Report - tourmaline-sprinkles-1a4d33.netlify.app/#nfhi_pao

Report Overview

Visited public
2025-05-06 20:26:06
Tags
suspicious
URL
tourmaline-sprinkles-1a4d33.netlify.app/#nfhi_pao_dl@us.navy.mil
Finishing URL
tourmaline-sprinkles-1a4d33.netlify.app/#nfhi_pao_dl@us.navy.mil
IP / ASN
3.125.36.175
#16509 AMAZON-02
Title
tourmaline-sprinkles-1a4d33.netlify.app/#nfhi_pao_dl@us.navy.mil
Suspicious - Suspicious Javascript code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
webmail.linkwareint.com	unknown	unknown	No data	No data	532 B	5.9 kB	43.250.142.67
tourmaline-sprinkles-1a4d33.netlify.app	unknown	unknown	No data	No data	993 B	17 kB	3.75.10.80
ajax.googleapis.com	12905	unknown	No data	No data	468 B	89 kB	216.58.207.202

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-05-06 20:25:45	medium	Client IP	3.75.10.80	ET HUNTING Suspicious Netlify Hosted TLS SNI Request - Possible Phishing Landing

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-05-06	medium	tourmaline-sprinkles-1a4d33.netlify.app/#nfhi_pao_dl@us.navy.mil	Detects file containing Telegram Bot API

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Telegram Bot detected

URL
tourmaline-sprinkles-1a4d33.netlify.app/#nfhi_pao_dl@us.navy.mil
IP / ASN
3.75.10.80
#16509 AMAZON-02

Token
7211436495:AAH9lfXkdz7qhKeK_l20Q8OWgBnTNLX8tK8

Bot Overview
User ID 7211436495
Username zKingdomLogs_bot
First Name Adobe
Last Name
Chat Information
Chat ID 5832036061
Chat Type private
Title
User Count 2
Admins 0
Pending Messages 0

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js	ScriptElement	88 kB	2023-03-07	2025-06-18
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js IP 216.58.207.202 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-18 05:05 Times Seen70138 Hash 220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Loading...

	tourmaline-sprinkles-1a4d33.netlify.app/#nfhi_pao_dl@us.navy.mil	ScriptElement	9.0 kB	2025-05-06	2025-05-07
Pretty URL tourmaline-sprinkles-1a4d33.netlify.app/#nfhi_pao_dl@us.navy.mil IP 3.75.10.80 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-06 20:26 Last Seen2025-05-07 09:00 Times Seen2 Hash c229cd56abb02e433c1c3d84f75a49f7 e8dc33d6e3264bb554b1f12b0301c8ae8c9d1efc 33a6a1ff916b16048c9c778e59cfe7f5e76c8acf25f8c8067712da91df1ba28d Loading...

HTTP Transactions (4)

URL IP Response Size

webmail.linkwareint.com/cPanel_magic_revision_1658331961/unprotected/cpanel/images/webmail-logo.svg

43.250.142.67

200 OK

5.4 kB

URL GET
webmail.linkwareint.com/cPanel_magic_revision_1658331961/unprotected/cpanel/images/webmail-logo.svg
IP
43.250.142.67:443
ASN
#45638 SYNERGY WHOLESALE PTY LTD

Requested by
https://tourmaline-sprinkles-1a4d33.netlify.app/#nfhi_pao_dl@us.navy.mil
Certificate
IssuerLet's Encrypt
Subjectlinkwareint.com
FingerprintA1:E1:4E:D8:04:72:90:37:17:45:CE:9F:1B:55:B0:EC:FC:EB:EF:E6
ValidityWed, 19 Mar 2025 04:07:56 GMT - Tue, 17 Jun 2025 04:07:55 GMT

File type
SVG Scalable Vector Graphics image
Size
5.4 kB (5360 bytes)
Hash
bc0c956653325b9e694d4dd1dfb78020
e1196e4db68ed573355ade966152a084581b40ec
998cd48cdc0414f694d0a3a299dd2beb1134769d5666c7e5567e7d20b4174ef8

HTTP Headers

GET /cPanel_magic_revision_1658331961/unprotected/cpanel/images/webmail-logo.svg HTTP/1.1
Host: webmail.linkwareint.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tourmaline-sprinkles-1a4d33.netlify.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Wed, 20 Jul 2022 15:46:01 GMT
cache-control: max-age=5184000, public
expires: Sat, 05 Jul 2025 20:25:47 GMT
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-length: 2399
content-encoding: gzip
vary: Accept-Encoding
date: Tue, 06 May 2025 20:25:47 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

tourmaline-sprinkles-1a4d33.netlify.app/favicon.ico

3.75.10.80

404 Not Found

3.4 kB

URL GET
tourmaline-sprinkles-1a4d33.netlify.app/favicon.ico
IP
3.75.10.80:443
ASN
#16509 AMAZON-02

Requested by
https://tourmaline-sprinkles-1a4d33.netlify.app/#nfhi_pao_dl@us.navy.mil
Certificate
IssuerDigiCert Inc
Subject*.netlify.app
Fingerprint04:28:C9:A3:BC:06:50:9C:6B:0B:67:72:82:27:C6:3D:99:1B:5B:71
ValidityFri, 31 Jan 2025 00:00:00 GMT - Tue, 03 Mar 2026 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text
Size
3.4 kB (3449 bytes)
Hash
0f89e18d0abacb99149c5e59bf69b5e1
9e1ebb10be890c5855eec444233c028270d3e65a
8514f0009a58c6e0acb5468f88037732b59b70af5e524f452e3bef8fb33effc5

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: tourmaline-sprinkles-1a4d33.netlify.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tourmaline-sprinkles-1a4d33.netlify.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
age: 0
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; fwd=miss
content-encoding: br
content-type: text/html; charset=utf-8
date: Tue, 06 May 2025 20:25:46 GMT
etag: 1746541709-ssl-df
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-nf-request-id: 01JTKMD8P82HPJR1A5QTHHAE0W
X-Firefox-Spdy: h2

tourmaline-sprinkles-1a4d33.netlify.app/#nfhi_pao_dl@us.navy.mil

3.75.10.80

200 OK

13 kB

URL User Request GET
tourmaline-sprinkles-1a4d33.netlify.app/#nfhi_pao_dl@us.navy.mil
IP
3.75.10.80:443
ASN
#16509 AMAZON-02

Certificate
IssuerDigiCert Inc
Subject*.netlify.app
Fingerprint04:28:C9:A3:BC:06:50:9C:6B:0B:67:72:82:27:C6:3D:99:1B:5B:71
ValidityFri, 31 Jan 2025 00:00:00 GMT - Tue, 03 Mar 2026 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (323)
Size
13 kB (12734 bytes)
Hash
5c1a2328edffc0a7ee4ab22cd6cf4f78
d66a759a09b24476ecd01af91cc4e33ff9504bc2
425476ed81bb77959c1ddc2add1f1fc7a8dcec22eef43be4ca995b1565ad572b

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Suspicious Javascript code
YARAhub by abuse.ch	malware	Detects file containing Telegram Bot API

HTTP Headers

GET / HTTP/1.1
Host: tourmaline-sprinkles-1a4d33.netlify.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
age: 0
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; fwd=miss
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 06 May 2025 20:25:45 GMT
etag: "f62e2e46e03fe17f0a813ce27e35be9d-ssl-df"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-nf-request-id: 01JTKMD7RSQ6AQBD81S7WE6SVK
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js

216.58.207.202

200 OK

88 kB

URL GET
ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
216.58.207.202:443
ASN
#15169 GOOGLE

Requested by
https://tourmaline-sprinkles-1a4d33.netlify.app/#nfhi_pao_dl@us.navy.mil
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint06:13:4C:49:F4:23:BB:58:C3:31:41:0E:F9:E0:C5:EF:74:A9:0C:67
ValidityMon, 31 Mar 2025 08:55:35 GMT - Mon, 23 Jun 2025 08:55:34 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
88 kB (88145 bytes)
Hash
220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

HTTP Headers

GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tourmaline-sprinkles-1a4d33.netlify.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 May 2025 10:21:27 GMT
expires: Fri, 01 May 2026 10:21:27 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Mon, 13 May 2019 14:37:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 468259
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Telegram Bot detected

Token

Bot Overview

Chat Information

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (4)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers