Report - 69.128.62.126/login

Report Overview

Submitted URL
69.128.62.126/login
IP
69.128.62.126
ASN
#4181 TDS-AS
Submitted
2024-04-25 23:44:22
Access
public
Website Title
Login
Final URL
69.128.62.126/login
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
16

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
69.128.62.126	unknown	unknown	No data	No data	3.0 kB	46 kB	69.128.62.126

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-25	medium	69.128.62.126	Sinkholed
2024-04-25	medium	69.128.62.126	Sinkholed
2024-04-25	medium	69.128.62.126	Sinkholed
2024-04-25	medium	69.128.62.126	Sinkholed
2024-04-25	medium	69.128.62.126	Sinkholed
2024-04-25	medium	69.128.62.126	Sinkholed
2024-04-25	medium	69.128.62.126	Sinkholed
2024-04-25	medium	69.128.62.126	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	Size	First Seen	Last Seen
	69.128.62.126/login/auth.min.js?3.8.403.1	142 kB	2023-03-13	2024-05-05
Pretty URL 69.128.62.126/login/auth.min.js?3.8.403.1 IP 69.128.62.126 ASN #4181 TDS-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:07:38 Last Seen2024-05-05 01:04:09 Times Seen33 Hash 6c8a63e40f08d3ce371fd22e8d46243d 96a2bb6540398c5b31df7b598a84becfe35976c4 c3931ac40f2381bcd91e768582ca8c7157e8e43c0567e57a0ea8d2afad95cc80 Loading...

HTTP Transactions (8)

URL IP Response Size

69.128.62.126/

69.128.62.126

863 B

URL
69.128.62.126/
IP
69.128.62.126:0
ASN
#4181 TDS-AS

File type
HTML document, ASCII text
Size
863 B (863 bytes)
Hash
b047a527da493362dcf8f51329fb0778
0a448c37c6a7af687e4def019d9152a65860d9f7
79ff4bacc2a704be0339c5f89841628b1fa36668145367c682fcd5b3f2e2f465

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 69.128.62.126
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
date: Thu, 25 Apr 2024 23:36:46 GMT
content-length: 863
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-language: en-US,en;q=0.5
x-frame-options: sameorigin
content-type: text/html; charset=UTF-8
location: http://69.128.62.126/login
cache-control: private, must-revalidate
set-cookie: niagara_session=s62bf308456a3f204bf9b280f14bc6d47583d94510acb27d6c0; path=/; HttpOnly

69.128.62.126/login

69.128.62.126

200 OK

1.1 kB

URL User Request GET HTTP/1.1
69.128.62.126/login
IP
69.128.62.126:80
ASN
#4181 TDS-AS

File type
HTML document, ASCII text, with very long lines (370)
Size
1.1 kB (1114 bytes)
Hash
027b97c8c7ebbd6731bd85dc0390fcf1
f4f9a487240f4c0fda147d0816890ec2ad12d819
b0540eb6e3c8b225dae4458295be98397435b164bf98a7ae7f588ae37fee896d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login HTTP/1.1
Host: 69.128.62.126
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Thu, 25 Apr 2024 23:36:47 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
transfer-encoding: chunked
accept-language: en-US,en;q=0.5
x-frame-options: sameorigin
content-encoding: gzip
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store
set-cookie: niagara_session=sdd0036f42f4eba8ec06d3b901e8c029ce86e384b3ab61648bb; path=/; HttpOnly

69.128.62.126/login

69.128.62.126

200 OK

1.1 kB

URL User Request GET HTTP/1.1
69.128.62.126/login
IP
69.128.62.126:80
ASN
#4181 TDS-AS

File type
HTML document, ASCII text, with very long lines (370)
Size
1.1 kB (1114 bytes)
Hash
027b97c8c7ebbd6731bd85dc0390fcf1
f4f9a487240f4c0fda147d0816890ec2ad12d819
b0540eb6e3c8b225dae4458295be98397435b164bf98a7ae7f588ae37fee896d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login HTTP/1.1
Host: 69.128.62.126
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Thu, 25 Apr 2024 23:36:47 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
transfer-encoding: chunked
accept-language: en-US,en;q=0.5
x-frame-options: sameorigin
content-encoding: gzip
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store
set-cookie: niagara_session=s583c24baff90043d9f444e5bcdf21d4e6e52595f71acdc31e5; path=/; HttpOnly

69.128.62.126/login/login.css?3.8.403.1

69.128.62.126

200 OK

872 B

URL GET HTTP/1.1
69.128.62.126/login/login.css?3.8.403.1
IP
69.128.62.126:80
ASN
#4181 TDS-AS

Requested by
http://69.128.62.126/login

File type
assembler source, ASCII text
Size
872 B (872 bytes)
Hash
4669d38dcfa8febc0150174d421010bd
35d8dbbe5f30be06e0bc3370626a06a229a08805
cea0c0c0d78ed7168550b8c37e493d3419984113991fb416820c4d92aa5296d8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login/login.css?3.8.403.1 HTTP/1.1
Host: 69.128.62.126
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://69.128.62.126/login
Cookie: niagara_session=s583c24baff90043d9f444e5bcdf21d4e6e52595f71acdc31e5
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Thu, 25 Apr 2024 23:36:48 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
transfer-encoding: chunked
accept-language: en-US,en;q=0.5
x-frame-options: sameorigin
content-encoding: gzip
content-type: text/css; charset=UTF-8
cache-control: private, must-revalidate

69.128.62.126/login/auth.min.js?3.8.403.1

69.128.62.126

200 OK

41 kB

URL GET HTTP/1.1
69.128.62.126/login/auth.min.js?3.8.403.1
IP
69.128.62.126:80
ASN
#4181 TDS-AS

Requested by
http://69.128.62.126/login

File type
JavaScript source, ASCII text, with very long lines (8624)
Size
41 kB (40753 bytes)
Hash
6c8a63e40f08d3ce371fd22e8d46243d
96a2bb6540398c5b31df7b598a84becfe35976c4
c3931ac40f2381bcd91e768582ca8c7157e8e43c0567e57a0ea8d2afad95cc80

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login/auth.min.js?3.8.403.1 HTTP/1.1
Host: 69.128.62.126
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://69.128.62.126/login
Cookie: niagara_session=s583c24baff90043d9f444e5bcdf21d4e6e52595f71acdc31e5
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Thu, 25 Apr 2024 23:36:48 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
transfer-encoding: chunked
accept-language: en-US,en;q=0.5
x-frame-options: sameorigin
content-encoding: gzip
content-type: text/javascript; charset=UTF-8
cache-control: private, must-revalidate

69.128.62.126/login/login.js?3.8.403.1

0.0.0.0

0 B

URL GET
69.128.62.126/login/login.js?3.8.403.1
IP
0.0.0.0:0
ASN
#0

Requested by
http://69.128.62.126/login

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login/login.js?3.8.403.1 HTTP/1.1
Host: 69.128.62.126
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://69.128.62.126/login
Cookie: niagara_session=s583c24baff90043d9f444e5bcdf21d4e6e52595f71acdc31e5
Pragma: no-cache
Cache-Control: no-cache

69.128.62.126/login/logo

0.0.0.0

0 B

URL GET
69.128.62.126/login/logo
IP
0.0.0.0:0
ASN
#0

Requested by
http://69.128.62.126/login

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login/logo HTTP/1.1
Host: 69.128.62.126
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://69.128.62.126/login
Cookie: niagara_session=s583c24baff90043d9f444e5bcdf21d4e6e52595f71acdc31e5
Pragma: no-cache
Cache-Control: no-cache

69.128.62.126/login/keys.png

0.0.0.0

0 B

URL GET
69.128.62.126/login/keys.png
IP
0.0.0.0:0
ASN
#0

Requested by
http://69.128.62.126/login

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login/keys.png HTTP/1.1
Host: 69.128.62.126
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://69.128.62.126/login
Cookie: niagara_session=s583c24baff90043d9f444e5bcdf21d4e6e52595f71acdc31e5
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (8)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by