| ocsp.r2m03.amazontrust.com/ | 143.204.53.97 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP143.204.53.97:0
Hasha0db58a4572710a9f5b48e1958b89b4d 15c72fc441f762183d410e088257d617decd1e41 6290d6add97a40115b0d41230839b145031760b1b454986486b894868434ec15
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 04 May 2024 22:18:24 GMT
Last-Modified: Sat, 04 May 2024 21:14:42 GMT
Server: ECAcc (amb/6AC3)
X-Cache: Miss from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 0JUAB0lfKjJghy-KKNXW0dUlsXggu8u01kzcIjtE1PSe9mkYFppOBQ==
Age: 3822
|
|
| | 3.66.36.205 | 200 | 175 B |
URL User Request GET HTTP/1.1IP3.66.36.205:443
CertificateIssuerAmazon Subject*.planetaformacion.com Fingerprint67:41:C8:C7:9F:28:F9:B5:AB:0F:6D:4D:B0:1F:08:86:BB:71:C5:F5 ValiditySat, 17 Feb 2024 00:00:00 GMT - Mon, 17 Mar 2025 23:59:59 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hashca1ce3399a1abab6d52988a51f3b4307 3ceee27f1294f8d1cc213aa461cad2d2ed706cea 5eb0dfd23b6a6bc58ff93d6e8c61b6418d58fec61e55fa70ee2135a23db3f628
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 3.66.36.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Cache-control: no-cache="set-cookie"
Content-Type: text/html
Date: Sat, 04 May 2024 22:18:24 GMT
Location: https://3.66.36.205/
Set-Cookie: AWSELB=5FA9C5091C1B6F826542FF0FC5C21E139C16182C142BE47455FDF1894A9E66C09C6A2423C6CBE2EFF3869CE2F1DE4424C06AB2203357501889FA26D74FDF1E8921DF1CA94C;PATH=/;MAX-AGE=900
Content-Length: 175
Connection: keep-alive
|
|
| | 3.66.36.205 | 200 | 28 kB |
URL User Request GET HTTP/1.1IP3.66.36.205:443
CertificateIssuerAmazon Subject*.planetaformacion.com Fingerprint67:41:C8:C7:9F:28:F9:B5:AB:0F:6D:4D:B0:1F:08:86:BB:71:C5:F5 ValiditySat, 17 Feb 2024 00:00:00 GMT - Mon, 17 Mar 2025 23:59:59 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (59443), with CRLF, LF line terminators Hash3ee0415c9912db029247bb43b694f503 9563871dccc9126c6c9e36d158e842cda88e8515 b623007c9305f73a7f57c752368dd9e14e4d95eede5e9c343d646d94f30c2183
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 3.66.36.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: AWSELB=5FA9C5091C1B6F826542FF0FC5C21E139C16182C142BE47455FDF1894A9E66C09C6A2423C6CBE2EFF3869CE2F1DE4424C06AB2203357501889FA26D74FDF1E8921DF1CA94C
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Cache-Control: no-cache, no-store, must-revalidate
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self'
Content-Type: text/html;charset=UTF-8
Date: Sat, 04 May 2024 22:18:25 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Tue, 04 May 2004 22:18:25 GMT
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Set-Cookie: JSESSIONID=3CAD5F43B30C1764D54495B9D7486D28; Path=/; Secure
BbRouter=expires:1714889905,id:FDB0360A1902317861AB3E43249D7687,signature:721eb83d75350e54f1580f7d98fe61aec823b47c734a0e3cc009d1331cd94d7e,site:23571791-3f2c-405d-a28b-05c54c271d9d,v:2,xsrf:6d9e5051-6417-4b95-a3c8-e250c35d7b02; Path=/; Secure; HttpOnly
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Vary: Accept-Encoding
X-Blackboard-appserver: ip-10-148-214-165.eu-central-1.compute.internal
X-Blackboard-product: Blackboard Learn ™ 3900.91.0-rel.20+75bf374
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1
transfer-encoding: chunked
Connection: keep-alive
|
|
| 3.66.36.205/branding/themes/pfu/login/css/bootstrap.min.css | 3.66.36.205 | 200 | 20 kB |
URL GET HTTP/1.13.66.36.205/branding/themes/pfu/login/css/bootstrap.min.css IP3.66.36.205:443
CertificateIssuerAmazon Subject*.planetaformacion.com Fingerprint67:41:C8:C7:9F:28:F9:B5:AB:0F:6D:4D:B0:1F:08:86:BB:71:C5:F5 ValiditySat, 17 Feb 2024 00:00:00 GMT - Mon, 17 Mar 2025 23:59:59 GMT
File typeASCII text, with very long lines (65371) Hashec3bb52a00e176a7181d454dffaea219 6527d8bf3e1e9368bab8c7b60f56bc01fa3afd68 f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /branding/themes/pfu/login/css/bootstrap.min.css HTTP/1.1
Host: 3.66.36.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3.66.36.205/
Cookie: AWSELB=5FA9C5091C1B6F826542FF0FC5C21E139C16182C142BE47455FDF1894A9E66C09C6A2423C6CBE2EFF3869CE2F1DE4424C06AB2203357501889FA26D74FDF1E8921DF1CA94C; JSESSIONID=3CAD5F43B30C1764D54495B9D7486D28; BbRouter=expires:1714889905,id:FDB0360A1902317861AB3E43249D7687,signature:721eb83d75350e54f1580f7d98fe61aec823b47c734a0e3cc009d1331cd94d7e,site:23571791-3f2c-405d-a28b-05c54c271d9d,v:2,xsrf:6d9e5051-6417-4b95-a3c8-e250c35d7b02
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Cache-Control: public
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self'
Content-Type: text/css
Date: Sat, 04 May 2024 22:18:26 GMT
ETag: W/"121200-1714675767154"
Expires: Sun, 04 May 2025 22:18:26 GMT
Last-Modified: Thu, 02 May 2024 18:49:27 GMT
P3P: CP="CAO PSA OUR"
Set-Cookie: BbRouter=expires:1714862906,id:FDB0360A1902317861AB3E43249D7687,signature:e41ffe3b4e009a91042605264c48eec1c9cce87cdd4a036b9e8c2e3e97ef41f4,site:23571791-3f2c-405d-a28b-05c54c271d9d,v:2,xsrf:6d9e5051-6417-4b95-a3c8-e250c35d7b02; Path=/; Secure; HttpOnly
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Vary: Accept-Encoding
X-Blackboard-appserver: ip-10-148-214-165.eu-central-1.compute.internal
X-Blackboard-product: Blackboard Learn ™ 3900.91.0-rel.20+75bf374
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1
transfer-encoding: chunked
Connection: keep-alive
|
|
| 3.66.36.205/branding/themes/pfu/login/js/jquery.min.js | 3.66.36.205 | 200 | 30 kB |
URL GET HTTP/1.13.66.36.205/branding/themes/pfu/login/js/jquery.min.js IP3.66.36.205:443
CertificateIssuerAmazon Subject*.planetaformacion.com Fingerprint67:41:C8:C7:9F:28:F9:B5:AB:0F:6D:4D:B0:1F:08:86:BB:71:C5:F5 ValiditySat, 17 Feb 2024 00:00:00 GMT - Mon, 17 Mar 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (32065), with CRLF line terminators Hash710458dd559c957714ac4a8e95357eb5 f694238d616f579a0690001f37984af430c19963 b409c14a10b4caad6b54844aa63a5faf748b83eecc2dd0d4fb1d913f8de55365
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /branding/themes/pfu/login/js/jquery.min.js HTTP/1.1
Host: 3.66.36.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3.66.36.205/
Cookie: AWSELB=5FA9C5091C1B6F826542FF0FC5C21E139C16182C142BE47455FDF1894A9E66C09C6A2423C6CBE2EFF3869CE2F1DE4424C06AB2203357501889FA26D74FDF1E8921DF1CA94C; JSESSIONID=3CAD5F43B30C1764D54495B9D7486D28; BbRouter=expires:1714889905,id:FDB0360A1902317861AB3E43249D7687,signature:721eb83d75350e54f1580f7d98fe61aec823b47c734a0e3cc009d1331cd94d7e,site:23571791-3f2c-405d-a28b-05c54c271d9d,v:2,xsrf:6d9e5051-6417-4b95-a3c8-e250c35d7b02
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Cache-Control: public
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self'
Content-Type: application/javascript
Date: Sat, 04 May 2024 22:18:26 GMT
ETag: W/"85582-1714675767166"
Expires: Sun, 04 May 2025 22:18:26 GMT
Last-Modified: Thu, 02 May 2024 18:49:27 GMT
P3P: CP="CAO PSA OUR"
Set-Cookie: BbRouter=expires:1714862906,id:FDB0360A1902317861AB3E43249D7687,signature:e41ffe3b4e009a91042605264c48eec1c9cce87cdd4a036b9e8c2e3e97ef41f4,site:23571791-3f2c-405d-a28b-05c54c271d9d,v:2,xsrf:6d9e5051-6417-4b95-a3c8-e250c35d7b02; Path=/; Secure; HttpOnly
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Vary: Accept-Encoding
X-Blackboard-appserver: ip-10-148-214-165.eu-central-1.compute.internal
X-Blackboard-product: Blackboard Learn ™ 3900.91.0-rel.20+75bf374
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1
transfer-encoding: chunked
Connection: keep-alive
|
|
| 3.66.36.205/branding/themes/pfu/login/css/font-awesome.min.css | 3.66.36.205 | 200 | 7.1 kB |
URL GET HTTP/1.13.66.36.205/branding/themes/pfu/login/css/font-awesome.min.css IP3.66.36.205:443
CertificateIssuerAmazon Subject*.planetaformacion.com Fingerprint67:41:C8:C7:9F:28:F9:B5:AB:0F:6D:4D:B0:1F:08:86:BB:71:C5:F5 ValiditySat, 17 Feb 2024 00:00:00 GMT - Mon, 17 Mar 2025 23:59:59 GMT
