Report - santacruzpictures.com/231127cb88ba518d75b3f5300dd24f02/27nov_convo

Report Overview

Visited public
2023-11-30 08:20:57
Tags
URL
santacruzpictures.com/231127cb88ba518d75b3f5300dd24f02/27nov_convo
Finishing URL
about:privatebrowsing
IP / ASN
107.152.39.105
#11878 TZULO
Title
about:privatebrowsing

Detections

urlquery

0

Network Intrusion Detection

5

Threat Detection Systems

0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
santacruzpictures.com	unknown	2005-04-09	2019-01-31 09:56:03	2023-11-29 23:47:10	448 B	278 B	107.152.39.105
ocsp.starfieldtech.com	6616	2003-03-06	2012-06-22 20:08:50	2023-11-29 05:26:49	692 B	5.3 kB	192.124.249.22
www.iz8qatrk.com	unknown	2022-05-30	2022-06-03 13:47:40	2023-11-29 16:38:59	519 B	296 B	34.102.147.100

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-30 08:20:47	medium	Client IP	192.169.69.25	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-11-30 08:20:49	medium	Client IP	192.169.69.25	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-11-30 08:20:52	medium	Client IP	192.169.69.25	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-11-30 08:20:56	medium	Client IP	192.169.69.25	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-11-30 08:20:56	medium	Client IP	192.169.69.25	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (4)

	URL	IP	Response	Size
	santacruzpictures.com/231127cb88ba518d75b3f5300dd24f02/27nov_convo	107.152.39.105	302 Found	0 B
URL User Request GET HTTP/1.1 santacruzpictures.com/231127cb88ba518d75b3f5300dd24f02/27nov_convo IP 107.152.39.105:80 ASN #11878 TZULO File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /231127cb88ba518d75b3f5300dd24f02/27nov_convo HTTP/1.1 Host: santacruzpictures.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 302 Found Server: nginx Date: Thu, 30 Nov 2023 08:20:40 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive Keep-Alive: timeout=60 X-Powered-By: PHP/5.6.40 Location: https://www.iz8qatrk.com/4RQSJ/8FZXQCH/?creative_id=255667724`

	ocsp.starfieldtech.com/	192.124.249.22		2.1 kB
URL ocsp.starfieldtech.com/ IP 192.124.249.22:0 ASN #30148 SUCURI-SEC File type data Size 2.1 kB (2148 bytes) Hash 5c62599a707044153f7e1abfb9c40b5d ce85ea241b688aa863b9c66f1958ef85c141af4a d56f6014aa823bc4d7729bdd514680330527da0c923d42c1bc00151485199159 HTTP Headers `POST / HTTP/1.1 Host: ocsp.starfieldtech.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 75 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: Sucuri/Cloudproxy Date: Thu, 30 Nov 2023 08:20:40 GMT Content-Type: application/ocsp-response Content-Length: 2148 Connection: keep-alive X-Sucuri-ID: 19022 Content-Transfer-Encoding: Binary Cache-Control: public, no-transform, must-revalidate Last-Modified: Thu, 30 Nov 2023 04:24:59 GMT Expires: Fri, 01 Dec 2023 04:24:59 GMT ETag: "ce85ea241b688aa863b9c66f1958ef85c141af4a" P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"`

	www.iz8qatrk.com/4RQSJ/8FZXQCH/?creative_id=255667724	34.102.147.100	204 No Content	0 B
URL User Request GET HTTP/2 www.iz8qatrk.com/4RQSJ/8FZXQCH/?creative_id=255667724 IP 34.102.147.100:443 ASN #15169 GOOGLE Certificate IssuerStarfield Technologies, Inc. Subjecti4wntrk.com FingerprintEF:0D:3E:DD:24:6A:A0:67:4F:16:3B:71:EC:ED:A7:EE:05:53:7A:82 ValidityThu, 10 Aug 2023 14:53:25 GMT - Thu, 20 Jun 2024 16:13:11 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /4RQSJ/8FZXQCH/?creative_id=255667724 HTTP/1.1 Host: www.iz8qatrk.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 204 No Content server: nginx date: Thu, 30 Nov 2023 08:20:40 GMT accept-ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model vary: Origin x-eflow-request-id: 9e22940c-dad1-4479-8abf-e41c8a6d6d5f via: 1.1 google alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2`

	ocsp.starfieldtech.com/	192.124.249.22		2.1 kB
URL ocsp.starfieldtech.com/ IP 192.124.249.22:0 ASN #30148 SUCURI-SEC File type data Size 2.1 kB (2148 bytes) Hash 5c62599a707044153f7e1abfb9c40b5d ce85ea241b688aa863b9c66f1958ef85c141af4a d56f6014aa823bc4d7729bdd514680330527da0c923d42c1bc00151485199159 HTTP Headers `POST / HTTP/1.1 Host: ocsp.starfieldtech.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 75 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: Sucuri/Cloudproxy Date: Thu, 30 Nov 2023 08:20:40 GMT Content-Type: application/ocsp-response Content-Length: 2148 Connection: keep-alive X-Sucuri-ID: 19022 Content-Transfer-Encoding: Binary Cache-Control: public, no-transform, must-revalidate Last-Modified: Thu, 30 Nov 2023 04:24:59 GMT Expires: Fri, 01 Dec 2023 04:24:59 GMT ETag: "ce85ea241b688aa863b9c66f1958ef85c141af4a" P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"`