Report - 149.28.83.180/login/index.php

Report Overview

Visited public
2025-03-04 05:46:16
Tags
URL
149.28.83.180/login/index.php
Finishing URL
149.28.83.180/login/index.php
IP / ASN
149.28.83.180
#20473 AS-VULTR
Title
Log in to the site | Yinson

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-02-26	1.1 kB	80 kB	142.250.74.35
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-02-26	491 B	9.9 kB	142.250.74.10
149.28.83.180	unknown	unknown	No data	No data	13 kB	6.7 MB	149.28.83.180
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2025-02-26	459 B	64 kB	151.101.65.229

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-03-04	medium	149.28.83.180	Sinkholed
2025-03-04	medium	149.28.83.180	Sinkholed
2025-03-04	medium	149.28.83.180	Sinkholed
2025-03-04	medium	149.28.83.180	Sinkholed
2025-03-04	medium	149.28.83.180	Sinkholed
2025-03-04	medium	149.28.83.180	Sinkholed
2025-03-04	medium	149.28.83.180	Sinkholed
2025-03-04	medium	149.28.83.180	Sinkholed
2025-03-04	medium	149.28.83.180	Sinkholed
2025-03-04	medium	149.28.83.180	Sinkholed
2025-03-04	medium	149.28.83.180	Sinkholed
2025-03-04	medium	149.28.83.180	Sinkholed
2025-03-04	medium	149.28.83.180	Sinkholed
2025-03-04	medium	149.28.83.180	Sinkholed
2025-03-04	medium	149.28.83.180	Sinkholed
2025-03-04	medium	149.28.83.180	Sinkholed
2025-03-04	medium	149.28.83.180	Sinkholed
2025-03-04	medium	149.28.83.180	Sinkholed
2025-03-04	medium	149.28.83.180	Sinkholed
2025-03-04	medium	149.28.83.180	Sinkholed
2025-03-04	medium	149.28.83.180	Sinkholed

ThreatFox

No alerts detected

JavaScript (16)

	URL	From	Size	First Seen	Last Seen
	149.28.83.180/login/index.php	ScriptElement	12 kB	2025-03-04	2025-03-04
Pretty URL 149.28.83.180/login/index.php IP 149.28.83.180 ASN #20473 AS-VULTR Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-04 05:46 Last Seen2025-03-04 05:46 Times Seen1 Hash 6d8eae7dc1d9716b3bf4d074eb019770 2ab3a2cf84828a9a951ed39f4b56433d8f7ee0ee f417799b64e14f69b85679c4830e6e1f1233242cc2e56610c0dd742a12b9af87 Loading...

	149.28.83.180/lib/javascript.php/1732820663/lib/jquery/jquery-3.7.1.min.js	ScriptElement	88 kB	2023-10-25	2025-06-23
Pretty URL 149.28.83.180/lib/javascript.php/1732820663/lib/jquery/jquery-3.7.1.min.js IP 149.28.83.180 ASN #20473 AS-VULTR Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-25 14:06 Last Seen2025-06-23 02:05 Times Seen192 Hash be651dac3e3cd5db93a268c39752901a d053afd6198e81c348498f1f7a34ef6ebf2cc9bb 041be83139e222239e7cfb4cc97647382e38bca06b481d5c0aa224af695a8e88 Loading...

	149.28.83.180/login/index.php	ScriptElement	60 B	2023-03-07	2025-06-23
Pretty URL 149.28.83.180/login/index.php IP 149.28.83.180 ASN #20473 AS-VULTR Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:07 Last Seen2025-06-23 02:13 Times Seen1768 Hash dba70bf9335863dea2696ca9da069b01 adfc079c12684d419766c7732c35da693517a7f8 05f515ab150c8852191afb40be55373b5b5337d89d513e48b802293123361798 Loading...

	149.28.83.180/login/index.php	ScriptElement	1.1 kB	2025-03-04	2025-03-04
Pretty URL 149.28.83.180/login/index.php IP 149.28.83.180 ASN #20473 AS-VULTR Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-04 05:46 Last Seen2025-03-04 05:46 Times Seen1 Hash 177744c5f8da958fd838cc387d00a67a f5f65a8040c5617b228039eedbbe22d10e053acd 30e6857b6be31f8f33bbcb6010e44c1fa578fbdac6b3ca83fa67cb5f91ca3b7c Loading...

	149.28.83.180/lib/requirejs.php/1732820663/core/first.js	ScriptElement	3.1 MB	2025-03-04	2025-03-04
Pretty URL 149.28.83.180/lib/requirejs.php/1732820663/core/first.js IP 149.28.83.180 ASN #20473 AS-VULTR Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-04 05:46 Last Seen2025-03-04 05:46 Times Seen1 Hash caf987cd72a5d7711cda69929f540ae9 ad543011e6a0f66cf59c3ef95dae3411d2208fe4 515dd4f5eaa7c543c1ef8e3ef050f3fdf589e5c5696863f1bfe6c780377ff4b8 Loading...

	149.28.83.180/lib/javascript.php/1732820663/lib/polyfills/polyfill.js	ScriptElement	200 kB	2023-04-25	2025-06-23
Pretty URL 149.28.83.180/lib/javascript.php/1732820663/lib/polyfills/polyfill.js IP 149.28.83.180 ASN #20473 AS-VULTR Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-25 16:13 Last Seen2025-06-23 02:05 Times Seen603 Hash 2f910e51a8154ac70aff76b6d14628c0 9f1a5e85ebd61692d7480c11f652cb29735f6d6d 1d6ba14cf4f307b9bbb13d2ad4e4cb5e701add10378e1b785c4c80dba1342170 Loading...

	149.28.83.180/login/index.php	ScriptElement	1.6 kB	2025-03-04	2025-03-04
Pretty URL 149.28.83.180/login/index.php IP 149.28.83.180 ASN #20473 AS-VULTR Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-04 05:46 Last Seen2025-03-04 05:46 Times Seen1 Hash 36b9ade99465952be1de9e13353157df fdda8dc6c2ebfbc5af5fcfe110e1ff98aafaa50d 03ee2abb2fdedc579eb33759bb9874dc088b49c477fd72de7b4d4b0333bc3570 Loading...

	149.28.83.180/login/index.php	Function	37 B	2023-04-11	2025-06-23
Pretty URL 149.28.83.180/login/index.php IP 149.28.83.180 ASN #20473 AS-VULTR Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:31 Last Seen2025-06-23 04:03 Times Seen279258 Hash 29d0c84b9d1d8da446a6062c6a840ad9 6d6b3a6065667c7c50d92f3889c85ed65a9ad784 3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1 Loading...

	149.28.83.180/login/index.php	ScriptElement	1.2 kB	2023-06-13	2025-06-22
Pretty URL 149.28.83.180/login/index.php IP 149.28.83.180 ASN #20473 AS-VULTR Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-13 16:04 Last Seen2025-06-22 15:18 Times Seen166 Hash 3c0b75c53f56b29810acb74b236367ad 5ea16697ca237733ed2d1bf8384356f650422721 218769697b0fb0b73ba4aa068b0902995f7dcd705feab6f796291ba050dba698 Loading...

	149.28.83.180/theme/yui_combo.php?3.18.1/event-mousewheel/event-mousewheel.js&3.18.1/event-resize/event-resize.js&3.18.1/event-hover/event-hover.js&3.18.1/event-touch/event-touch.js&3.18.1/event-move/event-move.js&3.18.1/event-flick/event-flick.js&3.18.1/event-valuechange/event-valuechange.js&3.18.1/event-tap/event-tap.js&m/1732820663/core/event/event-debug.js	ScriptElement	73 kB	2024-08-19	2025-03-18
Pretty URL 149.28.83.180/theme/yui_combo.php?3.18.1/event-mousewheel/event-mousewheel.js&3.18.1/event-resize/event-resize.js&3.18.1/event-hover/event-hover.js&3.18.1/event-touch/event-touch.js&3.18.1/event-move/event-move.js&3.18.1/event-flick/event-flick.js&3.18.1/event-valuechange/event-valuechange.js&3.18.1/event-tap/event-tap.js&m/1732820663/core/event/event-debug.js IP 149.28.83.180 ASN #20473 AS-VULTR Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 18:18 Last Seen2025-03-18 03:48 Times Seen5 Hash d4b7318e09d24fc53b35ef93180400eb 8ce89fe81aac6af312cbe257788ed483cc2afce4 f3955529f1814b3de295e006c8e40b6f673b6116ddba8bc7aaac732c6ec17421 Loading...

	149.28.83.180/login/index.php	Function	37 B	2023-04-11	2025-06-23
Pretty URL 149.28.83.180/login/index.php IP 149.28.83.180 ASN #20473 AS-VULTR Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:31 Last Seen2025-06-23 04:03 Times Seen279258 Hash 29d0c84b9d1d8da446a6062c6a840ad9 6d6b3a6065667c7c50d92f3889c85ed65a9ad784 3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1 Loading...

	149.28.83.180/theme/yui_combo.php?rollup/3.18.1/yui-moodlesimple.js	ScriptElement	1.3 MB	2023-10-13	2025-05-29
Pretty URL 149.28.83.180/theme/yui_combo.php?rollup/3.18.1/yui-moodlesimple.js IP 149.28.83.180 ASN #20473 AS-VULTR Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 02:20 Last Seen2025-05-29 23:32 Times Seen15 Hash 0c49347e5b656f121131ebffb485e607 8cc9c9ce08df808cd2ac420e903a740c80b8be12 8ca40eeed1dc2a18e4987c9b69b5c337d225e7c2ee7b323b16b4b4e24d37d757 Loading...

	149.28.83.180/lib/javascript.php/1732820663/lib/javascript-static.js	ScriptElement	21 kB	2023-10-25	2025-06-07
Pretty URL 149.28.83.180/lib/javascript.php/1732820663/lib/javascript-static.js IP 149.28.83.180 ASN #20473 AS-VULTR Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-25 14:06 Last Seen2025-06-07 11:07 Times Seen92 Hash 145641dd59840a5089f62756a25a8628 9dbe1d2d9b9b7b1ab5baa7d664833758ae4ec841 97182c5bd5c540168c6953c3737dedd4ea366e1d15c75730ac41cc2aa3341320 Loading...

	149.28.83.180/lib/javascript.php/1732820663/lib/requirejs/require.min.js	ScriptElement	18 kB	2023-03-07	2025-06-23
Pretty URL 149.28.83.180/lib/javascript.php/1732820663/lib/requirejs/require.min.js IP 149.28.83.180 ASN #20473 AS-VULTR Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07 Last Seen2025-06-23 02:05 Times Seen1278 Hash 1f53ac504f7e69a6df96140eed2d4df2 da00136dd3fd0ccab626d7555ccb5fdf1c096fad 9ce0dbd6a1df9332653e27d1ddc505c5b78fd82b4112de0ec63840c3fbe0b8c2 Loading...

	149.28.83.180/login/index.php	ScriptElement	218 B	2025-03-04	2025-03-04
Pretty URL 149.28.83.180/login/index.php IP 149.28.83.180 ASN #20473 AS-VULTR Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-04 05:46 Last Seen2025-03-04 05:46 Times Seen1 Hash 5bb677746073a2b9954fbe5558da5ceb 775327c7c8ca9734368fddf9d90280315950bdce d2ec7a3495595131a70588aca1c7283adb959a1069d3796a50b1b7f297ec6ee9 Loading...

	cdn.jsdelivr.net/npm/mathjax@2.7.9/MathJax.js?delayStartupUntil=configured	ScriptElement	64 kB	2023-03-08	2025-06-23
Pretty URL cdn.jsdelivr.net/npm/mathjax@2.7.9/MathJax.js?delayStartupUntil=configured IP 151.101.65.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:19 Last Seen2025-06-23 02:05 Times Seen311 Hash b2c103388b71bb3d11cbf9aa45fe9b68 e1d274251fb7ddcac75934d25acaa2dd850fdf77 0d588838c61dc2533f6b1aa81833de5327f4bab2e81cc3784000812b2079f14c Loading...

HTTP Transactions (25)

URL IP Response Size

GET 149.28.83.180/pluginfile.php/1/theme_moove/logo/1732820663/Logo_Full.png

149.28.83.180

200 OK

51 kB

URL GET
149.28.83.180/pluginfile.php/1/theme_moove/logo/1732820663/Logo_Full.png
IP
149.28.83.180:80
ASN
#20473 AS-VULTR

Requested by
http://149.28.83.180/login/index.php

File type
PNG image data, 1024 x 409, 8-bit/color RGBA, non-interlaced
Size
51 kB (51164 bytes)
Hash
665ba791da96bf5bbc2dd09a77abcf75
1591b0dbe2c84cc8ca7a9484c1b5695a4ce4ec5c
a3b3b19edf37b12d1fc1ed91bfb04bf4723caf444aa695fc2583aeed4aca45fa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pluginfile.php/1/theme_moove/logo/1732820663/Logo_Full.png HTTP/1.1
Host: 149.28.83.180
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://149.28.83.180/login/index.php
Cookie: MoodleSession=kv29t86nhq37tegqcrql4hu8db
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.26.0
Date: Tue, 04 Mar 2025 05:45:59 GMT
Content-Type: image/png
Content-Length: 51164
Connection: keep-alive
Content-Disposition: inline; filename="Logo_Full.png"
Cache-Control: public, max-age=5184000, no-transform
Expires: Sat, 03 May 2025 05:45:59 GMT
Pragma: 
Etag: "1591b0dbe2c84cc8ca7a9484c1b5695a4ce4ec5c"
Accept-Ranges: bytes
Last-Modified: Wed, 13 Nov 2024 19:06:20 GMT

GET 149.28.83.180/lib/javascript.php/1732820663/lib/requirejs/require.min.js

149.28.83.180

200 OK

18 kB

URL GET
149.28.83.180/lib/javascript.php/1732820663/lib/requirejs/require.min.js
IP
149.28.83.180:80
ASN
#20473 AS-VULTR

Requested by
http://149.28.83.180/login/index.php

File type
JavaScript source, ASCII text, with very long lines (17535)
Size
18 kB (17737 bytes)
Hash
1f53ac504f7e69a6df96140eed2d4df2
da00136dd3fd0ccab626d7555ccb5fdf1c096fad
9ce0dbd6a1df9332653e27d1ddc505c5b78fd82b4112de0ec63840c3fbe0b8c2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lib/javascript.php/1732820663/lib/requirejs/require.min.js HTTP/1.1
Host: 149.28.83.180
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://149.28.83.180/login/index.php
Cookie: MoodleSession=kv29t86nhq37tegqcrql4hu8db
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.26.0
Date: Tue, 04 Mar 2025 05:45:57 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "36b8960a74798e38c2e25af8efc75532fcf2c3b0"
Content-Disposition: inline; filename="javascript.php"
Last-Modified: Thu, 28 Nov 2024 19:04:24 GMT
Expires: Mon, 02 Jun 2025 05:45:57 GMT
Pragma: 
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding

GET cdn.jsdelivr.net/npm/mathjax@2.7.9/MathJax.js?delayStartupUntil=configured

151.101.65.229

200 OK

64 kB

URL GET
cdn.jsdelivr.net/npm/mathjax@2.7.9/MathJax.js?delayStartupUntil=configured
IP
151.101.65.229:443
ASN
#54113 FASTLY

Requested by
http://149.28.83.180/login/index.php
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint6C:45:F5:9E:D3:37:60:0B:9C:A8:28:29:A4:E6:41:33:BB:2E:76:5C
ValidityTue, 30 Jul 2024 15:36:05 GMT - Sun, 31 Aug 2025 15:36:04 GMT

File type
JavaScript source, ASCII text, with very long lines (62853)
Size
64 kB (63499 bytes)
Hash
b2c103388b71bb3d11cbf9aa45fe9b68
e1d274251fb7ddcac75934d25acaa2dd850fdf77
0d588838c61dc2533f6b1aa81833de5327f4bab2e81cc3784000812b2079f14c

HTTP Headers

GET /npm/mathjax@2.7.9/MathJax.js?delayStartupUntil=configured HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://149.28.83.180/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.7.9
x-jsd-version-type: version
etag: W/"f80b-4dJ0JR+33crHWTTSWsqi3YUP33c"
content-encoding: br
accept-ranges: bytes
date: Tue, 04 Mar 2025 05:45:57 GMT
age: 2213906
x-served-by: cache-fra-etou8220067-FRA, cache-hel1410032-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 18509
X-Firefox-Spdy: h2

POST 149.28.83.180/lib/ajax/service.php?sesskey=6GrpzXvJJ9&info=media_videojs_get_language

149.28.83.180

200 OK

4.9 kB

URL POST
149.28.83.180/lib/ajax/service.php?sesskey=6GrpzXvJJ9&info=media_videojs_get_language
IP
149.28.83.180:80
ASN
#20473 AS-VULTR

Requested by
http://149.28.83.180/login/index.php

File type
ASCII text, with very long lines (5793), with no line terminators
Size
4.9 kB (4930 bytes)
Hash
bb1a93b7c48c04a95f9f63b26074f76f
cf9b7de2e1877c09a491d8fda7553efcb366b0b4
c728d049832738006f37469e5215ed2778cc33c34a86e385fa83491595a3c401

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /lib/ajax/service.php?sesskey=6GrpzXvJJ9&info=media_videojs_get_language HTTP/1.1
Host: 149.28.83.180
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Content-Length: 76
Origin: http://149.28.83.180
DNT: 1
Connection: keep-alive
Referer: http://149.28.83.180/login/index.php
Cookie: MoodleSession=kv29t86nhq37tegqcrql4hu8db
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.26.0
Date: Tue, 04 Mar 2025 05:46:01 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache

GET 149.28.83.180/lib/ajax/service-nologin.php?info=core_output_load_template_with_dependencies&cachekey=1732820663&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22form_input_toggle_sensitive%22%2C%22themename%22%3A%22moove%22%2C%22lang%22%3A%22en%22%7D%7D%5D

149.28.83.180

200 OK

608 B

URL GET
149.28.83.180/lib/ajax/service-nologin.php?info=core_output_load_template_with_dependencies&cachekey=1732820663&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22form_input_toggle_sensitive%22%2C%22themename%22%3A%22moove%22%2C%22lang%22%3A%22en%22%7D%7D%5D
IP
149.28.83.180:80
ASN
#20473 AS-VULTR

Requested by
http://149.28.83.180/login/index.php

File type
ASCII text, with very long lines (677), with no line terminators
Size
608 B (608 bytes)
Hash
0f3ac0e33f8e93d605a4bc3e9a2c4d1a
7521fd88a8ddba551efd07b6609e2e7facb5d6c1
86dc3edb2805ff0d6faa62b56edc2dda90ad8411d1a379de8fdb5d2fbdebce6d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lib/ajax/service-nologin.php?info=core_output_load_template_with_dependencies&cachekey=1732820663&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22form_input_toggle_sensitive%22%2C%22themename%22%3A%22moove%22%2C%22lang%22%3A%22en%22%7D%7D%5D HTTP/1.1
Host: 149.28.83.180
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://149.28.83.180/login/index.php
Cookie: MoodleSession=kv29t86nhq37tegqcrql4hu8db
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.26.0
Date: Tue, 04 Mar 2025 05:46:01 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 02 Jun 2025 05:46:01 GMT
Pragma: 
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none

GET 149.28.83.180/lib/ajax/service-nologin.php?info=core_output_load_template_with_dependencies&cachekey=1732820663&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22pix_icon_fontawesome%22%2C%22themename%22%3A%22moove%22%2C%22lang%22%3A%22en%22%7D%7D%5D

149.28.83.180

200 OK

502 B

URL GET
149.28.83.180/lib/ajax/service-nologin.php?info=core_output_load_template_with_dependencies&cachekey=1732820663&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22pix_icon_fontawesome%22%2C%22themename%22%3A%22moove%22%2C%22lang%22%3A%22en%22%7D%7D%5D
IP
149.28.83.180:80
ASN
#20473 AS-VULTR

Requested by
http://149.28.83.180/login/index.php

File type
ASCII text, with very long lines (567), with no line terminators
Size
502 B (502 bytes)
Hash
0be3ed2f0749b342d864438bee088758
b98175581c1db066604e1b218e70b257c794f0b6
4ac7a4dab4e11711926782ba79353d70ea734b67fec4ce1ab61747b81ddc0374

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lib/ajax/service-nologin.php?info=core_output_load_template_with_dependencies&cachekey=1732820663&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22pix_icon_fontawesome%22%2C%22themename%22%3A%22moove%22%2C%22lang%22%3A%22en%22%7D%7D%5D HTTP/1.1
Host: 149.28.83.180
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://149.28.83.180/login/index.php
Cookie: MoodleSession=kv29t86nhq37tegqcrql4hu8db
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.26.0
Date: Tue, 04 Mar 2025 05:46:01 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 02 Jun 2025 05:46:01 GMT
Pragma: 
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none

GET 149.28.83.180/login/index.php

149.28.83.180

200 OK

24 kB

URL User Request GET
149.28.83.180/login/index.php
IP
149.28.83.180:80
ASN
#20473 AS-VULTR

File type

Size
24 kB (23804 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login/index.php HTTP/1.1
Host: 149.28.83.180
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.26.0
Date: Tue, 04 Mar 2025 05:45:57 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: MoodleSession=kv29t86nhq37tegqcrql4hu8db; path=/; HttpOnly
Content-Language: en
Content-Script-Type: text/javascript
Content-Style-Type: text/css
X-UA-Compatible: IE=edge
Cache-Control: private, pre-check=0, post-check=0, max-age=0, no-transform
Pragma: no-cache
Expires: 
X-Frame-Options: sameorigin
Content-Encoding: gzip

GET 149.28.83.180/theme/styles.php/moove/1732820663_1/all

149.28.83.180

200 OK

1.5 MB

URL GET
149.28.83.180/theme/styles.php/moove/1732820663_1/all
IP
149.28.83.180:80
ASN
#20473 AS-VULTR

Requested by
http://149.28.83.180/login/index.php

File type

Size
1.5 MB (1529316 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /theme/styles.php/moove/1732820663_1/all HTTP/1.1
Host: 149.28.83.180
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://149.28.83.180/login/index.php
Cookie: MoodleSession=kv29t86nhq37tegqcrql4hu8db
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.26.0
Date: Tue, 04 Mar 2025 05:45:58 GMT
Content-Type: text/css; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "f28d30f7d68d1934c517a47d38565c49465b3df6"
Content-Disposition: inline; filename="styles.php"
Last-Modified: Thu, 28 Nov 2024 19:04:28 GMT
Expires: Mon, 02 Jun 2025 05:45:57 GMT
Pragma: 
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding

GET 149.28.83.180/lib/ajax/service-nologin.php?info=6-method-calls&cachekey=1732820663&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22cancel%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22closebuttontitle%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22loading%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22savechanges%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A4%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showless%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A5%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showmore%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22en%22%7D%7D%5D

149.28.83.180

200 OK

211 B

URL GET
149.28.83.180/lib/ajax/service-nologin.php?info=6-method-calls&cachekey=1732820663&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22cancel%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22closebuttontitle%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22loading%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22savechanges%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A4%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showless%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A5%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showmore%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22en%22%7D%7D%5D
IP
149.28.83.180:80
ASN
#20473 AS-VULTR

Requested by
http://149.28.83.180/login/index.php

File type
ASCII text, with no line terminators
Size
211 B (211 bytes)
Hash
6bf31068efd216b74a9425a27d058dbd
c25f8bfae78fdd3410836dc6dea3b17aa0dd9cc4
92a0b6f4f610ceca573002bc1f7a57dd327dea157be3a23184244fc293b20a02

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lib/ajax/service-nologin.php?info=6-method-calls&cachekey=1732820663&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22cancel%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22closebuttontitle%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22loading%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22savechanges%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A4%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showless%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A5%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showmore%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22en%22%7D%7D%5D HTTP/1.1
Host: 149.28.83.180
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://149.28.83.180/login/index.php
Cookie: MoodleSession=kv29t86nhq37tegqcrql4hu8db
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.26.0
Date: Tue, 04 Mar 2025 05:46:02 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 02 Jun 2025 05:46:02 GMT
Pragma: 
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none

GET 149.28.83.180/theme/font.php/moove/core/1732820663/fa-solid-900.woff2

149.28.83.180

200 OK

156 kB

URL GET
149.28.83.180/theme/font.php/moove/core/1732820663/fa-solid-900.woff2
IP
149.28.83.180:80
ASN
#20473 AS-VULTR

Requested by
http://149.28.83.180/login/index.php

File type
Web Open Font Format (Version 2), TrueType, length 156496, version 773.768
Size
156 kB (156496 bytes)
Hash
6c4eee562650e53cee32496bdfbe534b
1aae708e3b94ee981b452a918d28ed037fbb5e18
9fc85f3a4544ab0d570c7f8f9bbb88db8d92c359b2707580ea8b07c75673eae2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /theme/font.php/moove/core/1732820663/fa-solid-900.woff2 HTTP/1.1
Host: 149.28.83.180
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://149.28.83.180/theme/styles.php/moove/1732820663_1/all
Cookie: MoodleSession=kv29t86nhq37tegqcrql4hu8db
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.26.0
Date: Tue, 04 Mar 2025 05:45:59 GMT
Content-Type: font/woff2
Content-Length: 156496
Connection: keep-alive
Etag: "2efe913bcb585b04e92dccba274b71d69a098c5b"
Content-Disposition: inline; filename="fa-solid-900.woff2"
Last-Modified: Thu, 28 Nov 2024 19:08:31 GMT
Expires: Mon, 02 Jun 2025 05:45:59 GMT
Pragma: 
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none

GET 149.28.83.180/pluginfile.php/1/theme_moove/loginbgimg/1732820663/img_2442358_dji_0800.jpg

149.28.83.180

200 OK

61 kB

URL GET
149.28.83.180/pluginfile.php/1/theme_moove/loginbgimg/1732820663/img_2442358_dji_0800.jpg
IP
149.28.83.180:80
ASN
#20473 AS-VULTR

Requested by
http://149.28.83.180/login/index.php

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=10, description=default, manufacturer=Hasselblad, model=L2D-20c, xresolution=162, yresolution=170, resolutionunit=2, software=Adobe Lightroom 7.2 (Windows), datetime=2024:03:18 11:40:44, GPS-Data], baseline, precision 8, 800x450, components 3
Size
61 kB (60908 bytes)
Hash
8583274c7cb94bcc69ed7b46770ebcbb
54ec48c78b258c0fe3d23d53b5d3ccc72065fb94
6b302d203605e9c30e06bea0ea59611a521abc151d3c9be6ac09502bf14214a3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pluginfile.php/1/theme_moove/loginbgimg/1732820663/img_2442358_dji_0800.jpg HTTP/1.1
Host: 149.28.83.180
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://149.28.83.180/theme/styles.php/moove/1732820663_1/all
Cookie: MoodleSession=kv29t86nhq37tegqcrql4hu8db
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.26.0
Date: Tue, 04 Mar 2025 05:45:59 GMT
Content-Type: image/jpeg
Content-Length: 60908
Connection: keep-alive
Content-Disposition: inline; filename="img_2442358_dji_0800.jpg"
Cache-Control: public, max-age=5184000, no-transform
Expires: Sat, 03 May 2025 05:45:59 GMT
Pragma: 
Etag: "54ec48c78b258c0fe3d23d53b5d3ccc72065fb94"
Accept-Ranges: bytes
Last-Modified: Wed, 13 Nov 2024 19:00:34 GMT

GET 149.28.83.180/pluginfile.php/1/core_admin/favicon/64x64/1732820663/yinson_logo_Y_PNG.png

149.28.83.180

200 OK

3.3 kB

URL GET
149.28.83.180/pluginfile.php/1/core_admin/favicon/64x64/1732820663/yinson_logo_Y_PNG.png
IP
149.28.83.180:80
ASN
#20473 AS-VULTR

Requested by
http://149.28.83.180/login/index.php

File type
PNG image data, 53 x 64, 8-bit/color RGBA, non-interlaced
Size
3.3 kB (3330 bytes)
Hash
26da83f88acd5146fb04202f16d4a039
4819bcc8d18dfcb654b826ce0403ee1777153300
a9e2a8a3fac6253497294f8eee540be4b723fe62565afbe821135e5199ac81f0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pluginfile.php/1/core_admin/favicon/64x64/1732820663/yinson_logo_Y_PNG.png HTTP/1.1
Host: 149.28.83.180
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://149.28.83.180/login/index.php
Cookie: MoodleSession=kv29t86nhq37tegqcrql4hu8db
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.26.0
Date: Tue, 04 Mar 2025 05:46:00 GMT
Content-Type: image/png
Content-Length: 3330
Connection: keep-alive
Content-Disposition: inline; filename="yinson_logo_Y_PNG.png"
Cache-Control: public, max-age=5184000, no-transform
Expires: Sat, 03 May 2025 05:46:00 GMT
Pragma: 
Accept-Ranges: bytes
Last-Modified: Thu, 28 Nov 2024 19:08:32 GMT

GET 149.28.83.180/lib/javascript.php/1732820663/lib/polyfills/polyfill.js

149.28.83.180

200 OK

200 kB

URL GET
149.28.83.180/lib/javascript.php/1732820663/lib/polyfills/polyfill.js
IP
149.28.83.180:80
ASN
#20473 AS-VULTR

Requested by
http://149.28.83.180/login/index.php

File type

Size
200 kB (200103 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lib/javascript.php/1732820663/lib/polyfills/polyfill.js HTTP/1.1
Host: 149.28.83.180
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://149.28.83.180/login/index.php
Cookie: MoodleSession=kv29t86nhq37tegqcrql4hu8db
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.26.0
Date: Tue, 04 Mar 2025 05:45:58 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "92c09a75f947ad43fa42537895b49ec6ce849cfe"
Content-Disposition: inline; filename="javascript.php"
Last-Modified: Thu, 28 Nov 2024 19:04:24 GMT
Expires: Mon, 02 Jun 2025 05:45:57 GMT
Pragma: 
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding

GET fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2

142.250.74.35

200 OK

39 kB

URL GET
fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
http://149.28.83.180/login/index.php
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintA4:5F:89:8D:68:B4:5F:99:BE:F5:66:6F:C1:5E:A5:8C:72:BF:1E:D5
ValidityWed, 26 Feb 2025 15:33:59 GMT - Wed, 21 May 2025 15:33:58 GMT

File type
Web Open Font Format (Version 2), TrueType, length 39124, version 1.0
Size
39 kB (39124 bytes)
Hash
86b73ab5f530be7984b704414f2a711d
8e297794ed7b6f5ea476d14b5270df12e8f3e42a
1a48b70f97555c13f84b8f088a417f9179d99b5101250819350acaf6e91bb92f

HTTP Headers

GET /s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://149.28.83.180
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 39124
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 28 Feb 2025 19:49:10 GMT
expires: Sat, 28 Feb 2026 19:49:10 GMT
cache-control: public, max-age=31536000
age: 295009
last-modified: Thu, 14 Sep 2023 00:02:20 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET 149.28.83.180/lib/javascript.php/1732820663/lib/jquery/jquery-3.7.1.min.js

149.28.83.180

200 OK

88 kB

URL GET
149.28.83.180/lib/javascript.php/1732820663/lib/jquery/jquery-3.7.1.min.js
IP
149.28.83.180:80
ASN
#20473 AS-VULTR

Requested by
http://149.28.83.180/login/index.php

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
88 kB (87531 bytes)
Hash
be651dac3e3cd5db93a268c39752901a
d053afd6198e81c348498f1f7a34ef6ebf2cc9bb
041be83139e222239e7cfb4cc97647382e38bca06b481d5c0aa224af695a8e88

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lib/javascript.php/1732820663/lib/jquery/jquery-3.7.1.min.js HTTP/1.1
Host: 149.28.83.180
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://149.28.83.180/login/index.php
Cookie: MoodleSession=kv29t86nhq37tegqcrql4hu8db
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.26.0
Date: Tue, 04 Mar 2025 05:46:01 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "d5083cccd85f2c5d8b33c1aac1603b1e65f199b3"
Content-Disposition: inline; filename="javascript.php"
Last-Modified: Thu, 28 Nov 2024 19:04:29 GMT
Expires: Mon, 02 Jun 2025 05:46:01 GMT
Pragma: 
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding

GET 149.28.83.180/theme/yui_combo.php?3.18.1/event-mousewheel/event-mousewheel.js&3.18.1/event-resize/event-resize.js&3.18.1/event-hover/event-hover.js&3.18.1/event-touch/event-touch.js&3.18.1/event-move/event-move.js&3.18.1/event-flick/event-flick.js&3.18.1/event-valuechange/event-valuechange.js&3.18.1/event-tap/event-tap.js&m/1732820663/core/event/event-debug.js

149.28.83.180

200 OK

73 kB

URL GET
149.28.83.180/theme/yui_combo.php?3.18.1/event-mousewheel/event-mousewheel.js&3.18.1/event-resize/event-resize.js&3.18.1/event-hover/event-hover.js&3.18.1/event-touch/event-touch.js&3.18.1/event-move/event-move.js&3.18.1/event-flick/event-flick.js&3.18.1/event-valuechange/event-valuechange.js&3.18.1/event-tap/event-tap.js&m/1732820663/core/event/event-debug.js
IP
149.28.83.180:80
ASN
#20473 AS-VULTR

Requested by
http://149.28.83.180/login/index.php

File type
ASCII text, with very long lines (437)
Size
73 kB (72962 bytes)
Hash
d4b7318e09d24fc53b35ef93180400eb
8ce89fe81aac6af312cbe257788ed483cc2afce4
f3955529f1814b3de295e006c8e40b6f673b6116ddba8bc7aaac732c6ec17421

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /theme/yui_combo.php?3.18.1/event-mousewheel/event-mousewheel.js&3.18.1/event-resize/event-resize.js&3.18.1/event-hover/event-hover.js&3.18.1/event-touch/event-touch.js&3.18.1/event-move/event-move.js&3.18.1/event-flick/event-flick.js&3.18.1/event-valuechange/event-valuechange.js&3.18.1/event-tap/event-tap.js&m/1732820663/core/event/event-debug.js HTTP/1.1
Host: 149.28.83.180
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://149.28.83.180/login/index.php
Cookie: MoodleSession=kv29t86nhq37tegqcrql4hu8db
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.26.0
Date: Tue, 04 Mar 2025 05:46:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Content-Disposition: inline; filename="combo"
Last-Modified: Mon, 01 Jul 2024 16:28:36 GMT
Expires: Fri, 27 Feb 2026 05:46:01 GMT
Pragma: 
Cache-Control: public, max-age=31104000, immutable
Accept-Ranges: none
Etag: "336f917355be253690749904e23bcd8f4513afe6"
Content-Encoding: gzip
Vary: Accept-Encoding

GET 149.28.83.180/theme/yui_combo.php?rollup/3.18.1/yui-moodlesimple.css

149.28.83.180

200 OK

2.9 kB

URL GET
149.28.83.180/theme/yui_combo.php?rollup/3.18.1/yui-moodlesimple.css
IP
149.28.83.180:80
ASN
#20473 AS-VULTR

Requested by
http://149.28.83.180/login/index.php

File type
ASCII text, with very long lines (2909), with no line terminators
Size
2.9 kB (2902 bytes)
Hash
ad975e78b5a60e8ef6a488e0af5d3b84
affb7628989add01aa0bdc411d00114387b0fe93
aaf99282e1a8ddf0cde82d9f2c1744abea022a563a4c78936a3dce97c0fd2493

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /theme/yui_combo.php?rollup/3.18.1/yui-moodlesimple.css HTTP/1.1
Host: 149.28.83.180
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://149.28.83.180/login/index.php
Cookie: MoodleSession=kv29t86nhq37tegqcrql4hu8db
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.26.0
Date: Tue, 04 Mar 2025 05:45:57 GMT
Content-Type: text/css;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Disposition: inline; filename="combo"
Last-Modified: Mon, 01 Jul 2024 16:28:36 GMT
Expires: Fri, 27 Feb 2026 05:45:57 GMT
Pragma: 
Cache-Control: public, max-age=31104000, immutable
Accept-Ranges: none
Etag: "f61ad42fbd9eeb6fbd3c234ed4c1e90b8a11a574"
Content-Encoding: gzip
Vary: Accept-Encoding

GET 149.28.83.180/lib/javascript.php/1732820663/lib/javascript-static.js

149.28.83.180

200 OK

21 kB

URL GET
149.28.83.180/lib/javascript.php/1732820663/lib/javascript-static.js
IP
149.28.83.180:80
ASN
#20473 AS-VULTR

Requested by
http://149.28.83.180/login/index.php

File type
JavaScript source, ASCII text, with very long lines (1877)
Size
21 kB (20804 bytes)
Hash
145641dd59840a5089f62756a25a8628
9dbe1d2d9b9b7b1ab5baa7d664833758ae4ec841
97182c5bd5c540168c6953c3737dedd4ea366e1d15c75730ac41cc2aa3341320

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lib/javascript.php/1732820663/lib/javascript-static.js HTTP/1.1
Host: 149.28.83.180
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://149.28.83.180/login/index.php
Cookie: MoodleSession=kv29t86nhq37tegqcrql4hu8db
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.26.0
Date: Tue, 04 Mar 2025 05:45:57 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "8d4d7b5a13a73eaf241ccfe7e93372a9aa07ae23"
Content-Disposition: inline; filename="javascript.php"
Last-Modified: Thu, 28 Nov 2024 19:04:24 GMT
Expires: Mon, 02 Jun 2025 05:45:57 GMT
Pragma: 
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding

GET 149.28.83.180/theme/yui_combo.php?rollup/3.18.1/yui-moodlesimple.js

149.28.83.180

200 OK

1.3 MB

URL GET
149.28.83.180/theme/yui_combo.php?rollup/3.18.1/yui-moodlesimple.js
IP
149.28.83.180:80
ASN
#20473 AS-VULTR

Requested by
http://149.28.83.180/login/index.php

File type
JavaScript source, ASCII text
Size
1.3 MB (1277141 bytes)
Hash
0c49347e5b656f121131ebffb485e607
8cc9c9ce08df808cd2ac420e903a740c80b8be12
8ca40eeed1dc2a18e4987c9b69b5c337d225e7c2ee7b323b16b4b4e24d37d757

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /theme/yui_combo.php?rollup/3.18.1/yui-moodlesimple.js HTTP/1.1
Host: 149.28.83.180
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://149.28.83.180/login/index.php
Cookie: MoodleSession=kv29t86nhq37tegqcrql4hu8db
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.26.0
Date: Tue, 04 Mar 2025 05:45:58 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Content-Disposition: inline; filename="combo"
Last-Modified: Mon, 01 Jul 2024 16:28:36 GMT
Expires: Fri, 27 Feb 2026 05:45:57 GMT
Pragma: 
Cache-Control: public, max-age=31104000, immutable
Accept-Ranges: none
Etag: "c144418760593ad284d21c280ef15c9387bbcef6"
Content-Encoding: gzip
Vary: Accept-Encoding

GET fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2

142.250.74.35

200 OK

39 kB

URL GET
fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
http://149.28.83.180/login/index.php
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintA4:5F:89:8D:68:B4:5F:99:BE:F5:66:6F:C1:5E:A5:8C:72:BF:1E:D5
ValidityWed, 26 Feb 2025 15:33:59 GMT - Wed, 21 May 2025 15:33:58 GMT

File type
Web Open Font Format (Version 2), TrueType, length 39124, version 1.0
Size
39 kB (39124 bytes)
Hash
86b73ab5f530be7984b704414f2a711d
8e297794ed7b6f5ea476d14b5270df12e8f3e42a
1a48b70f97555c13f84b8f088a417f9179d99b5101250819350acaf6e91bb92f

HTTP Headers

GET /s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://149.28.83.180
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 39124
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 28 Feb 2025 19:49:10 GMT
expires: Sat, 28 Feb 2026 19:49:10 GMT
cache-control: public, max-age=31536000
age: 295009
last-modified: Thu, 14 Sep 2023 00:02:20 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET 149.28.83.180/lib/requirejs.php/1732820663/core/first.js

149.28.83.180

200 OK

3.1 MB

URL GET
149.28.83.180/lib/requirejs.php/1732820663/core/first.js
IP
149.28.83.180:80
ASN
#20473 AS-VULTR

Requested by
http://149.28.83.180/login/index.php

File type

Size
3.1 MB (3131685 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lib/requirejs.php/1732820663/core/first.js HTTP/1.1
Host: 149.28.83.180
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://149.28.83.180/login/index.php
Cookie: MoodleSession=kv29t86nhq37tegqcrql4hu8db
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.26.0
Date: Tue, 04 Mar 2025 05:45:59 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "1110a1b160d8c521133ea123ad3ca71bfda0bee1"
Content-Disposition: inline; filename="requirejs.php"
Last-Modified: Thu, 28 Nov 2024 19:04:29 GMT
Expires: Mon, 02 Jun 2025 05:45:59 GMT
Pragma: 
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding

GET 149.28.83.180/lib/ajax/service-nologin.php?info=core_output_load_fontawesome_icon_system_map&cachekey=1732820663&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_fontawesome_icon_system_map%22%2C%22args%22%3A%7B%22themename%22%3A%22moove%22%7D%7D%5D

149.28.83.180

200 OK

32 kB

URL GET
149.28.83.180/lib/ajax/service-nologin.php?info=core_output_load_fontawesome_icon_system_map&cachekey=1732820663&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_fontawesome_icon_system_map%22%2C%22args%22%3A%7B%22themename%22%3A%22moove%22%7D%7D%5D
IP
149.28.83.180:80
ASN
#20473 AS-VULTR

Requested by
http://149.28.83.180/login/index.php

File type
JSON text data
Size
32 kB (32487 bytes)
Hash
9f2383f6c3580d3aa2984cb5ac7bfda6
16c226348f7c19eb37aa1bb24a9de341270d2959
e303dad9aaa9a4859dff990ac0a9c9b4ab5df282fa0413329791ab4083a162cb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lib/ajax/service-nologin.php?info=core_output_load_fontawesome_icon_system_map&cachekey=1732820663&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_fontawesome_icon_system_map%22%2C%22args%22%3A%7B%22themename%22%3A%22moove%22%7D%7D%5D HTTP/1.1
Host: 149.28.83.180
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://149.28.83.180/login/index.php
Cookie: MoodleSession=kv29t86nhq37tegqcrql4hu8db
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.26.0
Date: Tue, 04 Mar 2025 05:46:01 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 02 Jun 2025 05:46:01 GMT
Pragma: 
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none

GET 149.28.83.180/lib/ajax/service-nologin.php?info=core_output_load_template_with_dependencies,core_output_load_template_with_dependencies,core_output_load_template_with_dependencies&cachekey=1732820663&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22loading%22%2C%22themename%22%3A%22moove%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal%22%2C%22themename%22%3A%22moove%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal_backdrop%22%2C%22themename%22%3A%22moove%22%2C%22lang%22%3A%22en%22%7D%7D%5D

149.28.83.180

200 OK

1.9 kB

URL GET
149.28.83.180/lib/ajax/service-nologin.php?info=core_output_load_template_with_dependencies,core_output_load_template_with_dependencies,core_output_load_template_with_dependencies&cachekey=1732820663&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22loading%22%2C%22themename%22%3A%22moove%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal%22%2C%22themename%22%3A%22moove%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal_backdrop%22%2C%22themename%22%3A%22moove%22%2C%22lang%22%3A%22en%22%7D%7D%5D
IP
149.28.83.180:80
ASN
#20473 AS-VULTR

Requested by
http://149.28.83.180/login/index.php

File type
ASCII text, with very long lines (2106), with no line terminators
Size
1.9 kB (1867 bytes)
Hash
4866690dc24a7be11c53af0f309c8fdf
c812c14206ef41cb42f7478ed94f68783044e4f5
aae44fbd34c4da3756f5566d53643478e8c9852b929066fabc725d78735faa36

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lib/ajax/service-nologin.php?info=core_output_load_template_with_dependencies,core_output_load_template_with_dependencies,core_output_load_template_with_dependencies&cachekey=1732820663&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22loading%22%2C%22themename%22%3A%22moove%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal%22%2C%22themename%22%3A%22moove%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal_backdrop%22%2C%22themename%22%3A%22moove%22%2C%22lang%22%3A%22en%22%7D%7D%5D HTTP/1.1
Host: 149.28.83.180
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://149.28.83.180/login/index.php
Cookie: MoodleSession=kv29t86nhq37tegqcrql4hu8db
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.26.0
Date: Tue, 04 Mar 2025 05:46:02 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 02 Jun 2025 05:46:02 GMT
Pragma: 
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none

GET 149.28.83.180/login/index.php

0.0.0.0

0 B

URL User Request GET
149.28.83.180/login/index.php
IP
0.0.0.0:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login/index.php HTTP/1.1
Host: 149.28.83.180
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET fonts.googleapis.com/css2?family=Nunito:ital,wght@0,300;0,400;0,500;0,700;1,400&display=swap

142.250.74.10

200 OK

9.2 kB

URL GET
fonts.googleapis.com/css2?family=Nunito:ital,wght@0,300;0,400;0,500;0,700;1,400&display=swap
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
http://149.28.83.180/login/index.php
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
FingerprintF1:11:17:AF:9C:89:34:EE:D5:CB:84:40:84:EA:01:19:A9:F6:ED:C2
ValidityWed, 26 Feb 2025 15:33:59 GMT - Wed, 21 May 2025 15:33:58 GMT

File type
ASCII text, with very long lines (9430), with no line terminators
Size
9.2 kB (9205 bytes)
Hash
306550cfa10419ca602206601b7f6807
f9e0b562f478b8f6454e8cc10f74aa26d0e0bbb5
bd377834a9c626f5b468c311ce56c17f304b6b0aa0a67531a32fc588467eb092

HTTP Headers

GET /css2?family=Nunito:ital,wght@0,300;0,400;0,500;0,700;1,400&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://149.28.83.180/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 04 Mar 2025 05:45:58 GMT
date: Tue, 04 Mar 2025 05:45:58 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (16)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML