Report - plu.sh/xm7kd

Report Overview

Visitedpublic

2023-08-31 01:46:30

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.sectigo.com	487	2018-08-16	2019-11-29 12:50:24	2023-08-30 06:04:24	330 B	964 B	104.18.14.101
plu.sh	unknown	2016-10-24	2017-06-12 17:30:12	2023-08-10 12:47:04	468 B	326 B	198.187.29.19
storage.web3ph.dev	unknown	2022-11-02	2023-07-18 15:42:15	2023-08-30 03:04:08	540 B	160 kB	89.233.105.52

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-08-30	medium	plu.sh/xm7kd	Naver
2023-08-29	medium	storage.web3ph.dev/ipfs/bafybeic7ojcsxql7flts2rgusi7ealwr537caajldzmqzakvhpqmoyfrdi/	Naver

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (3)

URL IP Response Size

ocsp.sectigo.com/

104.18.14.101

472 B

URL

ocsp.sectigo.com/

IP / ASN

104.18.14.101

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typedata

First Seen2023-08-31

Last Seen2023-09-01

Times Seen2

Size472 B (472 bytes)

MD558e0cf0ef2b96c4ce0cd1e63fdb4a9c4

SHA191ddf34e991e34af062452e76c17e0c2d0da61b0

SHA25694b18ad786dd53d9b25e41e13440dd9498a7d577348ba75d1b7791f93853d31b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 31 Aug 2023 01:46:14 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 30 Aug 2023 18:44:36 GMT
Expires: Wed, 06 Sep 2023 18:44:35 GMT
Etag: "91ddf34e991e34af062452e76c17e0c2d0da61b0"
Cache-Control: max-age=578900,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ff1993d9a15b509-OSL

GET plu.sh/xm7kd

198.187.29.19

301 Moved Permanently

0 B

URL

plu.sh/xm7kd

IP / ASN

198.187.29.19

#22612 NAMECHEAP-NET

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605965

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerSectigo Limited

Subjectplu.sh

FingerprintF3:5F:F1:D9:89:D0:99:23:5C:24:1A:4B:99:D0:2A:ED:F3:F3:A7:74

ValiditySat, 20 May 2023 00:00:00 GMT - Wed, 22 May 2024 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Naver

HTTP Headers

GET /xm7kd HTTP/1.1
Host: plu.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
x-powered-by: PHP/7.0.33
location: https://storage.web3ph.dev/ipfs/bafybeic7ojcsxql7flts2rgusi7ealwr537caajldzmqzakvhpqmoyfrdi/
content-type: text/html; charset=UTF-8
content-length: 0
date: Thu, 31 Aug 2023 01:46:14 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

GET storage.web3ph.dev/ipfs/bafybeic7ojcsxql7flts2rgusi7ealwr537caajldzmqzakvhpqmoyfrdi/

89.233.105.52

200 OK

160 kB

URL

storage.web3ph.dev/ipfs/bafybeic7ojcsxql7flts2rgusi7ealwr537caajldzmqzakvhpqmoyfrdi/

IP / ASN

89.233.105.52

#29802 HVC-AS

Requested byN/A

Resource Info

File typeHTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (64652), with CRLF line terminators

First Seen2023-08-30

Last Seen2023-08-31

Times Seen2

Size160 kB (160094 bytes)

MD5f66fbd48c626f1ba998a44449407fd51

SHA1b9b907774f298d48cce780eab95cc9f3a77b2905

SHA2562c1b3b47de24086ddd61153f4bf4b6dbe91d770a8e9e926d035d0ac0c0e06fc5

Certificate Info

IssuerLet's Encrypt

Subjectstorage.web3ph.dev

Fingerprint40:BB:35:3F:F3:D2:E8:09:8E:10:26:EB:E8:6E:D9:FF:FC:90:C8:7A

ValidityTue, 18 Jul 2023 12:41:50 GMT - Mon, 16 Oct 2023 12:41:49 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Naver

HTTP Headers

GET /ipfs/bafybeic7ojcsxql7flts2rgusi7ealwr537caajldzmqzakvhpqmoyfrdi/ HTTP/1.1
Host: storage.web3ph.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 31 Aug 2023 01:46:15 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Origin
Content-Encoding: gzip