| 54.190.205.230/login/index.php |  54.190.205.230 | | 10 kB |
URL User Request GET 54.190.205.230/login/index.php IP54.190.205.230:0
File typeHTML document, Unicode text, UTF-8 text, with very long lines (12748), with CRLF, LF line terminators Hash30cac17b43916f169928381217dfcb0c cef322261d81be2f4abaa8d986baea1e4def2edc 19d2924f6c7a8dd4bb22c90a6938fcede21a85939dd3a6e536eb447d343956b2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /login/index.php HTTP/1.1
Host: 54.190.205.230
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 19:39:31 GMT
Server: Apache/2.4.18 (Ubuntu)
Set-Cookie: MoodleSession=r2jcsh078huqfe83the0itc466; path=/
Expires:
Cache-Control: private, pre-check=0, post-check=0, max-age=0, no-transform
Pragma: no-cache
Content-Language: es-mx
Content-Script-Type: text/javascript
Content-Style-Type: text/css
X-UA-Compatible: IE=edge
Accept-Ranges: none
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10360
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
|
|
| cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.js | 151.101.193.229 | 200 OK | 23 kB |
URL GET HTTP/2cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.js IP151.101.193.229:443
Requested byhttp://54.190.205.230/login/index.php CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typeJavaScript source, ASCII text, with very long lines (31972) Hash49a6b4d019a934bcf83f0c397eba82d8 6181412e73966696d08e1e5b1243a572d0f22ba6 cadda460ccb4c3c01bb45f3d5976f63f5adf8dc3ff1d31cb4fbd3ded4f18e5bf
GET /gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.5.7
x-jsd-version-type: version
etag: W/"10a9d-YYFBLnOWZpbQjh5bEkOlctDyK6Y"
content-encoding: br
accept-ranges: bytes
date: Fri, 26 Apr 2024 19:39:31 GMT
age: 22707838
x-served-by: cache-fra-etou8220109-FRA, cache-hel1410028-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 23149
X-Firefox-Spdy: h2
|
|
| cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css | 151.101.193.229 | 200 OK | 3.4 kB |
URL GET HTTP/2cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css IP151.101.193.229:443
Requested byhttp://54.190.205.230/login/index.php CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typeASCII text, with very long lines (12795), with no line terminators Hasha2d42584292f64c5827e8b67b1b38726 1be9b79be02a1cfc5d96c4a5e0feb8f472babd95 5736e3eec0c34bfc288854b7b8d2a8f1e22e9e2e7dae3c8d1ad5dfb2d4734ad0
GET /gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 3.5.7
x-jsd-version-type: version
etag: W/"31fb-G+m3m+AqHPxdlsSl4P649HK6vZU"
content-encoding: br
accept-ranges: bytes
date: Fri, 26 Apr 2024 19:39:31 GMT
age: 20805927
x-served-by: cache-fra-eddf8230072-FRA, cache-hel1410028-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3370
X-Firefox-Spdy: h2
|
|
| code.jquery.com/jquery-3.3.1.min.js | 151.101.2.137 | 200 OK | 30 kB |
URL GET HTTP/2code.jquery.com/jquery-3.3.1.min.js IP151.101.2.137:443
Requested byhttp://54.190.205.230/login/index.php CertificateIssuerSectigo Limited Subject*.jquery.com FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65451) Hasha09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
GET /jquery-3.3.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-1538f"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 26 Apr 2024 19:39:31 GMT
age: 19359768
x-served-by: cache-lga13622-LGA, cache-hel1410025-HEL
x-cache: HIT, HIT
x-cache-hits: 36, 906442
x-timer: S1714160372.629218,VS0,VE0
vary: Accept-Encoding
content-length: 30288
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=UA-115874252-1 | 142.250.74.136 | 200 OK | 73 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=UA-115874252-1 IP142.250.74.136:443
Requested byhttp://54.190.205.230/login/index.php CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52 ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT
File typeJavaScript source, ASCII text, with very long lines (4179) Hashac3499ecf84ad0d9e5fe62b5b84a128f 46a6d7c33c1a32822119ce650b55c83df7e35cd4 bf7d2188b0a5406c9cae88c67735193ce42e0f4466546e5429d5e609aade60ea
GET /gtag/js?id=UA-115874252-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 26 Apr 2024 19:39:31 GMT
expires: Fri, 26 Apr 2024 19:39:31 GMT
cache-control: private, max-age=900
last-modified: Fri, 26 Apr 2024 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 73269
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 54.190.205.230/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.css | 54.190.205.230 | 200 OK | 1.0 kB |
URL GET HTTP/1.154.190.205.230/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.css IP54.190.205.230:80
Requested byhttp://54.190.205.230/login/index.php
File typeASCII text, with very long lines (1965) Hash73cbdae81548a6d6b35d801af5eadef8 fc80239620ebad54e36e1865338e8c5e1a7e9e8b fbd5b8255a99afe96e89a88423275ed4e93083fad3311dd349906122e63206a0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.css HTTP/1.1
Host: 54.190.205.230
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/login/index.php
Cookie: MoodleSession=r2jcsh078huqfe83the0itc466
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 19:39:32 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Disposition: inline; filename="combo"
Last-Modified: Mon, 25 Jan 2021 19:09:07 GMT
Expires: Mon, 21 Apr 2025 19:39:32 GMT
Pragma:
Cache-Control: public, max-age=31104000, immutable
Accept-Ranges: none
Etag: "b9bc567c469e2872cf3bbb14603342a72de2509b"
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 1031
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css;charset=UTF-8
|
|
| 54.190.205.230/theme/boostclaustro/javascript/bibliografia.js | 54.190.205.230 | 200 OK | 356 B |
URL GET HTTP/1.154.190.205.230/theme/boostclaustro/javascript/bibliografia.js IP54.190.205.230:80
Requested byhttp://54.190.205.230/login/index.php
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (363) Hashe018a32be77ebb526a6976d61ea7829e 04257505e65ab1ee850906890efbe3956a9498fb bbfd5cca12e711f4cb42ac7a333c5663f6447d03566816b97a121d8410ad0ff1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /theme/boostclaustro/javascript/bibliografia.js HTTP/1.1
Host: 54.190.205.230
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/login/index.php
Cookie: MoodleSession=r2jcsh078huqfe83the0itc466
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 19:39:32 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Tue, 20 Feb 2024 18:25:03 GMT
ETag: "1d4-611d454322670-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 356
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| 54.190.205.230/theme/boostclaustro/pix/5f43caf39d.js | 54.190.205.230 | 200 OK | 4.3 kB |
URL GET HTTP/1.154.190.205.230/theme/boostclaustro/pix/5f43caf39d.js IP54.190.205.230:80
Requested byhttp://54.190.205.230/login/index.php
File typeJavaScript source, ASCII text, with very long lines (11213), with CRLF line terminators Hashdf0c96bd1f21db5ff9d0d188b33ef0e6 cf730d2f50493d073e65dead97992c62a08bb4f9 5fd89d259dc3fa7f82069a7bf3de24df217b97e5816290045485619f2f656e13
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /theme/boostclaustro/pix/5f43caf39d.js HTTP/1.1
Host: 54.190.205.230
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/login/index.php
Cookie: MoodleSession=r2jcsh078huqfe83the0itc466
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 19:39:32 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Tue, 30 May 2023 23:16:12 GMT
ETag: "2de8-5fcf163a7d48f-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4271
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| 54.190.205.230/lib/javascript.php/1712346637/lib/polyfills/polyfill.js | 54.190.205.230 | 200 OK | 5.1 kB |
URL GET HTTP/1.154.190.205.230/lib/javascript.php/1712346637/lib/polyfills/polyfill.js IP54.190.205.230:80
Requested byhttp://54.190.205.230/login/index.php
File typeJavaScript source, ASCII text, with very long lines (17500), with no line terminators Hash901890f127a81c136912ceb57c131305 ef4bd0e1c5d2dcb97265830feff005f682020a5d 244ff779cc4a0d32d8a21e1dceece94080b39c4b2c77ab5c0a772f333db71216
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /lib/javascript.php/1712346637/lib/polyfills/polyfill.js HTTP/1.1
Host: 54.190.205.230
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/login/index.php
Cookie: MoodleSession=r2jcsh078huqfe83the0itc466
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 19:39:32 GMT
Server: Apache/2.4.18 (Ubuntu)
Etag: "1c6084be45813783c51e4db4d3e93c7d034d01bf"
Content-Disposition: inline; filename="javascript.php"
Last-Modified: Fri, 05 Apr 2024 19:50:56 GMT
Expires: Thu, 25 Jul 2024 19:39:32 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 5131
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript; charset=utf-8
|
|
| claustrovirtual.mx/lib/chocolat/css/chocolat.css | 52.35.186.62 | 200 OK | 920 B |
URL GET HTTP/1.1claustrovirtual.mx/lib/chocolat/css/chocolat.css IP52.35.186.62:80
Requested byhttp://54.190.205.230/login/index.php
Hash9812fa428846eb8a6a6832e7e642f16a b3dfd42f0ed65ae17c95991566b8c98bf6a8a821 eaa089ff20400360109c14f6ccf1d0a7c1183a68d6b5f11914030f01ffab3176
GET /lib/chocolat/css/chocolat.css HTTP/1.1
Host: claustrovirtual.mx
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 18:39:32 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Sat, 18 Jan 2020 00:49:10 GMT
ETag: "f48-59c5f6d1d0d80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 920
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
|
|
| claustrovirtual.mx/lib/chartjs/utils.js | 52.35.186.62 | 200 OK | 1.4 kB |
URL GET HTTP/1.1claustrovirtual.mx/lib/chartjs/utils.js IP52.35.186.62:80
Requested byhttp://54.190.205.230/login/index.php
File typeJavaScript source, ASCII text Hashbe3ae852a8bd0cd8a5be0d56df5246fb 460436ab30f351d5d51148be2ded72a3b592d513 cf43f7daed8dbeedaf3e02a099ab1f09aa76365e8e996109e80d0cab46f79f94
GET /lib/chartjs/utils.js HTTP/1.1
Host: claustrovirtual.mx
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 18:39:32 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Sat, 18 Jan 2020 00:49:10 GMT
ETag: "cf6-59c5f6d1d0d80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1425
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| claustrovirtual.mx/lib/chocolat/js/jquery.chocolat.js | 52.35.186.62 | 200 OK | 4.3 kB |
URL GET HTTP/1.1claustrovirtual.mx/lib/chocolat/js/jquery.chocolat.js IP52.35.186.62:80
Requested byhttp://54.190.205.230/login/index.php
File typeJavaScript source, ASCII text Hashaf65120921a850d589811c350690ae67 d58bccdd02d63d990227eba49168c5bcc807a957 ee34e5a8f86e106856e1ef454e8eac3e8fb11d682c6393de3b604e59c9766dbb
GET /lib/chocolat/js/jquery.chocolat.js HTTP/1.1
Host: claustrovirtual.mx
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 18:39:32 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Sat, 18 Jan 2020 00:49:10 GMT
ETag: "617b-59c5f6d1d0d80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4338
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| 54.190.205.230/lib/javascript.php/1712346637/lib/requirejs/require.min.js | 54.190.205.230 | 200 OK | 6.7 kB |
URL GET HTTP/1.154.190.205.230/lib/javascript.php/1712346637/lib/requirejs/require.min.js IP54.190.205.230:80
Requested byhttp://54.190.205.230/login/index.php
File typeJavaScript source, ASCII text, with very long lines (17535) Hash1f53ac504f7e69a6df96140eed2d4df2 da00136dd3fd0ccab626d7555ccb5fdf1c096fad 9ce0dbd6a1df9332653e27d1ddc505c5b78fd82b4112de0ec63840c3fbe0b8c2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /lib/javascript.php/1712346637/lib/requirejs/require.min.js HTTP/1.1
Host: 54.190.205.230
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/login/index.php
Cookie: MoodleSession=r2jcsh078huqfe83the0itc466
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 19:39:32 GMT
Server: Apache/2.4.18 (Ubuntu)
Etag: "e4b67115d467c282f8d60903f5c8be90e81ac107"
Content-Disposition: inline; filename="javascript.php"
Last-Modified: Fri, 05 Apr 2024 19:50:40 GMT
Expires: Thu, 25 Jul 2024 19:39:32 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 6662
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript; charset=utf-8
|
|
| 54.190.205.230/lib/javascript.php/1712346637/lib/javascript-static.js | 54.190.205.230 | 200 OK | 6.8 kB |
URL GET HTTP/1.154.190.205.230/lib/javascript.php/1712346637/lib/javascript-static.js IP54.190.205.230:80
Requested byhttp://54.190.205.230/login/index.php
File typeJavaScript source, ASCII text, with very long lines (1875) Hashac7f47cc5271b4115ac489f7a0d70737 bb091a4de18f4ffce0ba80668ed0427ae03001d0 ec9d65cb26cade9adcf9c012734551cf8c86c49a1ff45fef12662ae42f312e3f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /lib/javascript.php/1712346637/lib/javascript-static.js HTTP/1.1
Host: 54.190.205.230
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/login/index.php
Cookie: MoodleSession=r2jcsh078huqfe83the0itc466
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 19:39:32 GMT
Server: Apache/2.4.18 (Ubuntu)
Etag: "05dbc4c3fda7c3c2c7ccfd15de7a96ac4e4ffe8d"
Content-Disposition: inline; filename="javascript.php"
Last-Modified: Fri, 05 Apr 2024 19:50:56 GMT
Expires: Thu, 25 Jul 2024 19:39:32 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 6777
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript; charset=utf-8
|
|
| 54.190.205.230/theme/javascript.php/boostclaustro/1712346637/footer | 54.190.205.230 | 200 OK | 1.3 kB |
URL GET HTTP/1.154.190.205.230/theme/javascript.php/boostclaustro/1712346637/footer IP54.190.205.230:80
Requested byhttp://54.190.205.230/login/index.php
File typeJavaScript source, ASCII text, with very long lines (535) Hash066485e7d5e571c1703b17f2fedb170e d60cc02850677a4ef0e7962545a64c7760498327 7f7ee79af4073ab84138feb0139545a576b720c1dfcae2197ece0f116813beeb
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /theme/javascript.php/boostclaustro/1712346637/footer HTTP/1.1
Host: 54.190.205.230
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/login/index.php
Cookie: MoodleSession=r2jcsh078huqfe83the0itc466
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 19:39:32 GMT
Server: Apache/2.4.18 (Ubuntu)
Etag: "ac74ad8ea8408c631e507b41ba7f134d0deaea84"
Content-Disposition: inline; filename="javascript.php"
Last-Modified: Fri, 05 Apr 2024 19:50:56 GMT
Expires: Thu, 25 Jul 2024 19:39:32 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 1286
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript; charset=utf-8
|
|
| 54.190.205.230/lib/javascript.php/1712346637/lib/editor/atto/plugins/htmlbootstrapeditor/content.js | 54.190.205.230 | 200 OK | 810 B |
URL GET HTTP/1.154.190.205.230/lib/javascript.php/1712346637/lib/editor/atto/plugins/htmlbootstrapeditor/content.js IP54.190.205.230:80
Requested byhttp://54.190.205.230/login/index.php
File typeASCII text, with very long lines (1068) Hash4ad4ae7ea181a3e57cc3fe2f4c6a8da7 cf491d1d085943a6b2a61cc0f9d2016b706628fc 2b7cea28239758c29818b55ea2d88f1048043020bc4af9d9c1cdcc209e55281a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /lib/javascript.php/1712346637/lib/editor/atto/plugins/htmlbootstrapeditor/content.js HTTP/1.1
Host: 54.190.205.230
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/login/index.php
Cookie: MoodleSession=r2jcsh078huqfe83the0itc466
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 19:39:32 GMT
Server: Apache/2.4.18 (Ubuntu)
Etag: "bad40ae4265b26a3d44ab3dedfa9bb11cac5720a"
Content-Disposition: inline; filename="javascript.php"
Last-Modified: Fri, 05 Apr 2024 19:50:56 GMT
Expires: Thu, 25 Jul 2024 19:39:32 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 810
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript; charset=utf-8
|
|
| claustrovirtual.mx/lib/chartjs/Chart.js | 52.35.186.62 | 200 OK | 97 kB |
URL GET HTTP/1.1claustrovirtual.mx/lib/chartjs/Chart.js IP52.35.186.62:80
Requested byhttp://54.190.205.230/login/index.php
File typeJavaScript source, ASCII text, with very long lines (862), with CRLF, LF line terminators Hashf5e0ac57e6533b0133ed76228a287121 3dc07f2ac3210093fc1ae5e0f3f852208314ecd0 ae362707406e965ee4d9791b274dd4346a8cb8c89e47bebdb9054649296c8ba0
GET /lib/chartjs/Chart.js HTTP/1.1
Host: claustrovirtual.mx
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 18:39:32 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Sat, 18 Jan 2020 00:49:10 GMT
ETag: "624de-59c5f6d1d0d80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
|
|
| 54.190.205.230/lib/javascript.php/1712346637/admin/tool/htmlbootstrapeditor/content.js | 54.190.205.230 | 200 OK | 818 B |
URL GET HTTP/1.154.190.205.230/lib/javascript.php/1712346637/admin/tool/htmlbootstrapeditor/content.js IP54.190.205.230:80
Requested byhttp://54.190.205.230/login/index.php
File typeASCII text, with very long lines (1096) Hash0aa8f0f3544dca50293f3e0a4d7457e7 75691fc627f48f7d15dee3d14fc1ef8f125975be 898f75752e631ac17004c05f02bac9f0d23dd70a7b7b0e2deec853d28f0929e8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /lib/javascript.php/1712346637/admin/tool/htmlbootstrapeditor/content.js HTTP/1.1
Host: 54.190.205.230
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/login/index.php
Cookie: MoodleSession=r2jcsh078huqfe83the0itc466
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 19:39:32 GMT
Server: Apache/2.4.18 (Ubuntu)
Etag: "9cf957dda5d1362caf484eda7cd19d59af8182e3"
Content-Disposition: inline; filename="javascript.php"
Last-Modified: Fri, 05 Apr 2024 19:50:56 GMT
Expires: Thu, 25 Jul 2024 19:39:32 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 818
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript; charset=utf-8
|
|
| 54.190.205.230/theme/styles.php/boostclaustro/1712346637_1/all | 54.190.205.230 | 200 OK | 153 kB |
URL GET HTTP/1.154.190.205.230/theme/styles.php/boostclaustro/1712346637_1/all IP54.190.205.230:80
Requested byhttp://54.190.205.230/login/index.php
File typeUnicode text, UTF-8 text, with very long lines (63462) Size153 kB (153331 bytes) Hash7356367c869839aad00b2f52c3a8eba3 ee235b3aba3629f2cce77926cf6a69dd265760f8 03774e8df738bfe0b292c7280f72733e808cd19eb7581f7395cc06f316ee387e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /theme/styles.php/boostclaustro/1712346637_1/all HTTP/1.1
Host: 54.190.205.230
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/login/index.php
Cookie: MoodleSession=r2jcsh078huqfe83the0itc466
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 19:39:32 GMT
Server: Apache/2.4.18 (Ubuntu)
Etag: "aa742d9401a94e20f502b23b539efaf27f36317b"
Content-Disposition: inline; filename="styles.php"
Last-Modified: Fri, 05 Apr 2024 20:26:05 GMT
Expires: Thu, 25 Jul 2024 19:39:32 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css; charset=utf-8
|
|
| 54.190.205.230/lib/javascript.php/1712346637/admin/tool/htmlbootstrapeditor/editor.js | 54.190.205.230 | 200 OK | 1.1 kB |
URL GET HTTP/1.154.190.205.230/lib/javascript.php/1712346637/admin/tool/htmlbootstrapeditor/editor.js IP54.190.205.230:80
Requested byhttp://54.190.205.230/login/index.php
File typeASCII text, with very long lines (527) Hashbd25bdbf4f0f400a2a946900b8da5807 2f7684fff98f8628daa697cedb35e37e615fcf52 8b65b5fcad9b189f73c74cf3c4bcc4f140d080c996071e637823d8a645335f4d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /lib/javascript.php/1712346637/admin/tool/htmlbootstrapeditor/editor.js HTTP/1.1
Host: 54.190.205.230
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/login/index.php
Cookie: MoodleSession=r2jcsh078huqfe83the0itc466
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 19:39:32 GMT
Server: Apache/2.4.18 (Ubuntu)
Etag: "3c81066ed3b86d538cd9ff9a5795a78030a2a117"
Content-Disposition: inline; filename="javascript.php"
Last-Modified: Fri, 05 Apr 2024 19:50:56 GMT
Expires: Thu, 25 Jul 2024 19:39:32 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 1142
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript; charset=utf-8
|
|
| 54.190.205.230/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.js | 54.190.205.230 | 200 OK | 84 kB |
URL GET HTTP/1.154.190.205.230/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.js IP54.190.205.230:80
Requested byhttp://54.190.205.230/login/index.php
File typeJavaScript source, ASCII text, with very long lines (6010) Hash8039fd714b58260199b364107c92bff6 3776c202a78a99e5eeaafbdc7d8ad61acee3af1d 13eaaadfa414f262b7964320054bb2b322b9ef9f3522bc25c9d60dc83b5141cf
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.js HTTP/1.1
Host: 54.190.205.230
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/login/index.php
Cookie: MoodleSession=r2jcsh078huqfe83the0itc466
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 19:39:32 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Disposition: inline; filename="combo"
Last-Modified: Mon, 25 Jan 2021 19:09:07 GMT
Expires: Mon, 21 Apr 2025 19:39:32 GMT
Pragma:
Cache-Control: public, max-age=31104000, immutable
Accept-Ranges: none
Etag: "78581a0bac8a932effb32db3e91e0f2f2b47c08e"
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
|
|
| 54.190.205.230/lib/javascript.php/1712346637/lib/babel-polyfill/polyfill.min.js | 54.190.205.230 | 200 OK | 34 kB |
URL GET HTTP/1.154.190.205.230/lib/javascript.php/1712346637/lib/babel-polyfill/polyfill.min.js IP54.190.205.230:80
Requested byhttp://54.190.205.230/login/index.php
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (34750), with NEL line terminators Hash36842211132011a28a3ad07a62a629b1 624790be7f03f203771237170bfdf62e0186ae0f d9e07890edf5f6f350ef465b37479fc6192923e60e64d9f20af37eb3b011cc66
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /lib/javascript.php/1712346637/lib/babel-polyfill/polyfill.min.js HTTP/1.1
Host: 54.190.205.230
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/login/index.php
Cookie: MoodleSession=r2jcsh078huqfe83the0itc466
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 19:39:32 GMT
Server: Apache/2.4.18 (Ubuntu)
Etag: "9ca0ae3ecc1ed386170f69bb3662f06fc3491b59"
Content-Disposition: inline; filename="javascript.php"
Last-Modified: Fri, 05 Apr 2024 19:50:56 GMT
Expires: Thu, 25 Jul 2024 19:39:32 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=utf-8
|
|
| 54.190.205.230/theme/boostclaustro/javascript/bibliografiaAnin.js | 54.190.205.230 | 200 OK | 34 kB |
URL GET HTTP/1.154.190.205.230/theme/boostclaustro/javascript/bibliografiaAnin.js IP54.190.205.230:80
Requested byhttp://54.190.205.230/login/index.php
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (798), with CRLF line terminators Hashbaf61d8ef942d6f8a8c332cb08bfcb9d 2b62595481685344804d77dd21648053d1718d04 26e2b965a7c9f6fadd2e16fa09ede0bf958c27ecdadc1e5af20a7a42ec09eeb6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /theme/boostclaustro/javascript/bibliografiaAnin.js HTTP/1.1
Host: 54.190.205.230
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/login/index.php
Cookie: MoodleSession=r2jcsh078huqfe83the0itc466
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 19:39:32 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Tue, 02 Apr 2024 21:49:02 GMT
ETag: "206ce-61524130464b4-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 33510
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| www.googletagmanager.com/gtag/js?id=G-L75WX7J5VK&l=dataLayer&cx=c | 142.250.74.136 | 200 OK | 87 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=G-L75WX7J5VK&l=dataLayer&cx=c IP142.250.74.136:443
Requested byhttp://54.190.205.230/login/index.php CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52 ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT
File typeJavaScript source, ASCII text, with very long lines (4179) Hashcdfc55c4f5bf3351c2eb23dd4bf6f03d 094fa6a9daeab8269fcdf2882d6c31ee38a4155d 7529f327992b36862d8dd62f43f32f6558cce6f9dbc38d8e36516380e28a20da
GET /gtag/js?id=G-L75WX7J5VK&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 26 Apr 2024 19:39:32 GMT
expires: Fri, 26 Apr 2024 19:39:32 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 86960
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 54.190.205.230/theme/boostclaustro/pix/claustro/ooter2.png | 54.190.205.230 | 200 OK | 3.3 kB |
URL GET HTTP/1.154.190.205.230/theme/boostclaustro/pix/claustro/ooter2.png IP54.190.205.230:80
Requested byhttp://54.190.205.230/login/index.php
File typePNG image data, 137 x 138, 8-bit/color RGBA, interlaced Hash726b0a70761ae8eb318fc597143dfef4 32c213bf7c39a2345645382499552f9e02bea691 b0d32197af6923d27fc878d06bfafa885af60122f50418326adb3abe9dcc9a56
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /theme/boostclaustro/pix/claustro/ooter2.png HTTP/1.1
Host: 54.190.205.230
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/login/index.php
Cookie: MoodleSession=r2jcsh078huqfe83the0itc466
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 19:39:33 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 09 Nov 2023 22:27:46 GMT
ETag: "cf4-609bfb68c62ab"
Accept-Ranges: bytes
Content-Length: 3316
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
|
|
| 54.190.205.230/pluginfile.php/1/core_admin/logo/0x200/1712346637/logo-claustro-virtual-FINAL.png | 54.190.205.230 | 200 OK | 10 kB |
URL GET HTTP/1.154.190.205.230/pluginfile.php/1/core_admin/logo/0x200/1712346637/logo-claustro-virtual-FINAL.png IP54.190.205.230:80
Requested byhttp://54.190.205.230/login/index.php
File typePNG image data, 206 x 84, 8-bit/color RGBA, non-interlaced Hash37c58092669684c337c1a1ebe9e9c199 277e3a2019d4d462a8f5ed654ee4f7732ab1c2b0 e91e499f1d85b90a746a921423922a6c7f5af2386cc9c88045130d3b62dba6f4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /pluginfile.php/1/core_admin/logo/0x200/1712346637/logo-claustro-virtual-FINAL.png HTTP/1.1
Host: 54.190.205.230
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/login/index.php
Cookie: MoodleSession=r2jcsh078huqfe83the0itc466
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 19:39:33 GMT
Server: Apache/2.4.18 (Ubuntu)
Expires: Tue, 25 Jun 2024 19:39:33 GMT
Cache-Control: public, max-age=5184000, no-transform
Pragma:
Content-Disposition: inline; filename="logo-claustro-virtual-FINAL.png"
Last-Modified: Fri, 05 Apr 2024 19:50:56 GMT
Accept-Ranges: bytes
Content-Length: 10217
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
|
|
| kit.fontawesome.com/5f43caf39d/110336445/kit-upload.css | 172.64.147.188 | 200 OK | 0 B |
URL GET HTTP/2kit.fontawesome.com/5f43caf39d/110336445/kit-upload.css IP172.64.147.188:443
Requested byhttp://54.190.205.230/login/index.php CertificateIssuerDigiCert Inc Subject*.fontawesome.com Fingerprint93:F9:69:8C:73:B0:08:60:65:F3:39:41:39:66:D3:2B:78:3A:6E:3D ValidityMon, 04 Dec 2023 00:00:00 GMT - Fri, 03 Jan 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /5f43caf39d/110336445/kit-upload.css HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://54.190.205.230/
Origin: http://54.190.205.230
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 19:39:32 GMT
content-type: text/css
content-length: 0
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=31556926, public, must-revalidate
etag: 54af53b207eef226d6511e0a88e3038e
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F8nrxvKPMieq-1gNkd4i
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 87a90a19fde5b4f7-OSL
X-Firefox-Spdy: h2
|
|
| 54.190.205.230/theme/boostclaustro/pix/claustro/logoClaustroHorizontal.png | 54.190.205.230 | 200 OK | 26 kB |
URL GET HTTP/1.154.190.205.230/theme/boostclaustro/pix/claustro/logoClaustroHorizontal.png IP54.190.205.230:80
Requested byhttp://54.190.205.230/login/index.php
File typePNG image data, 2846 x 221, 8-bit/color RGBA, non-interlaced Hash0611e12e06c0ac262e6e461ec189210d 6f4ecac685ebc6414724d248f1814632f04e6cf5 c1328ca0f35cf39004378368c3778709dd48c9da651b810b9ae04c6d47c74de9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /theme/boostclaustro/pix/claustro/logoClaustroHorizontal.png HTTP/1.1
Host: 54.190.205.230
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/login/index.php
Cookie: MoodleSession=r2jcsh078huqfe83the0itc466
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 19:39:33 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 09 Nov 2023 22:13:19 GMT
ETag: "65bb-609bf82e87d97"
Accept-Ranges: bytes
Content-Length: 26043
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
|
|
| 54.190.205.230/theme/yui_combo.php?m/1712346637/core/event/event-min.js&m/1712346637/filter_mathjaxloader/loader/loader-min.js | 54.190.205.230 | 200 OK | 857 B |
URL GET HTTP/1.154.190.205.230/theme/yui_combo.php?m/1712346637/core/event/event-min.js&m/1712346637/filter_mathjaxloader/loader/loader-min.js IP54.190.205.230:80
Requested byhttp://54.190.205.230/login/index.php
File typeJavaScript source, ASCII text, with very long lines (2198), with no line terminators Hash78e865a30eff73e43dca8b8e44bcbb6e 242cf2f16d121fc1d5a486063a0d6ab130abbf23 7eb61ba5b02c939a8985c145a24985cb3b4e3cadfcfc00fa5bca76aa0d8c5238
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /theme/yui_combo.php?m/1712346637/core/event/event-min.js&m/1712346637/filter_mathjaxloader/loader/loader-min.js HTTP/1.1
Host: 54.190.205.230
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/login/index.php
Cookie: MoodleSession=r2jcsh078huqfe83the0itc466
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 19:39:33 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Disposition: inline; filename="combo"
Last-Modified: Mon, 25 Jan 2021 19:09:06 GMT
Expires: Mon, 21 Apr 2025 19:39:33 GMT
Pragma:
Cache-Control: public, max-age=31104000, immutable
Accept-Ranges: none
Etag: "d4b2bc2af901b697bbe70dffb54619a9581c55f2"
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 857
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| use.fontawesome.com/releases/v5.12.1/webfonts/fa-brands-400.woff2 | 172.67.142.245 | 200 OK | 76 kB |
URL GET HTTP/2use.fontawesome.com/releases/v5.12.1/webfonts/fa-brands-400.woff2 IP172.67.142.245:443
Requested byhttp://54.190.205.230/login/index.php CertificateIssuerCloudflare, Inc. Subjectuse.fontawesome.com FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78 ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 76548, version 330.-16188 Hash067595ad77ecc0db9c81c8905a7eef32 3a175545f961094f3614f208f2166187b642355f 089630244600f33230010f5e04c67419ec642c5228540adb42e3fe92c631e6bf
GET /releases/v5.12.1/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://54.190.205.230
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 26 Apr 2024 19:39:33 GMT
content-type: font/woff2
content-length: 76548
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "067595ad77ecc0db9c81c8905a7eef32"
last-modified: Fri, 22 Sep 2023 01:45:06 GMT
vary: Origin, Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BtzS3R4wT%2FW3XMtlIB6B9Y%2Bbbg30eJrSiFiWKk3%2BGGlGErLa3f2STA9k4pRZSNl9yvzgpmhw7kCxIecdnBzFN8K58ny5bM%2FsprQDpZw%2FALmRycK5y0NP35%2BAaJijWhvFI9eP0UjN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a90a1b5eb70b51-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ka-p.fontawesome.com/releases/v6.4.0/css/pro-v4-font-face.min.css?token=5f43caf39d | 172.64.147.188 | 200 OK | 2.3 kB |
URL GET HTTP/2ka-p.fontawesome.com/releases/v6.4.0/css/pro-v4-font-face.min.css?token=5f43caf39d IP172.64.147.188:443
Requested byhttp://54.190.205.230/login/index.php CertificateIssuerDigiCert Inc Subject*.fontawesome.com Fingerprint93:F9:69:8C:73:B0:08:60:65:F3:39:41:39:66:D3:2B:78:3A:6E:3D ValidityMon, 04 Dec 2023 00:00:00 GMT - Fri, 03 Jan 2025 23:59:59 GMT
File typeASCII text, with very long lines (12084) Hashff0c8da1999ccd1d3d756a6b85e1c495 9059cdd3d0d80255e1686657eeb656aebf360baa 4d5e287f0e60cc7efadd2bdf39ff53499de57249b69a3ae73497a187ff908e2a
GET /releases/v6.4.0/css/pro-v4-font-face.min.css?token=5f43caf39d HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://54.190.205.230/
Origin: http://54.190.205.230
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 19:39:33 GMT
content-type: text/css
content-length: 2327
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "641cc4b0-917"
last-modified: Thu, 23 Mar 2023 21:29:20 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 87a90a1a0d53b4f9-OSL
X-Firefox-Spdy: h2
|
|
| ka-p.fontawesome.com/releases/v6.4.0/css/pro-v4-shims.min.css?token=5f43caf39d | 172.64.147.188 | 200 OK | 4.3 kB |
URL GET HTTP/2ka-p.fontawesome.com/releases/v6.4.0/css/pro-v4-shims.min.css?token=5f43caf39d IP172.64.147.188:443
Requested byhttp://54.190.205.230/login/index.php CertificateIssuerDigiCert Inc Subject*.fontawesome.com Fingerprint93:F9:69:8C:73:B0:08:60:65:F3:39:41:39:66:D3:2B:78:3A:6E:3D ValidityMon, 04 Dec 2023 00:00:00 GMT - Fri, 03 Jan 2025 23:59:59 GMT
File typeASCII text, with very long lines (27250) Hash70b846ec4f622ad05b84caa0e6ff7f4c 8433584d1a7bd57e8b7a342b65b3a79ca0ddce76 681f15f1dd66646e3c4be78f9c74962004cbc764f0fbb1da993f6937a3ac1e8a
GET /releases/v6.4.0/css/pro-v4-shims.min.css?token=5f43caf39d HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://54.190.205.230/
Origin: http://54.190.205.230
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 19:39:33 GMT
content-type: text/css
content-length: 4327
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "641cc4b0-10e7"
last-modified: Thu, 23 Mar 2023 21:29:20 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 87a90a19fd4fb4f9-OSL
X-Firefox-Spdy: h2
|
|
| ka-p.fontawesome.com/releases/v6.4.0/css/pro-v5-font-face.min.css?token=5f43caf39d | 172.64.147.188 | 200 OK | 12 kB |
URL GET HTTP/2ka-p.fontawesome.com/releases/v6.4.0/css/pro-v5-font-face.min.css?token=5f43caf39d IP172.64.147.188:443
Requested byhttp://54.190.205.230/login/index.php CertificateIssuerDigiCert Inc Subject*.fontawesome.com Fingerprint93:F9:69:8C:73:B0:08:60:65:F3:39:41:39:66:D3:2B:78:3A:6E:3D ValidityMon, 04 Dec 2023 00:00:00 GMT - Fri, 03 Jan 2025 23:59:59 GMT
File typeASCII text, with very long lines (65364) Hash62535b3f567ea067f091d5cb1cbefc94 0a23b3086c2311b737f19857bc03c54470f27c26 fce60bc81b42726b685192834cdd4147bb4867c94a9b5c38a35c0cce8a6b562e
GET /releases/v6.4.0/css/pro-v5-font-face.min.css?token=5f43caf39d HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://54.190.205.230/
Origin: http://54.190.205.230
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 19:39:33 GMT
content-type: text/css
content-length: 12530
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "641cc4b1-30f2"
last-modified: Thu, 23 Mar 2023 21:29:21 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 87a90a1a0d54b4f9-OSL
X-Firefox-Spdy: h2
|
|
| cdn.plyr.io/3.6.4/plyr.css |  104.27.195.88 | 200 OK | 206 kB |
URL GET HTTP/2cdn.plyr.io/3.6.4/plyr.css IP104.27.195.88:443
Requested byhttp://54.190.205.230/login/index.php CertificateIssuerCloudflare, Inc. Subjectcdn.plyr.io Fingerprint82:12:FB:B3:64:22:F5:22:7D:BA:01:9C:97:81:CF:4F:55:01:08:95 ValidityMon, 11 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (37775), with no line terminators Size206 kB (206412 bytes) Hash8a9780cdc9bbc58bcab483460b6fefa5 6b6db9c2e582b7aafc8991120aea4f0436774699 f8e7e4de1e9f1853967930e65e54635ba278937653525e048ec92f5639139f6d
GET /3.6.4/plyr.css HTTP/1.1
Host: cdn.plyr.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 19:39:31 GMT
content-type: text/css; charset=utf-8
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-bgj: minify
cf-polished: origSize=37857
etag: W/"2b9e0ce172efe5fb04d6e8a2583bf663"
last-modified: Thu, 20 Apr 2023 10:33:43 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 13102432
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o%2BjabJqIKFMSFdcklaZ3HmBcO%2FfUPXmHeKODoTD47ABTeAb%2Ff5DwLu5efvYkaC%2BHnZgxoBaFNXMoKTf4iwfMGvhnZmIq7UufChYc08b6A%2BZIiEfOcp%2FG8ofIKLbh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a90a128ba156ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 54.190.205.230/theme/image.php/boostclaustro/theme_boostclaustro/1712346637/loginbackgroundimage | 54.190.205.230 | 200 OK | 1.2 MB |
URL GET HTTP/1.154.190.205.230/theme/image.php/boostclaustro/theme_boostclaustro/1712346637/loginbackgroundimage IP54.190.205.230:80
Requested byhttp://54.190.205.230/login/index.php
File typePNG image data, 1366 x 670, 8-bit/color RGBA, interlaced Size1.2 MB (1207282 bytes) Hasha59c4e7ae6bc66518f5021bd4a0d7737 43e65d9fc56ab21eb437ba98007e458437d6b787 9999b1e089a79076655794eb51f1190a158faa7b21c8b2c25c80ce7319c5468d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /theme/image.php/boostclaustro/theme_boostclaustro/1712346637/loginbackgroundimage HTTP/1.1
Host: 54.190.205.230
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/theme/styles.php/boostclaustro/1712346637_1/all
Cookie: MoodleSession=r2jcsh078huqfe83the0itc466
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 19:39:33 GMT
Server: Apache/2.4.18 (Ubuntu)
Etag: "b1c9596b7620101035a24c4db6edbe2d57e6ec48"
Content-Disposition: inline; filename="loginbackgroundimage.png"
Last-Modified: Mon, 08 Apr 2024 15:52:52 GMT
Expires: Thu, 25 Jul 2024 19:39:33 GMT
Pragma:
Cache-Control: public, max-age=7776000, no-transform, immutable
Accept-Ranges: none
Content-Length: 1207282
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
|
|
| 54.190.205.230/lib/requirejs.php/1712346637/core/first.js | 54.190.205.230 | 200 OK | 438 kB |
URL GET HTTP/1.154.190.205.230/lib/requirejs.php/1712346637/core/first.js IP54.190.205.230:80
Requested byhttp://54.190.205.230/login/index.php
File typeJavaScript source, ASCII text, with very long lines (10417) Size438 kB (437836 bytes) Hash93ef1f08497a8d1648cc08265d61c994 717b84afa879bb670ad213857f7c9ddd67e278fa 821741ee8f4736197275ac2c73ec54ffe4f2703af95359a9c4994a57cac2c0d1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /lib/requirejs.php/1712346637/core/first.js HTTP/1.1
Host: 54.190.205.230
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/login/index.php
Cookie: MoodleSession=r2jcsh078huqfe83the0itc466; _ga_L75WX7J5VK=GS1.1.1714160373.1.0.1714160373.0.0.0; _ga=GA1.1.1277320545.1714160373
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 19:39:33 GMT
Server: Apache/2.4.18 (Ubuntu)
Etag: "bc7f0479866a0c2eb576ecae411fa2ac1ae4f082"
Content-Disposition: inline; filename="requirejs.php"
Last-Modified: Fri, 05 Apr 2024 19:50:48 GMT
Expires: Thu, 25 Jul 2024 19:39:33 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=utf-8
|
|
| 54.190.205.230/theme/image.php/boostclaustro/theme/1712346637/favicon | 54.190.205.230 | 200 OK | 32 kB |
URL GET HTTP/1.154.190.205.230/theme/image.php/boostclaustro/theme/1712346637/favicon IP54.190.205.230:80
Requested byhttp://54.190.205.230/login/index.php
File typeMS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel Hash3d50180321286bc23892a75eae67ed79 62d45289b7959e0a973531b873b9e659c064c8b7 89ef4bab39ea56baa306c048cdc38a3e8c3b06adf1d90a3d949f906d4e1ad6cf
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /theme/image.php/boostclaustro/theme/1712346637/favicon HTTP/1.1
Host: 54.190.205.230
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/login/index.php
Cookie: MoodleSession=r2jcsh078huqfe83the0itc466; _ga_L75WX7J5VK=GS1.1.1714160373.1.0.1714160373.0.0.0; _ga=GA1.1.1277320545.1714160373
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 19:39:34 GMT
Server: Apache/2.4.18 (Ubuntu)
Etag: "e7b219a7598de64683ae53b9db7393503d2e7a96"
Content-Disposition: inline; filename="favicon.ico"
Last-Modified: Fri, 05 Apr 2024 19:50:57 GMT
Expires: Thu, 25 Jul 2024 19:39:34 GMT
Pragma:
Cache-Control: public, max-age=7776000, no-transform, immutable
Accept-Ranges: none
Content-Length: 32038
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/vnd.microsoft.icon
|
|
| ka-p.fontawesome.com/releases/v6.4.0/webfonts/pro-fa-brands-400-9ddffe.woff2 | 172.64.147.188 | 200 OK | 1.2 kB |
URL GET HTTP/2ka-p.fontawesome.com/releases/v6.4.0/webfonts/pro-fa-brands-400-9ddffe.woff2 IP172.64.147.188:443
Requested byhttp://54.190.205.230/login/index.php CertificateIssuerDigiCert Inc Subject*.fontawesome.com Fingerprint93:F9:69:8C:73:B0:08:60:65:F3:39:41:39:66:D3:2B:78:3A:6E:3D ValidityMon, 04 Dec 2023 00:00:00 GMT - Fri, 03 Jan 2025 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 1156, version 772.256 Hash0494c9df389bd544c123437cf0f00bb0 bf26acb75bc32e9c0e6fe14f8dbc639d207fab90 4d9273d192bc514c6ae91eedda88d3327d3372004e30f91412875b07acd2ad1a
GET /releases/v6.4.0/webfonts/pro-fa-brands-400-9ddffe.woff2 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://54.190.205.230
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 26 Apr 2024 19:39:34 GMT
content-type: font/woff2
content-length: 1156
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "641d33c7-484"
last-modified: Fri, 24 Mar 2023 05:23:19 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 87a90a20be51b4f9-OSL
X-Firefox-Spdy: h2
|
|
| 54.190.205.230/lib/javascript.php/1712346637/lib/jquery/jquery-3.4.1.min.js | 54.190.205.230 | 200 OK | 31 kB |
URL GET HTTP/1.154.190.205.230/lib/javascript.php/1712346637/lib/jquery/jquery-3.4.1.min.js IP54.190.205.230:80
Requested byhttp://54.190.205.230/login/index.php
File typeJavaScript source, ASCII text, with very long lines (65451) Hashbebd549d68e85f6f38a6807a693d018d 1b79ede0b4d00d9142b2ce3cb9f98201e59b58cb 76033adbf3f2858078c77c078677aa57ae48e98fd2de3ebb71baf646a110909e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /lib/javascript.php/1712346637/lib/jquery/jquery-3.4.1.min.js HTTP/1.1
Host: 54.190.205.230
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/login/index.php
Cookie: MoodleSession=r2jcsh078huqfe83the0itc466; _ga_L75WX7J5VK=GS1.1.1714160373.1.0.1714160373.0.0.0; _ga=GA1.1.1277320545.1714160373
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 19:39:34 GMT
Server: Apache/2.4.18 (Ubuntu)
Etag: "99709aa4b13425ef914447a8f741ad3f8f7f1d00"
Content-Disposition: inline; filename="javascript.php"
Last-Modified: Fri, 05 Apr 2024 19:50:50 GMT
Expires: Thu, 25 Jul 2024 19:39:34 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=utf-8
|
|
| ka-p.fontawesome.com/releases/v6.4.0/webfonts/pro-fa-brands-400-f6b769.woff2 | 172.64.147.188 | 200 OK | 19 kB |
URL GET HTTP/2ka-p.fontawesome.com/releases/v6.4.0/webfonts/pro-fa-brands-400-f6b769.woff2 IP172.64.147.188:443
Requested byhttp://54.190.205.230/login/index.php CertificateIssuerDigiCert Inc Subject*.fontawesome.com Fingerprint93:F9:69:8C:73:B0:08:60:65:F3:39:41:39:66:D3:2B:78:3A:6E:3D ValidityMon, 04 Dec 2023 00:00:00 GMT - Fri, 03 Jan 2025 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 18564, version 772.256 Hash0314646264f33feaf559d0b80bbfcab6 c0e175d7fd92fd43c785935ffa3625500d69034e 5fe7a10434610e8494ce09ac2d4bc3d76621e425a6c448ac6001a1e1cd5c1d46
GET /releases/v6.4.0/webfonts/pro-fa-brands-400-f6b769.woff2 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://54.190.205.230
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 26 Apr 2024 19:39:34 GMT
content-type: font/woff2
content-length: 18564
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "641d33c7-4884"
last-modified: Fri, 24 Mar 2023 05:23:19 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 87a90a20be58b4f9-OSL
X-Firefox-Spdy: h2
|
|
| ka-p.fontawesome.com/releases/v6.4.0/webfonts/pro-fa-brands-400-9a7529.woff2 | 172.64.147.188 | 200 OK | 46 kB |
URL GET HTTP/2ka-p.fontawesome.com/releases/v6.4.0/webfonts/pro-fa-brands-400-9a7529.woff2 IP172.64.147.188:443
Requested byhttp://54.190.205.230/login/index.php CertificateIssuerDigiCert Inc Subject*.fontawesome.com Fingerprint93:F9:69:8C:73:B0:08:60:65:F3:39:41:39:66:D3:2B:78:3A:6E:3D ValidityMon, 04 Dec 2023 00:00:00 GMT - Fri, 03 Jan 2025 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 45952, version 772.256 Hash17b8cfd574299cf422191a41c77fa1d9 6598d7c8e45214b2a7386f2f2cda54b0ce6d504c 236fc2f5621e7ffa2d62218da380d67a9c0d6d3e498601b0d129e78651289130
GET /releases/v6.4.0/webfonts/pro-fa-brands-400-9a7529.woff2 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://54.190.205.230
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 26 Apr 2024 19:39:34 GMT
content-type: font/woff2
content-length: 45952
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "641d33c7-b380"
last-modified: Fri, 24 Mar 2023 05:23:19 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 87a90a20be56b4f9-OSL
X-Firefox-Spdy: h2
|
|
| 54.190.205.230/lib/ajax/service-nologin.php?info=6-method-calls&cachekey=1713797547&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22cancel%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22es_mx%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22closebuttontitle%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22es_mx%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22loading%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22es_mx%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22savechanges%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22es_mx%22%7D%7D%2C%7B%22index%22%3A4%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showless%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22es_mx%22%7D%7D%2C%7B%22index%22%3A5%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showmore%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22es_mx%22%7D%7D%5D | 54.190.205.230 | 200 OK | 229 B |
URL GET HTTP/1.154.190.205.230/lib/ajax/service-nologin.php?info=6-method-calls&cachekey=1713797547&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22cancel%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22es_mx%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22closebuttontitle%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22es_mx%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22loading%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22es_mx%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22savechanges%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22es_mx%22%7D%7D%2C%7B%22index%22%3A4%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showless%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22es_mx%22%7D%7D%2C%7B%22index%22%3A5%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showmore%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22es_mx%22%7D%7D%5D IP54.190.205.230:80
Requested byhttp://54.190.205.230/login/index.php
Hashfacb1e9fb3a2cd7d64ed300ac0ad62a4 dcab40df3f8e2dc4a7d1c0122650b8c1b71ef748 7dd8d83ffe6e0030d75817e77fc4f43f9056b5ace5e1354c7e801565b45523f4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /lib/ajax/service-nologin.php?info=6-method-calls&cachekey=1713797547&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22cancel%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22es_mx%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22closebuttontitle%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22es_mx%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22loading%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22es_mx%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22savechanges%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22es_mx%22%7D%7D%2C%7B%22index%22%3A4%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showless%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22es_mx%22%7D%7D%2C%7B%22index%22%3A5%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showmore%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22es_mx%22%7D%7D%5D HTTP/1.1
Host: 54.190.205.230
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/login/index.php
Cookie: MoodleSession=r2jcsh078huqfe83the0itc466; _ga_L75WX7J5VK=GS1.1.1714160373.1.0.1714160373.0.0.0; _ga=GA1.1.1277320545.1714160373
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 19:39:35 GMT
Server: Apache/2.4.18 (Ubuntu)
Expires: Thu, 25 Jul 2024 19:39:35 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Length: 229
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/json; charset=utf-8
|
|
| 54.190.205.230/lib/ajax/service-nologin.php?info=core_output_load_fontawesome_icon_system_map&cachekey=1712346637&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_fontawesome_icon_system_map%22%2C%22args%22%3A%7B%22themename%22%3A%22boostclaustro%22%7D%7D%5D | 54.190.205.230 | 200 OK | 38 kB |
URL GET HTTP/1.154.190.205.230/lib/ajax/service-nologin.php?info=core_output_load_fontawesome_icon_system_map&cachekey=1712346637&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_fontawesome_icon_system_map%22%2C%22args%22%3A%7B%22themename%22%3A%22boostclaustro%22%7D%7D%5D IP54.190.205.230:80
Requested byhttp://54.190.205.230/login/index.php
Hashf81c97e0bf047793037079a3df709372 48f13c7cfb883b640dd2f87e67eff6bcab052214 57696bf9b22560ddb80f397c8f1a1dc646bb1c7b13ac1c0fe0ff9d45069d17b5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /lib/ajax/service-nologin.php?info=core_output_load_fontawesome_icon_system_map&cachekey=1712346637&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_fontawesome_icon_system_map%22%2C%22args%22%3A%7B%22themename%22%3A%22boostclaustro%22%7D%7D%5D HTTP/1.1
Host: 54.190.205.230
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/login/index.php
Cookie: MoodleSession=r2jcsh078huqfe83the0itc466; _ga_L75WX7J5VK=GS1.1.1714160373.1.0.1714160373.0.0.0; _ga=GA1.1.1277320545.1714160373
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 19:39:35 GMT
Server: Apache/2.4.18 (Ubuntu)
Expires: Thu, 25 Jul 2024 19:39:35 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
|
|
| 54.190.205.230/lib/ajax/service-nologin.php?info=core_output_load_template_with_dependencies,core_output_load_template_with_dependencies,core_output_load_template_with_dependencies,core_output_load_template_with_dependencies&cachekey=1712346637&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22loading%22%2C%22themename%22%3A%22boostclaustro%22%2C%22lang%22%3A%22es_mx%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal%22%2C%22themename%22%3A%22boostclaustro%22%2C%22lang%22%3A%22es_mx%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal_backdrop%22%2C%22themename%22%3A%22boostclaustro%22%2C%22lang%22%3A%22es_mx%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22pix_icon_fontawesome%22%2C%22themename%22%3A%22boostclaustro%22%2C%22lang%22%3A%22es_mx%22%7D%7D%5D | 54.190.205.230 | 200 OK | 2.4 kB |
URL GET HTTP/1.154.190.205.230/lib/ajax/service-nologin.php?info=core_output_load_template_with_dependencies,core_output_load_template_with_dependencies,core_output_load_template_with_dependencies,core_output_load_template_with_dependencies&cachekey=1712346637&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22loading%22%2C%22themename%22%3A%22boostclaustro%22%2C%22lang%22%3A%22es_mx%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal%22%2C%22themename%22%3A%22boostclaustro%22%2C%22lang%22%3A%22es_mx%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal_backdrop%22%2C%22themename%22%3A%22boostclaustro%22%2C%22lang%22%3A%22es_mx%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22pix_icon_fontawesome%22%2C%22themename%22%3A%22boostclaustro%22%2C%22lang%22%3A%22es_mx%22%7D%7D%5D IP54.190.205.230:80
Requested byhttp://54.190.205.230/login/index.php
Hasha1978b2e94df4d8b5c90193b08ba8848 1ac0c83551de69131d9cb3be1aea938e3dd72d48 e2ffee65039b77f47d2c0e7bd19a97ebcc6e1d76ad5b60a269e903a97fbe7c00
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /lib/ajax/service-nologin.php?info=core_output_load_template_with_dependencies,core_output_load_template_with_dependencies,core_output_load_template_with_dependencies,core_output_load_template_with_dependencies&cachekey=1712346637&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22loading%22%2C%22themename%22%3A%22boostclaustro%22%2C%22lang%22%3A%22es_mx%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal%22%2C%22themename%22%3A%22boostclaustro%22%2C%22lang%22%3A%22es_mx%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal_backdrop%22%2C%22themename%22%3A%22boostclaustro%22%2C%22lang%22%3A%22es_mx%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22pix_icon_fontawesome%22%2C%22themename%22%3A%22boostclaustro%22%2C%22lang%22%3A%22es_mx%22%7D%7D%5D HTTP/1.1
Host: 54.190.205.230
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/login/index.php
Cookie: MoodleSession=r2jcsh078huqfe83the0itc466; _ga_L75WX7J5VK=GS1.1.1714160373.1.0.1714160373.0.0.0; _ga=GA1.1.1277320545.1714160373
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 19:39:35 GMT
Server: Apache/2.4.18 (Ubuntu)
Expires: Thu, 25 Jul 2024 19:39:35 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Length: 2424
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/json; charset=utf-8
|
|
| use.fontawesome.com/releases/v5.12.1/css/all.css | 172.67.142.245 | 200 OK | 23 kB |
URL GET HTTP/2use.fontawesome.com/releases/v5.12.1/css/all.css IP172.67.142.245:443
Requested byhttp://54.190.205.230/login/index.php CertificateIssuerCloudflare, Inc. Subjectuse.fontawesome.com FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78 ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT
File typeASCII text, with very long lines (57147) Hash2a0e11a7655cf7af50d9152727c134ef 136e6626dc83d228b50416249fe05864ab065e40 9a680b90260b5106d79f4075491ab31daafa7429eff686453c40b58357309649
GET /releases/v5.12.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 19:39:31 GMT
content-type: text/css
cache-control: max-age=31556926
etag: W/"2a0e11a7655cf7af50d9152727c134ef"
last-modified: Fri, 22 Sep 2023 01:45:05 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 2265954
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rMwW9cOvwDE9U9WusoyVga%2B1wQ4CyMqJyu%2Fwk7WxX6TjrNfc4IjRnb69eDg6Xne%2Bb%2FhMZVxvY3GO%2Fx2ImGelXZon%2B66oE9bCqKGgHMbtO0egDTePHutfO3Jx76zhv9fFWnfCaLfG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a90a123b970b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.plyr.io/3.6.4/plyr.js | 104.27.195.88 | 200 OK | 120 kB |
URL GET HTTP/2cdn.plyr.io/3.6.4/plyr.js IP104.27.195.88:443
Requested byhttp://54.190.205.230/login/index.php CertificateIssuerCloudflare, Inc. Subjectcdn.plyr.io Fingerprint82:12:FB:B3:64:22:F5:22:7D:BA:01:9C:97:81:CF:4F:55:01:08:95 ValidityMon, 11 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size120 kB (119461 bytes) Hashacb80fe0b1360d9ced917c16f6ef7a4a 74b19a7070b613b837471abe2102b43c5d064a54 185eba1d38f44850f08ac5b08f3804f664e16d4bfcf2182577c36d492c23a94d
GET /3.6.4/plyr.js HTTP/1.1
Host: cdn.plyr.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 19:39:31 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-bgj: minify
cf-polished: origSize=119511
etag: W/"7ac59fc890b8b444e190169962a84cb7"
last-modified: Thu, 20 Apr 2023 10:33:43 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 13089220
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=77fnmkz1oTNrJSesX8wld9VnGpEeIaUKSDu8xl5AZLcVDeVNTltok7oW1lywCbv1VQeAfKmRLKBHmKL4ahpChNg0dMwXW8zlxlL1%2F18tdlmAckd0E%2FRRoK5R5cug"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a90a128b9d56ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| use.fontawesome.com/releases/v5.12.1/css/v4-shims.css | 172.67.142.245 | 200 OK | 27 kB |
URL GET HTTP/2use.fontawesome.com/releases/v5.12.1/css/v4-shims.css IP172.67.142.245:443
Requested byhttp://54.190.205.230/login/index.php CertificateIssuerCloudflare, Inc. Subjectuse.fontawesome.com FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78 ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT
File typeASCII text, with very long lines (26516) Hash6fe7c40e87191b9412c88e67a9a7e29d 8dc20ef4267a6ce637e390700e07926a596002a3 c198d1e767f39e0d69247c31e1a57600edf2c93397adc0d6ee306926d4f0571c
GET /releases/v5.12.1/css/v4-shims.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://54.190.205.230/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 19:39:31 GMT
content-type: text/css
cache-control: max-age=31556926
etag: W/"6fe7c40e87191b9412c88e67a9a7e29d"
last-modified: Fri, 22 Sep 2023 01:45:05 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 2675028
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X%2BKzUfyBf24qv948uWClHieknRbIJhGdCP1cXZXNnP6cbj%2FENKrAoQIhT2q731v%2B%2ByeDP7a3BL0zgLr2Y5OMKRi4vr5qts3AwL5z9NFYyc%2FKkooMfl%2BJwQrvleuboMSwOY%2FLzd8A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a90a123b9a0b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ka-p.fontawesome.com/releases/v6.4.0/css/pro.min.css?token=5f43caf39d | 172.64.147.188 | 200 OK | 888 kB |
URL GET HTTP/2ka-p.fontawesome.com/releases/v6.4.0/css/pro.min.css?token=5f43caf39d IP172.64.147.188:443
Requested byhttp://54.190.205.230/login/index.php CertificateIssuerDigiCert Inc Subject*.fontawesome.com Fingerprint93:F9:69:8C:73:B0:08:60:65:F3:39:41:39:66:D3:2B:78:3A:6E:3D ValidityMon, 04 Dec 2023 00:00:00 GMT - Fri, 03 Jan 2025 23:59:59 GMT
File typeASCII text, with very long lines (65364) Size888 kB (887948 bytes) Hash582ce773026c613d30d565718005ee8a c56421a8e5d95792a174ded74c3f477798785bf8 fe0d7ff5c1b94b9efefbc1903a465c7d8bb345da51aaa13a93a55f9f7eff5b86
GET /releases/v6.4.0/css/pro.min.css?token=5f43caf39d HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://54.190.205.230/
Origin: http://54.190.205.230
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 19:39:33 GMT
content-type: text/css
content-length: 200704
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "641cc4b2-31000"
last-modified: Thu, 23 Mar 2023 21:29:22 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 87a90a1a0d56b4f9-OSL
X-Firefox-Spdy: h2
|
|
0.0.0.0