GET 110.172.151.105/login/forgot_password.php
110.172.151.105200 OK 7.2 kB URL User Request GET HTTP/1.1 110.172.151.105/login/forgot_password.php
IP 110.172.151.105:80
ASN #18002 AS Number for Interdomain Routing
File type HTML document, ASCII text, with very long lines (11871)
Hash f1166e4cf20db041cd09ff55eaca42a4
5daf226ba9ff7e8c6b795404504be0641605fdb5
035cbb9818b7dbe3b69fdd7c1d191e436f44569510e9b17ffe6d9efd7a9baaf8
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /login/forgot_password.php HTTP/1.1
Host: 110.172.151.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 15 May 2024 09:56:27 GMT
Server: Apache/2.4.41 (Ubuntu)
Set-Cookie: MoodleSession=avdctd465im6gi3eg3sjhntrka; path=/
Expires:
Cache-Control: private, pre-check=0, post-check=0, max-age=0, no-transform
Pragma: no-cache
Content-Language: en
Content-Script-Type: text/javascript
Content-Style-Type: text/css
X-UA-Compatible: IE=edge
Accept-Ranges: none
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7155
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
GET 110.172.151.105/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.css
110.172.151.105200 OK 1.0 kB URL GET HTTP/1.1 110.172.151.105/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.css
IP 110.172.151.105:80
ASN #18002 AS Number for Interdomain Routing
Requested by http://110.172.151.105/login/forgot_password.php
File type ASCII text, with very long lines (1965)
Hash 73cbdae81548a6d6b35d801af5eadef8
fc80239620ebad54e36e1865338e8c5e1a7e9e8b
fbd5b8255a99afe96e89a88423275ed4e93083fad3311dd349906122e63206a0
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.css HTTP/1.1
Host: 110.172.151.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://110.172.151.105/login/forgot_password.php
Cookie: MoodleSession=avdctd465im6gi3eg3sjhntrka
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 15 May 2024 09:56:27 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Disposition: inline; filename="combo"
Last-Modified: Thu, 25 Jan 2024 14:48:13 GMT
Expires: Sat, 10 May 2025 09:56:27 GMT
Pragma:
Cache-Control: public, max-age=31104000, immutable
Accept-Ranges: none
Etag: "b9bc567c469e2872cf3bbb14603342a72de2509b"
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 1031
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css;charset=UTF-8
GET 110.172.151.105/lib/javascript.php/1715743508/lib/requirejs/require.min.js
110.172.151.105200 OK 6.7 kB URL GET HTTP/1.1 110.172.151.105/lib/javascript.php/1715743508/lib/requirejs/require.min.js
IP 110.172.151.105:80
ASN #18002 AS Number for Interdomain Routing
Requested by http://110.172.151.105/login/forgot_password.php
File type JavaScript source, ASCII text, with very long lines (17535)
Hash 1f53ac504f7e69a6df96140eed2d4df2
da00136dd3fd0ccab626d7555ccb5fdf1c096fad
9ce0dbd6a1df9332653e27d1ddc505c5b78fd82b4112de0ec63840c3fbe0b8c2
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /lib/javascript.php/1715743508/lib/requirejs/require.min.js HTTP/1.1
Host: 110.172.151.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://110.172.151.105/login/forgot_password.php
Cookie: MoodleSession=avdctd465im6gi3eg3sjhntrka
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 15 May 2024 09:56:28 GMT
Server: Apache/2.4.41 (Ubuntu)
Etag: "6e1201086f3931dfaa950a563e3498e1a248bb5a"
Content-Disposition: inline; filename="javascript.php"
Last-Modified: Wed, 15 May 2024 03:25:09 GMT
Expires: Tue, 13 Aug 2024 09:56:28 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 6662
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript; charset=utf-8
GET 110.172.151.105/lib/javascript.php/1715743508/lib/babel-polyfill/polyfill.min.js
110.172.151.105200 OK 34 kB URL GET HTTP/1.1 110.172.151.105/lib/javascript.php/1715743508/lib/babel-polyfill/polyfill.min.js
IP 110.172.151.105:80
ASN #18002 AS Number for Interdomain Routing
Requested by http://110.172.151.105/login/forgot_password.php
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (34750), with NEL line terminators
Hash 36842211132011a28a3ad07a62a629b1
624790be7f03f203771237170bfdf62e0186ae0f
d9e07890edf5f6f350ef465b37479fc6192923e60e64d9f20af37eb3b011cc66
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /lib/javascript.php/1715743508/lib/babel-polyfill/polyfill.min.js HTTP/1.1
Host: 110.172.151.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://110.172.151.105/login/forgot_password.php
Cookie: MoodleSession=avdctd465im6gi3eg3sjhntrka
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 15 May 2024 09:56:29 GMT
Server: Apache/2.4.41 (Ubuntu)
Etag: "9b4461d997560f3671c4a602ada2094802842628"
Content-Disposition: inline; filename="javascript.php"
Last-Modified: Wed, 15 May 2024 03:25:08 GMT
Expires: Tue, 13 Aug 2024 09:56:29 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=utf-8
GET 110.172.151.105/lib/javascript.php/1715743508/lib/polyfills/polyfill.js
110.172.151.105200 OK 5.2 kB URL GET HTTP/1.1 110.172.151.105/lib/javascript.php/1715743508/lib/polyfills/polyfill.js
IP 110.172.151.105:80
ASN #18002 AS Number for Interdomain Routing
Requested by http://110.172.151.105/login/forgot_password.php
File type JavaScript source, ASCII text, with very long lines (17856), with no line terminators
Hash 563ca457160c0b52e488c2cb8163bddb
048c8ec5be59391d29d19edd2d50d771308a3b08
e9b11833a390cf8a12e5b6c02602d27f79591160cfdde6c9029be7efa3eef847
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /lib/javascript.php/1715743508/lib/polyfills/polyfill.js HTTP/1.1
Host: 110.172.151.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://110.172.151.105/login/forgot_password.php
Cookie: MoodleSession=avdctd465im6gi3eg3sjhntrka
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 15 May 2024 09:56:30 GMT
Server: Apache/2.4.41 (Ubuntu)
Etag: "e524bea52a382fcc3a2d7534c2084ca7ed5b4f20"
Content-Disposition: inline; filename="javascript.php"
Last-Modified: Wed, 15 May 2024 03:25:08 GMT
Expires: Tue, 13 Aug 2024 09:56:30 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 5244
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript; charset=utf-8
GET 110.172.151.105/lib/javascript.php/1715743508/lib/javascript-static.js
110.172.151.105200 OK 6.8 kB URL GET HTTP/1.1 110.172.151.105/lib/javascript.php/1715743508/lib/javascript-static.js
IP 110.172.151.105:80
ASN #18002 AS Number for Interdomain Routing
Requested by http://110.172.151.105/login/forgot_password.php
File type JavaScript source, ASCII text, with very long lines (1875)
Hash ac7f47cc5271b4115ac489f7a0d70737
bb091a4de18f4ffce0ba80668ed0427ae03001d0
ec9d65cb26cade9adcf9c012734551cf8c86c49a1ff45fef12662ae42f312e3f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /lib/javascript.php/1715743508/lib/javascript-static.js HTTP/1.1
Host: 110.172.151.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://110.172.151.105/login/forgot_password.php
Cookie: MoodleSession=avdctd465im6gi3eg3sjhntrka
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 15 May 2024 09:56:30 GMT
Server: Apache/2.4.41 (Ubuntu)
Etag: "016285d3003783a24809ba938ed597db08a2882a"
Content-Disposition: inline; filename="javascript.php"
Last-Modified: Wed, 15 May 2024 03:25:09 GMT
Expires: Tue, 13 Aug 2024 09:56:30 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 6777
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript; charset=utf-8
GET 110.172.151.105/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.js
110.172.151.105200 OK 84 kB URL GET HTTP/1.1 110.172.151.105/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.js
IP 110.172.151.105:80
ASN #18002 AS Number for Interdomain Routing
Requested by http://110.172.151.105/login/forgot_password.php
File type JavaScript source, ASCII text, with very long lines (6010)
Hash 8039fd714b58260199b364107c92bff6
3776c202a78a99e5eeaafbdc7d8ad61acee3af1d
13eaaadfa414f262b7964320054bb2b322b9ef9f3522bc25c9d60dc83b5141cf
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.js HTTP/1.1
Host: 110.172.151.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://110.172.151.105/login/forgot_password.php
Cookie: MoodleSession=avdctd465im6gi3eg3sjhntrka
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 15 May 2024 09:56:30 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Disposition: inline; filename="combo"
Last-Modified: Thu, 25 Jan 2024 14:48:30 GMT
Expires: Sat, 10 May 2025 09:56:30 GMT
Pragma:
Cache-Control: public, max-age=31104000, immutable
Accept-Ranges: none
Etag: "78581a0bac8a932effb32db3e91e0f2f2b47c08e"
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
GET 110.172.151.105/theme/styles.php/boost/1715744605_1/all
110.172.151.105200 OK 108 kB URL GET HTTP/1.1 110.172.151.105/theme/styles.php/boost/1715744605_1/all
IP 110.172.151.105:80
ASN #18002 AS Number for Interdomain Routing
Requested by http://110.172.151.105/login/forgot_password.php
File type Unicode text, UTF-8 text, with very long lines (65524), with no line terminators
Size 108 kB (107864 bytes)
Hash d49195ac59ea40157956b91f32975dde
4411025e4e4f22f33e4523d96491d7f06c2482ad
00acd0a929234bde8d872bc98fb5bbd04163d24e670aca4ce52ee5bf764ce659
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /theme/styles.php/boost/1715744605_1/all HTTP/1.1
Host: 110.172.151.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://110.172.151.105/login/forgot_password.php
Cookie: MoodleSession=avdctd465im6gi3eg3sjhntrka
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 15 May 2024 09:56:30 GMT
Server: Apache/2.4.41 (Ubuntu)
Etag: "6255d9c067e6d3f7a67bc066b0e43c21ae4aad7a"
Content-Disposition: inline; filename="styles.php"
Last-Modified: Wed, 15 May 2024 05:07:02 GMT
Expires: Tue, 13 Aug 2024 09:56:30 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css; charset=utf-8
GET 110.172.151.105/theme/yui_combo.php?m/1715743508/core/event/event-min.js&m/1715743508/filter_mathjaxloader/loader/loader-min.js
110.172.151.105200 OK 857 B URL GET HTTP/1.1 110.172.151.105/theme/yui_combo.php?m/1715743508/core/event/event-min.js&m/1715743508/filter_mathjaxloader/loader/loader-min.js
IP 110.172.151.105:80
ASN #18002 AS Number for Interdomain Routing
Requested by http://110.172.151.105/login/forgot_password.php
File type JavaScript source, ASCII text, with very long lines (2198), with no line terminators
Hash 78e865a30eff73e43dca8b8e44bcbb6e
242cf2f16d121fc1d5a486063a0d6ab130abbf23
7eb61ba5b02c939a8985c145a24985cb3b4e3cadfcfc00fa5bca76aa0d8c5238
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /theme/yui_combo.php?m/1715743508/core/event/event-min.js&m/1715743508/filter_mathjaxloader/loader/loader-min.js HTTP/1.1
Host: 110.172.151.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://110.172.151.105/login/forgot_password.php
Cookie: MoodleSession=avdctd465im6gi3eg3sjhntrka
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 15 May 2024 09:56:31 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Disposition: inline; filename="combo"
Last-Modified: Thu, 25 Jan 2024 14:35:59 GMT
Expires: Sat, 10 May 2025 09:56:31 GMT
Pragma:
Cache-Control: public, max-age=31104000, immutable
Accept-Ranges: none
Etag: "54a770367d616a7630d3cd1b1bf8c56dea91f435"
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 857
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
GET 110.172.151.105/theme/yui_combo.php?m/1715743508/core/formchangechecker/formchangechecker-min.js
110.172.151.105200 OK 960 B URL GET HTTP/1.1 110.172.151.105/theme/yui_combo.php?m/1715743508/core/formchangechecker/formchangechecker-min.js
IP 110.172.151.105:80
ASN #18002 AS Number for Interdomain Routing
Requested by http://110.172.151.105/login/forgot_password.php
File type ASCII text, with very long lines (3346), with no line terminators
Hash 9aa4b38c46dfd3cc875bef3f610116d7
1a5809d9bb6888fb3d35e247cf7e766c58883cf2
27a687f809c9d5337b0f2031750d42ccfda242a1cfb3a4b4f44f7f05bf1894a4
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /theme/yui_combo.php?m/1715743508/core/formchangechecker/formchangechecker-min.js HTTP/1.1
Host: 110.172.151.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://110.172.151.105/login/forgot_password.php
Cookie: MoodleSession=avdctd465im6gi3eg3sjhntrka
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 15 May 2024 09:56:32 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Disposition: inline; filename="combo"
Last-Modified: Thu, 25 Jan 2024 14:36:00 GMT
Expires: Sat, 10 May 2025 09:56:32 GMT
Pragma:
Cache-Control: public, max-age=31104000, immutable
Accept-Ranges: none
Etag: "561cd4bef1cc36be3c82d5f2e8243351c1ada9fd"
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 960
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
GET 110.172.151.105/pluginfile.php/1/core_admin/logocompact/300x300/1715744605/Logo_Course.png
110.172.151.105200 OK 85 kB URL GET HTTP/1.1 110.172.151.105/pluginfile.php/1/core_admin/logocompact/300x300/1715744605/Logo_Course.png
IP 110.172.151.105:80
ASN #18002 AS Number for Interdomain Routing
Requested by http://110.172.151.105/login/forgot_password.php
File type PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
Hash 95a8e26892485421f87d35715eb914ea
12f552d614ee345a6a04f13e8fdf8d5a3ef1914b
e07870b1fdb4c5c30e0e971ea62fb5c5e098494288dd563f51077d8d9f996411
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pluginfile.php/1/core_admin/logocompact/300x300/1715744605/Logo_Course.png HTTP/1.1
Host: 110.172.151.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://110.172.151.105/login/forgot_password.php
Cookie: MoodleSession=avdctd465im6gi3eg3sjhntrka
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 15 May 2024 09:56:31 GMT
Server: Apache/2.4.41 (Ubuntu)
Expires: Sun, 14 Jul 2024 09:56:31 GMT
Cache-Control: public, max-age=5184000, no-transform
Pragma:
Content-Disposition: inline; filename="Logo_Course.png"
Last-Modified: Wed, 15 May 2024 03:43:25 GMT
Accept-Ranges: bytes
Content-Length: 85101
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
GET 110.172.151.105/theme/font.php/boost/core/1715744605/fontawesome-webfont.woff2?v=4.7.0
110.172.151.105200 OK 77 kB URL GET HTTP/1.1 110.172.151.105/theme/font.php/boost/core/1715744605/fontawesome-webfont.woff2?v=4.7.0
IP 110.172.151.105:80
ASN #18002 AS Number for Interdomain Routing
Requested by http://110.172.151.105/login/forgot_password.php
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /theme/font.php/boost/core/1715744605/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: 110.172.151.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://110.172.151.105/theme/styles.php/boost/1715744605_1/all
Cookie: MoodleSession=avdctd465im6gi3eg3sjhntrka
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 15 May 2024 09:56:31 GMT
Server: Apache/2.4.41 (Ubuntu)
Etag: "453cf8cde7ea31ec198e3443b76d5b5e3af092e8"
Content-Disposition: inline; filename="fontawesome-webfont.woff2"
Last-Modified: Wed, 15 May 2024 03:43:29 GMT
Expires: Tue, 13 Aug 2024 09:56:31 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Length: 77160
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/font-woff2
GET 110.172.151.105/theme/image.php/boost/theme/1715744605/favicon
110.172.151.105200 OK 35 kB URL GET HTTP/1.1 110.172.151.105/theme/image.php/boost/theme/1715744605/favicon
IP 110.172.151.105:80
ASN #18002 AS Number for Interdomain Routing
Requested by http://110.172.151.105/login/forgot_password.php
File type MS Windows icon resource - 1 icon, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
Hash 544e567685bd9467d7b3a6fd6e99f39b
d5e5cc592bcc858800f79c0601ee3f4e14064d11
e019915bf7d2cf42b14e231ca6fb4dcabad62ff2901d5b8465b564d37bb27ca3
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /theme/image.php/boost/theme/1715744605/favicon HTTP/1.1
Host: 110.172.151.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://110.172.151.105/login/forgot_password.php
Cookie: MoodleSession=avdctd465im6gi3eg3sjhntrka
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 15 May 2024 09:56:32 GMT
Server: Apache/2.4.41 (Ubuntu)
Etag: "f0582d9c224a0521ea4724d8021c3e88c46f56a9"
Content-Disposition: inline; filename="favicon.ico"
Last-Modified: Wed, 15 May 2024 03:43:26 GMT
Expires: Tue, 13 Aug 2024 09:56:32 GMT
Pragma:
Cache-Control: public, max-age=7776000, no-transform, immutable
Accept-Ranges: none
Content-Length: 34722
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/vnd.microsoft.icon
GET 110.172.151.105/lib/requirejs.php/1715743508/core/first.js
110.172.151.105200 OK 351 kB URL GET HTTP/1.1 110.172.151.105/lib/requirejs.php/1715743508/core/first.js
IP 110.172.151.105:80
ASN #18002 AS Number for Interdomain Routing
Requested by http://110.172.151.105/login/forgot_password.php
File type JavaScript source, ASCII text, with very long lines (19941)
Size 351 kB (351446 bytes)
Hash 5c602ebcc0761873157176c595960eda
19217a6fcd21b1c4be8c1cc95a1cac044e341528
b2a3ec67f1cb7e5b18b28219cd9a4b991285d516e1e0cb0c707d2ab10cf43ab4
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /lib/requirejs.php/1715743508/core/first.js HTTP/1.1
Host: 110.172.151.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://110.172.151.105/login/forgot_password.php
Cookie: MoodleSession=avdctd465im6gi3eg3sjhntrka
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 15 May 2024 09:56:32 GMT
Server: Apache/2.4.41 (Ubuntu)
Etag: "ddd843841e02b200701aa057fae102defde1e6a3"
Content-Disposition: inline; filename="requirejs.php"
Last-Modified: Wed, 15 May 2024 03:25:10 GMT
Expires: Tue, 13 Aug 2024 09:56:32 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=utf-8
GET 110.172.151.105/lib/javascript.php/1715743508/lib/jquery/jquery-3.5.1.min.js
110.172.151.105200 OK 31 kB URL GET HTTP/1.1 110.172.151.105/lib/javascript.php/1715743508/lib/jquery/jquery-3.5.1.min.js
IP 110.172.151.105:80
ASN #18002 AS Number for Interdomain Routing
Requested by http://110.172.151.105/login/forgot_password.php
File type JavaScript source, ASCII text, with very long lines (65451)
Hash de4b1f62b938e770b049213be961e86e
4e6a1e0501610029a551c06a51f1acc3c8b6473a
621c0f52571ccff5dab81de13db26fda4b4a7dad83a01827c9139571023abea4
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /lib/javascript.php/1715743508/lib/jquery/jquery-3.5.1.min.js HTTP/1.1
Host: 110.172.151.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://110.172.151.105/login/forgot_password.php
Cookie: MoodleSession=avdctd465im6gi3eg3sjhntrka
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 15 May 2024 09:56:35 GMT
Server: Apache/2.4.41 (Ubuntu)
Etag: "673863736dde7a7cea2b9b9a6df4a64d302eccc3"
Content-Disposition: inline; filename="javascript.php"
Last-Modified: Wed, 15 May 2024 03:25:10 GMT
Expires: Tue, 13 Aug 2024 09:56:35 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=utf-8
GET 110.172.151.105/theme/yui_combo.php?3.17.2/event-mousewheel/event-mousewheel-min.js&3.17.2/event-resize/event-resize-min.js&3.17.2/event-hover/event-hover-min.js&3.17.2/event-touch/event-touch-min.js&3.17.2/event-move/event-move-min.js&3.17.2/event-flick/event-flick-min.js&3.17.2/event-valuechange/event-valuechange-min.js&3.17.2/event-tap/event-tap-min.js
110.172.151.105200 OK 4.8 kB URL GET HTTP/1.1 110.172.151.105/theme/yui_combo.php?3.17.2/event-mousewheel/event-mousewheel-min.js&3.17.2/event-resize/event-resize-min.js&3.17.2/event-hover/event-hover-min.js&3.17.2/event-touch/event-touch-min.js&3.17.2/event-move/event-move-min.js&3.17.2/event-flick/event-flick-min.js&3.17.2/event-valuechange/event-valuechange-min.js&3.17.2/event-tap/event-tap-min.js
IP 110.172.151.105:80
ASN #18002 AS Number for Interdomain Routing
Requested by http://110.172.151.105/login/forgot_password.php
File type JavaScript source, ASCII text, with very long lines (3857)
Hash 0151b48e61660bed14bf6acd5bb77210
e096360d7d8819dbbf42e7137ed9e37cdd286700
26d1a45d173703f01ca9bb8be4335bae6005c3bc0a5f78b380ad18fb152b8835
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /theme/yui_combo.php?3.17.2/event-mousewheel/event-mousewheel-min.js&3.17.2/event-resize/event-resize-min.js&3.17.2/event-hover/event-hover-min.js&3.17.2/event-touch/event-touch-min.js&3.17.2/event-move/event-move-min.js&3.17.2/event-flick/event-flick-min.js&3.17.2/event-valuechange/event-valuechange-min.js&3.17.2/event-tap/event-tap-min.js HTTP/1.1
Host: 110.172.151.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://110.172.151.105/login/forgot_password.php
Cookie: MoodleSession=avdctd465im6gi3eg3sjhntrka
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 15 May 2024 09:56:36 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Disposition: inline; filename="combo"
Last-Modified: Thu, 25 Jan 2024 14:44:10 GMT
Expires: Sat, 10 May 2025 09:56:36 GMT
Pragma:
Cache-Control: public, max-age=31104000, immutable
Accept-Ranges: none
Etag: "b24ca831785ba367093f089618e840be511be85d"
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 4808
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
POST 110.172.151.105/lib/ajax/service.php?sesskey=3f9GM2rTsR&info=media_videojs_get_language
110.172.151.105200 OK 4.5 kB URL POST HTTP/1.1 110.172.151.105/lib/ajax/service.php?sesskey=3f9GM2rTsR&info=media_videojs_get_language
IP 110.172.151.105:80
ASN #18002 AS Number for Interdomain Routing
Requested by http://110.172.151.105/login/forgot_password.php
Hash 4d5523cbc76f44fe608854860b0a2569
b821723eb7ecf0b7e97c516fbbc88c3b85560229
2088fbe413aa7bc5fc811ec5778bd623becf7c1c149d2f12fc8c21ad7cd343d5
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /lib/ajax/service.php?sesskey=3f9GM2rTsR&info=media_videojs_get_language HTTP/1.1
Host: 110.172.151.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Content-Length: 76
Origin: http://110.172.151.105
DNT: 1
Connection: keep-alive
Referer: http://110.172.151.105/login/forgot_password.php
Cookie: MoodleSession=avdctd465im6gi3eg3sjhntrka
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 15 May 2024 09:56:36 GMT
Server: Apache/2.4.41 (Ubuntu)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 4530
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/json; charset=utf-8
POST 110.172.151.105/lib/ajax/service.php?sesskey=3f9GM2rTsR&info=local_disablerightclick_settings
110.172.151.105200 OK 2.1 kB URL POST HTTP/1.1 110.172.151.105/lib/ajax/service.php?sesskey=3f9GM2rTsR&info=local_disablerightclick_settings
IP 110.172.151.105:80
ASN #18002 AS Number for Interdomain Routing
Requested by http://110.172.151.105/login/forgot_password.php
Hash 1ecd04a56fd976cbe83a56a7d30a0c87
55d83f22e86994e7509ddba8a213f1b81549cdef
2fb1a2bdab1f84dba46cc07cc17da80fd92f3cdee9dd4e3c82d5313e0444bb44
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /lib/ajax/service.php?sesskey=3f9GM2rTsR&info=local_disablerightclick_settings HTTP/1.1
Host: 110.172.151.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Content-Length: 84
Origin: http://110.172.151.105
DNT: 1
Connection: keep-alive
Referer: http://110.172.151.105/login/forgot_password.php
Cookie: MoodleSession=avdctd465im6gi3eg3sjhntrka
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 15 May 2024 09:56:36 GMT
Server: Apache/2.4.41 (Ubuntu)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 2108
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/json; charset=utf-8
GET 110.172.151.105/lib/ajax/service-nologin.php?info=6-method-calls&cachekey=1715743508&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22cancel%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22closebuttontitle%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22loading%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22savechanges%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A4%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showless%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A5%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showmore%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22en%22%7D%7D%5D
110.172.151.105200 OK 211 B URL GET HTTP/1.1 110.172.151.105/lib/ajax/service-nologin.php?info=6-method-calls&cachekey=1715743508&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22cancel%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22closebuttontitle%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22loading%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22savechanges%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A4%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showless%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A5%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showmore%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22en%22%7D%7D%5D
IP 110.172.151.105:80
ASN #18002 AS Number for Interdomain Routing
Requested by http://110.172.151.105/login/forgot_password.php
Hash c135ebb8306e47146c197265b9c9022b
425c439b399cc4a29df884f4ac5aa75505944c2c
afefe583c5a695189962783424716b19758b2a08e71480cb91a73c88c98a20be
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /lib/ajax/service-nologin.php?info=6-method-calls&cachekey=1715743508&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22cancel%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22closebuttontitle%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22loading%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22savechanges%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A4%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showless%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A5%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showmore%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22en%22%7D%7D%5D HTTP/1.1
Host: 110.172.151.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://110.172.151.105/login/forgot_password.php
Cookie: MoodleSession=avdctd465im6gi3eg3sjhntrka
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 15 May 2024 09:56:36 GMT
Server: Apache/2.4.41 (Ubuntu)
Expires: Tue, 13 Aug 2024 09:56:36 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Length: 211
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/json; charset=utf-8
GET 110.172.151.105/lib/ajax/service-nologin.php?info=7-method-calls&cachekey=1715743508&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22loading%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal_backdrop%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal_save_cancel%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A4%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal_cancel%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A5%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22local%2Fmodal%2Falert%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A6%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22pix_icon_fontawesome%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%5D
110.172.151.105200 OK 7.9 kB URL GET HTTP/1.1 110.172.151.105/lib/ajax/service-nologin.php?info=7-method-calls&cachekey=1715743508&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22loading%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal_backdrop%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal_save_cancel%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A4%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal_cancel%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A5%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22local%2Fmodal%2Falert%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A6%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22pix_icon_fontawesome%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%5D
IP 110.172.151.105:80
ASN #18002 AS Number for Interdomain Routing
Requested by http://110.172.151.105/login/forgot_password.php
Hash 9afdfff43d769801c4c6592f6b805bcd
6daea0ab794fe6853d85ff7ede39f29fb1393c3f
484594990adeca97a8fc2703cb3203cd5f3d0562a0134dff8d58e816ad885960
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /lib/ajax/service-nologin.php?info=7-method-calls&cachekey=1715743508&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22loading%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal_backdrop%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal_save_cancel%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A4%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal_cancel%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A5%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22local%2Fmodal%2Falert%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A6%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22pix_icon_fontawesome%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%5D HTTP/1.1
Host: 110.172.151.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://110.172.151.105/login/forgot_password.php
Cookie: MoodleSession=avdctd465im6gi3eg3sjhntrka
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 15 May 2024 09:56:36 GMT
Server: Apache/2.4.41 (Ubuntu)
Expires: Tue, 13 Aug 2024 09:56:36 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Length: 7879
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/json; charset=utf-8
GET 110.172.151.105/lib/ajax/service-nologin.php?info=core_output_load_fontawesome_icon_system_map&cachekey=1715744605&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_fontawesome_icon_system_map%22%2C%22args%22%3A%7B%22themename%22%3A%22boost%22%7D%7D%5D
110.172.151.105200 OK 32 kB URL GET HTTP/1.1 110.172.151.105/lib/ajax/service-nologin.php?info=core_output_load_fontawesome_icon_system_map&cachekey=1715744605&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_fontawesome_icon_system_map%22%2C%22args%22%3A%7B%22themename%22%3A%22boost%22%7D%7D%5D
IP 110.172.151.105:80
ASN #18002 AS Number for Interdomain Routing
Requested by http://110.172.151.105/login/forgot_password.php
Hash b60b7f99c21a76a9085de90b5b60c516
a567034e87a70bf592a96773e79162222f991128
2ba165e59efb2b6c51356557c18690bdf21427babf2a94f122952a373ff285fa
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /lib/ajax/service-nologin.php?info=core_output_load_fontawesome_icon_system_map&cachekey=1715744605&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_fontawesome_icon_system_map%22%2C%22args%22%3A%7B%22themename%22%3A%22boost%22%7D%7D%5D HTTP/1.1
Host: 110.172.151.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://110.172.151.105/login/forgot_password.php
Cookie: MoodleSession=avdctd465im6gi3eg3sjhntrka
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 15 May 2024 09:56:36 GMT
Server: Apache/2.4.41 (Ubuntu)
Expires: Tue, 13 Aug 2024 09:56:36 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8