Report - giuliadomna.com.br/public/update/fbc14382bad4b1cbf799b493ba355a47/mpp/

Report Overview

URL

giuliadomna.com.br/public/update/fbc14382bad4b1cbf799b493ba355a47/mpp/
IP

54.84.55.102

ASN

#14618 AMAZON-AES
Submitted

2023-06-09T06:36:24Z

Access

public
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

4
Threat Detection Systems

0

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
cdn.widde.io (7)	unknown	2021-08-09 16:19:59	2023-06-05 04:29:23	3103	74536	151.101.1.195
l2.io (1)	163527	2015-06-25 03:31:26	2023-06-07 16:52:52	405	226	195.80.159.133
www.google.com (1)	7	2015-05-10 13:11:19	2023-06-06 13:54:15	452	15520	142.250.74.132
www.giuliadomna.com.br (1)	unknown	2015-06-18 10:10:28	2023-06-02 11:09:07	275	369	212.102.54.14
www.youtube.com (2)	90	2013-04-13 09:43:20	2023-06-08 18:12:15	865	204008	142.250.74.110
pixel.bridge.dooca.store (2)	unknown	2022-07-01 23:42:59	2023-06-03 05:28:11	1111	32070	167.71.167.48
static.cloudflareinsights.com (1)	1294	2019-09-24 16:34:56	2023-06-08 18:12:51	500	54816	104.16.57.101
jnn-pa.googleapis.com (4)	2640	2021-11-16 07:12:21	2023-06-08 18:12:21	2544	33858	142.250.74.138
yt3.ggpht.com (1)	203	2014-01-15 17:55:17	2023-06-08 18:12:05	535	2136	142.250.74.161
ocsp.sectigo.com (2)	487	2019-11-29 12:50:24	2023-06-08 19:26:13	660	1928	104.18.14.101
giuliadomna.com.br (2)	unknown	2015-06-14 12:52:23	2023-06-02 11:09:28	713	648	54.84.55.102
www.googletagmanager.com (6)	75	2013-05-22 04:07:37	2023-06-08 19:16:18	2666	917420	142.250.74.136
fonts.googleapis.com (8)	8877	2013-06-10 22:14:26	2023-06-08 19:03:07	3690	91875	142.250.74.138
api.woxo.tech (2)	409677	2020-12-18 12:43:54	2023-06-06 18:32:47	964	74146	172.67.68.179
widgets.woxo.tech (5)	335140	2020-11-01 04:47:44	2023-06-06 18:32:46	2689	46756	172.67.68.179
www.youtube-nocookie.com (12)	3123	2012-05-31 08:37:10	2023-06-08 18:19:56	7574	1026358	142.250.74.110
i.ytimg.com (1)	109	2012-10-03 19:11:04	2023-06-08 19:35:16	557	2492	216.58.211.22
integration-hub.mailclick.me (3)	611742	2019-05-11 00:20:33	2023-06-05 18:25:29	1411	308508	134.209.166.158
ocsp.pki.goog (23)	175	2018-07-01 08:43:07	2023-06-08 18:12:03	7673	16094	142.250.74.3
fonts.gstatic.com (9)	unknown	2014-09-09 02:40:21	2023-06-08 19:27:31	5016	250651	142.250.74.35
assets.dooca.store (7)	547096	2019-11-26 11:55:08	2023-06-08 19:23:10	3347	78855	212.102.54.14
w7schools.store (1)	unknown	2022-06-30 02:42:29	2023-06-02 11:09:51	426	89243	188.114.97.1
cdn.dooca.store (32)	651241	2019-06-10 21:59:08	2023-06-08 19:23:10	15458	5378372	179.191.181.65
d3eq1zq78ux3cv.cloudfront.net (4)	unknown	2022-11-22 21:55:04	2023-06-02 11:09:51	1834	63633	54.230.245.107
storage.googleapis.com (2)	420	2012-08-06 08:33:30	2023-06-08 19:38:36	1147	160993	142.250.74.176
ciscobinary.openh264.org (1)	40822	2014-10-07 07:43:56	2023-06-08 08:57:31	295	512301	62.115.252.115
media-cache.woxo.tech (4)	742041	2021-02-27 11:00:38	2023-06-06 18:32:49	2344	46467	172.67.68.179
aus5.mozilla.org (1)	2548	2015-10-27 08:06:24	2023-06-08 18:14:56	513	1209	35.244.181.201
firefox-settings-attachments.cdn.mozilla.net (541)	11509	2019-11-30 10:32:57	2023-06-08 16:37:16	229865	11321450	34.117.121.53
cdn2.woxo.tech (3)	369517	2020-12-18 12:43:52	2023-06-06 18:32:43	1200	350941	172.67.68.179
api-admin-master-vxy3uus6va-rj.a.run.app (1)	unknown	2023-06-02 11:09:24	2023-06-02 11:09:51	586	494	216.239.36.53
cdn-ui.woxo.tech (2)	591818	2021-03-14 16:45:59	2023-06-06 18:32:47	888	328686	172.67.68.179
ajax.googleapis.com (1)	12905	2013-08-16 11:51:31	2023-06-08 19:58:30	439	31752	142.250.74.106
dxyxft75r9rwr.cloudfront.net (1)	unknown	2023-03-25 00:46:34	2023-06-05 18:25:50	479	31695	54.230.245.50
api-video-master-vxy3uus6va-rj.a.run.app (2)	unknown	No data	No data	1233	893	216.239.36.53

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-06-09T06:35:54Z	medium	Client IP	54.84.55.102	ET PHISHING Common /mpp/ Phishing URI Structure 2016-02-08
2023-06-09T06:35:56Z	medium	Client IP	Internal IP	ET POLICY Observed IP Lookup Domain (l2 .io in DNS Lookup)
2023-06-09T06:35:56Z	medium	Client IP	Internal IP	ET POLICY Observed IP Lookup Domain (l2 .io in DNS Lookup)
2023-06-09T06:35:56Z	medium	Client IP	195.80.159.133	ET POLICY Observed IP Lookup Domain (l2 .io in TLS SNI)

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL

ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
IP

62.115.252.115
ASN

#1299 Telia Company AB

File type

Zip archive data, at least v2.0 to extract, compression method=deflate\012- data

Size

511815
Hash

152eda253e242e18443ef3282495bc7c

ff0fa85565f21ec4931baad4573b4c0bd08c4019

8e03090fee16f6e0ee2e436af8e51d0c3deed6d9f0db80dec048e668fc009a48

Detections

Analyzer	Verdict	Alert
VirusTotal	0/60	VirusTotal -

HTTP Transactions (696)

URL IP Response Size

giuliadomna.com.br/

54.84.55.102

URL

giuliadomna.com.br/
IP

54.84.55.102:0
ASN

#14618 AMAZON-AES

Magic

ASCII text, with no line terminators

Size

52
Hash

68b45a8f14dfdab146d0bb440a81c6e3

22f0a70edaf60327aea4ce1978b9ae7b45476a67

f2ff13e8c9f07cd9c227034c638c6885a7f709fbf771e3eed2bf785e2162a2de

HTTP Headers

                                        GET / HTTP/1.1
Host: giuliadomna.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 302 Found
X-Powered-By: Express
Location: http://www.giuliadomna.com.br/
Vary: Accept
Content-Type: text/plain; charset=utf-8
Content-Length: 52
Date: Fri, 09 Jun 2023 06:35:54 GMT
Connection: keep-alive
Keep-Alive: timeout=120

www.giuliadomna.com.br/

212.102.54.14

200 OK

162

URL User Request GET HTTP/2

www.giuliadomna.com.br/
IP

212.102.54.14:443
ASN

#60068 Datacamp Limited

Certificate

IssuerLet's Encrypt

Subjectwww.giuliadomna.com.br

Fingerprint74:BA:0D:34:0A:A5:C9:89:7C:E9:A3:8A:5C:92:9D:26:3B:1B:22:2E

ValidityWed, 24 May 2023 15:07:14 GMT - Tue, 22 Aug 2023 15:07:13 GMT

Magic

HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators

Size

162
Hash

4f8e702cc244ec5d4de32740c0ecbd97

3adb1f02d5b6054de0046e367c1d687b6cdf7aff

9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

                                        GET / HTTP/1.1
Host: www.giuliadomna.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 301 Moved Permanently
Server: azion webserver
Date: Fri, 09 Jun 2023 06:35:54 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.giuliadomna.com.br/

giuliadomna.com.br/public/update/fbc14382bad4b1cbf799b493ba355a47/mpp/

54.84.55.102

104

URL User Request GET

giuliadomna.com.br/public/update/fbc14382bad4b1cbf799b493ba355a47/mpp/
IP

54.84.55.102:0
ASN

#14618 AMAZON-AES

Magic

HTML document, ASCII text, with no line terminators

Size

104
Hash

d838d9f96b5ce30a970ab0c9350ccf2e

dff9e04d35d7e8d3ed24870f1766a58a7b9b86fb

d570b6fd91d4de4c429de397aed5d9cb786c257d98888742ef9b5a09b6cc4bd6

Detections

NIDS	Severity	Alert
suricata	medium	ET PHISHING Common /mpp/ Phishing URI Structure 2016-02-08

HTTP Headers

                                        GET /public/update/fbc14382bad4b1cbf799b493ba355a47/mpp/ HTTP/1.1
Host: giuliadomna.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 302 Found
X-Powered-By: Express
Location: http://www.giuliadomna.com.br/
Vary: Accept
Content-Type: text/html; charset=utf-8
Content-Length: 104
Date: Fri, 09 Jun 2023 06:35:55 GMT
Connection: keep-alive
Keep-Alive: timeout=120

ocsp.pki.goog/gts1c3

142.250.74.3

471

URL

ocsp.pki.goog/gts1c3
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

df893f12f5cf31daedf4910ffcc872c8

bbd271b0e76cd11d6a00327914b74882c95655fb

134d16adfc51baecc40c9fba86cc6c2d37b489435c99878912d1948543a0337b

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Jun 2023 06:35:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

471

URL

ocsp.pki.goog/gts1c3
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

df893f12f5cf31daedf4910ffcc872c8

bbd271b0e76cd11d6a00327914b74882c95655fb

134d16adfc51baecc40c9fba86cc6c2d37b489435c99878912d1948543a0337b

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Jun 2023 06:35:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

471

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (209)

#1 JS:Script (size: 2190)

#2 JS:Script (size: 260)

#3 JS:Script (size: 200755)

#4 JS:Script (size: 725)

#5 JS:Script (size: 18408)

#6 JS:Script (size: 24771)

#7 JS:Script (size: 118833)

#8 JS:Script (size: 377)

#9 JS:Script (size: 2564)

#10 JS:Script (size: 144)

#11 JS:Script (size: 810)

#12 JS:Script (size: 1105)

#13 JS:Script (size: 177293)

#14 JS:Script (size: 1887)

#15 JS:Script (size: 3893)

#16 JS:Script (size: 9617)

#17 JS:Script (size: 260)

#18 JS:Script (size: 415)

#19 JS:Script (size: 152438)

#20 JS:Script (size: 134)

#21 JS:Script (size: 313339)

#22 JS:Script (size: 1231)

#23 JS:Script (size: 1992)

#24 JS:Script (size: 1659)

#25 JS:Script (size: 19927)

#26 JS:Script (size: 11252)

#27 JS:Script (size: 10960)

#28 JS:Script (size: 4691)

#29 JS:Script (size: 293)

#30 JS:Script (size: 1231)

#31 JS:Script (size: 66)

#32 JS:Script (size: 3862)

#33 JS:Script (size: 5762)

#34 JS:Script (size: 147)

#35 JS:Script (size: 1483)

#36 JS:Script (size: 1231)

#37 JS:Script (size: 65398)

#38 JS:Script (size: 161573)

#39 JS:Script (size: 38290)

#40 JS:Script (size: 29173)

#41 JS:Script (size: 75)

#42 JS:Script (size: 260234)

#43 JS:Script (size: 2383576)

#44 JS:Script (size: 1231)

#45 JS:Script (size: 10167)

#46 JS:Script (size: 191783)

#47 JS:Script (size: 122951)

#48 JS:Script (size: 130)