Report - almendrosterra2.com/cmg/link.html

Report Overview

Submitted URL
almendrosterra2.com/cmg/link.html
IP
149.56.93.240
ASN
#16276 OVH SAS
Submitted
2023-05-29 03:39:16
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
almendrosterra2.com	unknown	unknown	2018-12-06	2023-05-26	949 B	2.2 kB	149.56.93.240
drillersvm.com	unknown	2023-05-10	2023-05-10	2023-05-27	416 B	77 kB	45.15.25.122

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-05-29	medium	almendrosterra2.com/cmg/link.html

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	drillersvm.com/host/admin/js/sc.js	77 kB	2023-04-25	2023-07-04
Pretty URL drillersvm.com/host/admin/js/sc.js IP 45.15.25.122 ASN #47583 Hostinger International Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-25 13:53:48 Last Seen2023-07-04 07:45:33 Times Seen1814 Hash 5c05de7de220f69837dee08b2ae58883 22f4b2fac6d113ee9b482e749576f6e453018ed9 1f5c1bdb200cbd9423524b9e3c4dd1275de31313bf2f30a7318be555bec56330 Loading...

	unknown	34 B	2023-04-11	2024-04-25
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:16:40 Last Seen2024-04-25 10:39:48 Times Seen75017 Hash 572cb94037fffc2a0a53b465972e15f1 0d679b041a7c1ca45cc99e2d229fc2b86762838d 6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35 Loading...

HTTP Transactions (3)

URL IP Response Size

almendrosterra2.com/cmg/link.html

149.56.93.240

200 OK

132 B

URL User Request GET HTTP/2
almendrosterra2.com/cmg/link.html
IP
149.56.93.240:443
ASN
#16276 OVH SAS

Certificate
IssuerLet's Encrypt
Subjectalmendrosterra2.com
Fingerprint6F:4A:DA:55:B8:AE:B4:6A:17:BD:14:CF:AD:C7:EB:A4:25:C4:32:0F
ValiditySun, 07 May 2023 01:50:22 GMT - Sat, 05 Aug 2023 01:50:21 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Size
132 B (132 bytes)
Hash
4acb3d0fa0d608016ca744d99c39b429
8e1f499657493dab7221d3f4ffb054c7c76b2692
7765364e914cbd0bab1c373f153eb7ca3339fd23bd291b029c6bbeb7e50ef6f3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /cmg/link.html HTTP/1.1
Host: almendrosterra2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 23 May 2023 19:22:52 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 132
date: Mon, 29 May 2023 03:53:39 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

almendrosterra2.com/favicon.ico

149.56.93.240

404 Not Found

1.2 kB

URL GET HTTP/3
almendrosterra2.com/favicon.ico
IP
149.56.93.240:443
ASN
#16276 OVH SAS

Requested by
https://almendrosterra2.com/cmg/link.html
Certificate
IssuerLet's Encrypt
Subjectalmendrosterra2.com
Fingerprint6F:4A:DA:55:B8:AE:B4:6A:17:BD:14:CF:AD:C7:EB:A4:25:C4:32:0F
ValiditySun, 07 May 2023 01:50:22 GMT - Sat, 05 Aug 2023 01:50:21 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: almendrosterra2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://almendrosterra2.com/cmg/link.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Mon, 29 May 2023 03:53:41 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

drillersvm.com/host/admin/js/sc.js

45.15.25.122

200 OK

77 kB

URL GET HTTP/2
drillersvm.com/host/admin/js/sc.js
IP
45.15.25.122:443
ASN
#47583 Hostinger International Limited

Requested by
https://almendrosterra2.com/cmg/link.html
Certificate
IssuerLet's Encrypt
Subjectdrillersvm.com
FingerprintCF:AC:60:01:62:25:41:86:F6:00:59:74:93:8D:C9:87:75:21:15:49
ValidityWed, 10 May 2023 10:22:02 GMT - Tue, 08 Aug 2023 10:22:01 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
77 kB (77115 bytes)
Hash
5c05de7de220f69837dee08b2ae58883
22f4b2fac6d113ee9b482e749576f6e453018ed9
1f5c1bdb200cbd9423524b9e3c4dd1275de31313bf2f30a7318be555bec56330

HTTP Headers

GET /host/admin/js/sc.js HTTP/1.1
Host: drillersvm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://almendrosterra2.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 03:39:00 GMT
content-type: application/javascript
last-modified: Tue, 25 Apr 2023 10:18:34 GMT
etag: W/"6447a8fa-12d3b"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (3)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers