Report - 64.124.50.139/login

Report Overview

Submitted URL
64.124.50.139/login
IP
64.124.50.139
ASN
#6461 ZAYO-6461
Submitted
2024-05-04 23:04:03
Access
public
Website Title
Login
Final URL
64.124.50.139/login
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
12

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
64.124.50.139	unknown	unknown	No data	No data	2.5 kB	55 kB	64.124.50.139

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-04	medium	64.124.50.139	Sinkholed
2024-05-04	medium	64.124.50.139	Sinkholed
2024-05-04	medium	64.124.50.139	Sinkholed
2024-05-04	medium	64.124.50.139	Sinkholed
2024-05-04	medium	64.124.50.139	Sinkholed
2024-05-04	medium	64.124.50.139	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	64.124.50.139/login/auth.min.js?3.8.111	142 kB	2023-03-13	2024-05-05
Pretty URL 64.124.50.139/login/auth.min.js?3.8.111 IP 64.124.50.139 ASN #6461 ZAYO-6461 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:07:38 Last Seen2024-05-05 01:04:09 Times Seen33 Hash 6c8a63e40f08d3ce371fd22e8d46243d 96a2bb6540398c5b31df7b598a84becfe35976c4 c3931ac40f2381bcd91e768582ca8c7157e8e43c0567e57a0ea8d2afad95cc80 Loading...

	64.124.50.139/login/login.js?3.8.111	14 kB	2023-03-13	2024-05-05
Pretty URL 64.124.50.139/login/login.js?3.8.111 IP 64.124.50.139 ASN #6461 ZAYO-6461 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:07:38 Last Seen2024-05-05 01:04:09 Times Seen31 Hash 861f3a843a634228ff28db2092a4512d 10789c1ca01cfa1883b336dc231af32adf5e0899 41f7b3357c479ab61bcffa24b66ad13446605a0bdb0aeb2a8bb395606972dbb9 Loading...

	unknown	7 B	2023-03-10	2024-05-18
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-03-10 12:50:22 Last Seen2024-05-18 08:11:37 Times Seen631 Hash 907ff32016c8e95da3b470712b3407e2 58d5164eb8654c00bccd982ddf22734ff34a2fcb 1849cce6ad67618fe20029f2313768bfeb4da7d3857019e70e03575176953577 Loading...

	64.124.50.139/login	92 B	2023-05-23	2024-05-05
Pretty URL 64.124.50.139/login IP 64.124.50.139 ASN #6461 ZAYO-6461 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-23 23:26:23 Last Seen2024-05-05 01:04:09 Times Seen43 Hash 3e3e8d47cdcb7b84572550f9c6e051e4 f9678fb8031769aa05fc978e85bd70f615f3146c 412757a66f2079c2428e4fe61ad25f0144d6007ddc35ad418ce3e6e63c6713b9 Loading...

	64.124.50.139/login	0 B	2023-03-07	2024-05-18
Pretty URL 64.124.50.139/login IP 64.124.50.139 ASN #6461 ZAYO-6461 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-18 14:25:42 Times Seen37786881 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (6)

URL IP Response Size

64.124.50.139/login

64.124.50.139

200 OK

1.1 kB

URL User Request GET HTTP/1.1
64.124.50.139/login
IP
64.124.50.139:80
ASN
#6461 ZAYO-6461

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
1.1 kB (1061 bytes)
Hash
7d6a2ab1355b5ff24093e9349973e847
b84fd284e2b4eefcad09af884f7924faef348123
a5b60469fa091788df4865927313de97f39c46c4956859093ca24b3b2d83c186

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login HTTP/1.1
Host: 64.124.50.139
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Sat, 04 May 2024 23:03:43 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
transfer-encoding: chunked
accept-language: en-US,en;q=0.5
x-frame-options: sameorigin
content-encoding: gzip
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store
set-cookie: niagara_session=sfe77285dc6ed1ded6833d1733e42db4170a91a4ab0642eb80e; path=/
server: Niagara Web Server/3.8.111

64.124.50.139/login/login.css?3.8.111

64.124.50.139

200 OK

872 B

URL GET HTTP/1.1
64.124.50.139/login/login.css?3.8.111
IP
64.124.50.139:80
ASN
#6461 ZAYO-6461

Requested by
http://64.124.50.139/login

File type
assembler source, ASCII text
Size
872 B (872 bytes)
Hash
4669d38dcfa8febc0150174d421010bd
35d8dbbe5f30be06e0bc3370626a06a229a08805
cea0c0c0d78ed7168550b8c37e493d3419984113991fb416820c4d92aa5296d8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login/login.css?3.8.111 HTTP/1.1
Host: 64.124.50.139
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://64.124.50.139/login
Cookie: niagara_session=sfe77285dc6ed1ded6833d1733e42db4170a91a4ab0642eb80e
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Sat, 04 May 2024 23:03:43 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
transfer-encoding: chunked
accept-language: en-US,en;q=0.5
x-frame-options: sameorigin
content-encoding: gzip
content-type: text/css; charset=UTF-8
cache-control: private, must-revalidate
server: Niagara Web Server/3.8.111

64.124.50.139/login/login.js?3.8.111

64.124.50.139

200 OK

4.3 kB

URL GET HTTP/1.1
64.124.50.139/login/login.js?3.8.111
IP
64.124.50.139:80
ASN
#6461 ZAYO-6461

Requested by
http://64.124.50.139/login

File type
Unicode text, UTF-8 text
Size
4.3 kB (4299 bytes)
Hash
861f3a843a634228ff28db2092a4512d
10789c1ca01cfa1883b336dc231af32adf5e0899
41f7b3357c479ab61bcffa24b66ad13446605a0bdb0aeb2a8bb395606972dbb9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login/login.js?3.8.111 HTTP/1.1
Host: 64.124.50.139
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://64.124.50.139/login
Cookie: niagara_session=sfe77285dc6ed1ded6833d1733e42db4170a91a4ab0642eb80e
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Sat, 04 May 2024 23:03:43 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
transfer-encoding: chunked
accept-language: en-US,en;q=0.5
x-frame-options: sameorigin
content-encoding: gzip
content-type: text/javascript; charset=UTF-8
cache-control: private, must-revalidate
server: Niagara Web Server/3.8.111

64.124.50.139/login/auth.min.js?3.8.111

64.124.50.139

200 OK

41 kB

URL GET HTTP/1.1
64.124.50.139/login/auth.min.js?3.8.111
IP
64.124.50.139:80
ASN
#6461 ZAYO-6461

Requested by
http://64.124.50.139/login

File type
JavaScript source, ASCII text, with very long lines (8624)
Size
41 kB (40753 bytes)
Hash
6c8a63e40f08d3ce371fd22e8d46243d
96a2bb6540398c5b31df7b598a84becfe35976c4
c3931ac40f2381bcd91e768582ca8c7157e8e43c0567e57a0ea8d2afad95cc80

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login/auth.min.js?3.8.111 HTTP/1.1
Host: 64.124.50.139
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://64.124.50.139/login
Cookie: niagara_session=sfe77285dc6ed1ded6833d1733e42db4170a91a4ab0642eb80e
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Sat, 04 May 2024 23:03:43 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
transfer-encoding: chunked
accept-language: en-US,en;q=0.5
x-frame-options: sameorigin
content-encoding: gzip
content-type: text/javascript; charset=UTF-8
cache-control: private, must-revalidate
server: Niagara Web Server/3.8.111

64.124.50.139/login/keys.png

64.124.50.139

200 OK

2.8 kB

URL GET HTTP/1.1
64.124.50.139/login/keys.png
IP
64.124.50.139:80
ASN
#6461 ZAYO-6461

Requested by
http://64.124.50.139/login

File type
PNG image data, 64 x 64, 8-bit colormap, non-interlaced
Size
2.8 kB (2786 bytes)
Hash
129f914b2570b50374ebeb8f1306617d
43a794b181040b7278080667d272bc9e4a56e929
3377ae917f6dcc1ee5d3cc09e0a4a7d2e92968acd153f34fd9adb6aa2ec5660d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login/keys.png HTTP/1.1
Host: 64.124.50.139
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://64.124.50.139/login
Cookie: niagara_session=sfe77285dc6ed1ded6833d1733e42db4170a91a4ab0642eb80e
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Sat, 04 May 2024 23:03:44 GMT
content-length: 2786
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-language: en-US,en;q=0.5
x-frame-options: sameorigin
content-type: image/png; charset=UTF-8
cache-control: private, must-revalidate
server: Niagara Web Server/3.8.111

64.124.50.139/favicon.ico

64.124.50.139

200 OK

3.6 kB

URL GET HTTP/1.1
64.124.50.139/favicon.ico
IP
64.124.50.139:80
ASN
#6461 ZAYO-6461

Requested by
http://64.124.50.139/login

File type
MS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
Size
3.6 kB (3638 bytes)
Hash
d8d705cef8dbf67357ee908f42fd1baa
b3620afa1746a1c1655fbb3ca88d35c8ab5df6d0
bba82de3842176d0d43f843188b424a4e3239b1ffab1ebf670d150cac2db4673

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 64.124.50.139
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://64.124.50.139/login
Cookie: niagara_session=sfe77285dc6ed1ded6833d1733e42db4170a91a4ab0642eb80e
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Sat, 04 May 2024 23:03:45 GMT
content-length: 3638
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-language: en-US,en;q=0.5
x-frame-options: sameorigin
content-type: image/x-icon; charset=UTF-8
cache-control: private, must-revalidate
server: Niagara Web Server/3.8.111

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (6)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by