Report - mywalmart.com-26.store/view-buyer-purchase-list

Report Overview

Visited public
2025-03-04 08:35:00
Tags
suspicious
URL
mywalmart.com-26.store/view-buyer-purchase-list
Finishing URL
mywalmart.com-26.store/view-buyer-purchase-list/
IP / ASN
66.29.148.72
#22612 NAMECHEAP-NET
Title
Redirecting to Walmart
Suspicious - Suspicious Javascript code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
mywalmart.com-26.store	unknown	2025-02-25	2025-03-04	2025-03-04	1.0 kB	644 kB	66.29.148.72
norishare.com	unknown	2018-04-03	2019-07-10	2025-02-20	515 B	20 kB	45.147.99.189

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-03-04 08:34:44	low	Client IP	45.147.99.189	ET INFO Observed Observed Abused File Sharing Service Domain (norishare .com in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
norishare.com/api/uploads/gFjy7UmrjPh/download/
IP
45.147.99.189
ASN
#62000 Serverd SAS

File type
Zip archive data, at least v2.1 to extract, compression method=deflate64
Size
19 kB (18978 bytes)
Hash
303f0754940a3e10dda06564c653e4d1
86bf2268cc6958f5e86ac4524cb1100fd2efc9a3
f02f009be7c4127e68e802320fd82a47d6aa7fee442e4c0ef673e5b0cfe7d6bb

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	mywalmart.com-26.store/view-buyer-purchase-list/	ScriptElement	322 kB	2025-03-04	2025-03-04
Pretty URL mywalmart.com-26.store/view-buyer-purchase-list/ IP 66.29.148.72 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-04 08:35 Last Seen2025-03-04 08:35 Times Seen1 Hash 59de0f2c3b1a2e6a2e4a92e771b593c4 4e5eda9edca7bba34ddf9c7f9ba0e66062b20d3e b6b804b66e23570772b818842b7e7286c2575ad690487623828acc3158de4c46 Loading...

		Size	First Seen	Last Seen
	#1 Write - d80b23fb5602a65c1a9b92ecef60a673	107 kB	2025-03-04 08:35	2025-03-04 08:35
Pretty Observations First Seen2025-03-04 08:35 Last Seen2025-03-04 08:35 Times Seen1 Hash d80b23fb5602a65c1a9b92ecef60a673 2767ceb2754f78cc016bb4c7057d3722c97f29ef 5bba477d56ad2a67e7e60a0f8bfd001f3b8c8d24b973a4401d446efb62dfbd46 Loading...

HTTP Transactions (3)

URL IP Response Size

mywalmart.com-26.store/view-buyer-purchase-list

66.29.148.72

301 Moved Permanently

322 kB

URL User Request GET
mywalmart.com-26.store/view-buyer-purchase-list
IP
66.29.148.72:443
ASN
#22612 NAMECHEAP-NET

Certificate
IssuerSectigo Limited
Subjectmywalmart.com-26.store
Fingerprint03:FD:6F:A5:A4:33:9F:AE:94:6A:07:A4:09:D7:BE:A4:6A:2E:DC:24
ValidityTue, 25 Feb 2025 00:00:00 GMT - Wed, 25 Feb 2026 23:59:59 GMT

File type

Size
322 kB (321484 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /view-buyer-purchase-list HTTP/1.1
Host: mywalmart.com-26.store
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
content-type: text/html
content-length: 795
date: Tue, 04 Mar 2025 08:34:40 GMT
server: LiteSpeed
location: https://mywalmart.com-26.store/view-buyer-purchase-list/
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

mywalmart.com-26.store/view-buyer-purchase-list/

66.29.148.72

200 OK

322 kB

URL User Request GET
mywalmart.com-26.store/view-buyer-purchase-list/
IP
66.29.148.72:443
ASN
#22612 NAMECHEAP-NET

Certificate
IssuerSectigo Limited
Subjectmywalmart.com-26.store
Fingerprint03:FD:6F:A5:A4:33:9F:AE:94:6A:07:A4:09:D7:BE:A4:6A:2E:DC:24
ValidityTue, 25 Feb 2025 00:00:00 GMT - Wed, 25 Feb 2026 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (65536), with no line terminators
Size
322 kB (321484 bytes)
Hash
4fbaaf0eded55e6cd6859d3da7f875ce
63fdcf998de1a7233a7a65a656d547cfba6bbed4
fae1f644e76fcdca8df0a1b502c53319700c4a3a9a5417ce5b3c419df8443a72

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Suspicious Javascript code

HTTP Headers

GET /view-buyer-purchase-list/ HTTP/1.1
Host: mywalmart.com-26.store
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Feb 2025 15:14:00 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 105118
date: Tue, 04 Mar 2025 08:34:41 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

norishare.com/api/uploads/gFjy7UmrjPh/download/

45.147.99.189

200 OK

19 kB

URL User Request GET
norishare.com/api/uploads/gFjy7UmrjPh/download/
IP
45.147.99.189:443
ASN
#62000 Serverd SAS

Certificate
IssuerLet's Encrypt
Subjectwww.norishare.com
FingerprintA7:C3:42:0F:C8:BC:70:C4:36:03:C4:BE:19:0C:8B:22:B2:B6:FA:F3
ValiditySun, 12 Jan 2025 01:06:05 GMT - Sat, 12 Apr 2025 01:06:04 GMT

File type
Zip archive data, at least v2.1 to extract, compression method=deflate64
Size
19 kB (18978 bytes)
Hash
303f0754940a3e10dda06564c653e4d1
86bf2268cc6958f5e86ac4524cb1100fd2efc9a3
f02f009be7c4127e68e802320fd82a47d6aa7fee442e4c0ef673e5b0cfe7d6bb

HTTP Headers

GET /api/uploads/gFjy7UmrjPh/download/ HTTP/1.1
Host: norishare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=31536000
content-disposition: attachment; filename="Open%20-%20Walmart%20Products%20List.zip"
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; connect-src 'self'; frame-src 'self'; frame-ancestors 'self'; object-src 'self';
content-type: application/zip
date: Tue, 04 Mar 2025 08:34:44 GMT
etag: "67bdd0a2-4a22"
expires: Wed, 04 Mar 2026 08:34:44 GMT
last-modified: Tue, 25 Feb 2025 14:16:02 GMT
server: nginx
strict-transport-security: max-age=86400
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 18978
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (3)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers