Report Overview
Visitedpublic
2026-01-31 05:17:08
Tags
Submit Tags
URL
claim-espresso.com/
Finishing URL
claim-espresso.com/
IP / ASN
172.67.175.150
Title
Espresso Claim Portal
Detections
urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
4
Host Summary
| Host | Rank | Registered | First Seen | Last Seen | Sent | Received | IP | Fingerprints |
|---|---|---|---|---|---|---|---|---|
us.i.posthog.com | 42193 | 2020-01-23 | 2024-02-22 | 2026-01-28 | 1.2 kB | 1.6 kB |  54.243.92.24 |  |
cdn.jsdelivr.net | 1678 | 2012-05-16 | 2012-09-30 | 2026-01-25 | 483 B | 165 kB | 104.16.175.226 |  |
fonts.gstatic.com | unknown | 2008-02-11 | 2014-04-02 | 2026-01-25 | 541 B | 74 kB | 142.250.74.3 | |
challenges.cloudflare.com | 11393 | 2009-02-17 | 2021-10-20 | 2026-01-25 | 5.1 kB | 511 kB | 104.18.94.41 | |
rpc.walletconnect.org | 891779 | 2018-03-26 | 2023-02-11 | 2026-01-30 | 538 B | 1.7 kB |  18.185.182.14 | |
assets.unicorn.studio | 3759026 | 2020-08-17 | 2024-10-30 | 2026-01-30 | 525 B | 77 kB | 34.120.54.136 |    |
www.googletagmanager.com | 283 | 2011-11-11 | 2012-10-04 | 2026-01-25 | 446 B | 437 kB | 142.250.178.72 | |
magna-public-assets-prod.s3.amazonaws.com | unknown | 2005-08-18 | 2025-12-28 | 2026-01-30 | 492 B | 11 kB | 52.217.235.105 |   |
claim.espresso.foundation | unknown | 2022-02-16 | 2025-12-31 | 2026-01-30 | 22 kB | 5.6 MB | 216.150.1.129 |  |
claim-espresso.com 2 alert(s) on this Host | unknown | unknown | No data | No data | 12 kB | 3.8 MB | 104.21.75.122 | |
api.ipify.org | 8166 | 2014-01-05 | 2014-10-06 | 2026-01-26 | 449 B | 271 B | 104.26.13.205 | |
public-bsc.nownodes.io 2 alert(s) on this Host | unknown | 2019-05-20 | 2025-10-14 | 2026-01-24 | 1.0 kB | 1.6 kB | 104.20.35.2 | |
us-assets.i.posthog.com | 57965 | 2020-01-23 | 2024-02-22 | 2026-01-28 | 2.0 kB | 113 kB | 104.20.17.167 | |
fonts.googleapis.com | 313 | 2005-01-25 | 2012-05-23 | 2026-01-25 | 1.9 kB | 15 kB | 216.58.211.10 | |
magna-public-assets-prod.s3.us-east-1.amazonaws.com | unknown | 2005-08-18 | 2025-12-31 | 2026-01-30 | 534 B | 57 kB | 16.182.33.42 | |
fbsfoewlknwkpew111.live 1 alert(s) on this Host | unknown | unknown | 2025-11-30 | 2026-01-31 | 455 B | 627 B | 188.114.97.1 | |
Envoy (Reverse proxies)
Envoy is an open-source edge and service proxy, designed for cloud-native applications.Cloudflare (CDN)
Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.Google Cloud CDN (CDN)
Cloud CDN uses Google's global edge network to serve content closer to users.Google Cloud (IaaS)
Google Cloud is a suite of cloud computing services.Google Cloud Storage (Miscellaneous)
Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.Amazon S3 (CDN)
Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.Amazon Web Services (PaaS)
Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.Vercel (PaaS)
Vercel is a cloud platform for static frontends and serverless functions.Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
| Timestamp | Severity | Source IP | Destination IP | Alert |
|---|---|---|---|---|
| low | Client IP | 104.26.13.205 | ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI |
Threat Detection Systems
| Detection System | Indicator | Verdict | Alert |
|---|---|---|---|
| Nextron YARA rules | claim-espresso.com/assets/secure.php?req=ping | malware | PHP webshell obfuscated by encoding of mixed hex and dec |
| Nextron YARA rules | claim-espresso.com/assets/secure.php?req=ping | malware | Known PHP Webshells which contain unique strings, lousy rule for low hanging fruits. Most are catched by other rules in here but maybe these catch different versions. |
| Quad9 DNS | public-bsc.nownodes.io | malicious | Sinkholed |
| DNS4EU | fbsfoewlknwkpew111.live | malicious | Sinkholed |
JavaScript (133)
| HASH | FROM | Size | First Seen | Last Seen | |
|---|---|---|---|---|---|
| 086707e4369f60afedcafb16050a7618 | DocumentWrite | 39 B | 2023-03-07 | 2026-03-01 | |
Introduced by DocumentWrite First Seen 2023-03-07 Last Seen 2026-03-01 Times Seen 616770 Size 39 B (39 bytes) MD5 086707e4369f60afedcafb16050a7618 SHA1 8216b0cc6876cbd44f01c158e7dff3833ceccd41 Loading... | |||||
HTTP Transactions (90)
| URL | IP | Response | Size |
|---|