ctt

1. Email Analysis Report
2. Email: ctt-expresso@vps73019.inmotionhosting.com
3. Reputation: unknown
4. Suspicious: yes
5.  
6. message: Falha ao entregar sua remessa (PT15****239)
7.  
8. type: spam/phishing
9.  
10. link: https://mesterdramaislandpcr3.blogspot.com/
11.  
12. Submitted URL: https://mesterdramaislandpcr3.blogspot.com/
13. Effective URL: https://saloniranighady.com/Pt/Expresso/Codigo_de_envio=PT15****239-185.232.23.185/Home/Metodo_de_pagamento.php
14.  
15.  
16. 2 172.217.17.1
17. 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany) 1 redirects
18. ASN15169 (GOOGLE, US)
19. mesterdramaislandpcr3.blogspot.com
20. 1 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)
21. ASN15169 (GOOGLE, US)
22. www.gstatic.com
23. 1 92.205.15.224 (Strasbourg, France)
24. ASN21499 (GODADDY-SXB, DE)
25. PTR: ip-92-205-15-224.ip.secureserver.net
26. saloniranighady.com
27.  
28. https://urlscan.io/result/aea3a3df-82d6-4558-baa6-280cdff62ad1/
29.  
30. [INFO] Date: 28/09/21 | Time: 05:47:03
31. [INFO] ------TARGET info------
32. [*] TARGET: https://mesterdramaislandpcr3.blogspot.com/
33. [*] TARGET IP: 172.217.17.1
34. [INFO] NO load balancer detected for mesterdramaislandpcr3.blogspot.com...
35. [*] DNS servers: blogspot.l.googleusercontent.com. ns1.google.com.
36. [*] TARGET server: GSE
37. [*] CC: GB
38. [*] Country: United Kingdom
39. [*] RegionCode: ENG
40. [*] RegionName: England
41. [*] City: London
42. [*] ASN: AS15169
43. [*] BGP_PREFIX: 172.217.0.0/16
44. [*] ISP: GOOGLE, US
45. [INFO] SSL/HTTPS certificate detected
46. [*] Issuer: issuer=C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
47. [*] Subject: subject=CN = misc-sni.blogspot.com
48. [INFO] Possible abuse mails are:
49. [*] abuse@blogger.com
50. [*] abuse@blogspot.com
51. [*] abuse@google.com
52. [INFO] NO PAC (Proxy Auto Configuration) file FOUND
53. [ALERT] robots.txt file FOUND in http://mesterdramaislandpcr3.blogspot.com/robots.txt
54. [INFO] Checking for HTTP status codes recursively from http://mesterdramaislandpcr3.blogspot.com/robots.txt
55. [INFO] Status code Folders
56. [*] 200 http://mesterdramaislandpcr3.blogspot.com/
57. [*] 200 http://mesterdramaislandpcr3.blogspot.com/search
58. [INFO] Starting FUZZing in http://mesterdramaislandpcr3.blogspot.com/FUzZzZzZzZz...
59. [INFO] Status code Folders
60. [*] 200 http://mesterdramaislandpcr3.blogspot.com/2006
61. grep: (standard input): binary file matches
62. [ALERT] Look in the source code. It may contain passwords
63. [INFO] Links found from https://mesterdramaislandpcr3.blogspot.com/ http://172.217.17.1/:
64. [*] http://maps.google.pt/maps?hl=pt-PT&tab=wl
65. [*] https://accounts.google.com/ServiceLogin?hl=pt-PT&passive=true&continue=http://www.google.com/&ec=GAZAAQ
66. [*] https://drive.google.com/?tab=wo
67. [*] https://mail.google.com/mail/?tab=wm
68. [*] https://mesterdramaislandpcr3.blogspot.com/feeds/posts/default
69. [*] https://mesterdramaislandpcr3.blogspot.com/feeds/posts/default?alt=rss
70. [*] https://mesterdramaislandpcr3.blogspot.com/#main
71. [*] https://news.google.com/?tab=wn
72. [*] https://play.google.com/?hl=pt-PT&tab=w8
73. [*] https://www.blogger.com/
74. [*] https://www.blogger.com/go/report-abuse
75. [*] https://www.blogger.com/profile/10279786901851898075
76. [*] https://www.google.pt/intl/pt-PT/about/products?tab=wh
77. [*] http://www.google.com/advanced_search?hl=pt-PT&authuser=0
78. [*] http://www.google.com/intl/pt-PT/about.html
79. [*] http://www.google.com/intl/pt-PT/ads/
80. [*] http://www.google.com/intl/pt-PT/policies/privacy/
81. [*] http://www.google.com/intl/pt-PT/policies/terms/
82. [*] http://www.google.com/preferences?hl=pt-PT
83. [*] http://www.google.com/setprefdomain?prefdom=PT&prev=http://www.google.pt/&sig=K_VPLMatq8AxJBj9YCgvJKjeTLByM=
84. [*] http://www.google.com/setprefs?sig=0_ymn_AsE_eQee5--dCJNor_4toKs=&hl=en&source=homepage&sa=X&ved=0ahUKEwiVroTRsaHzAhXWGFkFHTt4CrgQ2ZgBCAQ
85. [*] http://www.google.pt/history/optout?hl=pt-PT
86. [*] http://www.google.pt/imghp?hl=pt-PT&tab=wi
87. [*] http://www.google.pt/intl/pt-PT/services/
88. [*] http://www.offset.com/photos/394244
89. [*] http://www.youtube.com/?gl=PT&tab=w1
90. cut: invalid field range
91. Try 'cut --help' for more information.
92. [INFO] Shodan detected the following opened ports on 172.217.17.1:
93. [*] 2
94. [*] 4
95. [INFO] ------VirusTotal SECTION------
96. [INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
97. [INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
98. [INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
99. [INFO] ------Alexa Rank SECTION------
100. [INFO] Percent of Visitors Rank in Country:
101. [INFO] Percent of Search Traffic:
102. [INFO] Percent of Unique Visits:
103. [INFO] Total Sites Linking In:
104. [INFO] Useful links related to mesterdramaislandpcr3.blogspot.com - 172.217.17.1:
105. [*] https://www.virustotal.com/pt/ip-address/172.217.17.1/information/
106. [*] https://www.hybrid-analysis.com/search?host=172.217.17.1
107. [*] https://www.shodan.io/host/172.217.17.1
108. [*] https://www.senderbase.org/lookup/?search_string=172.217.17.1
109. [*] https://www.alienvault.com/open-threat-exchange/ip/172.217.17.1
110. [*] http://pastebin.com/search?q=172.217.17.1
111. [*] http://urlquery.net/search.php?q=172.217.17.1
112. [*] http://www.alexa.com/siteinfo/mesterdramaislandpcr3.blogspot.com
113. [*] http://www.google.com/safebrowsing/diagnostic?site=mesterdramaislandpcr3.blogspot.com
114. [*] https://censys.io/ipv4/172.217.17.1
115. [*] https://www.abuseipdb.com/check/172.217.17.1
116. [*] https://urlscan.io/search/#172.217.17.1
117. [*] https://github.com/search?q=172.217.17.1&type=Code
118. [INFO] Useful links related to AS15169 - 172.217.0.0/16:
119. [*] http://www.google.com/safebrowsing/diagnostic?site=AS:15169
120. [*] https://www.senderbase.org/lookup/?search_string=172.217.0.0/16
121. [*] http://bgp.he.net/AS15169
122. [*] https://stat.ripe.net/AS15169
123. [INFO] Date: 28/09/21 | Time: 05:47:37
124. [INFO] Total time: 0 minute(s) and 34 second(s)
125. -----------------------------------------------------------link 2---------------------------------------------------
126.  
127. [INFO] Date: 28/09/21 | Time: 07:04:40
128. [INFO] ------TARGET info------
129. [*] TARGET: https://saloniranighady.com/Pt/Expresso/Codigo_de_envio=PT15****239-94.126.173.27/Home/Metodo_de_pagamento.php
130. [*] TARGET IP: 92.205.15.224
131. [INFO] NO load balancer detected for saloniranighady.com...
132. [*] DNS servers: ns75.domaincontrol.com. ns75.domaincontrol.com.
133. [*] TARGET server: Apache
134. [*] CC: FR
135. [*] Country: France
136. [*] RegionCode: GES
137. [*] RegionName: Grand Est
138. [*] City: Strasbourg
139. [*] ASN: AS21499
140. [*] BGP_PREFIX: 92.205.0.0/19
141. [*] ISP: GODADDY-SXB Host Europe GmbH, DE
142. [INFO] SSL/HTTPS certificate detected
143. [*] Issuer: issuer=C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
144. [*] Subject: subject=CN = saloniranighady.com
145. [INFO] Possible abuse mails are:
146. [*] abuse@saloniranighady.com
147. [*] fbl-spamcop@ext.godaddy.com
148. [INFO] NO PAC (Proxy Auto Configuration) file FOUND
149. [INFO] Checking for HTTP status codes recursively from /Pt/Expresso/Codigo_de_envio=PT15****239-94.126.173.27/Home/Metodo_de_pagamento.php
150. [INFO] Status code Folders
151. [*] 200 http://saloniranighady.com/Pt/
152. [*] 200 http://saloniranighady.com/Pt/Expresso/
153. [*] 200 http://saloniranighady.com/Pt/Expresso/Codigo_de_envio=PT15****239-94.126.173.27/
154. [*] 200 http://saloniranighady.com/Pt/Expresso/Codigo_de_envio=PT15****239-94.126.173.27/Home/
155. [INFO] Starting FUZZing in http://saloniranighady.com/FUzZzZzZzZz...
156. [INFO] Status code Folders
157. [ALERT] Look in the source code. It may contain passwords
158. [INFO] Links found from https://saloniranighady.com/Pt/Expresso/Codigo_de_envio=PT15****239-94.126.173.27/Home/Metodo_de_pagamento.php http://92.205.15.224/:
159. [*] http://92.205.15.224/cpanel
160. cut: invalid field range
161. Try 'cut --help' for more information.
162. [INFO] Shodan detected the following opened ports on 92.205.15.224:
163. [*] 1
164. [*] 4
165. [INFO] ------VirusTotal SECTION------
166. [INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
167. [INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
168. [INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
169. [INFO] ------Alexa Rank SECTION------
170. [INFO] Percent of Visitors Rank in Country:
171. [INFO] Percent of Search Traffic:
172. [INFO] Percent of Unique Visits:
173. [INFO] Total Sites Linking In:
174. [INFO] Useful links related to saloniranighady.com - 92.205.15.224:
175. [*] https://www.virustotal.com/pt/ip-address/92.205.15.224/information/
176. [*] https://www.hybrid-analysis.com/search?host=92.205.15.224
177. [*] https://www.shodan.io/host/92.205.15.224
178. [*] https://www.senderbase.org/lookup/?search_string=92.205.15.224
179. [*] https://www.alienvault.com/open-threat-exchange/ip/92.205.15.224
180. [*] http://pastebin.com/search?q=92.205.15.224
181. [*] http://urlquery.net/search.php?q=92.205.15.224
182. [*] http://www.alexa.com/siteinfo/saloniranighady.com
183. [*] http://www.google.com/safebrowsing/diagnostic?site=saloniranighady.com
184. [*] https://censys.io/ipv4/92.205.15.224
185. [*] https://www.abuseipdb.com/check/92.205.15.224
186. [*] https://urlscan.io/search/#92.205.15.224
187. [*] https://github.com/search?q=92.205.15.224&type=Code
188. [INFO] Useful links related to AS21499 - 92.205.0.0/19:
189. [*] http://www.google.com/safebrowsing/diagnostic?site=AS:21499
190. [*] https://www.senderbase.org/lookup/?search_string=92.205.0.0/19
191. [*] http://bgp.he.net/AS21499
192. [*] https://stat.ripe.net/AS21499
193. [INFO] Date: 28/09/21 | Time: 07:04:57
194. [INFO] Total time: 0 minute(s) and 17 second(s)
195.  
196. ---------------------------------
197. R E P U T A T I O N IP C H E C K
198. ---------------------------------
199. ABUSEIPDB Report:
200. IP: 172.217.17.1
201. Reports: 1
202. Abuse Score: 3%
203. Last Report: 2021-09-28T10:45:23+00:00
204.  
205.  
206.  
207. ##### | Searching : 92.205.15.224
208. ####b | Found : 135 websites
209. ####b | Scraped pages: 40
210. ####b 1mw, |
211. ####b 1#####Nw, | Page Title : ip:92.205.15.224 . - Bing
212. ####i %########[ | Results : 289-298 of 317
213. ####n 2#####[ | Pagination : 1 ... 28 29 30 31 32
214. ####g ,#########b | New : 0 new
215. #############M^ |
216. ▎##########" | Some results have been removed
217. "%##" | CTRL-C to stop
218.  
219. Enter IP, URL or Email Address: 92.205.15.224
220.  
221. WHO IS REPORT:
222. CIDR: 92.205.0.0/19
223. Name: DE-GD-EMEA-DCN
224. Range: 92.205.0.0 - 92.205.31.255
225. Descr: DCN Sub Alloc
226. Country: DE
227. State: None
228. City: None
229. Address: H.J.E. Wenckebachweg 127, 1096 AM, Amsterdam, NETHERLANDS
230. Post Code: None
231. Created: 2020-12-09T16:18:08Z
232. Updated: 2020-12-09T16:18:08Z
233.  
234. VirusTotal Report:
235. No of Databases Checked: 87
236. No of Reportings: 11
237. Average Score: 0.12643678160919541
238. VirusTotal Report Link: https://www.virustotal.com/gui/url/51aa0c3556f7d6a4686299f30b3acfbfc336b4aac2aa597938a483512e8fbb3a/detection/u-51aa0c3556f7d6a4686299f30b3acfbfc336b4aac2aa597938a483512e8fbb3a-1624601371
239.  
240. ABUSEIPDB Report:
241. IP: 92.205.15.224
242. Reports: 2
243. Abuse Score: 16%
244. Last Report: 2021-09-28T10:46:57+00:00
245.  
246.  
247.  
248.  
249.  
250.  
251.  
252.  
253.