auth.oclock.school Open in urlscan Pro
35.181.109.109 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://vpn.eddi.cloud/
Effective URL:
https://auth.oclock.school/realms/oclock/protocol/openid-connect/auth?response_type=code&client_id=Vpn-compose&redirect_uri...
Submission: On April 10 via automatic, source certstream-suspicious (April 10th 2024, 1:32:01 pm UTC) — Scanned from FR

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 11 HTTP transactions. The main IP is 35.181.109.109, located in Paris, France and belongs to AMAZON-02, US. The main domain is auth.oclock.school.
TLS certificate: Issued by Amazon RSA 2048 M03 on February 6th 2024. Valid for: a year.

This is the only time auth.oclock.school was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 2	35.181.45.35 35.181.45.35	16509 (AMAZON-02) (AMAZON-02)
9	35.181.109.109 35.181.109.109	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
11	3

2 35.181.45.35 (Paris, France) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-181-45-35.eu-west-3.compute.amazonaws.com

vpn.eddi.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 35.181.109.109 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-181-109-109.eu-west-3.compute.amazonaws.com

auth.oclock.school	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	oclock.school auth.oclock.school	47 KB
2	eddi.cloud 2 redirects vpn.eddi.cloud	468 B
1	gstatic.com fonts.gstatic.com	46 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 116	1 KB
11	4

	Domain	Requested by
9	auth.oclock.school	auth.oclock.school
2	vpn.eddi.cloud	2 redirects
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	auth.oclock.school
11	4

This site contains no links.

Subject Issuer	Validity	Valid
auth.oclock.school Amazon RSA 2048 M03	`2024-02-06` - `2025-03-07`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://auth.oclock.school/realms/oclock/protocol/openid-connect/auth?response_type=code&client_id=Vpn-compose&redirect_uri=http%3A%2F%2Fvpn.eddi.cloud%2Fauthorize&scope=openid+email+profile&state=CrbMyyxa3ZJuIibFivnRKQXWHP0gn2&nonce=l0yjEeneqyi8bVVWEOZv
Frame ID: EC37607BCEB244D8E5E1A07B9CEFA72C
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Connection - Oclock

Page URL History Show full URLs

https://vpn.eddi.cloud/ HTTP 302
https://vpn.eddi.cloud/login?next=http%3A%2F%2Fvpn.eddi.cloud%2F HTTP 302
https://auth.oclock.school/realms/oclock/protocol/openid-connect/auth?response_type=code&client_id=Vpn-... Page URL

Page Statistics

11
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

94 kB
Transfer

111 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://vpn.eddi.cloud/ HTTP 302
https://vpn.eddi.cloud/login?next=http%3A%2F%2Fvpn.eddi.cloud%2F HTTP 302
https://auth.oclock.school/realms/oclock/protocol/openid-connect/auth?response_type=code&client_id=Vpn-compose&redirect_uri=http%3A%2F%2Fvpn.eddi.cloud%2Fauthorize&scope=openid+email+profile&state=CrbMyyxa3ZJuIibFivnRKQXWHP0gn2&nonce=l0yjEeneqyi8bVVWEOZv Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request auth Show response
auth.oclock.school/realms/oclock/protocol/openid-connect/
Redirect Chain

https://vpn.eddi.cloud/
https://vpn.eddi.cloud/login?next=http%3A%2F%2Fvpn.eddi.cloud%2F
https://auth.oclock.school/realms/oclock/protocol/openid-connect/auth?response_type=code&client_id=Vpn-compose&redirect_uri=http%3A%2F%2Fvpn.eddi.cloud%2Fauthorize&scope=openid+email+profile&state=...

6 KB
7 KB

137ms
22ms

Document
text/html

35.181.109.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.oclock.school/realms/oclock/protocol/openid-connect/auth?response_type=code&client_id=Vpn-compose&redirect_uri=http%3A%2F%2Fvpn.eddi.cloud%2Fauthorize&scope=openid+email+profile&state=CrbMyyxa3ZJuIibFivnRKQXWHP0gn2&nonce=l0yjEeneqyi8bVVWEOZv

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.181.109.109 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-181-109-109.eu-west-3.compute.amazonaws.com

Software

Resource Hash

26121dcfb65da0ea3f35644b28ac2be80f2b7e2d2db1c8b6889b8d6c6b34d3f0

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self'; frame-ancestors 'self'; object-src 'none';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: fr-FR,fr;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cache-control: no-store, must-revalidate, max-age=0
content-language: en
content-length: 6263
content-security-policy: frame-src 'self'; frame-ancestors 'self'; object-src 'none';
content-type: text/html;charset=utf-8
date: Wed, 10 Apr 2024 13:31:57 GMT
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-robots-tag: none
x-xss-protection: 1; mode=block

Redirect headers

alt-svc: h3=":443"; ma=2592000
content-length: 735
content-type: text/html; charset=utf-8
date: Wed, 10 Apr 2024 13:31:57 GMT
location: https://auth.oclock.school/realms/oclock/protocol/openid-connect/auth?response_type=code&client_id=Vpn-compose&redirect_uri=http%3A%2F%2Fvpn.eddi.cloud%2Fauthorize&scope=openid+email+profile&state=CrbMyyxa3ZJuIibFivnRKQXWHP0gn2&nonce=l0yjEeneqyi8bVVWEOZv
server: Caddy Werkzeug/3.0.1 Python/3.12.3
vary: Cookie

GET
H2 200 reset.css
auth.oclock.school/resources/f2aju/login/oclock/css/ 3 KB
1 KB 27ms
26ms Stylesheet
text/css 35.181.109.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.oclock.school/resources/f2aju/login/oclock/css/reset.css

Requested by

Host: auth.oclock.school
URL: https://auth.oclock.school/realms/oclock/protocol/openid-connect/auth?response_type=code&client_id=Vpn-compose&redirect_uri=http%3A%2F%2Fvpn.eddi.cloud%2Fauthorize&scope=openid+email+profile&state=CrbMyyxa3ZJuIibFivnRKQXWHP0gn2&nonce=l0yjEeneqyi8bVVWEOZv

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.181.109.109 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-181-109-109.eu-west-3.compute.amazonaws.com

Software

Resource Hash

54133ff3cfcc88755637476e549e3077a348d1f4ca5d91512838d2ae927cc5a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language: fr-FR,fr;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 10 Apr 2024 13:31:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
content-encoding: gzip
content-type: text/css;charset=UTF-8
cache-control: max-age=2592000
content-length: 1141
x-xss-protection: 1; mode=block

GET
H2 200 styles.css
auth.oclock.school/resources/f2aju/login/oclock/css/ 7 KB
2 KB 21ms
20ms Stylesheet
text/css 35.181.109.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.oclock.school/resources/f2aju/login/oclock/css/styles.css

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.181.109.109 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-181-109-109.eu-west-3.compute.amazonaws.com

Software

Resource Hash

a76eb080cfcded020ab0e7e2ba113515b593bd7663ab8a7a80fd89d3ef4f227d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language: fr-FR,fr;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 10 Apr 2024 13:31:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
content-encoding: gzip
content-type: text/css;charset=UTF-8
cache-control: max-age=2592000
content-length: 2071
x-xss-protection: 1; mode=block

GET
H2 200 password-validation.js Show response
auth.oclock.school/resources/f2aju/login/oclock/js/ 3 KB
1 KB 22ms
22ms Script
text/javascript 35.181.109.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.oclock.school/resources/f2aju/login/oclock/js/password-validation.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.181.109.109 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-181-109-109.eu-west-3.compute.amazonaws.com

Software

Resource Hash

bcc3f8543700811e069b7f27f0103b41973560b91fa00915f62903d5d1122980

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language: fr-FR,fr;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 10 Apr 2024 13:31:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
content-encoding: gzip
content-type: text/javascript;charset=UTF-8
cache-control: max-age=2592000
content-length: 1257
x-xss-protection: 1; mode=block

GET
H2 200 toast-error.js Show response
auth.oclock.school/resources/f2aju/login/oclock/js/ 1 KB
771 B 31ms
30ms Script
text/javascript 35.181.109.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.oclock.school/resources/f2aju/login/oclock/js/toast-error.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.181.109.109 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-181-109-109.eu-west-3.compute.amazonaws.com

Software

Resource Hash

eda166ea45292661b25df1f0f54777fd3ac0f995da45ea679846dc71a8b5b977

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language: fr-FR,fr;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 10 Apr 2024 13:31:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
content-encoding: gzip
content-type: text/javascript;charset=UTF-8
cache-control: max-age=2592000
content-length: 534
x-xss-protection: 1; mode=block

GET
H2 200 logo.svg
auth.oclock.school/resources/f2aju/login/oclock/img/ 2 KB
1 KB 21ms
21ms Image
image/svg+xml 35.181.109.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://auth.oclock.school/resources/f2aju/login/oclock/img/logo.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.181.109.109 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-181-109-109.eu-west-3.compute.amazonaws.com

Software

Resource Hash

b89810213f8f6a2bd9759046f5af8c64d9a5bc60187e21ac9703fa7b351f11bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language: fr-FR,fr;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 10 Apr 2024 13:31:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
content-encoding: gzip
content-type: image/svg+xml
cache-control: max-age=2592000
content-length: 980
x-xss-protection: 1; mode=block

GET
H2 200 css2
fonts.googleapis.com/ 7 KB
1 KB 97ms
37ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Inter:wght@500;600;700&display=swap

Requested by

Host: auth.oclock.school
URL: https://auth.oclock.school/resources/f2aju/login/oclock/css/styles.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a78993e0a66057d523122f4fcecbb681c566e5281ef2897a3d9939498705566e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language: fr-FR,fr;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Wed, 10 Apr 2024 13:31:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 10 Apr 2024 12:10:13 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 10 Apr 2024 13:31:57 GMT

GET
H2 200 UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v13/ 46 KB
46 KB 85ms
26ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@500;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fonts.googleapis.com/
Origin: https://auth.oclock.school
accept-language: fr-FR,fr;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 06 Apr 2024 15:53:06 GMT
x-content-type-options: nosniff
age: 337131
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46704
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 06 Apr 2025 15:53:06 GMT

GET
H2 404 oclock-bold
auth.oclock.school/resources/f2aju/login/oclock/fonts/ 0
0 24ms
23ms Font
text/plain 35.181.109.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.oclock.school/resources/f2aju/login/oclock/fonts/oclock-bold

Requested by

Host: auth.oclock.school
URL: https://auth.oclock.school/resources/f2aju/login/oclock/css/styles.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.181.109.109 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-181-109-109.eu-west-3.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Origin: https://auth.oclock.school
accept-language: fr-FR,fr;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 10 Apr 2024 13:31:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
content-length: 0
x-xss-protection: 1; mode=block

GET
H2 200 oclock-bold.woff
auth.oclock.school/resources/f2aju/login/oclock/fonts/ 32 KB
32 KB 20ms
20ms Font
application/octet-stream 35.181.109.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.oclock.school/resources/f2aju/login/oclock/fonts/oclock-bold.woff

Requested by

Host: auth.oclock.school
URL: https://auth.oclock.school/resources/f2aju/login/oclock/css/styles.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.181.109.109 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-181-109-109.eu-west-3.compute.amazonaws.com

Software

Resource Hash

5686386743090ba7a6e2dd38c4a4d72d1de49e9df197d04fc998587e26f366b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Origin: https://auth.oclock.school
accept-language: fr-FR,fr;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 10 Apr 2024 13:31:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
content-encoding: gzip
content-type: application/octet-stream
cache-control: max-age=2592000
x-xss-protection: 1; mode=block

GET
H2 200 favicon.ico
auth.oclock.school/resources/f2aju/login/oclock/img/ 4 KB
733 B 21ms
21ms Other
application/octet-stream 35.181.109.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.oclock.school/resources/f2aju/login/oclock/img/favicon.ico

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.181.109.109 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-181-109-109.eu-west-3.compute.amazonaws.com

Software

Resource Hash

869ec9496f3722236c9dfce71d8ab29b6ef7514c23db62db9e551136ebeda9ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language: fr-FR,fr;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 10 Apr 2024 13:31:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
content-encoding: gzip
content-type: application/octet-stream
cache-control: max-age=2592000
content-length: 501
x-xss-protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
auth.oclock.school/realms/oclock/	1969-12-31 23:59:59	Name: AUTH_SESSION_ID_LEGACY Value: 8fba5a7f-6d8c-4cae-9c00-b6ca536b9990.keycloak-school-13571
auth.oclock.school/realms/oclock/	1969-12-31 23:59:59	Name: AUTH_SESSION_ID Value: 8fba5a7f-6d8c-4cae-9c00-b6ca536b9990.keycloak-school-13571
auth.oclock.school/realms/oclock/	1969-12-31 23:59:59	Name: KC_RESTART Value: eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI5YTVlNmRiNC1iNDYwLTQxZmMtODEyZC1jYzlhMzFhYjRjNGEifQ.eyJjaWQiOiJWcG4tY29tcG9zZSIsInB0eSI6Im9wZW5pZC1jb25uZWN0IiwicnVyaSI6Imh0dHA6Ly92cG4uZWRkaS5jbG91ZC9hdXRob3JpemUiLCJhY3QiOiJBVVRIRU5USUNBVEUiLCJub3RlcyI6eyJzY29wZSI6Im9wZW5pZCBlbWFpbCBwcm9maWxlIiwiaXNzIjoiaHR0cHM6Ly9hdXRoLm9jbG9jay5zY2hvb2wvcmVhbG1zL29jbG9jayIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwicmVkaXJlY3RfdXJpIjoiaHR0cDovL3Zwbi5lZGRpLmNsb3VkL2F1dGhvcml6ZSIsInN0YXRlIjoiQ3JiTXl5eGEzWkp1SWliRml2blJLUVhXSFAwZ24yIiwibm9uY2UiOiJsMHlqRWVuZXF5aThiVlZXRU9adiJ9fQ.XV_yUFslFCLOpIdKdPpSil6v7i7XHcXtJvJzrQbhgJQ

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://auth.oclock.school/resources/f2aju/login/oclock/fonts/oclock-bold Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-src 'self'; frame-ancestors 'self'; object-src 'none';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

auth.oclock.school
fonts.googleapis.com
fonts.gstatic.com
vpn.eddi.cloud
2a00:1450:4001:800::2003
2a00:1450:4001:806::200a
35.181.109.109
35.181.45.35
26121dcfb65da0ea3f35644b28ac2be80f2b7e2d2db1c8b6889b8d6c6b34d3f0
54133ff3cfcc88755637476e549e3077a348d1f4ca5d91512838d2ae927cc5a7
5686386743090ba7a6e2dd38c4a4d72d1de49e9df197d04fc998587e26f366b8
869ec9496f3722236c9dfce71d8ab29b6ef7514c23db62db9e551136ebeda9ab
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
a76eb080cfcded020ab0e7e2ba113515b593bd7663ab8a7a80fd89d3ef4f227d
a78993e0a66057d523122f4fcecbb681c566e5281ef2897a3d9939498705566e
b89810213f8f6a2bd9759046f5af8c64d9a5bc60187e21ac9703fa7b351f11bd
bcc3f8543700811e069b7f27f0103b41973560b91fa00915f62903d5d1122980
eda166ea45292661b25df1f0f54777fd3ac0f995da45ea679846dc71a8b5b977

auth.oclock.school Open in urlscan Pro 35.181.109.109 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

11 Requests

100 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

3 IPs

2 Countries

94 kBTransfer

111 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

3 Cookies

1 Console Messages

Security Headers

Indicators

auth.oclock.school Open in urlscan Pro
35.181.109.109 Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

94 kB
Transfer

111 kB
Size

3
Cookies

11 HTTP transactions
0 data transactions