190.64.77.194/
0 B IP
ASN #6057 Administracion Nacional de Telecomunicaciones
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 190.64.77.194
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Tue, 24 Oct 2023 11:46:40 GMT
Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_fcgid/2.3.9
X-Powered-By: PHP/7.4.13
Location: moodle/index.php
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
190.64.77.194/moodle/index.php
1.5 kB URL 190.64.77.194/moodle/index.php
IP
ASN #6057 Administracion Nacional de Telecomunicaciones
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (314)
Hash 4b608c72325907f27e15c0fbe951a48d
bda4e4e6a953197867d23efc142c2bee6e24a71b
99319928c18a1e660aee13fd41c185ce3aa6cf862b44ef282f24887f5139d0e2
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /moodle/index.php HTTP/1.1
Host: 190.64.77.194
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 303 See Other
Date: Tue, 24 Oct 2023 11:46:41 GMT
Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_fcgid/2.3.9
X-Powered-By: PHP/7.4.13
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Redirect-By: Moodle
Content-Language: en
Set-Cookie: MoodleSession=20sfjl78h1gb9riddalmlqcop0; path=/moodle/
Location: http://190.64.77.194/moodle/login/index.php
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
190.64.77.194/moodle/login/index.php
25 kB URL 190.64.77.194/moodle/login/index.php
IP
ASN #6057 Administracion Nacional de Telecomunicaciones
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (11931), with CRLF, LF line terminators
Hash 831cf1416371e0cc6f105336be6b94c0
95de223c93484a9dce541dca9fbbea59d2912a56
763268b1a722cf6410c77f0e2705cef9403f1c8513fca40c826b209bccaa8cce
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /moodle/login/index.php HTTP/1.1
Host: 190.64.77.194
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 24 Oct 2023 11:46:41 GMT
Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_fcgid/2.3.9
X-Powered-By: PHP/7.4.13
Content-Language: en
Content-Script-Type: text/javascript
Content-Style-Type: text/css
X-UA-Compatible: IE=edge
Cache-Control: private, pre-check=0, post-check=0, max-age=0, no-transform
Pragma: no-cache
Expires:
Accept-Ranges: none
X-Frame-Options: sameorigin
Set-Cookie: MoodleSession=8sot6ki6824ji9lu3qqosemsgi; path=/moodle/
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
190.64.77.194/moodle/login/forgot_password.php
200 OK 33 kB URL User Request GET HTTP/1.1 190.64.77.194/moodle/login/forgot_password.php
IP
ASN #6057 Administracion Nacional de Telecomunicaciones
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (11931), with CRLF, LF line terminators
Hash e67a00711272a5c9c74f1350eebe38a4
8d21d49b3d274589e33bb0aebb49280c14b5eac7
da7110cbbd5ec1f2fbf623fc860c50bdcf070c6b62b60c4fb617371770665480
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /moodle/login/forgot_password.php HTTP/1.1
Host: 190.64.77.194
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 24 Oct 2023 11:46:42 GMT
Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_fcgid/2.3.9
X-Powered-By: PHP/7.4.13
Content-Language: en
Content-Script-Type: text/javascript
Content-Style-Type: text/css
X-UA-Compatible: IE=edge
Cache-Control: private, pre-check=0, post-check=0, max-age=0, no-transform
Pragma: no-cache
Expires:
Accept-Ranges: none
X-Frame-Options: sameorigin
Set-Cookie: MoodleSession=kugandpls9nhchnva5q2evg664; path=/moodle/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
190.64.77.194/moodle/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.css
200 OK 1.0 kB URL GET HTTP/1.1 190.64.77.194/moodle/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.css
IP
ASN #6057 Administracion Nacional de Telecomunicaciones
Requested by http://190.64.77.194/moodle/login/forgot_password.php
File type ASCII text, with very long lines (1979)
Hash 513a25e692b0f89326ceae1b1fd34b3f
413a14125fe60e21ae94a4b69dd5c8ae9c06c6cb
45b30b681ac946d1ef0352364b41a3908b8f351aa8613d87241a94489bf9fd8f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /moodle/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.css HTTP/1.1
Host: 190.64.77.194
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://190.64.77.194/moodle/login/forgot_password.php
Cookie: MoodleSession=kugandpls9nhchnva5q2evg664
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 24 Oct 2023 11:46:43 GMT
Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_fcgid/2.3.9
X-Powered-By: PHP/7.4.13
Content-Disposition: inline; filename="combo"
Expires: Fri, 18 Oct 2024 11:46:43 GMT
Pragma:
Cache-Control: public, max-age=31104000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Thu, 10 Dec 2020 21:10:47 GMT
Etag: "b9bc567c469e2872cf3bbb14603342a72de2509b"
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css;charset=UTF-8
190.64.77.194/moodle/lib/javascript.php/1685968224/lib/requirejs/require.min.js
200 OK 6.7 kB URL GET HTTP/1.1 190.64.77.194/moodle/lib/javascript.php/1685968224/lib/requirejs/require.min.js
IP
ASN #6057 Administracion Nacional de Telecomunicaciones
Requested by http://190.64.77.194/moodle/login/forgot_password.php
File type ASCII text, with very long lines (17535)
Hash 1f53ac504f7e69a6df96140eed2d4df2
da00136dd3fd0ccab626d7555ccb5fdf1c096fad
9ce0dbd6a1df9332653e27d1ddc505c5b78fd82b4112de0ec63840c3fbe0b8c2
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /moodle/lib/javascript.php/1685968224/lib/requirejs/require.min.js HTTP/1.1
Host: 190.64.77.194
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://190.64.77.194/moodle/login/forgot_password.php
Cookie: MoodleSession=kugandpls9nhchnva5q2evg664
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 24 Oct 2023 11:46:43 GMT
Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_fcgid/2.3.9
X-Powered-By: PHP/7.4.13
Content-Disposition: inline; filename="javascript.php"
Expires: Mon, 22 Jan 2024 11:46:43 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Etag: "9a0f76efb1239d047b6b884c35389b853bf25ba5"
Last-Modified: Mon, 05 Jun 2023 12:30:25 GMT
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=utf-8
upload.wikimedia.org/wikipedia/commons/thumb/e/e7/Instagram_logo_2016.svg/1200px-Instagram_logo_2016.svg.png
200 OK 142 kB URL GET HTTP/2 upload.wikimedia.org/wikipedia/commons/thumb/e/e7/Instagram_logo_2016.svg/1200px-Instagram_logo_2016.svg.png
IP
Requested by http://190.64.77.194/moodle/login/forgot_password.php
Certificate IssuerDigiCert Inc
Subject*.wikipedia.org
Fingerprint91:D4:DD:DD:2F:F9:18:E0:19:07:D8:6B:C7:54:54:F1:1A:8F:2C:DC
ValidityThu, 27 Oct 2022 00:00:00 GMT - Fri, 17 Nov 2023 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Size 142 kB (142528 bytes)
Hash c9406aa5dc79b9af630de41183cbbf13
778b113f194e46540f2157a4fc33b034c47d2826
f1f7c262a6862a4edd017a3d3f45bb2fb2b72f845960795af00da04328b7213a
GET /wikipedia/commons/thumb/e/e7/Instagram_logo_2016.svg/1200px-Instagram_logo_2016.svg.png HTTP/1.1
Host: upload.wikimedia.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://190.64.77.194/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 24 Oct 2023 07:33:39 GMT
etag: c9406aa5dc79b9af630de41183cbbf13
server: ATS/9.1.4
content-type: image/webp
content-length: 142528
content-disposition: inline;filename*=UTF-8''Instagram_logo_2016.svg.webp
last-modified: Fri, 18 Aug 2023 06:17:42 GMT
age: 15606
x-cache: cp3078 hit, cp3078 hit/96
x-cache-status: hit-front
server-timing: cache;desc="hit-front", host;desc="cp3078"
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
nel: { "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
x-client-ip: 91.90.42.154
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
timing-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
190.64.77.194/moodle/lib/javascript.php/1685968224/lib/polyfills/polyfill.js
200 OK 5.1 kB URL GET HTTP/1.1 190.64.77.194/moodle/lib/javascript.php/1685968224/lib/polyfills/polyfill.js
IP
ASN #6057 Administracion Nacional de Telecomunicaciones
Requested by http://190.64.77.194/moodle/login/forgot_password.php
File type ASCII text, with very long lines (17500), with no line terminators
Hash 901890f127a81c136912ceb57c131305
ef4bd0e1c5d2dcb97265830feff005f682020a5d
244ff779cc4a0d32d8a21e1dceece94080b39c4b2c77ab5c0a772f333db71216
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /moodle/lib/javascript.php/1685968224/lib/polyfills/polyfill.js HTTP/1.1
Host: 190.64.77.194
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://190.64.77.194/moodle/login/forgot_password.php
Cookie: MoodleSession=kugandpls9nhchnva5q2evg664
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 24 Oct 2023 11:46:43 GMT
Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_fcgid/2.3.9
X-Powered-By: PHP/7.4.13
Content-Disposition: inline; filename="javascript.php"
Expires: Mon, 22 Jan 2024 11:46:43 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Etag: "2b5b7e9afc81fc19b8702eb689be77531332fe81"
Last-Modified: Mon, 05 Jun 2023 12:30:39 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=utf-8
190.64.77.194/moodle/lib/javascript.php/1685968224/lib/javascript-static.js
200 OK 6.8 kB URL GET HTTP/1.1 190.64.77.194/moodle/lib/javascript.php/1685968224/lib/javascript-static.js
IP
ASN #6057 Administracion Nacional de Telecomunicaciones
Requested by http://190.64.77.194/moodle/login/forgot_password.php
File type HTML document, ASCII text, with very long lines (1875)
Hash ac7f47cc5271b4115ac489f7a0d70737
bb091a4de18f4ffce0ba80668ed0427ae03001d0
ec9d65cb26cade9adcf9c012734551cf8c86c49a1ff45fef12662ae42f312e3f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /moodle/lib/javascript.php/1685968224/lib/javascript-static.js HTTP/1.1
Host: 190.64.77.194
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://190.64.77.194/moodle/login/forgot_password.php
Cookie: MoodleSession=kugandpls9nhchnva5q2evg664
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 24 Oct 2023 11:46:43 GMT
Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_fcgid/2.3.9
X-Powered-By: PHP/7.4.13
Content-Disposition: inline; filename="javascript.php"
Expires: Mon, 22 Jan 2024 11:46:43 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Etag: "b3645872f35c9e5c8bf5d5f2fbc2c936a0af7bec"
Last-Modified: Mon, 05 Jun 2023 12:30:39 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=utf-8
190.64.77.194/moodle/lib/javascript.php/1685968224/lib/babel-polyfill/polyfill.min.js
200 OK 34 kB URL GET HTTP/1.1 190.64.77.194/moodle/lib/javascript.php/1685968224/lib/babel-polyfill/polyfill.min.js
IP
ASN #6057 Administracion Nacional de Telecomunicaciones
Requested by http://190.64.77.194/moodle/login/forgot_password.php
File type Unicode text, UTF-8 text, with very long lines (34750), with NEL line terminators
Hash 36842211132011a28a3ad07a62a629b1
624790be7f03f203771237170bfdf62e0186ae0f
d9e07890edf5f6f350ef465b37479fc6192923e60e64d9f20af37eb3b011cc66
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /moodle/lib/javascript.php/1685968224/lib/babel-polyfill/polyfill.min.js HTTP/1.1
Host: 190.64.77.194
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://190.64.77.194/moodle/login/forgot_password.php
Cookie: MoodleSession=kugandpls9nhchnva5q2evg664
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 24 Oct 2023 11:46:43 GMT
Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_fcgid/2.3.9
X-Powered-By: PHP/7.4.13
Content-Disposition: inline; filename="javascript.php"
Expires: Mon, 22 Jan 2024 11:46:43 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Etag: "fc8db1eba308b5c559e7ece4bc2fa5e1cb128e80"
Last-Modified: Mon, 05 Jun 2023 12:30:39 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=utf-8
190.64.77.194/moodle/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.js
200 OK 84 kB URL GET HTTP/1.1 190.64.77.194/moodle/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.js
IP
ASN #6057 Administracion Nacional de Telecomunicaciones
Requested by http://190.64.77.194/moodle/login/forgot_password.php
File type ASCII text, with very long lines (6010)
Hash 8039fd714b58260199b364107c92bff6
3776c202a78a99e5eeaafbdc7d8ad61acee3af1d
13eaaadfa414f262b7964320054bb2b322b9ef9f3522bc25c9d60dc83b5141cf
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /moodle/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.js HTTP/1.1
Host: 190.64.77.194
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://190.64.77.194/moodle/login/forgot_password.php
Cookie: MoodleSession=kugandpls9nhchnva5q2evg664
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 24 Oct 2023 11:46:43 GMT
Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_fcgid/2.3.9
X-Powered-By: PHP/7.4.13
Content-Disposition: inline; filename="combo"
Expires: Fri, 18 Oct 2024 11:46:43 GMT
Pragma:
Cache-Control: public, max-age=31104000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Thu, 10 Dec 2020 21:10:47 GMT
Etag: "78581a0bac8a932effb32db3e91e0f2f2b47c08e"
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
190.64.77.194/moodle/theme/styles.php/boost/1685968223_1/all
200 OK 110 kB URL GET HTTP/1.1 190.64.77.194/moodle/theme/styles.php/boost/1685968223_1/all
IP
ASN #6057 Administracion Nacional de Telecomunicaciones
Requested by http://190.64.77.194/moodle/login/forgot_password.php
File type Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Size 110 kB (110328 bytes)
Hash bf72564180003043d8e0b944794543cd
35cb6dc1a232530c8e000187c27669615098946c
c58233cac3c6f61b9f8d1c53261b7451b64b1c4d7274abe0f40dbd3f7463c59f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /moodle/theme/styles.php/boost/1685968223_1/all HTTP/1.1
Host: 190.64.77.194
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://190.64.77.194/moodle/login/forgot_password.php
Cookie: MoodleSession=kugandpls9nhchnva5q2evg664
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 24 Oct 2023 11:46:43 GMT
Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_fcgid/2.3.9
X-Powered-By: PHP/7.4.13
Content-Disposition: inline; filename="styles.php"
Expires: Mon, 22 Jan 2024 11:46:43 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Etag: "c329da3fbccb83181bdcdd632074c41c12b0cc17"
Last-Modified: Mon, 23 Oct 2023 15:57:08 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css; charset=utf-8
190.64.77.194/moodle/theme/yui_combo.php?m/1685968224/core/event/event-min.js&m/1685968224/filter_mathjaxloader/loader/loader-min.js
200 OK 857 B URL GET HTTP/1.1 190.64.77.194/moodle/theme/yui_combo.php?m/1685968224/core/event/event-min.js&m/1685968224/filter_mathjaxloader/loader/loader-min.js
IP
ASN #6057 Administracion Nacional de Telecomunicaciones
Requested by http://190.64.77.194/moodle/login/forgot_password.php
File type ASCII text, with very long lines (2198), with no line terminators
Hash 78e865a30eff73e43dca8b8e44bcbb6e
242cf2f16d121fc1d5a486063a0d6ab130abbf23
7eb61ba5b02c939a8985c145a24985cb3b4e3cadfcfc00fa5bca76aa0d8c5238
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /moodle/theme/yui_combo.php?m/1685968224/core/event/event-min.js&m/1685968224/filter_mathjaxloader/loader/loader-min.js HTTP/1.1
Host: 190.64.77.194
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://190.64.77.194/moodle/login/forgot_password.php
Cookie: MoodleSession=kugandpls9nhchnva5q2evg664
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 24 Oct 2023 11:46:44 GMT
Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_fcgid/2.3.9
X-Powered-By: PHP/7.4.13
Content-Disposition: inline; filename="combo"
Expires: Fri, 18 Oct 2024 11:46:44 GMT
Pragma:
Cache-Control: public, max-age=31104000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Thu, 10 Dec 2020 21:10:47 GMT
Etag: "f3a37f66cf7565c5293ae428991830da70d8a45f"
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
190.64.77.194/moodle/theme/yui_combo.php?m/1685968224/core/formchangechecker/formchangechecker-min.js
200 OK 960 B URL GET HTTP/1.1 190.64.77.194/moodle/theme/yui_combo.php?m/1685968224/core/formchangechecker/formchangechecker-min.js
IP
ASN #6057 Administracion Nacional de Telecomunicaciones
Requested by http://190.64.77.194/moodle/login/forgot_password.php
File type ASCII text, with very long lines (3346), with no line terminators
Hash 9aa4b38c46dfd3cc875bef3f610116d7
1a5809d9bb6888fb3d35e247cf7e766c58883cf2
27a687f809c9d5337b0f2031750d42ccfda242a1cfb3a4b4f44f7f05bf1894a4
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /moodle/theme/yui_combo.php?m/1685968224/core/formchangechecker/formchangechecker-min.js HTTP/1.1
Host: 190.64.77.194
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://190.64.77.194/moodle/login/forgot_password.php
Cookie: MoodleSession=kugandpls9nhchnva5q2evg664
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 24 Oct 2023 11:46:45 GMT
Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_fcgid/2.3.9
X-Powered-By: PHP/7.4.13
Content-Disposition: inline; filename="combo"
Expires: Fri, 18 Oct 2024 11:46:45 GMT
Pragma:
Cache-Control: public, max-age=31104000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Thu, 10 Dec 2020 21:10:47 GMT
Etag: "d66d126e07316c15d22deaec6b98c7854b0a3ef2"
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
190.64.77.194/moodle/theme/font.php/boost/core/1685968223/fontawesome-webfont.woff2?v=4.7.0
200 OK 77 kB URL GET HTTP/1.1 190.64.77.194/moodle/theme/font.php/boost/core/1685968223/fontawesome-webfont.woff2?v=4.7.0
IP
ASN #6057 Administracion Nacional de Telecomunicaciones
Requested by http://190.64.77.194/moodle/login/forgot_password.php
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /moodle/theme/font.php/boost/core/1685968223/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: 190.64.77.194
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://190.64.77.194/moodle/theme/styles.php/boost/1685968223_1/all
Cookie: MoodleSession=kugandpls9nhchnva5q2evg664
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 24 Oct 2023 11:46:44 GMT
Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_fcgid/2.3.9
X-Powered-By: PHP/7.4.13
Content-Disposition: inline; filename="fontawesome-webfont.woff2"
Expires: Mon, 22 Jan 2024 11:46:44 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Etag: "5857364ffde178d7d1ad71ec921ecfcf883921dd"
Last-Modified: Mon, 05 Jun 2023 12:30:39 GMT
Content-Length: 77160
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/font-woff2
190.64.77.194/moodle/pluginfile.php/1/core_admin/logocompact/300x300/1685968223/escudo.jpg
200 OK 72 kB URL GET HTTP/1.1 190.64.77.194/moodle/pluginfile.php/1/core_admin/logocompact/300x300/1685968223/escudo.jpg
IP
ASN #6057 Administracion Nacional de Telecomunicaciones
Requested by http://190.64.77.194/moodle/login/forgot_password.php
File type PNG image data, 234 x 257, 8-bit/color RGBA, non-interlaced\012- data
Hash eafdf3037412b28b6f4f252c503a3578
2f7690c3ff69b69d41faa4a8f7f01e1db36d1810
8262c69c4ff692f41ed78bcf95ae9e31d11f98bf79383ddcbad359d296089b66
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /moodle/pluginfile.php/1/core_admin/logocompact/300x300/1685968223/escudo.jpg HTTP/1.1
Host: 190.64.77.194
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://190.64.77.194/moodle/login/forgot_password.php
Cookie: MoodleSession=kugandpls9nhchnva5q2evg664
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 24 Oct 2023 11:46:44 GMT
Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_fcgid/2.3.9
X-Powered-By: PHP/7.4.13
Content-Disposition: inline; filename="escudo.jpg"
Cache-Control: public, max-age=5184000, no-transform
Expires: Sat, 23 Dec 2023 11:46:45 GMT
Pragma:
Accept-Ranges: bytes
Last-Modified: Mon, 05 Jun 2023 12:30:39 GMT
Content-Length: 71491
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/jpeg
lh6.googleusercontent.com/-CYt37hfDnQ8/T3nNydojf_I/AAAAAAAAAr0/P5OtlZxV4rk/s32/facebook32.png
200 OK 1.4 kB URL GET HTTP/2 lh6.googleusercontent.com/-CYt37hfDnQ8/T3nNydojf_I/AAAAAAAAAr0/P5OtlZxV4rk/s32/facebook32.png
IP
Requested by http://190.64.77.194/moodle/login/forgot_password.php
Certificate IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
FingerprintDA:D8:5E:BA:1B:2A:A0:28:30:87:96:D5:85:D1:6B:DC:48:BA:1E:C1
ValidityThu, 28 Sep 2023 05:31:43 GMT - Thu, 21 Dec 2023 05:31:42 GMT
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 31d991df6120eb7285eb2b5828300acb
8be19a73a293d1424fc4de72e2108a22ce94aa72
90343bf4e4c047c9f995ace6e4abbe7ad8bb29e26a2256512e8f0303496c0aa5
GET /-CYt37hfDnQ8/T3nNydojf_I/AAAAAAAAAr0/P5OtlZxV4rk/s32/facebook32.png HTTP/1.1
Host: lh6.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://190.64.77.194/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="facebook32.png"
x-content-type-options: nosniff
server: fife
content-length: 1448
x-xss-protection: 0
date: Tue, 24 Oct 2023 09:21:08 GMT
expires: Wed, 25 Oct 2023 09:21:08 GMT
cache-control: public, max-age=86400, no-transform
age: 9160
etag: "v2bd"
content-type: image/png
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
lh5.googleusercontent.com/-TXzlKCbKzWs/T6mYkDhTXyI/AAAAAAAAA1U/vm95Q2KwrYg/s32/youtube32.png
200 OK 1.9 kB URL GET HTTP/2 lh5.googleusercontent.com/-TXzlKCbKzWs/T6mYkDhTXyI/AAAAAAAAA1U/vm95Q2KwrYg/s32/youtube32.png
IP
Requested by http://190.64.77.194/moodle/login/forgot_password.php
Certificate IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
FingerprintDA:D8:5E:BA:1B:2A:A0:28:30:87:96:D5:85:D1:6B:DC:48:BA:1E:C1
ValidityThu, 28 Sep 2023 05:31:43 GMT - Thu, 21 Dec 2023 05:31:42 GMT
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 9b02f62c334b05298945d4b9a03cf333
a62467bcedab620e111d554691d01d92fb265bc6
4133e67b3e88b9abb0225410a215ebecb3403036c3fb726c13680c617a5aeb39
GET /-TXzlKCbKzWs/T6mYkDhTXyI/AAAAAAAAA1U/vm95Q2KwrYg/s32/youtube32.png HTTP/1.1
Host: lh5.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://190.64.77.194/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="youtube32.png"
x-content-type-options: nosniff
server: fife
content-length: 1940
x-xss-protection: 0
date: Tue, 24 Oct 2023 09:21:07 GMT
expires: Wed, 25 Oct 2023 09:21:07 GMT
cache-control: public, max-age=86400, no-transform
age: 9161
etag: "v355"
content-type: image/png
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
190.64.77.194/moodle/theme/image.php/boost/theme/1685968223/favicon
200 OK 1.2 kB URL GET HTTP/1.1 190.64.77.194/moodle/theme/image.php/boost/theme/1685968223/favicon
IP
ASN #6057 Administracion Nacional de Telecomunicaciones
Requested by http://190.64.77.194/moodle/login/forgot_password.php
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 135aed33c0a7b8f44f0227a71b9ce345
120e10c8a17aebb31c74b6988f8bce9b05dd6606
7afbabec7cddb87ab3b2c3f56509ca9c8f76925db0570372f1a6a366606be1b4
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /moodle/theme/image.php/boost/theme/1685968223/favicon HTTP/1.1
Host: 190.64.77.194
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://190.64.77.194/moodle/login/forgot_password.php
Cookie: MoodleSession=kugandpls9nhchnva5q2evg664
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 24 Oct 2023 11:46:45 GMT
Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_fcgid/2.3.9
X-Powered-By: PHP/7.4.13
Content-Disposition: inline; filename="favicon.ico"
Expires: Mon, 22 Jan 2024 11:46:45 GMT
Pragma:
Cache-Control: public, max-age=7776000, no-transform, immutable
Accept-Ranges: none
Etag: "6ebbec44765b3ca20d3e188e87a524d89671efe2"
Last-Modified: Mon, 05 Jun 2023 12:30:41 GMT
Content-Length: 1150
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/vnd.microsoft.icon
190.64.77.194/moodle/lib/requirejs.php/1685968224/core/first.js
200 OK 296 kB URL GET HTTP/1.1 190.64.77.194/moodle/lib/requirejs.php/1685968224/core/first.js
IP
ASN #6057 Administracion Nacional de Telecomunicaciones
Requested by http://190.64.77.194/moodle/login/forgot_password.php
File type ASCII text, with very long lines (51229)
Size 296 kB (296543 bytes)
Hash ab231513f364f22299bc6e57937cc9a9
d186580757c6c9852db36255409a3c964a29e418
197177d78fe63f8dac0d5dd1b43ffc4f8c205eb38fd605d67b1e220da1fec6ed
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /moodle/lib/requirejs.php/1685968224/core/first.js HTTP/1.1
Host: 190.64.77.194
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://190.64.77.194/moodle/login/forgot_password.php
Cookie: MoodleSession=kugandpls9nhchnva5q2evg664
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 24 Oct 2023 11:46:45 GMT
Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_fcgid/2.3.9
X-Powered-By: PHP/7.4.13
Content-Disposition: inline; filename="requirejs.php"
Expires: Mon, 22 Jan 2024 11:46:45 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Etag: "b36cd7b909fc133f6390aa5ef33d71e07e25a32b"
Last-Modified: Mon, 05 Jun 2023 12:30:30 GMT
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=utf-8
190.64.77.194/moodle/lib/javascript.php/1685968224/lib/jquery/jquery-3.4.1.min.js
200 OK 31 kB URL GET HTTP/1.1 190.64.77.194/moodle/lib/javascript.php/1685968224/lib/jquery/jquery-3.4.1.min.js
IP
ASN #6057 Administracion Nacional de Telecomunicaciones
Requested by http://190.64.77.194/moodle/login/forgot_password.php
File type ASCII text, with very long lines (65451)
Hash bebd549d68e85f6f38a6807a693d018d
1b79ede0b4d00d9142b2ce3cb9f98201e59b58cb
76033adbf3f2858078c77c078677aa57ae48e98fd2de3ebb71baf646a110909e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /moodle/lib/javascript.php/1685968224/lib/jquery/jquery-3.4.1.min.js HTTP/1.1
Host: 190.64.77.194
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://190.64.77.194/moodle/login/forgot_password.php
Cookie: MoodleSession=kugandpls9nhchnva5q2evg664
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 24 Oct 2023 11:46:47 GMT
Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_fcgid/2.3.9
X-Powered-By: PHP/7.4.13
Content-Disposition: inline; filename="javascript.php"
Expires: Mon, 22 Jan 2024 11:46:47 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Etag: "334656d8a7cab1c0a23b4c310d07c9e441a82772"
Last-Modified: Mon, 05 Jun 2023 12:30:31 GMT
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=utf-8
190.64.77.194/moodle/lib/ajax/service.php?sesskey=Udj8YqqGHz&info=media_videojs_get_language
200 OK 4.5 kB URL POST HTTP/1.1 190.64.77.194/moodle/lib/ajax/service.php?sesskey=Udj8YqqGHz&info=media_videojs_get_language
IP
ASN #6057 Administracion Nacional de Telecomunicaciones
Requested by http://190.64.77.194/moodle/login/forgot_password.php
File type JSON data\012- , ASCII text, with very long lines (4530), with no line terminators
Hash 4d5523cbc76f44fe608854860b0a2569
b821723eb7ecf0b7e97c516fbbc88c3b85560229
2088fbe413aa7bc5fc811ec5778bd623becf7c1c149d2f12fc8c21ad7cd343d5
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /moodle/lib/ajax/service.php?sesskey=Udj8YqqGHz&info=media_videojs_get_language HTTP/1.1
Host: 190.64.77.194
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Content-Length: 76
Origin: http://190.64.77.194
DNT: 1
Connection: keep-alive
Referer: http://190.64.77.194/moodle/login/forgot_password.php
Cookie: MoodleSession=kugandpls9nhchnva5q2evg664
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 24 Oct 2023 11:46:47 GMT
Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_fcgid/2.3.9
X-Powered-By: PHP/7.4.13
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
190.64.77.194/moodle/theme/yui_combo.php?3.17.2/event-mousewheel/event-mousewheel-min.js&3.17.2/event-resize/event-resize-min.js&3.17.2/event-hover/event-hover-min.js&3.17.2/event-touch/event-touch-min.js&3.17.2/event-move/event-move-min.js&3.17.2/event-flick/event-flick-min.js&3.17.2/event-valuechange/event-valuechange-min.js&3.17.2/event-tap/event-tap-min.js
200 OK 4.8 kB URL GET HTTP/1.1 190.64.77.194/moodle/theme/yui_combo.php?3.17.2/event-mousewheel/event-mousewheel-min.js&3.17.2/event-resize/event-resize-min.js&3.17.2/event-hover/event-hover-min.js&3.17.2/event-touch/event-touch-min.js&3.17.2/event-move/event-move-min.js&3.17.2/event-flick/event-flick-min.js&3.17.2/event-valuechange/event-valuechange-min.js&3.17.2/event-tap/event-tap-min.js
IP
ASN #6057 Administracion Nacional de Telecomunicaciones
Requested by http://190.64.77.194/moodle/login/forgot_password.php
File type ASCII text, with very long lines (3857)
Hash 0151b48e61660bed14bf6acd5bb77210
e096360d7d8819dbbf42e7137ed9e37cdd286700
26d1a45d173703f01ca9bb8be4335bae6005c3bc0a5f78b380ad18fb152b8835
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /moodle/theme/yui_combo.php?3.17.2/event-mousewheel/event-mousewheel-min.js&3.17.2/event-resize/event-resize-min.js&3.17.2/event-hover/event-hover-min.js&3.17.2/event-touch/event-touch-min.js&3.17.2/event-move/event-move-min.js&3.17.2/event-flick/event-flick-min.js&3.17.2/event-valuechange/event-valuechange-min.js&3.17.2/event-tap/event-tap-min.js HTTP/1.1
Host: 190.64.77.194
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://190.64.77.194/moodle/login/forgot_password.php
Cookie: MoodleSession=kugandpls9nhchnva5q2evg664
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 24 Oct 2023 11:46:47 GMT
Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_fcgid/2.3.9
X-Powered-By: PHP/7.4.13
Content-Disposition: inline; filename="combo"
Expires: Fri, 18 Oct 2024 11:46:47 GMT
Pragma:
Cache-Control: public, max-age=31104000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Thu, 10 Dec 2020 21:10:47 GMT
Etag: "b24ca831785ba367093f089618e840be511be85d"
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
190.64.77.194/moodle/lib/ajax/service-nologin.php?info=core_output_load_fontawesome_icon_system_map&cachekey=1685968223&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_fontawesome_icon_system_map%22%2C%22args%22%3A%7B%22themename%22%3A%22boost%22%7D%7D%5D
200 OK 28 kB URL GET HTTP/1.1 190.64.77.194/moodle/lib/ajax/service-nologin.php?info=core_output_load_fontawesome_icon_system_map&cachekey=1685968223&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_fontawesome_icon_system_map%22%2C%22args%22%3A%7B%22themename%22%3A%22boost%22%7D%7D%5D
IP
ASN #6057 Administracion Nacional de Telecomunicaciones
Requested by http://190.64.77.194/moodle/login/forgot_password.php
File type JSON data\012- , ASCII text, with very long lines (28317), with no line terminators
Hash ce2e2704044f54472718203aef2036dc
b55c60a08242fdbbdb0e6054c6cd6511a2466617
b83960ad424163e14f03275cf28c6b04d4ce428e635441ef4aaf7572501a38c2
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /moodle/lib/ajax/service-nologin.php?info=core_output_load_fontawesome_icon_system_map&cachekey=1685968223&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_fontawesome_icon_system_map%22%2C%22args%22%3A%7B%22themename%22%3A%22boost%22%7D%7D%5D HTTP/1.1
Host: 190.64.77.194
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://190.64.77.194/moodle/login/forgot_password.php
Cookie: MoodleSession=kugandpls9nhchnva5q2evg664
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 24 Oct 2023 11:46:47 GMT
Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_fcgid/2.3.9
X-Powered-By: PHP/7.4.13
Expires: Mon, 22 Jan 2024 11:46:47 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
190.64.77.194/moodle/lib/ajax/service-nologin.php?info=6-method-calls&cachekey=1697614209&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22cancel%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22closebuttontitle%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22loading%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22savechanges%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A4%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showless%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A5%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showmore%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22en%22%7D%7D%5D
200 OK 211 B URL GET HTTP/1.1 190.64.77.194/moodle/lib/ajax/service-nologin.php?info=6-method-calls&cachekey=1697614209&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22cancel%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22closebuttontitle%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22loading%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22savechanges%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A4%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showless%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A5%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showmore%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22en%22%7D%7D%5D
IP
ASN #6057 Administracion Nacional de Telecomunicaciones
Requested by http://190.64.77.194/moodle/login/forgot_password.php
File type JSON data\012- , ASCII text, with no line terminators
Hash c135ebb8306e47146c197265b9c9022b
425c439b399cc4a29df884f4ac5aa75505944c2c
afefe583c5a695189962783424716b19758b2a08e71480cb91a73c88c98a20be
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /moodle/lib/ajax/service-nologin.php?info=6-method-calls&cachekey=1697614209&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22cancel%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22closebuttontitle%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22loading%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22savechanges%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A4%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showless%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A5%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showmore%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22en%22%7D%7D%5D HTTP/1.1
Host: 190.64.77.194
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://190.64.77.194/moodle/login/forgot_password.php
Cookie: MoodleSession=kugandpls9nhchnva5q2evg664
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 24 Oct 2023 11:46:47 GMT
Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_fcgid/2.3.9
X-Powered-By: PHP/7.4.13
Expires: Mon, 22 Jan 2024 11:46:47 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
190.64.77.194/moodle/lib/ajax/service-nologin.php?info=core_output_load_template_with_dependencies,core_output_load_template_with_dependencies,core_output_load_template_with_dependencies,core_output_load_template_with_dependencies&cachekey=1685968224&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22loading%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal_backdrop%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22pix_icon_fontawesome%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%5D
200 OK 2.4 kB URL GET HTTP/1.1 190.64.77.194/moodle/lib/ajax/service-nologin.php?info=core_output_load_template_with_dependencies,core_output_load_template_with_dependencies,core_output_load_template_with_dependencies,core_output_load_template_with_dependencies&cachekey=1685968224&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22loading%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal_backdrop%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22pix_icon_fontawesome%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%5D
IP
ASN #6057 Administracion Nacional de Telecomunicaciones
Requested by http://190.64.77.194/moodle/login/forgot_password.php
File type JSON data\012- , ASCII text, with very long lines (2422), with no line terminators
Hash f2f5d195ae0262b5de27122ead127b83
021acaf9e14d4fd6992da17347faf26bd4697d65
380abdf554c0d04799270cb6d2effc74cde736b03adf4cc3b1e3aac6cadab2c1
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /moodle/lib/ajax/service-nologin.php?info=core_output_load_template_with_dependencies,core_output_load_template_with_dependencies,core_output_load_template_with_dependencies,core_output_load_template_with_dependencies&cachekey=1685968224&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22loading%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal_backdrop%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22pix_icon_fontawesome%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%5D HTTP/1.1
Host: 190.64.77.194
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://190.64.77.194/moodle/login/forgot_password.php
Cookie: MoodleSession=kugandpls9nhchnva5q2evg664
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 24 Oct 2023 11:46:47 GMT
Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_fcgid/2.3.9
X-Powered-By: PHP/7.4.13
Expires: Mon, 22 Jan 2024 11:46:47 GMT
Pragma:
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
190.64.77.194
185.15.59.240