urlquery - report: ahujen.com/a6oTaTu/

Overview

URL	ahujen.com/a6oTaTu/
IP	107.179.33.11 (United States)
ASN	#46573 LAYER-HOST
UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Access	public
Report completed	2023-05-26 15:01:23 UTC
Status	Loading report..
IDS alerts	0
Blocklist alert	4
urlquery alerts	No alerts detected
Tags	None

Domain Summary (3)

Fully Qualifying Domain Name	Rank	First Seen	Last Seen	Sent bytes	Received bytes	IP	Comment
ahujen.com (2)	0	2023-05-26 12:03:31	2023-05-26 12:03:31	781	1232	107.179.33.11
invalid.researchdivine.com (1)	0	2020-03-31 13:57:30	2023-05-26 12:44:09	399	331	69.16.230.42
ww12.researchdivine.com (1)	0	2022-06-18 07:37:48	2023-05-26 12:44:11	482	0	0.0.0.0

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Blocklists

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Comment
2023-05-26	medium	ahujen.com/a6oTaTu/	Spam
2023-05-26	medium	ahujen.com/a6oTaTu	Spam
2023-05-26	medium	invalid.researchdivine.com/	Malware
2023-05-26	medium	ww12.researchdivine.com/	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 107.179.33.11

Date	UQ / IDS / BL	URL	IP
2023-05-27 21:08:48 UTC	0 - 0 - 3	ujaror.com/	107.179.33.11
2023-05-27 21:02:40 UTC	0 - 0 - 3	tjrdt.info/	107.179.33.11
2023-05-27 13:11:05 UTC	0 - 0 - 3	uxukupa.me/	107.179.33.11
2023-05-26 22:53:11 UTC	0 - 0 - 1	ejirit.me/	107.179.33.11
2023-05-26 20:16:08 UTC	0 - 0 - 3	ayukel.link/	107.179.33.11

Last 5 reports on ASN: LAYER-HOST

Date	UQ / IDS / BL	URL	IP
2023-06-03 21:16:39 UTC	0 - 0 - 30	amnpmu.com/	23.247.42.134
2023-06-03 19:53:50 UTC	0 - 0 - 20	jposdzu.com/	23.247.42.208
2023-06-03 13:52:46 UTC	0 - 8 - 0	qagnps.cc	157.52.230.202
2023-06-03 11:22:06 UTC	0 - 8 - 0	www.qingqingjiayuan.com/2022/0614/c5282a10987 (...)	104.223.138.108
2023-06-03 08:09:55 UTC	0 - 0 - 1	www.mmwlkj.com/d/file/bb/2/2015-06-23/bd5fc93 (...)	23.247.123.242

Last 3 reports on domain: ahujen.com

Date	UQ / IDS / BL	URL	IP
2023-05-26 16:31:18 UTC	0 - 0 - 2	ahujen.com/qZ9TIxM/'https:/secure.runtrcker.c (...)	107.179.33.44
2023-05-26 15:01:23 UTC	0 - 0 - 4	ahujen.com/a6oTaTu/	107.179.33.11
2023-05-26 10:44:25 UTC	0 - 0 - 3	ahujen.com/a6oTaTu	107.179.33.11

Last 5 reports with similar screenshot

Date	UQ / IDS / BL	URL	IP
2023-06-04 00:34:45 UTC	0 - 1 - 0	cedobirding.com/Rechnung_2015_02/Rechnung_201 (...)	193.0.178.22
2023-06-04 00:32:11 UTC	0 - 5 - 0	www.irbis-nbuv.gov.ua/cgi-bin/irbis_nbuv/cgii (...)	194.44.11.130
2023-06-04 00:32:09 UTC	0 - 4 - 0	irbis-nbuv.gov.ua/cgi-bin/irbis_nbuv/cgiirbis (...)	194.44.11.130
2023-06-04 00:30:11 UTC	0 - 1 - 0	download.adguard-vpn.com/d/18672/adguardVPNIn (...)	104.18.26.239
2023-06-04 00:29:20 UTC	0 - 3 - 0	irbis-nbuv.gov.ua/cgi-bin/irbis_nbuv/cgiirbis (...)	194.44.11.130

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (4)

Request	Response
GET /a6oTaTu/ HTTP/1.1 Host: ahujen.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache	107.179.33.11 HTTP/1.1 301 Moved Permanently Content-Type: text/html; charset=UTF-8 Server: nginx/1.22.1 Date: Fri, 26 May 2023 15:01:07 GMT Transfer-Encoding: chunked Connection: keep-alive Location: http://ahujen.com/a6oTaTu --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 346 Md5: b334eb6bbd199a7f7d35191f2d11673e Sha1: 0fb4a4845df697d1aa2e684f123bb1545a643f05 Sha256: 4adce394f2f1c9769dfb900889354d7cb791a6dd5af94cc88cfae6fc2dbe04f7 Blocklists: - fortinet: Spam
GET /a6oTaTu HTTP/1.1 Host: ahujen.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache	107.179.33.11 HTTP/1.1 302 Found Content-Type: text/html; charset=UTF-8 Server: nginx/1.22.1 Date: Fri, 26 May 2023 15:01:08 GMT Transfer-Encoding: chunked Connection: keep-alive Cache-Control: private, must-revalidate pragma: no-cache expires: -1 Location: http://invalid.researchdivine.com --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 378 Md5: d8287056c7dfe1a2e05411a3a78c6e58 Sha1: 500d7109688500292540a8f029258d736b66cdc5 Sha256: 90928be2904d16058c8b78697c496f4d0a615822a688e97f93c2dadc05ee0cdf Blocklists: - fortinet: Spam
GET / HTTP/1.1 Host: invalid.researchdivine.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache	69.16.230.42 HTTP/1.1 302 Moved Temporarily Content-Type: text/html; charset=UTF-8 Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 Cache-Control: no-cache Date: Fri, 26 May 2023 15:01:09 GMT Location: http://ww12.researchdivine.com/ Pragma: no-cache Connection: Keep-Alive X-Powered-By: PHP/5.4.16 Content-Length: 0 --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Blocklists: - fortinet: Malware
GET / HTTP/1.1 Host: ww12.researchdivine.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache	Blocklists: - fortinet: Malware