Re: https://urlquery.net/report/ca096556-c234-41a2-a460-c21e460f5bb1
No content returned: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=dHt8bnxsW3RbXnwudGtgc1t0e2BiW2cyYGd8dHsucGhw~enc
Find a new domain: http://www.dot.tk/en/index.html?lang=en
Consider also: https://www.rtsak.com/ip-lookup/195.20.41.7
Various detections on domain here: https://www.virustotal.com/en/domain/teanalitica.tk/information/
I now get:
HTTP headers:HTTP/1.1 448
Server: nginx
Date: Mon, 06 May 2019 20:56:38 GMT
Content-Length: 0
Connection: close
Scan failed too many requests: https://sitecheck.sucuri.net/results/teanalitica.tk
This opens up: 0.0.0.0
=========================
HTTP headers:
HTTP/1.1 203
Server: nginx
Date: Mon, 06 May 2019 21:04:36 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 652
Connection: close
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Set-Cookie: JSESSIONID=85EB8E8F9CE56A2B2F90359576652DBA; Path=/; HttpOnly
X-Server: ip-172-30-1-50 for -http://teanalitica.tk/404testpage4525d2fdc
see: https://www.virustotal.com/en/url/b89328a948e1e85482dc87349a8f365aa286d51d3d57950ad122338a323b9b18/analysis/1557176932/
file: https://www.virustotal.com/en/file/ac061aeb038d56f49ccd10f7684c8f20b7a75d965279217bdd9665c65992bbc9/analysis/1557152426/
Is this a malicious cab file? Cf-j2re-win.cab?
polonus (volunteer website security analyst and website error-hunter)