File typeASCII text, with very long lines (30837) Hash269550530cc127b6aa5a35925a7de6ce 512c7d79033e3028a9be61b540cf1a6870c896f8 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /branding/themes/pfu/login/css/font-awesome.min.css HTTP/1.1
Host: 3.66.36.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3.66.36.205/
Cookie: AWSELB=5FA9C5091C1B6F826542FF0FC5C21E139C16182C142BE47455FDF1894A9E66C09C6A2423C6CBE2EFF3869CE2F1DE4424C06AB2203357501889FA26D74FDF1E8921DF1CA94C; JSESSIONID=3CAD5F43B30C1764D54495B9D7486D28; BbRouter=expires:1714889905,id:FDB0360A1902317861AB3E43249D7687,signature:721eb83d75350e54f1580f7d98fe61aec823b47c734a0e3cc009d1331cd94d7e,site:23571791-3f2c-405d-a28b-05c54c271d9d,v:2,xsrf:6d9e5051-6417-4b95-a3c8-e250c35d7b02
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Cache-Control: public
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self'
Content-Type: text/css
Date: Sat, 04 May 2024 22:18:26 GMT
ETag: W/"31000-1714675767154"
Expires: Sun, 04 May 2025 22:18:26 GMT
Last-Modified: Thu, 02 May 2024 18:49:27 GMT
P3P: CP="CAO PSA OUR"
Set-Cookie: BbRouter=expires:1714862906,id:FDB0360A1902317861AB3E43249D7687,signature:e41ffe3b4e009a91042605264c48eec1c9cce87cdd4a036b9e8c2e3e97ef41f4,site:23571791-3f2c-405d-a28b-05c54c271d9d,v:2,xsrf:6d9e5051-6417-4b95-a3c8-e250c35d7b02; Path=/; Secure; HttpOnly
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Vary: Accept-Encoding
X-Blackboard-appserver: ip-10-148-214-165.eu-central-1.compute.internal
X-Blackboard-product: Blackboard Learn ™ 3900.91.0-rel.20+75bf374
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1
Content-Length: 7050
Connection: keep-alive
|
|
| 3.66.36.205/branding/themes/pfu/login/css/style.css | 3.66.36.205 | 200 | 4.9 kB |
URL GET HTTP/1.13.66.36.205/branding/themes/pfu/login/css/style.css IP3.66.36.205:443
CertificateIssuerAmazon Subject*.planetaformacion.com Fingerprint67:41:C8:C7:9F:28:F9:B5:AB:0F:6D:4D:B0:1F:08:86:BB:71:C5:F5 ValiditySat, 17 Feb 2024 00:00:00 GMT - Mon, 17 Mar 2025 23:59:59 GMT
File typeASCII text, with CRLF line terminators Hash0898e64ad81d8ae94b5579b8981ae3a6 0017f0d76b418f414c1c1a217832769253b31e21 b574390149e48f5197237e14ddfca92e982c143f159f00f59b47204748a99766
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /branding/themes/pfu/login/css/style.css HTTP/1.1
Host: 3.66.36.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3.66.36.205/
Cookie: AWSELB=5FA9C5091C1B6F826542FF0FC5C21E139C16182C142BE47455FDF1894A9E66C09C6A2423C6CBE2EFF3869CE2F1DE4424C06AB2203357501889FA26D74FDF1E8921DF1CA94C; JSESSIONID=3CAD5F43B30C1764D54495B9D7486D28; BbRouter=expires:1714889905,id:FDB0360A1902317861AB3E43249D7687,signature:721eb83d75350e54f1580f7d98fe61aec823b47c734a0e3cc009d1331cd94d7e,site:23571791-3f2c-405d-a28b-05c54c271d9d,v:2,xsrf:6d9e5051-6417-4b95-a3c8-e250c35d7b02
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Cache-Control: public
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self'
Content-Type: text/css
Date: Sat, 04 May 2024 22:18:26 GMT
ETag: W/"25490-1714675767154"
Expires: Sun, 04 May 2025 22:18:26 GMT
Last-Modified: Thu, 02 May 2024 18:49:27 GMT
P3P: CP="CAO PSA OUR"
Set-Cookie: BbRouter=expires:1714862906,id:FDB0360A1902317861AB3E43249D7687,signature:e41ffe3b4e009a91042605264c48eec1c9cce87cdd4a036b9e8c2e3e97ef41f4,site:23571791-3f2c-405d-a28b-05c54c271d9d,v:2,xsrf:6d9e5051-6417-4b95-a3c8-e250c35d7b02; Path=/; Secure; HttpOnly
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Vary: Accept-Encoding
X-Blackboard-appserver: ip-10-148-214-165.eu-central-1.compute.internal
X-Blackboard-product: Blackboard Learn ™ 3900.91.0-rel.20+75bf374
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1
Content-Length: 4921
Connection: keep-alive
|
|
| 3.66.36.205/javascript/qrcodejs/qrcode.min.js | 3.66.36.205 | 200 | 7.0 kB |
URL GET HTTP/1.13.66.36.205/javascript/qrcodejs/qrcode.min.js IP3.66.36.205:443
CertificateIssuerAmazon Subject*.planetaformacion.com Fingerprint67:41:C8:C7:9F:28:F9:B5:AB:0F:6D:4D:B0:1F:08:86:BB:71:C5:F5 ValiditySat, 17 Feb 2024 00:00:00 GMT - Mon, 17 Mar 2025 23:59:59 GMT
File typeASCII text, with very long lines (19928) Hash272a836f3b4bff95839c86eb6064cd85 425c063b9b3f7b4c187c5903f1014a45112b8e6f 2128d181bff54d66702dbb9dca6361bff68e92ce51c2cc9a526a58c3b63a97a4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /javascript/qrcodejs/qrcode.min.js HTTP/1.1
Host: 3.66.36.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3.66.36.205/
Cookie: AWSELB=5FA9C5091C1B6F826542FF0FC5C21E139C16182C142BE47455FDF1894A9E66C09C6A2423C6CBE2EFF3869CE2F1DE4424C06AB2203357501889FA26D74FDF1E8921DF1CA94C; JSESSIONID=3CAD5F43B30C1764D54495B9D7486D28; BbRouter=expires:1714889905,id:FDB0360A1902317861AB3E43249D7687,signature:721eb83d75350e54f1580f7d98fe61aec823b47c734a0e3cc009d1331cd94d7e,site:23571791-3f2c-405d-a28b-05c54c271d9d,v:2,xsrf:6d9e5051-6417-4b95-a3c8-e250c35d7b02
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Cache-Control: public
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self'
Content-Type: application/javascript
Date: Sat, 04 May 2024 22:18:26 GMT
ETag: W/"19929-1714670954308"
Expires: Sun, 04 May 2025 22:18:26 GMT
Last-Modified: Thu, 02 May 2024 17:29:14 GMT
P3P: CP="CAO PSA OUR"
Set-Cookie: BbRouter=expires:1714862906,id:FDB0360A1902317861AB3E43249D7687,signature:e41ffe3b4e009a91042605264c48eec1c9cce87cdd4a036b9e8c2e3e97ef41f4,site:23571791-3f2c-405d-a28b-05c54c271d9d,v:2,xsrf:6d9e5051-6417-4b95-a3c8-e250c35d7b02; Path=/; Secure; HttpOnly
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1
Content-Length: 7010
Connection: keep-alive
|
|
| 3.66.36.205/branding/themes/pfu/login/js/bootstrap.min.js | 3.66.36.205 | 200 | 9.8 kB |
URL GET HTTP/1.13.66.36.205/branding/themes/pfu/login/js/bootstrap.min.js IP3.66.36.205:443
CertificateIssuerAmazon Subject*.planetaformacion.com Fingerprint67:41:C8:C7:9F:28:F9:B5:AB:0F:6D:4D:B0:1F:08:86:BB:71:C5:F5 ValiditySat, 17 Feb 2024 00:00:00 GMT - Mon, 17 Mar 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (32033) Hash5869c96cc8f19086aee625d670d741f9 430a443d74830fe9be26efca431f448c1b3740f9 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /branding/themes/pfu/login/js/bootstrap.min.js HTTP/1.1
Host: 3.66.36.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3.66.36.205/
Cookie: AWSELB=5FA9C5091C1B6F826542FF0FC5C21E139C16182C142BE47455FDF1894A9E66C09C6A2423C6CBE2EFF3869CE2F1DE4424C06AB2203357501889FA26D74FDF1E8921DF1CA94C; JSESSIONID=3CAD5F43B30C1764D54495B9D7486D28; BbRouter=expires:1714889905,id:FDB0360A1902317861AB3E43249D7687,signature:721eb83d75350e54f1580f7d98fe61aec823b47c734a0e3cc009d1331cd94d7e,site:23571791-3f2c-405d-a28b-05c54c271d9d,v:2,xsrf:6d9e5051-6417-4b95-a3c8-e250c35d7b02
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Cache-Control: public
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self'
Content-Type: application/javascript
Date: Sat, 04 May 2024 22:18:26 GMT
ETag: W/"37045-1714675767166"
Expires: Sun, 04 May 2025 22:18:26 GMT
Last-Modified: Thu, 02 May 2024 18:49:27 GMT
P3P: CP="CAO PSA OUR"
Set-Cookie: BbRouter=expires:1714862906,id:FDB0360A1902317861AB3E43249D7687,signature:e41ffe3b4e009a91042605264c48eec1c9cce87cdd4a036b9e8c2e3e97ef41f4,site:23571791-3f2c-405d-a28b-05c54c271d9d,v:2,xsrf:6d9e5051-6417-4b95-a3c8-e250c35d7b02; Path=/; Secure; HttpOnly
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Vary: Accept-Encoding
X-Blackboard-appserver: ip-10-148-214-165.eu-central-1.compute.internal
X-Blackboard-product: Blackboard Learn ™ 3900.91.0-rel.20+75bf374
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1
Content-Length: 9832
Connection: keep-alive
|
|
| 3.66.36.205/branding/themes/pfu/login/js/main.js | 3.66.36.205 | 200 | 203 B |
URL GET HTTP/1.13.66.36.205/branding/themes/pfu/login/js/main.js IP3.66.36.205:443
CertificateIssuerAmazon Subject*.planetaformacion.com Fingerprint67:41:C8:C7:9F:28:F9:B5:AB:0F:6D:4D:B0:1F:08:86:BB:71:C5:F5 ValiditySat, 17 Feb 2024 00:00:00 GMT - Mon, 17 Mar 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with CRLF line terminators Hash38100e114d252c0bcc1348a118004869 1fd0cc2dc1c4bed2bdc9fc75886e6bf78da7fe1c 425061b74cb9d5b90405c1bd8f43bed0b0bb0be4a570a8b649fffe1712ff3509
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /branding/themes/pfu/login/js/main.js HTTP/1.1
Host: 3.66.36.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3.66.36.205/
Cookie: AWSELB=5FA9C5091C1B6F826542FF0FC5C21E139C16182C142BE47455FDF1894A9E66C09C6A2423C6CBE2EFF3869CE2F1DE4424C06AB2203357501889FA26D74FDF1E8921DF1CA94C; JSESSIONID=3CAD5F43B30C1764D54495B9D7486D28; BbRouter=expires:1714889905,id:FDB0360A1902317861AB3E43249D7687,signature:721eb83d75350e54f1580f7d98fe61aec823b47c734a0e3cc009d1331cd94d7e,site:23571791-3f2c-405d-a28b-05c54c271d9d,v:2,xsrf:6d9e5051-6417-4b95-a3c8-e250c35d7b02
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Cache-Control: public
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self'
Content-Type: application/javascript
Date: Sat, 04 May 2024 22:18:26 GMT
ETag: W/"266-1714675767166"
Expires: Sun, 04 May 2025 22:18:26 GMT
Last-Modified: Thu, 02 May 2024 18:49:27 GMT
P3P: CP="CAO PSA OUR"
Set-Cookie: BbRouter=expires:1714862906,id:FDB0360A1902317861AB3E43249D7687,signature:e41ffe3b4e009a91042605264c48eec1c9cce87cdd4a036b9e8c2e3e97ef41f4,site:23571791-3f2c-405d-a28b-05c54c271d9d,v:2,xsrf:6d9e5051-6417-4b95-a3c8-e250c35d7b02; Path=/; Secure; HttpOnly
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Vary: Accept-Encoding
X-Blackboard-appserver: ip-10-148-214-165.eu-central-1.compute.internal
X-Blackboard-product: Blackboard Learn ™ 3900.91.0-rel.20+75bf374
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1
Content-Length: 203
Connection: keep-alive
|
|
| 3.66.36.205/branding/themes/pfu/login/img/Logotipos_pfu_3.png | 3.66.36.205 | 200 | 17 kB |
URL GET HTTP/1.13.66.36.205/branding/themes/pfu/login/img/Logotipos_pfu_3.png IP3.66.36.205:443
CertificateIssuerAmazon Subject*.planetaformacion.com Fingerprint67:41:C8:C7:9F:28:F9:B5:AB:0F:6D:4D:B0:1F:08:86:BB:71:C5:F5 ValiditySat, 17 Feb 2024 00:00:00 GMT - Mon, 17 Mar 2025 23:59:59 GMT
File typePNG image data, 231 x 89, 8-bit/color RGBA, non-interlaced Hash9ca8264990ad8cfbe5b2341e203e06ee d8b494bf8abdc529515257f76f339c9bd685208f c494f8837548e516ca988c9de3fb1f44a2c10751c2bd536af4327013ae9892e3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /branding/themes/pfu/login/img/Logotipos_pfu_3.png HTTP/1.1
Host: 3.66.36.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3.66.36.205/
Cookie: AWSELB=5FA9C5091C1B6F826542FF0FC5C21E139C16182C142BE47455FDF1894A9E66C09C6A2423C6CBE2EFF3869CE2F1DE4424C06AB2203357501889FA26D74FDF1E8921DF1CA94C; JSESSIONID=3CAD5F43B30C1764D54495B9D7486D28; BbRouter=expires:1714889905,id:FDB0360A1902317861AB3E43249D7687,signature:721eb83d75350e54f1580f7d98fe61aec823b47c734a0e3cc009d1331cd94d7e,site:23571791-3f2c-405d-a28b-05c54c271d9d,v:2,xsrf:6d9e5051-6417-4b95-a3c8-e250c35d7b02
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Accept-Ranges: bytes
Cache-Control: public
Content-Security-Policy: frame-ancestors 'self'
Content-Type: image/png
Date: Sat, 04 May 2024 22:18:26 GMT
ETag: W/"16729-1714675767162"
Expires: Sun, 04 May 2025 22:18:26 GMT
Last-Modified: Thu, 02 May 2024 18:49:27 GMT
P3P: CP="CAO PSA OUR"
Set-Cookie: BbRouter=expires:1714862906,id:FDB0360A1902317861AB3E43249D7687,signature:e41ffe3b4e009a91042605264c48eec1c9cce87cdd4a036b9e8c2e3e97ef41f4,site:23571791-3f2c-405d-a28b-05c54c271d9d,v:2,xsrf:6d9e5051-6417-4b95-a3c8-e250c35d7b02; Path=/; Secure; HttpOnly
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Blackboard-appserver: ip-10-148-214-165.eu-central-1.compute.internal
X-Blackboard-product: Blackboard Learn ™ 3900.91.0-rel.20+75bf374
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1
Content-Length: 16729
Connection: keep-alive
|
|
| 3.66.36.205/images/ci/icons/complete.svg | 3.66.36.205 | 200 | 197 B |
URL GET HTTP/1.13.66.36.205/images/ci/icons/complete.svg IP3.66.36.205:443
CertificateIssuerAmazon Subject*.planetaformacion.com Fingerprint67:41:C8:C7:9F:28:F9:B5:AB:0F:6D:4D:B0:1F:08:86:BB:71:C5:F5 ValiditySat, 17 Feb 2024 00:00:00 GMT - Mon, 17 Mar 2025 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hashbace85b1fa415de4a4a74ca3d381902d 7483c9d380d9c771840f9a0f4d1a896c5fc644d0 6b1d4c32909ee44f2d4e1800bad63003aa44eee1898d89992a061985780f6687
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /images/ci/icons/complete.svg HTTP/1.1
Host: 3.66.36.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3.66.36.205/
Cookie: AWSELB=5FA9C5091C1B6F826542FF0FC5C21E139C16182C142BE47455FDF1894A9E66C09C6A2423C6CBE2EFF3869CE2F1DE4424C06AB2203357501889FA26D74FDF1E8921DF1CA94C; JSESSIONID=3CAD5F43B30C1764D54495B9D7486D28; BbRouter=expires:1714889905,id:FDB0360A1902317861AB3E43249D7687,signature:721eb83d75350e54f1580f7d98fe61aec823b47c734a0e3cc009d1331cd94d7e,site:23571791-3f2c-405d-a28b-05c54c271d9d,v:2,xsrf:6d9e5051-6417-4b95-a3c8-e250c35d7b02
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Cache-Control: private, max-age=0, no-store, must-revalidate
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self'
Content-Type: image/svg+xml
Date: Sat, 04 May 2024 22:18:26 GMT
ETag: W/"342-1714670932832"
Expires: Thu, 04 May 2023 22:18:26 GMT
Last-Modified: Thu, 02 May 2024 17:28:52 GMT
P3P: CP="CAO PSA OUR"
Pragma: private
Set-Cookie: BbRouter=expires:1714862906,id:FDB0360A1902317861AB3E43249D7687,signature:e41ffe3b4e009a91042605264c48eec1c9cce87cdd4a036b9e8c2e3e97ef41f4,site:23571791-3f2c-405d-a28b-05c54c271d9d,v:2,xsrf:6d9e5051-6417-4b95-a3c8-e250c35d7b02; Path=/; Secure; HttpOnly
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Vary: Accept-Encoding
X-Blackboard-appserver: ip-10-148-214-165.eu-central-1.compute.internal
X-Blackboard-product: Blackboard Learn ™ 3900.91.0-rel.20+75bf374
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1
Content-Length: 197
Connection: keep-alive
|
|
| fonts.googleapis.com/css?family=Lato:700%7CMontserrat:400,600 | 142.250.74.106 | 200 OK | 1.1 kB |
URL GET HTTP/2fonts.googleapis.com/css?family=Lato:700%7CMontserrat:400,600 IP142.250.74.106:443
CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typegzip compressed data, max compression Hash4ab85608f444f0390d2c0f430a1e238d 8c6c9733593ff0f3a9ea1f2209c03c765eaeffbb 607d0ca925e96d71572d563b55c9062ddf0f3aa6f29774ee889018a777f9d57d
GET /css?family=Lato:700%7CMontserrat:400,600 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3.66.36.205/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 22:18:26 GMT
date: Sat, 04 May 2024 22:18:26 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 3.66.36.205/branding/themes/pfu/login/img/PFU_Hospitalet.jpg | 3.66.36.205 | 200 | 213 kB |
URL GET HTTP/1.13.66.36.205/branding/themes/pfu/login/img/PFU_Hospitalet.jpg IP3.66.36.205:443
CertificateIssuerAmazon Subject*.planetaformacion.com Fingerprint67:41:C8:C7:9F:28:F9:B5:AB:0F:6D:4D:B0:1F:08:86:BB:71:C5:F5 ValiditySat, 17 Feb 2024 00:00:00 GMT - Mon, 17 Mar 2025 23:59:59 GMT
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1500x991, components 3 Size213 kB (212765 bytes) Hashaa8810f0cb53da98979daf39f8f2a2eb a69401c36752cc209ff97d7a2a75e5a9eb8ad211 51cd463d2a29ca331326382ea883c60a69c2d16b4c79a50f37d66753d36c19ad
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /branding/themes/pfu/login/img/PFU_Hospitalet.jpg HTTP/1.1
Host: 3.66.36.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3.66.36.205/branding/themes/pfu/login/css/style.css
Cookie: AWSELB=5FA9C5091C1B6F826542FF0FC5C21E139C16182C142BE47455FDF1894A9E66C09C6A2423C6CBE2EFF3869CE2F1DE4424C06AB2203357501889FA26D74FDF1E8921DF1CA94C; JSESSIONID=3CAD5F43B30C1764D54495B9D7486D28; BbRouter=expires:1714862906,id:FDB0360A1902317861AB3E43249D7687,signature:e41ffe3b4e009a91042605264c48eec1c9cce87cdd4a036b9e8c2e3e97ef41f4,site:23571791-3f2c-405d-a28b-05c54c271d9d,v:2,xsrf:6d9e5051-6417-4b95-a3c8-e250c35d7b02
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Accept-Ranges: bytes
Cache-Control: public
Content-Security-Policy: frame-ancestors 'self'
Content-Type: image/jpeg
Date: Sat, 04 May 2024 22:18:26 GMT
ETag: W/"212765-1714675767162"
Expires: Sun, 04 May 2025 22:18:26 GMT
Last-Modified: Thu, 02 May 2024 18:49:27 GMT
P3P: CP="CAO PSA OUR"
Set-Cookie: BbRouter=expires:1714862906,id:FDB0360A1902317861AB3E43249D7687,signature:e41ffe3b4e009a91042605264c48eec1c9cce87cdd4a036b9e8c2e3e97ef41f4,site:23571791-3f2c-405d-a28b-05c54c271d9d,v:2,xsrf:6d9e5051-6417-4b95-a3c8-e250c35d7b02; Path=/; Secure; HttpOnly
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Blackboard-appserver: ip-10-148-214-165.eu-central-1.compute.internal
X-Blackboard-product: Blackboard Learn ™ 3900.91.0-rel.20+75bf374
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1
Content-Length: 212765
Connection: keep-alive
|
|
| learn.content.blackboardcdn.com/3900.91.0-rel.20+75bf374/javascript/cookie.js?v=3900.91.0-rel.20+75bf374 | 172.64.153.113 | 200 OK | 1.3 kB |
URL GET HTTP/2learn.content.blackboardcdn.com/3900.91.0-rel.20+75bf374/javascript/cookie.js?v=3900.91.0-rel.20+75bf374 IP172.64.153.113:443
CertificateIssuerGoogle Trust Services LLC Subjectlearn.content.blackboardcdn.com FingerprintC2:61:8B:75:CE:2E:63:71:B3:EA:0D:72:B7:57:75:10:FD:2B:49:36 ValidityWed, 03 Apr 2024 23:44:39 GMT - Tue, 02 Jul 2024 23:44:38 GMT
Hasha183fc09aa8be412e99d9f469396fd48 3e4d6d08adf86ca9f173654883a720b85568c288 2f6a37a29c735dc433c33e9581d0fd237918b350ab5636bd867920cdca147940
GET /3900.91.0-rel.20+75bf374/javascript/cookie.js?v=3900.91.0-rel.20+75bf374 HTTP/1.1
Host: learn.content.blackboardcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3.66.36.205/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 22:18:26 GMT
content-type: application/javascript
cf-ray: 87ebddd9cfbfb512-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 218786
cache-control: public, max-age=2592000
etag: W/"a183fc09aa8be412e99d9f469396fd48"
last-modified: Tue, 30 Apr 2024 19:15:44 GMT
vary: Accept-Encoding, Origin
x-worker-version: iW/tmK21arnNMMoDMStU832MRxDXRJtalnyNOSizCKM=
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 | 216.58.207.227 | 200 OK | 33 kB |
URL GET HTTP/2fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 IP216.58.207.227:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 33092, version 1.0 Hash057478083c1d55ea0c2182b24f6dd72f caf557cd276a76992084efc4c8857b66791a6b7f bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
GET /s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://3.66.36.205
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 33092
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:38:02 GMT
expires: Fri, 02 May 2025 02:38:02 GMT
cache-control: public, max-age=31536000
age: 243624
last-modified: Wed, 13 Sep 2023 22:51:58 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2 | 216.58.207.227 | 200 OK | 23 kB |
URL GET HTTP/2fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2 IP216.58.207.227:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 23040, version 1.0 Hashde69cf9e514df447d1b0bb16f49d2457 2ac78601179c3a63ba3f3f3081556b12ddcaf655 c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
GET /s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://3.66.36.205
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 01:55:21 GMT
expires: Sat, 03 May 2025 01:55:21 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 May 2023 15:07:25 GMT
content-type: font/woff2
age: 159785
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 | 216.58.207.227 | 200 OK | 33 kB |
URL GET HTTP/2fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 IP216.58.207.227:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 33092, version 1.0 Hash057478083c1d55ea0c2182b24f6dd72f caf557cd276a76992084efc4c8857b66791a6b7f bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
GET /s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://3.66.36.205
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 33092
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:38:02 GMT
expires: Fri, 02 May 2025 02:38:02 GMT
cache-control: public, max-age=31536000
age: 243624
last-modified: Wed, 13 Sep 2023 22:51:58 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 3.66.36.205/branding/themes/pfu/login/img/favicon.ico | 3.66.36.205 | 200 | 567 B |
URL GET HTTP/1.13.66.36.205/branding/themes/pfu/login/img/favicon.ico IP3.66.36.205:443
CertificateIssuerAmazon Subject*.planetaformacion.com Fingerprint67:41:C8:C7:9F:28:F9:B5:AB:0F:6D:4D:B0:1F:08:86:BB:71:C5:F5 ValiditySat, 17 Feb 2024 00:00:00 GMT - Mon, 17 Mar 2025 23:59:59 GMT
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Hash28680060e7d271e44a090825544a7e4f 727048256eb664775cb773a02d873f1f2fdba32f 2099ce209df439da9bae33b7635c11380e04477bccd4ff918390f35850725561
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /branding/themes/pfu/login/img/favicon.ico HTTP/1.1
Host: 3.66.36.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3.66.36.205/
Cookie: AWSELB=5FA9C5091C1B6F826542FF0FC5C21E139C16182C142BE47455FDF1894A9E66C09C6A2423C6CBE2EFF3869CE2F1DE4424C06AB2203357501889FA26D74FDF1E8921DF1CA94C; JSESSIONID=3CAD5F43B30C1764D54495B9D7486D28; BbRouter=expires:1714862906,id:FDB0360A1902317861AB3E43249D7687,signature:e41ffe3b4e009a91042605264c48eec1c9cce87cdd4a036b9e8c2e3e97ef41f4,site:23571791-3f2c-405d-a28b-05c54c271d9d,v:2,xsrf:6d9e5051-6417-4b95-a3c8-e250c35d7b02
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Cache-Control: public
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self'
Content-Type: image/x-icon
Date: Sat, 04 May 2024 22:18:26 GMT
ETag: W/"1150-1714675767162"
Expires: Sun, 04 May 2025 22:18:26 GMT
Last-Modified: Thu, 02 May 2024 18:49:27 GMT
P3P: CP="CAO PSA OUR"
Set-Cookie: BbRouter=expires:1714862906,id:FDB0360A1902317861AB3E43249D7687,signature:e41ffe3b4e009a91042605264c48eec1c9cce87cdd4a036b9e8c2e3e97ef41f4,site:23571791-3f2c-405d-a28b-05c54c271d9d,v:2,xsrf:6d9e5051-6417-4b95-a3c8-e250c35d7b02; Path=/; Secure; HttpOnly
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Vary: Accept-Encoding
X-Blackboard-appserver: ip-10-148-214-165.eu-central-1.compute.internal
X-Blackboard-product: Blackboard Learn ™ 3900.91.0-rel.20+75bf374
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1
Content-Length: 567
Connection: keep-alive
|
|
| learn.content.blackboardcdn.com/3900.91.0-rel.20+75bf374/javascript/validate_login.js?v=3900.91.0-rel.20+75bf374 | 172.64.153.113 | 200 OK | 3.2 kB |
URL GET HTTP/2learn.content.blackboardcdn.com/3900.91.0-rel.20+75bf374/javascript/validate_login.js?v=3900.91.0-rel.20+75bf374 IP172.64.153.113:443
CertificateIssuerGoogle Trust Services LLC Subjectlearn.content.blackboardcdn.com FingerprintC2:61:8B:75:CE:2E:63:71:B3:EA:0D:72:B7:57:75:10:FD:2B:49:36 ValidityWed, 03 Apr 2024 23:44:39 GMT - Tue, 02 Jul 2024 23:44:38 GMT
File typeASCII text, with very long lines (3368), with no line terminators Hashf27db630f8fcd54669b40f93f7a1b3c7 baa0922197da345b8087bc8ee8edca486b42f849 b1d67f15c6a6efed855f99b542ae6f1e07757065588d8dff4b16c028458d35b3
GET /3900.91.0-rel.20+75bf374/javascript/validate_login.js?v=3900.91.0-rel.20+75bf374 HTTP/1.1
Host: learn.content.blackboardcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3.66.36.205/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 22:18:26 GMT
content-type: application/javascript
cf-ray: 87ebddd9dfcbb512-OSL
cf-cache-status: HIT
access-control-allow-origin: *
cache-control: public, max-age=2592000
etag: W/"58b55c878740f7be38dc13b71d22646d"
last-modified: Tue, 30 Apr 2024 19:15:45 GMT
vary: Accept-Encoding, Origin
x-worker-version: iW/tmK21arnNMMoDMStU832MRxDXRJtalnyNOSizCKM=
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|