API tools faq
paste
moshsrv

hxxps://oyshpt.squarespace.com/

moshsrv
Sep 27th, 2021 (edited)
103
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.71 KB | None | 0 0
raw download clone embed print report
  1. Email Analysis Report
  2. Email: cs@vmcustomer.com
  3. Reputation: none
  4. Suspicious: True
  5. Spotted: 0 Times
  6. Blacklisted: False
  7. Last Seen: never
  8. Known Spam: False
  9.  
  10. Domain Report
  11. Domain: @vmcustomer.com
  12. Domain Exists: True
  13. Domain Rep: low
  14. Domain Age: None Days
  15. New Domain: False
  16. Deliverable: True
  17. Free Provider: False
  18. Disposable: False
  19. Spoofable: True
  20.  
  21. Malicious Activity Report
  22. Malicious Activity: False
  23. Recent Activity: False
  24. Credentials Leaked: False
  25. Found in breach: False
  26.  
  27. Profiles Found
  28. No Profiles Found For This User
  29.  
  30. Summary of Report:
  31. Suspicious
  32. We have not observed this email address on the internet, and it has no profiles on major services like LinkedIn, Facebook, and iCloud
  33. A lack of digital presence may simply indicate a new email address, but is typically suspicious
  34.  
  35.  
  36. INFO] Date: 27/09/21 | Time: 04:15:49
  37. [INFO] ------TARGET info------
  38. [*] TARGET: https://oyshpt.squarespace.com/
  39. [*] TARGET IP: 198.49.23.177
  40. [ALERT] oyshpt.squarespace.com has a load balancer for IPv4 with the following IPs:
  41. [*] 198.185.159.177
  42. [*] 198.185.159.176
  43. [*] 198.49.23.177
  44. [*] 198.49.23.176
  45. [*] DNS servers: dns1.p06.nsone.net.
  46. [*] TARGET server: Squarespace
  47. [*] CC: US
  48. [*] Country: United States
  49. [*] RegionCode: NY
  50. [*] RegionName: New York
  51. [*] City: New York
  52. [*] ASN: AS53831
  53. [*] BGP_PREFIX: 198.49.23.0/24
  54. [*] ISP: SQUARESPACE, US
  55. [INFO] SSL/HTTPS certificate detected
  56. [*] Issuer: issuer=C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
  57. [*] Subject: subject=C = US, ST = New York, L = New York, O = "Squarespace, Inc.", CN = *.squarespace.com
  58. [INFO] Possible abuse mails are:
  59. [*] abuse@squarespace.com
  60. [*] postmaster@squarespace.com
  61. [INFO] NO PAC (Proxy Auto Configuration) file FOUND
  62. [ALERT] robots.txt file FOUND in http://oyshpt.squarespace.com/robots.txt
  63. [INFO] Checking for HTTP status codes recursively from http://oyshpt.squarespace.com/robots.txt
  64. [INFO] Status code Folders
  65. [*] 200 http://oyshpt.squarespace.com/config
  66. [*] 200 http://oyshpt.squarespace.com/search
  67. [INFO] Starting FUZZing in http://oyshpt.squarespace.com/FUzZzZzZzZz...
  68. [INFO] Status code Folders
  69. [ALERT] Look in the source code. It may contain passwords
  70. [INFO] Links found from https://oyshpt.squarespace.com/ http://198.49.23.177/:
  71. [*] https://oyshpt.squarespace.com/
  72. [*] https://oyshpt.squarespace.com/cart
  73. [*] https://oyshpt.squarespace.com/#page
  74. [*] https://status.squarespace.com/
  75. [*] https://twitter.com/squarespace
  76. [*] https://www.facebook.com/squarespace
  77. [*] https://www.instagram.com/squarespace/
  78. [*] https://www.jintumap.com/?Acessorios
  79. [*] https://www.jintumap.com/?Banho-e-beachwear
  80. [*] https://www.jintumap.com/?Calado
  81. [*] https://www.jintumap.com/?Condicoes-de-uso
  82. [*] https://www.jintumap.com/?consultations
  83. [*] https://www.jintumap.com/?dress-automn-2021
  84. [*] https://www.jintumap.com/?fatos-de-banhos
  85. [*] https://www.jintumap.com/?Lingerie
  86. [*] https://www.jintumap.com/?Loungewear
  87. [*] https://www.jintumap.com/?Privacidade
  88. [*] https://www.jintumap.com/?Sleep
  89. [*] https://www.jintumap.com/?Sobre-nos-space
  90. [*] https://www.jintumap.com/?Sport
  91. [*] https://www.jintumap.com/?sports-psh-leggings
  92. [*] https://www.jintumap.com/?top-biqui-2021
  93. cut: invalid field range
  94. Try 'cut --help' for more information.
  95. [INFO] Shodan detected the following opened ports on 198.49.23.177:
  96. [INFO] ------VirusTotal SECTION------
  97. [INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
  98. [INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
  99. [INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
  100. [INFO] ------Alexa Rank SECTION------
  101. [INFO] Percent of Visitors Rank in Country:
  102. [INFO] Percent of Search Traffic:
  103. [INFO] Percent of Unique Visits:
  104. [INFO] Total Sites Linking In:
  105. [INFO] Useful links related to oyshpt.squarespace.com - 198.49.23.177:
  106. [*] https://www.virustotal.com/pt/ip-address/198.49.23.177/information/
  107. [*] https://www.hybrid-analysis.com/search?host=198.49.23.177
  108. [*] https://www.shodan.io/host/198.49.23.177
  109. [*] https://www.senderbase.org/lookup/?search_string=198.49.23.177
  110. [*] https://www.alienvault.com/open-threat-exchange/ip/198.49.23.177
  111. [*] http://pastebin.com/search?q=198.49.23.177
  112. [*] http://urlquery.net/search.php?q=198.49.23.177
  113. [*] http://www.alexa.com/siteinfo/oyshpt.squarespace.com
  114. [*] http://www.google.com/safebrowsing/diagnostic?site=oyshpt.squarespace.com
  115. [*] https://censys.io/ipv4/198.49.23.177
  116. [*] https://www.abuseipdb.com/check/198.49.23.177
  117. [*] https://urlscan.io/search/#198.49.23.177
  118. [*] https://github.com/search?q=198.49.23.177&type=Code
  119. [INFO] Useful links related to AS53831 - 198.49.23.0/24:
  120. [*] http://www.google.com/safebrowsing/diagnostic?site=AS:53831
  121. [*] https://www.senderbase.org/lookup/?search_string=198.49.23.0/24
  122. [*] http://bgp.he.net/AS53831
  123. [*] https://stat.ripe.net/AS53831
  124. [INFO] Date: 27/09/21 | Time: 04:16:41
  125. [INFO] Total time: 0 minute(s) and 52 second(s)
  126. --------------------------------------------------PART 2----------------------------------------------------------
  127. url scan https://www.jintumap.com/?Acessorios
  128. [INFO] Date: 27/09/21 | Time: 04:56:27
  129. [INFO] ------TARGET info------
  130. [*] TARGET: https://www.oyshlingerie.online/acess%C3%B3rios-l-ODAwMjAxNDc=-MjAyMTA5MDQwMzI1NTI5NDMw.html?u=c38or/iDVT4=
  131. [*] TARGET IP: 91.92.112.220
  132. [INFO] NO load balancer detected for www.jintumap.com...
  133. [*] DNS servers: dns29.hichina.com.
  134. [*] TARGET server: nginx/1.14.2
  135. [*] CC: NL
  136. [*] Country: Netherlands
  137. [*] RegionCode: NH
  138. [*] RegionName: North Holland
  139. [*] City: Amsterdam
  140. [*] ASN: AS197328
  141. [*] BGP_PREFIX: 91.92.112.0/23
  142. [*] ISP: INETLTD Istanbuldc Veri Merkezi Ltd Sti, TR
  143. [INFO] SSL/HTTPS certificate detected
  144. [*] Issuer: issuer=C = US, O = Let's Encrypt, CN = R3
  145. [*] Subject: subject=CN = www.jintumap.com
  146. [ALERT] Let's Encrypt is commonly used for Phishing
  147. [INFO] Possible abuse mails are:
  148. [*] abuse@jintumap.com
  149. [*] abuse@rh.com.tr
  150. [*] abuse@sayfa.net
  151. [*] abuse@www.jintumap.com
  152. [*] ripe4@sayfa.net
  153. [INFO] NO PAC (Proxy Auto Configuration) file FOUND
  154. [INFO] Checking for HTTP status codes recursively from /acess%C3%B3rios-l-ODAwMjAxNDc=-MjAyMTA5MDQwMzI1NTI5NDMw.html?u=c38or/iDVT4=
  155. [INFO] Status code Folders
  156. [*] 404 http://www.jintumap.com/acess%C3%B3rios-l-ODAwMjAxNDc=-MjAyMTA5MDQwMzI1NTI5NDMw.html?u=c38or/
  157. [INFO] Starting FUZZing in http://www.jintumap.com/FUzZzZzZzZz...
  158. [INFO] Status code Folders
  159. [ALERT] Look in the source code. It may contain passwords
  160. [INFO] Links found from https://www.oyshlingerie.online/acess%C3%B3rios-l-ODAwMjAxNDc=-MjAyMTA5MDQwMzI1NTI5NDMw.html?u=c38or/iDVT4= http://91.92.112.220/:
  161. [*] https://www.17ordertrack.com/
  162. [*] https://www.ciohcgf.xyz/
  163. [*] https://www.ciohcgf.xyz/agrega-c-139.html
  164. [*] https://www.ciohcgf.xyz/aunque-este-par-de-zapatos-de-tacón-es-simple-en-diseño-da-una-agradable-ligereza-al-caminar-p-204.html
  165. [*] https://www.ciohcgf.xyz/botas-t-290.html
  166. [*] https://www.ciohcgf.xyz/en-mis-zapatos-p-206.html
  167. [*] https://www.ciohcgf.xyz/media-longitud-t-294.html
  168. [*] https://www.ciohcgf.xyz/movimientos-t-295.html
  169. [*] https://www.ciohcgf.xyz/para-aquellas-mujeres-maduras-siempre-tienen-un-encanto-más-elegante-p-205.html
  170. [*] https://www.ciohcgf.xyz/peinado-ondulado-c-138.html
  171. [*] https://www.ciohcgf.xyz/privacypolicy.html
  172. [*] https://www.ciohcgf.xyz/tacones-altos-t-293.html
  173. [*] https://www.ciohcgf.xyz/termsofservice.html
  174. [*] https://www.ciohcgf.xyz/zapatillas-t-291.html
  175. [*] https://www.ciohcgf.xyz/zapatos-c-140.html
  176. [*] https://www.ciohcgf.xyz/zapatos-t-292.html
  177. [*] https://www.oyshlingerie.online/
  178. [*] https://www.oyshlingerie.online/recently_browse.html
  179. [*] https://www.oyshlingerie.online/search.html
  180. [*] https://www.oyshlingerie.online/shopping_cart.html
  181. cut: invalid field range
  182. Try 'cut --help' for more information.
  183. [INFO] Shodan detected the following opened ports on 91.92.112.220:
  184. [INFO] ------VirusTotal SECTION------
  185. [INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
  186. [INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
  187. [INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
  188. [INFO] ------Alexa Rank SECTION------
  189. [INFO] Percent of Visitors Rank in Country:
  190. [INFO] Percent of Search Traffic:
  191. [INFO] Percent of Unique Visits:
  192. [INFO] Total Sites Linking In:
  193. [INFO] Useful links related to www.jintumap.com - 91.92.112.220:
  194. [*] https://www.virustotal.com/pt/ip-address/91.92.112.220/information/
  195. [*] https://www.hybrid-analysis.com/search?host=91.92.112.220
  196. [*] https://www.shodan.io/host/91.92.112.220
  197. [*] https://www.senderbase.org/lookup/?search_string=91.92.112.220
  198. [*] https://www.alienvault.com/open-threat-exchange/ip/91.92.112.220
  199. [*] http://pastebin.com/search?q=91.92.112.220
  200. [*] http://urlquery.net/search.php?q=91.92.112.220
  201. [*] http://www.alexa.com/siteinfo/www.jintumap.com
  202. [*] http://www.google.com/safebrowsing/diagnostic?site=www.jintumap.com
  203. [*] https://censys.io/ipv4/91.92.112.220
  204. [*] https://www.abuseipdb.com/check/91.92.112.220
  205. [*] https://urlscan.io/search/#91.92.112.220
  206. [*] https://github.com/search?q=91.92.112.220&type=Code
  207. [INFO] Useful links related to AS197328 - 91.92.112.0/23:
  208. [*] http://www.google.com/safebrowsing/diagnostic?site=AS:197328
  209. [*] https://www.senderbase.org/lookup/?search_string=91.92.112.0/23
  210. [*] http://bgp.he.net/AS197328
  211. [*] https://stat.ripe.net/AS197328
  212. [INFO] Date: 27/09/21 | Time: 04:56:56
  213. [INFO] Total time: 0 minute(s) and 29 second(s)
  214. ------------------------------------------------------------PART 3------------------------------------------------
  215. [INFO] Date: 27/09/21 | Time: 05:22:30
  216. [INFO] ------TARGET info------
  217. [*] TARGET: https://www.ciohcgf.xyz/
  218. [*] TARGET IP: 91.92.112.220
  219. [INFO] NO load balancer detected for www.ciohcgf.xyz...
  220. [*] DNS servers: dns11.hichina.com.
  221. [*] TARGET server: nginx/1.14.2
  222. [*] CC: NL
  223. [*] Country: Netherlands
  224. [*] RegionCode: NH
  225. [*] RegionName: North Holland
  226. [*] City: Amsterdam
  227. [*] ASN: AS197328
  228. [*] BGP_PREFIX: 91.92.112.0/23
  229. [*] ISP: INETLTD Istanbuldc Veri Merkezi Ltd Sti, TR
  230. [INFO] SSL/HTTPS certificate detected
  231. [*] Issuer: issuer=C = US, O = Let's Encrypt, CN = R3
  232. [*] Subject: subject=CN = www.ciohcgf.xyz
  233. [ALERT] Let's Encrypt is commonly used for Phishing
  234. [INFO] Possible abuse mails are:
  235. [*] abuse@ciohcgf.xyz
  236. [*] abuse@rh.com.tr
  237. [*] abuse@sayfa.net
  238. [*] abuse@www.ciohcgf.xyz
  239. [*] ripe4@sayfa.net
  240. [INFO] NO PAC (Proxy Auto Configuration) file FOUND
  241. [INFO] Starting FUZZing in http://www.ciohcgf.xyz/FUzZzZzZzZz...
  242. [INFO] Status code Folders
  243. [ALERT] Look in the source code. It may contain passwords
  244. [INFO] SAME content in http://www.ciohcgf.xyz/ AND http://91.92.112.220/
  245. [INFO] Links found from https://www.ciohcgf.xyz/:
  246. [*] https://www.ciohcgf.xyz/
  247. [*] https://www.ciohcgf.xyz/agrega-c-139.html
  248. [*] https://www.ciohcgf.xyz/aunque-este-par-de-zapatos-de-tacón-es-simple-en-diseño-da-una-agradable-ligereza-al-caminar-p-204.html
  249. [*] https://www.ciohcgf.xyz/botas-t-290.html
  250. [*] https://www.ciohcgf.xyz/en-mis-zapatos-p-206.html
  251. [*] https://www.ciohcgf.xyz/media-longitud-t-294.html
  252. [*] https://www.ciohcgf.xyz/movimientos-t-295.html
  253. [*] https://www.ciohcgf.xyz/para-aquellas-mujeres-maduras-siempre-tienen-un-encanto-más-elegante-p-205.html
  254. [*] https://www.ciohcgf.xyz/peinado-ondulado-c-138.html
  255. [*] https://www.ciohcgf.xyz/privacypolicy.html
  256. [*] https://www.ciohcgf.xyz/tacones-altos-t-293.html
  257. [*] https://www.ciohcgf.xyz/termsofservice.html
  258. [*] https://www.ciohcgf.xyz/zapatillas-t-291.html
  259. [*] https://www.ciohcgf.xyz/zapatos-c-140.html
  260. [*] https://www.ciohcgf.xyz/zapatos-t-292.html
  261. cut: invalid field range
  262. Try 'cut --help' for more information.
  263. [INFO] Shodan detected the following opened ports on 91.92.112.220:
  264. [INFO] ------VirusTotal SECTION------
  265. [INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
  266. [INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
  267. [INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
  268. [INFO] ------Alexa Rank SECTION------
  269. [INFO] Percent of Visitors Rank in Country:
  270. [INFO] Percent of Search Traffic:
  271. [INFO] Percent of Unique Visits:
  272. [INFO] Total Sites Linking In:
  273. [INFO] Useful links related to www.ciohcgf.xyz - 91.92.112.220:
  274. [*] https://www.virustotal.com/pt/ip-address/91.92.112.220/information/
  275. [*] https://www.hybrid-analysis.com/search?host=91.92.112.220
  276. [*] https://www.shodan.io/host/91.92.112.220
  277. [*] https://www.senderbase.org/lookup/?search_string=91.92.112.220
  278. [*] https://www.alienvault.com/open-threat-exchange/ip/91.92.112.220
  279. [*] http://pastebin.com/search?q=91.92.112.220
  280. [*] http://urlquery.net/search.php?q=91.92.112.220
  281. [*] http://www.alexa.com/siteinfo/www.ciohcgf.xyz
  282. [*] http://www.google.com/safebrowsing/diagnostic?site=www.ciohcgf.xyz
  283. [*] https://censys.io/ipv4/91.92.112.220
  284. [*] https://www.abuseipdb.com/check/91.92.112.220
  285. [*] https://urlscan.io/search/#91.92.112.220
  286. [*] https://github.com/search?q=91.92.112.220&type=Code
  287. [INFO] Useful links related to AS197328 - 91.92.112.0/23:
  288. [*] http://www.google.com/safebrowsing/diagnostic?site=AS:197328
  289. [*] https://www.senderbase.org/lookup/?search_string=91.92.112.0/23
  290. [*] http://bgp.he.net/AS197328
  291. [*] https://stat.ripe.net/AS197328
  292. [INFO] Date: 27/09/21 | Time: 05:22:56
  293. [INFO] Total time: 0 minute(s) and 26 second(s)
  294.  
  295.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!