Report - 191.252.202.188:8082/EducacionalUI/

Report Overview

Visited public
2024-06-22 08:56:21
Tags
Submit Tags
URL
191.252.202.188:8082/EducacionalUI/
Finishing URL
191.252.202.188:8082/EducacionalUI/#/login?fromUrl=%2Fdashboard
IP / ASN
191.252.202.188
#27715 Locaweb Servicos de Internet SA
Title
Educacional - Login

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-06-21 18:12:54	2.3 kB	6.2 kB	23.36.76.226
191.252.202.188:8082	unknown	unknown	No data	No data	12 kB	4.1 MB	191.252.202.188
vlibras.gov.br	95656	2015-12-04	2016-05-02 18:09:57	2024-06-20 08:47:58	1.3 kB	2.1 kB	54.233.227.1
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2024-06-21 18:12:47	1.4 kB	20 kB	151.101.1.229
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2024-06-21 18:13:50	332 B	34 kB	151.101.194.137

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-06-22	medium	191.252.202.188	Sinkholed
2024-06-22	medium	191.252.202.188	Sinkholed
2024-06-22	medium	191.252.202.188	Sinkholed
2024-06-22	medium	191.252.202.188	Sinkholed
2024-06-22	medium	191.252.202.188	Sinkholed
2024-06-22	medium	191.252.202.188	Sinkholed
2024-06-22	medium	191.252.202.188	Sinkholed
2024-06-22	medium	191.252.202.188	Sinkholed
2024-06-22	medium	191.252.202.188	Sinkholed
2024-06-22	medium	191.252.202.188	Sinkholed
2024-06-22	medium	191.252.202.188	Sinkholed
2024-06-22	medium	191.252.202.188	Sinkholed
2024-06-22	medium	191.252.202.188	Sinkholed
2024-06-22	medium	191.252.202.188	Sinkholed
2024-06-22	medium	191.252.202.188	Sinkholed
2024-06-22	medium	191.252.202.188	Sinkholed
2024-06-22	medium	191.252.202.188	Sinkholed
2024-06-22	medium	191.252.202.188	Sinkholed
2024-06-22	medium	191.252.202.188	Sinkholed
2024-06-22	medium	191.252.202.188	Sinkholed
2024-06-22	medium	191.252.202.188	Sinkholed
2024-06-22	medium	191.252.202.188	Sinkholed
2024-06-22	medium	191.252.202.188	Sinkholed
2024-06-22	medium	191.252.202.188	Sinkholed
2024-06-22	medium	191.252.202.188	Sinkholed
2024-06-22	medium	191.252.202.188	Sinkholed
2024-06-22	medium	191.252.202.188	Sinkholed
2024-06-22	medium	191.252.202.188	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	191.252.202.188:8082/EducacionalUI/polyfills.c1107cbbd060efcee797.js	ScriptElement	145 kB	2024-08-19	2024-08-19
Pretty URL 191.252.202.188:8082/EducacionalUI/polyfills.c1107cbbd060efcee797.js IP 191.252.202.188 ASN #27715 Locaweb Servicos de Internet SA Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 19:13 Last Seen2024-08-19 19:13 Times Seen1 Hash 61b98ae4ac0770177532b53d6b2b60c2 b5a39b3c16c000e38c23d3b235ac4bf7af610968 e8cb956d83319e65cf3ec71db535e0a749905a0f648cf9fbd302db340247afb4 Loading...

	191.252.202.188:8082/EducacionalUI/main.d330ad40bbc6f6271486.js	ScriptElement	2.8 MB	2024-08-19	2024-08-19
Pretty URL 191.252.202.188:8082/EducacionalUI/main.d330ad40bbc6f6271486.js IP 191.252.202.188 ASN #27715 Locaweb Servicos de Internet SA Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 19:13 Last Seen2024-08-19 19:13 Times Seen1 Hash d369469c34a744e2bc9e6b08cd3984fe 17fc206b48b9cfa48b189d211386008462bd3418 059f8a04f43c16ba2443e8f280342e755802bc2206204ebd6df7290fe064e41a Loading...

	code.jquery.com/jquery-1.8.0.min.js	ScriptElement	93 kB	2023-03-07	2025-06-27
Pretty URL code.jquery.com/jquery-1.8.0.min.js IP 151.101.194.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-27 19:47 Times Seen671 Hash 3a728460147fb9af7faf0e587b9fbf42 f3a55f44fb81cf8ee908a3872841f70d6548f8c1 8c574e0a06396dfa7064b8b460e0e4a8d5d0748c4aa66eb2e4efdfcb46da4b31 Loading...

	191.252.202.188:8082/EducacionalUI/	ScriptElement	0 B	0001-01-01	2025-06-28
Pretty URL 191.252.202.188:8082/EducacionalUI/ IP 191.252.202.188 ASN #27715 Locaweb Servicos de Internet SA Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-06-28 03:42 Times Seen5170758 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	191.252.202.188:8082/EducacionalUI/	ScriptElement	0 B	0001-01-01	2025-06-28
Pretty URL 191.252.202.188:8082/EducacionalUI/ IP 191.252.202.188 ASN #27715 Locaweb Servicos de Internet SA Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-06-28 03:42 Times Seen5170758 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	191.252.202.188:8082/EducacionalUI/scripts.37cc8a462d535649dd5d.js	ScriptElement	410 kB	2024-08-19	2024-08-19
Pretty URL 191.252.202.188:8082/EducacionalUI/scripts.37cc8a462d535649dd5d.js IP 191.252.202.188 ASN #27715 Locaweb Servicos de Internet SA Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 19:13 Last Seen2024-08-19 19:13 Times Seen1 Hash 840ca2af9be3fdf6807efcb121058224 fa180728d367ed95aaa0fc135756785bb1e71ae9 37911484684246408ffdabd9cd88123c69dae09415b97d2db63fb4d4e200d0b7 Loading...

	191.252.202.188:8082/EducacionalUI/assets/js/nagishli_v2.3_rev050920191652/nagishli.js	ScriptElement	236 kB	2024-08-19	2024-08-19
Pretty URL 191.252.202.188:8082/EducacionalUI/assets/js/nagishli_v2.3_rev050920191652/nagishli.js IP 191.252.202.188 ASN #27715 Locaweb Servicos de Internet SA Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 19:13 Last Seen2024-08-19 19:13 Times Seen1 Hash ca1227e667b12d79221213e87a51c1a7 1d4324cb98c5af5eb0ba8df68c5ef93c89ed0cda a0506d222a21ccc9419188e1aff282016a4514bcf44f543d12ac59771c92bee2 Loading...

	vlibras.gov.br/app/vlibras-plugin.js	ScriptElement	15 kB	2024-04-29	2024-09-20
Pretty URL vlibras.gov.br/app/vlibras-plugin.js IP 54.233.227.1 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-29 12:40 Last Seen2024-09-20 19:45 Times Seen53 Hash b0b78727ece884e5ae0cca1b019f25d0 1aa76b4884636725362942822a1996c59d232faa 178e6539db9ff5dfd9214724616bf1391246f04fdee39178341804240a21d811 Loading...

	191.252.202.188:8082/EducacionalUI/runtime.10e2dd346bd26c24e9e5.js	ScriptElement	2.4 kB	2024-08-19	2024-08-19
Pretty URL 191.252.202.188:8082/EducacionalUI/runtime.10e2dd346bd26c24e9e5.js IP 191.252.202.188 ASN #27715 Locaweb Servicos de Internet SA Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 19:13 Last Seen2024-08-19 19:13 Times Seen1 Hash 77646926e8b321e4d1c606d9b4f00228 2f0f7054ced7a28cf6eec97158646446fbe5f4c3 431eca2aacccd6ef2dce72377397e44d17afb7e4c5075e552699374d4aa66373 Loading...

HTTP Transactions (42)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
6d997a3e4c838d12e34de2dd2d4208c3
386abb53e2df86f291b6a86765d9a6feb88ba30b
32e00abd54407308b80a14e2916a119d95d90b1e7842f8cf0e87df306287869c

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "32E00ABD54407308B80A14E2916A119D95D90B1E7842F8CF0E87DF306287869C"
Last-Modified: Thu, 20 Jun 2024 13:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8404
Expires: Sat, 22 Jun 2024 11:15:57 GMT
Date: Sat, 22 Jun 2024 08:55:53 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c0fde0756f59aaa5fa85a62f5f528e74
3c2d990e14054ee3b407cc37d77e255533d91ed6
ca44d6619deb0e020993a84c6bfbf1993bf096b13863b706dc8a826499348276

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "CA44D6619DEB0E020993A84C6BFBF1993BF096B13863B706DC8A826499348276"
Last-Modified: Wed, 19 Jun 2024 23:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8089
Expires: Sat, 22 Jun 2024 11:10:42 GMT
Date: Sat, 22 Jun 2024 08:55:53 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
5a3268763aa8247d09e7b12f8a157bb5
fbddec6e9fb707501596ca331266c50e77e23f5b
6095004cca6c22ee09c33dc58574519973f162bb1ee183856ed65675281d551c

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "6095004CCA6C22EE09C33DC58574519973F162BB1EE183856ED65675281D551C"
Last-Modified: Wed, 19 Jun 2024 16:21:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2999
Expires: Sat, 22 Jun 2024 09:45:53 GMT
Date: Sat, 22 Jun 2024 08:55:54 GMT
Connection: keep-alive

GET 191.252.202.188:8082/EducacionalUI/

191.252.202.188

200

2.1 kB

URL User Request GET HTTP/1.1
191.252.202.188:8082/EducacionalUI/
IP
191.252.202.188:8082
ASN
#27715 Locaweb Servicos de Internet SA

File type
HTML document, ASCII text, with very long lines (318), with CRLF, LF line terminators
Size
2.1 kB (2078 bytes)
Hash
9424cdc5f085a5512c1aa0cac1912187
5459abe9b6b19224b2a1536905c1ceb9ab089a22
6c326c379967e09751842313e1ab26bc7dee4941578d8c84fa00cd251072db62

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /EducacionalUI/ HTTP/1.1
Host: 191.252.202.188:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Accept-Ranges: bytes
ETag: W/"2078-1692035286000"
Last-Modified: Mon, 14 Aug 2023 17:48:06 GMT
Content-Type: text/html
Content-Length: 2078
Date: Sat, 22 Jun 2024 08:55:54 GMT
Keep-Alive: timeout=20
Connection: keep-alive

GET 191.252.202.188:8082/EducacionalUI/runtime.10e2dd346bd26c24e9e5.js

191.252.202.188

200

2.4 kB

URL GET HTTP/1.1
191.252.202.188:8082/EducacionalUI/runtime.10e2dd346bd26c24e9e5.js
IP
191.252.202.188:8082
ASN
#27715 Locaweb Servicos de Internet SA

Requested by
http://191.252.202.188:8082/EducacionalUI/

File type
JavaScript source, ASCII text, with very long lines (2388), with no line terminators
Size
2.4 kB (2388 bytes)
Hash
77646926e8b321e4d1c606d9b4f00228
2f0f7054ced7a28cf6eec97158646446fbe5f4c3
431eca2aacccd6ef2dce72377397e44d17afb7e4c5075e552699374d4aa66373

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /EducacionalUI/runtime.10e2dd346bd26c24e9e5.js HTTP/1.1
Host: 191.252.202.188:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://191.252.202.188:8082/EducacionalUI/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Accept-Ranges: bytes
ETag: W/"2388-1692035286000"
Last-Modified: Mon, 14 Aug 2023 17:48:06 GMT
Content-Type: application/javascript
Content-Length: 2388
Date: Sat, 22 Jun 2024 08:55:54 GMT
Keep-Alive: timeout=20
Connection: keep-alive

GET 191.252.202.188:8082/EducacionalUI/assets/fontawesome/css/all.min.css

191.252.202.188

200

55 kB

URL GET HTTP/1.1
191.252.202.188:8082/EducacionalUI/assets/fontawesome/css/all.min.css
IP
191.252.202.188:8082
ASN
#27715 Locaweb Servicos de Internet SA

Requested by
http://191.252.202.188:8082/EducacionalUI/

File type
ASCII text, with very long lines (54998), with CRLF line terminators
Size
55 kB (55187 bytes)
Hash
0e278e1fc436eb2f8025b6baed524548
a4603b09bf8166b2a2619f437f58a4bbda425450
af7f3d06c121326f325577af2a0e93fe1bc1b64c32d54847059a5e4ef039fc0b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /EducacionalUI/assets/fontawesome/css/all.min.css HTTP/1.1
Host: 191.252.202.188:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://191.252.202.188:8082/EducacionalUI/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Accept-Ranges: bytes
ETag: W/"55187-1692035286000"
Last-Modified: Mon, 14 Aug 2023 17:48:06 GMT
Content-Type: text/css
Content-Length: 55187
Date: Sat, 22 Jun 2024 08:55:54 GMT
Keep-Alive: timeout=20
Connection: keep-alive

GET vlibras.gov.br/app/vlibras-plugin.js

54.233.227.1

302 Found

138 B

URL GET HTTP/2
vlibras.gov.br/app/vlibras-plugin.js
IP
54.233.227.1:443
ASN
#16509 AMAZON-02

Requested by
http://191.252.202.188:8082/EducacionalUI/
Certificate
IssuerAmazon
Subjectvlibras.gov.br
FingerprintFB:81:DB:95:C0:5B:04:03:4C:BC:47:86:57:FB:3B:5A:00:E7:17:37
ValidityTue, 24 Oct 2023 00:00:00 GMT - Fri, 22 Nov 2024 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
138 B (138 bytes)
Hash
aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0

HTTP Headers

GET /app/vlibras-plugin.js HTTP/1.1
Host: vlibras.gov.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://191.252.202.188:8082/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 22 Jun 2024 08:55:55 GMT
content-type: text/html
content-length: 138
location: https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/vlibras-plugin.js
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-max-age: 1728000
X-Firefox-Spdy: h2

GET cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/vlibras-plugin.js

151.101.1.229

200 OK

5.1 kB

URL GET HTTP/2
cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/vlibras-plugin.js
IP
151.101.1.229:443
ASN
#54113 FASTLY

Requested by
http://191.252.202.188:8082/EducacionalUI/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (15241), with no line terminators
Size
5.1 kB (5128 bytes)
Hash
b0b78727ece884e5ae0cca1b019f25d0
1aa76b4884636725362942822a1996c59d232faa
178e6539db9ff5dfd9214724616bf1391246f04fdee39178341804240a21d811

HTTP Headers

GET /gh/spbgovbr-vlibras/vlibras-portal@dev/app/vlibras-plugin.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://191.252.202.188:8082/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: dev
x-jsd-version-type: branch
etag: W/"3b93-GqdrSIRjZyU2KUKCKhmWxZ0jL6o"
content-encoding: br
accept-ranges: bytes
date: Sat, 22 Jun 2024 08:55:55 GMT
age: 41601
x-served-by: cache-fra-etou8220129-FRA, cache-hel1410029-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 5128
X-Firefox-Spdy: h2

GET 191.252.202.188:8082/EducacionalUI/assets/icons/remixicon.css

191.252.202.188

200

113 kB

URL GET HTTP/1.1
191.252.202.188:8082/EducacionalUI/assets/icons/remixicon.css
IP
191.252.202.188:8082
ASN
#27715 Locaweb Servicos de Internet SA

Requested by
http://191.252.202.188:8082/EducacionalUI/

File type
ASCII text, with CRLF line terminators
Size
113 kB (112755 bytes)
Hash
09f2737e17a583c17ba08e43dc50af5d
3cdf557c52a377fd3e2a92a718ad68724207dad9
67499f9dabdf289c4d34d7348714a1f45939854184582dbeb34007e7aa08d5e5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /EducacionalUI/assets/icons/remixicon.css HTTP/1.1
Host: 191.252.202.188:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://191.252.202.188:8082/EducacionalUI/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Accept-Ranges: bytes
ETag: W/"112755-1692035286000"
Last-Modified: Mon, 14 Aug 2023 17:48:06 GMT
Content-Type: text/css
Content-Length: 112755
Date: Sat, 22 Jun 2024 08:55:54 GMT
Keep-Alive: timeout=20
Connection: keep-alive

GET 191.252.202.188:8082/EducacionalUI/polyfills.c1107cbbd060efcee797.js

191.252.202.188

200

145 kB

URL GET HTTP/1.1
191.252.202.188:8082/EducacionalUI/polyfills.c1107cbbd060efcee797.js
IP
191.252.202.188:8082
ASN
#27715 Locaweb Servicos de Internet SA

Requested by
http://191.252.202.188:8082/EducacionalUI/

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
145 kB (144987 bytes)
Hash
61b98ae4ac0770177532b53d6b2b60c2
b5a39b3c16c000e38c23d3b235ac4bf7af610968
e8cb956d83319e65cf3ec71db535e0a749905a0f648cf9fbd302db340247afb4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /EducacionalUI/polyfills.c1107cbbd060efcee797.js HTTP/1.1
Host: 191.252.202.188:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://191.252.202.188:8082/EducacionalUI/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Accept-Ranges: bytes
ETag: W/"144987-1692035286000"
Last-Modified: Mon, 14 Aug 2023 17:48:06 GMT
Content-Type: application/javascript
Content-Length: 144987
Date: Sat, 22 Jun 2024 08:55:54 GMT
Keep-Alive: timeout=20
Connection: keep-alive

GET 191.252.202.188:8082/EducacionalUI/styles.862b645c5d261fa9e7e6.css

191.252.202.188

200

246 kB

URL GET HTTP/1.1
191.252.202.188:8082/EducacionalUI/styles.862b645c5d261fa9e7e6.css
IP
191.252.202.188:8082
ASN
#27715 Locaweb Servicos de Internet SA

Requested by
http://191.252.202.188:8082/EducacionalUI/

File type
ASCII text, with very long lines (34800)
Size
246 kB (245559 bytes)
Hash
83dc87230aa06188fdb1652eef8dbf7c
3d155a166e7fcebe4df465696f0aeb7dec91a52b
6804fda4e30b1cbb0880d7e03a0490ad4a82410f839909b18c02fc5bb63e8cd7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /EducacionalUI/styles.862b645c5d261fa9e7e6.css HTTP/1.1
Host: 191.252.202.188:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://191.252.202.188:8082/EducacionalUI/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Accept-Ranges: bytes
ETag: W/"245559-1692035286000"
Last-Modified: Mon, 14 Aug 2023 17:48:06 GMT
Content-Type: text/css
Content-Length: 245559
Date: Sat, 22 Jun 2024 08:55:54 GMT
Keep-Alive: timeout=20
Connection: keep-alive

GET 191.252.202.188:8082/EducacionalUI/assets/js/nagishli_v2.3_rev050920191652/nagishli.js

191.252.202.188

200

236 kB

URL GET HTTP/1.1
191.252.202.188:8082/EducacionalUI/assets/js/nagishli_v2.3_rev050920191652/nagishli.js
IP
191.252.202.188:8082
ASN
#27715 Locaweb Servicos de Internet SA

Requested by
http://191.252.202.188:8082/EducacionalUI/

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (5151), with CRLF line terminators
Size
236 kB (235979 bytes)
Hash
ca1227e667b12d79221213e87a51c1a7
1d4324cb98c5af5eb0ba8df68c5ef93c89ed0cda
a0506d222a21ccc9419188e1aff282016a4514bcf44f543d12ac59771c92bee2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /EducacionalUI/assets/js/nagishli_v2.3_rev050920191652/nagishli.js HTTP/1.1
Host: 191.252.202.188:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://191.252.202.188:8082/EducacionalUI/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Accept-Ranges: bytes
ETag: W/"235979-1692035286000"
Last-Modified: Mon, 14 Aug 2023 17:48:06 GMT
Content-Type: application/javascript
Content-Length: 235979
Date: Sat, 22 Jun 2024 08:55:54 GMT
Keep-Alive: timeout=20
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
6720792332fb717894b4e5221fdc3d86
f79b1d3611fb53cea950acb15000473ae7174149
67dd6ffe107c77c5f8bea4a3d6771b6026efc51bd4a9b26c66c8791c1ef48965

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "67DD6FFE107C77C5F8BEA4A3D6771B6026EFC51BD4A9B26C66C8791C1EF48965"
Last-Modified: Thu, 20 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2574
Expires: Sat, 22 Jun 2024 09:38:50 GMT
Date: Sat, 22 Jun 2024 08:55:56 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
6720792332fb717894b4e5221fdc3d86
f79b1d3611fb53cea950acb15000473ae7174149
67dd6ffe107c77c5f8bea4a3d6771b6026efc51bd4a9b26c66c8791c1ef48965

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "67DD6FFE107C77C5F8BEA4A3D6771B6026EFC51BD4A9B26C66C8791C1EF48965"
Last-Modified: Thu, 20 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2574
Expires: Sat, 22 Jun 2024 09:38:50 GMT
Date: Sat, 22 Jun 2024 08:55:56 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
6720792332fb717894b4e5221fdc3d86
f79b1d3611fb53cea950acb15000473ae7174149
67dd6ffe107c77c5f8bea4a3d6771b6026efc51bd4a9b26c66c8791c1ef48965

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "67DD6FFE107C77C5F8BEA4A3D6771B6026EFC51BD4A9B26C66C8791C1EF48965"
Last-Modified: Thu, 20 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2574
Expires: Sat, 22 Jun 2024 09:38:50 GMT
Date: Sat, 22 Jun 2024 08:55:56 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
6720792332fb717894b4e5221fdc3d86
f79b1d3611fb53cea950acb15000473ae7174149
67dd6ffe107c77c5f8bea4a3d6771b6026efc51bd4a9b26c66c8791c1ef48965

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "67DD6FFE107C77C5F8BEA4A3D6771B6026EFC51BD4A9B26C66C8791C1EF48965"
Last-Modified: Thu, 20 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2574
Expires: Sat, 22 Jun 2024 09:38:50 GMT
Date: Sat, 22 Jun 2024 08:55:56 GMT
Connection: keep-alive

GET 191.252.202.188:8082/EducacionalUI/assets/layout/images/login-logo.png

191.252.202.188

200

1.1 kB

URL GET HTTP/1.1
191.252.202.188:8082/EducacionalUI/assets/layout/images/login-logo.png
IP
191.252.202.188:8082
ASN
#27715 Locaweb Servicos de Internet SA

Requested by
http://191.252.202.188:8082/EducacionalUI/

File type
PNG image data, 247 x 57, 4-bit colormap, non-interlaced
Size
1.1 kB (1146 bytes)
Hash
c9d60750fa5d710a08bef4b460f602ad
0d714540c9ba97673da205ee9c7e4179a4f7595a
e7e8d493596218dc30839adaab45f2d1ec861f2b5f7ace9c9310758cac5d7496

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /EducacionalUI/assets/layout/images/login-logo.png HTTP/1.1
Host: 191.252.202.188:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://191.252.202.188:8082/EducacionalUI/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Accept-Ranges: bytes
ETag: W/"1146-1692035286000"
Last-Modified: Mon, 14 Aug 2023 17:48:06 GMT
Content-Type: image/png
Content-Length: 1146
Date: Sat, 22 Jun 2024 08:55:55 GMT
Keep-Alive: timeout=20
Connection: keep-alive

GET 191.252.202.188:8082/EducacionalUI/assets/layout/images/dots.svg

191.252.202.188

200

6.3 kB

URL GET HTTP/1.1
191.252.202.188:8082/EducacionalUI/assets/layout/images/dots.svg
IP
191.252.202.188:8082
ASN
#27715 Locaweb Servicos de Internet SA

Requested by
http://191.252.202.188:8082/EducacionalUI/

File type
SVG Scalable Vector Graphics image
Size
6.3 kB (6254 bytes)
Hash
47201f610cafd92b63fa1d28dc110862
f9236535e317f01a9eeab03a07f2cce449fdd7e8
325ffb113bb0ca370190d46088839ac5fbd77bdbb18efe4614867ac4f9e29738

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /EducacionalUI/assets/layout/images/dots.svg HTTP/1.1
Host: 191.252.202.188:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://191.252.202.188:8082/EducacionalUI/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Accept-Ranges: bytes
ETag: W/"6254-1692035286000"
Last-Modified: Mon, 14 Aug 2023 17:48:06 GMT
Content-Type: image/svg+xml
Content-Length: 6254
Date: Sat, 22 Jun 2024 08:55:55 GMT
Keep-Alive: timeout=20
Connection: keep-alive

GET 191.252.202.188:8082/EducacionalUI/open-sans-v15-latin-regular.cffb686d7d2f4682df83.woff2

191.252.202.188

200

14 kB

URL GET HTTP/1.1
191.252.202.188:8082/EducacionalUI/open-sans-v15-latin-regular.cffb686d7d2f4682df83.woff2
IP
191.252.202.188:8082
ASN
#27715 Locaweb Servicos de Internet SA

Requested by
http://191.252.202.188:8082/EducacionalUI/

File type
Web Open Font Format (Version 2), TrueType, length 14048, version 1.0
Size
14 kB (14048 bytes)
Hash
cffb686d7d2f4682df8342bd4d276e09
2c07a9656f1e38da408f20f1cf11581a15cbd7a2
3b98b0dc3bed9d40f43e64adba5de47c76895338a96f0a5a314676cd6287eca9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /EducacionalUI/open-sans-v15-latin-regular.cffb686d7d2f4682df83.woff2 HTTP/1.1
Host: 191.252.202.188:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://191.252.202.188:8082/EducacionalUI/styles.862b645c5d261fa9e7e6.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Accept-Ranges: bytes
ETag: W/"14048-1692035286000"
Last-Modified: Mon, 14 Aug 2023 17:48:06 GMT
Content-Type: font/woff2
Content-Length: 14048
Date: Sat, 22 Jun 2024 08:55:55 GMT
Keep-Alive: timeout=20
Connection: keep-alive

GET 191.252.202.188:8082/EducacionalUI/scripts.37cc8a462d535649dd5d.js

191.252.202.188

200

410 kB

URL GET HTTP/1.1
191.252.202.188:8082/EducacionalUI/scripts.37cc8a462d535649dd5d.js
IP
191.252.202.188:8082
ASN
#27715 Locaweb Servicos de Internet SA

Requested by
http://191.252.202.188:8082/EducacionalUI/

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
410 kB (410531 bytes)
Hash
840ca2af9be3fdf6807efcb121058224
fa180728d367ed95aaa0fc135756785bb1e71ae9
37911484684246408ffdabd9cd88123c69dae09415b97d2db63fb4d4e200d0b7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /EducacionalUI/scripts.37cc8a462d535649dd5d.js HTTP/1.1
Host: 191.252.202.188:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://191.252.202.188:8082/EducacionalUI/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Accept-Ranges: bytes
ETag: W/"410531-1692035286000"
Last-Modified: Mon, 14 Aug 2023 17:48:06 GMT
Content-Type: application/javascript
Content-Length: 410531
Date: Sat, 22 Jun 2024 08:55:54 GMT
Keep-Alive: timeout=20
Connection: keep-alive

GET 191.252.202.188:8082/EducacionalUI/main.d330ad40bbc6f6271486.js

191.252.202.188

200

2.8 MB

URL GET HTTP/1.1
191.252.202.188:8082/EducacionalUI/main.d330ad40bbc6f6271486.js
IP
191.252.202.188:8082
ASN
#27715 Locaweb Servicos de Internet SA

Requested by
http://191.252.202.188:8082/EducacionalUI/

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
2.8 MB (2763874 bytes)
Hash
d369469c34a744e2bc9e6b08cd3984fe
17fc206b48b9cfa48b189d211386008462bd3418
059f8a04f43c16ba2443e8f280342e755802bc2206204ebd6df7290fe064e41a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /EducacionalUI/main.d330ad40bbc6f6271486.js HTTP/1.1
Host: 191.252.202.188:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://191.252.202.188:8082/EducacionalUI/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Accept-Ranges: bytes
ETag: W/"2763874-1692035286000"
Last-Modified: Mon, 14 Aug 2023 17:48:06 GMT
Content-Type: application/javascript
Content-Length: 2763874
Date: Sat, 22 Jun 2024 08:55:55 GMT
Keep-Alive: timeout=20
Connection: keep-alive

GET code.jquery.com/jquery-1.8.0.min.js

151.101.194.137

200 OK

33 kB

URL GET HTTP/1.1
code.jquery.com/jquery-1.8.0.min.js
IP
151.101.194.137:80
ASN
#54113 FASTLY

Requested by
http://191.252.202.188:8082/EducacionalUI/

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65481)
Size
33 kB (33039 bytes)
Hash
3a728460147fb9af7faf0e587b9fbf42
f3a55f44fb81cf8ee908a3872841f70d6548f8c1
8c574e0a06396dfa7064b8b460e0e4a8d5d0748c4aa66eb2e4efdfcb46da4b31

HTTP Headers

GET /jquery-1.8.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://191.252.202.188:8082/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 33039
Server: nginx
Content-Type: application/javascript; charset=utf-8
Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT
ETag: W/"28feccc0-1698b"
Cache-Control: public, max-age=31536000, stale-while-revalidate=604800
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Sat, 22 Jun 2024 08:55:57 GMT
Age: 4950625
X-Served-By: cache-lga21964-LGA, cache-hel1410028-HEL
X-Cache: HIT, HIT
X-Cache-Hits: 1019, 2626
X-Timer: S1719046558.711544,VS0,VE0
Vary: Accept-Encoding

GET 191.252.202.188:8082/EducacionalUI/favicon.ico

191.252.202.188

200

1.2 kB

URL GET HTTP/1.1
191.252.202.188:8082/EducacionalUI/favicon.ico
IP
191.252.202.188:8082
ASN
#27715 Locaweb Servicos de Internet SA

Requested by
http://191.252.202.188:8082/EducacionalUI/

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
2a47b604ebc03706e9315aa29fa23823
a3ecc3ea082fe35f2f0cb79464c9decb42082146
0cca288cae3c2850330a10b80350708c0f55926bb53ee3034c420ca927ece9be

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /EducacionalUI/favicon.ico HTTP/1.1
Host: 191.252.202.188:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://191.252.202.188:8082/EducacionalUI/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Accept-Ranges: bytes
ETag: W/"1150-1692035286000"
Last-Modified: Mon, 14 Aug 2023 17:48:06 GMT
Content-Type: image/x-icon
Content-Length: 1150
Date: Sat, 22 Jun 2024 08:55:57 GMT
Keep-Alive: timeout=20
Connection: keep-alive

GET 191.252.202.188:8082/educacionalapi/v1/compativeis/rsverifcompatibilidadeversoes?versaoFront=2.0.50.01

191.252.202.188

200

4 B

URL GET HTTP/1.1
191.252.202.188:8082/educacionalapi/v1/compativeis/rsverifcompatibilidadeversoes?versaoFront=2.0.50.01
IP
191.252.202.188:8082
ASN
#27715 Locaweb Servicos de Internet SA

Requested by
http://191.252.202.188:8082/EducacionalUI/

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
b326b5062b2f0e69046810717534cb09
5ffe533b830f08a0326348a9160afafc8ada44db
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /educacionalapi/v1/compativeis/rsverifcompatibilidadeversoes?versaoFront=2.0.50.01 HTTP/1.1
Host: 191.252.202.188:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://191.252.202.188:8082/EducacionalUI/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Sat, 22 Jun 2024 08:55:57 GMT
Keep-Alive: timeout=20
Connection: keep-alive

GET 191.252.202.188:8082/educacionalapi/v1/configs/rsfindbyconfigmax

191.252.202.188

200

461 B

URL GET HTTP/1.1
191.252.202.188:8082/educacionalapi/v1/configs/rsfindbyconfigmax
IP
191.252.202.188:8082
ASN
#27715 Locaweb Servicos de Internet SA

Requested by
http://191.252.202.188:8082/EducacionalUI/

File type
JSON text data
Size
461 B (461 bytes)
Hash
a88946d4b419199480e8b58dbcf71e65
d2840f39c879368c9ec40d9dec560c368cccb882
bad45d6ef5ebf55605fde8032f3233395e508d9486fe2ed83840ea61f88be474

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /educacionalapi/v1/configs/rsfindbyconfigmax HTTP/1.1
Host: 191.252.202.188:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://191.252.202.188:8082/EducacionalUI/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Sat, 22 Jun 2024 08:55:57 GMT
Keep-Alive: timeout=20
Connection: keep-alive

GET 191.252.202.188:8082/educacionalapi/v1/compativeis/rsverifcompatibilidadeversoes?versaoFront=2.0.50.01

191.252.202.188

200

4 B

URL GET HTTP/1.1
191.252.202.188:8082/educacionalapi/v1/compativeis/rsverifcompatibilidadeversoes?versaoFront=2.0.50.01
IP
191.252.202.188:8082
ASN
#27715 Locaweb Servicos de Internet SA

Requested by
http://191.252.202.188:8082/EducacionalUI/

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
b326b5062b2f0e69046810717534cb09
5ffe533b830f08a0326348a9160afafc8ada44db
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /educacionalapi/v1/compativeis/rsverifcompatibilidadeversoes?versaoFront=2.0.50.01 HTTP/1.1
Host: 191.252.202.188:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://191.252.202.188:8082/EducacionalUI/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Sat, 22 Jun 2024 08:55:57 GMT
Keep-Alive: timeout=20
Connection: keep-alive

GET 191.252.202.188:8082/educacionalapi/v1/compativeis/rsverifsenhavalida

191.252.202.188

200

4 B

URL GET HTTP/1.1
191.252.202.188:8082/educacionalapi/v1/compativeis/rsverifsenhavalida
IP
191.252.202.188:8082
ASN
#27715 Locaweb Servicos de Internet SA

Requested by
http://191.252.202.188:8082/EducacionalUI/

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
b326b5062b2f0e69046810717534cb09
5ffe533b830f08a0326348a9160afafc8ada44db
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /educacionalapi/v1/compativeis/rsverifsenhavalida HTTP/1.1
Host: 191.252.202.188:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://191.252.202.188:8082/EducacionalUI/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Sat, 22 Jun 2024 08:55:57 GMT
Keep-Alive: timeout=20
Connection: keep-alive

GET 191.252.202.188:8082/EducacionalUI/assets/layout/images/logo.png

191.252.202.188

200

1.1 kB

URL GET HTTP/1.1
191.252.202.188:8082/EducacionalUI/assets/layout/images/logo.png
IP
191.252.202.188:8082
ASN
#27715 Locaweb Servicos de Internet SA

Requested by
http://191.252.202.188:8082/EducacionalUI/

File type
PNG image data, 247 x 57, 4-bit colormap, non-interlaced
Size
1.1 kB (1146 bytes)
Hash
c9d60750fa5d710a08bef4b460f602ad
0d714540c9ba97673da205ee9c7e4179a4f7595a
e7e8d493596218dc30839adaab45f2d1ec861f2b5f7ace9c9310758cac5d7496

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /EducacionalUI/assets/layout/images/logo.png HTTP/1.1
Host: 191.252.202.188:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://191.252.202.188:8082/EducacionalUI/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Accept-Ranges: bytes
ETag: W/"1146-1692035286000"
Last-Modified: Mon, 14 Aug 2023 17:48:06 GMT
Content-Type: image/png
Content-Length: 1146
Date: Sat, 22 Jun 2024 08:55:57 GMT
Keep-Alive: timeout=20
Connection: keep-alive

GET 191.252.202.188:8082/EducacionalUI/assets/fontawesome/webfonts/fa-solid-900.woff2

191.252.202.188

200

74 kB

URL GET HTTP/1.1
191.252.202.188:8082/EducacionalUI/assets/fontawesome/webfonts/fa-solid-900.woff2
IP
191.252.202.188:8082
ASN
#27715 Locaweb Servicos de Internet SA

Requested by
http://191.252.202.188:8082/EducacionalUI/

File type
Web Open Font Format (Version 2), TrueType, length 74328, version 329.-17695
Size
74 kB (74328 bytes)
Hash
64b3e814a66c2719b15abf8f7998bd73
fa5c5d34c7c375aa3e101f0b8104b6cdbcacd6a6
0fe6a4357505cb0d3ca8ba0671ad57df6b7410ca02cb8065eed58e2c0381e640

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /EducacionalUI/assets/fontawesome/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: 191.252.202.188:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://191.252.202.188:8082/EducacionalUI/assets/fontawesome/css/all.min.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Accept-Ranges: bytes
ETag: W/"74328-1692035286000"
Last-Modified: Mon, 14 Aug 2023 17:48:06 GMT
Content-Type: font/woff2
Content-Length: 74328
Date: Sat, 22 Jun 2024 08:55:57 GMT
Keep-Alive: timeout=20
Connection: keep-alive

GET 191.252.202.188:8082/EducacionalUI/assets/js/nagishli_v2.3_rev050920191652/nl-files/logo.png

191.252.202.188

200

378 B

URL GET HTTP/1.1
191.252.202.188:8082/EducacionalUI/assets/js/nagishli_v2.3_rev050920191652/nl-files/logo.png
IP
191.252.202.188:8082
ASN
#27715 Locaweb Servicos de Internet SA

Requested by
http://191.252.202.188:8082/EducacionalUI/

File type
PNG image data, 36 x 36, 8-bit gray+alpha, non-interlaced
Size
378 B (378 bytes)
Hash
f500276636b6a3443fd0428bc51e22a0
b3a9d715b0615b3653db23e9df58ffb69f3016f8
fdd8063ad71caddd139761f171d63506022118773986a8be2186fb014d684d43

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /EducacionalUI/assets/js/nagishli_v2.3_rev050920191652/nl-files/logo.png HTTP/1.1
Host: 191.252.202.188:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://191.252.202.188:8082/EducacionalUI/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Accept-Ranges: bytes
ETag: W/"378-1692035286000"
Last-Modified: Mon, 14 Aug 2023 17:48:06 GMT
Content-Type: image/png
Content-Length: 378
Date: Sat, 22 Jun 2024 08:55:57 GMT
Keep-Alive: timeout=20
Connection: keep-alive

GET 191.252.202.188:8082/EducacionalUI/assets/js/nagishli_v2.3_rev050920191652/nl-files/edge.png

191.252.202.188

200

541 B

URL GET HTTP/1.1
191.252.202.188:8082/EducacionalUI/assets/js/nagishli_v2.3_rev050920191652/nl-files/edge.png
IP
191.252.202.188:8082
ASN
#27715 Locaweb Servicos de Internet SA

Requested by
http://191.252.202.188:8082/EducacionalUI/

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
541 B (541 bytes)
Hash
db9bd57da333740a426b1c9f5d8f37db
8542f1118595f6fd30151d4a923c49ca2efc5999
3753c4acd245bdf6582558addc4534d8875dfc88ad1c2d74a58240dc4dbe3aa1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /EducacionalUI/assets/js/nagishli_v2.3_rev050920191652/nl-files/edge.png HTTP/1.1
Host: 191.252.202.188:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://191.252.202.188:8082/EducacionalUI/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Accept-Ranges: bytes
ETag: W/"541-1692035286000"
Last-Modified: Mon, 14 Aug 2023 17:48:06 GMT
Content-Type: image/png
Content-Length: 541
Date: Sat, 22 Jun 2024 08:55:57 GMT
Keep-Alive: timeout=20
Connection: keep-alive

GET 191.252.202.188:8082/EducacionalUI/assets/js/nagishli_v2.3_rev050920191652/nl-files/chrome.png

191.252.202.188

200

762 B

URL GET HTTP/1.1
191.252.202.188:8082/EducacionalUI/assets/js/nagishli_v2.3_rev050920191652/nl-files/chrome.png
IP
191.252.202.188:8082
ASN
#27715 Locaweb Servicos de Internet SA

Requested by
http://191.252.202.188:8082/EducacionalUI/

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
762 B (762 bytes)
Hash
19152ae2215b845668828b863974f81c
136c70ff559e226ac4c1250002ff9ad21f6cecd2
74bc013d6f6b070cf6c22044f1c690272e29f1f2c48a1a93270f7fe30f0f25ab

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /EducacionalUI/assets/js/nagishli_v2.3_rev050920191652/nl-files/chrome.png HTTP/1.1
Host: 191.252.202.188:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://191.252.202.188:8082/EducacionalUI/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Accept-Ranges: bytes
ETag: W/"762-1692035286000"
Last-Modified: Mon, 14 Aug 2023 17:48:06 GMT
Content-Type: image/png
Content-Length: 762
Date: Sat, 22 Jun 2024 08:55:57 GMT
Keep-Alive: timeout=20
Connection: keep-alive

GET 191.252.202.188:8082/EducacionalUI/assets/js/nagishli_v2.3_rev050920191652/nl-files/firefox.png

191.252.202.188

200

866 B

URL GET HTTP/1.1
191.252.202.188:8082/EducacionalUI/assets/js/nagishli_v2.3_rev050920191652/nl-files/firefox.png
IP
191.252.202.188:8082
ASN
#27715 Locaweb Servicos de Internet SA

Requested by
http://191.252.202.188:8082/EducacionalUI/

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
866 B (866 bytes)
Hash
5eaa60c51414a7aabdd8733c5beed158
54fab10c7fc1498fbc423996db463d67da8779df
42dd77313856dc72cfda5435a275643e46f3750d39ea9346c40c35fa35362e2b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /EducacionalUI/assets/js/nagishli_v2.3_rev050920191652/nl-files/firefox.png HTTP/1.1
Host: 191.252.202.188:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://191.252.202.188:8082/EducacionalUI/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Accept-Ranges: bytes
ETag: W/"866-1692035286000"
Last-Modified: Mon, 14 Aug 2023 17:48:06 GMT
Content-Type: image/png
Content-Length: 866
Date: Sat, 22 Jun 2024 08:55:57 GMT
Keep-Alive: timeout=20
Connection: keep-alive

GET 191.252.202.188:8082/EducacionalUI/open-sans-v15-latin-700.d08c09f2f169f4a6edbc.woff2

191.252.202.188

200

15 kB

URL GET HTTP/1.1
191.252.202.188:8082/EducacionalUI/open-sans-v15-latin-700.d08c09f2f169f4a6edbc.woff2
IP
191.252.202.188:8082
ASN
#27715 Locaweb Servicos de Internet SA

Requested by
http://191.252.202.188:8082/EducacionalUI/

File type
Web Open Font Format (Version 2), TrueType, length 14720, version 1.0
Size
15 kB (14720 bytes)
Hash
d08c09f2f169f4a6edbcf8b8d1636cb4
5a6a45d6f98752b11ccb7c4f0f6fd7faf18ad1a7
482994b911cc3e869aa8ace6d9932d67b68de83ea2885207ce165ff04c38d7bc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /EducacionalUI/open-sans-v15-latin-700.d08c09f2f169f4a6edbc.woff2 HTTP/1.1
Host: 191.252.202.188:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://191.252.202.188:8082/EducacionalUI/styles.862b645c5d261fa9e7e6.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Accept-Ranges: bytes
ETag: W/"14720-1692035286000"
Last-Modified: Mon, 14 Aug 2023 17:48:06 GMT
Content-Type: font/woff2
Content-Length: 14720
Date: Sat, 22 Jun 2024 08:55:57 GMT
Keep-Alive: timeout=20
Connection: keep-alive

GET 191.252.202.188:8082/EducacionalUI/open-sans-v15-latin-700.d08c09f2f169f4a6edbc.woff2

191.252.202.188

200

15 kB

URL GET HTTP/1.1
191.252.202.188:8082/EducacionalUI/open-sans-v15-latin-700.d08c09f2f169f4a6edbc.woff2
IP
191.252.202.188:8082
ASN
#27715 Locaweb Servicos de Internet SA

Requested by
http://191.252.202.188:8082/EducacionalUI/

File type
Web Open Font Format (Version 2), TrueType, length 14720, version 1.0
Size
15 kB (14720 bytes)
Hash
d08c09f2f169f4a6edbcf8b8d1636cb4
5a6a45d6f98752b11ccb7c4f0f6fd7faf18ad1a7
482994b911cc3e869aa8ace6d9932d67b68de83ea2885207ce165ff04c38d7bc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /EducacionalUI/open-sans-v15-latin-700.d08c09f2f169f4a6edbc.woff2 HTTP/1.1
Host: 191.252.202.188:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://191.252.202.188:8082/EducacionalUI/styles.862b645c5d261fa9e7e6.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Accept-Ranges: bytes
ETag: W/"14720-1692035286000"
Last-Modified: Mon, 14 Aug 2023 17:48:06 GMT
Content-Type: font/woff2
Content-Length: 14720
Date: Sat, 22 Jun 2024 08:55:57 GMT
Keep-Alive: timeout=20
Connection: keep-alive

GET 191.252.202.188:8082/EducacionalUI/open-sans-v15-latin-regular.cffb686d7d2f4682df83.woff2

191.252.202.188

200

14 kB

URL GET HTTP/1.1
191.252.202.188:8082/EducacionalUI/open-sans-v15-latin-regular.cffb686d7d2f4682df83.woff2
IP
191.252.202.188:8082
ASN
#27715 Locaweb Servicos de Internet SA

Requested by
http://191.252.202.188:8082/EducacionalUI/

File type
Web Open Font Format (Version 2), TrueType, length 14048, version 1.0
Size
14 kB (14048 bytes)
Hash
cffb686d7d2f4682df8342bd4d276e09
2c07a9656f1e38da408f20f1cf11581a15cbd7a2
3b98b0dc3bed9d40f43e64adba5de47c76895338a96f0a5a314676cd6287eca9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /EducacionalUI/open-sans-v15-latin-regular.cffb686d7d2f4682df83.woff2 HTTP/1.1
Host: 191.252.202.188:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://191.252.202.188:8082/EducacionalUI/styles.862b645c5d261fa9e7e6.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Accept-Ranges: bytes
ETag: W/"14048-1692035286000"
Last-Modified: Mon, 14 Aug 2023 17:48:06 GMT
Content-Type: font/woff2
Content-Length: 14048
Date: Sat, 22 Jun 2024 08:55:57 GMT
Keep-Alive: timeout=20
Connection: keep-alive

GET 191.252.202.188:8082/EducacionalUI/assets/js/nagishli_v2.3_rev050920191652/nl-files/opera.png

191.252.202.188

200

1.0 kB

URL GET HTTP/1.1
191.252.202.188:8082/EducacionalUI/assets/js/nagishli_v2.3_rev050920191652/nl-files/opera.png
IP
191.252.202.188:8082
ASN
#27715 Locaweb Servicos de Internet SA

Requested by
http://191.252.202.188:8082/EducacionalUI/

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
1.0 kB (1004 bytes)
Hash
0fa902f1eb3381f335efd32a9782adaf
8b04b7e503c4a948b015122a32f62806c6ee8f96
2a7c7259089866571deea9253c67b5559c2281708c87cd90f880a1999490b92c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /EducacionalUI/assets/js/nagishli_v2.3_rev050920191652/nl-files/opera.png HTTP/1.1
Host: 191.252.202.188:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://191.252.202.188:8082/EducacionalUI/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Accept-Ranges: bytes
ETag: W/"1004-1692035286000"
Last-Modified: Mon, 14 Aug 2023 17:48:06 GMT
Content-Type: image/png
Content-Length: 1004
Date: Sat, 22 Jun 2024 08:55:57 GMT
Keep-Alive: timeout=20
Connection: keep-alive

GET 191.252.202.188:8082/EducacionalUI/assets/js/nagishli_v2.3_rev050920191652/nl-files/explorer.png

191.252.202.188

200

856 B

URL GET HTTP/1.1
191.252.202.188:8082/EducacionalUI/assets/js/nagishli_v2.3_rev050920191652/nl-files/explorer.png
IP
191.252.202.188:8082
ASN
#27715 Locaweb Servicos de Internet SA

Requested by
http://191.252.202.188:8082/EducacionalUI/

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
856 B (856 bytes)
Hash
6d1e6dacbbd1c27af7ca0abc2ab8ec2c
6bdb1a722f49b36a6c384affcf55fce0ac364d5b
e51ecda46ebc82aaa4580e44bf0a5a5b12d18b85461787ecd8242bf1536d810a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /EducacionalUI/assets/js/nagishli_v2.3_rev050920191652/nl-files/explorer.png HTTP/1.1
Host: 191.252.202.188:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://191.252.202.188:8082/EducacionalUI/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Accept-Ranges: bytes
ETag: W/"856-1692035286000"
Last-Modified: Mon, 14 Aug 2023 17:48:06 GMT
Content-Type: image/png
Content-Length: 856
Date: Sat, 22 Jun 2024 08:55:57 GMT
Keep-Alive: timeout=20
Connection: keep-alive

GET vlibras.gov.br/app//assets/access_icon.svg

54.233.227.1

302 Found

138 B

URL GET HTTP/2
vlibras.gov.br/app//assets/access_icon.svg
IP
54.233.227.1:443
ASN
#16509 AMAZON-02

Requested by
http://191.252.202.188:8082/EducacionalUI/
Certificate
IssuerAmazon
Subjectvlibras.gov.br
FingerprintFB:81:DB:95:C0:5B:04:03:4C:BC:47:86:57:FB:3B:5A:00:E7:17:37
ValidityTue, 24 Oct 2023 00:00:00 GMT - Fri, 22 Nov 2024 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
138 B (138 bytes)
Hash
aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0

HTTP Headers

GET /app//assets/access_icon.svg HTTP/1.1
Host: vlibras.gov.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://191.252.202.188:8082/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
date: Sat, 22 Jun 2024 08:55:58 GMT
content-type: text/html
content-length: 138
location: https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/assets/access_icon.svg
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-max-age: 1728000
X-Firefox-Spdy: h2

GET vlibras.gov.br/app//assets/access_popup.jpg

54.233.227.1

302 Found

138 B

URL GET HTTP/2
vlibras.gov.br/app//assets/access_popup.jpg
IP
54.233.227.1:443
ASN
#16509 AMAZON-02

Requested by
http://191.252.202.188:8082/EducacionalUI/
Certificate
IssuerAmazon
Subjectvlibras.gov.br
FingerprintFB:81:DB:95:C0:5B:04:03:4C:BC:47:86:57:FB:3B:5A:00:E7:17:37
ValidityTue, 24 Oct 2023 00:00:00 GMT - Fri, 22 Nov 2024 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
138 B (138 bytes)
Hash
aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0

HTTP Headers

GET /app//assets/access_popup.jpg HTTP/1.1
Host: vlibras.gov.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://191.252.202.188:8082/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
date: Sat, 22 Jun 2024 08:55:58 GMT
content-type: text/html
content-length: 138
location: https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/assets/access_popup.jpg
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-max-age: 1728000
X-Firefox-Spdy: h2

GET cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/assets/access_icon.svg

151.101.1.229

200 OK

2.6 kB

URL GET HTTP/3
cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/assets/access_icon.svg
IP
151.101.1.229:443
ASN
#54113 FASTLY

Requested by
http://191.252.202.188:8082/EducacionalUI/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
SVG Scalable Vector Graphics image
Size
2.6 kB (2604 bytes)
Hash
f50eb8e7d6cc2367619f72559f258b16
f4f7ab0ba4218cfa39078403a990490f84880416
eb8c9cfc18a5612c8636e1c773111c27fb69865a9c3f9a37a6e265e095c1188d

HTTP Headers

GET /gh/spbgovbr-vlibras/vlibras-portal@dev/app/assets/access_icon.svg HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://191.252.202.188:8082/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-length: 2604
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/svg+xml
x-jsd-version: dev
x-jsd-version-type: branch
etag: W/"15ee-9PerC6QhjPo5B4QDqZBJD4SIBBY"
content-encoding: br
accept-ranges: bytes
date: Sat, 22 Jun 2024 08:55:58 GMT
age: 20280
x-served-by: cache-fra-eddf8230079-FRA, cache-hel1410024-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

GET cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/assets/access_popup.jpg

151.101.1.229

200 OK

10 kB

URL GET HTTP/3
cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/assets/access_popup.jpg
IP
151.101.1.229:443
ASN
#54113 FASTLY

Requested by
http://191.252.202.188:8082/EducacionalUI/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 450x120, components 3
Size
10 kB (9968 bytes)
Hash
490d9f602130232874741d28eeed2140
0fb88852778ac7fe94947673b3a3b17bc84f5ad0
0641f4b8887a3dcb8c4243cba38c4b639dd0cf18e9265f3b0a6b56f10567e11c

HTTP Headers

GET /gh/spbgovbr-vlibras/vlibras-portal@dev/app/assets/access_popup.jpg HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://191.252.202.188:8082/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-length: 9968
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
x-jsd-version: dev
x-jsd-version-type: branch
etag: W/"26f0-D7iIUneKx/6UlHZzs6Oxe8hPWtA"
accept-ranges: bytes
date: Sat, 22 Jun 2024 08:55:58 GMT
age: 34426
x-served-by: cache-fra-etou8220098-FRA, cache-hel1410024-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (42)

URL

IP

ASN