Report - staging.myassistanceprogram.com/uhcare/

Report Overview

Visitedpublic

2025-07-18 16:50:05

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
staging.myassistanceprogram.com	unknown	2021-01-29	2025-07-18	2025-07-18	516 B	375 B	104.247.76.33
www.uhcprovider.com.content-provider.temp-perform.top	unknown	2025-07-09	2025-07-18	2025-07-18	1.1 kB	775 B	94.159.113.37

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-07-18 16:49:30	high	Client IP	94.159.113.37	ETPRO MALWARE Observed XWorm Related Domain in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-07-18	medium	temp-perform.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (3)

URL IP Response Size

GET staging.myassistanceprogram.com/uhcare/

104.247.76.33

302 Found

39 B

URL

staging.myassistanceprogram.com/uhcare/

IP / ASN

104.247.76.33

#54641 IMH-IAD

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606783

Size39 B (39 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectstaging.myassistanceprogram.com

Fingerprint88:96:B4:1E:9E:E3:DC:38:7B:1E:45:A1:52:4C:F6:79:BB:6C:A2:5F

ValidityWed, 25 Jun 2025 08:08:50 GMT - Tue, 23 Sep 2025 08:08:49 GMT

HTTP Headers

GET /uhcare/ HTTP/1.1
Host: staging.myassistanceprogram.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx/1.27.4
date: Fri, 18 Jul 2025 16:49:29 GMT
content-type: text/html; charset=UTF-8
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
location: https://www.uhcprovider.com.content-provider.temp-perform.top/?
x-proxy-cache: MISS
X-Firefox-Spdy: h2

GET www.uhcprovider.com.content-provider.temp-perform.top/?

94.159.113.37

200 OK

39 B

URL

www.uhcprovider.com.content-provider.temp-perform.top/?

IP / ASN

94.159.113.37

#216234 Komskov Vadim Aleksandrovich

Requested byN/A

Resource Info

File typeASCII text

First Seen2025-04-30

Last Seen2025-07-31

Times Seen106

Size39 B (39 bytes)

MD560698d69e9bf29caaad8b732301d81fa

SHA1d93e427669d709b9337c739229cdb7e4d6865fa8

SHA256c42d8b5180c8782d80122805ec31cb0a8f6211e15508e3331b1695990cf13ac9

Certificate Info

IssuerLet's Encrypt

Subjectwww.uhcprovider.com.content-provider.temp-perform.top

Fingerprint65:A1:91:00:CB:D9:E6:82:95:54:54:A3:0D:90:4D:17:92:D8:24:48

ValidityFri, 18 Jul 2025 14:22:28 GMT - Thu, 16 Oct 2025 14:22:27 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /? HTTP/1.1
Host: www.uhcprovider.com.content-provider.temp-perform.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 18 Jul 2025 16:49:30 GMT
Server: Apache/2.4.56 (Debian)
Content-Length: 39
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET www.uhcprovider.com.content-provider.temp-perform.top/favicon.ico

94.159.113.37

404 Not Found

316 B

URL

www.uhcprovider.com.content-provider.temp-perform.top/favicon.ico

IP / ASN

94.159.113.37

#216234 Komskov Vadim Aleksandrovich

Requested byhttps://www.uhcprovider.com.content-provider.temp-perform.top/?

Resource Info

File typeHTML document, ASCII text

First Seen2025-07-18

Last Seen2025-07-22

Times Seen2

Size316 B (316 bytes)

MD597abb9d78411054d7cde56dfb3cd2122

SHA1a9ee4a92d13c9a65173e19878ebcd69d2197ab19

SHA2568844a59a74a3a27b4d421c41e5af7c8cd5ed511409e4db30340af77639bd407e

Certificate Info

IssuerLet's Encrypt

Subjectwww.uhcprovider.com.content-provider.temp-perform.top

Fingerprint65:A1:91:00:CB:D9:E6:82:95:54:54:A3:0D:90:4D:17:92:D8:24:48

ValidityFri, 18 Jul 2025 14:22:28 GMT - Thu, 16 Oct 2025 14:22:27 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.uhcprovider.com.content-provider.temp-perform.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.uhcprovider.com.content-provider.temp-perform.top/?
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Fri, 18 Jul 2025 16:49:31 GMT
Server: Apache/2.4.56 (Debian)
Content-Length: 316
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1