It's the user's IP address. It's a primitive way of ensuring that not just anyone can access the target URL:
- The Moodle URL resource passes the MD5 hash as a parameter. This is the hash of the secret and the user's IP address.
- The target server knows the secret and reads the user's IP address from the request. It performs the same hash as Moodle and verifies this matches the hash included in the URL.
A user at the same site having the same external IP address could use an identical hash to obtain access but anyone else could not.
If this instead used the Moodle server's IP address then the hash would never change. Anyone in the world who obtained that link could access the target URL with the valid hash.