Report - salalocura.com/ota/auth/ofvso1/QnJpZ2l0dGUuQ29sbGFyZEBzZXZlbnNlYXN3b3JsZHdpZGUuY29t

Report Overview

Submitted URL
salalocura.com/ota/auth/ofvso1/QnJpZ2l0dGUuQ29sbGFyZEBzZXZlbnNlYXN3b3JsZHdpZGUuY29t
IP
185.129.249.99
ASN
#50926 Axarnet Comunicaciones, S.l.
Submitted
2023-06-09 10:54:23
Access
public
Website Title
Final URL
Tags
phishing microsoft outlook
urlquery detections
Phishing - Microsoft Outlook

Detections

urlquery
2
Network Intrusion Detection
3
Threat Detection Systems
12

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
salalocura.com	unknown	2018-05-22	2018-11-04	2023-06-08	539 B	338 B	185.129.249.99
bafybeifhurawobeypv2ww72kjyh33jrfcaoy3bb5y36t6tqsu24ya7xq24.ipfs.dweb.link	unknown	2017-02-24	2023-06-08	2023-06-08	1.7 kB	2.0 kB	209.94.90.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-06-09 10:54:04	low	Client IP	Internal IP	ET HUNTING IPFS Gateway Domain in DNS Lookup (ipfs .dweb .link)
2023-06-09 10:54:04	low	Client IP	Internal IP	ET HUNTING IPFS Gateway Domain in DNS Lookup (ipfs .dweb .link)
2023-06-09 10:54:04	low	Client IP	209.94.90.1	ET HUNTING Observed IPFS Gateway Domain (ipfs .dweb .link) in TLS SNI

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator
2023-06-08	medium	salalocura.com/ota/auth/ofvso1/QnJpZ2l0dGUuQ29sbGFyZEBzZXZlbnNlYXN3b3JsZHdpZGUuY29t
2023-06-08	medium	bafybeifhurawobeypv2ww72kjyh33jrfcaoy3bb5y36t6tqsu24ya7xq24.ipfs.dweb.link/index-ss.html
2023-06-08	medium	bafybeifhurawobeypv2ww72kjyh33jrfcaoy3bb5y36t6tqsu24ya7xq24.ipfs.dweb.link/index-ss.html

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator
2023-06-09	medium	bafybeifhurawobeypv2ww72kjyh33jrfcaoy3bb5y36t6tqsu24ya7xq24.ipfs.dweb.link
2023-06-09	medium	bafybeifhurawobeypv2ww72kjyh33jrfcaoy3bb5y36t6tqsu24ya7xq24.ipfs.dweb.link
2023-06-09	medium	bafybeifhurawobeypv2ww72kjyh33jrfcaoy3bb5y36t6tqsu24ya7xq24.ipfs.dweb.link

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (4)

URL IP Response Size

salalocura.com/ota/auth/ofvso1/QnJpZ2l0dGUuQ29sbGFyZEBzZXZlbnNlYXN3b3JsZHdpZGUuY29t

185.129.249.99

0 B

URL
salalocura.com/ota/auth/ofvso1/QnJpZ2l0dGUuQ29sbGFyZEBzZXZlbnNlYXN3b3JsZHdpZGUuY29t
IP
185.129.249.99:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook
openphish	Office365

HTTP Headers

GET /ota/auth/ofvso1/QnJpZ2l0dGUuQ29sbGFyZEBzZXZlbnNlYXN3b3JsZHdpZGUuY29t HTTP/1.1
Host: salalocura.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 09 Jun 2023 10:54:04 GMT
Server: Apache
refresh: 0;url=https://bafybeifhurawobeypv2ww72kjyh33jrfcaoy3bb5y36t6tqsu24ya7xq24.ipfs.dweb.link/index-ss.html#Brigitte.Collard@sevenseasworldwide.com
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

bafybeifhurawobeypv2ww72kjyh33jrfcaoy3bb5y36t6tqsu24ya7xq24.ipfs.dweb.link/index-ss.html

209.94.90.1

140 B

URL
bafybeifhurawobeypv2ww72kjyh33jrfcaoy3bb5y36t6tqsu24ya7xq24.ipfs.dweb.link/index-ss.html
IP
209.94.90.1:0
ASN
#40680 PROTOCOL

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
140 B (140 bytes)
Hash
ea8eef7d26ecc45b6a56c5ecdb494d42
fd621efeb3a6649e0a7ed0a178fa51be3d5d7e1e
1af29706d2a6b604a0e552114f17bb1789014da70e98d6cf05af542bafaca04f

Detections

Analyzer	Verdict	Alert
openphish	Office365
quad9	Sinkholed

HTTP Headers

GET /index-ss.html HTTP/1.1
Host: bafybeifhurawobeypv2ww72kjyh33jrfcaoy3bb5y36t6tqsu24ya7xq24.ipfs.dweb.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 410 Gone
server: openresty
date: Fri, 09 Jun 2023 10:54:05 GMT
content-type: text/html
content-length: 140
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
access-control-expose-headers: Content-Range, X-Chunked-Output, X-Stream-Output
x-ipfs-lb-pop: gateway-bank2-fr2
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2

bafybeifhurawobeypv2ww72kjyh33jrfcaoy3bb5y36t6tqsu24ya7xq24.ipfs.dweb.link/favicon.ico

209.94.90.1

410 Gone

140 B

URL GET HTTP/2
bafybeifhurawobeypv2ww72kjyh33jrfcaoy3bb5y36t6tqsu24ya7xq24.ipfs.dweb.link/favicon.ico
IP
209.94.90.1:443
ASN
#40680 PROTOCOL

Requested by
https://bafybeifhurawobeypv2ww72kjyh33jrfcaoy3bb5y36t6tqsu24ya7xq24.ipfs.dweb.link/index-ss.html#Brigitte.Collard@sevenseasworldwide.com
Certificate
IssuerLet's Encrypt
Subject*.i.ipfs.io
FingerprintDF:57:ED:7D:45:D6:8D:9D:25:3C:13:85:2E:51:0D:AD:64:B8:E5:84
ValidityMon, 27 Mar 2023 17:15:30 GMT - Sun, 25 Jun 2023 17:15:29 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
140 B (140 bytes)
Hash
ea8eef7d26ecc45b6a56c5ecdb494d42
fd621efeb3a6649e0a7ed0a178fa51be3d5d7e1e
1af29706d2a6b604a0e552114f17bb1789014da70e98d6cf05af542bafaca04f

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: bafybeifhurawobeypv2ww72kjyh33jrfcaoy3bb5y36t6tqsu24ya7xq24.ipfs.dweb.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bafybeifhurawobeypv2ww72kjyh33jrfcaoy3bb5y36t6tqsu24ya7xq24.ipfs.dweb.link/index-ss.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 410 Gone
server: openresty
date: Fri, 09 Jun 2023 10:54:05 GMT
content-type: text/html
content-length: 140
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
access-control-expose-headers: Content-Range, X-Chunked-Output, X-Stream-Output
x-ipfs-lb-pop: gateway-bank2-fr2
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2

bafybeifhurawobeypv2ww72kjyh33jrfcaoy3bb5y36t6tqsu24ya7xq24.ipfs.dweb.link/index-ss.html

209.94.90.1

410 Gone

140 B

URL User Request GET HTTP/2
bafybeifhurawobeypv2ww72kjyh33jrfcaoy3bb5y36t6tqsu24ya7xq24.ipfs.dweb.link/index-ss.html
IP
209.94.90.1:443
ASN
#40680 PROTOCOL

Certificate
IssuerLet's Encrypt
Subject*.i.ipfs.io
FingerprintDF:57:ED:7D:45:D6:8D:9D:25:3C:13:85:2E:51:0D:AD:64:B8:E5:84
ValidityMon, 27 Mar 2023 17:15:30 GMT - Sun, 25 Jun 2023 17:15:29 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Size
140 B (140 bytes)
Hash
a06a665ed5fbc4cee1f63ec2d5435dc3
7d9c6c15a451519c5739abd364d282f65621f519
8e2b72581eaa02ec41d4abe3225d1cfd623d4b65badd70246dfc38d1bba71d1e

Detections

Analyzer	Verdict	Alert
openphish	Office365
quad9	Sinkholed

HTTP Headers

GET /index-ss.html HTTP/1.1
Host: bafybeifhurawobeypv2ww72kjyh33jrfcaoy3bb5y36t6tqsu24ya7xq24.ipfs.dweb.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 410 Gone
server: openresty
date: Fri, 09 Jun 2023 10:54:05 GMT
content-type: text/html
content-length: 140
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
access-control-expose-headers: Content-Range, X-Chunked-Output, X-Stream-Output
x-ipfs-lb-pop: gateway-bank2-fr2
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (4)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers