132.247.132.19/plan2020/moodle/mod/assign/view.php?id=1060
303 See Other 451 B URL User Request GET HTTP/1.1 132.247.132.19/plan2020/moodle/mod/assign/view.php?id=1060
IP
ASN #278 Universidad Nacional Autonoma de Mexico
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (301)
Hash 1ddc09cde07f45afcce7d94048727929
3a72e3e4062c939cbed56ad04ff24ee8526e1486
b96c4f34e2b03bab25ce6c092b762ea945282742f001974c1cea6cf166514a59
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /plan2020/moodle/mod/assign/view.php?id=1060 HTTP/1.1
Host: 132.247.132.19
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 303 See Other
Date: Sun, 24 Sep 2023 02:12:52 GMT
Server: Apache/2.4.38 (Unix) PHP/7.3.2
X-Powered-By: PHP/7.3.2
Set-Cookie: MoodleSession=i03i0njnjtejfk9njfcvbfnv4e; path=/plan2020/moodle/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: http://132.247.132.19/plan2020/moodle/login/index.php
Content-Language: en
Content-Length: 451
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
132.247.132.19/plan2020/moodle/login/index.php
28 kB URL User Request GET 132.247.132.19/plan2020/moodle/login/index.php
IP
ASN #278 Universidad Nacional Autonoma de Mexico
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (12626)
Hash 35c25ab34ef27beb54e77dce248627a1
27d991e0477d7e2c572d9663cc61571759bc9f02
ca57deb7f6d8f10165ada37194393d78b8cac1d66f0550eaca09c7638a3cf069
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /plan2020/moodle/login/index.php HTTP/1.1
Host: 132.247.132.19
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: MoodleSession=i03i0njnjtejfk9njfcvbfnv4e
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 02:12:52 GMT
Server: Apache/2.4.38 (Unix) PHP/7.3.2
X-Powered-By: PHP/7.3.2
Expires:
Cache-Control: private, pre-check=0, post-check=0, max-age=0, no-transform
Pragma: no-cache
Content-Language: en
Content-Script-Type: text/javascript
Content-Style-Type: text/css
X-UA-Compatible: IE=edge
Accept-Ranges: none
X-Frame-Options: sameorigin
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
132.247.132.19/plan2020/moodle/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.css
200 OK 1.0 kB URL GET HTTP/1.1 132.247.132.19/plan2020/moodle/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.css
IP
ASN #278 Universidad Nacional Autonoma de Mexico
Requested by http://132.247.132.19/plan2020/moodle/login/index.php
File type ASCII text, with very long lines (1997)
Hash 9e03061f29f09f46cf9044069c3dda60
5968473a726192b31c0cb8b5030114ee4c4d62ac
f74109e28e5816fcb7708acb4e8fa7dcb6de37b4c9e4c498ee56bf261978030a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /plan2020/moodle/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.css HTTP/1.1
Host: 132.247.132.19
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://132.247.132.19/plan2020/moodle/login/index.php
Cookie: MoodleSession=i03i0njnjtejfk9njfcvbfnv4e
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 02:12:53 GMT
Server: Apache/2.4.38 (Unix) PHP/7.3.2
X-Powered-By: PHP/7.3.2
Content-Disposition: inline; filename="combo"
Last-Modified: Thu, 28 Feb 2019 17:51:48 GMT
Expires: Wed, 18 Sep 2024 02:12:53 GMT
Pragma:
Cache-Control: public, max-age=31104000, immutable
Accept-Ranges: none
Etag: "b9bc567c469e2872cf3bbb14603342a72de2509b"
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 1043
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css;charset=UTF-8
132.247.132.19/plan2020/moodle/lib/javascript.php/1642092576/lib/requirejs/require.min.js
200 OK 6.5 kB URL GET HTTP/1.1 132.247.132.19/plan2020/moodle/lib/javascript.php/1642092576/lib/requirejs/require.min.js
IP
ASN #278 Universidad Nacional Autonoma de Mexico
Requested by http://132.247.132.19/plan2020/moodle/login/index.php
File type ASCII text, with very long lines (17535), with no line terminators
Hash a11263771490c9f78221df8ea1b25f0b
a3265f7cd869146b8b55252f8f7d6d8073a34e6c
4b9f572393f50aa7fd63ba6ac5d3b39c1a4ee71e27766757a76821418c040650
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /plan2020/moodle/lib/javascript.php/1642092576/lib/requirejs/require.min.js HTTP/1.1
Host: 132.247.132.19
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://132.247.132.19/plan2020/moodle/login/index.php
Cookie: MoodleSession=i03i0njnjtejfk9njfcvbfnv4e
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 02:12:53 GMT
Server: Apache/2.4.38 (Unix) PHP/7.3.2
X-Powered-By: PHP/7.3.2
Etag: "99065e2e29bfc1519d6771dbb0a641fc847efa3d"
Content-Disposition: inline; filename="javascript.php"
Last-Modified: Thu, 13 Jan 2022 16:49:37 GMT
Expires: Sat, 23 Dec 2023 02:12:53 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 6531
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript; charset=utf-8
132.247.132.19/plan2020/moodle/lib/javascript.php/1642092576/lib/javascript-static.js
200 OK 6.8 kB URL GET HTTP/1.1 132.247.132.19/plan2020/moodle/lib/javascript.php/1642092576/lib/javascript-static.js
IP
ASN #278 Universidad Nacional Autonoma de Mexico
Requested by http://132.247.132.19/plan2020/moodle/login/index.php
File type HTML document, ASCII text, with very long lines (1875)
Hash 453a31b8b4a22f14ecfd363355b2382c
b2c02627ab350d9aef14fcec96a12f8f488cf201
449723b1d16bcd4fd32e34bcbd8f41a2ff7cfe84b939740a9417f71dd4f61479
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /plan2020/moodle/lib/javascript.php/1642092576/lib/javascript-static.js HTTP/1.1
Host: 132.247.132.19
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://132.247.132.19/plan2020/moodle/login/index.php
Cookie: MoodleSession=i03i0njnjtejfk9njfcvbfnv4e
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 02:12:53 GMT
Server: Apache/2.4.38 (Unix) PHP/7.3.2
X-Powered-By: PHP/7.3.2
Etag: "f4f11a41685b695214e9873d0e5b8649e4001433"
Content-Disposition: inline; filename="javascript.php"
Last-Modified: Thu, 13 Jan 2022 16:49:50 GMT
Expires: Sat, 23 Dec 2023 02:12:53 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 6779
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript; charset=utf-8
132.247.132.19/plan2020/moodle/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.js
200 OK 84 kB URL GET HTTP/1.1 132.247.132.19/plan2020/moodle/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.js
IP
ASN #278 Universidad Nacional Autonoma de Mexico
Requested by http://132.247.132.19/plan2020/moodle/login/index.php
File type ASCII text, with very long lines (6010)
Hash 8039fd714b58260199b364107c92bff6
3776c202a78a99e5eeaafbdc7d8ad61acee3af1d
13eaaadfa414f262b7964320054bb2b322b9ef9f3522bc25c9d60dc83b5141cf
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /plan2020/moodle/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.js HTTP/1.1
Host: 132.247.132.19
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://132.247.132.19/plan2020/moodle/login/index.php
Cookie: MoodleSession=i03i0njnjtejfk9njfcvbfnv4e
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 02:12:53 GMT
Server: Apache/2.4.38 (Unix) PHP/7.3.2
X-Powered-By: PHP/7.3.2
Content-Disposition: inline; filename="combo"
Last-Modified: Thu, 28 Feb 2019 17:51:48 GMT
Expires: Wed, 18 Sep 2024 02:12:53 GMT
Pragma:
Cache-Control: public, max-age=31104000, immutable
Accept-Ranges: none
Etag: "78581a0bac8a932effb32db3e91e0f2f2b47c08e"
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
132.247.132.19/plan2020/moodle/theme/styles.php/moove/1642180840_1/all
200 OK 132 kB URL GET HTTP/1.1 132.247.132.19/plan2020/moodle/theme/styles.php/moove/1642180840_1/all
IP
ASN #278 Universidad Nacional Autonoma de Mexico
Requested by http://132.247.132.19/plan2020/moodle/login/index.php
File type Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
Size 132 kB (131620 bytes)
Hash 8240365a8bea8bbb11accb990858d71a
b92929fc029abce35bb057157045146df5a489b2
e03f5e19af5a9ba7b26dbb0947d8f230f7e8ef101f3d6d0ce208dbde8cfc4d71
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /plan2020/moodle/theme/styles.php/moove/1642180840_1/all HTTP/1.1
Host: 132.247.132.19
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://132.247.132.19/plan2020/moodle/login/index.php
Cookie: MoodleSession=i03i0njnjtejfk9njfcvbfnv4e
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 02:12:53 GMT
Server: Apache/2.4.38 (Unix) PHP/7.3.2
X-Powered-By: PHP/7.3.2
Etag: "14aecf661d9c54da479fcf35c51a730dd4158deb"
Content-Disposition: inline; filename="styles.php"
Last-Modified: Fri, 14 Jan 2022 17:20:47 GMT
Expires: Sat, 23 Dec 2023 02:12:53 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css; charset=utf-8
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
200 OK 7.9 kB URL GET HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
IP
Requested by http://132.247.132.19/plan2020/moodle/login/index.php
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27
ValidityMon, 04 Sep 2023 08:23:09 GMT - Mon, 27 Nov 2023 08:23:08 GMT
File type Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Hash 9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://132.247.132.19
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 21 Sep 2023 15:18:26 GMT
expires: Fri, 20 Sep 2024 15:18:26 GMT
cache-control: public, max-age=31536000
age: 216870
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
132.247.132.19/plan2020/moodle/pluginfile.php/1/theme_moove/logo/1642180840/logo_ded_horizontal.png
200 OK 13 kB URL GET HTTP/1.1 132.247.132.19/plan2020/moodle/pluginfile.php/1/theme_moove/logo/1642180840/logo_ded_horizontal.png
IP
ASN #278 Universidad Nacional Autonoma de Mexico
Requested by http://132.247.132.19/plan2020/moodle/login/index.php
File type PNG image data, 517 x 245, 8-bit/color RGBA, non-interlaced\012- data
Hash db1a72dba4b4dfa44bb65f146af46073
5072fbef1c9d93a52e08dc7ba32b54955f0aebeb
835344e4c7b4917b78305e09fed76f13bbc42fd240a78f4fce212312da954672
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /plan2020/moodle/pluginfile.php/1/theme_moove/logo/1642180840/logo_ded_horizontal.png HTTP/1.1
Host: 132.247.132.19
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://132.247.132.19/plan2020/moodle/login/index.php
Cookie: MoodleSession=i03i0njnjtejfk9njfcvbfnv4e
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 02:12:54 GMT
Server: Apache/2.4.38 (Unix) PHP/7.3.2
X-Powered-By: PHP/7.3.2
Expires: Thu, 23 Nov 2023 02:12:54 GMT
Cache-Control: public, max-age=5184000, no-transform
Pragma:
Content-Disposition: inline; filename="logo_ded_horizontal.png"
Last-Modified: Thu, 13 Jan 2022 16:56:38 GMT
Etag: "5072fbef1c9d93a52e08dc7ba32b54955f0aebeb"
Accept-Ranges: bytes
Content-Length: 12661
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
132.247.132.19/plan2020/moodle/theme/yui_combo.php?m/1642092576/core/event/event-min.js&m/1642092576/filter_mathjaxloader/loader/loader-min.js
200 OK 825 B URL GET HTTP/1.1 132.247.132.19/plan2020/moodle/theme/yui_combo.php?m/1642092576/core/event/event-min.js&m/1642092576/filter_mathjaxloader/loader/loader-min.js
IP
ASN #278 Universidad Nacional Autonoma de Mexico
Requested by http://132.247.132.19/plan2020/moodle/login/index.php
File type ASCII text, with very long lines (1374)
Hash 940e096d4880e70ba00dfca4faf52d76
ae7592d75c3a63c04813812c83f5ba898af377a0
cac10be6dad14d35e38b41c9c1238ced63676b3165529ae4f8aaa2b88577ed67
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /plan2020/moodle/theme/yui_combo.php?m/1642092576/core/event/event-min.js&m/1642092576/filter_mathjaxloader/loader/loader-min.js HTTP/1.1
Host: 132.247.132.19
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://132.247.132.19/plan2020/moodle/login/index.php
Cookie: MoodleSession=i03i0njnjtejfk9njfcvbfnv4e
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 02:12:54 GMT
Server: Apache/2.4.38 (Unix) PHP/7.3.2
X-Powered-By: PHP/7.3.2
Content-Disposition: inline; filename="combo"
Last-Modified: Thu, 28 Feb 2019 17:51:48 GMT
Expires: Wed, 18 Sep 2024 02:12:54 GMT
Pragma:
Cache-Control: public, max-age=31104000, immutable
Accept-Ranges: none
Etag: "0d56d059f9ec1ea7dfe019a63444e187846939db"
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 825
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
132.247.132.19/plan2020/moodle/theme/font.php/moove/core/1642180840/fontawesome-webfont.woff2?v=4.7.0
200 OK 77 kB URL GET HTTP/1.1 132.247.132.19/plan2020/moodle/theme/font.php/moove/core/1642180840/fontawesome-webfont.woff2?v=4.7.0
IP
ASN #278 Universidad Nacional Autonoma de Mexico
Requested by http://132.247.132.19/plan2020/moodle/login/index.php
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /plan2020/moodle/theme/font.php/moove/core/1642180840/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: 132.247.132.19
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://132.247.132.19/plan2020/moodle/theme/styles.php/moove/1642180840_1/all
Cookie: MoodleSession=i03i0njnjtejfk9njfcvbfnv4e
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 02:12:54 GMT
Server: Apache/2.4.38 (Unix) PHP/7.3.2
X-Powered-By: PHP/7.3.2
Etag: "14f3c1f47ef57eb6326743bdba46b240ab1211b2"
Content-Disposition: inline; filename="fontawesome-webfont.woff2"
Last-Modified: Fri, 14 Jan 2022 17:20:47 GMT
Expires: Sat, 23 Dec 2023 02:12:54 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Length: 77160
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/font-woff2
132.247.132.19/plan2020/moodle/pluginfile.php/1/theme_moove/favicon/1642180840/favicon.ico
200 OK 25 kB URL GET HTTP/1.1 132.247.132.19/plan2020/moodle/pluginfile.php/1/theme_moove/favicon/1642180840/favicon.ico
IP
ASN #278 Universidad Nacional Autonoma de Mexico
Requested by http://132.247.132.19/plan2020/moodle/login/index.php
File type MS Windows icon resource - 1 icon, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel\012- data
Hash 39fa32af8e057a2b99da0d5189dfb520
dafcb5ae4ac3578a6393b4500ffb9d96c8967245
1a8fd5ac3814f6a21ef6a6a8708df2b64b16626d25632fec36edc15159ff4455
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /plan2020/moodle/pluginfile.php/1/theme_moove/favicon/1642180840/favicon.ico HTTP/1.1
Host: 132.247.132.19
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://132.247.132.19/plan2020/moodle/login/index.php
Cookie: MoodleSession=i03i0njnjtejfk9njfcvbfnv4e
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 02:12:55 GMT
Server: Apache/2.4.38 (Unix) PHP/7.3.2
X-Powered-By: PHP/7.3.2
Expires: Thu, 23 Nov 2023 02:12:55 GMT
Cache-Control: public, max-age=5184000, no-transform
Pragma:
Content-Disposition: inline; filename="favicon.ico"
Last-Modified: Thu, 13 Jan 2022 16:56:38 GMT
Etag: "dafcb5ae4ac3578a6393b4500ffb9d96c8967245"
Accept-Ranges: bytes
Content-Length: 25310
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/vnd.microsoft.icon
132.247.132.19/plan2020/moodle/pluginfile.php/1/theme_moove/loginbgimg/1642180840/hammer-gdfc525da0_1920.jpg
200 OK 300 kB URL GET HTTP/1.1 132.247.132.19/plan2020/moodle/pluginfile.php/1/theme_moove/loginbgimg/1642180840/hammer-gdfc525da0_1920.jpg
IP
ASN #278 Universidad Nacional Autonoma de Mexico
Requested by http://132.247.132.19/plan2020/moodle/login/index.php
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1440, components 3\012- data
Size 300 kB (300109 bytes)
Hash 94a553daf2de8eba4cd3ae153aa8ce65
9ccca1c9d334ea902369ff56670b319ef0b8281c
ca500c853f0845b824b3a73543002fcad7ba4a89cfb5b657f291aa91edbf6189
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /plan2020/moodle/pluginfile.php/1/theme_moove/loginbgimg/1642180840/hammer-gdfc525da0_1920.jpg HTTP/1.1
Host: 132.247.132.19
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://132.247.132.19/plan2020/moodle/theme/styles.php/moove/1642180840_1/all
Cookie: MoodleSession=i03i0njnjtejfk9njfcvbfnv4e
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 02:12:54 GMT
Server: Apache/2.4.38 (Unix) PHP/7.3.2
X-Powered-By: PHP/7.3.2
Expires: Thu, 23 Nov 2023 02:12:54 GMT
Cache-Control: public, max-age=5184000, no-transform
Pragma:
Content-Disposition: inline; filename="hammer-gdfc525da0_1920.jpg"
Last-Modified: Thu, 13 Jan 2022 17:15:12 GMT
Etag: "9ccca1c9d334ea902369ff56670b319ef0b8281c"
Accept-Ranges: bytes
Content-Length: 300109
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/jpeg
132.247.132.19/plan2020/moodle/lib/requirejs.php/1642092576/core/first.js
200 OK 313 kB URL GET HTTP/1.1 132.247.132.19/plan2020/moodle/lib/requirejs.php/1642092576/core/first.js
IP
ASN #278 Universidad Nacional Autonoma de Mexico
Requested by http://132.247.132.19/plan2020/moodle/login/index.php
File type ASCII text, with very long lines (10637)
Size 313 kB (312562 bytes)
Hash cebd922dae2c7fe2883edc9efeae8ddd
be5a479b370eadce8e8746d7d0db486f6edc644e
842309dfcabb828265af9f4d51ef135b6fbe479bca0954f1d95c8542c82c1d70
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /plan2020/moodle/lib/requirejs.php/1642092576/core/first.js HTTP/1.1
Host: 132.247.132.19
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://132.247.132.19/plan2020/moodle/login/index.php
Cookie: MoodleSession=i03i0njnjtejfk9njfcvbfnv4e
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 02:12:54 GMT
Server: Apache/2.4.38 (Unix) PHP/7.3.2
X-Powered-By: PHP/7.3.2
Etag: "7a4eee274da9990ab04c77e57960cdd87da42591"
Content-Disposition: inline; filename="requirejs.php"
Last-Modified: Thu, 13 Jan 2022 16:49:42 GMT
Expires: Sat, 23 Dec 2023 02:12:54 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=utf-8
132.247.132.19/plan2020/moodle/lib/javascript.php/1642092576/lib/jquery/jquery-3.2.1.min.js
200 OK 30 kB URL GET HTTP/1.1 132.247.132.19/plan2020/moodle/lib/javascript.php/1642092576/lib/jquery/jquery-3.2.1.min.js
IP
ASN #278 Universidad Nacional Autonoma de Mexico
Requested by http://132.247.132.19/plan2020/moodle/login/index.php
File type ASCII text, with very long lines (65536), with no line terminators
Hash f995371cc1232f7810fef886ad18fc1e
dbeeca76e522c0abfd9c9ea85a02ed82e66c4bfd
4d8b560b0de451450b378976aadf95623e77714bfdcddf7a4602332d2c98d394
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /plan2020/moodle/lib/javascript.php/1642092576/lib/jquery/jquery-3.2.1.min.js HTTP/1.1
Host: 132.247.132.19
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://132.247.132.19/plan2020/moodle/login/index.php
Cookie: MoodleSession=i03i0njnjtejfk9njfcvbfnv4e
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 02:12:55 GMT
Server: Apache/2.4.38 (Unix) PHP/7.3.2
X-Powered-By: PHP/7.3.2
Etag: "c4d50a1377147fc9c654b1a7a225b2fdd3600831"
Content-Disposition: inline; filename="javascript.php"
Last-Modified: Thu, 13 Jan 2022 16:49:43 GMT
Expires: Sat, 23 Dec 2023 02:12:55 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=utf-8
132.247.132.19/plan2020/moodle/theme/yui_combo.php?3.17.2/event-mousewheel/event-mousewheel-min.js&3.17.2/event-resize/event-resize-min.js&3.17.2/event-hover/event-hover-min.js&3.17.2/event-touch/event-touch-min.js&3.17.2/event-move/event-move-min.js&3.17.2/event-flick/event-flick-min.js&3.17.2/event-valuechange/event-valuechange-min.js&3.17.2/event-tap/event-tap-min.js
200 OK 4.8 kB URL GET HTTP/1.1 132.247.132.19/plan2020/moodle/theme/yui_combo.php?3.17.2/event-mousewheel/event-mousewheel-min.js&3.17.2/event-resize/event-resize-min.js&3.17.2/event-hover/event-hover-min.js&3.17.2/event-touch/event-touch-min.js&3.17.2/event-move/event-move-min.js&3.17.2/event-flick/event-flick-min.js&3.17.2/event-valuechange/event-valuechange-min.js&3.17.2/event-tap/event-tap-min.js
IP
ASN #278 Universidad Nacional Autonoma de Mexico
Requested by http://132.247.132.19/plan2020/moodle/login/index.php
File type ASCII text, with very long lines (3857)
Hash 0151b48e61660bed14bf6acd5bb77210
e096360d7d8819dbbf42e7137ed9e37cdd286700
26d1a45d173703f01ca9bb8be4335bae6005c3bc0a5f78b380ad18fb152b8835
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /plan2020/moodle/theme/yui_combo.php?3.17.2/event-mousewheel/event-mousewheel-min.js&3.17.2/event-resize/event-resize-min.js&3.17.2/event-hover/event-hover-min.js&3.17.2/event-touch/event-touch-min.js&3.17.2/event-move/event-move-min.js&3.17.2/event-flick/event-flick-min.js&3.17.2/event-valuechange/event-valuechange-min.js&3.17.2/event-tap/event-tap-min.js HTTP/1.1
Host: 132.247.132.19
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://132.247.132.19/plan2020/moodle/login/index.php
Cookie: MoodleSession=i03i0njnjtejfk9njfcvbfnv4e
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 02:12:56 GMT
Server: Apache/2.4.38 (Unix) PHP/7.3.2
X-Powered-By: PHP/7.3.2
Content-Disposition: inline; filename="combo"
Last-Modified: Thu, 28 Feb 2019 17:51:48 GMT
Expires: Wed, 18 Sep 2024 02:12:56 GMT
Pragma:
Cache-Control: public, max-age=31104000, immutable
Accept-Ranges: none
Etag: "b24ca831785ba367093f089618e840be511be85d"
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 4808
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
132.247.132.19/plan2020/moodle/lib/ajax/service.php?sesskey=kxmx229WmR&info=core_fetch_notifications
200 OK 246 B URL POST HTTP/1.1 132.247.132.19/plan2020/moodle/lib/ajax/service.php?sesskey=kxmx229WmR&info=core_fetch_notifications
IP
ASN #278 Universidad Nacional Autonoma de Mexico
Requested by http://132.247.132.19/plan2020/moodle/login/index.php
File type JSON data\012- , ASCII text, with no line terminators
Hash 161f31785a5ec579e09c17f6a853aafc
6dc5fbabd174a9eca068998021b4577cb08c85b4
a290e644069252c5a80930c0077502cccaec3b35fcf284c8952ba644a555578f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /plan2020/moodle/lib/ajax/service.php?sesskey=kxmx229WmR&info=core_fetch_notifications HTTP/1.1
Host: 132.247.132.19
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Content-Length: 76
Origin: http://132.247.132.19
DNT: 1
Connection: keep-alive
Referer: http://132.247.132.19/plan2020/moodle/login/index.php
Cookie: MoodleSession=i03i0njnjtejfk9njfcvbfnv4e
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 02:12:56 GMT
Server: Apache/2.4.38 (Unix) PHP/7.3.2
X-Powered-By: PHP/7.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 246
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/json; charset=utf-8
fonts.googleapis.com/css?family=Poppins
200 OK 1.0 kB URL GET HTTP/2 fonts.googleapis.com/css?family=Poppins
IP
Requested by http://132.247.132.19/plan2020/moodle/login/index.php
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintBE:40:3A:A6:DE:CC:A7:8B:75:43:68:F2:F9:56:63:71:49:61:06:49
ValidityMon, 04 Sep 2023 08:23:18 GMT - Mon, 27 Nov 2023 08:23:17 GMT
File type ASCII text, with very long lines (1067), with no line terminators
Hash 32545fc975b576393933a25f5da8aa5c
a33f605674ccece746dcf4d580ed1bd27e879892
e0780a8fccf6fdd30592f814961ad942db762620fb900cb436968b0abf397b5f
GET /css?family=Poppins HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://132.247.132.19/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 24 Sep 2023 03:32:55 GMT
date: Sun, 24 Sep 2023 03:32:55 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
132.247.132.19
216.58.207.227