Report - 40.124.116.28/moodle/mylogin/index.php

Report Overview

Submitted URL
40.124.116.28/moodle/mylogin/index.php
IP
40.124.116.28
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted
2024-05-02 11:03:53
Access
public
Website Title
Campus Virtual - Unimetro
Final URL
40.124.116.28/moodle/mylogin/index.php
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
28

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-02	450 B	6.7 kB	142.250.74.106
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-05-01	512 B	1.2 kB	35.244.181.201
40.124.116.28	unknown	unknown	No data	No data	5.5 kB	7.2 MB	40.124.116.28
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-05-01	423 B	44 kB	104.17.24.14
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2024-05-01	1.0 kB	101 kB	151.101.193.229
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-02	515 B	17 kB	216.58.207.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-02	medium	40.124.116.28	Sinkholed
2024-05-02	medium	40.124.116.28	Sinkholed
2024-05-02	medium	40.124.116.28	Sinkholed
2024-05-02	medium	40.124.116.28	Sinkholed
2024-05-02	medium	40.124.116.28	Sinkholed
2024-05-02	medium	40.124.116.28	Sinkholed
2024-05-02	medium	40.124.116.28	Sinkholed
2024-05-02	medium	40.124.116.28	Sinkholed
2024-05-02	medium	40.124.116.28	Sinkholed
2024-05-02	medium	40.124.116.28	Sinkholed
2024-05-02	medium	40.124.116.28	Sinkholed
2024-05-02	medium	40.124.116.28	Sinkholed
2024-05-02	medium	40.124.116.28	Sinkholed
2024-05-02	medium	40.124.116.28	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	40.124.116.28/moodle/mylogin/sweetalert2/sweetalert2.all.js	98 kB	2023-11-08	2024-05-02
Pretty URL 40.124.116.28/moodle/mylogin/sweetalert2/sweetalert2.all.js IP 40.124.116.28 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-08 14:02:19 Last Seen2024-05-02 13:04:00 Times Seen10 Hash 098c7edd8dda74ec13a3a944c913a73c d80addcd438d9fe00e6faafa0867f11a93656129 367ffc0628d8c1ee17454ea8d4d7cee02af580cfe86c574aea7a8c1b139df83d Loading...

	cdnjs.cloudflare.com/ajax/libs/core-js/2.4.1/core.js	238 kB	2023-04-06	2024-05-04
Pretty URL cdnjs.cloudflare.com/ajax/libs/core-js/2.4.1/core.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-06 20:50:55 Last Seen2024-05-04 01:21:30 Times Seen84 Hash fca0758c52ee56804886c2b45f20757a 525e539330ffe5bf1d99ef2b18fef91f7cb61441 ca78b5f40124e144c90a82cdd1b91b912a78f452883b9505775f909d6a12638d Loading...

	40.124.116.28/moodle/mylogin/index.php	663 B	2024-05-02	2024-05-02
Pretty URL 40.124.116.28/moodle/mylogin/index.php IP 40.124.116.28 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-02 13:04:00 Last Seen2024-05-02 13:04:00 Times Seen1 Hash b21c8291c52f4a5006e6388233116035 22d935448b0a61d0db0cc9e1a59c4f49c1f07349 464ced1638a7a05a1e982c222bd71664610d30e3870747a2550760ba2b867866 Loading...

	40.124.116.28/moodle/mylogin/js/bootstrap.bundle.min.js	78 kB	2023-03-07	2024-05-16
Pretty URL 40.124.116.28/moodle/mylogin/js/bootstrap.bundle.min.js IP 40.124.116.28 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:30:15 Last Seen2024-05-16 19:11:40 Times Seen1038 Hash 715756e65b9ff107f4cf927e3e8bbf76 f52210379974496514e24aeb07ecb6ef259063f6 2aebc2552d7dadf4e3a0b80cc830c274e91146584dad8e29b04338b9ecedb363 Loading...

HTTP Transactions (20)

URL IP Response Size

40.124.116.28/moodle/mylogin/index.php

40.124.116.28

3.1 kB

URL User Request GET
40.124.116.28/moodle/mylogin/index.php
IP
40.124.116.28:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Size
3.1 kB (3144 bytes)
Hash
04a6e32e568a0010c3a7535f00188e25
85dd4d0cd4c8bc35937118ab6ba59d50a23db5e6
148e4a5a038940d3ca1704158d25db1279d994bcb39f781a27dba41f40e5a19d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/mylogin/index.php HTTP/1.1
Host: 40.124.116.28
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 May 2024 11:03:26 GMT
Server: Apache/2.4.59 (Debian)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3144
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

cdnjs.cloudflare.com/ajax/libs/core-js/2.4.1/core.js

104.17.24.14

200 OK

43 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/core-js/2.4.1/core.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
http://40.124.116.28/moodle/mylogin/index.php
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text
Size
43 kB (42723 bytes)
Hash
2740efccb43a18e34c46da36e50013fa
1238a5aac7b63e50d79ce94f04ca3a0e329d501b
2c8bdcebfbe4caf87727b3c56442dc41a790ac80a071c4d67374f2f9bd9e2b43

HTTP Headers

GET /ajax/libs/core-js/2.4.1/core.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://40.124.116.28/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 May 2024 11:03:27 GMT
content-type: application/javascript; charset=utf-8
content-length: 42723
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e2d-3a1e2"
last-modified: Mon, 04 May 2020 16:09:17 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 46543
expires: Tue, 22 Apr 2025 11:03:27 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wukT0k70wFQY4VJUgtlML2JVYy5uDT2m%2BwbwGuS88zNLbbLj7MVU3dtjMbESmZZmJTEQ%2Fa47E2Frjd7n%2Bn%2FYc14%2FkBYL%2FlWg1b8UVJmxjSNhuOT373xE9aQ5ku7jn3ogepTKWvos"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87d7865acc335688-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/bootstrap-icons.css

151.101.193.229

200 OK

8.8 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/bootstrap-icons.css
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
http://40.124.116.28/moodle/mylogin/index.php
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text
Size
8.8 kB (8770 bytes)
Hash
ea83ae92c684331d2096c4d3306a04de
1865dddcbb7b67dcef4250e590cc9a9574aba673
3c325075337b768950583012228055ae392e384688d77ec5235e6ca88dcec6ef

HTTP Headers

GET /npm/bootstrap-icons@1.5.0/font/bootstrap-icons.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://40.124.116.28/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 1.5.0
x-jsd-version-type: version
etag: W/"100a0-GGXd3Lt7Z9zvQlDlkMyalXSrpnM"
content-encoding: br
accept-ranges: bytes
date: Thu, 02 May 2024 11:03:27 GMT
age: 6566328
x-served-by: cache-fra-etou8220126-FRA, cache-hel1410024-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 8770
X-Firefox-Spdy: h2

40.124.116.28/moodle/mylogin/css/app.css

40.124.116.28

200 OK

906 B

URL GET HTTP/1.1
40.124.116.28/moodle/mylogin/css/app.css
IP
40.124.116.28:80
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
http://40.124.116.28/moodle/mylogin/index.php

File type
ASCII text
Size
906 B (906 bytes)
Hash
d24a2ffa6ddc988793c75d7e5bd965da
a4fd4d1f7562858ff30d846afd32b76ffc36ed2f
7fc8aab7dd930484cfd93a04ebcf505512b8c226ffa83346db939bd10f3d1624

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/mylogin/css/app.css HTTP/1.1
Host: 40.124.116.28
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://40.124.116.28/moodle/mylogin/index.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 May 2024 11:03:27 GMT
Server: Apache/2.4.59 (Debian)
Last-Modified: Sun, 21 Aug 2022 02:29:22 GMT
ETag: "99a-5e6b7195d8561-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 906
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

40.124.116.28/moodle/mylogin/css/bootstrap.min.css

40.124.116.28

200 OK

24 kB

URL GET HTTP/1.1
40.124.116.28/moodle/mylogin/css/bootstrap.min.css
IP
40.124.116.28:80
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
http://40.124.116.28/moodle/mylogin/index.php

File type
Unicode text, UTF-8 text, with very long lines (65306)
Size
24 kB (23894 bytes)
Hash
e451b87914db6243b6afa3c5e484ec16
396f51b333ff6f0926f6e67ad6e6c9c69bea7b31
cfc391e34328c09f0680ae8ff3d63e86224ae7e71c973147ccb84540b2fdd9b8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/mylogin/css/bootstrap.min.css HTTP/1.1
Host: 40.124.116.28
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://40.124.116.28/moodle/mylogin/index.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 May 2024 11:03:27 GMT
Server: Apache/2.4.59 (Debian)
Last-Modified: Sun, 21 Aug 2022 02:29:22 GMT
ETag: "27ba0-5e6b7195d8561-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 23894
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

40.124.116.28/moodle/mylogin/sweetalert2/sweetalert2.all.js

40.124.116.28

200 OK

18 kB

URL GET HTTP/1.1
40.124.116.28/moodle/mylogin/sweetalert2/sweetalert2.all.js
IP
40.124.116.28:80
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
http://40.124.116.28/moodle/mylogin/index.php

File type
JavaScript source, ASCII text, with very long lines (37263), with CRLF line terminators
Size
18 kB (18464 bytes)
Hash
098c7edd8dda74ec13a3a944c913a73c
d80addcd438d9fe00e6faafa0867f11a93656129
367ffc0628d8c1ee17454ea8d4d7cee02af580cfe86c574aea7a8c1b139df83d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/mylogin/sweetalert2/sweetalert2.all.js HTTP/1.1
Host: 40.124.116.28
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://40.124.116.28/moodle/mylogin/index.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 May 2024 11:03:27 GMT
Server: Apache/2.4.59 (Debian)
Last-Modified: Sun, 21 Aug 2022 02:29:22 GMT
ETag: "17fdd-5e6b7195df2c3-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 18464
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

40.124.116.28/moodle/mylogin/js/bootstrap.bundle.min.js

40.124.116.28

200 OK

22 kB

URL GET HTTP/1.1
40.124.116.28/moodle/mylogin/js/bootstrap.bundle.min.js
IP
40.124.116.28:80
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
http://40.124.116.28/moodle/mylogin/index.php

File type
JavaScript source, ASCII text, with very long lines (65299)
Size
22 kB (22488 bytes)
Hash
715756e65b9ff107f4cf927e3e8bbf76
f52210379974496514e24aeb07ecb6ef259063f6
2aebc2552d7dadf4e3a0b80cc830c274e91146584dad8e29b04338b9ecedb363

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/mylogin/js/bootstrap.bundle.min.js HTTP/1.1
Host: 40.124.116.28
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://40.124.116.28/moodle/mylogin/index.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 May 2024 11:03:27 GMT
Server: Apache/2.4.59 (Debian)
Last-Modified: Sun, 21 Aug 2022 02:29:22 GMT
ETag: "13284-5e6b7195df2c3-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 22488
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

40.124.116.28/moodle/mylogin/img/Principal/Logo-Universidad-metropolitana.png

40.124.116.28

200 OK

13 kB

URL GET HTTP/1.1
40.124.116.28/moodle/mylogin/img/Principal/Logo-Universidad-metropolitana.png
IP
40.124.116.28:80
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
http://40.124.116.28/moodle/mylogin/index.php

File type
PNG image data, 480 x 81, 8-bit/color RGBA, interlaced
Size
13 kB (12582 bytes)
Hash
d9162687ecace775ae67b017c49ff0a0
b0296e11dcb0dc5bc5a206f49fe0675af7a4705c
6e409c69ecc75e766cd40e6fa4dba2bd23d63d6f4dc50c38a5785828a462f650

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/mylogin/img/Principal/Logo-Universidad-metropolitana.png HTTP/1.1
Host: 40.124.116.28
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://40.124.116.28/moodle/mylogin/index.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 May 2024 11:03:27 GMT
Server: Apache/2.4.59 (Debian)
Last-Modified: Sun, 21 Aug 2022 02:29:22 GMT
ETag: "3126-5e6b7195dd382"
Accept-Ranges: bytes
Content-Length: 12582
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/fonts/bootstrap-icons.woff2?856008caa5eb66df68595e734e59580d

151.101.193.229

200 OK

90 kB

URL GET HTTP/3
cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/fonts/bootstrap-icons.woff2?856008caa5eb66df68595e734e59580d
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
http://40.124.116.28/moodle/mylogin/index.php
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
Web Open Font Format (Version 2), TrueType, length 90528, version 1.0
Size
90 kB (90528 bytes)
Hash
e07b538aa51b6fa77f32828af21cb591
4649877868a0068ce50b105d0d2a235e8010c98f
76506e128f2b47b7179f5037bd885a1674455ffeb6b5093cdb4c7eefbf436ce8

HTTP Headers

GET /npm/bootstrap-icons@1.5.0/font/fonts/bootstrap-icons.woff2?856008caa5eb66df68595e734e59580d HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://40.124.116.28
DNT: 1
Connection: keep-alive
Referer: https://cdn.jsdelivr.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-length: 90528
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff2
x-jsd-version: 1.5.0
x-jsd-version-type: version
etag: W/"161a0-RkmHeGigBozlCxBdDSojXoAQyY8"
accept-ranges: bytes
date: Thu, 02 May 2024 11:03:27 GMT
age: 4276863
x-served-by: cache-fra-eddf8230031-FRA, cache-hel1410030-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
http://40.124.116.28/moodle/mylogin/index.php
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint93:EC:35:60:8A:5B:23:EA:C0:36:D7:AE:03:0C:C3:77:17:5A:20:33
ValidityMon, 08 Apr 2024 07:31:57 GMT - Mon, 01 Jul 2024 07:31:56 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://40.124.116.28
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:01:10 GMT
expires: Fri, 02 May 2025 02:01:10 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 32537
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

40.124.116.28/moodle/mylogin/img/Principal/SegundoParcial2024-1.jpg

40.124.116.28

200 OK

799 kB

URL GET HTTP/1.1
40.124.116.28/moodle/mylogin/img/Principal/SegundoParcial2024-1.jpg
IP
40.124.116.28:80
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
http://40.124.116.28/moodle/mylogin/index.php

File type
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1899x765, components 3
Size
799 kB (798561 bytes)
Hash
65fa027e577e51b3d4128adef7de5fa2
ae210e7b84c560a7f4886441c321749add5f52db
2ca463da8f0c59d878c4c75b693112a8f41bb0bb54671ec11b9de62810043a2e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/mylogin/img/Principal/SegundoParcial2024-1.jpg HTTP/1.1
Host: 40.124.116.28
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://40.124.116.28/moodle/mylogin/index.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 May 2024 11:03:27 GMT
Server: Apache/2.4.59 (Debian)
Last-Modified: Mon, 05 Feb 2024 22:14:28 GMT
ETag: "c2f61-610a9c904e520"
Accept-Ranges: bytes
Content-Length: 798561
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/jpeg

fonts.googleapis.com/css2?family=Roboto:wght@400;900&display=swap

142.250.74.106

200 OK

6.1 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Roboto:wght@400;900&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
http://40.124.116.28/moodle/mylogin/index.php
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint5F:6D:48:87:16:89:1E:A5:57:29:92:8B:34:BD:F2:92:0C:7F:F2:50
ValidityMon, 08 Apr 2024 07:32:03 GMT - Mon, 01 Jul 2024 07:32:02 GMT

File type
gzip compressed data, max compression
Size
6.1 kB (6085 bytes)
Hash
45072fc3fcdab20aac39c51cc2176446
27eb379ad5e1bfb16d80bb942fefb105e51c8443
e0a8a695a2e3da6707afde860a8ba3d0289a1b882377361ca719f988e67defcb

HTTP Headers

GET /css2?family=Roboto:wght@400;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://40.124.116.28/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 02 May 2024 11:03:27 GMT
date: Thu, 02 May 2024 11:03:27 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

40.124.116.28/moodle/mylogin/img/saberpro2024-1.jpg

40.124.116.28

200 OK

1.9 MB

URL GET HTTP/1.1
40.124.116.28/moodle/mylogin/img/saberpro2024-1.jpg
IP
40.124.116.28:80
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
http://40.124.116.28/moodle/mylogin/index.php

File type
JPEG image data, progressive, precision 8, 1920x793, components 3
Size
1.9 MB (1871953 bytes)
Hash
74e957bed4acb1c9cc601fd168278249
1b1cc9cf886fbaec17109f31c234b6e2e3c97053
cf6e2cce0fd9cfb975a56fef72efb3a20e05f349cd6ff4f01f345280112653ef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/mylogin/img/saberpro2024-1.jpg HTTP/1.1
Host: 40.124.116.28
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://40.124.116.28/moodle/mylogin/index.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 May 2024 11:03:27 GMT
Server: Apache/2.4.59 (Debian)
Last-Modified: Fri, 01 Mar 2024 15:45:00 GMT
ETag: "1c9051-6129b42355d2b"
Accept-Ranges: bytes
Content-Length: 1871953
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/jpeg

40.124.116.28/moodle/mylogin/img/Principal/Pasos-de-ingreso-al-campus.png

40.124.116.28

200 OK

535 kB

URL GET HTTP/1.1
40.124.116.28/moodle/mylogin/img/Principal/Pasos-de-ingreso-al-campus.png
IP
40.124.116.28:80
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
http://40.124.116.28/moodle/mylogin/index.php

File type
PNG image data, 1920 x 793, 8-bit/color RGB, non-interlaced
Size
535 kB (535219 bytes)
Hash
33522997a76a5129d9a63a3fe0efdc6c
64a49b0b792377e60d6b1b0ec4e4aa9181a4298d
37e9a38a1dd94e317bad78035ced44d20685347cad610802b4be33afb2de6362

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/mylogin/img/Principal/Pasos-de-ingreso-al-campus.png HTTP/1.1
Host: 40.124.116.28
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://40.124.116.28/moodle/mylogin/index.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 May 2024 11:03:27 GMT
Server: Apache/2.4.59 (Debian)
Last-Modified: Sun, 21 Aug 2022 02:29:22 GMT
ETag: "82ab3-5e6b7195dd382"
Accept-Ranges: bytes
Content-Length: 535219
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

40.124.116.28/moodle/mylogin/img/Principal/banner-principal.png

40.124.116.28

200 OK

1.3 MB

URL GET HTTP/1.1
40.124.116.28/moodle/mylogin/img/Principal/banner-principal.png
IP
40.124.116.28:80
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
http://40.124.116.28/moodle/mylogin/index.php

File type
PNG image data, 1920 x 793, 8-bit/color RGB, non-interlaced
Size
1.3 MB (1326034 bytes)
Hash
5796c4d7ad7ecab13bb5ff83cb1747f6
321b3b3e2c7d29d9d7e8e0a6b4eea7faba024002
72da2d96c839e3a759dd083c1d89b7eb5d8c9636999e1319f761dfa710d78637

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/mylogin/img/Principal/banner-principal.png HTTP/1.1
Host: 40.124.116.28
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://40.124.116.28/moodle/mylogin/index.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 May 2024 11:03:27 GMT
Server: Apache/2.4.59 (Debian)
Last-Modified: Sun, 21 Aug 2022 02:29:22 GMT
ETag: "143bd2-5e6b7195dc3e2"
Accept-Ranges: bytes
Content-Length: 1326034
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

40.124.116.28/moodle/mylogin/img/modulos/calendario.jpg

40.124.116.28

200 OK

462 kB

URL GET HTTP/1.1
40.124.116.28/moodle/mylogin/img/modulos/calendario.jpg
IP
40.124.116.28:80
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
http://40.124.116.28/moodle/mylogin/index.php

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 6000x4000, components 3
Size
462 kB (462062 bytes)
Hash
4ec617777833694b4b8f06136efb974e
8192dbb8d00ebb352c4ad8204f0c71851f61521c
4472fa647989e73ceab962739e68f616b921265d88c8a13db53ff665a2ef72ec

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/mylogin/img/modulos/calendario.jpg HTTP/1.1
Host: 40.124.116.28
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://40.124.116.28/moodle/mylogin/index.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 May 2024 11:03:28 GMT
Server: Apache/2.4.59 (Debian)
Last-Modified: Sun, 21 Aug 2022 02:29:22 GMT
ETag: "70cee-5e6b7195d9501"
Accept-Ranges: bytes
Content-Length: 462062
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg

40.124.116.28/moodle/mylogin/img/modulos/video-tutoriales.jpg

40.124.116.28

200 OK

703 kB

URL GET HTTP/1.1
40.124.116.28/moodle/mylogin/img/modulos/video-tutoriales.jpg
IP
40.124.116.28:80
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
http://40.124.116.28/moodle/mylogin/index.php

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 4164x2780, components 3
Size
703 kB (703310 bytes)
Hash
38d4b2c35017a345fff62a5153d6ae66
ad5cc0c23e309c91e2341493cc17e333e84cc225
79fbcc06d8db3fd727bf3b049aee8d245a058fb4ad294994ffec8ccad1d2ea89

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/mylogin/img/modulos/video-tutoriales.jpg HTTP/1.1
Host: 40.124.116.28
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://40.124.116.28/moodle/mylogin/index.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 May 2024 11:03:27 GMT
Server: Apache/2.4.59 (Debian)
Last-Modified: Sun, 21 Aug 2022 02:29:22 GMT
ETag: "abb4e-5e6b7195d9501"
Accept-Ranges: bytes
Content-Length: 703310
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/jpeg

40.124.116.28/moodle/mylogin/img/modulos/electivas.jpg

40.124.116.28

200 OK

1.4 MB

URL GET HTTP/1.1
40.124.116.28/moodle/mylogin/img/modulos/electivas.jpg
IP
40.124.116.28:80
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
http://40.124.116.28/moodle/mylogin/index.php

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 6000x4000, components 3
Size
1.4 MB (1433541 bytes)
Hash
b7c3a5296a53cc637e18cbd6fef26917
a8d662469a655258c0ba2bdbaf8e882423102c39
578a471b303e9732a9668261582bda9aaf60d552aaa63454fb60fa6cff524a49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/mylogin/img/modulos/electivas.jpg HTTP/1.1
Host: 40.124.116.28
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://40.124.116.28/moodle/mylogin/index.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 May 2024 11:03:27 GMT
Server: Apache/2.4.59 (Debian)
Last-Modified: Sun, 21 Aug 2022 02:29:22 GMT
ETag: "15dfc5-5e6b7195d9501"
Accept-Ranges: bytes
Content-Length: 1433541
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/jpeg

40.124.116.28/moodle/mylogin/favicon.ico

40.124.116.28

200 OK

1.2 kB

URL GET HTTP/1.1
40.124.116.28/moodle/mylogin/favicon.ico
IP
40.124.116.28:80
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
http://40.124.116.28/moodle/mylogin/index.php

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
135aed33c0a7b8f44f0227a71b9ce345
120e10c8a17aebb31c74b6988f8bce9b05dd6606
7afbabec7cddb87ab3b2c3f56509ca9c8f76925db0570372f1a6a366606be1b4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/mylogin/favicon.ico HTTP/1.1
Host: 40.124.116.28
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://40.124.116.28/moodle/mylogin/index.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 May 2024 11:03:29 GMT
Server: Apache/2.4.59 (Debian)
Last-Modified: Sun, 21 Aug 2022 02:29:22 GMT
ETag: "47e-5e6b7195d8561"
Accept-Ranges: bytes
Content-Length: 1150
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/vnd.microsoft.icon

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

444 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
XML 1.0 document, ASCII text, with very long lines (332)
Size
444 B (444 bytes)
Hash
3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=ENWDNxbiOSRbbpXKvA5HbZyaqLAYndRs35694CfnkxvYz02IcoKwbbpcG-2u8RS9hpI3Sk51fqsiQOqkzrHn3a2n2f7TunpT1H0jfFSanu8eZ6Y7NlvIdxP6NdnSscIF
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
content-length: 444
date: Thu, 02 May 2024 11:01:34 GMT
age: 131
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (20)

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash