Report - etz3.us/

Report Overview

Submitted URL
etz3.us/
IP
68.178.200.81
ASN
#398101 GO-DADDY-COM-LLC
Submitted
2024-05-09 19:01:38
Access
public
Website Title
Default Web Site Page
Final URL
etz3.us/cgi-sys/defaultwebpage.cgi
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
18

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
etz3.us	unknown	2024-01-18	2024-01-19	2024-04-11	4.0 kB	42 kB	68.178.200.81

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-03-23	medium	etz3.us/	Generic/Spear Phishing
2024-03-23	medium	etz3.us/	Generic/Spear Phishing
2024-03-23	medium	etz3.us/	Generic/Spear Phishing
2024-03-23	medium	etz3.us/	Generic/Spear Phishing
2024-03-23	medium	etz3.us/	Generic/Spear Phishing
2024-03-23	medium	etz3.us/	Generic/Spear Phishing
2024-03-23	medium	etz3.us/	Generic/Spear Phishing
2024-03-23	medium	etz3.us/	Generic/Spear Phishing
2024-03-23	medium	etz3.us/	Generic/Spear Phishing

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (9)

URL IP Response Size

etz3.us/

68.178.200.81

162 B

URL
etz3.us/
IP
68.178.200.81:0
ASN
#398101 GO-DADDY-COM-LLC

File type
HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET / HTTP/1.1
Host: etz3.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 09 May 2024 19:01:13 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://etz3.us/

etz3.us/

68.178.200.81

163 B

URL
etz3.us/
IP
68.178.200.81:0
ASN
#398101 GO-DADDY-COM-LLC

File type
HTML document, ASCII text
Size
163 B (163 bytes)
Hash
f1fb042c62910c34be16ad91cbbd71fa
5bc7aceba9a8704ef4b1d427d7d08b140afcd866
9278d16ed2fdcd5dc651615b0b8adc6b55fb667a9d106a9891b861d4561d9a24

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET / HTTP/1.1
Host: etz3.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 May 2024 19:01:16 GMT
Content-Type: text/html
Content-Length: 163
Connection: keep-alive
Last-Modified: Mon, 04 Dec 2023 03:24:53 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0

etz3.us/cgi-sys/defaultwebpage.cgi

68.178.200.81

200 OK

6.9 kB

URL User Request GET HTTP/1.1
etz3.us/cgi-sys/defaultwebpage.cgi
IP
68.178.200.81:443
ASN
#398101 GO-DADDY-COM-LLC

Certificate
Issuer
Subject81.200.178.68.host.secureserver.net
Fingerprint16:69:73:08:6E:3D:24:AE:14:EF:E3:8B:19:10:29:FC:12:D8:85:36
ValiditySun, 28 Apr 2024 03:59:11 GMT - Mon, 28 Apr 2025 03:59:11 GMT

File type
HTML document, Unicode text, UTF-8 text
Size
6.9 kB (6932 bytes)
Hash
9993289f4aa19aa460fb488a495595ed
c527c5bb99f5801f8a1a508deaddbf3d58916414
9d740502c443bb1c1052661f174a1fbdf2409faf05bdd65c5cca6850be893122

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /cgi-sys/defaultwebpage.cgi HTTP/1.1
Host: etz3.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 May 2024 19:01:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding

etz3.us/img-sys/IP_changed.png

68.178.200.81

200 OK

2.9 kB

URL GET HTTP/1.1
etz3.us/img-sys/IP_changed.png
IP
68.178.200.81:443
ASN
#398101 GO-DADDY-COM-LLC

Requested by
https://etz3.us/cgi-sys/defaultwebpage.cgi
Certificate
Issuer
Subject81.200.178.68.host.secureserver.net
Fingerprint16:69:73:08:6E:3D:24:AE:14:EF:E3:8B:19:10:29:FC:12:D8:85:36
ValiditySun, 28 Apr 2024 03:59:11 GMT - Mon, 28 Apr 2025 03:59:11 GMT

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Size
2.9 kB (2939 bytes)
Hash
ec081653bd4c836483e6d612588d18ec
91c7e4cfa061808881575a875741773a949a9e0a
b19da51b5e9c9b29cd8523d85d92e99e4812c891c394929c9bf67557f560672c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /img-sys/IP_changed.png HTTP/1.1
Host: etz3.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://etz3.us/cgi-sys/defaultwebpage.cgi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 May 2024 19:01:16 GMT
Content-Type: image/png
Content-Length: 2939
Connection: keep-alive
Last-Modified: Mon, 22 Jan 2024 18:20:50 GMT
Accept-Ranges: bytes

etz3.us/img-sys/error-bg-left.png

68.178.200.81

200 OK

8.1 kB

URL GET HTTP/1.1
etz3.us/img-sys/error-bg-left.png
IP
68.178.200.81:443
ASN
#398101 GO-DADDY-COM-LLC

Requested by
https://etz3.us/cgi-sys/defaultwebpage.cgi
Certificate
Issuer
Subject81.200.178.68.host.secureserver.net
Fingerprint16:69:73:08:6E:3D:24:AE:14:EF:E3:8B:19:10:29:FC:12:D8:85:36
ValiditySun, 28 Apr 2024 03:59:11 GMT - Mon, 28 Apr 2025 03:59:11 GMT

File type
PNG image data, 410 x 400, 8-bit/color RGBA, non-interlaced
Size
8.1 kB (8072 bytes)
Hash
cdbe46a0178886162bdedff35336154e
f5acc131f7d3fdfbebfc4a55be73cf51c7638937
862885b79bef22ad5716b2dbfa714d52f628a439f2921bb9520a4630bbea5d4e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /img-sys/error-bg-left.png HTTP/1.1
Host: etz3.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://etz3.us/cgi-sys/defaultwebpage.cgi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 May 2024 19:01:16 GMT
Content-Type: image/png
Content-Length: 8072
Connection: keep-alive
Last-Modified: Mon, 22 Jan 2024 18:20:50 GMT
Accept-Ranges: bytes

etz3.us/img-sys/server_misconfigured.png

68.178.200.81

200 OK

3.2 kB

URL GET HTTP/1.1
etz3.us/img-sys/server_misconfigured.png
IP
68.178.200.81:443
ASN
#398101 GO-DADDY-COM-LLC

Requested by
https://etz3.us/cgi-sys/defaultwebpage.cgi
Certificate
Issuer
Subject81.200.178.68.host.secureserver.net
Fingerprint16:69:73:08:6E:3D:24:AE:14:EF:E3:8B:19:10:29:FC:12:D8:85:36
ValiditySun, 28 Apr 2024 03:59:11 GMT - Mon, 28 Apr 2025 03:59:11 GMT

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Size
3.2 kB (3164 bytes)
Hash
f79adaf00f83dc9757086cdbe8645ff0
82f37b8be7668eab8e1a06de828cb336799c8134
944120fb6962c7484d769d645e6d830850eead9394f6a84090aed489cfc0c41f

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /img-sys/server_misconfigured.png HTTP/1.1
Host: etz3.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://etz3.us/cgi-sys/defaultwebpage.cgi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 May 2024 19:01:17 GMT
Content-Type: image/png
Content-Length: 3164
Connection: keep-alive
Last-Modified: Mon, 22 Jan 2024 18:20:50 GMT
Accept-Ranges: bytes

etz3.us/img-sys/server_moved.png

68.178.200.81

200 OK

3.3 kB

URL GET HTTP/1.1
etz3.us/img-sys/server_moved.png
IP
68.178.200.81:443
ASN
#398101 GO-DADDY-COM-LLC

Requested by
https://etz3.us/cgi-sys/defaultwebpage.cgi
Certificate
Issuer
Subject81.200.178.68.host.secureserver.net
Fingerprint16:69:73:08:6E:3D:24:AE:14:EF:E3:8B:19:10:29:FC:12:D8:85:36
ValiditySun, 28 Apr 2024 03:59:11 GMT - Mon, 28 Apr 2025 03:59:11 GMT

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Size
3.3 kB (3327 bytes)
Hash
f6590a396da81a8e4cce7ca046874ffd
7e68db322c32ca079b2c836812d3a25204ab93cc
3a22057583d3e17bc94990d92a3425d5510dc5bdb60fe40fafeb405a38f8ed28

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /img-sys/server_moved.png HTTP/1.1
Host: etz3.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://etz3.us/cgi-sys/defaultwebpage.cgi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 May 2024 19:01:17 GMT
Content-Type: image/png
Content-Length: 3327
Connection: keep-alive
Last-Modified: Mon, 22 Jan 2024 18:20:50 GMT
Accept-Ranges: bytes

etz3.us/img-sys/powered_by_cpanel.svg

68.178.200.81

200 OK

5.6 kB

URL GET HTTP/1.1
etz3.us/img-sys/powered_by_cpanel.svg
IP
68.178.200.81:443
ASN
#398101 GO-DADDY-COM-LLC

Requested by
https://etz3.us/cgi-sys/defaultwebpage.cgi
Certificate
Issuer
Subject81.200.178.68.host.secureserver.net
Fingerprint16:69:73:08:6E:3D:24:AE:14:EF:E3:8B:19:10:29:FC:12:D8:85:36
ValiditySun, 28 Apr 2024 03:59:11 GMT - Mon, 28 Apr 2025 03:59:11 GMT

File type
SVG Scalable Vector Graphics image
Size
5.6 kB (5617 bytes)
Hash
c47b4b5200566a2a496a11ba472ec5da
3bd0da9a6ffd62217d3e781fa1356f40d9f91d4c
179a9aa9fff4c52850d9ce34a4c435404ddfd4fefa8aab9a6eb4f47b83f922d9

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /img-sys/powered_by_cpanel.svg HTTP/1.1
Host: etz3.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://etz3.us/cgi-sys/defaultwebpage.cgi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 May 2024 19:01:17 GMT
Content-Type: image/svg+xml
Content-Length: 5617
Connection: keep-alive
Last-Modified: Mon, 22 Jan 2024 18:20:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding

etz3.us/favicon.ico

68.178.200.81

404 Not Found

10 kB

URL GET HTTP/1.1
etz3.us/favicon.ico
IP
68.178.200.81:443
ASN
#398101 GO-DADDY-COM-LLC

Requested by
https://etz3.us/cgi-sys/defaultwebpage.cgi
Certificate
Issuer
Subject81.200.178.68.host.secureserver.net
Fingerprint16:69:73:08:6E:3D:24:AE:14:EF:E3:8B:19:10:29:FC:12:D8:85:36
ValiditySun, 28 Apr 2024 03:59:11 GMT - Mon, 28 Apr 2025 03:59:11 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (4070)
Size
10 kB (10075 bytes)
Hash
f23cf22e7b4eacc2f24f70ae80e49088
b0d5d6dda2c383ed1c264c56829ef516cd202b42
2fe7a767d5de6a5b438b687b12d971c48dbfb7f78a849ce6d4587cd4764b42f5

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: etz3.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://etz3.us/cgi-sys/defaultwebpage.cgi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 09 May 2024 19:01:17 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Accept-Ranges: bytes
Vary: Accept-Encoding
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (9)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash