Report - cdn-analytic.com/bDjkb2xSd/Login.php

Report Overview

Submitted URL
cdn-analytic.com/bDjkb2xSd/Login.php
IP
209.94.63.224
ASN
#25697 UPCLOUDUSA
Submitted
2024-04-20 04:44:40
Access
public
Website Title
cdn-analytic.com is a custom short domain
Final URL
cdn-analytic.com/bDjkb2xSd/Login.php
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
12

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-04-18	1.0 kB	35 kB	216.58.207.227
cdn-analytic.com	unknown	2024-02-16	2021-05-23	2024-03-20	1.1 kB	5.7 kB	209.94.63.224
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-19	451 B	18 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2024-04-20	medium	cdn-analytic.com	Sinkholed
2024-04-20	medium	cdn-analytic.com	Sinkholed
2024-04-20	medium	cdn-analytic.com	Sinkholed

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-20	medium	cdn-analytic.com	Sinkholed
2024-04-20	medium	cdn-analytic.com	Sinkholed
2024-04-20	medium	cdn-analytic.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (6)

URL IP Response Size

cdn-analytic.com/bDjkb2xSd/Login.php

209.94.63.224

200 OK

1.5 kB

URL User Request GET HTTP/1.1
cdn-analytic.com/bDjkb2xSd/Login.php
IP
209.94.63.224:80
ASN
#25697 UPCLOUDUSA

File type
HTML document, ASCII text, with very long lines (785), with CRLF line terminators
Size
1.5 kB (1544 bytes)
Hash
8b28f670e876ebdffc93f5ea4448aa21
adabf27b4e9882356baaef9d459cda3f1d46c35c
0382f515b8317e9371c1f57c770f1adb54bf6c53635c593f5fdb807c9a809cdb

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bDjkb2xSd/Login.php HTTP/1.1
Host: cdn-analytic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 20 Apr 2024 04:44:15 GMT
Server: Apache/2.4.52 (Ubuntu)
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1544
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

cdn-analytic.com/bDjkb2xSd/loading.gif

209.94.63.224

200 OK

1.5 kB

URL GET HTTP/1.1
cdn-analytic.com/bDjkb2xSd/loading.gif
IP
209.94.63.224:80
ASN
#25697 UPCLOUDUSA

Requested by
http://cdn-analytic.com/bDjkb2xSd/Login.php

File type
HTML document, ASCII text, with very long lines (785), with CRLF line terminators
Size
1.5 kB (1544 bytes)
Hash
8b28f670e876ebdffc93f5ea4448aa21
adabf27b4e9882356baaef9d459cda3f1d46c35c
0382f515b8317e9371c1f57c770f1adb54bf6c53635c593f5fdb807c9a809cdb

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bDjkb2xSd/loading.gif HTTP/1.1
Host: cdn-analytic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://cdn-analytic.com/bDjkb2xSd/Login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 20 Apr 2024 04:44:16 GMT
Server: Apache/2.4.52 (Ubuntu)
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1544
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

fonts.googleapis.com/css2?family=Hind:wght@400;500&display=swap

142.250.74.106

200 OK

17 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Hind:wght@400;500&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
http://cdn-analytic.com/bDjkb2xSd/Login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
gzip compressed data, max compression
Size
17 kB (17256 bytes)
Hash
f8ce7c580bad8b5e476ddead622d7edc
911bf32c199cb379c880f6a20301af5f8da6e01a
4308b3be2f75f90cc6173281077b8a6b419256343784c91103e476384725116c

HTTP Headers

GET /css2?family=Hind:wght@400;500&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://cdn-analytic.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 20 Apr 2024 04:44:16 GMT
date: Sat, 20 Apr 2024 04:44:16 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/hind/v16/5aU69_a8oxmIdGl4BA.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/hind/v16/5aU69_a8oxmIdGl4BA.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
http://cdn-analytic.com/bDjkb2xSd/Login.php
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74
ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT

File type
Web Open Font Format (Version 2), TrueType, length 16216, version 1.0
Size
16 kB (16216 bytes)
Hash
4c5bc71b3cf6f2584725c0bb3e25d391
f051f482061dc48d09c328c45459dd04db5b5547
aca5dec430a7470ff1d8a16f9e7bb3ca30f2ff58f3bd60432cf1dddfa30c9d71

HTTP Headers

GET /s/hind/v16/5aU69_a8oxmIdGl4BA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://cdn-analytic.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16216
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 03:22:03 GMT
expires: Wed, 16 Apr 2025 03:22:03 GMT
cache-control: public, max-age=31536000
age: 350533
last-modified: Tue, 26 Apr 2022 15:45:50 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn-analytic.com/favicon.ico

209.94.63.224

200 OK

1.5 kB

URL GET HTTP/1.1
cdn-analytic.com/favicon.ico
IP
209.94.63.224:80
ASN
#25697 UPCLOUDUSA

Requested by
http://cdn-analytic.com/bDjkb2xSd/Login.php

File type
HTML document, ASCII text, with very long lines (785), with CRLF line terminators
Size
1.5 kB (1544 bytes)
Hash
8b28f670e876ebdffc93f5ea4448aa21
adabf27b4e9882356baaef9d459cda3f1d46c35c
0382f515b8317e9371c1f57c770f1adb54bf6c53635c593f5fdb807c9a809cdb

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: cdn-analytic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://cdn-analytic.com/bDjkb2xSd/Login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 20 Apr 2024 04:44:16 GMT
Server: Apache/2.4.52 (Ubuntu)
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1544
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

fonts.gstatic.com/s/hind/v16/5aU19_a8oxmIfJpbERySjQ.woff2

216.58.207.227

200 OK

17 kB

URL GET HTTP/2
fonts.gstatic.com/s/hind/v16/5aU19_a8oxmIfJpbERySjQ.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
http://cdn-analytic.com/bDjkb2xSd/Login.php
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74
ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT

File type
Web Open Font Format (Version 2), TrueType, length 16788, version 1.0
Size
17 kB (16788 bytes)
Hash
fd24af413cb9cfdc66d2ff712bdfd614
978c3d524cc6a8114d11f78b6292b58c69cb8632
16ab274f0ede84be01a0361263faeb3ff18d2d95d155d6b9d654ef37f87db1f5

HTTP Headers

GET /s/hind/v16/5aU19_a8oxmIfJpbERySjQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://cdn-analytic.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16788
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 17:30:12 GMT
expires: Fri, 18 Apr 2025 17:30:12 GMT
cache-control: public, max-age=31536000
age: 126844
last-modified: Tue, 26 Apr 2022 16:08:13 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (6)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers