Report - lp.funcool.biz/AR/download/1v8_exbb/index

Report Overview

Submitted URL
lp.funcool.biz/AR/download/1v8_exbb/index_v1.html
IP
54.230.111.51
ASN
#16509 AMAZON-02
Submitted
2023-05-29 12:57:47
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
lp.funcool.biz	unknown	2020-11-23	2022-02-28	2023-05-28	507 B	9.1 kB	54.230.111.29
ocsp.r2m02.amazontrust.com	unknown	2007-05-11	2022-10-12	2023-05-28	340 B	1.0 kB	54.230.80.227
avider-prestry.com	unknown	2021-01-20	2021-02-18	2023-05-27	964 B	826 B	3.64.244.172

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-05-29 12:57:29	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-05-29 12:57:29	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-05-29	medium	avider-prestry.com/click

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (4)

URL IP Response Size

ocsp.r2m02.amazontrust.com/

54.230.80.227

471 B

URL
ocsp.r2m02.amazontrust.com/
IP
54.230.80.227:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
8c46987fa8110531caa3a1beba7a3aba
d85b210ef6a3a4cd10ba937172650d12a85e7bbd
b42e178ee50284736f4c1c974690f7a268f44d9fcd7d9047a0b2dab6c60ec310

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Mon, 29 May 2023 12:57:29 GMT
Etag: "6473a656-1d7"
Expires: Mon, 29 May 2023 14:57:29 GMT
Last-Modified: Sun, 28 May 2023 19:07:02 GMT
Server: ECAcc (dcb/7EDB)
X-Cache: Miss from cloudfront
Via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: HBKeB47RMCA5kEy6JnqZ6rWmRm4eemjyKB9wUmJdDMDo-hvXRh3TCA==
Age: 5737

avider-prestry.com/click

3.64.244.172

400 Bad Request

152 B

URL User Request GET HTTP/2
avider-prestry.com/click
IP
3.64.244.172:443
ASN
#16509 AMAZON-02

Certificate
IssuerSectigo Limited
Subjectavider-prestry.com
Fingerprint98:1B:20:B1:32:95:88:57:25:F0:47:46:8B:34:C6:B2:9F:FE:AB:D1
ValidityTue, 04 Apr 2023 00:00:00 GMT - Sat, 04 May 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Size
152 B (152 bytes)
Hash
d9bacc468aa23334526933389545e120
e26288b4bada404ce340ca72989f9f1193dc649c
0605685efb44dd3decd77517436c575731b61f807247587de67080c579ffa2d4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /click HTTP/1.1
Host: avider-prestry.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lp.funcool.biz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 400 Bad Request
server: nginx
date: Mon, 29 May 2023 12:57:37 GMT
content-type: text/html
content-length: 152
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
X-Firefox-Spdy: h2

avider-prestry.com/favicon.ico

3.64.244.172

400 Bad Request

150 B

URL GET HTTP/2
avider-prestry.com/favicon.ico
IP
3.64.244.172:443
ASN
#16509 AMAZON-02

Requested by
https://avider-prestry.com/click
Certificate
IssuerSectigo Limited
Subjectavider-prestry.com
Fingerprint98:1B:20:B1:32:95:88:57:25:F0:47:46:8B:34:C6:B2:9F:FE:AB:D1
ValidityTue, 04 Apr 2023 00:00:00 GMT - Sat, 04 May 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
150 B (150 bytes)
Hash
7f077f1fce3d566040b0d69eb1f27d8f
28d9c5f6b214c5cdbe7f7e55d6ed5e82080dea01
487ad0d2cf075f4328a1adf57ef428759ad4e2c873a8ebd2ad9653990829c9cf

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: avider-prestry.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://avider-prestry.com/click
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 400 Bad Request
server: nginx
date: Mon, 29 May 2023 12:57:37 GMT
content-type: text/html
content-length: 150
cache-control: no-store, no-cache, pre-check=0, post-check=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Firefox-Spdy: h2

lp.funcool.biz/AR/download/1v8_exbb/index_v1.html

54.230.111.29

200 OK

8.5 kB

URL User Request GET HTTP/2
lp.funcool.biz/AR/download/1v8_exbb/index_v1.html
IP
54.230.111.29:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subjectlp.funcool.biz
Fingerprint4A:35:B6:44:86:32:9F:E4:FC:84:D8:93:2C:58:D3:5E:A9:24:86:B6
ValidityTue, 09 May 2023 00:00:00 GMT - Thu, 06 Jun 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8629), with no line terminators
Size
8.5 kB (8546 bytes)
Hash
fa27efa01445e7b1d8b62bc20b3eaf5c
0dd41e81f905c101af7afb7dde1bf20c9d76839a
74806af90e0533af271a218456660e153075d08671f1b0c48e6f4175abc95a67

HTTP Headers

GET /AR/download/1v8_exbb/index_v1.html HTTP/1.1
Host: lp.funcool.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
last-modified: Sun, 27 Nov 2022 07:50:21 GMT
x-amz-version-id: c3MiT.nWBL3zUYzwDymvdVONi7.vUa0N
server: AmazonS3
content-encoding: br
date: Mon, 29 May 2023 12:57:30 GMT
etag: W/"2bb75e32cfb86b470c38042d2efd58f4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: r-KKp4zjB6tTpNZ2TrxH0buX-C2pK39xRoV6xGL-j2WXQQZHEhyPdg==
age: 84323
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (4)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers