Report - 218.107.208.71/login/index.php

Report Overview

Submitted URL
218.107.208.71/login/index.php
IP
218.107.208.71
ASN
#4837 CHINA UNICOM China169 Backbone
Submitted
2024-05-07 06:42:20
Access
public
Website Title
厦门软件职业技术学院Moodle网络课程平台: Log in to the site
Final URL
218.107.208.71/login/index.php
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
36

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
218.107.208.71	unknown	unknown	2016-08-27	2022-12-09	11 kB	828 kB	218.107.208.71

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	218.107.208.71	Sinkholed
2024-05-07	medium	218.107.208.71	Sinkholed
2024-05-07	medium	218.107.208.71	Sinkholed
2024-05-07	medium	218.107.208.71	Sinkholed
2024-05-07	medium	218.107.208.71	Sinkholed
2024-05-07	medium	218.107.208.71	Sinkholed
2024-05-07	medium	218.107.208.71	Sinkholed
2024-05-07	medium	218.107.208.71	Sinkholed
2024-05-07	medium	218.107.208.71	Sinkholed
2024-05-07	medium	218.107.208.71	Sinkholed
2024-05-07	medium	218.107.208.71	Sinkholed
2024-05-07	medium	218.107.208.71	Sinkholed
2024-05-07	medium	218.107.208.71	Sinkholed
2024-05-07	medium	218.107.208.71	Sinkholed
2024-05-07	medium	218.107.208.71	Sinkholed
2024-05-07	medium	218.107.208.71	Sinkholed
2024-05-07	medium	218.107.208.71	Sinkholed
2024-05-07	medium	218.107.208.71	Sinkholed

ThreatFox

No alerts detected

JavaScript (17)

	URL	Size	First Seen	Last Seen
	218.107.208.71/lib/javascript.php/1688015600/lib/polyfills/polyfill.js	18 kB	2023-03-07	2024-05-17
Pretty URL 218.107.208.71/lib/javascript.php/1688015600/lib/polyfills/polyfill.js IP 218.107.208.71 ASN #4837 CHINA UNICOM China169 Backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:30 Last Seen2024-05-17 15:33:57 Times Seen531 Hash 901890f127a81c136912ceb57c131305 ef4bd0e1c5d2dcb97265830feff005f682020a5d 244ff779cc4a0d32d8a21e1dceece94080b39c4b2c77ab5c0a772f333db71216 Loading...

	218.107.208.71/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.js	283 kB	2023-03-07	2024-05-18
Pretty URL 218.107.208.71/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.js IP 218.107.208.71 ASN #4837 CHINA UNICOM China169 Backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:30 Last Seen2024-05-18 17:23:40 Times Seen1658 Hash 8039fd714b58260199b364107c92bff6 3776c202a78a99e5eeaafbdc7d8ad61acee3af1d 13eaaadfa414f262b7964320054bb2b322b9ef9f3522bc25c9d60dc83b5141cf Loading...

	218.107.208.71/lib/javascript.php/1688015600/lib/javascript-static.js	21 kB	2023-03-07	2024-05-17
Pretty URL 218.107.208.71/lib/javascript.php/1688015600/lib/javascript-static.js IP 218.107.208.71 ASN #4837 CHINA UNICOM China169 Backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:30 Last Seen2024-05-17 15:33:57 Times Seen1000 Hash ac7f47cc5271b4115ac489f7a0d70737 bb091a4de18f4ffce0ba80668ed0427ae03001d0 ec9d65cb26cade9adcf9c012734551cf8c86c49a1ff45fef12662ae42f312e3f Loading...

	218.107.208.71/login/index.php	13 kB	2024-05-07	2024-05-07
Pretty URL 218.107.208.71/login/index.php IP 218.107.208.71 ASN #4837 CHINA UNICOM China169 Backbone Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 08:42:22 Last Seen2024-05-07 08:42:22 Times Seen1 Hash 8063a6c9255050b2d1c9a486bbd4f825 b66285b6fbe592e1486dbe8276e9312065517f34 e3dfc6efe6d7ab0b94c8e2603cc6860740e5bc24b825689e304d132e475158d7 Loading...

	218.107.208.71/lib/javascript.php/1688015600/lib/jquery/jquery-3.5.1.min.js	90 kB	2023-03-07	2024-05-17
Pretty URL 218.107.208.71/lib/javascript.php/1688015600/lib/jquery/jquery-3.5.1.min.js IP 218.107.208.71 ASN #4837 CHINA UNICOM China169 Backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:30 Last Seen2024-05-17 15:33:57 Times Seen631 Hash de4b1f62b938e770b049213be961e86e 4e6a1e0501610029a551c06a51f1acc3c8b6473a 621c0f52571ccff5dab81de13db26fda4b4a7dad83a01827c9139571023abea4 Loading...

	218.107.208.71/login/index.php	60 B	2023-03-07	2024-05-18
Pretty URL 218.107.208.71/login/index.php IP 218.107.208.71 ASN #4837 CHINA UNICOM China169 Backbone Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:07:30 Last Seen2024-05-18 17:23:39 Times Seen1190 Hash dba70bf9335863dea2696ca9da069b01 adfc079c12684d419766c7732c35da693517a7f8 05f515ab150c8852191afb40be55373b5b5337d89d513e48b802293123361798 Loading...

	unknown	37 B	2023-04-11	2024-05-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:31:25 Last Seen2024-05-19 10:46:05 Times Seen238069 Hash 29d0c84b9d1d8da446a6062c6a840ad9 6d6b3a6065667c7c50d92f3889c85ed65a9ad784 3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1 Loading...

	218.107.208.71/lib/javascript.php/1688015600/lib/requirejs/require.min.js	18 kB	2023-03-07	2024-05-17
Pretty URL 218.107.208.71/lib/javascript.php/1688015600/lib/requirejs/require.min.js IP 218.107.208.71 ASN #4837 CHINA UNICOM China169 Backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:30 Last Seen2024-05-17 20:16:56 Times Seen1672 Hash 1f53ac504f7e69a6df96140eed2d4df2 da00136dd3fd0ccab626d7555ccb5fdf1c096fad 9ce0dbd6a1df9332653e27d1ddc505c5b78fd82b4112de0ec63840c3fbe0b8c2 Loading...

	218.107.208.71/login/index.php	56 B	2023-03-07	2024-05-17
Pretty URL 218.107.208.71/login/index.php IP 218.107.208.71 ASN #4837 CHINA UNICOM China169 Backbone Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 21:37:43 Last Seen2024-05-17 20:16:56 Times Seen180 Hash 8302cff712007df4baeb3720b6253e60 5f8b361db78134ff691b7e98a3c050c10bdf4a3c 459820a7bf6bdbcb6903ff91120fe28a4d9ccb005bef4946873ba199a973da9d Loading...

	218.107.208.71/lib/requirejs.php/1688015600/core/first.js	1.9 MB	2024-05-07	2024-05-07
Pretty URL 218.107.208.71/lib/requirejs.php/1688015600/core/first.js IP 218.107.208.71 ASN #4837 CHINA UNICOM China169 Backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 08:42:22 Last Seen2024-05-07 08:42:23 Times Seen2 Hash 260ec59ba3735ea0127c1af0d439a18b 46f64bd9b6962e46659b25b67f4c3db909e94421 79372920ac9f997ccf611d844801c1a25632e046f634ac9b362f779616e34391 Loading...

	218.107.208.71/login/index.php	1.1 kB	2024-05-07	2024-05-07
Pretty URL 218.107.208.71/login/index.php IP 218.107.208.71 ASN #4837 CHINA UNICOM China169 Backbone Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 08:42:22 Last Seen2024-05-07 08:42:22 Times Seen1 Hash f904808ba30aad8ffb94832b4bc6a392 72ffc2539ebb74feedf18491179f711efee1060d 52f14491adae9009aa61821c88f3f2da179c107230c11f963369a5a16c47b094 Loading...

	218.107.208.71/theme/yui_combo.php?m/1688015600/core/event/event-min.js&m/1688015600/filter_mathjaxloader/loader/loader-min.js	2.2 kB	2023-03-08	2024-05-17
Pretty URL 218.107.208.71/theme/yui_combo.php?m/1688015600/core/event/event-min.js&m/1688015600/filter_mathjaxloader/loader/loader-min.js IP 218.107.208.71 ASN #4837 CHINA UNICOM China169 Backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 11:52:03 Last Seen2024-05-17 15:33:57 Times Seen162 Hash a7dce82741cae641605677fe8b4e6b21 4a6e8a225a91e237f5cabab64eed02fc7bd3f4f0 8cb8c3c5c26fa6f8e9d44134d4cc5cf4cb8e55ed566799161276e7e6ca24ad54 Loading...

	218.107.208.71/theme/yui_combo.php?3.17.2/event-mousewheel/event-mousewheel-min.js&3.17.2/event-resize/event-resize-min.js&3.17.2/event-hover/event-hover-min.js&3.17.2/event-touch/event-touch-min.js&3.17.2/event-move/event-move-min.js&3.17.2/event-flick/event-flick-min.js&3.17.2/event-valuechange/event-valuechange-min.js&3.17.2/event-tap/event-tap-min.js	15 kB	2023-03-07	2024-05-18
Pretty URL 218.107.208.71/theme/yui_combo.php?3.17.2/event-mousewheel/event-mousewheel-min.js&3.17.2/event-resize/event-resize-min.js&3.17.2/event-hover/event-hover-min.js&3.17.2/event-touch/event-touch-min.js&3.17.2/event-move/event-move-min.js&3.17.2/event-flick/event-flick-min.js&3.17.2/event-valuechange/event-valuechange-min.js&3.17.2/event-tap/event-tap-min.js IP 218.107.208.71 ASN #4837 CHINA UNICOM China169 Backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:30 Last Seen2024-05-18 17:23:40 Times Seen1637 Hash 0151b48e61660bed14bf6acd5bb77210 e096360d7d8819dbbf42e7137ed9e37cdd286700 26d1a45d173703f01ca9bb8be4335bae6005c3bc0a5f78b380ad18fb152b8835 Loading...

	218.107.208.71/lib/javascript.php/1688015600/lib/babel-polyfill/polyfill.min.js	99 kB	2023-03-07	2024-05-17
Pretty URL 218.107.208.71/lib/javascript.php/1688015600/lib/babel-polyfill/polyfill.min.js IP 218.107.208.71 ASN #4837 CHINA UNICOM China169 Backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:30 Last Seen2024-05-17 15:33:57 Times Seen696 Hash 36842211132011a28a3ad07a62a629b1 624790be7f03f203771237170bfdf62e0186ae0f d9e07890edf5f6f350ef465b37479fc6192923e60e64d9f20af37eb3b011cc66 Loading...

	218.107.208.71/login/index.php	806 B	2023-03-12	2024-05-07
Pretty URL 218.107.208.71/login/index.php IP 218.107.208.71 ASN #4837 CHINA UNICOM China169 Backbone Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 20:19:28 Last Seen2024-05-07 08:42:22 Times Seen19 Hash 8a067a193dfd9d878cb425b7b9f7d6e1 c0d2ffa710a11f1be0a2ac80c99acde6094d112c 106840ffa7312d5ca7fbaec3fd942f8c446fe8bcc445207c203eeaa284c51a63 Loading...

	218.107.208.71/login/index.php	1.2 kB	2023-03-07	2024-05-07
Pretty URL 218.107.208.71/login/index.php IP 218.107.208.71 ASN #4837 CHINA UNICOM China169 Backbone Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 15:25:35 Last Seen2024-05-07 08:42:22 Times Seen24 Hash fff07f7938dd860c51094b8f9cb259cc 9efcb10d3d580b95c8b64c1fe2b36c0871cf4033 1e2fb0001db141ca75d9f604276d758b77d199ee272bca246d1392d0c7f92bae Loading...

	218.107.208.71/login/index.php	522 B	2024-05-07	2024-05-07
Pretty URL 218.107.208.71/login/index.php IP 218.107.208.71 ASN #4837 CHINA UNICOM China169 Backbone Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 08:42:22 Last Seen2024-05-07 08:42:22 Times Seen1 Hash fb6cc3187d22afceee7c9975d5cf150d 5ded08b646464af11564c328d3acfc01b27aaf28 9ab8b617413a3f10fe94e5d33a5403005f00c9b78aa88f190c96687d837ee04c Loading...

HTTP Transactions (18)

URL IP Response Size

218.107.208.71/login/index.php

218.107.208.71

200 OK

24 kB

URL User Request GET HTTP/1.1
218.107.208.71/login/index.php
IP
218.107.208.71:80
ASN
#4837 CHINA UNICOM China169 Backbone

File type
HTML document, Unicode text, UTF-8 text, with very long lines (11861)
Size
24 kB (24084 bytes)
Hash
45143db4a247cbf2926812e94e3f78a5
ed172e1f68519fa11c61e3cec679707e802b820f
259aa8e1f2e90899cc47e004f6b414ecf0b884a4fac2d39af4bc7d6efb30ebb8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login/index.php HTTP/1.1
Host: 218.107.208.71
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 06:41:56 GMT
Server: Apache/2.4.6 (CentOS) PHP/7.2.34
X-Powered-By: PHP/7.2.34
Set-Cookie: MoodleSession=003c3877036187e9d48863a1d7510d2f; path=/
Expires: 
Cache-Control: private, pre-check=0, post-check=0, max-age=0, no-transform
Pragma: no-cache
Content-Language: en
Content-Script-Type: text/javascript
Content-Style-Type: text/css
X-UA-Compatible: IE=edge
Accept-Ranges: none
X-Frame-Options: sameorigin
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

218.107.208.71/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.css

218.107.208.71

200 OK

1.0 kB

URL GET HTTP/1.1
218.107.208.71/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.css
IP
218.107.208.71:80
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
http://218.107.208.71/login/index.php

File type
ASCII text, with very long lines (1965)
Size
1.0 kB (1031 bytes)
Hash
73cbdae81548a6d6b35d801af5eadef8
fc80239620ebad54e36e1865338e8c5e1a7e9e8b
fbd5b8255a99afe96e89a88423275ed4e93083fad3311dd349906122e63206a0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.css HTTP/1.1
Host: 218.107.208.71
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://218.107.208.71/login/index.php
Cookie: MoodleSession=003c3877036187e9d48863a1d7510d2f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 06:41:56 GMT
Server: Apache/2.4.6 (CentOS) PHP/7.2.34
X-Powered-By: PHP/7.2.34
Content-Disposition: inline; filename="combo"
Last-Modified: Sat, 07 May 2022 11:34:45 GMT
Expires: Fri, 02 May 2025 06:41:56 GMT
Pragma: 
Cache-Control: public, max-age=31104000, immutable
Accept-Ranges: none
Etag: "b9bc567c469e2872cf3bbb14603342a72de2509b"
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 1031
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css;charset=UTF-8

218.107.208.71/lib/javascript.php/1688015600/lib/babel-polyfill/polyfill.min.js

218.107.208.71

200 OK

34 kB

URL GET HTTP/1.1
218.107.208.71/lib/javascript.php/1688015600/lib/babel-polyfill/polyfill.min.js
IP
218.107.208.71:80
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
http://218.107.208.71/login/index.php

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (34750), with NEL line terminators
Size
34 kB (34221 bytes)
Hash
36842211132011a28a3ad07a62a629b1
624790be7f03f203771237170bfdf62e0186ae0f
d9e07890edf5f6f350ef465b37479fc6192923e60e64d9f20af37eb3b011cc66

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lib/javascript.php/1688015600/lib/babel-polyfill/polyfill.min.js HTTP/1.1
Host: 218.107.208.71
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://218.107.208.71/login/index.php
Cookie: MoodleSession=003c3877036187e9d48863a1d7510d2f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 06:41:56 GMT
Server: Apache/2.4.6 (CentOS) PHP/7.2.34
X-Powered-By: PHP/7.2.34
Etag: "2693136cd91001d56d2293cfee579c7dd6f63bb3"
Content-Disposition: inline; filename="javascript.php"
Last-Modified: Thu, 29 Jun 2023 05:13:23 GMT
Expires: Mon, 05 Aug 2024 06:41:56 GMT
Pragma: 
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=utf-8

218.107.208.71/lib/javascript.php/1688015600/lib/polyfills/polyfill.js

218.107.208.71

200 OK

5.1 kB

URL GET HTTP/1.1
218.107.208.71/lib/javascript.php/1688015600/lib/polyfills/polyfill.js
IP
218.107.208.71:80
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
http://218.107.208.71/login/index.php

File type
JavaScript source, ASCII text, with very long lines (17500), with no line terminators
Size
5.1 kB (5131 bytes)
Hash
901890f127a81c136912ceb57c131305
ef4bd0e1c5d2dcb97265830feff005f682020a5d
244ff779cc4a0d32d8a21e1dceece94080b39c4b2c77ab5c0a772f333db71216

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lib/javascript.php/1688015600/lib/polyfills/polyfill.js HTTP/1.1
Host: 218.107.208.71
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://218.107.208.71/login/index.php
Cookie: MoodleSession=003c3877036187e9d48863a1d7510d2f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 06:41:56 GMT
Server: Apache/2.4.6 (CentOS) PHP/7.2.34
X-Powered-By: PHP/7.2.34
Etag: "351b8984c0fe5e61908e40bc3c272ad257921f75"
Content-Disposition: inline; filename="javascript.php"
Last-Modified: Thu, 29 Jun 2023 05:13:23 GMT
Expires: Mon, 05 Aug 2024 06:41:56 GMT
Pragma: 
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 5131
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript; charset=utf-8

218.107.208.71/lib/javascript.php/1688015600/lib/javascript-static.js

218.107.208.71

200 OK

6.8 kB

URL GET HTTP/1.1
218.107.208.71/lib/javascript.php/1688015600/lib/javascript-static.js
IP
218.107.208.71:80
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
http://218.107.208.71/login/index.php

File type
JavaScript source, ASCII text, with very long lines (1875)
Size
6.8 kB (6777 bytes)
Hash
ac7f47cc5271b4115ac489f7a0d70737
bb091a4de18f4ffce0ba80668ed0427ae03001d0
ec9d65cb26cade9adcf9c012734551cf8c86c49a1ff45fef12662ae42f312e3f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lib/javascript.php/1688015600/lib/javascript-static.js HTTP/1.1
Host: 218.107.208.71
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://218.107.208.71/login/index.php
Cookie: MoodleSession=003c3877036187e9d48863a1d7510d2f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 06:41:56 GMT
Server: Apache/2.4.6 (CentOS) PHP/7.2.34
X-Powered-By: PHP/7.2.34
Etag: "eba2c90627634ce8e0a2c690a45c2ac6d5547381"
Content-Disposition: inline; filename="javascript.php"
Last-Modified: Thu, 29 Jun 2023 05:13:23 GMT
Expires: Mon, 05 Aug 2024 06:41:56 GMT
Pragma: 
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 6777
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript; charset=utf-8

218.107.208.71/lib/javascript.php/1688015600/lib/requirejs/require.min.js

218.107.208.71

200 OK

6.7 kB

URL GET HTTP/1.1
218.107.208.71/lib/javascript.php/1688015600/lib/requirejs/require.min.js
IP
218.107.208.71:80
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
http://218.107.208.71/login/index.php

File type
JavaScript source, ASCII text, with very long lines (17535)
Size
6.7 kB (6662 bytes)
Hash
1f53ac504f7e69a6df96140eed2d4df2
da00136dd3fd0ccab626d7555ccb5fdf1c096fad
9ce0dbd6a1df9332653e27d1ddc505c5b78fd82b4112de0ec63840c3fbe0b8c2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lib/javascript.php/1688015600/lib/requirejs/require.min.js HTTP/1.1
Host: 218.107.208.71
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://218.107.208.71/login/index.php
Cookie: MoodleSession=003c3877036187e9d48863a1d7510d2f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 06:41:57 GMT
Server: Apache/2.4.6 (CentOS) PHP/7.2.34
X-Powered-By: PHP/7.2.34
Etag: "ee0a0e2a89a2a2b207cff35eda30e8b1fd767616"
Content-Disposition: inline; filename="javascript.php"
Last-Modified: Thu, 29 Jun 2023 05:13:21 GMT
Expires: Mon, 05 Aug 2024 06:41:57 GMT
Pragma: 
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 6662
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript; charset=utf-8

218.107.208.71/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.js

218.107.208.71

200 OK

84 kB

URL GET HTTP/1.1
218.107.208.71/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.js
IP
218.107.208.71:80
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
http://218.107.208.71/login/index.php

File type
JavaScript source, ASCII text, with very long lines (6010)
Size
84 kB (84392 bytes)
Hash
8039fd714b58260199b364107c92bff6
3776c202a78a99e5eeaafbdc7d8ad61acee3af1d
13eaaadfa414f262b7964320054bb2b322b9ef9f3522bc25c9d60dc83b5141cf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.js HTTP/1.1
Host: 218.107.208.71
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://218.107.208.71/login/index.php
Cookie: MoodleSession=003c3877036187e9d48863a1d7510d2f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 06:41:56 GMT
Server: Apache/2.4.6 (CentOS) PHP/7.2.34
X-Powered-By: PHP/7.2.34
Content-Disposition: inline; filename="combo"
Last-Modified: Sat, 07 May 2022 11:34:45 GMT
Expires: Fri, 02 May 2025 06:41:56 GMT
Pragma: 
Cache-Control: public, max-age=31104000, immutable
Accept-Ranges: none
Etag: "78581a0bac8a932effb32db3e91e0f2f2b47c08e"
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript

218.107.208.71/theme/styles.php/boost/1688015600_1/all

218.107.208.71

200 OK

110 kB

URL GET HTTP/1.1
218.107.208.71/theme/styles.php/boost/1688015600_1/all
IP
218.107.208.71:80
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
http://218.107.208.71/login/index.php

File type
Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Size
110 kB (110035 bytes)
Hash
afc09438ebca9716f13f5837319f80b4
d027813efea4454571bc06622e54d8263090ba3d
f625f999c02bba5171523595fdf87aacce8702eb0b621b93172fcb02f8947f15

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /theme/styles.php/boost/1688015600_1/all HTTP/1.1
Host: 218.107.208.71
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://218.107.208.71/login/index.php
Cookie: MoodleSession=003c3877036187e9d48863a1d7510d2f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 06:41:56 GMT
Server: Apache/2.4.6 (CentOS) PHP/7.2.34
X-Powered-By: PHP/7.2.34
Etag: "f031fcc81b2f55f12ea35043be001b81485c40be"
Content-Disposition: inline; filename="styles.php"
Last-Modified: Thu, 29 Jun 2023 05:13:28 GMT
Expires: Mon, 05 Aug 2024 06:41:56 GMT
Pragma: 
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css; charset=utf-8

218.107.208.71/theme/yui_combo.php?m/1688015600/core/event/event-min.js&m/1688015600/filter_mathjaxloader/loader/loader-min.js

218.107.208.71

200 OK

854 B

URL GET HTTP/1.1
218.107.208.71/theme/yui_combo.php?m/1688015600/core/event/event-min.js&m/1688015600/filter_mathjaxloader/loader/loader-min.js
IP
218.107.208.71:80
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
http://218.107.208.71/login/index.php

File type
JavaScript source, ASCII text, with very long lines (2196), with no line terminators
Size
854 B (854 bytes)
Hash
a7dce82741cae641605677fe8b4e6b21
4a6e8a225a91e237f5cabab64eed02fc7bd3f4f0
8cb8c3c5c26fa6f8e9d44134d4cc5cf4cb8e55ed566799161276e7e6ca24ad54

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /theme/yui_combo.php?m/1688015600/core/event/event-min.js&m/1688015600/filter_mathjaxloader/loader/loader-min.js HTTP/1.1
Host: 218.107.208.71
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://218.107.208.71/login/index.php
Cookie: MoodleSession=003c3877036187e9d48863a1d7510d2f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 06:41:58 GMT
Server: Apache/2.4.6 (CentOS) PHP/7.2.34
X-Powered-By: PHP/7.2.34
Content-Disposition: inline; filename="combo"
Last-Modified: Sat, 07 May 2022 11:34:45 GMT
Expires: Fri, 02 May 2025 06:41:58 GMT
Pragma: 
Cache-Control: public, max-age=31104000, immutable
Accept-Ranges: none
Etag: "2086246ed79702049586c9cfe7db3fa1b79e9dc4"
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 854
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

218.107.208.71/theme/font.php/boost/core/1688015599/fontawesome-webfont.woff2?v=4.7.0

218.107.208.71

200 OK

77 kB

URL GET HTTP/1.1
218.107.208.71/theme/font.php/boost/core/1688015599/fontawesome-webfont.woff2?v=4.7.0
IP
218.107.208.71:80
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
http://218.107.208.71/login/index.php

File type
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459
Size
77 kB (77160 bytes)
Hash
af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /theme/font.php/boost/core/1688015599/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: 218.107.208.71
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://218.107.208.71/theme/styles.php/boost/1688015600_1/all
Cookie: MoodleSession=003c3877036187e9d48863a1d7510d2f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 06:41:58 GMT
Server: Apache/2.4.6 (CentOS) PHP/7.2.34
X-Powered-By: PHP/7.2.34
Content-Disposition: inline; filename="fontawesome-webfont.woff2"
Last-Modified: Tue, 07 May 2024 06:41:58 GMT
Expires: Tue, 07 May 2024 06:42:13 GMT
Pragma: 
Accept-Ranges: none
Content-Length: 77160
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/font-woff2

218.107.208.71/theme/image.php/boost/theme/1688015600/favicon

218.107.208.71

200 OK

1.2 kB

URL GET HTTP/1.1
218.107.208.71/theme/image.php/boost/theme/1688015600/favicon
IP
218.107.208.71:80
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
http://218.107.208.71/login/index.php

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
135aed33c0a7b8f44f0227a71b9ce345
120e10c8a17aebb31c74b6988f8bce9b05dd6606
7afbabec7cddb87ab3b2c3f56509ca9c8f76925db0570372f1a6a366606be1b4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /theme/image.php/boost/theme/1688015600/favicon HTTP/1.1
Host: 218.107.208.71
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://218.107.208.71/login/index.php
Cookie: MoodleSession=003c3877036187e9d48863a1d7510d2f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 06:41:58 GMT
Server: Apache/2.4.6 (CentOS) PHP/7.2.34
X-Powered-By: PHP/7.2.34
Etag: "59f74f90da5de275a5d3ba07c5a221e7b9473d28"
Content-Disposition: inline; filename="favicon.ico"
Last-Modified: Thu, 29 Jun 2023 05:13:23 GMT
Expires: Mon, 05 Aug 2024 06:41:58 GMT
Pragma: 
Cache-Control: public, max-age=7776000, no-transform, immutable
Accept-Ranges: none
Content-Length: 1150
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/vnd.microsoft.icon

218.107.208.71/lib/requirejs.php/1688015600/core/first.js

218.107.208.71

200 OK

396 kB

URL GET HTTP/1.1
218.107.208.71/lib/requirejs.php/1688015600/core/first.js
IP
218.107.208.71:80
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
http://218.107.208.71/login/index.php

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
396 kB (396379 bytes)
Hash
260ec59ba3735ea0127c1af0d439a18b
46f64bd9b6962e46659b25b67f4c3db909e94421
79372920ac9f997ccf611d844801c1a25632e046f634ac9b362f779616e34391

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lib/requirejs.php/1688015600/core/first.js HTTP/1.1
Host: 218.107.208.71
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://218.107.208.71/login/index.php
Cookie: MoodleSession=003c3877036187e9d48863a1d7510d2f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 06:41:58 GMT
Server: Apache/2.4.6 (CentOS) PHP/7.2.34
X-Powered-By: PHP/7.2.34
Etag: "d36db5d5c2e15cc6da8c4c0a794d60304d55b82a"
Content-Disposition: inline; filename="requirejs.php"
Last-Modified: Thu, 29 Jun 2023 05:13:21 GMT
Expires: Mon, 05 Aug 2024 06:41:58 GMT
Pragma: 
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=utf-8

218.107.208.71/lib/javascript.php/1688015600/lib/jquery/jquery-3.5.1.min.js

218.107.208.71

200 OK

31 kB

URL GET HTTP/1.1
218.107.208.71/lib/javascript.php/1688015600/lib/jquery/jquery-3.5.1.min.js
IP
218.107.208.71:80
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
http://218.107.208.71/login/index.php

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
31 kB (30914 bytes)
Hash
de4b1f62b938e770b049213be961e86e
4e6a1e0501610029a551c06a51f1acc3c8b6473a
621c0f52571ccff5dab81de13db26fda4b4a7dad83a01827c9139571023abea4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lib/javascript.php/1688015600/lib/jquery/jquery-3.5.1.min.js HTTP/1.1
Host: 218.107.208.71
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://218.107.208.71/login/index.php
Cookie: MoodleSession=003c3877036187e9d48863a1d7510d2f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 06:42:00 GMT
Server: Apache/2.4.6 (CentOS) PHP/7.2.34
X-Powered-By: PHP/7.2.34
Etag: "bd981417eaf0bc8797f12c2fa61586768bec3561"
Content-Disposition: inline; filename="javascript.php"
Last-Modified: Thu, 29 Jun 2023 05:13:21 GMT
Expires: Mon, 05 Aug 2024 06:42:00 GMT
Pragma: 
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=utf-8

218.107.208.71/theme/yui_combo.php?3.17.2/event-mousewheel/event-mousewheel-min.js&3.17.2/event-resize/event-resize-min.js&3.17.2/event-hover/event-hover-min.js&3.17.2/event-touch/event-touch-min.js&3.17.2/event-move/event-move-min.js&3.17.2/event-flick/event-flick-min.js&3.17.2/event-valuechange/event-valuechange-min.js&3.17.2/event-tap/event-tap-min.js

218.107.208.71

200 OK

4.8 kB

URL GET HTTP/1.1
218.107.208.71/theme/yui_combo.php?3.17.2/event-mousewheel/event-mousewheel-min.js&3.17.2/event-resize/event-resize-min.js&3.17.2/event-hover/event-hover-min.js&3.17.2/event-touch/event-touch-min.js&3.17.2/event-move/event-move-min.js&3.17.2/event-flick/event-flick-min.js&3.17.2/event-valuechange/event-valuechange-min.js&3.17.2/event-tap/event-tap-min.js
IP
218.107.208.71:80
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
http://218.107.208.71/login/index.php

File type
JavaScript source, ASCII text, with very long lines (3857)
Size
4.8 kB (4808 bytes)
Hash
0151b48e61660bed14bf6acd5bb77210
e096360d7d8819dbbf42e7137ed9e37cdd286700
26d1a45d173703f01ca9bb8be4335bae6005c3bc0a5f78b380ad18fb152b8835

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /theme/yui_combo.php?3.17.2/event-mousewheel/event-mousewheel-min.js&3.17.2/event-resize/event-resize-min.js&3.17.2/event-hover/event-hover-min.js&3.17.2/event-touch/event-touch-min.js&3.17.2/event-move/event-move-min.js&3.17.2/event-flick/event-flick-min.js&3.17.2/event-valuechange/event-valuechange-min.js&3.17.2/event-tap/event-tap-min.js HTTP/1.1
Host: 218.107.208.71
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://218.107.208.71/login/index.php
Cookie: MoodleSession=003c3877036187e9d48863a1d7510d2f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 06:42:00 GMT
Server: Apache/2.4.6 (CentOS) PHP/7.2.34
X-Powered-By: PHP/7.2.34
Content-Disposition: inline; filename="combo"
Last-Modified: Sat, 07 May 2022 11:34:45 GMT
Expires: Fri, 02 May 2025 06:42:00 GMT
Pragma: 
Cache-Control: public, max-age=31104000, immutable
Accept-Ranges: none
Etag: "b24ca831785ba367093f089618e840be511be85d"
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 4808
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript

218.107.208.71/lib/ajax/service.php?sesskey=EEGL36C9UN&info=media_videojs_get_language

218.107.208.71

200 OK

4.5 kB

URL POST HTTP/1.1
218.107.208.71/lib/ajax/service.php?sesskey=EEGL36C9UN&info=media_videojs_get_language
IP
218.107.208.71:80
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
http://218.107.208.71/login/index.php

File type
JSON text data
Size
4.5 kB (4530 bytes)
Hash
4d5523cbc76f44fe608854860b0a2569
b821723eb7ecf0b7e97c516fbbc88c3b85560229
2088fbe413aa7bc5fc811ec5778bd623becf7c1c149d2f12fc8c21ad7cd343d5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /lib/ajax/service.php?sesskey=EEGL36C9UN&info=media_videojs_get_language HTTP/1.1
Host: 218.107.208.71
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Content-Length: 76
Origin: http://218.107.208.71
DNT: 1
Connection: keep-alive
Referer: http://218.107.208.71/login/index.php
Cookie: MoodleSession=003c3877036187e9d48863a1d7510d2f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 06:42:00 GMT
Server: Apache/2.4.6 (CentOS) PHP/7.2.34
X-Powered-By: PHP/7.2.34
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 4530
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/json; charset=utf-8

218.107.208.71/lib/ajax/service-nologin.php?info=core_output_load_template_with_dependencies,core_output_load_template_with_dependencies,core_output_load_template_with_dependencies,core_output_load_template_with_dependencies&cachekey=1688015600&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22loading%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal_backdrop%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22pix_icon_fontawesome%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%5D

218.107.208.71

200 OK

2.4 kB

URL GET HTTP/1.1
218.107.208.71/lib/ajax/service-nologin.php?info=core_output_load_template_with_dependencies,core_output_load_template_with_dependencies,core_output_load_template_with_dependencies,core_output_load_template_with_dependencies&cachekey=1688015600&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22loading%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal_backdrop%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22pix_icon_fontawesome%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%5D
IP
218.107.208.71:80
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
http://218.107.208.71/login/index.php

File type
JSON text data
Size
2.4 kB (2422 bytes)
Hash
f2f5d195ae0262b5de27122ead127b83
021acaf9e14d4fd6992da17347faf26bd4697d65
380abdf554c0d04799270cb6d2effc74cde736b03adf4cc3b1e3aac6cadab2c1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lib/ajax/service-nologin.php?info=core_output_load_template_with_dependencies,core_output_load_template_with_dependencies,core_output_load_template_with_dependencies,core_output_load_template_with_dependencies&cachekey=1688015600&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22loading%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal_backdrop%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22pix_icon_fontawesome%22%2C%22themename%22%3A%22boost%22%2C%22lang%22%3A%22en%22%7D%7D%5D HTTP/1.1
Host: 218.107.208.71
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://218.107.208.71/login/index.php
Cookie: MoodleSession=003c3877036187e9d48863a1d7510d2f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 06:42:00 GMT
Server: Apache/2.4.6 (CentOS) PHP/7.2.34
X-Powered-By: PHP/7.2.34
Expires: Mon, 05 Aug 2024 06:42:01 GMT
Pragma: 
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Length: 2422
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/json; charset=utf-8

218.107.208.71/lib/ajax/service-nologin.php?info=core_output_load_fontawesome_icon_system_map&cachekey=1688015600&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_fontawesome_icon_system_map%22%2C%22args%22%3A%7B%22themename%22%3A%22boost%22%7D%7D%5D

218.107.208.71

200 OK

28 kB

URL GET HTTP/1.1
218.107.208.71/lib/ajax/service-nologin.php?info=core_output_load_fontawesome_icon_system_map&cachekey=1688015600&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_fontawesome_icon_system_map%22%2C%22args%22%3A%7B%22themename%22%3A%22boost%22%7D%7D%5D
IP
218.107.208.71:80
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
http://218.107.208.71/login/index.php

File type
JSON text data
Size
28 kB (28386 bytes)
Hash
d70cbfeb293890cce75c69148b09140e
1eaf245a0ce12b4070452f0e0743c2e7f1893208
96c1b6e93bf9fbca6d956c358c511c2b1d8841553c8ab292d5d6aae85a934eab

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lib/ajax/service-nologin.php?info=core_output_load_fontawesome_icon_system_map&cachekey=1688015600&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_fontawesome_icon_system_map%22%2C%22args%22%3A%7B%22themename%22%3A%22boost%22%7D%7D%5D HTTP/1.1
Host: 218.107.208.71
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://218.107.208.71/login/index.php
Cookie: MoodleSession=003c3877036187e9d48863a1d7510d2f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 06:42:00 GMT
Server: Apache/2.4.6 (CentOS) PHP/7.2.34
X-Powered-By: PHP/7.2.34
Expires: Mon, 05 Aug 2024 06:42:00 GMT
Pragma: 
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8

218.107.208.71/lib/ajax/service-nologin.php?info=6-method-calls&cachekey=1690338623&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22cancel%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22closebuttontitle%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22loading%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22savechanges%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A4%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showless%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A5%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showmore%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22en%22%7D%7D%5D

218.107.208.71

200 OK

211 B

URL GET HTTP/1.1
218.107.208.71/lib/ajax/service-nologin.php?info=6-method-calls&cachekey=1690338623&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22cancel%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22closebuttontitle%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22loading%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22savechanges%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A4%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showless%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A5%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showmore%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22en%22%7D%7D%5D
IP
218.107.208.71:80
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
http://218.107.208.71/login/index.php

File type
JSON text data
Size
211 B (211 bytes)
Hash
c135ebb8306e47146c197265b9c9022b
425c439b399cc4a29df884f4ac5aa75505944c2c
afefe583c5a695189962783424716b19758b2a08e71480cb91a73c88c98a20be

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lib/ajax/service-nologin.php?info=6-method-calls&cachekey=1690338623&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22cancel%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22closebuttontitle%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22loading%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22savechanges%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A4%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showless%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22en%22%7D%7D%2C%7B%22index%22%3A5%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22showmore%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core_form%22%2C%22lang%22%3A%22en%22%7D%7D%5D HTTP/1.1
Host: 218.107.208.71
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://218.107.208.71/login/index.php
Cookie: MoodleSession=003c3877036187e9d48863a1d7510d2f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 06:42:01 GMT
Server: Apache/2.4.6 (CentOS) PHP/7.2.34
X-Powered-By: PHP/7.2.34
Expires: Mon, 05 Aug 2024 06:42:01 GMT
Pragma: 
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Length: 211
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/json; charset=utf-8

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (17)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL