Report - 190.92.1.42:8080/moodle/login/forgot

Report Overview

Visited public
2024-05-17 10:42:14
Tags
Submit Tags
URL
190.92.1.42:8080/moodle/login/forgot_password.php
Finishing URL
190.92.1.42:8080/moodle/login/forgot_password.php
IP / ASN
190.92.1.42
#27884 CABLECOLOR S.A.
Title
Forgotten password

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
190.92.1.42:8080	unknown	unknown	No data	No data	13 kB	717 kB	190.92.1.42

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-17	medium	190.92.1.42	Sinkholed
2024-05-17	medium	190.92.1.42	Sinkholed
2024-05-17	medium	190.92.1.42	Sinkholed
2024-05-17	medium	190.92.1.42	Sinkholed
2024-05-17	medium	190.92.1.42	Sinkholed
2024-05-17	medium	190.92.1.42	Sinkholed
2024-05-17	medium	190.92.1.42	Sinkholed
2024-05-17	medium	190.92.1.42	Sinkholed
2024-05-17	medium	190.92.1.42	Sinkholed
2024-05-17	medium	190.92.1.42	Sinkholed
2024-05-17	medium	190.92.1.42	Sinkholed
2024-05-17	medium	190.92.1.42	Sinkholed
2024-05-17	medium	190.92.1.42	Sinkholed
2024-05-17	medium	190.92.1.42	Sinkholed
2024-05-17	medium	190.92.1.42	Sinkholed
2024-05-17	medium	190.92.1.42	Sinkholed
2024-05-17	medium	190.92.1.42	Sinkholed
2024-05-17	medium	190.92.1.42	Sinkholed
2024-05-17	medium	190.92.1.42	Sinkholed
2024-05-17	medium	190.92.1.42	Sinkholed

ThreatFox

No alerts detected

JavaScript (19)

	URL	From	Size	First Seen	Last Seen
	190.92.1.42:8080/moodle/login/forgot_password.php	ScriptElement	13 kB	2024-08-19	2024-08-19
Pretty URL 190.92.1.42:8080/moodle/login/forgot_password.php IP 190.92.1.42 ASN #27884 CABLECOLOR S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 22:42 Last Seen2024-08-19 22:42 Times Seen1 Hash 51e94605460c3220a87ebec79f6861e3 9fd1aedb0b918b4f861b0e0186ab1206b94d97ca 9202e61d29f5f40f226b42888804e69d211de747986378afeed33ef0f01b196a Loading...

	190.92.1.42:8080/moodle/lib/requirejs.php/1637252095/core/first.js	ScriptElement	1.3 MB	2024-05-17	2024-10-04
Pretty URL 190.92.1.42:8080/moodle/lib/requirejs.php/1637252095/core/first.js IP 190.92.1.42 ASN #27884 CABLECOLOR S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-17 12:42 Last Seen2024-10-04 11:27 Times Seen2 Hash c6e6343004e75759197456d1cbf74002 495ac1071563e0bb265c0784bc918db53adce072 9ab2c9162d6125aa160ca70abf589759c4bf0f6b7322112e61cb1f4a616aadd4 Loading...

	190.92.1.42:8080/moodle/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.js	ScriptElement	283 kB	2023-03-07	2025-07-18
Pretty URL 190.92.1.42:8080/moodle/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.js IP 190.92.1.42 ASN #27884 CABLECOLOR S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07 Last Seen2025-07-18 00:58 Times Seen1276 Hash 8039fd714b58260199b364107c92bff6 3776c202a78a99e5eeaafbdc7d8ad61acee3af1d 13eaaadfa414f262b7964320054bb2b322b9ef9f3522bc25c9d60dc83b5141cf Loading...

	unknown	Function	37 B	2023-04-11	2025-07-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:31 Last Seen2025-07-19 05:42 Times Seen304157 Hash 29d0c84b9d1d8da446a6062c6a840ad9 6d6b3a6065667c7c50d92f3889c85ed65a9ad784 3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1 Loading...

	190.92.1.42:8080/moodle/lib/javascript.php/1637252095/lib/javascript-static.js	ScriptElement	21 kB	2023-03-07	2025-07-18
Pretty URL 190.92.1.42:8080/moodle/lib/javascript.php/1637252095/lib/javascript-static.js IP 190.92.1.42 ASN #27884 CABLECOLOR S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07 Last Seen2025-07-18 00:58 Times Seen726 Hash ac7f47cc5271b4115ac489f7a0d70737 bb091a4de18f4ffce0ba80668ed0427ae03001d0 ec9d65cb26cade9adcf9c012734551cf8c86c49a1ff45fef12662ae42f312e3f Loading...

	190.92.1.42:8080/moodle/login/forgot_password.php	ScriptElement	60 B	2023-03-07	2025-07-18
Pretty URL 190.92.1.42:8080/moodle/login/forgot_password.php IP 190.92.1.42 ASN #27884 CABLECOLOR S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:07 Last Seen2025-07-18 09:06 Times Seen1948 Hash dba70bf9335863dea2696ca9da069b01 adfc079c12684d419766c7732c35da693517a7f8 05f515ab150c8852191afb40be55373b5b5337d89d513e48b802293123361798 Loading...

	190.92.1.42:8080/moodle/lib/javascript.php/1637252095/lib/requirejs/require.min.js	ScriptElement	18 kB	2023-03-07	2025-07-18
Pretty URL 190.92.1.42:8080/moodle/lib/javascript.php/1637252095/lib/requirejs/require.min.js IP 190.92.1.42 ASN #27884 CABLECOLOR S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07 Last Seen2025-07-18 00:58 Times Seen1385 Hash 1f53ac504f7e69a6df96140eed2d4df2 da00136dd3fd0ccab626d7555ccb5fdf1c096fad 9ce0dbd6a1df9332653e27d1ddc505c5b78fd82b4112de0ec63840c3fbe0b8c2 Loading...

	190.92.1.42:8080/moodle/theme/yui_combo.php?m/1637252095/core/event/event-min.js&m/1637252095/filter_mathjaxloader/loader/loader-min.js	ScriptElement	2.2 kB	2023-03-07	2025-07-11
Pretty URL 190.92.1.42:8080/moodle/theme/yui_combo.php?m/1637252095/core/event/event-min.js&m/1637252095/filter_mathjaxloader/loader/loader-min.js IP 190.92.1.42 ASN #27884 CABLECOLOR S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07 Last Seen2025-07-11 22:47 Times Seen355 Hash 78e865a30eff73e43dca8b8e44bcbb6e 242cf2f16d121fc1d5a486063a0d6ab130abbf23 7eb61ba5b02c939a8985c145a24985cb3b4e3cadfcfc00fa5bca76aa0d8c5238 Loading...

	190.92.1.42:8080/moodle/lib/javascript.php/1637252095/lib/polyfills/polyfill.js	ScriptElement	18 kB	2023-03-08	2025-07-11
Pretty URL 190.92.1.42:8080/moodle/lib/javascript.php/1637252095/lib/polyfills/polyfill.js IP 190.92.1.42 ASN #27884 CABLECOLOR S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 08:30 Last Seen2025-07-11 18:35 Times Seen260 Hash 563ca457160c0b52e488c2cb8163bddb 048c8ec5be59391d29d19edd2d50d771308a3b08 e9b11833a390cf8a12e5b6c02602d27f79591160cfdde6c9029be7efa3eef847 Loading...

	190.92.1.42:8080/moodle/theme/jquery.php/core/jquery-3.5.1.min.js	ScriptElement	90 kB	2023-03-07	2025-07-19
Pretty URL 190.92.1.42:8080/moodle/theme/jquery.php/core/jquery-3.5.1.min.js IP 190.92.1.42 ASN #27884 CABLECOLOR S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-19 05:47 Times Seen124926 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	190.92.1.42:8080/moodle/theme/yui_combo.php?m/1637252095/core/formchangechecker/formchangechecker-min.js	ScriptElement	3.3 kB	2023-03-07	2025-07-11
Pretty URL 190.92.1.42:8080/moodle/theme/yui_combo.php?m/1637252095/core/formchangechecker/formchangechecker-min.js IP 190.92.1.42 ASN #27884 CABLECOLOR S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:24 Last Seen2025-07-11 22:47 Times Seen167 Hash 9aa4b38c46dfd3cc875bef3f610116d7 1a5809d9bb6888fb3d35e247cf7e766c58883cf2 27a687f809c9d5337b0f2031750d42ccfda242a1cfb3a4b4f44f7f05bf1894a4 Loading...

	190.92.1.42:8080/moodle/lib/javascript.php/1637252095/lib/jquery/jquery-3.5.1.min.js	ScriptElement	90 kB	2023-03-07	2025-07-13
Pretty URL 190.92.1.42:8080/moodle/lib/javascript.php/1637252095/lib/jquery/jquery-3.5.1.min.js IP 190.92.1.42 ASN #27884 CABLECOLOR S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07 Last Seen2025-07-13 23:05 Times Seen462 Hash de4b1f62b938e770b049213be961e86e 4e6a1e0501610029a551c06a51f1acc3c8b6473a 621c0f52571ccff5dab81de13db26fda4b4a7dad83a01827c9139571023abea4 Loading...

	190.92.1.42:8080/moodle/lib/javascript.php/1637252095/theme/eguru/javascript/theme.js	ScriptElement	679 B	2023-03-07	2025-07-10
Pretty URL 190.92.1.42:8080/moodle/lib/javascript.php/1637252095/theme/eguru/javascript/theme.js IP 190.92.1.42 ASN #27884 CABLECOLOR S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:02 Last Seen2025-07-10 19:26 Times Seen44 Hash be04d2364e8e82b966a3d7377ab830a3 4cd22b03d2118d7aaa11975382bd42b3b16089ed b0d64b5a274e802622911167307c16ab386d6153800e252859b2efcec0b34799 Loading...

	190.92.1.42:8080/moodle/login/forgot_password.php	ScriptElement	1.1 kB	2024-08-19	2024-08-19
Pretty URL 190.92.1.42:8080/moodle/login/forgot_password.php IP 190.92.1.42 ASN #27884 CABLECOLOR S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 22:42 Last Seen2024-08-19 22:42 Times Seen1 Hash 83385a421f23eb5a2bc32e7e8fecb8d9 fdfe0706fc7cbb74ecb654abad213dc60215cfe1 02e646ddb9f47f01740bf58d98bb27b6104a5790b91dca396b537af0a527b960 Loading...

	190.92.1.42:8080/moodle/login/forgot_password.php	ScriptElement	1.4 kB	2023-11-25	2024-11-24
Pretty URL 190.92.1.42:8080/moodle/login/forgot_password.php IP 190.92.1.42 ASN #27884 CABLECOLOR S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-25 12:46 Last Seen2024-11-24 12:09 Times Seen3 Hash c66d3d129e13f4f01bb669cad5eaad8d ee8c86c23dc99ebe4f1aadf6c766fd83af5ac2e3 493be41887abcbefc1b621f94f24aeabcaa7532c09c77eb0b618864473f33d29 Loading...

	190.92.1.42:8080/moodle/theme/yui_combo.php?3.17.2/event-mousewheel/event-mousewheel-min.js&3.17.2/event-resize/event-resize-min.js&3.17.2/event-hover/event-hover-min.js&3.17.2/event-touch/event-touch-min.js&3.17.2/event-move/event-move-min.js&3.17.2/event-flick/event-flick-min.js&3.17.2/event-valuechange/event-valuechange-min.js&3.17.2/event-tap/event-tap-min.js	ScriptElement	15 kB	2023-03-07	2025-07-18
Pretty URL 190.92.1.42:8080/moodle/theme/yui_combo.php?3.17.2/event-mousewheel/event-mousewheel-min.js&3.17.2/event-resize/event-resize-min.js&3.17.2/event-hover/event-hover-min.js&3.17.2/event-touch/event-touch-min.js&3.17.2/event-move/event-move-min.js&3.17.2/event-flick/event-flick-min.js&3.17.2/event-valuechange/event-valuechange-min.js&3.17.2/event-tap/event-tap-min.js IP 190.92.1.42 ASN #27884 CABLECOLOR S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07 Last Seen2025-07-18 00:58 Times Seen1279 Hash 0151b48e61660bed14bf6acd5bb77210 e096360d7d8819dbbf42e7137ed9e37cdd286700 26d1a45d173703f01ca9bb8be4335bae6005c3bc0a5f78b380ad18fb152b8835 Loading...

	190.92.1.42:8080/moodle/login/forgot_password.php	ScriptElement	1.3 kB	2023-03-10	2025-07-07
Pretty URL 190.92.1.42:8080/moodle/login/forgot_password.php IP 190.92.1.42 ASN #27884 CABLECOLOR S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 00:50 Last Seen2025-07-07 19:50 Times Seen67 Hash ace6cd9dc7db3c316c1c146f9e4f4e78 d6314ba3b63c2d1e2aca9e2d6e7a79c094df4bca 96ef4f28811841362e1de5b7cbd5d357ebb0f7bca666ff36731db4b4d3b988c1 Loading...

	190.92.1.42:8080/moodle/lib/javascript.php/1637252095/lib/babel-polyfill/polyfill.min.js	ScriptElement	99 kB	2023-03-07	2025-07-11
Pretty URL 190.92.1.42:8080/moodle/lib/javascript.php/1637252095/lib/babel-polyfill/polyfill.min.js IP 190.92.1.42 ASN #27884 CABLECOLOR S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07 Last Seen2025-07-11 22:47 Times Seen572 Hash 36842211132011a28a3ad07a62a629b1 624790be7f03f203771237170bfdf62e0186ae0f d9e07890edf5f6f350ef465b37479fc6192923e60e64d9f20af37eb3b011cc66 Loading...

	190.92.1.42:8080/moodle/login/forgot_password.php	ScriptElement	670 B	2024-08-19	2024-08-19
Pretty URL 190.92.1.42:8080/moodle/login/forgot_password.php IP 190.92.1.42 ASN #27884 CABLECOLOR S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 22:42 Last Seen2024-08-19 22:42 Times Seen1 Hash 67abecdc0b80c92a3d347ebf96a1b90c ea1adb71dd9bc96ebbda7857211cfe7fe70910d9 4e9a1c8a779ad3ea849dfbf669361d3bdf2e09e020c596416fce1f659b136409 Loading...

HTTP Transactions (20)

URL IP Response Size

GET 190.92.1.42:8080/moodle/login/forgot_password.php

190.92.1.42

200 OK

24 kB

URL User Request GET HTTP/1.1
190.92.1.42:8080/moodle/login/forgot_password.php
IP
190.92.1.42:8080
ASN
#27884 CABLECOLOR S.A.

File type
HTML document, ASCII text, with very long lines (11961), with CRLF, LF line terminators
Size
24 kB (24424 bytes)
Hash
02559030ffee3e7962cc754c2d5ed642
38bf5762d08c8187f19a3c99c3f7190ac6102d12
7f2a734d53e7fd3e51c36ca509741012a2809ddc904a8d62d135613f918d75fc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/login/forgot_password.php HTTP/1.1
Host: 190.92.1.42:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private, pre-check=0, post-check=0, max-age=0, no-transform
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Language: en
Accept-Ranges: none
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.7
Set-Cookie: MoodleSession=c84uu2k71ogmnka5praseg0n20; path=/moodle/
Content-Script-Type: text/javascript
Content-Style-Type: text/css
X-UA-Compatible: IE=edge
X-Frame-Options: sameorigin
Date: Fri, 17 May 2024 10:41:33 GMT
Content-Length: 24424

GET 190.92.1.42:8080/moodle/lib/javascript.php/1637252095/lib/babel-polyfill/polyfill.min.js

190.92.1.42

200 OK

34 kB

URL GET HTTP/1.1
190.92.1.42:8080/moodle/lib/javascript.php/1637252095/lib/babel-polyfill/polyfill.min.js
IP
190.92.1.42:8080
ASN
#27884 CABLECOLOR S.A.

Requested by
http://190.92.1.42:8080/moodle/login/forgot_password.php

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (34750), with NEL line terminators
Size
34 kB (34221 bytes)
Hash
36842211132011a28a3ad07a62a629b1
624790be7f03f203771237170bfdf62e0186ae0f
d9e07890edf5f6f350ef465b37479fc6192923e60e64d9f20af37eb3b011cc66

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/lib/javascript.php/1637252095/lib/babel-polyfill/polyfill.min.js HTTP/1.1
Host: 190.92.1.42:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://190.92.1.42:8080/moodle/login/forgot_password.php
Cookie: MoodleSession=c84uu2k71ogmnka5praseg0n20
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=7776000, immutable
Content-Type: application/javascript; charset=utf-8
Content-Encoding: gzip
Expires: Thu, 15 Aug 2024 10:41:33 GMT
Last-Modified: Thu, 18 Nov 2021 16:15:10 GMT
Accept-Ranges: none
ETag: "8e15db3107dd7c439e6c9295cb82e51b342deead"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.7
Content-Disposition: inline; filename="javascript.php"
Date: Fri, 17 May 2024 10:41:33 GMT
Content-Length: 34221

GET 190.92.1.42:8080/moodle/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.css

190.92.1.42

200 OK

1.0 kB

URL GET HTTP/1.1
190.92.1.42:8080/moodle/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.css
IP
190.92.1.42:8080
ASN
#27884 CABLECOLOR S.A.

Requested by
http://190.92.1.42:8080/moodle/login/forgot_password.php

File type
ASCII text, with very long lines (1979)
Size
1.0 kB (1035 bytes)
Hash
513a25e692b0f89326ceae1b1fd34b3f
413a14125fe60e21ae94a4b69dd5c8ae9c06c6cb
45b30b681ac946d1ef0352364b41a3908b8f351aa8613d87241a94489bf9fd8f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.css HTTP/1.1
Host: 190.92.1.42:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://190.92.1.42:8080/moodle/login/forgot_password.php
Cookie: MoodleSession=c84uu2k71ogmnka5praseg0n20
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=31104000, immutable
Content-Type: text/css;charset=UTF-8
Content-Encoding: gzip
Expires: Mon, 12 May 2025 10:41:33 GMT
Last-Modified: Thu, 17 Jun 2021 23:22:18 GMT
Accept-Ranges: none
ETag: "b9bc567c469e2872cf3bbb14603342a72de2509b"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.7
Content-Disposition: inline; filename="combo"
Date: Fri, 17 May 2024 10:41:33 GMT
Content-Length: 1035

GET 190.92.1.42:8080/moodle/lib/javascript.php/1637252095/lib/polyfills/polyfill.js

190.92.1.42

200 OK

5.2 kB

URL GET HTTP/1.1
190.92.1.42:8080/moodle/lib/javascript.php/1637252095/lib/polyfills/polyfill.js
IP
190.92.1.42:8080
ASN
#27884 CABLECOLOR S.A.

Requested by
http://190.92.1.42:8080/moodle/login/forgot_password.php

File type
JavaScript source, ASCII text, with very long lines (17856), with no line terminators
Size
5.2 kB (5244 bytes)
Hash
563ca457160c0b52e488c2cb8163bddb
048c8ec5be59391d29d19edd2d50d771308a3b08
e9b11833a390cf8a12e5b6c02602d27f79591160cfdde6c9029be7efa3eef847

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/lib/javascript.php/1637252095/lib/polyfills/polyfill.js HTTP/1.1
Host: 190.92.1.42:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://190.92.1.42:8080/moodle/login/forgot_password.php
Cookie: MoodleSession=c84uu2k71ogmnka5praseg0n20
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=7776000, immutable
Content-Type: application/javascript; charset=utf-8
Content-Encoding: gzip
Expires: Thu, 15 Aug 2024 10:41:33 GMT
Last-Modified: Thu, 18 Nov 2021 16:15:10 GMT
Accept-Ranges: none
ETag: "152461012407eeb6d716a17fe882c524804eb3d8"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.7
Content-Disposition: inline; filename="javascript.php"
Date: Fri, 17 May 2024 10:41:33 GMT
Content-Length: 5244

GET 190.92.1.42:8080/moodle/lib/javascript.php/1637252095/lib/javascript-static.js

190.92.1.42

200 OK

6.8 kB

URL GET HTTP/1.1
190.92.1.42:8080/moodle/lib/javascript.php/1637252095/lib/javascript-static.js
IP
190.92.1.42:8080
ASN
#27884 CABLECOLOR S.A.

Requested by
http://190.92.1.42:8080/moodle/login/forgot_password.php

File type
JavaScript source, ASCII text, with very long lines (1875)
Size
6.8 kB (6777 bytes)
Hash
ac7f47cc5271b4115ac489f7a0d70737
bb091a4de18f4ffce0ba80668ed0427ae03001d0
ec9d65cb26cade9adcf9c012734551cf8c86c49a1ff45fef12662ae42f312e3f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/lib/javascript.php/1637252095/lib/javascript-static.js HTTP/1.1
Host: 190.92.1.42:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://190.92.1.42:8080/moodle/login/forgot_password.php
Cookie: MoodleSession=c84uu2k71ogmnka5praseg0n20
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=7776000, immutable
Content-Type: application/javascript; charset=utf-8
Content-Encoding: gzip
Expires: Thu, 15 Aug 2024 10:41:33 GMT
Last-Modified: Thu, 18 Nov 2021 16:15:10 GMT
Accept-Ranges: none
ETag: "4a1e2e997cff83363ce97a23abe3ae102e881655"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.7
Content-Disposition: inline; filename="javascript.php"
Date: Fri, 17 May 2024 10:41:33 GMT
Content-Length: 6777

GET 190.92.1.42:8080/moodle/lib/javascript.php/1637252095/lib/requirejs/require.min.js

190.92.1.42

200 OK

6.7 kB

URL GET HTTP/1.1
190.92.1.42:8080/moodle/lib/javascript.php/1637252095/lib/requirejs/require.min.js
IP
190.92.1.42:8080
ASN
#27884 CABLECOLOR S.A.

Requested by
http://190.92.1.42:8080/moodle/login/forgot_password.php

File type
JavaScript source, ASCII text, with very long lines (17535)
Size
6.7 kB (6662 bytes)
Hash
1f53ac504f7e69a6df96140eed2d4df2
da00136dd3fd0ccab626d7555ccb5fdf1c096fad
9ce0dbd6a1df9332653e27d1ddc505c5b78fd82b4112de0ec63840c3fbe0b8c2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/lib/javascript.php/1637252095/lib/requirejs/require.min.js HTTP/1.1
Host: 190.92.1.42:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://190.92.1.42:8080/moodle/login/forgot_password.php
Cookie: MoodleSession=c84uu2k71ogmnka5praseg0n20
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=7776000, immutable
Content-Type: application/javascript; charset=utf-8
Content-Encoding: gzip
Expires: Thu, 15 Aug 2024 10:41:34 GMT
Last-Modified: Thu, 18 Nov 2021 16:14:57 GMT
Accept-Ranges: none
ETag: "b73a79335a3558b5a1fb4ed0c41bbc8091afca5f"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.7
Content-Disposition: inline; filename="javascript.php"
Date: Fri, 17 May 2024 10:41:33 GMT
Content-Length: 6662

GET 190.92.1.42:8080/moodle/lib/javascript.php/1637252095/theme/eguru/javascript/theme.js

190.92.1.42

200 OK

370 B

URL GET HTTP/1.1
190.92.1.42:8080/moodle/lib/javascript.php/1637252095/theme/eguru/javascript/theme.js
IP
190.92.1.42:8080
ASN
#27884 CABLECOLOR S.A.

Requested by
http://190.92.1.42:8080/moodle/login/forgot_password.php

File type
JavaScript source, ASCII text
Size
370 B (370 bytes)
Hash
be04d2364e8e82b966a3d7377ab830a3
4cd22b03d2118d7aaa11975382bd42b3b16089ed
b0d64b5a274e802622911167307c16ab386d6153800e252859b2efcec0b34799

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/lib/javascript.php/1637252095/theme/eguru/javascript/theme.js HTTP/1.1
Host: 190.92.1.42:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://190.92.1.42:8080/moodle/login/forgot_password.php
Cookie: MoodleSession=c84uu2k71ogmnka5praseg0n20
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=7776000, immutable
Content-Type: application/javascript; charset=utf-8
Content-Encoding: gzip
Expires: Thu, 15 Aug 2024 10:41:34 GMT
Last-Modified: Thu, 18 Nov 2021 16:17:33 GMT
Accept-Ranges: none
ETag: "7395f932a7a7c86168c705790d3eb5ad6e94d908"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.7
Content-Disposition: inline; filename="javascript.php"
Date: Fri, 17 May 2024 10:41:33 GMT
Content-Length: 370

GET 190.92.1.42:8080/moodle/theme/jquery.php/core/jquery-3.5.1.min.js

190.92.1.42

200 OK

31 kB

URL GET HTTP/1.1
190.92.1.42:8080/moodle/theme/jquery.php/core/jquery-3.5.1.min.js
IP
190.92.1.42:8080
ASN
#27884 CABLECOLOR S.A.

Requested by
http://190.92.1.42:8080/moodle/login/forgot_password.php

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
31 kB (30917 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/theme/jquery.php/core/jquery-3.5.1.min.js HTTP/1.1
Host: 190.92.1.42:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://190.92.1.42:8080/moodle/login/forgot_password.php
Cookie: MoodleSession=c84uu2k71ogmnka5praseg0n20
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=7776000, immutable
Content-Type: application/javascript
Content-Encoding: gzip
Expires: Thu, 15 Aug 2024 10:41:33 GMT
Last-Modified: Thu, 17 Jun 2021 23:22:49 GMT
Accept-Ranges: none
ETag: "4b8aa14814e2b6275b74f5067284259e35de0c15"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.7
Content-Disposition: inline; filename="jquery-3.5.1.min.js"
Date: Fri, 17 May 2024 10:41:33 GMT
Content-Length: 30917

GET 190.92.1.42:8080/moodle/theme/styles.php/eguru/1637275995_1/all

190.92.1.42

200 OK

129 kB

URL GET HTTP/1.1
190.92.1.42:8080/moodle/theme/styles.php/eguru/1637275995_1/all
IP
190.92.1.42:8080
ASN
#27884 CABLECOLOR S.A.

Requested by
http://190.92.1.42:8080/moodle/login/forgot_password.php

File type
Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Size
129 kB (129030 bytes)
Hash
3b8da310a2f5637e27da10cda9c88fad
d7d70db69cbf3a89b483555bd56a5585f017563a
8905a39cf96d38a1be027cc78f508ed5c111d550bc206dc3ff66ecdc938ed605

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/theme/styles.php/eguru/1637275995_1/all HTTP/1.1
Host: 190.92.1.42:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://190.92.1.42:8080/moodle/login/forgot_password.php
Cookie: MoodleSession=c84uu2k71ogmnka5praseg0n20
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=7776000, immutable
Content-Type: text/css; charset=utf-8
Content-Encoding: gzip
Expires: Thu, 15 Aug 2024 10:41:33 GMT
Last-Modified: Thu, 18 Nov 2021 22:53:18 GMT
Accept-Ranges: none
ETag: "3f37a94a5474b014dcf7c0e898e47b407d3448cb"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.7
Content-Disposition: inline; filename="styles.php"
Date: Fri, 17 May 2024 10:41:33 GMT
Content-Length: 129030

GET 190.92.1.42:8080/moodle/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.js

190.92.1.42

200 OK

84 kB

URL GET HTTP/1.1
190.92.1.42:8080/moodle/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.js
IP
190.92.1.42:8080
ASN
#27884 CABLECOLOR S.A.

Requested by
http://190.92.1.42:8080/moodle/login/forgot_password.php

File type
JavaScript source, ASCII text, with very long lines (6010)
Size
84 kB (84392 bytes)
Hash
8039fd714b58260199b364107c92bff6
3776c202a78a99e5eeaafbdc7d8ad61acee3af1d
13eaaadfa414f262b7964320054bb2b322b9ef9f3522bc25c9d60dc83b5141cf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.js HTTP/1.1
Host: 190.92.1.42:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://190.92.1.42:8080/moodle/login/forgot_password.php
Cookie: MoodleSession=c84uu2k71ogmnka5praseg0n20
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=31104000, immutable
Content-Type: application/javascript
Content-Encoding: gzip
Expires: Mon, 12 May 2025 10:41:33 GMT
Last-Modified: Thu, 17 Jun 2021 23:22:18 GMT
Accept-Ranges: none
ETag: "78581a0bac8a932effb32db3e91e0f2f2b47c08e"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.7
Content-Disposition: inline; filename="combo"
Date: Fri, 17 May 2024 10:41:33 GMT
Content-Length: 84392

GET 190.92.1.42:8080/moodle/theme/yui_combo.php?m/1637252095/core/event/event-min.js&m/1637252095/filter_mathjaxloader/loader/loader-min.js

190.92.1.42

200 OK

857 B

URL GET HTTP/1.1
190.92.1.42:8080/moodle/theme/yui_combo.php?m/1637252095/core/event/event-min.js&m/1637252095/filter_mathjaxloader/loader/loader-min.js
IP
190.92.1.42:8080
ASN
#27884 CABLECOLOR S.A.

Requested by
http://190.92.1.42:8080/moodle/login/forgot_password.php

File type
JavaScript source, ASCII text, with very long lines (2198), with no line terminators
Size
857 B (857 bytes)
Hash
78e865a30eff73e43dca8b8e44bcbb6e
242cf2f16d121fc1d5a486063a0d6ab130abbf23
7eb61ba5b02c939a8985c145a24985cb3b4e3cadfcfc00fa5bca76aa0d8c5238

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/theme/yui_combo.php?m/1637252095/core/event/event-min.js&m/1637252095/filter_mathjaxloader/loader/loader-min.js HTTP/1.1
Host: 190.92.1.42:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://190.92.1.42:8080/moodle/login/forgot_password.php
Cookie: MoodleSession=c84uu2k71ogmnka5praseg0n20
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=31104000, immutable
Content-Type: application/javascript
Content-Encoding: gzip
Expires: Mon, 12 May 2025 10:41:35 GMT
Last-Modified: Thu, 17 Jun 2021 23:21:39 GMT
Accept-Ranges: none
ETag: "95274470ae35754a092d54d65d3127fb12c9cd75"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.7
Content-Disposition: inline; filename="combo"
Date: Fri, 17 May 2024 10:41:35 GMT
Content-Length: 857

GET 190.92.1.42:8080/moodle/theme/yui_combo.php?m/1637252095/core/formchangechecker/formchangechecker-min.js

190.92.1.42

200 OK

960 B

URL GET HTTP/1.1
190.92.1.42:8080/moodle/theme/yui_combo.php?m/1637252095/core/formchangechecker/formchangechecker-min.js
IP
190.92.1.42:8080
ASN
#27884 CABLECOLOR S.A.

Requested by
http://190.92.1.42:8080/moodle/login/forgot_password.php

File type
ASCII text, with very long lines (3346), with no line terminators
Size
960 B (960 bytes)
Hash
9aa4b38c46dfd3cc875bef3f610116d7
1a5809d9bb6888fb3d35e247cf7e766c58883cf2
27a687f809c9d5337b0f2031750d42ccfda242a1cfb3a4b4f44f7f05bf1894a4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/theme/yui_combo.php?m/1637252095/core/formchangechecker/formchangechecker-min.js HTTP/1.1
Host: 190.92.1.42:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://190.92.1.42:8080/moodle/login/forgot_password.php
Cookie: MoodleSession=c84uu2k71ogmnka5praseg0n20
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=31104000, immutable
Content-Type: application/javascript
Content-Encoding: gzip
Expires: Mon, 12 May 2025 10:41:35 GMT
Last-Modified: Thu, 17 Jun 2021 23:21:39 GMT
Accept-Ranges: none
ETag: "0fcd1788cbb95209d7a2ba390159aeb99cd5892e"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.7
Content-Disposition: inline; filename="combo"
Date: Fri, 17 May 2024 10:41:35 GMT
Content-Length: 960

GET 190.92.1.42:8080/moodle/theme/image.php/eguru/theme/1637275995/favicon

190.92.1.42

200 OK

5.4 kB

URL GET HTTP/1.1
190.92.1.42:8080/moodle/theme/image.php/eguru/theme/1637275995/favicon
IP
190.92.1.42:8080
ASN
#27884 CABLECOLOR S.A.

Requested by
http://190.92.1.42:8080/moodle/login/forgot_password.php

File type
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Size
5.4 kB (5430 bytes)
Hash
6313d3586939674818fb4074a5b21e40
0adae7991acadf022c482a932ee5322f8d9a2bed
1d2e32efa495f58fd7229329ebc3138a3e78a30286535e900262b68905bf8a76

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/theme/image.php/eguru/theme/1637275995/favicon HTTP/1.1
Host: 190.92.1.42:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://190.92.1.42:8080/moodle/login/forgot_password.php
Cookie: MoodleSession=c84uu2k71ogmnka5praseg0n20
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=7776000, no-transform, immutable
Content-Type: image/vnd.microsoft.icon
Expires: Thu, 15 Aug 2024 10:41:35 GMT
Last-Modified: Thu, 18 Nov 2021 22:53:19 GMT
Accept-Ranges: none
ETag: "2cbaa5f915c7745cb54888b9ac4fc2196e271cb0"
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.7
Content-Disposition: inline; filename="favicon.ico"
Date: Fri, 17 May 2024 10:41:35 GMT
Content-Length: 5430

GET 190.92.1.42:8080/moodle/lib/requirejs.php/1637252095/core/first.js

190.92.1.42

200 OK

304 kB

URL GET HTTP/1.1
190.92.1.42:8080/moodle/lib/requirejs.php/1637252095/core/first.js
IP
190.92.1.42:8080
ASN
#27884 CABLECOLOR S.A.

Requested by
http://190.92.1.42:8080/moodle/login/forgot_password.php

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
304 kB (304396 bytes)
Hash
c6e6343004e75759197456d1cbf74002
495ac1071563e0bb265c0784bc918db53adce072
9ab2c9162d6125aa160ca70abf589759c4bf0f6b7322112e61cb1f4a616aadd4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/lib/requirejs.php/1637252095/core/first.js HTTP/1.1
Host: 190.92.1.42:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://190.92.1.42:8080/moodle/login/forgot_password.php
Cookie: MoodleSession=c84uu2k71ogmnka5praseg0n20
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=7776000, immutable
Content-Type: application/javascript; charset=utf-8
Content-Encoding: gzip
Expires: Thu, 15 Aug 2024 10:41:35 GMT
Last-Modified: Thu, 18 Nov 2021 16:14:59 GMT
Accept-Ranges: none
ETag: "b556adc3a07fbdf79e82479302565b592762a758"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.7
Content-Disposition: inline; filename="requirejs.php"
Date: Fri, 17 May 2024 10:41:35 GMT
Content-Length: 304396

GET 190.92.1.42:8080/moodle/lib/javascript.php/1637252095/lib/jquery/jquery-3.5.1.min.js

190.92.1.42

200 OK

31 kB

URL GET HTTP/1.1
190.92.1.42:8080/moodle/lib/javascript.php/1637252095/lib/jquery/jquery-3.5.1.min.js
IP
190.92.1.42:8080
ASN
#27884 CABLECOLOR S.A.

Requested by
http://190.92.1.42:8080/moodle/login/forgot_password.php

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
31 kB (30914 bytes)
Hash
de4b1f62b938e770b049213be961e86e
4e6a1e0501610029a551c06a51f1acc3c8b6473a
621c0f52571ccff5dab81de13db26fda4b4a7dad83a01827c9139571023abea4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/lib/javascript.php/1637252095/lib/jquery/jquery-3.5.1.min.js HTTP/1.1
Host: 190.92.1.42:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://190.92.1.42:8080/moodle/login/forgot_password.php
Cookie: MoodleSession=c84uu2k71ogmnka5praseg0n20
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=7776000, immutable
Content-Type: application/javascript; charset=utf-8
Content-Encoding: gzip
Expires: Thu, 15 Aug 2024 10:41:37 GMT
Last-Modified: Thu, 18 Nov 2021 16:14:59 GMT
Accept-Ranges: none
ETag: "9803ecfab1765e2cc5618f99599f42850195b058"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.7
Content-Disposition: inline; filename="javascript.php"
Date: Fri, 17 May 2024 10:41:37 GMT
Content-Length: 30914

GET 190.92.1.42:8080/moodle/theme/yui_combo.php?3.17.2/event-mousewheel/event-mousewheel-min.js&3.17.2/event-resize/event-resize-min.js&3.17.2/event-hover/event-hover-min.js&3.17.2/event-touch/event-touch-min.js&3.17.2/event-move/event-move-min.js&3.17.2/event-flick/event-flick-min.js&3.17.2/event-valuechange/event-valuechange-min.js&3.17.2/event-tap/event-tap-min.js

190.92.1.42

200 OK

4.8 kB

URL GET HTTP/1.1
190.92.1.42:8080/moodle/theme/yui_combo.php?3.17.2/event-mousewheel/event-mousewheel-min.js&3.17.2/event-resize/event-resize-min.js&3.17.2/event-hover/event-hover-min.js&3.17.2/event-touch/event-touch-min.js&3.17.2/event-move/event-move-min.js&3.17.2/event-flick/event-flick-min.js&3.17.2/event-valuechange/event-valuechange-min.js&3.17.2/event-tap/event-tap-min.js
IP
190.92.1.42:8080
ASN
#27884 CABLECOLOR S.A.

Requested by
http://190.92.1.42:8080/moodle/login/forgot_password.php

File type
JavaScript source, ASCII text, with very long lines (3857)
Size
4.8 kB (4808 bytes)
Hash
0151b48e61660bed14bf6acd5bb77210
e096360d7d8819dbbf42e7137ed9e37cdd286700
26d1a45d173703f01ca9bb8be4335bae6005c3bc0a5f78b380ad18fb152b8835

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/theme/yui_combo.php?3.17.2/event-mousewheel/event-mousewheel-min.js&3.17.2/event-resize/event-resize-min.js&3.17.2/event-hover/event-hover-min.js&3.17.2/event-touch/event-touch-min.js&3.17.2/event-move/event-move-min.js&3.17.2/event-flick/event-flick-min.js&3.17.2/event-valuechange/event-valuechange-min.js&3.17.2/event-tap/event-tap-min.js HTTP/1.1
Host: 190.92.1.42:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://190.92.1.42:8080/moodle/login/forgot_password.php
Cookie: MoodleSession=c84uu2k71ogmnka5praseg0n20
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=31104000, immutable
Content-Type: application/javascript
Content-Encoding: gzip
Expires: Mon, 12 May 2025 10:41:37 GMT
Last-Modified: Thu, 17 Jun 2021 23:22:16 GMT
Accept-Ranges: none
ETag: "b24ca831785ba367093f089618e840be511be85d"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.7
Content-Disposition: inline; filename="combo"
Date: Fri, 17 May 2024 10:41:37 GMT
Content-Length: 4808

POST 190.92.1.42:8080/moodle/lib/ajax/service.php?sesskey=yxF9xgyubS&info=media_videojs_get_language

190.92.1.42

200 OK

4.5 kB

URL POST HTTP/1.1
190.92.1.42:8080/moodle/lib/ajax/service.php?sesskey=yxF9xgyubS&info=media_videojs_get_language
IP
190.92.1.42:8080
ASN
#27884 CABLECOLOR S.A.

Requested by
http://190.92.1.42:8080/moodle/login/forgot_password.php

File type
JSON text data
Size
4.5 kB (4530 bytes)
Hash
4d5523cbc76f44fe608854860b0a2569
b821723eb7ecf0b7e97c516fbbc88c3b85560229
2088fbe413aa7bc5fc811ec5778bd623becf7c1c149d2f12fc8c21ad7cd343d5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /moodle/lib/ajax/service.php?sesskey=yxF9xgyubS&info=media_videojs_get_language HTTP/1.1
Host: 190.92.1.42:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Content-Length: 76
Origin: http://190.92.1.42:8080
DNT: 1
Connection: keep-alive
Referer: http://190.92.1.42:8080/moodle/login/forgot_password.php
Cookie: MoodleSession=c84uu2k71ogmnka5praseg0n20
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.7
Date: Fri, 17 May 2024 10:41:37 GMT
Content-Length: 4530

GET 190.92.1.42:8080/moodle/lib/ajax/service-nologin.php?info=core_output_load_template_with_dependencies,core_output_load_template_with_dependencies,core_output_load_template_with_dependencies,core_output_load_template_with_dependencies&cachekey=1637252095&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22loading%22%2C%22themename%22%3A%22eguru%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal%22%2C%22themename%22%3A%22eguru%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal_backdrop%22%2C%22themename%22%3A%22eguru%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22pix_icon_fontawesome%22%2C%22themename%22%3A%22eguru%22%2C%22lang%22%3A%22en%22%7D%7D%5D

190.92.1.42

200 OK

2.4 kB

URL GET HTTP/1.1
190.92.1.42:8080/moodle/lib/ajax/service-nologin.php?info=core_output_load_template_with_dependencies,core_output_load_template_with_dependencies,core_output_load_template_with_dependencies,core_output_load_template_with_dependencies&cachekey=1637252095&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22loading%22%2C%22themename%22%3A%22eguru%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal%22%2C%22themename%22%3A%22eguru%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal_backdrop%22%2C%22themename%22%3A%22eguru%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22pix_icon_fontawesome%22%2C%22themename%22%3A%22eguru%22%2C%22lang%22%3A%22en%22%7D%7D%5D
IP
190.92.1.42:8080
ASN
#27884 CABLECOLOR S.A.

Requested by
http://190.92.1.42:8080/moodle/login/forgot_password.php

File type
JSON text data
Size
2.4 kB (2422 bytes)
Hash
f2f5d195ae0262b5de27122ead127b83
021acaf9e14d4fd6992da17347faf26bd4697d65
380abdf554c0d04799270cb6d2effc74cde736b03adf4cc3b1e3aac6cadab2c1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/lib/ajax/service-nologin.php?info=core_output_load_template_with_dependencies,core_output_load_template_with_dependencies,core_output_load_template_with_dependencies,core_output_load_template_with_dependencies&cachekey=1637252095&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22loading%22%2C%22themename%22%3A%22eguru%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal%22%2C%22themename%22%3A%22eguru%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal_backdrop%22%2C%22themename%22%3A%22eguru%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22pix_icon_fontawesome%22%2C%22themename%22%3A%22eguru%22%2C%22lang%22%3A%22en%22%7D%7D%5D HTTP/1.1
Host: 190.92.1.42:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://190.92.1.42:8080/moodle/login/forgot_password.php
Cookie: MoodleSession=c84uu2k71ogmnka5praseg0n20
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=7776000, immutable
Content-Type: application/json; charset=utf-8
Expires: Thu, 15 Aug 2024 10:41:38 GMT
Accept-Ranges: none
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.7
Date: Fri, 17 May 2024 10:41:37 GMT
Content-Length: 2422

GET 190.92.1.42:8080/moodle/lib/ajax/service-nologin.php?info=6-method-calls&cachekey=1637254985&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22cancel%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22closebuttontitle%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22loading%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22savechanges%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A4%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showless%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A5%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showmore%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22en%22%7D%7D%5D

190.92.1.42

200 OK

211 B

URL GET HTTP/1.1
190.92.1.42:8080/moodle/lib/ajax/service-nologin.php?info=6-method-calls&cachekey=1637254985&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22cancel%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22closebuttontitle%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22loading%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22savechanges%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A4%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showless%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A5%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showmore%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22en%22%7D%7D%5D
IP
190.92.1.42:8080
ASN
#27884 CABLECOLOR S.A.

Requested by
http://190.92.1.42:8080/moodle/login/forgot_password.php

File type
JSON text data
Size
211 B (211 bytes)
Hash
c135ebb8306e47146c197265b9c9022b
425c439b399cc4a29df884f4ac5aa75505944c2c
afefe583c5a695189962783424716b19758b2a08e71480cb91a73c88c98a20be

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/lib/ajax/service-nologin.php?info=6-method-calls&cachekey=1637254985&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22cancel%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22closebuttontitle%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22loading%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22savechanges%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A4%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showless%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A5%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showmore%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22en%22%7D%7D%5D HTTP/1.1
Host: 190.92.1.42:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://190.92.1.42:8080/moodle/login/forgot_password.php
Cookie: MoodleSession=c84uu2k71ogmnka5praseg0n20
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=7776000, immutable
Content-Type: application/json; charset=utf-8
Expires: Thu, 15 Aug 2024 10:41:38 GMT
Accept-Ranges: none
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.7
Date: Fri, 17 May 2024 10:41:37 GMT
Content-Length: 211

GET 190.92.1.42:8080/moodle/lib/ajax/service-nologin.php?info=core_output_load_fontawesome_icon_system_map&cachekey=1637275995&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_fontawesome_icon_system_map%22%2C%22args%22%3A%7B%22themename%22%3A%22eguru%22%7D%7D%5D

190.92.1.42

200 OK

30 kB

URL GET HTTP/1.1
190.92.1.42:8080/moodle/lib/ajax/service-nologin.php?info=core_output_load_fontawesome_icon_system_map&cachekey=1637275995&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_fontawesome_icon_system_map%22%2C%22args%22%3A%7B%22themename%22%3A%22eguru%22%7D%7D%5D
IP
190.92.1.42:8080
ASN
#27884 CABLECOLOR S.A.

Requested by
http://190.92.1.42:8080/moodle/login/forgot_password.php

File type
JSON text data
Size
30 kB (30335 bytes)
Hash
d524f73a29e9b843039ae1cb6cbb32d2
cc543fc5baddf7344d1bfc74b2379e566dec348e
d93c5799a66eb9410fac78ba5931b91952e86535506c004bf508ef4b1fdac69b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /moodle/lib/ajax/service-nologin.php?info=core_output_load_fontawesome_icon_system_map&cachekey=1637275995&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_fontawesome_icon_system_map%22%2C%22args%22%3A%7B%22themename%22%3A%22eguru%22%7D%7D%5D HTTP/1.1
Host: 190.92.1.42:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://190.92.1.42:8080/moodle/login/forgot_password.php
Cookie: MoodleSession=c84uu2k71ogmnka5praseg0n20
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=7776000, immutable
Content-Type: application/json; charset=utf-8
Expires: Thu, 15 Aug 2024 10:41:38 GMT
Accept-Ranges: none
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.7
Date: Fri, 17 May 2024 10:41:37 GMT
Content-Length: 30335

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (19)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash