Report Overview
Visitedpublic
2026-01-31 07:12:34
Tags
Submit Tags
URL
tge-espresso.com
Finishing URL
tge-espresso.com/
IP / ASN
104.21.45.158
Title
Espresso Claim Portal
Detections
urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
4
Host Summary
| Host | Rank | Registered | First Seen | Last Seen | Sent | Received | IP | Fingerprints |
|---|---|---|---|---|---|---|---|---|
magna-public-assets-prod.s3.us-east-1.amazonaws.com | unknown | 2005-08-18 | 2025-12-31 | 2026-01-30 | 534 B | 57 kB |  16.15.195.134 |   |
assets.unicorn.studio | 3759026 | 2020-08-17 | 2024-10-30 | 2026-01-30 | 525 B | 77 kB | 34.120.54.136 |    |
fonts.gstatic.com | unknown | 2008-02-11 | 2014-04-02 | 2026-01-25 | 539 B | 74 kB | 142.250.74.3 | |
fbsfoewlknwkpew111.live 1 alert(s) on this Host | unknown | unknown | 2025-11-30 | 2026-01-31 | 451 B | 631 B | 188.114.96.1 |  |
www.googletagmanager.com | 283 | 2011-11-11 | 2012-10-04 | 2026-01-25 | 446 B | 437 kB | 142.251.142.232 | |
claim.espresso.foundation | unknown | 2022-02-16 | 2025-12-31 | 2026-01-30 | 22 kB | 5.6 MB | 216.150.1.193 |  |
tge-espresso.com 2 alert(s) on this Host | unknown | 2026-01-31 | 2026-01-31 | 2026-01-31 | 11 kB | 3.8 MB | 104.21.45.158 | |
us.i.posthog.com | 42193 | 2020-01-23 | 2024-02-22 | 2026-01-28 | 1.2 kB | 1.6 kB | 34.226.1.175 |  |
api.ipify.org | 8166 | 2014-01-05 | 2014-10-06 | 2026-01-26 | 445 B | 271 B | 172.67.74.152 | |
challenges.cloudflare.com | 11393 | 2009-02-17 | 2021-10-20 | 2026-01-25 | 5.1 kB | 519 kB | 104.18.95.41 | |
magna-public-assets-prod.s3.amazonaws.com | unknown | 2005-08-18 | 2025-12-28 | 2026-01-30 | 492 B | 11 kB | 16.15.199.187 | |
public-bsc.nownodes.io 2 alert(s) on this Host | unknown | 2019-05-20 | 2025-10-14 | 2026-01-24 | 1.0 kB | 1.6 kB | 104.20.35.2 | |
cdn.jsdelivr.net | 1678 | 2012-05-16 | 2012-09-30 | 2026-01-25 | 483 B | 165 kB | 104.16.174.226 | |
fonts.googleapis.com | 313 | 2005-01-25 | 2012-05-23 | 2026-01-25 | 1.9 kB | 15 kB | 216.58.211.10 | |
us-assets.i.posthog.com | 57965 | 2020-01-23 | 2024-02-22 | 2026-01-28 | 2.0 kB | 113 kB | 104.20.17.167 | |
rpc.walletconnect.org | 891779 | 2018-03-26 | 2023-02-11 | 2026-01-30 | 534 B | 1.7 kB |  63.178.159.235 |
Amazon S3 (CDN)
Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.Amazon Web Services (PaaS)
Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.Google Cloud CDN (CDN)
Cloud CDN uses Google's global edge network to serve content closer to users.Google Cloud Storage (Miscellaneous)
Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.Google Cloud (IaaS)
Google Cloud is a suite of cloud computing services.Cloudflare (CDN)
Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.Vercel (PaaS)
Vercel is a cloud platform for static frontends and serverless functions.Envoy (Reverse proxies)
Envoy is an open-source edge and service proxy, designed for cloud-native applications.Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
| Timestamp | Severity | Source IP | Destination IP | Alert |
|---|---|---|---|---|
| low | Client IP | 172.67.74.152 | ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI |
Threat Detection Systems
| Detection System | Indicator | Verdict | Alert |
|---|---|---|---|
| Nextron YARA rules | tge-espresso.com/assets/secure.php?req=ping | malware | PHP webshell obfuscated by encoding of mixed hex and dec |
| Nextron YARA rules | tge-espresso.com/assets/secure.php?req=ping | malware | Known PHP Webshells which contain unique strings, lousy rule for low hanging fruits. Most are catched by other rules in here but maybe these catch different versions. |
| DNS4EU | fbsfoewlknwkpew111.live | malicious | Sinkholed |
| Quad9 DNS | public-bsc.nownodes.io | malicious | Sinkholed |
JavaScript (131)
| HASH | FROM | Size | First Seen | Last Seen | |
|---|---|---|---|---|---|
| 086707e4369f60afedcafb16050a7618 | DocumentWrite | 39 B | 2023-03-07 | 2026-03-01 | |
Introduced by DocumentWrite First Seen 2023-03-07 Last Seen 2026-03-01 Times Seen 616870 Size 39 B (39 bytes) MD5 086707e4369f60afedcafb16050a7618 SHA1 8216b0cc6876cbd44f01c158e7dff3833ceccd41 Loading... | |||||
HTTP Transactions (89)
| URL | IP | Response | Size |
|---|