Report - news.aegmedia.com.br/wp-admin/fox/bo/auth/jgerxse/3mail@slurpmail.net

Report Overview

URL

news.aegmedia.com.br/wp-admin/fox/bo/auth/jgerxse/3mail@slurpmail.net
IP

192.185.212.26

ASN

#46606 UNIFIEDLAYER-AS-1
Submitted

2023-06-09T12:06:23Z

Access

public
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

3
Threat Detection Systems

3

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
news.aegmedia.com.br (1)	unknown	2023-06-08 10:07:11	2023-06-09 13:24:33	525	280	192.185.212.26
bafybeihmdn76qplqk653xr4ct6j76aj3qdcm7fv76z3ezmm4go2semdl5i.ipfs.dweb.link (3)	unknown	2023-06-09 02:25:20	2023-06-09 13:26:04	1660	1964	209.94.90.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-06-09T12:06:06Z	low	Client IP	Internal IP	ET HUNTING IPFS Gateway Domain in DNS Lookup (ipfs .dweb .link)
2023-06-09T12:06:06Z	low	Client IP	Internal IP	ET HUNTING IPFS Gateway Domain in DNS Lookup (ipfs .dweb .link)
2023-06-09T12:06:06Z	low	Client IP	209.94.90.1	ET HUNTING Observed IPFS Gateway Domain (ipfs .dweb .link) in TLS SNI

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator
2023-06-09	medium	bafybeihmdn76qplqk653xr4ct6j76aj3qdcm7fv76z3ezmm4go2semdl5i.ipfs.dweb.link
2023-06-09	medium	bafybeihmdn76qplqk653xr4ct6j76aj3qdcm7fv76z3ezmm4go2semdl5i.ipfs.dweb.link
2023-06-09	medium	bafybeihmdn76qplqk653xr4ct6j76aj3qdcm7fv76z3ezmm4go2semdl5i.ipfs.dweb.link

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (4)

URL IP Response Size

news.aegmedia.com.br/wp-admin/fox/bo/auth/jgerxse/3mail@slurpmail.net

192.185.212.26

URL

news.aegmedia.com.br/wp-admin/fox/bo/auth/jgerxse/3mail@slurpmail.net
IP

192.185.212.26:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /wp-admin/fox/bo/auth/jgerxse/3mail@slurpmail.net HTTP/1.1
Host: news.aegmedia.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
refresh: 0;url=https://bafybeihmdn76qplqk653xr4ct6j76aj3qdcm7fv76z3ezmm4go2semdl5i.ipfs.dweb.link/index-ss.html#3mail@slurpmail.net
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 09 Jun 2023 12:06:06 GMT
server: Apache
X-Firefox-Spdy: h2

bafybeihmdn76qplqk653xr4ct6j76aj3qdcm7fv76z3ezmm4go2semdl5i.ipfs.dweb.link/index-ss.html

209.94.90.1

140

URL

bafybeihmdn76qplqk653xr4ct6j76aj3qdcm7fv76z3ezmm4go2semdl5i.ipfs.dweb.link/index-ss.html
IP

209.94.90.1:0
ASN

#40680 PROTOCOL

Magic

HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators

Size

140
Hash

ea8eef7d26ecc45b6a56c5ecdb494d42

fd621efeb3a6649e0a7ed0a178fa51be3d5d7e1e

1af29706d2a6b604a0e552114f17bb1789014da70e98d6cf05af542bafaca04f

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /index-ss.html HTTP/1.1
Host: bafybeihmdn76qplqk653xr4ct6j76aj3qdcm7fv76z3ezmm4go2semdl5i.ipfs.dweb.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 410 Gone
server: openresty
date: Fri, 09 Jun 2023 12:06:07 GMT
content-type: text/html
content-length: 140
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
access-control-expose-headers: Content-Range, X-Chunked-Output, X-Stream-Output
x-ipfs-lb-pop: gateway-bank2-fr2
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2

bafybeihmdn76qplqk653xr4ct6j76aj3qdcm7fv76z3ezmm4go2semdl5i.ipfs.dweb.link/favicon.ico

209.94.90.1

410 Gone

140

URL GET HTTP/2

bafybeihmdn76qplqk653xr4ct6j76aj3qdcm7fv76z3ezmm4go2semdl5i.ipfs.dweb.link/favicon.ico
IP

209.94.90.1:443
ASN

#40680 PROTOCOL

Requested by

https://bafybeihmdn76qplqk653xr4ct6j76aj3qdcm7fv76z3ezmm4go2semdl5i.ipfs.dweb.link/index-ss.html#3mail@slurpmail.net
Certificate

IssuerLet's Encrypt

Subject*.i.ipfs.io

FingerprintDF:57:ED:7D:45:D6:8D:9D:25:3C:13:85:2E:51:0D:AD:64:B8:E5:84

ValidityMon, 27 Mar 2023 17:15:30 GMT - Sun, 25 Jun 2023 17:15:29 GMT

Magic

HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators

Size

140
Hash

ea8eef7d26ecc45b6a56c5ecdb494d42

fd621efeb3a6649e0a7ed0a178fa51be3d5d7e1e

1af29706d2a6b604a0e552114f17bb1789014da70e98d6cf05af542bafaca04f

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /favicon.ico HTTP/1.1
Host: bafybeihmdn76qplqk653xr4ct6j76aj3qdcm7fv76z3ezmm4go2semdl5i.ipfs.dweb.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bafybeihmdn76qplqk653xr4ct6j76aj3qdcm7fv76z3ezmm4go2semdl5i.ipfs.dweb.link/index-ss.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 410 Gone
server: openresty
date: Fri, 09 Jun 2023 12:06:07 GMT
content-type: text/html
content-length: 140
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
access-control-expose-headers: Content-Range, X-Chunked-Output, X-Stream-Output
x-ipfs-lb-pop: gateway-bank2-fr2
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2

bafybeihmdn76qplqk653xr4ct6j76aj3qdcm7fv76z3ezmm4go2semdl5i.ipfs.dweb.link/index-ss.html

209.94.90.1

410 Gone

140

URL User Request GET HTTP/2

bafybeihmdn76qplqk653xr4ct6j76aj3qdcm7fv76z3ezmm4go2semdl5i.ipfs.dweb.link/index-ss.html
IP

209.94.90.1:443
ASN

#40680 PROTOCOL

Certificate

IssuerLet's Encrypt

Subject*.i.ipfs.io

FingerprintDF:57:ED:7D:45:D6:8D:9D:25:3C:13:85:2E:51:0D:AD:64:B8:E5:84

ValidityMon, 27 Mar 2023 17:15:30 GMT - Sun, 25 Jun 2023 17:15:29 GMT

Magic

HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators

Size

140
Hash

a06a665ed5fbc4cee1f63ec2d5435dc3

7d9c6c15a451519c5739abd364d282f65621f519

8e2b72581eaa02ec41d4abe3225d1cfd623d4b65badd70246dfc38d1bba71d1e

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /index-ss.html HTTP/1.1
Host: bafybeihmdn76qplqk653xr4ct6j76aj3qdcm7fv76z3ezmm4go2semdl5i.ipfs.dweb.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 410 Gone
server: openresty
date: Fri, 09 Jun 2023 12:06:07 GMT
content-type: text/html
content-length: 140
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
access-control-expose-headers: Content-Range, X-Chunked-Output, X-Stream-Output
x-ipfs-lb-pop: gateway-bank2-fr2
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (4)

URL

IP

ASN

Magic

Size

Hash

HTTP Headers

URL

IP

ASN

Magic

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

Magic

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

Magic

Size

Hash

Detections

HTTP Headers