"received_data":156855,"sent_data":521,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.fedex.com","ip":{"addr":"95.101.10.171","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"1991-02-26","domain_rank":8945,"first_seen":"2012-05-22T08:55:43Z","last_seen":"2026-06-19T13:25:27.138067Z","alert_count":0,"request_count":1,"received_data":5990,"sent_data":558,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - FedEx","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with FedEx phishing","tags":["fedex","logistics","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"lms.beexfit-academy.com/app/js/html5shiv.min.js","fqdn":"lms.beexfit-academy.com","domain":"beexfit-academy.com","tld":"com"},"ip":{"addr":"185.125.27.76","port":443,"asn":29222,"as":"Infomaniak Network SA","country":"Switzerland","country_code":"CH"},"introduction_type":"scriptElement","is_inline":false,"md5":"40bd440d29b3a9371b0c63fec41ee64f","sha1":"e790c26449c57de298923c686cb3434d1d461a1d","sha256":"dc9cbf19b48bae0d28f72e59e67d6ec34ab1644087ec2e8e42954180d1586b48","sha512":"50326d2577f37ec88f3e09c8e52d74d3414f2c11cc86fcc0317d7923ea86d84d8e0330bd3f527353024e7e7ca95e2387ecc44f6aace13db0460cd363ef305fa0","ssdeep":"","tlshash":"4751a8857062714a8b2f11ab917f970ff5e452a6d8580060d0e9c87cf930df8c2bbf65","size":2730,"data":"","first_seen":"2023-03-07T12:03:04Z","last_seen":"2026-07-16T21:17:23.345582Z","times_seen":1759,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lms.beexfit-academy.com/app/js/respond.min.js","fqdn":"lms.beexfit-academy.com","domain":"beexfit-academy.com","tld":"com"},"ip":{"addr":"185.125.27.76","port":443,"asn":29222,"as":"Infomaniak Network SA","country":"Switzerland","country_code":"CH"},"introduction_type":"scriptElement","is_inline":false,"md5":"78915bb8b3dd6696d3842d82ed48b104","sha1":"504cce482567765d63843d7b9d00c4195109c449","sha256":"1944a255577a8ed66ae984c6f6356281ff6f29dc84a2af6f1facf258c7dab62e","sha512":"fae71ebe045ce6a2c190b47bda2a0dd9f042c659c8225f566a31ddf1872de61048b99efcb9d9dfb02860e5304940b30c1dfcfdc00c96424f6e97374738139fcf","ssdeep":"96:fmeKAql8GALKZ2sdX0MVrpezoG3+gTYkhs7/tQMBze2EOgSUHB75h0:fnqSGTZbvVrpezoVgdSjtQMle2EOgSIc","tlshash":"a891c8a422203548e2ea3825967f4226f8739cb575584890d515e8b83da8fed10f7ff7","size":4593,"data":"","first_seen":"2023-03-07T12:03:04Z","last_seen":"2026-07-16T16:47:33.899161Z","times_seen":453,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lms.beexfit-academy.com/app/js/jquery-3.5.1.min.js","fqdn":"lms.beexfit-academy.com","domain":"beexfit-academy.com","tld":"com"},"ip":{"addr":"185.125.27.76","port":443,"asn":29222,"as":"Infomaniak Network SA","country":"Switzerland","country_code":"CH"},"introduction_type":"scriptElement","is_inline":false,"md5":"dc5e7f18c8d36ac1d3d4753a87c98d0a","sha1":"c8e1c8b386dc5b7a9184c763c88d19a346eb3342","sha256":"f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d","sha512":"6cb4f4426f559c06190df97229c05a436820d21498350ac9f118a5625758435171418a022ed523bae46e668f9f8ea871feab6aff58ad2740b67a30f196d65516","ssdeep":"1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakF:AYh8eip3huuf6IidlrvakdtQ47GK1","tlshash":"a993f9ddb2c6702257a720ba007f510bf236199d6c4d8450f265d8e9bcb8a4e827bf7d","size":89476,"data":"","first_seen":"2023-03-07T01:02:01Z","last_seen":"2026-07-17T17:44:18.797847Z","times_seen":260974,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lms.beexfit-academy.com/app/js/bootstrap.min.js","fqdn":"lms.beexfit-academy.com","domain":"beexfit-academy.com","tld":"com"},"ip":{"addr":"185.125.27.76","port":443,"asn":29222,"as":"Infomaniak Network SA","country":"Switzerland","country_code":"CH"},"introduction_type":"scriptElement","is_inline":false,"md5":"cabc5d07dec4c381f521bbcd41c009db","sha1":"ca329d086682a4d75b5528d326a66a6d3fffab13","sha256":"2909d4fa86cf09191e768576e1a6eab7f2635a2627549c45d29595ffac9c0da9","sha512":"66f6e36c99f2b57f526b4dff01c6cffe787d2bde6d6abe11d080314d2da08760a18889de7ebd6bec4a675429694d650437b55aaef12c1f7aaebe463587474016","ssdeep":"768:+hkw5E0MWirtTVU4t8GMqm7MT8VbdPyqzgqqqLWpeki3iMFpnkIID0Jhp6zvsv1z:+Z2TTktMqTiaDkIxIzcn","tlshash":"ef538249b254787206df747a817b460bb73a2899a046813cb97ad8dd1f7cc893173fb8","size":62411,"data":"","first_seen":"2023-03-07T01:02:38Z","last_seen":"2026-07-16T16:47:33.893015Z","times_seen":2503,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"lms.beexfit-academy.com/app/js/respond.min.js","fqdn":"lms.beexfit-academy.com","domain":"beexfit-academy.com","tld":"com"},"ip":{"addr":"185.125.27.76","port":443,"asn":29222,"as":"Infomaniak Network SA","country":"Switzerland","country_code":"CH"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://lms.beexfit-academy.com/app/","date":"2026-06-22T10:10:58.521Z","timestamp":1782123058521,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lms.beexfit-academy.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 12 May 2026 19:42:18 GMT","end":"Mon, 10 Aug 2026 19:42:17 GMT"},"fingerprint":{"sha1":"12:DF:55:8A:CE:2A:3F:CF:92:10:31:2B:06:7C:CB:F5:63:CA:E0:7D","sha256":"0A:E7:0B:63:EF:35:2B:D8:E0:8D:4B:14:45:9E:BC:CB:03:E6:CB:6B:E1:DC:F4:B1:1E:9F:D0:BF:9F:2A:46:86"}}},"request":{"raw":"GET /app/js/respond.min.js HTTP/1.1\r\nHost: lms.beexfit-academy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://lms.beexfit-academy.com/app/\r\nCookie: PHPSESSID=43935c12baf70187f73ede7125cf2ccb\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Mon, 22 Jun 2026 10:10:58 GMT\r\nserver: Apache\r\nstrict-transport-security: max-age=16000000\r\nlast-modified: Fri, 27 Jan 2017 05:50:18 GMT\r\netag: \"11f1-5470d0a639a80-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 2218\r\ncontent-type: application/javascript\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":4593,"size_decoded":2559,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (4453)","md5":"78915bb8b3dd6696d3842d82ed48b104","sha1":"504cce482567765d63843d7b9d00c4195109c449","sha256":"1944a255577a8ed66ae984c6f6356281ff6f29dc84a2af6f1facf258c7dab62e","sha512":"fae71ebe045ce6a2c190b47bda2a0dd9f042c659c8225f566a31ddf1872de61048b99efcb9d9dfb02860e5304940b30c1dfcfdc00c96424f6e97374738139fcf","ssdeep":"96:fmeKAql8GALKZ2sdX0MVrpezoG3+gTYkhs7/tQMBze2EOgSUHB75h0:fnqSGTZbvVrpezoVgdSjtQMle2EOgSIc","tlshash":"a891c8a422203548e2ea3825967f4226f8739cb575584890d515e8b83da8fed10f7ff7","first_seen":"2023-03-07T12:03:04Z","last_seen":"2026-07-16T16:47:33.899161Z","times_seen":453,"resource_available":true,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"lms.beexfit-academy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"lms.beexfit-academy.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - FedEx","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with FedEx phishing","tags":["fedex","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"lms.beexfit-academy.com/app/js/jquery-3.5.1.min.js","fqdn":"lms.beexfit-academy.com","domain":"beexfit-academy.com","tld":"com"},"ip":{"addr":"185.125.27.76","port":443,"asn":29222,"as":"Infomaniak Network SA","country":"Switzerland","country_code":"CH"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://lms.beexfit-academy.com/app/","date":"2026-06-22T10:10:58.815Z","timestamp":1782123058815,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lms.beexfit-academy.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 12 May 2026 19:42:18 GMT","end":"Mon, 10 Aug 2026 19:42:17 GMT"},"fingerprint":{"sha1":"12:DF:55:8A:CE:2A:3F:CF:92:10:31:2B:06:7C:CB:F5:63:CA:E0:7D","sha256":"0A:E7:0B:63:EF:35:2B:D8:E0:8D:4B:14:45:9E:BC:CB:03:E6:CB:6B:E1:DC:F4:B1:1E:9F:D0:BF:9F:2A:46:86"}}},"request":{"raw":"GET /app/js/jquery-3.5.1.min.js HTTP/1.1\r\nHost: lms.beexfit-academy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://lms.beexfit-academy.com/app/\r\nCookie: PHPSESSID=43935c12baf70187f73ede7125cf2ccb\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Mon, 22 Jun 2026 10:10:58 GMT\r\nserver: Apache\r\nstrict-transport-security: max-age=16000000\r\nlast-modified: Tue, 24 Nov 2020 00:18:24 GMT\r\netag: \"15d84-5b4cf3fbaf400-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 30910\r\ncontent-type: application/javascript\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":89476,"size_decoded":31253,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65451)","md5":"dc5e7f18c8d36ac1d3d4753a87c98d0a","sha1":"c8e1c8b386dc5b7a9184c763c88d19a346eb3342","sha256":"f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d","sha512":"6cb4f4426f559c06190df97229c05a436820d21498350ac9f118a5625758435171418a022ed523bae46e668f9f8ea871feab6aff58ad2740b67a30f196d65516","ssdeep":"1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakF:AYh8eip3huuf6IidlrvakdtQ47GK1","tlshash":"a993f9ddb2c6702257a720ba007f510bf236199d6c4d8450f265d8e9bcb8a4e827bf7d","first_seen":"2023-03-07T01:02:01Z","last_seen":"2026-07-17T17:44:18.797847Z","times_seen":260974,"resource_available":true,"data":null}},"time_used":87,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":87,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"lms.beexfit-academy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"lms.beexfit-academy.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - FedEx","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with FedEx phishing","tags":["fedex","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"lms.beexfit-academy.com/app","fqdn":"lms.beexfit-academy.com","domain":"beexfit-academy.com","tld":"com"},"ip":{"addr":"185.125.27.76","port":443,"asn":29222,"as":"Infomaniak Network SA","country":"Switzerland","country_code":"CH"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-22T10:10:57.875Z","timestamp":1782123057875,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lms.beexfit-academy.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 12 May 2026 19:42:18 GMT","end":"Mon, 10 Aug 2026 19:42:17 GMT"},"fingerprint":{"sha1":"12:DF:55:8A:CE:2A:3F:CF:92:10:31:2B:06:7C:CB:F5:63:CA:E0:7D","sha256":"0A:E7:0B:63:EF:35:2B:D8:E0:8D:4B:14:45:9E:BC:CB:03:E6:CB:6B:E1:DC:F4:B1:1E:9F:D0:BF:9F:2A:46:86"}}},"request":{"raw":"GET /app HTTP/1.1\r\nHost: lms.beexfit-academy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 \r\ndate: Mon, 22 Jun 2026 10:10:58 GMT\r\nserver: Apache\r\nstrict-transport-security: max-age=16000000\r\nlocation: https://lms.beexfit-academy.com/app/\r\ncontent-length: 284\r\ncontent-type: text/html; charset=iso-8859-1\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-17T17:40:25.636702Z","times_seen":17320310,"resource_available":true,"data":null}},"time_used":231,"timings":{"blocked":-1,"dns":89,"connect":44,"send":0,"wait":44,"receive":0,"ssl":53},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"lms.beexfit-academy.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"lms.beexfit-academy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - FedEx","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with FedEx phishing","tags":["fedex","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"lms.beexfit-academy.com/app/js/html5shiv.min.js","fqdn":"lms.beexfit-academy.com","domain":"beexfit-academy.com","tld":"com"},"ip":{"addr":"185.125.27.76","port":443,"asn":29222,"as":"Infomaniak Network SA","country":"Switzerland","country_code":"CH"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://lms.beexfit-academy.com/app/","date":"2026-06-22T10:10:58.520Z","timestamp":1782123058520,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lms.beexfit-academy.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 12 May 2026 19:42:18 GMT","end":"Mon, 10 Aug 2026 19:42:17 GMT"},"fingerprint":{"sha1":"12:DF:55:8A:CE:2A:3F:CF:92:10:31:2B:06:7C:CB:F5:63:CA:E0:7D","sha256":"0A:E7:0B:63:EF:35:2B:D8:E0:8D:4B:14:45:9E:BC:CB:03:E6:CB:6B:E1:DC:F4:B1:1E:9F:D0:BF:9F:2A:46:86"}}},"request":{"raw":"GET /app/js/html5shiv.min.js HTTP/1.1\r\nHost: lms.beexfit-academy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://lms.beexfit-academy.com/app/\r\nCookie: PHPSESSID=43935c12baf70187f73ede7125cf2ccb\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Mon, 22 Jun 2026 10:10:58 GMT\r\nserver: Apache\r\nstrict-transport-security: max-age=16000000\r\nlast-modified: Mon, 21 Aug 2017 20:37:38 GMT\r\netag: \"aaa-55749730cc880-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 1348\r\ncontent-type: application/javascript\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":2730,"size_decoded":1688,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2639)","md5":"40bd440d29b3a9371b0c63fec41ee64f","sha1":"e790c26449c57de298923c686cb3434d1d461a1d","sha256":"dc9cbf19b48bae0d28f72e59e67d6ec34ab1644087ec2e8e42954180d1586b48","sha512":"50326d2577f37ec88f3e09c8e52d74d3414f2c11cc86fcc0317d7923ea86d84d8e0330bd3f527353024e7e7ca95e2387ecc44f6aace13db0460cd363ef305fa0","ssdeep":"","tlshash":"4751a8857062714a8b2f11ab917f970ff5e452a6d8580060d0e9c87cf930df8c2bbf65","first_seen":"2023-03-07T12:03:04Z","last_seen":"2026-07-16T21:17:23.345582Z","times_seen":1759,"resource_available":true,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"lms.beexfit-academy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"lms.beexfit-academy.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - FedEx","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with FedEx phishing","tags":["fedex","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"pro.fontawesome.com/releases/v5.10.0/css/all.css","fqdn":"pro.fontawesome.com","domain":"fontawesome.com","tld":"com"},"ip":{"addr":"172.64.147.188","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://lms.beexfit-academy.com/app/","date":"2026-06-22T10:10:58.811Z","timestamp":1782123058811,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fontawesome.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Jun 2026 22:11:17 GMT","end":"Sat, 12 Sep 2026 23:11:14 GMT"},"fingerprint":{"sha1":"5F:59:20:85:C5:A0:F2:76:30:C4:8D:DA:FB:31:7C:05:93:3C:16:93","sha256":"C0:AB:A6:29:FC:00:73:C0:2F:17:52:AA:D7:E8:27:80:98:13:B4:AB:F6:09:35:46:3E:53:8E:61:E3:6F:47:67"}}},"request":{"raw":"GET /releases/v5.10.0/css/all.css HTTP/1.1\r\nHost: pro.fontawesome.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nOrigin: https://lms.beexfit-academy.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://lms.beexfit-academy.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Mon, 22 Jun 2026 10:11:02 GMT\r\ncontent-type: text/css\r\nx-amz-id-2: JsOOyiusGB0cbNEGJrbEG6qRi5iUgvl0nHWqRMI29GD2oPUawBjhqBf37UgWWFCBWi4YamF5Ab4=\r\nx-amz-request-id: 15C710S46V3JVVBV\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET\r\naccess-control-max-age: 3000\r\nvary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method\r\nlast-modified: Mon, 28 Jun 2021 16:54:32 GMT\r\ncf-cache-status: HIT\r\ncache-control: max-age=31556926\r\nserver: cloudflare\r\nage: 55469\r\netag: W/\"aa1272633e7e552395d147a499bad186\"\r\ncontent-encoding: gzip\r\ncf-ray: a0fa77721dd256c6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":156228,"size_decoded":30286,"mime_type":"text/css","magic":"ASCII text, with very long lines (65393)","md5":"aa1272633e7e552395d147a499bad186","sha1":"ddbccb0011dd4868a013b1dcbdb836b7213eb41d","sha256":"2af905d92cfd34b5413126a54f639da408166cbbcb54318e413ad5e10b5bf6ec","sha512":"886ddfc7252269b42b0adfd5f4e47da0cd6ccb9b0b3ea18c015b1e4edb1eb1f55cf49728fdcdd151949256851c72cc555cd7f6408a5638595f26d0caf86ffbdc","ssdeep":"1536:KgvcfQ4aNi7HHQZD0bMSPCDTdV3dWGFIiboA+8Ieiy6BauXZG817fgFSkAmYdAT/:DcI4aY7QN0bjPerGuHuXkz","tlshash":"bae371b5d41d01da7726c60fab01b27a98f6f738d5810e4ae0cb4c5e1de2b9811c9bed","first_seen":"2023-04-05T22:29:58Z","last_seen":"2026-07-17T00:29:36.96911Z","times_seen":5330,"resource_available":false,"data":null}},"time_used":3295,"timings":{"blocked":-1,"dns":13,"connect":9,"send":0,"wait":12,"receive":0,"ssl":3261},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lms.beexfit-academy.com/app/image/canada.png","fqdn":"lms.beexfit-academy.com","domain":"beexfit-academy.com","tld":"com"},"ip":{"addr":"185.125.27.76","port":443,"asn":29222,"as":"Infomaniak Network SA","country":"Switzerland","country_code":"CH"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lms.beexfit-academy.com/app/","date":"2026-06-22T10:10:58.845Z","timestamp":1782123058845,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lms.beexfit-academy.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 12 May 2026 19:42:18 GMT","end":"Mon, 10 Aug 2026 19:42:17 GMT"},"fingerprint":{"sha1":"12:DF:55:8A:CE:2A:3F:CF:92:10:31:2B:06:7C:CB:F5:63:CA:E0:7D","sha256":"0A:E7:0B:63:EF:35:2B:D8:E0:8D:4B:14:45:9E:BC:CB:03:E6:CB:6B:E1:DC:F4:B1:1E:9F:D0:BF:9F:2A:46:86"}}},"request":{"raw":"GET /app/image/canada.png HTTP/1.1\r\nHost: lms.beexfit-academy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://lms.beexfit-academy.com/app/\r\nCookie: PHPSESSID=43935c12baf70187f73ede7125cf2ccb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Mon, 22 Jun 2026 10:10:58 GMT\r\nserver: Apache\r\nstrict-transport-security: max-age=16000000\r\nlast-modified: Mon, 04 Oct 2021 23:04:58 GMT\r\netag: \"3c4-5cd8ef11fda80\"\r\naccept-ranges: bytes\r\ncontent-length: 964\r\ncontent-type: image/png\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":964,"size_decoded":1238,"mime_type":"image/png","magic":"PNG image data, 113 x 22, 8-bit/color RGBA, non-interlaced","md5":"bc6fcddd08d68beb2a6d438c8c625cdd","sha1":"6f6582383f450453985044e760d918e4e052118d","sha256":"a1c42b7d341f59fdffdb0615859ecefc71c18b1d40830a60c562b43fe683f0a8","sha512":"06bf82b16823978b8b948a05da5446e1a5829074227c2b764124b459989d31616a914dfee6154c7af16d6402d75eeeca2484a5e83e8976d295000d53c3bceddb","ssdeep":"","tlshash":"c61194d02445fd9a96f0dae28bb4473af12f8e143a21a725210dca984d70f548428201","first_seen":"2023-04-30T20:19:19Z","last_seen":"2026-07-16T16:47:33.900665Z","times_seen":147,"resource_available":false,"data":null}},"time_used":57,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":57,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"lms.beexfit-academy.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"lms.beexfit-academy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - FedEx","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with FedEx phishing","tags":["fedex","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"lms.beexfit-academy.com/app/","fqdn":"lms.beexfit-academy.com","domain":"beexfit-academy.com","tld":"com"},"ip":{"addr":"185.125.27.76","port":443,"asn":29222,"as":"Infomaniak Network SA","country":"Switzerland","country_code":"CH"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-22T10:10:58.115Z","timestamp":1782123058115,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lms.beexfit-academy.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 12 May 2026 19:42:18 GMT","end":"Mon, 10 Aug 2026 19:42:17 GMT"},"fingerprint":{"sha1":"12:DF:55:8A:CE:2A:3F:CF:92:10:31:2B:06:7C:CB:F5:63:CA:E0:7D","sha256":"0A:E7:0B:63:EF:35:2B:D8:E0:8D:4B:14:45:9E:BC:CB:03:E6:CB:6B:E1:DC:F4:B1:1E:9F:D0:BF:9F:2A:46:86"}}},"request":{"raw":"GET /app/ HTTP/1.1\r\nHost: lms.beexfit-academy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Mon, 22 Jun 2026 10:10:58 GMT\r\nserver: Apache\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nset-cookie: PHPSESSID=43935c12baf70187f73ede7125cf2ccb; path=/\r\nstrict-transport-security: max-age=16000000\r\nvary: X-FORWARDED-PROTO,Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 4632\r\ncontent-type: text/html; charset=UTF-8\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jQuery:3.5.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":32888,"size_decoded":5066,"mime_type":"text/html; charset=UTF-8","magic":"HTML document text HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"92bfc0a7befde04eba00934dfa36ffa9","sha1":"e640206dd150832c2ca8e8765818cd7c82f10de7","sha256":"fc7d26aa38541247da9f3c62c3741bca07c52bb063e275483be31816464e29cb","sha512":"e5e13a3bf4ec7c747e68beb82c1e5aad8e51079cb1648288c9bdba36cb2ffb5624d28e6ac0172e34ac7752bb17e56dc073c629859a68ae5189b994479d3f6dd2","ssdeep":"192:ckZ1Zlc/3pLhl1uj1EVzkLG8xHSNntdo4Itgb:c81ZH1EVcG8xHSpro4Itgb","tlshash":"24e2ca1068d4d812a0fb99d949629e2afdb98303c2554689fa9e93f70fb3d3dcb33514","first_seen":"2023-04-12T08:51:14Z","last_seen":"2026-07-16T16:47:33.894673Z","times_seen":96,"resource_available":true,"data":null}},"time_used":45,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":45,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"lms.beexfit-academy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"lms.beexfit-academy.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - FedEx","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with FedEx phishing","tags":["fedex","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"lms.beexfit-academy.com/app/css/bootstrap.css","fqdn":"lms.beexfit-academy.com","domain":"beexfit-academy.com","tld":"com"},"ip":{"addr":"185.125.27.76","port":443,"asn":29222,"as":"Infomaniak Network SA","country":"Switzerland","country_code":"CH"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://lms.beexfit-academy.com/app/","date":"2026-06-22T10:10:58.515Z","timestamp":1782123058515,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lms.beexfit-academy.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 12 May 2026 19:42:18 GMT","end":"Mon, 10 Aug 2026 19:42:17 GMT"},"fingerprint":{"sha1":"12:DF:55:8A:CE:2A:3F:CF:92:10:31:2B:06:7C:CB:F5:63:CA:E0:7D","sha256":"0A:E7:0B:63:EF:35:2B:D8:E0:8D:4B:14:45:9E:BC:CB:03:E6:CB:6B:E1:DC:F4:B1:1E:9F:D0:BF:9F:2A:46:86"}}},"request":{"raw":"GET /app/css/bootstrap.css HTTP/1.1\r\nHost: lms.beexfit-academy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://lms.beexfit-academy.com/app/\r\nCookie: PHPSESSID=43935c12baf70187f73ede7125cf2ccb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Mon, 22 Jun 2026 10:10:58 GMT\r\nserver: Apache\r\nstrict-transport-security: max-age=16000000\r\nlast-modified: Mon, 07 Dec 2020 15:50:12 GMT\r\netag: \"2f1f7-5b5e1c80b3500-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 24828\r\ncontent-type: text/css\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":193015,"size_decoded":25157,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (560)","md5":"052dfc723bbdf659b1528e37b1472301","sha1":"a06f1b5340a4dceaa9a8e044d0248ab48fcb7e17","sha256":"0c159070e198b7ed2a9162d6c9751f5914ff62803914d8512d60b1f5ffde4334","sha512":"99a22fd4a93d74eca1883c15ee63799eee662428db0371a26003d14988c9bf8300597835b38637aa2c5961e9dde3b8e67eb371609e2e68e62ddaa62bdd792a97","ssdeep":"1536:Hgwcfq/zc1+QI/Rhi4De5j9p7AC2LdQVUaryWrSPUKO5kIl8d/ALfLNLy:Hpc178d/ALfLNLy","tlshash":"10140f9dfdf118087057956864dbbbf57b7e4086d20ece7a76e23264cf493c18c62a88","first_seen":"2023-04-05T04:36:20Z","last_seen":"2026-07-16T16:47:33.902772Z","times_seen":1215,"resource_available":false,"data":null}},"time_used":94,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":89,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"lms.beexfit-academy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"lms.beexfit-academy.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - FedEx","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with FedEx phishing","tags":["fedex","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"lms.beexfit-academy.com/app/js/bootstrap.min.js","fqdn":"lms.beexfit-academy.com","domain":"beexfit-academy.com","tld":"com"},"ip":{"addr":"185.125.27.76","port":443,"asn":29222,"as":"Infomaniak Network SA","country":"Switzerland","country_code":"CH"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://lms.beexfit-academy.com/app/","date":"2026-06-22T10:10:58.816Z","timestamp":1782123058816,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lms.beexfit-academy.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 12 May 2026 19:42:18 GMT","end":"Mon, 10 Aug 2026 19:42:17 GMT"},"fingerprint":{"sha1":"12:DF:55:8A:CE:2A:3F:CF:92:10:31:2B:06:7C:CB:F5:63:CA:E0:7D","sha256":"0A:E7:0B:63:EF:35:2B:D8:E0:8D:4B:14:45:9E:BC:CB:03:E6:CB:6B:E1:DC:F4:B1:1E:9F:D0:BF:9F:2A:46:86"}}},"request":{"raw":"GET /app/js/bootstrap.min.js HTTP/1.1\r\nHost: lms.beexfit-academy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://lms.beexfit-academy.com/app/\r\nCookie: PHPSESSID=43935c12baf70187f73ede7125cf2ccb\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Mon, 22 Jun 2026 10:10:58 GMT\r\nserver: Apache\r\nstrict-transport-security: max-age=16000000\r\nlast-modified: Mon, 07 Dec 2020 15:50:12 GMT\r\netag: \"f3cb-5b5e1c80b3500-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 16021\r\ncontent-type: application/javascript\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":62411,"size_decoded":16363,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (62126)","md5":"cabc5d07dec4c381f521bbcd41c009db","sha1":"ca329d086682a4d75b5528d326a66a6d3fffab13","sha256":"2909d4fa86cf09191e768576e1a6eab7f2635a2627549c45d29595ffac9c0da9","sha512":"66f6e36c99f2b57f526b4dff01c6cffe787d2bde6d6abe11d080314d2da08760a18889de7ebd6bec4a675429694d650437b55aaef12c1f7aaebe463587474016","ssdeep":"768:+hkw5E0MWirtTVU4t8GMqm7MT8VbdPyqzgqqqLWpeki3iMFpnkIID0Jhp6zvsv1z:+Z2TTktMqTiaDkIxIzcn","tlshash":"ef538249b254787206df747a817b460bb73a2899a046813cb97ad8dd1f7cc893173fb8","first_seen":"2023-03-07T01:02:38Z","last_seen":"2026-07-16T16:47:33.893015Z","times_seen":2503,"resource_available":true,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"lms.beexfit-academy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"lms.beexfit-academy.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - FedEx","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with FedEx phishing","tags":["fedex","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"lms.beexfit-academy.com/app/image/logo.png","fqdn":"lms.beexfit-academy.com","domain":"beexfit-academy.com","tld":"com"},"ip":{"addr":"185.125.27.76","port":443,"asn":29222,"as":"Infomaniak Network SA","country":"Switzerland","country_code":"CH"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lms.beexfit-academy.com/app/","date":"2026-06-22T10:10:58.834Z","timestamp":1782123058834,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lms.beexfit-academy.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 12 May 2026 19:42:18 GMT","end":"Mon, 10 Aug 2026 19:42:17 GMT"},"fingerprint":{"sha1":"12:DF:55:8A:CE:2A:3F:CF:92:10:31:2B:06:7C:CB:F5:63:CA:E0:7D","sha256":"0A:E7:0B:63:EF:35:2B:D8:E0:8D:4B:14:45:9E:BC:CB:03:E6:CB:6B:E1:DC:F4:B1:1E:9F:D0:BF:9F:2A:46:86"}}},"request":{"raw":"GET /app/image/logo.png HTTP/1.1\r\nHost: lms.beexfit-academy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://lms.beexfit-academy.com/app/\r\nCookie: PHPSESSID=43935c12baf70187f73ede7125cf2ccb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Mon, 22 Jun 2026 10:10:58 GMT\r\nserver: Apache\r\nstrict-transport-security: max-age=16000000\r\nlast-modified: Mon, 04 Oct 2021 14:58:06 GMT\r\netag: \"ef9-5cd8823f41b80\"\r\naccept-ranges: bytes\r\ncontent-length: 3833\r\ncontent-type: image/png\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3833,"size_decoded":4108,"mime_type":"image/png","magic":"PNG image data, 92 x 26, 8-bit/color RGBA, non-interlaced","md5":"1db90a4ce474d6d90842744e5003bcc5","sha1":"c2dcc1c0fce9080f1540f94bb2a0014f2cc44889","sha256":"9f8ae5767c7da740d0e60bf68fc6c1a53bccb8802abe086d46c919b3617d7d47","sha512":"a0d808ef9cf189997ae61636638f8e01247e67a9e7b4e13e3a701eda62195ffdaf69d1203bce761666e13bb5e89f83eb72ce987ea47e1e1918b1ed7b70846643","ssdeep":"","tlshash":"99814a85faa02d9ba7f9f41328d7a303ff1fd80044e5a2b25cd7e4650818af4e6588dd","first_seen":"2023-04-30T20:19:19Z","last_seen":"2026-07-16T16:47:33.887703Z","times_seen":150,"resource_available":false,"data":null}},"time_used":67,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":67,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"lms.beexfit-academy.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"lms.beexfit-academy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - FedEx","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with FedEx phishing","tags":["fedex","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"lms.beexfit-academy.com/app/image/search.png","fqdn":"lms.beexfit-academy.com","domain":"beexfit-academy.com","tld":"com"},"ip":{"addr":"185.125.27.76","port":443,"asn":29222,"as":"Infomaniak Network SA","country":"Switzerland","country_code":"CH"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lms.beexfit-academy.com/app/","date":"2026-06-22T10:10:58.839Z","timestamp":1782123058839,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lms.beexfit-academy.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 12 May 2026 19:42:18 GMT","end":"Mon, 10 Aug 2026 19:42:17 GMT"},"fingerprint":{"sha1":"12:DF:55:8A:CE:2A:3F:CF:92:10:31:2B:06:7C:CB:F5:63:CA:E0:7D","sha256":"0A:E7:0B:63:EF:35:2B:D8:E0:8D:4B:14:45:9E:BC:CB:03:E6:CB:6B:E1:DC:F4:B1:1E:9F:D0:BF:9F:2A:46:86"}}},"request":{"raw":"GET /app/image/search.png HTTP/1.1\r\nHost: lms.beexfit-academy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://lms.beexfit-academy.com/app/\r\nCookie: PHPSESSID=43935c12baf70187f73ede7125cf2ccb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Mon, 22 Jun 2026 10:10:58 GMT\r\nserver: Apache\r\nstrict-transport-security: max-age=16000000\r\nlast-modified: Mon, 04 Oct 2021 20:08:44 GMT\r\netag: \"85a-5cd8c7add6b00\"\r\naccept-ranges: bytes\r\ncontent-length: 2138\r\ncontent-type: image/png\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2138,"size_decoded":2413,"mime_type":"image/png","magic":"PNG image data, 211 x 28, 8-bit/color RGBA, non-interlaced","md5":"ca6c158ea3aa13f92b975c48936b8916","sha1":"c05c8bbdc03ad576e2432d0459e66bd61b60b9b5","sha256":"c071ec308404a22b060a1266d3d836c545c88a3a8afd8e29db699acd15f1cabc","sha512":"c1ffaedea511181ff824e472615271da8050ce09a8afed7d443ae4c60f44472d3f1d83413c6fc1a1f4f3cd3f17c27e1bbd7ede22f3582ea2bcd93ca7916c007e","ssdeep":"","tlshash":"a8411ae31a0a69d47f3114260b0695f0e5f959da708d9031edfa289f67fece3180fa16","first_seen":"2023-04-30T20:19:19Z","last_seen":"2026-07-16T16:47:33.888952Z","times_seen":167,"resource_available":false,"data":null}},"time_used":63,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":63,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"lms.beexfit-academy.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"lms.beexfit-academy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - FedEx","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with FedEx phishing","tags":["fedex","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"lms.beexfit-academy.com/app/image/media.png","fqdn":"lms.beexfit-academy.com","domain":"beexfit-academy.com","tld":"com"},"ip":{"addr":"185.125.27.76","port":443,"asn":29222,"as":"Infomaniak Network SA","country":"Switzerland","country_code":"CH"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lms.beexfit-academy.com/app/","date":"2026-06-22T10:10:58.844Z","timestamp":1782123058844,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lms.beexfit-academy.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 12 May 2026 19:42:18 GMT","end":"Mon, 10 Aug 2026 19:42:17 GMT"},"fingerprint":{"sha1":"12:DF:55:8A:CE:2A:3F:CF:92:10:31:2B:06:7C:CB:F5:63:CA:E0:7D","sha256":"0A:E7:0B:63:EF:35:2B:D8:E0:8D:4B:14:45:9E:BC:CB:03:E6:CB:6B:E1:DC:F4:B1:1E:9F:D0:BF:9F:2A:46:86"}}},"request":{"raw":"GET /app/image/media.png HTTP/1.1\r\nHost: lms.beexfit-academy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://lms.beexfit-academy.com/app/\r\nCookie: PHPSESSID=43935c12baf70187f73ede7125cf2ccb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Mon, 22 Jun 2026 10:10:58 GMT\r\nserver: Apache\r\nstrict-transport-security: max-age=16000000\r\nlast-modified: Mon, 04 Oct 2021 22:56:34 GMT\r\netag: \"61e-5cd8ed3156c80\"\r\naccept-ranges: bytes\r\ncontent-length: 1566\r\ncontent-type: image/png\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1566,"size_decoded":1841,"mime_type":"image/png","magic":"PNG image data, 68 x 19, 8-bit/color RGBA, non-interlaced","md5":"a41afa7db420a45ee73680b53e34d0c6","sha1":"74790de0d9a731dcabdcf95856a82e7ae7853759","sha256":"2a032fa265ae439e56a80e3d76f47ac554380de3bfc817a857924d7ea48e1626","sha512":"b6e2045d02c55cf579a92bb7a56bae12a55659f8983867fb23e32c0881bd80d2a8b2db764d2efbc224b5172337bdc826d29159ba5ea90d05763da9ea22ed0ccc","ssdeep":"","tlshash":"77310a385231a95083204ac706de3937c89bd35067dc837c7960c8945adc6928b7ce94","first_seen":"2023-04-30T20:19:19Z","last_seen":"2026-07-16T16:47:33.901624Z","times_seen":190,"resource_available":false,"data":null}},"time_used":59,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":59,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"lms.beexfit-academy.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"lms.beexfit-academy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - FedEx","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with FedEx phishing","tags":["fedex","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"www.fedex.com/images/c/s1/fx-favicon.ico","fqdn":"www.fedex.com","domain":"fedex.com","tld":"com"},"ip":{"addr":"95.101.10.171","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lms.beexfit-academy.com/app/","date":"2026-06-22T10:11:00.125Z","timestamp":1782123060125,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.fedex.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA EV R36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 18 Feb 2026 00:00:00 GMT","end":"Sat, 05 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"1F:F2:68:29:DD:9D:98:5B:6D:1F:6A:00:91:0D:6B:9E:97:35:E9:6D","sha256":"47:F1:C2:2F:92:71:BD:D5:06:E0:A4:E2:B6:67:10:29:2F:74:A1:54:DE:4A:E5:9E:71:F6:CD:8F:24:90:14:DB"}}},"request":{"raw":"GET /images/c/s1/fx-favicon.ico HTTP/1.1\r\nHost: www.fedex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://lms.beexfit-academy.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: Apache\r\nlast-modified: Fri, 16 Sep 2016 14:47:16 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-credentials: true\r\nreferrer-policy: no-referrer-when-downgrade\r\ncontent-type: image/x-icon\r\ncontent-encoding: gzip\r\ncontent-length: 818\r\ncache-control: max-age=43867\r\nexpires: Mon, 22 Jun 2026 22:22:09 GMT\r\ndate: Mon, 22 Jun 2026 10:11:02 GMT\r\nvary: Accept-Encoding\r\nakamai-grn: 0.c60a655f.1782123062.2de3f1d5\r\nset-cookie: Rbt=f0; path=/\nfdx_bman=94d5c296780183d22f633d29101dc9ab; path=/; domain=.www.fedex.com; Secure\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":5430,"size_decoded":1378,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"a53129769d15f251d4e5c5cb966765b4","sha1":"043d6a7b9cca5d05aba04fc0a3f4527e3ad075e0","sha256":"eab1b9a0ef942d84e3a8ed8c3e3996acb7a46af9a0b9f914ced662bcbe0e54be","sha512":"149e9ecc344fc864c4f772acdbb6e00bdfc5399301922b58f137c14ac042f1c57775213dc6335c8d9cd39b7e9ef7982acfda29f2be794a8c0923ab4e6735792c","ssdeep":"24:EDfxncjMt+eDLLA0y3AoqJkYr2NjPx+nQjBpTTOBjEV1tdSnhajWljDXjX0XXjXL:cVDD4CExYjQEag07023H","tlshash":"06b1a709a638edd0d0a12a31c842d9fe0b25ed07e87c483b5a90ff8a777311c0e2568f","first_seen":"2023-04-30T20:19:19Z","last_seen":"2026-07-16T16:47:33.891771Z","times_seen":941,"resource_available":false,"data":null}},"time_used":2035,"timings":{"blocked":1997,"dns":0,"connect":1,"send":0,"wait":25,"receive":0,"ssl":12},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lms.beexfit-academy.com/app/css/test.css","fqdn":"lms.beexfit-academy.com","domain":"beexfit-academy.com","tld":"com"},"ip":{"addr":"185.125.27.76","port":443,"asn":29222,"as":"Infomaniak Network SA","country":"Switzerland","country_code":"CH"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://lms.beexfit-academy.com/app/","date":"2026-06-22T10:10:58.517Z","timestamp":1782123058517,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lms.beexfit-academy.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 12 May 2026 19:42:18 GMT","end":"Mon, 10 Aug 2026 19:42:17 GMT"},"fingerprint":{"sha1":"12:DF:55:8A:CE:2A:3F:CF:92:10:31:2B:06:7C:CB:F5:63:CA:E0:7D","sha256":"0A:E7:0B:63:EF:35:2B:D8:E0:8D:4B:14:45:9E:BC:CB:03:E6:CB:6B:E1:DC:F4:B1:1E:9F:D0:BF:9F:2A:46:86"}}},"request":{"raw":"GET /app/css/test.css HTTP/1.1\r\nHost: lms.beexfit-academy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://lms.beexfit-academy.com/app/\r\nCookie: PHPSESSID=43935c12baf70187f73ede7125cf2ccb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Mon, 22 Jun 2026 10:10:58 GMT\r\nserver: Apache\r\nstrict-transport-security: max-age=16000000\r\nlast-modified: Wed, 06 Oct 2021 01:07:14 GMT\r\netag: \"6c2-5cda4c439b480-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 629\r\ncontent-type: text/css\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":1730,"size_decoded":954,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"c47244d004471b285abbe628d2d16af7","sha1":"d24cbb6caa90b9a7fac4afe4d77c8078f4f502a4","sha256":"8e63d5a105a1e787341fb90033b94d3e6da431e5b16ee42bbca450d0be6f8fea","sha512":"1562740dbfd5a322a478471a516e56e96f267df60cfb61fb8f47c127129d05c0bae71cd03432b8f3cb23f21dd00048c82506891cb7d3853a36dc0ca7e23d870b","ssdeep":"","tlshash":"1131c0befa4851097236dcb8f7237e936eac84858b0203797fbd615931c6674a511f8c","first_seen":"2023-04-07T07:52:01Z","last_seen":"2026-07-16T16:47:33.8901Z","times_seen":132,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":45,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"lms.beexfit-academy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"lms.beexfit-academy.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - FedEx","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with FedEx phishing","tags":["fedex","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"lms.beexfit-academy.com/app/image/logo-footer.gif","fqdn":"lms.beexfit-academy.com","domain":"beexfit-academy.com","tld":"com"},"ip":{"addr":"185.125.27.76","port":443,"asn":29222,"as":"Infomaniak Network SA","country":"Switzerland","country_code":"CH"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lms.beexfit-academy.com/app/","date":"2026-06-22T10:10:58.837Z","timestamp":1782123058837,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lms.beexfit-academy.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 12 May 2026 19:42:18 GMT","end":"Mon, 10 Aug 2026 19:42:17 GMT"},"fingerprint":{"sha1":"12:DF:55:8A:CE:2A:3F:CF:92:10:31:2B:06:7C:CB:F5:63:CA:E0:7D","sha256":"0A:E7:0B:63:EF:35:2B:D8:E0:8D:4B:14:45:9E:BC:CB:03:E6:CB:6B:E1:DC:F4:B1:1E:9F:D0:BF:9F:2A:46:86"}}},"request":{"raw":"GET /app/image/logo-footer.gif HTTP/1.1\r\nHost: lms.beexfit-academy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://lms.beexfit-academy.com/app/\r\nCookie: PHPSESSID=43935c12baf70187f73ede7125cf2ccb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Mon, 22 Jun 2026 10:10:58 GMT\r\nserver: Apache\r\nstrict-transport-security: max-age=16000000\r\nlast-modified: Mon, 04 Oct 2021 20:06:20 GMT\r\netag: \"460-5cd8c72482700\"\r\naccept-ranges: bytes\r\ncontent-length: 1120\r\ncontent-type: image/gif\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1120,"size_decoded":1395,"mime_type":"image/gif","magic":"GIF image data, version 89a, 74 x 20","md5":"c511f7109470ffe886d41bb3fc1e2e63","sha1":"3340c29fb154c48f8cd1505a104db3fbae8571d5","sha256":"1c192944e83b1e02fe33b614ba139866c0f81f6f37cfe00add496440b037dc3b","sha512":"94f577ff8f6d33d65fd57fab2e390c4d5982e4e1daeba2dc1f9e69d723d85a518ab209e7a586f75baabbee4771f099342cf90086f19bd6ec68d415098c0e59b0","ssdeep":"","tlshash":"7a2194fc2b31ad84efa90c32adb297e7634a307296d21947de5b42806469267003c482","first_seen":"2023-04-30T20:19:19Z","last_seen":"2026-07-16T16:47:33.893642Z","times_seen":349,"resource_available":false,"data":null}},"time_used":65,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":65,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"lms.beexfit-academy.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"lms.beexfit-academy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - FedEx","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with FedEx phishing","tags":["fedex","logistics","phishing"],"meta":null}]}}]}
