Report - a.hg52.xyz/?s=1685036191

Report Overview

Submitted URL
a.hg52.xyz/?s=1685036191
IP
172.67.200.231
ASN
#13335 CLOUDFLARENET
Submitted
2023-05-25 17:51:51
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
a.uq32.xyz	unknown	2023-03-13	2023-05-17	2023-05-23	1.4 kB	213 kB	172.67.189.184
www.googletagmanager.com	75	2011-11-11	2013-05-22	2023-05-25	421 B	253 kB	142.250.74.168

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-05-25	medium	a.uq32.xyz/

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	a.uq32.xyz/	265 B	2023-03-14	2023-11-20
Pretty URL a.uq32.xyz/ IP 172.67.189.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-14 18:05:30 Last Seen2023-11-20 08:45:34 Times Seen86 Hash b315df63dfbd70a34da6011c5975f078 35e9994ea598fd540b9c1001235682978e581ca4 24cc3f04ad9514a39e7601e33f22de7aa91720a50c2659c54c3cd2d2b4391f32 Loading...

	a.uq32.xyz/	253 B	2023-05-15	2023-05-28
Pretty URL a.uq32.xyz/ IP 172.67.189.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-15 00:54:35 Last Seen2023-05-28 19:06:59 Times Seen21 Hash 368ed8f24407ad56fca9d5645cc0ee74 175424cbdc90e55f21b6c0dd6270accca5bdd78d 8cec44e5561d8486fd4e8ab9a45693f99de15d1e7aff461e3aac219d01f7cb8a Loading...

	www.googletagmanager.com/gtag/js?id=G-DJL7JFN301	252 kB	2023-05-25	2023-05-25
Pretty URL www.googletagmanager.com/gtag/js?id=G-DJL7JFN301 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-25 19:51:52 Last Seen2023-05-25 19:51:52 Times Seen2 Hash 6d9f8978806dbfe03ea0a86782144839 22cfc2234f8b590568c5242ef00fd71144a9dc37 158b8a1c5851659485154396334a4ddbcc85aa41da30abf906ac03c0328a641c Loading...

	unknown	284 B	2023-05-11	2023-11-20
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2023-05-11 11:10:39 Last Seen2023-11-20 08:45:35 Times Seen48 Hash bf53c125f4d3635a2a5d1fabcfd0e50d 54b6ef439b7d0433693a257d9fef0c0209dd775b 2510b74fd0b4c9f0f5c90249f63099b09082196a2aae0c22242fb2731321f180 Loading...

	a.uq32.xyz/	153 B	2023-03-26	2023-06-09
Pretty URL a.uq32.xyz/ IP 172.67.189.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-26 01:57:56 Last Seen2023-06-09 01:18:23 Times Seen39 Hash b7ff295c3a6f1af94ce65da4efc36eca 24f1c8e217820230fe3b57464f00cf48a3d82aa2 92db7a1ce864a62350dede3a6ad158baf912da20e840a9dfc2f49886579f2894 Loading...

HTTP Transactions (4)

URL IP Response Size

a.uq32.xyz/images/lp3.png

172.67.189.184

200 OK

121 kB

URL GET HTTP/3
a.uq32.xyz/images/lp3.png
IP
172.67.189.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a.uq32.xyz/
Certificate
IssuerGoogle Trust Services LLC
Subjectuq32.xyz
Fingerprint33:FC:69:45:84:CC:A5:05:E8:E3:97:32:5F:F8:F8:DB:3A:0B:35:33
ValidityThu, 11 May 2023 14:16:52 GMT - Wed, 09 Aug 2023 14:16:51 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1280x1124, components 3\012- data
Size
121 kB (120553 bytes)
Hash
1740c50a73501b48e3eecf3977bc7f27
642ad1a7231754db235b8ae2bce1b155cff69b83
221743530bbc11aa3a852cdf2a048b8eee9b4a6bc39719a14edca14a52bf8029

HTTP Headers

GET /images/lp3.png HTTP/1.1
Host: a.uq32.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.uq32.xyz/
Cookie: loclang=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 May 2023 17:51:31 GMT
content-type: image/png
content-length: 120553
last-modified: Thu, 02 Mar 2023 09:13:46 GMT
etag: "640068ca-1d6e9"
expires: Sat, 24 Jun 2023 17:45:59 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 332
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B0hHO%2F%2FSPLPSsedjjrbgIFueDcHkQiFtOcEBgaSfeKK46SmKy56HMUSU8WV025HpYfjWQFouX%2BnGysoQ4JR6pmFBkvdbB7k9VSdr6JKd3EnFgArUFRrx9ShazS%2Fm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ccfa07e0dd0b51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

a.uq32.xyz/

172.67.189.184

200 OK

90 kB

URL User Request GET HTTP/2
a.uq32.xyz/
IP
172.67.189.184:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectuq32.xyz
Fingerprint33:FC:69:45:84:CC:A5:05:E8:E3:97:32:5F:F8:F8:DB:3A:0B:35:33
ValidityThu, 11 May 2023 14:16:52 GMT - Wed, 09 Aug 2023 14:16:51 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, Unicode text, UTF-8 text, with CRLF, LF line terminators
Size
90 kB (89866 bytes)
Hash
55b53ec30210aa332172f54ebaf59845
74666e7a477049d8d7986109fe99d1c7718406a1
6da15bf3a4fec4e65df6fb55216870515b159b4a388cbf001be0b781a35f3de5

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: a.uq32.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.hg52.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 May 2023 17:51:31 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: loclang=en; expires=Fri, 26-May-2023 17:51:31 GMT; Max-Age=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nTMwBMBj9mIWKrxl5KrCCE4ZtyRgYcpaN0BLmtygJ9LM3ZVB80Ia2nfkyXvv5UihKL4BjrWWdNSjIamScvXrhEslw4vaU41v6hQUHHG4UkPz2%2Fumt009PtSvUJQu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ccfa07cbe840b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-DJL7JFN301

142.250.74.168

200 OK

252 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-DJL7JFN301
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://a.uq32.xyz/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint55:51:32:58:36:72:A1:C8:50:5E:5A:8D:CE:A5:2F:DC:D7:1E:62:03
ValidityMon, 24 Apr 2023 11:56:06 GMT - Mon, 17 Jul 2023 11:56:05 GMT

File type
ASCII text, with very long lines (5048)
Size
252 kB (252319 bytes)
Hash
6d9f8978806dbfe03ea0a86782144839
22cfc2234f8b590568c5242ef00fd71144a9dc37
158b8a1c5851659485154396334a4ddbcc85aa41da30abf906ac03c0328a641c

HTTP Headers

GET /gtag/js?id=G-DJL7JFN301 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.uq32.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 25 May 2023 17:51:31 GMT
expires: Thu, 25 May 2023 17:51:31 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 85693
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

a.uq32.xyz/favicon.ico

172.67.189.184

404 Not Found

139 B

URL GET HTTP/3
a.uq32.xyz/favicon.ico
IP
172.67.189.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a.uq32.xyz/
Certificate
IssuerGoogle Trust Services LLC
Subjectuq32.xyz
Fingerprint33:FC:69:45:84:CC:A5:05:E8:E3:97:32:5F:F8:F8:DB:3A:0B:35:33
ValidityThu, 11 May 2023 14:16:52 GMT - Wed, 09 Aug 2023 14:16:51 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Size
139 B (139 bytes)
Hash
0439a6deac8f0641ff2dedfce65d0c71
7e8daa3dd92c102165ea1542299bf4f714cdcd8c
8c32b65b6b0a2b2d859ce9d8ea0d1f5a9456ce37b1e1311bc07ea114a26ecccb

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: a.uq32.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.uq32.xyz/
Cookie: loclang=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Thu, 25 May 2023 17:51:31 GMT
content-type: text/html
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o%2BeMyTzHsS8HpChnVPngca60W37VV85t%2BYWTLG4bYpwxBETsfvSMnFzzRujoO%2BzWEV8iorEUONVaGDyxImNfVhxFnAdbTeRVfi%2F8%2BCHYbb05QHveUn2tfFpQiEJX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ccfa07f0f9fb51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (4)

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN