Report - crivebxxawrel.dynv6.net/update/login.php

Report Overview

Submitted URL
crivebxxawrel.dynv6.net/update/login.php
IP
18.219.55.197
ASN
#16509 AMAZON-02
Submitted
2024-05-08 18:47:00
Access
public
Website Title
Webmail
Final URL
crivebxxawrel.dynv6.net/update/login.php
Tags
dyndns
urlquery detections
Suspicious - DynDNS domain

Detections

urlquery
5
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
crivebxxawrel.dynv6.net	unknown	unknown	No data	No data	1.9 kB	14 kB	18.219.55.197
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-08	550 B	21 kB	142.250.74.67
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-07	904 B	3.9 kB	142.250.74.74

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	crivebxxawrel.dynv6.net/update/sandbox%20eval%20code	147 B	2023-04-11	2024-05-19
Pretty URL crivebxxawrel.dynv6.net/update/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-19 23:59:09 Times Seen350856 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-05-19
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-19 23:59:09 Times Seen350341 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	crivebxxawrel.dynv6.net/update/login.php	262 B	2024-05-08	2024-05-11
Pretty URL crivebxxawrel.dynv6.net/update/login.php IP 18.219.55.197 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-08 20:47:06 Last Seen2024-05-11 13:18:44 Times Seen2 Hash 8c9b992965a49f3cd01cc962ed75c6a9 bf2ddeb7cf89311e7613842864c3cf4e2fc7cddd 6419c2b17924c292c45bed2384544ba6c45d254c586ad86449a6c9918550a6b6 Loading...

	unknown	72 B	2024-05-06	2024-05-11
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2024-05-06 00:06:41 Last Seen2024-05-11 13:18:44 Times Seen3 Hash d649a68121feaf712ece9fda39bc431e 7b0e9c71570f503b80be02480363bd11170cbd21 fb9e6d3664f50f16e75a1b34d19aaecc2b18be866e0f2f00f2d86f7cc7e56cf3 Loading...

	crivebxxawrel.dynv6.net/update/login.php	396 B	2024-05-06	2024-05-11
Pretty URL crivebxxawrel.dynv6.net/update/login.php IP 18.219.55.197 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-06 00:06:41 Last Seen2024-05-11 13:18:44 Times Seen3 Hash 0c34b125a74d73e4923f80b0e7d9b86c ddfddb55825485f2090ccc5b24c7965b936bd5c6 2708f61f42870f06d89fba7218f52a685e62a6d11b1c5be851b073ac4adebf30 Loading...

	crivebxxawrel.dynv6.net/update/login.php	155 B	2023-03-07	2024-05-11
Pretty URL crivebxxawrel.dynv6.net/update/login.php IP 18.219.55.197 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 13:53:50 Last Seen2024-05-11 13:18:44 Times Seen4 Hash a3cf3aca566381476f4c7bca1064b508 47a5a65ff6075054b62b0d2ec52f8fbc947b1ab1 d235952f5d7e87a647884084a3b7f21c378fc1632ceecec15144bdd267cf863e Loading...

HTTP Transactions (7)

URL IP Response Size

crivebxxawrel.dynv6.net/update/login.php

18.219.55.197

200 OK

3.9 kB

URL User Request GET HTTP/1.1
crivebxxawrel.dynv6.net/update/login.php
IP
18.219.55.197:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectcrivebxxawrel.dynv6.net
FingerprintBC:1C:CD:06:9A:EB:9D:10:87:BA:91:32:2D:6B:27:41:92:C8:79:EB
ValidityMon, 06 May 2024 12:32:35 GMT - Sun, 04 Aug 2024 12:32:34 GMT

File type
HTML document, ISO-8859 text, with CRLF line terminators
Size
3.9 kB (3900 bytes)
Hash
a1dd00f2be0777e7ebeb099e63838eb8
d5e87ff4066aeeedccea66d4431b3ab5cadaa5d4
e317b199b70f7ec5e74c1d88ddfe4e6cece087be23013d83837c15d31b894807

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /update/login.php HTTP/1.1
Host: crivebxxawrel.dynv6.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 18:46:33 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3900
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

crivebxxawrel.dynv6.net/fancybox/jquery.fancybox-1.3.4.css

18.219.55.197

404 Not Found

286 B

URL GET HTTP/1.1
crivebxxawrel.dynv6.net/fancybox/jquery.fancybox-1.3.4.css
IP
18.219.55.197:443
ASN
#16509 AMAZON-02

Requested by
https://crivebxxawrel.dynv6.net/update/login.php
Certificate
IssuerLet's Encrypt
Subjectcrivebxxawrel.dynv6.net
FingerprintBC:1C:CD:06:9A:EB:9D:10:87:BA:91:32:2D:6B:27:41:92:C8:79:EB
ValidityMon, 06 May 2024 12:32:35 GMT - Sun, 04 Aug 2024 12:32:34 GMT

File type
HTML document, ASCII text
Size
286 B (286 bytes)
Hash
fcd88d20971d9a302cee9e4d7df9337b
627163e6f0e225a19618357a4f1eea0a7e78b2bf
877240a6b7c410d056948ee9b85b6863af4d4d346515a5165ca9258ff691578e

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /fancybox/jquery.fancybox-1.3.4.css HTTP/1.1
Host: crivebxxawrel.dynv6.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crivebxxawrel.dynv6.net/update/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Wed, 08 May 2024 18:46:34 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 286
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

crivebxxawrel.dynv6.net/update/webmail.css

18.219.55.197

200 OK

8.0 kB

URL GET HTTP/1.1
crivebxxawrel.dynv6.net/update/webmail.css
IP
18.219.55.197:443
ASN
#16509 AMAZON-02

Requested by
https://crivebxxawrel.dynv6.net/update/login.php
Certificate
IssuerLet's Encrypt
Subjectcrivebxxawrel.dynv6.net
FingerprintBC:1C:CD:06:9A:EB:9D:10:87:BA:91:32:2D:6B:27:41:92:C8:79:EB
ValidityMon, 06 May 2024 12:32:35 GMT - Sun, 04 Aug 2024 12:32:34 GMT

File type
ASCII text, with very long lines (387), with CRLF line terminators
Size
8.0 kB (8044 bytes)
Hash
3c820d424db34165a95f9aff5c3735c7
4ed541e37bedd346202b20870c77270f96294957
abfc93dae486580cbfc625f1ec3426eccdb0ee1b92816f87872d66a48af80e01

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /update/webmail.css HTTP/1.1
Host: crivebxxawrel.dynv6.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crivebxxawrel.dynv6.net/update/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 18:46:34 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Mon, 06 May 2024 13:28:12 GMT
ETag: "ceb9-617c90a808a91-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8044
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css

fonts.gstatic.com/s/worksans/v19/QGY_z_wNahGAdqQ43RhVcIgYT2Xz5u32K0nXBi8Jpg.woff2

142.250.74.67

200 OK

20 kB

URL GET HTTP/2
fonts.gstatic.com/s/worksans/v19/QGY_z_wNahGAdqQ43RhVcIgYT2Xz5u32K0nXBi8Jpg.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://crivebxxawrel.dynv6.net/update/login.php
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 20000, version 1.0
Size
20 kB (20000 bytes)
Hash
97d8353e1f7e4cf7befce53984b6760e
89959115610b69d2a26a75fd200163d6862c968e
996d2f01acc82f075e4de4980849bc80c64fb3756054b5265977636a978728f4

HTTP Headers

GET /s/worksans/v19/QGY_z_wNahGAdqQ43RhVcIgYT2Xz5u32K0nXBi8Jpg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://crivebxxawrel.dynv6.net
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20000
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 23:33:43 GMT
expires: Fri, 02 May 2025 23:33:43 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Sep 2023 00:54:48 GMT
content-type: font/woff2
age: 501171
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

crivebxxawrel.dynv6.net/favicon.ico

18.219.55.197

404 Not Found

286 B

URL GET HTTP/1.1
crivebxxawrel.dynv6.net/favicon.ico
IP
18.219.55.197:443
ASN
#16509 AMAZON-02

Requested by
https://crivebxxawrel.dynv6.net/update/login.php
Certificate
IssuerLet's Encrypt
Subjectcrivebxxawrel.dynv6.net
FingerprintBC:1C:CD:06:9A:EB:9D:10:87:BA:91:32:2D:6B:27:41:92:C8:79:EB
ValidityMon, 06 May 2024 12:32:35 GMT - Sun, 04 Aug 2024 12:32:34 GMT

File type
HTML document, ASCII text
Size
286 B (286 bytes)
Hash
fcd88d20971d9a302cee9e4d7df9337b
627163e6f0e225a19618357a4f1eea0a7e78b2bf
877240a6b7c410d056948ee9b85b6863af4d4d346515a5165ca9258ff691578e

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: crivebxxawrel.dynv6.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crivebxxawrel.dynv6.net/update/login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Wed, 08 May 2024 18:46:34 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 286
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

fonts.googleapis.com/css2?family=Work+Sans&display=swap

142.250.74.74

200 OK

1.2 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Work+Sans&display=swap
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://crivebxxawrel.dynv6.net/update/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (1270), with no line terminators
Size
1.2 kB (1243 bytes)
Hash
742c5c4896c1abb84e2e6df94b9f667a
0ef24e27705de3a30533d32cfac07c9e7b436307
51261c762477f208b3cb0f929c4321856f1d20c23a51784061a1240fafee6aa6

HTTP Headers

GET /css2?family=Work+Sans&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crivebxxawrel.dynv6.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 08 May 2024 18:46:34 GMT
date: Wed, 08 May 2024 18:46:34 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Archivo&display=swap

142.250.74.74

200 OK

1.3 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Archivo&display=swap
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://crivebxxawrel.dynv6.net/update/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (1374), with no line terminators
Size
1.3 kB (1344 bytes)
Hash
df0980fe4adba7c6a3a9397412f9a899
5750a7960886f70daf6096e06b706775bd708f87
d192333271629167bdef44c29143efe1f7193daec626d8bebce952a4cae04fd6

HTTP Headers

GET /css2?family=Archivo&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crivebxxawrel.dynv6.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 08 May 2024 18:46:34 GMT
date: Wed, 08 May 2024 18:46:34 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (7)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate