urlscan.io logo urlscan.io
SecurityTrails logo

isc.sans.edu Open in urlscan Pro
45.60.103.34  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://isc.sans.edu/forums/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191/
Effective URL: https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Submission: On April 20 via api from BY — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 34 HTTP transactions. The main IP is 45.60.103.34, located in United States and belongs to INCAPSULA, US. The main domain is isc.sans.edu. The Cisco Umbrella rank of the primary domain is 125631.
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2024 Q1 on January 19th 2024. Valid for: 6 months.
This is the only time isc.sans.edu was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 35 45.60.103.34 19551 (INCAPSULA)
34 2
Apex Domain
Subdomains		 Transfer
35 sans.edu
isc.sans.edu — Cisco Umbrella Rank: 125631
687 KB
34 1
Domain Requested by
35 isc.sans.edu 1 redirects isc.sans.edu
34 1
Subject Issuer Validity Valid
imperva.com
GlobalSign Atlas R3 DV TLS CA 2024 Q1		 2024-01-19 -
2024-07-17		 6 months crt.sh

This page contains 1 frames:

Primary Page: https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Frame ID: 02EA790BCDFA8B6BB0545FCD16FCD79F
Requests: 38 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Campaign is using a recently released WebLogic exploit to deploy a Monero miner - SANS Internet Storm Center

Page URL History Show full URLs

  1. https://isc.sans.edu/forums/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deplo... HTTP 301
    https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Mon... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • /_Incapsula_Resource
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

34
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

686 kB
Transfer

1004 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://isc.sans.edu/forums/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191/ HTTP 301
    https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

34 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 23191
isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/
Redirect Chain
  • https://isc.sans.edu/forums/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191/
  • https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
37 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
0d8261c36240d1c328edc99b1217fed2787d272d6ba0fbb2ab75ec25e89eba18
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src https://isc.sans.edu https://snap.licdn.com https://www.youtube.com https://challenges.cloudflare.com 'self' 'unsafe-inline' unsafe-eval;style-src 'self' 'unsafe-inline';img-src 'self' https://isc.sans.edu data:;font-src 'self' data: https://fonts.gstatic.com;media-src 'self' https://traffic.libsyn.com https://hwcdn.libsyn.com https://content.libsyn.com https://chrt.fm/ https://www.dshield.org;object-src 'none';child-src 'self' https://www.sans.org;frame-src 'self' https://www.sans.org https://www.youtube.com https://challenges.cloudflare.com https://www.youtube-nocookie.com;connect-src 'self' https://isc.sans.edu https://www.dshield.org https://api.sans.org;worker-src 'none';frame-ancestors https://isc.sans.edu https://www.dshield.org https://www.sans.org;form-action 'self';manifest-src 'self' https://isc.sans.edu https://feeds.dshield.org;report-uri https://isc.sans.edu/cspreport.html;upgrade-insecure-requests ;block-all-mixed-content
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
max-age=600, s-maxage=600, public
content-encoding
gzip
content-security-policy
default-src 'self';script-src https://isc.sans.edu https://snap.licdn.com https://www.youtube.com https://challenges.cloudflare.com 'self' 'unsafe-inline' unsafe-eval;style-src 'self' 'unsafe-inline';img-src 'self' https://isc.sans.edu data:;font-src 'self' data: https://fonts.gstatic.com;media-src 'self' https://traffic.libsyn.com https://hwcdn.libsyn.com https://content.libsyn.com https://chrt.fm/ https://www.dshield.org;object-src 'none';child-src 'self' https://www.sans.org;frame-src 'self' https://www.sans.org https://www.youtube.com https://challenges.cloudflare.com https://www.youtube-nocookie.com;connect-src 'self' https://isc.sans.edu https://www.dshield.org https://api.sans.org;worker-src 'none';frame-ancestors https://isc.sans.edu https://www.dshield.org https://www.sans.org;form-action 'self';manifest-src 'self' https://isc.sans.edu https://feeds.dshield.org;report-uri https://isc.sans.edu/cspreport.html;upgrade-insecure-requests ;block-all-mixed-content
content-type
text/html; charset=UTF-8
date
Sat, 20 Apr 2024 01:17:17 GMT
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
expires
Thu, 19 Nov 1981 08:52:00 GMT
p3p
CP="NON DSP COR CURa ADMa DEVa HISa OUR SAMa DELa UNRa BUS"
permitted-cross-domain-policies
none
pragma
no-cache
randomness
15f93ba22a2c3804ea
referrer-policy
same-origin
server
nc -l -p 80
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-cdn
Imperva
x-content-type-options
nosniff
x-do-not-hack
18 U.S.C. Parag 1030
x-frame-options
SAMEORIGIN SAMEORIGIN
x-heyjason
DEV522 rocks
x-iinfo
12-51427794-51350036 pNYy RT(1713575836831 289) q(0 0 0 -1) r(6 6) U12
x-isc-cdn
6704cb8852
x-xss-protection
1; mode=block

Redirect headers

content-length
0
content-type
text/html; charset=UTF-8
date
Sat, 20 Apr 2024 01:17:17 GMT
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
location
/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
permitted-cross-domain-policies
none
referrer-policy
same-origin
server
nc -l -p 80
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-cdn
Imperva
x-content-type-options
nosniff
x-do-not-hack
18 U.S.C. Parag 1030
x-frame-options
SAMEORIGIN
x-heyjason
DEV522 rocks
x-iinfo
12-51427794-51350036 pNNy RT(1713575836831 122) q(0 0 0 0) r(0 0) U11
x-isc-cdn
6704cb8852
x-xss-protection
1; mode=block
screen.css
isc.sans.edu/css/ 		43 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://isc.sans.edu/css/screen.css
Requested by
Host: isc.sans.edu
URL: https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
23326310dbdd4beeb0b8ef0180b730d3e83e89a2cd00bb1119537a10f2b4a59f
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 01:17:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubDomains
x-cdn
Imperva
x-iinfo
12-51427794-0 0CNN RT(1713575836831 1094) q(0 -1 -1 -1) r(0 -1)
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
content-length
8817
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 09 Mar 2023 12:16:16 GMT
server
nc -l -p 80
etag
"aad7-5f6769c8cf1b8"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
text/css
x-do-not-hack
18 U.S.C. Parag 1030
cache-control
max-age=2579, public
expires
Sat, 20 Apr 2024 02:00:16 GMT
msft.css
isc.sans.edu/css/ 		424 B
368 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://isc.sans.edu/css/msft.css
Requested by
Host: isc.sans.edu
URL: https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
5b410c36f42c11a3a17c6bb0627f0d85b7c79b386b3e0d73cc568999020bebb2
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 01:17:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubDomains
x-cdn
Imperva
x-iinfo
12-51427794-0 0CNN RT(1713575836831 1098) q(0 -1 -1 -1) r(0 -1)
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
content-length
194
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 17 Mar 2022 13:23:45 GMT
server
nc -l -p 80
etag
"23d-5da69f08a9af6"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
text/css
x-do-not-hack
18 U.S.C. Parag 1030
cache-control
max-age=2580, public
expires
Sat, 20 Apr 2024 02:00:17 GMT
fontawesome.css
isc.sans.edu/css/ 		46 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://isc.sans.edu/css/fontawesome.css
Requested by
Host: isc.sans.edu
URL: https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
abb60753f5c30c99820f4bbef2e96f2789e20b8a63f39b1b9975185d8e02d627
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 01:17:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubDomains
x-cdn
Imperva
x-iinfo
12-51427794-0 0CNN RT(1713575836831 1104) q(0 -1 -1 -1) r(0 -1)
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
content-length
10216
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Tue, 22 Nov 2022 14:46:12 GMT
server
nc -l -p 80
etag
"b75f-5ee103bc070e6"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
text/css
x-do-not-hack
18 U.S.C. Parag 1030
cache-control
max-age=2579, public
expires
Sat, 20 Apr 2024 02:00:16 GMT
v3.css
isc.sans.edu/css/ 		35 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://isc.sans.edu/css/v3.css
Requested by
Host: isc.sans.edu
URL: https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
b2533a8e832118cdbd21009a2f6d50f09f682f632de04ec1a314f3a4e1a3ec47
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 01:17:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubDomains
x-cdn
Imperva
x-iinfo
12-51427794-0 0CNN RT(1713575836831 1107) q(0 -1 -1 -1) r(0 -1)
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
content-length
9135
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Sun, 05 Feb 2023 13:58:18 GMT
server
nc -l -p 80
etag
"8bab-5f3f44e82f721"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
text/css
x-do-not-hack
18 U.S.C. Parag 1030
cache-control
max-age=2579, public
expires
Sat, 20 Apr 2024 02:00:16 GMT
bootstrap-modal.min.css
isc.sans.edu/css/bootstrap-modal/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://isc.sans.edu/css/bootstrap-modal/bootstrap-modal.min.css
Requested by
Host: isc.sans.edu
URL: https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
f8e97c36779891ad251153beefb65310c9610d128bd05cb464865a248607ee1c
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 01:17:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubDomains
x-cdn
Imperva
x-iinfo
12-51427794-0 0CNN RT(1713575836831 1117) q(0 -1 -1 -1) r(0 -1)
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
content-length
1535
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 17 Mar 2022 13:23:45 GMT
server
nc -l -p 80
etag
"1329-5da69f0872446"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
text/css
x-do-not-hack
18 U.S.C. Parag 1030
cache-control
max-age=2579, public
expires
Sat, 20 Apr 2024 02:00:16 GMT
jquery-3.7.0.min.js
isc.sans.edu/js/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://isc.sans.edu/js/jquery-3.7.0.min.js
Requested by
Host: isc.sans.edu
URL: https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
cfbcbb1d8837f5a6d702618d25bf25d0dbb2971df59488b8400dfd902bdffc00
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 01:17:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubDomains
x-cdn
Imperva
x-iinfo
12-51427794-0 0CNN RT(1713575836831 1120) q(0 -1 -1 -1) r(0 -1)
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
content-length
30273
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 09 Jun 2023 00:46:16 GMT
server
nc -l -p 80
etag
"155a6-5fda7b250ccd8"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
x-do-not-hack
18 U.S.C. Parag 1030
cache-control
max-age=2570, public
expires
Sat, 20 Apr 2024 02:00:07 GMT
count.js
isc.sans.edu/js/ 		886 B
797 B 		Script
General
Check archive.org
Download Go to
Full URL
https://isc.sans.edu/js/count.js
Requested by
Host: isc.sans.edu
URL: https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
522ace4616664c6f58c32821e9a0efd24dc2fdba0776727733cabc005773cff2
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 01:17:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubDomains
x-cdn
Imperva
x-iinfo
12-51427794-0 0CNN RT(1713575836831 1124) q(0 -1 -1 -1) r(0 -1)
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
content-length
521
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 17 Mar 2022 13:23:51 GMT
server
nc -l -p 80
etag
"436-5da69f0eb77b1"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
x-do-not-hack
18 U.S.C. Parag 1030
cache-control
max-age=2580, public
expires
Sat, 20 Apr 2024 02:00:17 GMT
bootstrap.min.js
isc.sans.edu/js/bootstrap-modal/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://isc.sans.edu/js/bootstrap-modal/bootstrap.min.js
Requested by
Host: isc.sans.edu
URL: https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
da5bb005bf56b2d66ce6e7de6e3df42cc7d8289aac6ad4d42cbc05457b5ae7f4
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 01:17:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubDomains
x-cdn
Imperva
x-iinfo
12-51427794-0 0CNN RT(1713575836831 1131) q(0 -1 -1 -1) r(0 -1)
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
content-length
2047
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 17 Mar 2022 13:23:51 GMT
server
nc -l -p 80
etag
"19c9-5da69f0eb3168"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
x-do-not-hack
18 U.S.C. Parag 1030
cache-control
max-age=2580, public
expires
Sat, 20 Apr 2024 02:00:17 GMT
default.css
isc.sans.edu/css/codesnippet/lib/highlight/styles/ 		2 KB
979 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://isc.sans.edu/css/codesnippet/lib/highlight/styles/default.css
Requested by
Host: isc.sans.edu
URL: https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
4395773d4b70c9994c9b6da812c003842ed00153e7e6f7b75973b8f21c87a02d
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 01:17:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubDomains
x-cdn
Imperva
x-iinfo
12-51427794-0 0CNN RT(1713575836831 1134) q(0 -1 -1 -1) r(0 -1)
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
content-length
805
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 29 Aug 2022 16:04:40 GMT
server
nc -l -p 80
etag
"a5b-5e7636bdbfb68"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
text/css
x-do-not-hack
18 U.S.C. Parag 1030
cache-control
max-age=2605, public
expires
Sat, 20 Apr 2024 02:00:42 GMT
highlight.pack.js
isc.sans.edu/css/codesnippet/lib/highlight/ 		29 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://isc.sans.edu/css/codesnippet/lib/highlight/highlight.pack.js
Requested by
Host: isc.sans.edu
URL: https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
0826313b389703d7832daa4d6f3f385d11bb06b8bf17c0bbec6b0de358ed81ae
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 01:17:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubDomains
x-cdn
Imperva
x-iinfo
12-51427794-0 0CNN RT(1713575836831 1137) q(0 -1 -1 -1) r(0 -1)
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
content-length
12274
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 29 Aug 2022 16:04:40 GMT
server
nc -l -p 80
etag
"7602-5e7636bdb47be"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
application/javascript
x-do-not-hack
18 U.S.C. Parag 1030
cache-control
max-age=2605, public
expires
Sat, 20 Apr 2024 02:00:42 GMT
commentmanagement.js
isc.sans.edu/js/ 		706 B
470 B 		Script
General
Check archive.org
Download Go to
Full URL
https://isc.sans.edu/js/commentmanagement.js
Requested by
Host: isc.sans.edu
URL: https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
a843e40f27fdf2e31b7e5647fe00812c762dab1708a59c951471f3d8a1986f92
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 01:17:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubDomains
x-cdn
Imperva
x-iinfo
12-51427794-0 0CNN RT(1713575836831 1210) q(0 -1 -1 -1) r(0 -1)
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
content-length
296
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Tue, 03 Oct 2023 17:35:23 GMT
server
nc -l -p 80
etag
"34e-606d350c9bb60"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
x-do-not-hack
18 U.S.C. Parag 1030
cache-control
max-age=2604, public
expires
Sat, 20 Apr 2024 02:00:42 GMT
diarycount.js
isc.sans.edu/js/ 		407 B
437 B 		Script
General
Check archive.org
Download Go to
Full URL
https://isc.sans.edu/js/diarycount.js?diary=23191
Requested by
Host: isc.sans.edu
URL: https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
bb91fa5868e4874a5afe009fceb1bb7d62bc8dd737884e0f19d21fb7e50185f6
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 01:17:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubDomains
x-cdn
Imperva
x-iinfo
12-51427794-51427846 3CNN RT(1713575836831 1212) q(0 0 0 -1) r(0 0) U18
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
content-length
279
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 17 Mar 2022 13:23:51 GMT
server
nc -l -p 80
etag
"20f-5da69f0ec69e9"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
x-do-not-hack
18 U.S.C. Parag 1030
cache-control
max-age=27372, public
expires
Sat, 20 Apr 2024 08:53:30 GMT
weblogic-Imagem1.png
isc.sans.edu/diaryimages/images/ 		72 KB
73 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://isc.sans.edu/diaryimages/images/weblogic-Imagem1.png
Requested by
Host: isc.sans.edu
URL: https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
237a3d34ac15c6b445758942f78037848d5a98f9281c5179091f8069fafe0230
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 01:17:18 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
x-cdn
Imperva
x-iinfo
12-51427794-51409232 3NNN RT(1713575836831 1213) q(0 0 0 -1) r(1 1) U18
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
content-length
73744
x-xss-protection
1; mode=block
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Mon, 19 Mar 2018 22:32:13 GMT
server
nc -l -p 80
etag
"12010-567cb8781b7d3"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
image/png
x-do-not-hack
18 U.S.C. Parag 1030
accept-ranges
bytes
weblogic-Imagem2.png
isc.sans.edu/diaryimages/images/ 		93 KB
93 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://isc.sans.edu/diaryimages/images/weblogic-Imagem2.png
Requested by
Host: isc.sans.edu
URL: https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
6d3abe8c33ad20ba7bb4d0f8e94b197faba36ccb2cb721b7a1fa39c04b733280
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 01:17:18 GMT
strict-transport-security
max-age=31556926; includeSubDomains
x-content-type-options
nosniff
x-cdn
Imperva
x-iinfo
12-51427794-51411269 2CNN RT(1713575836831 1215) q(0 0 0 -1) r(0 0) U18
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
content-length
94894
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 19 Mar 2018 22:32:13 GMT
server
nc -l -p 80
etag
"1e379-567cb8781b7eb"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
image/png
x-do-not-hack
18 U.S.C. Parag 1030
cache-control
max-age=21095, public
expires
Sat, 20 Apr 2024 07:08:53 GMT
adimg.html
isc.sans.edu/ 		6 B
187 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://isc.sans.edu/adimg.html?id=
Requested by
Host: isc.sans.edu
URL: https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 01:17:18 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
content-encoding
gzip
x-cdn
Imperva
x-iinfo
12-51427794-51225985 pNYy RT(1713575836831 1444) q(0 0 0 -1) r(1 1) U12
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
x-xss-protection
1; mode=block
x-isc-cdn
6704cb8852
referrer-policy
same-origin
server
nc -l -p 80
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
x-do-not-hack
18 U.S.C. Parag 1030
cc.png
isc.sans.edu/images/ 		434 B
611 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://isc.sans.edu/images/cc.png
Requested by
Host: isc.sans.edu
URL: https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
2e9cc87129db6f454cd3d8f3c92fd5b74341db967dc7a3fda2929d5a90827c79
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 01:17:18 GMT
strict-transport-security
max-age=31556926; includeSubDomains
x-content-type-options
nosniff
x-cdn
Imperva
x-iinfo
12-51427794-0 0CNN RT(1713575836831 1445) q(0 -1 -1 -1) r(0 -1)
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
content-length
434
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 17 Mar 2022 13:23:46 GMT
server
nc -l -p 80
etag
"1cd-5da69f09c178b"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
image/png
x-do-not-hack
18 U.S.C. Parag 1030
cache-control
max-age=2579, public
expires
Sat, 20 Apr 2024 02:00:17 GMT
main.js
isc.sans.edu/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://isc.sans.edu/js/main.js
Requested by
Host: isc.sans.edu
URL: https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
3e424144af3ce136a83619fbc03d907b75ecb223a8149605ed2f16c2b70cddb2
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 01:17:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubDomains
x-cdn
Imperva
x-iinfo
12-51427794-0 0CNN RT(1713575836831 1447) q(0 -1 -1 -1) r(0 -1)
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
content-length
1058
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 17 Mar 2022 13:23:56 GMT
server
nc -l -p 80
etag
"d10-5da69f12e54cc"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
x-do-not-hack
18 U.S.C. Parag 1030
cache-control
max-age=2579, public
expires
Sat, 20 Apr 2024 02:00:17 GMT
menu.js
isc.sans.edu/js/ 		617 B
371 B 		Script
General
Check archive.org
Download Go to
Full URL
https://isc.sans.edu/js/menu.js
Requested by
Host: isc.sans.edu
URL: https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
b565f7dab07d866493477cf4d92c74d6ead408528ef551975fad939cb38d7529
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 01:17:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubDomains
x-cdn
Imperva
x-iinfo
12-51427794-0 0CNN RT(1713575836831 1447) q(0 -1 -1 -1) r(0 -1)
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
content-length
248
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 08 Jul 2022 20:12:59 GMT
server
nc -l -p 80
etag
"2c4-5e350d41b8c3a"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
x-do-not-hack
18 U.S.C. Parag 1030
cache-control
max-age=2578, public
expires
Sat, 20 Apr 2024 02:00:16 GMT
_Incapsula_Resource
isc.sans.edu/ 		142 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://isc.sans.edu/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=2&cb=1334035036
Requested by
Host: isc.sans.edu
URL: https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
1b1f75bdb71b5e29502e79fd1d505e173f54d977f41a9b95ec09f47d10d90b73
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31556926; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
referrer-policy
same-origin
server
nc -l -p 80
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
application/javascript
x-do-not-hack
18 U.S.C. Parag 1030
cache-control
no-cache, no-store
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
x-robots-tag
noindex
content-length
20315
x-xss-protection
1; mode=block
count
isc.sans.edu/api/ 		15 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://isc.sans.edu/api/count?json&r=0.23416520560370646&count=21d66c3b-c067-4c85-b9bc-4b89415553a8&width=1600
Requested by
Host: isc.sans.edu
URL: https://isc.sans.edu/js/count.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src https://isc.sans.edu https://snap.licdn.com https://www.youtube.com https://challenges.cloudflare.com 'self' 'unsafe-inline' unsafe-eval;style-src 'self' 'unsafe-inline';img-src 'self' https://isc.sans.edu data:;font-src 'self' data: https://fonts.gstatic.com;media-src 'self' https://traffic.libsyn.com https://hwcdn.libsyn.com https://content.libsyn.com https://chrt.fm/ https://www.dshield.org;object-src 'none';child-src 'self' https://www.sans.org;frame-src 'self' https://www.sans.org https://www.youtube.com https://challenges.cloudflare.com https://www.youtube-nocookie.com;connect-src 'self' https://isc.sans.edu https://www.dshield.org https://api.sans.org;worker-src 'none';frame-ancestors https://isc.sans.edu https://www.dshield.org https://www.sans.org;form-action 'self';manifest-src 'self' https://isc.sans.edu https://feeds.dshield.org;report-uri https://isc.sans.edu/cspreport.html;upgrade-insecure-requests ;block-all-mixed-content
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 01:17:18 GMT
content-security-policy
default-src 'self';script-src https://isc.sans.edu https://snap.licdn.com https://www.youtube.com https://challenges.cloudflare.com 'self' 'unsafe-inline' unsafe-eval;style-src 'self' 'unsafe-inline';img-src 'self' https://isc.sans.edu data:;font-src 'self' data: https://fonts.gstatic.com;media-src 'self' https://traffic.libsyn.com https://hwcdn.libsyn.com https://content.libsyn.com https://chrt.fm/ https://www.dshield.org;object-src 'none';child-src 'self' https://www.sans.org;frame-src 'self' https://www.sans.org https://www.youtube.com https://challenges.cloudflare.com https://www.youtube-nocookie.com;connect-src 'self' https://isc.sans.edu https://www.dshield.org https://api.sans.org;worker-src 'none';frame-ancestors https://isc.sans.edu https://www.dshield.org https://www.sans.org;form-action 'self';manifest-src 'self' https://isc.sans.edu https://feeds.dshield.org;report-uri https://isc.sans.edu/cspreport.html;upgrade-insecure-requests ;block-all-mixed-content
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubdomains; preload
content-encoding
gzip
x-cdn
Imperva
randomness
b74bd0560ae3d4c6
x-iinfo
12-51427794-51350036 pNYy RT(1713575836831 1357) q(0 0 0 -1) r(1 1) U2
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
x-xss-protection
1; mode=block
pragma
no-cache
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Sat, 20 Apr 2024 01:07:18 +0000
server
nc -l -p 80
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
text/json;charset=UTF-8
access-control-allow-origin
*
x-do-not-hack
18 U.S.C. Parag 1030
cache-control
s-maxage=600
expires
Sat, 20 Apr 2024 01:27:18 +0000
fullscreen.png
isc.sans.edu/images/ 		304 B
461 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://isc.sans.edu/images/fullscreen.png
Requested by
Host: isc.sans.edu
URL: https://isc.sans.edu/css/screen.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
7852fd09fb0977b2943e8206ca24bcc38b14321f78da75d98ef61a46130d9250
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://isc.sans.edu/css/screen.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 01:17:18 GMT
strict-transport-security
max-age=31556926; includeSubDomains
x-content-type-options
nosniff
x-cdn
Imperva
x-iinfo
12-51427794-0 0CNN RT(1713575836831 1457) q(0 -1 -1 -1) r(0 -1)
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
content-length
304
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 17 Mar 2022 13:23:49 GMT
server
nc -l -p 80
etag
"15a-5da69f0c11048"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
image/png
x-do-not-hack
18 U.S.C. Parag 1030
cache-control
max-age=2605, public
expires
Sat, 20 Apr 2024 02:00:43 GMT
facebook.ico
isc.sans.edu/images/icons/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://isc.sans.edu/images/icons/facebook.ico
Requested by
Host: isc.sans.edu
URL: https://isc.sans.edu/css/screen.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
5678ee6a1f605d6ada6230003a8d9c182869e1f40d02d414b368cc820c9a97b8
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://isc.sans.edu/css/screen.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 01:17:18 GMT
strict-transport-security
max-age=31556926; includeSubDomains
x-content-type-options
nosniff
x-cdn
Imperva
x-iinfo
12-51427794-0 0CNN RT(1713575836831 1458) q(0 -1 -1 -1) r(0 -1)
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
content-length
1150
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 17 Mar 2022 13:23:49 GMT
server
nc -l -p 80
etag
"47e-5da69f0c27f7c"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
image/vnd.microsoft.icon
x-do-not-hack
18 U.S.C. Parag 1030
cache-control
max-age=3457, public
expires
Sat, 20 Apr 2024 02:14:55 GMT
twitter.ico
isc.sans.edu/images/icons/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://isc.sans.edu/images/icons/twitter.ico
Requested by
Host: isc.sans.edu
URL: https://isc.sans.edu/css/screen.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
15e2a6aec006e029bcccaf870ab8606a4c03a7ff3df90239ff5cd889ca585a39
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://isc.sans.edu/css/screen.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 01:17:18 GMT
strict-transport-security
max-age=31556926; includeSubDomains
x-content-type-options
nosniff
x-cdn
Imperva
x-iinfo
12-51427794-0 0CNN RT(1713575836831 1460) q(0 -1 -1 -1) r(0 -1)
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
content-length
6518
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 17 Mar 2022 13:23:49 GMT
server
nc -l -p 80
etag
"1976-5da69f0c371a8"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
image/vnd.microsoft.icon
x-do-not-hack
18 U.S.C. Parag 1030
cache-control
max-age=3458, public
expires
Sat, 20 Apr 2024 02:14:56 GMT
poppins-regular.ttf
isc.sans.edu/webfonts/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://isc.sans.edu/webfonts/poppins-regular.ttf
Requested by
Host: isc.sans.edu
URL: https://isc.sans.edu/css/v3.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
66807e8e108c648c970aeace0886706f8c95c616f036529a4b628525208f18e8
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://isc.sans.edu/css/v3.css
Origin
https://isc.sans.edu
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 01:17:18 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
x-cdn
Imperva
x-iinfo
12-51427794-51350036 pNNy RT(1713575836831 1461) q(0 0 0 -1) r(1 1) U12
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
content-length
16148
x-xss-protection
1; mode=block
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Fri, 08 Jul 2022 20:12:59 GMT
server
nc -l -p 80
etag
"3f14-5e350d41e7a2f"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
application/font-sfnt
x-do-not-hack
18 U.S.C. Parag 1030
x-incap-sess-cookie-hdr
rgDQfczjkA1CHQ3KBi4HEZ4XI2YAAAAAt0eY83Gcq58h95d0fe0KnA==
accept-ranges
bytes
open-sans-700.ttf
isc.sans.edu/webfonts/ 		31 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://isc.sans.edu/webfonts/open-sans-700.ttf
Requested by
Host: isc.sans.edu
URL: https://isc.sans.edu/css/v3.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
68151e32200f64f60f412bbc3ccde917a5fadb2f1a464cf7b3b77fd7675e6afc
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://isc.sans.edu/css/v3.css
Origin
https://isc.sans.edu
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 01:17:18 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
x-cdn
Imperva
x-iinfo
12-51427794-51350032 pNNy RT(1713575836831 1462) q(0 0 0 -1) r(1 1) U12
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
content-length
31420
x-xss-protection
1; mode=block
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Fri, 08 Jul 2022 20:12:59 GMT
server
nc -l -p 80
etag
"7abc-5e350d41e4768"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
application/font-sfnt
x-do-not-hack
18 U.S.C. Parag 1030
x-incap-sess-cookie-hdr
MTUzDbExb0JCHQ3KBi4HEZ4XI2YAAAAA/rjevSnA5A053eqH9+ToXA==
accept-ranges
bytes
open-sans-regular.ttf
isc.sans.edu/webfonts/ 		31 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://isc.sans.edu/webfonts/open-sans-regular.ttf
Requested by
Host: isc.sans.edu
URL: https://isc.sans.edu/css/v3.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
18b7e49a6696c5a278ac77eb98149048d0819df63ac265a2cf3abb26914d57c3
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://isc.sans.edu/css/v3.css
Origin
https://isc.sans.edu
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 01:17:18 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
x-cdn
Imperva
x-iinfo
12-51427794-51350039 pNNN RT(1713575836831 1463) q(0 0 0 -1) r(1 1) U12
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
content-length
31380
x-xss-protection
1; mode=block
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Fri, 08 Jul 2022 20:12:59 GMT
server
nc -l -p 80
etag
"7a94-5e350d41e5ed7"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
application/font-sfnt
x-do-not-hack
18 U.S.C. Parag 1030
x-incap-sess-cookie-hdr
Pf5uPszXFUdCHQ3KBi4HEZ4XI2YAAAAAMDslo/3b84Wym1d7K4wDAw==
accept-ranges
bytes
count
isc.sans.edu/api/ 		15 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://isc.sans.edu/api/count?json&r=0.2809108445823414&count=21d66c3b-c067-4c85-b9bc-4b89415553a8&diary=0
Requested by
Host: isc.sans.edu
URL: https://isc.sans.edu/js/diarycount.js?diary=23191
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src https://isc.sans.edu https://snap.licdn.com https://www.youtube.com https://challenges.cloudflare.com 'self' 'unsafe-inline' unsafe-eval;style-src 'self' 'unsafe-inline';img-src 'self' https://isc.sans.edu data:;font-src 'self' data: https://fonts.gstatic.com;media-src 'self' https://traffic.libsyn.com https://hwcdn.libsyn.com https://content.libsyn.com https://chrt.fm/ https://www.dshield.org;object-src 'none';child-src 'self' https://www.sans.org;frame-src 'self' https://www.sans.org https://www.youtube.com https://challenges.cloudflare.com https://www.youtube-nocookie.com;connect-src 'self' https://isc.sans.edu https://www.dshield.org https://api.sans.org;worker-src 'none';frame-ancestors https://isc.sans.edu https://www.dshield.org https://www.sans.org;form-action 'self';manifest-src 'self' https://isc.sans.edu https://feeds.dshield.org;report-uri https://isc.sans.edu/cspreport.html;upgrade-insecure-requests ;block-all-mixed-content
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 01:17:18 GMT
content-security-policy
default-src 'self';script-src https://isc.sans.edu https://snap.licdn.com https://www.youtube.com https://challenges.cloudflare.com 'self' 'unsafe-inline' unsafe-eval;style-src 'self' 'unsafe-inline';img-src 'self' https://isc.sans.edu data:;font-src 'self' data: https://fonts.gstatic.com;media-src 'self' https://traffic.libsyn.com https://hwcdn.libsyn.com https://content.libsyn.com https://chrt.fm/ https://www.dshield.org;object-src 'none';child-src 'self' https://www.sans.org;frame-src 'self' https://www.sans.org https://www.youtube.com https://challenges.cloudflare.com https://www.youtube-nocookie.com;connect-src 'self' https://isc.sans.edu https://www.dshield.org https://api.sans.org;worker-src 'none';frame-ancestors https://isc.sans.edu https://www.dshield.org https://www.sans.org;form-action 'self';manifest-src 'self' https://isc.sans.edu https://feeds.dshield.org;report-uri https://isc.sans.edu/cspreport.html;upgrade-insecure-requests ;block-all-mixed-content
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubdomains; preload
content-encoding
gzip
x-cdn
Imperva
randomness
c3f02169e9852
x-iinfo
12-51427794-51428100 nNYY RT(1713575836831 1464) q(0 0 0 -1) r(0 2) U2
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
x-xss-protection
1; mode=block
pragma
no-cache
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Sat, 20 Apr 2024 01:07:19 +0000
server
nc -l -p 80
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
text/json;charset=UTF-8
access-control-allow-origin
*
x-do-not-hack
18 U.S.C. Parag 1030
cache-control
s-maxage=600
expires
Sat, 20 Apr 2024 01:27:19 +0000
folder.png
isc.sans.edu/images/ 		537 B
695 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://isc.sans.edu/images/folder.png
Requested by
Host: isc.sans.edu
URL: https://isc.sans.edu/css/screen.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
d049b83cadc5ae55a1639837a7653db1def729761f1913ee5dc4e4eb47fbd2a6
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://isc.sans.edu/css/screen.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 01:17:18 GMT
strict-transport-security
max-age=31556926; includeSubDomains
x-content-type-options
nosniff
x-cdn
Imperva
x-iinfo
12-51427794-0 0CNN RT(1713575836831 1465) q(0 -1 -1 -1) r(0 -1)
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
content-length
537
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 17 Mar 2022 13:23:49 GMT
server
nc -l -p 80
etag
"219-5da69f0c06080"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
image/png
x-do-not-hack
18 U.S.C. Parag 1030
cache-control
max-age=2611, public
expires
Sat, 20 Apr 2024 02:00:49 GMT
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
10b325a392531c8e79d4ccaddebcd159fd21ceb66bbb05748a97f16bc4166fa5

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		719 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cc9ae7d497329a5eca73e21429b751949aad15855cd77d1b29f9224b0857eddf

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		506 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b927ed2eff7fca9c6f9224dd8cda6ae9194dd66321cb09474b079fff8caeef60

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
socialIconsFoot.png
isc.sans.edu/img/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://isc.sans.edu/img/socialIconsFoot.png
Requested by
Host: isc.sans.edu
URL: https://isc.sans.edu/css/screen.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
0d5bce91d4a3417998ddf66e306608adaf1ad5c9d8dfadfba2a34798e18ecae5
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://isc.sans.edu/css/screen.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 01:17:18 GMT
strict-transport-security
max-age=31556926; includeSubDomains
x-content-type-options
nosniff
x-cdn
Imperva
x-iinfo
12-51427794-0 0CNN RT(1713575836831 1512) q(0 -1 -1 -1) r(0 -1)
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
content-length
9083
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Sat, 05 Nov 2022 02:07:38 GMT
server
nc -l -p 80
etag
"31f1-5ecafa78d1a71"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
image/png
x-do-not-hack
18 U.S.C. Parag 1030
cache-control
max-age=2567, public
expires
Sat, 20 Apr 2024 02:00:05 GMT
truncated
/ 		778 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5f335fe583fdad5c70b6c71499a736ce7de3e5d40a496ef092cef2e0e331538e

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
clear-sans-medium.ttf
isc.sans.edu/webfonts/ 		306 KB
308 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://isc.sans.edu/webfonts/clear-sans-medium.ttf
Requested by
Host: isc.sans.edu
URL: https://isc.sans.edu/css/v3.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
93677acbadea77e254b491589812f1e218a97adcd10a4957622b8c7a86e14181
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://isc.sans.edu/css/v3.css
Origin
https://isc.sans.edu
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 01:17:19 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
x-cdn
Imperva
x-iinfo
12-51427794-51350032 pNNy RT(1713575836831 1514) q(0 0 0 -1) r(0 0) U12
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
content-length
313308
x-xss-protection
1; mode=block
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Fri, 08 Jul 2022 20:12:59 GMT
server
nc -l -p 80
etag
"4c7dc-5e350d41e10bb"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
application/font-sfnt
x-do-not-hack
18 U.S.C. Parag 1030
x-incap-sess-cookie-hdr
tO8DQOmH12JCHQ3KBi4HEZ4XI2YAAAAABfV3Z97eimH/QK56XKbt9g==
accept-ranges
bytes
cspreport.html
isc.sans.edu/ 		0
203 B 		Other
General
Check archive.org
Download Go to
Full URL
https://isc.sans.edu/cspreport.html
Requested by
Host: isc.sans.edu
URL: https://isc.sans.edu/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=2&cb=1334035036
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sat, 20 Apr 2024 01:17:19 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
x-cdn
Imperva
x-iinfo
12-51427794-51428100 pNNy RT(1713575836831 1646) q(0 0 0 -1) r(1 1) U6
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
content-length
0
x-xss-protection
1; mode=block
x-isc-cdn
6704cb8852
referrer-policy
same-origin
server
nc -l -p 80
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
x-do-not-hack
18 U.S.C. Parag 1030
x-incap-sess-cookie-hdr
T7v2V6WW+zhCHQ3KBi4HEZ4XI2YAAAAAQZiOEyu2u8U0FTT4tghLbg==
iscfavicon.ico
isc.sans.edu/ 		338 B
552 B 		Other
General
Check archive.org
Download Go to
Full URL
https://isc.sans.edu/iscfavicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
240f37af3b36c8382974308019953c3d7dd66784f10a3ec426f46fc9f7aadd09
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 01:17:18 GMT
strict-transport-security
max-age=31556926; includeSubDomains
x-content-type-options
nosniff
x-cdn
Imperva
x-iinfo
12-51427794-0 0CNN RT(1713575836831 1948) q(0 -1 -1 -1) r(0 -1)
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
content-length
338
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 08 Jul 2022 20:12:58 GMT
server
nc -l -p 80
etag
"152-5e350d41b3e14"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
image/vnd.microsoft.icon
x-do-not-hack
18 U.S.C. Parag 1030
cache-control
max-age=2758, public
expires
Sat, 20 Apr 2024 02:03:16 GMT
favicon-32x32.png
isc.sans.edu/ 		338 B
496 B 		Other
General
Check archive.org
Download Go to
Full URL
https://isc.sans.edu/favicon-32x32.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
240f37af3b36c8382974308019953c3d7dd66784f10a3ec426f46fc9f7aadd09
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://isc.sans.edu/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 01:17:18 GMT
strict-transport-security
max-age=31556926; includeSubDomains
x-content-type-options
nosniff
x-cdn
Imperva
x-iinfo
12-51427794-0 0CNN RT(1713575836831 2072) q(0 -1 -1 -1) r(0 -1)
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
content-length
338
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 08 Jul 2022 20:12:58 GMT
server
nc -l -p 80
etag
"152-5e350d41a5b89"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
image/png
x-do-not-hack
18 U.S.C. Parag 1030
cache-control
max-age=2642, public
expires
Sat, 20 Apr 2024 02:01:20 GMT

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| uuidv4 function| getCookie function| setCookie string| uuid object| hljs function| maxarticle function| findGetParameter number| diaryid object| block function| getIpInfo undefined| modal function| openModal function| closeModal function| startSpinner function| stopSpinner function| bindIpModal function| mobileMenu

6 Cookies

Domain/Path Name / Value
.sans.edu/ Name: nlbi_2188750
Value: QPe/I+Lx0yDTFhSVac18PgAAAABMejnmWwdGnSfBHcn3kGzs
.sans.edu/ Name: visid_incap_2188750
Value: rtHb+jtZTQezdPSEmqPsgJwXI2YAAAAAQUIPAAAAAADwO4+AUVQCMTv8Xi9/tsXl
.sans.edu/ Name: incap_ses_1227_2188750
Value: i/WdfzS/szpCHQ3KBi4HEZwXI2YAAAAAALvklkkHo9fbCjo+OZ7WIQ==
isc.sans.edu/ Name: __Secure-dshield
Value: etfosldg70se9ntp4kral18nj7
isc.sans.edu/ Name: sessionhash
Value: c8d0b6e9c9d819bdcc113c5e13bda90d084780477ad506ec9eafe4d172d834c4
isc.sans.edu/ Name: count
Value: 21d66c3b-c067-4c85-b9bc-4b89415553a8

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self';script-src https://isc.sans.edu https://snap.licdn.com https://www.youtube.com https://challenges.cloudflare.com 'self' 'unsafe-inline' unsafe-eval;style-src 'self' 'unsafe-inline';img-src 'self' https://isc.sans.edu data:;font-src 'self' data: https://fonts.gstatic.com;media-src 'self' https://traffic.libsyn.com https://hwcdn.libsyn.com https://content.libsyn.com https://chrt.fm/ https://www.dshield.org;object-src 'none';child-src 'self' https://www.sans.org;frame-src 'self' https://www.sans.org https://www.youtube.com https://challenges.cloudflare.com https://www.youtube-nocookie.com;connect-src 'self' https://isc.sans.edu https://www.dshield.org https://api.sans.org;worker-src 'none';frame-ancestors https://isc.sans.edu https://www.dshield.org https://www.sans.org;form-action 'self';manifest-src 'self' https://isc.sans.edu https://feeds.dshield.org;report-uri https://isc.sans.edu/cspreport.html;upgrade-insecure-requests ;block-all-mixed-content
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

isc.sans.edu
45.60.103.34
0826313b389703d7832daa4d6f3f385d11bb06b8bf17c0bbec6b0de358ed81ae
0d5bce91d4a3417998ddf66e306608adaf1ad5c9d8dfadfba2a34798e18ecae5
0d8261c36240d1c328edc99b1217fed2787d272d6ba0fbb2ab75ec25e89eba18
10b325a392531c8e79d4ccaddebcd159fd21ceb66bbb05748a97f16bc4166fa5
15e2a6aec006e029bcccaf870ab8606a4c03a7ff3df90239ff5cd889ca585a39
18b7e49a6696c5a278ac77eb98149048d0819df63ac265a2cf3abb26914d57c3
1b1f75bdb71b5e29502e79fd1d505e173f54d977f41a9b95ec09f47d10d90b73
23326310dbdd4beeb0b8ef0180b730d3e83e89a2cd00bb1119537a10f2b4a59f
237a3d34ac15c6b445758942f78037848d5a98f9281c5179091f8069fafe0230
240f37af3b36c8382974308019953c3d7dd66784f10a3ec426f46fc9f7aadd09
2e9cc87129db6f454cd3d8f3c92fd5b74341db967dc7a3fda2929d5a90827c79
3e424144af3ce136a83619fbc03d907b75ecb223a8149605ed2f16c2b70cddb2
4395773d4b70c9994c9b6da812c003842ed00153e7e6f7b75973b8f21c87a02d
522ace4616664c6f58c32821e9a0efd24dc2fdba0776727733cabc005773cff2
5678ee6a1f605d6ada6230003a8d9c182869e1f40d02d414b368cc820c9a97b8
5b410c36f42c11a3a17c6bb0627f0d85b7c79b386b3e0d73cc568999020bebb2
5f335fe583fdad5c70b6c71499a736ce7de3e5d40a496ef092cef2e0e331538e
66807e8e108c648c970aeace0886706f8c95c616f036529a4b628525208f18e8
68151e32200f64f60f412bbc3ccde917a5fadb2f1a464cf7b3b77fd7675e6afc
6d3abe8c33ad20ba7bb4d0f8e94b197faba36ccb2cb721b7a1fa39c04b733280
7852fd09fb0977b2943e8206ca24bcc38b14321f78da75d98ef61a46130d9250
93677acbadea77e254b491589812f1e218a97adcd10a4957622b8c7a86e14181
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288
a843e40f27fdf2e31b7e5647fe00812c762dab1708a59c951471f3d8a1986f92
abb60753f5c30c99820f4bbef2e96f2789e20b8a63f39b1b9975185d8e02d627
b2533a8e832118cdbd21009a2f6d50f09f682f632de04ec1a314f3a4e1a3ec47
b565f7dab07d866493477cf4d92c74d6ead408528ef551975fad939cb38d7529
b927ed2eff7fca9c6f9224dd8cda6ae9194dd66321cb09474b079fff8caeef60
bb91fa5868e4874a5afe009fceb1bb7d62bc8dd737884e0f19d21fb7e50185f6
cc9ae7d497329a5eca73e21429b751949aad15855cd77d1b29f9224b0857eddf
cfbcbb1d8837f5a6d702618d25bf25d0dbb2971df59488b8400dfd902bdffc00
d049b83cadc5ae55a1639837a7653db1def729761f1913ee5dc4e4eb47fbd2a6
da5bb005bf56b2d66ce6e7de6e3df42cc7d8289aac6ad4d42cbc05457b5ae7f4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f8e97c36779891ad251153beefb65310c9610d128bd05cb464865a248607ee1c