urlscan.io logo urlscan.io
SecurityTrails logo

fv9-4.failiem.lv Open in urlscan Pro
80.81.57.68  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://file.fm/down.php?i=qr54fr9g8
Effective URL: https://fv9-4.failiem.lv/down.php?i=qr54fr9g8&download_checksum=72b3bbe777fb3c93316cb4855e672abd0adbe774&download_timesta...
Submission: On March 27 via manual from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 2 domains to perform 1 HTTP transactions. The main IP is 80.81.57.68, located in Latvia and belongs to LATNET-AS, LV. The main domain is fv9-4.failiem.lv.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 19th 2022. Valid for: a year.
This is the only time fv9-4.failiem.lv was scanned on urlscan.io!

urlscan.io Verdict: No classification

Downloads These files were downloaded by the website

Wells Fargo.html 77 KB text/html
MIME: HTML document, ASCII text, with very long lines, with CRLF line terminators
Size: 77 KB (78804 bytes, 100% done)
Downloaded from: https://fv9-4.failiem.lv/down.php?i=qr54fr9g8&download_checksum=72b3bbe777fb3c93316cb4855e672abd0adbe774&download_timestamp=1679891512

Domain & IP information

IP Address AS Autonomous System
1 1 80.232.242.211 12578 (APOLLO-AS...)
1 80.81.57.68 2588 (LATNET-AS)
1 1
Apex Domain
Subdomains		 Transfer
1 failiem.lv
fv9-4.failiem.lv
1 file.fm
file.fm
582 B
1 2
Domain Requested by
1 fv9-4.failiem.lv
1 file.fm 1 redirects
1 2

This site contains no links.

Subject Issuer Validity Valid
*.failiem.lv
Sectigo RSA Domain Validation Secure Server CA		 2022-05-19 -
2023-06-18		 a year crt.sh

This page contains 1 frames:

Primary Page: https://fv9-4.failiem.lv/down.php?i=qr54fr9g8&download_checksum=72b3bbe777fb3c93316cb4855e672abd0adbe774&download_timestamp=1679891512
Frame ID: 797B0DBED004D5C56797D7CB8EE1A461
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

Page Statistics

1
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

0 kB
Transfer

0 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request down.php
fv9-4.failiem.lv/
Redirect Chain
  • https://file.fm/down.php?i=qr54fr9g8
  • https://fv9-4.failiem.lv/down.php?i=qr54fr9g8&download_checksum=72b3bbe777fb3c93316cb4855e672abd0adbe774&download_timestamp=1679891512
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://fv9-4.failiem.lv/down.php?i=qr54fr9g8&download_checksum=72b3bbe777fb3c93316cb4855e672abd0adbe774&download_timestamp=1679891512
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
80.81.57.68 , Latvia, ASN2588 (LATNET-AS, LV),
Reverse DNS
m.epa.lv
Software
Apache/2.4.6 (CentOS) /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
must-revalidate, post-check=0, pre-check=0
Content-Description
File Transfer
Content-Disposition
attachment; filename="Wells Fargo.html"
Content-Length
78804
Content-Range
bytes 0-78803/78804
Content-Transfer-Encoding
binary
Content-Type
application/octet-stream
Date
Mon, 27 Mar 2023 04:31:52 GMT
ETag
"6f85fdf51fbfb72af6a6516767c302cc"
Expires
0
Pragma
public
Server
Apache/2.4.6 (CentOS)

Redirect headers

Cache-Control
no-store, no-cache, must-revalidate
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Mon, 27 Mar 2023 04:31:52 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Location
https://fv9-4.failiem.lv/down.php?i=qr54fr9g8&download_checksum=72b3bbe777fb3c93316cb4855e672abd0adbe774&download_timestamp=1679891512
Pragma
no-cache
Server
Apache/2.4.6 (CentOS)

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

2 Cookies

Domain/Path Name / Value
.file.fm/ Name: PHPSESSID
Value: 963a59516d8b905c2a92119c1780a7e24befd0aa
.failiem.lv/ Name: PHPSESSID
Value: a9f959f0cceda5e6ad02ca1de31fa686ef964334

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

file.fm
fv9-4.failiem.lv
80.232.242.211
80.81.57.68