Overview

URL uhuzz.pozmsgb9geoc.gegx.gdn/
IP45.76.28.196
ASNAS20473 Choopa, LLC
Location United States
Report completed2018-01-23 09:50:07 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-01-23 2 uhuzz.pozmsgb9geoc.gegx.gdn/ Malware
2018-01-23 2 ssl.safepoollink.com/c/0d1379a153bcb678?trafficsource_id=0 Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 45.76.28.196

Date UQ / IDS / BL URL IP
2018-01-24 02:03:18 +0100
0 - 0 - 2 thuzz.pozmsgb9geoc.gegx.gdn/ 45.76.28.196
2018-01-24 02:03:17 +0100
0 - 0 - 2 kx0zz.pozmsgb9geoc.gegx.gdn/ 45.76.28.196
2018-01-23 09:50:07 +0100
0 - 0 - 1 uhuzz.pozmsgb9geoc.gegx.gdn/AFF443affbeatsign (...) 45.76.28.196
2018-01-23 08:58:36 +0100
0 - 0 - 1 v3szz.pozmsgb9geoc.gegx.gdn/AFF443affbeatsign (...) 45.76.28.196
2018-01-23 06:36:36 +0100
0 - 0 - 1 y58zz.pozmsgb9geoc.gegx.gdn/AFF443affbeatsign (...) 45.76.28.196
2018-01-23 05:57:23 +0100
0 - 0 - 2 7wezz.pozmsgb9geoc.gegx.gdn/ 45.76.28.196
2018-01-23 05:57:20 +0100
0 - 0 - 2 vugzz.pozmsgb9geoc.gegx.gdn/ 45.76.28.196
2018-01-22 21:18:05 +0100
0 - 0 - 2 z4xzz.pozmsgb9geoc.gegx.gdn/ 45.76.28.196
2018-01-22 09:21:50 +0100
0 - 0 - 1 uskzz.pozmsgb9geoc.gegx.gdn/AFF443affbeatsign (...) 45.76.28.196
2018-01-22 09:21:50 +0100
0 - 0 - 2 uskzz.pozmsgb9geoc.gegx.gdn/ 45.76.28.196

Last 10 reports on ASN: AS20473 Choopa, LLC

Date UQ / IDS / BL URL IP
2018-12-18 14:56:30 +0100
0 - 0 - 1 momos.cf/aamir/ch 108.61.241.123
2018-12-18 14:56:29 +0100
0 - 0 - 1 micesk.info/aamir/iedge 108.61.241.123
2018-12-18 12:15:17 +0100
0 - 0 - 1 down.down1024.com/HN/X86.bin 208.167.245.233
2018-12-18 11:30:01 +0100
0 - 0 - 2 down1008.com/api/1bc2f567ba90d6d5a460594a96af (...) 208.167.245.233
2018-12-18 10:31:48 +0100
0 - 0 - 2 www.freevideotomp3converter.com/FreeVideoToMp (...) 45.76.239.28
2018-12-18 10:04:59 +0100
0 - 0 - 1 https://www.overthetopentertainment.com/wp-in (...) 206.221.183.4
2018-12-18 08:39:46 +0100
0 - 0 - 0 https://mijnvloertje.nl/ 108.61.117.22
2018-12-18 08:08:25 +0100
2 - 0 - 4 www.filmdewasa.us/2018/05/ 45.77.47.37
2018-12-18 08:04:27 +0100
3 - 0 - 0 astrani.com/language/mt/index.php?email=leath (...) 206.221.182.74
2018-12-18 06:05:13 +0100
0 - 0 - 3 helpsecurityy.com/aa19a068/challengevdl.php 104.243.41.186

No other reports on domain: gegx.gdn



JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (5)


Request Response
                                        
                                            GET / HTTP/1.1 
Host: uhuzz.pozmsgb9geoc.gegx.gdn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         45.76.28.196
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Tue, 23 Jan 2018 08:56:06 GMT
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: ci_session=RwheKlvcOd%2Fb94AiLQgFEEw2S9AdLJWydUCy5NsAU0284RrxMRDxdr88qNiPAQbzV3Daja5KBGeYgm6ifZNGedJ2OgzOaK5I5DQD1RGJmY4qioxxvntgL4T%2BZruhg4Gvrsqg0XL9Jpx9d94PqyO6saKxr80aQ%2FZuHqvSY6UIfWzDaCnoktxne2VnYjXRWBZhbzNKVPXbX95ExUgFO2DuDpqxcuTsxGkWe2FlntPHZOMhSeFEiR8zuIP4PkAhHB0OyhbWTM9GT5Pyl8QjVbrFiSzV%2BbVaDFVOTviP2YOKuxAt0nIFxhYmYA%2FLgvSFTQmacww8qmFk3N2YAk%2BRuFP3j7%2BG5%2FjTY%2BStJOTyeWh9l0hzgHDXqdep5SfJYo1I79un3GQn6n0Y1AtMxZWlRJrmxOOC%2BSgqmKvyCBrissSv6qE%3D; expires=Wed, 24-Jan-2018 08:56:06 GMT; Max-Age=86400; path=/; domain=.uhuzz.pozmsgb9geoc.gegx.gdn click_id_mini0d42-001b-11e8-8c1f-adce0981f50a=3fb70ea0-001b-11e8-a708-a274fa352033 id=noid; expires=Wed, 24-Jan-2018 08:57:46 GMT; Max-Age=86500; path=/; domain=.uhuzz.pozmsgb9geoc.gegx.gdn SITE_ID=95788601; expires=Wed, 24-Jan-2018 08:57:46 GMT; Max-Age=86500; path=/; domain=.uhuzz.pozmsgb9geoc.gegx.gdn sov=95788601; expires=Wed, 24-Jan-2018 08:57:46 GMT; Max-Age=86500; path=/; domain=.uhuzz.pozmsgb9geoc.gegx.gdn tov=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.uhuzz.pozmsgb9geoc.gegx.gdn mov=affbeat.mini; expires=Wed, 24-Jan-2018 08:57:46 GMT; Max-Age=86500; path=/; domain=.uhuzz.pozmsgb9geoc.gegx.gdn redid=0; expires=Wed, 24-Jan-2018 08:57:46 GMT; Max-Age=86500; path=/; domain=.uhuzz.pozmsgb9geoc.gegx.gdn campaign_id=0; expires=Wed, 24-Jan-2018 08:57:46 GMT; Max-Age=86500; path=/; domain=.uhuzz.pozmsgb9geoc.gegx.gdn gsid=0; expires=Wed, 24-Jan-2018 08:57:46 GMT; Max-Age=86500; path=/; domain=.uhuzz.pozmsgb9geoc.gegx.gdn pid=0; expires=Wed, 24-Jan-2018 08:57:46 GMT; Max-Age=86500; path=/; domain=.uhuzz.pozmsgb9geoc.gegx.gdn ref=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.uhuzz.pozmsgb9geoc.gegx.gdn impid=mini0d42-001b-11e8-8c1f-adce0981f50a; expires=Wed, 24-Jan-2018 08:57:46 GMT; Max-Age=86500; path=/; domain=.uhuzz.pozmsgb9geoc.gegx.gdn URI=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.uhuzz.pozmsgb9geoc.gegx.gdn
X-Source: Mini
X-Sov: 95788601
X-Rot: 359529
Location: http://ssl.safepoollink.com/c/0d1379a153bcb678?trafficsource_id=0


--- Additional Info ---

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /c/0d1379a153bcb678?trafficsource_id=0 HTTP/1.1 
Host: ssl.safepoollink.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         52.211.95.198
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Tue, 23 Jan 2018 08:56:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: unique_291350=unique_291350; expires=Wed, 24-Jan-2018 08:56:07 GMT; Max-Age=86400; path=/ unique_id=5a66f8a709c03794314823; expires=Wed, 24-Jan-2018 08:56:07 GMT; Max-Age=86400; path=/ unique_291350=unique_291350; expires=Wed, 24-Jan-2018 08:56:07 GMT; Max-Age=86400; path=/ unique_id=5a66f8a709c03794314823; expires=Wed, 24-Jan-2018 08:56:07 GMT; Max-Age=86400; path=/
X-Powered-By: PHP/7.0.26
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1680
Md5:    d1f264d02679736e716cc95d25404e38
Sha1:   daaed943024d6e760008e7ba311810da963560fe
Sha256: 8b08198ad61b7543a69a3ce2bdaad63bada710c1d93e6ba71529b1b26dd30e11

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: ss.symcd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         23.52.27.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx/1.10.2
Content-Length: 1609
Content-Transfer-Encoding: binary
Cache-Control: max-age=557277, public, no-transform, must-revalidate
Last-Modified: Mon, 22 Jan 2018 19:41:53 GMT
Expires: Mon, 29 Jan 2018 19:41:53 GMT
Date: Tue, 23 Jan 2018 08:56:07 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1609
Md5:    00560df1ad03e0054249bafaa83a6d2f
Sha1:   4e2bbd500ceaa7e1ff397e269bdda453ce5339bf
Sha256: 57c551d59043a0e03f40544292d562f3450fc8f5be31d39deca6a606a6f6e46d
                                        
                                            GET /images/jump-favicon.ico HTTP/1.1 
Host: cdn-def.akamaized.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         195.159.219.9
HTTP/1.1 403 Forbidden
Content-Type: application/xml
                                        
x-amz-request-id: F3A1D005A861DE82
x-amz-id-2: mtA/tqPs1t24YWS/9yosaSiacooix/4STGWE4l2SFAVm//54kshq3n9rE1e//fwGgQkTPIyDJc8=
Server: AmazonS3
Content-Length: 243
Date: Tue, 23 Jan 2018 08:56:10 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  XML document text
Size:   243
Md5:    2e1b0dc4de48e2d5c0cafee30f060aaf
Sha1:   f9050300ee60e3ca6be64edfad4516468819672d
Sha256: d677cf6ab32bc6f5d7eee5221b947c3f29b2e0d9e2572c30be3fcab1f8c1e338
                                        
                                            GET /images/jump-favicon.ico HTTP/1.1 
Host: cdn-def.akamaized.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         195.159.219.9
HTTP/1.1 403 Forbidden
Content-Type: application/xml
                                        
x-amz-request-id: 4B281D1855ACC901
x-amz-id-2: sPoMc1rIp8ux0GNoDiQWoyS7YVKBhqZSWb4ok+vrYYd7oKQ4zOrksntaCSB04qjAycC6ViBfmWY=
Server: AmazonS3
Content-Length: 243
Date: Tue, 23 Jan 2018 08:56:07 GMT
Connection: keep-alive


--- Additional Info ---