Report - hashbang.sh

Report Overview

Visited public
2025-05-14 22:16:13
Tags
URL
hashbang.sh
Finishing URL
hashbang.sh/#!
IP / ASN
174.138.102.152
#14061 DIGITALOCEAN-ASN
Title
‎

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
hashbang.sh	unknown	2014-05-15	2015-05-22	2025-02-01	1.3 kB	19 kB	174.138.102.152
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-05-14	555 B	20 kB	142.250.178.99
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-05-14	409 B	2.6 kB	142.250.74.10

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-05-14	medium	hashbang.sh/	Detects Generic ShellScript Downloader

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	hashbang.sh/assets/icon.js	ScriptElement	546 B	2024-11-02	2025-05-15
Pretty URL hashbang.sh/assets/icon.js IP 174.138.102.152 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2024-11-02 20:11 Last Seen2025-05-15 22:42 Times Seen6 Hash e7b67d4029ce799265a1ee83e17b196a 1b3e7bd34ee99e46efb15f92062522f4fc0f1a17 8aa3acf97250c4fbed0b424bd5ffb1568972bcc19e75f91f095052c92ce8e558 Loading...

HTTP Transactions (5)

URL IP Response Size

fonts.googleapis.com/css?family=Montserrat

142.250.74.10

200 OK

1.9 kB

URL GET
fonts.googleapis.com/css?family=Montserrat
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://hashbang.sh/
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint7A:29:E6:A8:BE:59:2C:AE:82:2D:CA:8E:15:89:41:BE:EC:D2:0D:EA
ValidityMon, 21 Apr 2025 08:41:49 GMT - Mon, 14 Jul 2025 08:41:48 GMT

File type
ASCII text
Size
1.9 kB (1866 bytes)
Hash
14747b7ccb4842d4e00fc83ac1d84c36
a6b508cbe4e15066de1f6608dcd2640d9d90d377
d2985f60e922d8796396c202ffcb9f6f6c2a57f510cb49f9babf16d025c6b058

HTTP Headers

GET /css?family=Montserrat HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 14 May 2025 22:15:41 GMT
date: Wed, 14 May 2025 22:15:41 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

hashbang.sh/assets/local.css

174.138.102.152

200 OK

756 B

URL GET
hashbang.sh/assets/local.css
IP
174.138.102.152:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://hashbang.sh/
Certificate
IssuerLet's Encrypt
Subjecthashbang.sh
Fingerprint38:38:2D:7C:46:5A:7D:75:28:70:32:8C:EE:15:7B:EB:4D:38:9E:4C
ValidityFri, 25 Apr 2025 21:46:04 GMT - Thu, 24 Jul 2025 21:46:03 GMT

File type
ASCII text
Size
756 B (756 bytes)
Hash
874caf2811a82a764884b51f566c39cd
9d426c0b52b9777324ac9feec6de83aec72f13c6
886450ebabe5bbce88259deddc6d36c1b59c3d364db55735adbde96bee221a9c

HTTP Headers

GET /assets/local.css HTTP/1.1
Host: hashbang.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 14 May 2025 22:15:41 GMT
content-type: text/css; charset=utf-8
content-length: 756
content-disposition: inline; filename=local.css
last-modified: Sun, 07 May 2023 22:48:02 GMT
cache-control: no-cache
etag: "1683499682.0-756-1532168219"
content-security-policy: default-src 'none'; style-src https://fonts.googleapis.com 'self'; font-src https://fonts.gstatic.com; img-src data:; script-src 'self'; sandbox allow-same-origin allow-scripts; frame-ancestors 'none'
referrer-policy: no-referrer
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

hashbang.sh/assets/icon.js

174.138.102.152

200 OK

546 B

URL GET
hashbang.sh/assets/icon.js
IP
174.138.102.152:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://hashbang.sh/
Certificate
IssuerLet's Encrypt
Subjecthashbang.sh
Fingerprint38:38:2D:7C:46:5A:7D:75:28:70:32:8C:EE:15:7B:EB:4D:38:9E:4C
ValidityFri, 25 Apr 2025 21:46:04 GMT - Thu, 24 Jul 2025 21:46:03 GMT

File type
ASCII text, with very long lines (377)
Size
546 B (546 bytes)
Hash
e7b67d4029ce799265a1ee83e17b196a
1b3e7bd34ee99e46efb15f92062522f4fc0f1a17
8aa3acf97250c4fbed0b424bd5ffb1568972bcc19e75f91f095052c92ce8e558

HTTP Headers

GET /assets/icon.js HTTP/1.1
Host: hashbang.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 14 May 2025 22:15:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 546
content-disposition: inline; filename=icon.js
last-modified: Sun, 07 May 2023 22:48:02 GMT
cache-control: no-cache
etag: "1683499682.0-546-1265698637"
content-security-policy: default-src 'none'; style-src https://fonts.googleapis.com 'self'; font-src https://fonts.gstatic.com; img-src data:; script-src 'self'; sandbox allow-same-origin allow-scripts; frame-ancestors 'none'
referrer-policy: no-referrer
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

fonts.gstatic.com/s/montserrat/v29/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2

142.250.178.99

200 OK

19 kB

URL GET
fonts.gstatic.com/s/montserrat/v29/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
IP
142.250.178.99:443
ASN
#15169 GOOGLE

Requested by
https://hashbang.sh/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint15:8B:D4:EA:7E:CB:34:1B:6F:2E:20:9E:39:44:7A:D6:D7:30:26:AB
ValidityMon, 21 Apr 2025 08:41:49 GMT - Mon, 14 Jul 2025 08:41:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 18792, version 1.0
Size
19 kB (18792 bytes)
Hash
74795056a2358804684c7e9d0479f484
7030f4f33183b8de843e82eedb9cb6a6cdd107c3
1c9c85d0b73b7321eb8ed22e0b6bcd577478dd5f99d1379a5d4cea10884033ac

HTTP Headers

GET /s/montserrat/v29/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://hashbang.sh
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18792
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 13 May 2025 14:19:37 GMT
expires: Wed, 13 May 2026 14:19:37 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 06 Nov 2024 17:30:39 GMT
content-type: font/woff2
age: 114964
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

hashbang.sh/

174.138.102.152

200 OK

15 kB

URL User Request GET
hashbang.sh/
IP
174.138.102.152:443
ASN
#14061 DIGITALOCEAN-ASN

Certificate
IssuerLet's Encrypt
Subjecthashbang.sh
Fingerprint38:38:2D:7C:46:5A:7D:75:28:70:32:8C:EE:15:7B:EB:4D:38:9E:4C
ValidityFri, 25 Apr 2025 21:46:04 GMT - Thu, 24 Jul 2025 21:46:03 GMT

File type
PGP signed message
Size
15 kB (15186 bytes)
Hash
34f3618307bed8e8f4210619f1dda464
fd23b0fffb3230340e15f37cb27d60f3d5d5350f
e7460243fe8d1ec4f225d548146341c4c08092e0fdd4e48f41d6616243ab63fc

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detects Generic ShellScript Downloader

HTTP Headers

GET / HTTP/1.1
Host: hashbang.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 14 May 2025 22:15:41 GMT
content-type: text/html; charset=utf-8
content-length: 15186
content-disposition: inline; filename=index.html
last-modified: Sun, 07 May 2023 22:48:02 GMT
cache-control: no-cache
etag: "1683499682.0-15186-2176518612"
content-security-policy: default-src 'none'; style-src https://fonts.googleapis.com 'self'; font-src https://fonts.gstatic.com; img-src data:; script-src 'self'; sandbox allow-same-origin allow-scripts; frame-ancestors 'none'
referrer-policy: no-referrer
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (5)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers