Report - galyqaz.com/login.phphT

Report Overview

Visited public
2025-05-09 00:38:16
Tags
URL
galyqaz.com/login.phphT
Finishing URL
www42.galyqaz.com/lander
IP / ASN
199.191.50.83
#40034 CONFLUENCE-NETWORK-INC
Title
www42.galyqaz.com/lander

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ww8.galyqaz.com	unknown	2011-08-08	2023-09-20	2025-05-03	2.7 kB	1.4 kB	0.0.0.0
www42.galyqaz.com	unknown	2011-08-08	2023-09-20	2025-05-03	1.9 kB	1.4 kB	15.197.204.56
img1.wsimg.com	9893	2008-03-17	2012-06-20	2025-05-07	1.9 kB	1.6 MB	23.36.77.185
galyqaz.com	unknown	2011-08-08	2012-10-12	2025-05-03	491 B	647 B	199.191.50.83
www.google.com	7	1997-09-15	2015-05-10	2025-05-07	443 B	144 kB	142.250.74.68

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-05-08	medium	galyqaz.com	Sinkholed
2025-05-08	medium	galyqaz.com	Sinkholed
2025-05-08	medium	galyqaz.com	Sinkholed
2025-05-08	medium	galyqaz.com	Sinkholed
2025-05-08	medium	galyqaz.com	Sinkholed
2025-05-08	medium	galyqaz.com	Sinkholed
2025-05-08	medium	galyqaz.com	Sinkholed
2025-05-08	medium	galyqaz.com	Sinkholed
2025-05-08	medium	galyqaz.com	Sinkholed
2025-05-08	medium	galyqaz.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (6)

	URL	From	Size	First Seen	Last Seen
	ww8.galyqaz.com/	EventHandler	11 B	2023-04-15	2025-05-15
Pretty URL ww8.galyqaz.com/ IP 0.0.0.0 ASN #0 Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-15 09:40 Last Seen2025-05-15 02:43 Times Seen1046 Hash c9c3b336aad53711be4fe71ae6c87c66 97d15256d8606137865965500dad04324773f967 9ba62f7dcc4b214005f2a932035fd65f7db0bd62ca0a7eec68bc352e5f7fa706 Loading...

	ww8.galyqaz.com/	ScriptElement	361 B	2025-05-09	2025-05-09
Pretty URL ww8.galyqaz.com/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-09 00:38 Last Seen2025-05-09 00:38 Times Seen1 Hash 842878589f3e550ca2e3fc6333d3246d 54a05585bceffc2b45db2e72ac3f3fe960aba075 0396732b0742e6fa50e3b361ee1b15f0b91da024105ef7a36c20a00e8b874ff8 Loading...

	www42.galyqaz.com/	ScriptElement	56 B	2025-03-02	2025-05-15
Pretty URL www42.galyqaz.com/ IP 15.197.204.56 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-02 07:03 Last Seen2025-05-15 04:53 Times Seen2839 Hash 3effca764b1325dc476a4f275bb79d63 83e96d57b2196e7dc7422e373d844941644d29ba 6525c7cbcf52f274ffc5cbe01fd43c03fd77e9463d0757999a596776f0d4184b Loading...

	www42.galyqaz.com/lander	ScriptElement	25 B	2023-03-07	2025-05-15
Pretty URL www42.galyqaz.com/lander IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02 Last Seen2025-05-15 03:50 Times Seen510 Hash 396983b43a97ac40197e7d22399b707b 9c54ff4c30658fd6a7e94eaaae5072b3ed2ec1dc de4e0ef840a4a74223bb4637d128d0fd8894ac9f95bf604576e8c5280c768442 Loading...

	www.google.com/adsense/domains/caf.js?abp=1&gdabp=true	ScriptElement	144 kB	2025-05-06	2025-05-09
Pretty URL www.google.com/adsense/domains/caf.js?abp=1&gdabp=true IP 142.250.74.68 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-06 16:52 Last Seen2025-05-09 11:59 Times Seen131 Hash cf90846af0ff89998e4a64de3fc93b6e d1d6f0f2afe23eea7652b9c3490cf5d0c27fda15 4b9f4a950a65d4ceb49c174b9b86ac8b677436758d6ecabc8fa1ce915643ea30 Loading...

	img1.wsimg.com/parking-lander/static/js/main.49d047bd.js	ScriptElement	1.4 MB	2025-04-28	2025-05-15
Pretty URL img1.wsimg.com/parking-lander/static/js/main.49d047bd.js IP 23.36.77.185 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-28 18:06 Last Seen2025-05-15 03:50 Times Seen233 Hash a0af4d1715cdb16fdba1673f563a8d4b 5b3b9a15ccd1432d3106b3904ea2f6a712570f00 8cbc2fa4fe48035ea2b10821cc81108e2f2f9c370495209452d9595df4de97ac Loading...

HTTP Transactions (15)

URL IP Response Size

ww8.galyqaz.com/

0.0.0.0

0 B

URL User Request GET
ww8.galyqaz.com/
IP
0.0.0.0:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: ww8.galyqaz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

www42.galyqaz.com/

15.197.204.56

200 OK

114 B

URL User Request GET
www42.galyqaz.com/
IP
15.197.204.56:80
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with no line terminators
Size
114 B (114 bytes)
Hash
e89f75f918dbdcee28604d4e09dd71d7
f9d9055e9878723a12063b47d4a1a5f58c3eb1e9
6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: www42.galyqaz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
content-type: text/html
date: Fri, 09 May 2025 00:37:48 GMT
content-length: 114

img1.wsimg.com/parking-lander/px.js?ch=1&abp=1&gdabp=true

23.36.77.185

200 OK

0 B

URL GET
img1.wsimg.com/parking-lander/px.js?ch=1&abp=1&gdabp=true
IP
23.36.77.185:443
ASN
#20940 Akamai International B.V.

Requested by
http://www42.galyqaz.com/lander
Certificate
IssuerStarfield Technologies, Inc.
Subject*.wsimg.com
FingerprintEA:61:02:4F:B7:92:44:AD:09:4C:03:D9:59:C6:B7:3B:E5:1E:ED:F3
ValidityThu, 19 Sep 2024 21:02:42 GMT - Tue, 21 Oct 2025 21:02:42 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /parking-lander/px.js?ch=1&abp=1&gdabp=true HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www42.galyqaz.com/
Origin: http://www42.galyqaz.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: eumcGgr9xPBPhS0YZtMPAtj0xa4ho7Linm1CgAULFtOkv5Sj5cwYCjVcvXYEpox/Pi0ZqW8fJuo=
x-amz-request-id: 39ATWSE327VENMH7
last-modified: Mon, 28 Apr 2025 16:05:09 GMT
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-amz-server-side-encryption: AES256
x-amz-version-id: 6x5PPJr4yD48SzaNnsAVFP1PSyEsBG4m
accept-ranges: bytes
content-type: text/javascript
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Sat, 09 May 2026 00:37:49 GMT
date: Fri, 09 May 2025 00:37:49 GMT
content-length: 20
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2

img1.wsimg.com/parking-lander/px.js?ch=2&abp=2&gdabp=true

23.36.77.185

200 OK

0 B

URL GET
img1.wsimg.com/parking-lander/px.js?ch=2&abp=2&gdabp=true
IP
23.36.77.185:443
ASN
#20940 Akamai International B.V.

Requested by
http://www42.galyqaz.com/lander
Certificate
IssuerStarfield Technologies, Inc.
Subject*.wsimg.com
FingerprintEA:61:02:4F:B7:92:44:AD:09:4C:03:D9:59:C6:B7:3B:E5:1E:ED:F3
ValidityThu, 19 Sep 2024 21:02:42 GMT - Tue, 21 Oct 2025 21:02:42 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /parking-lander/px.js?ch=2&abp=2&gdabp=true HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www42.galyqaz.com/
Origin: http://www42.galyqaz.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: RCF4ygwwB2tDCObTUW+VxS0cFm7VT7f6DdpSmtK0bH0xSeSO8bKIUPY1WoutTW2QicwKM9AymCk=
x-amz-request-id: 9AQSFQ7E26E90532
last-modified: Mon, 28 Apr 2025 16:05:09 GMT
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-amz-server-side-encryption: AES256
x-amz-version-id: 6x5PPJr4yD48SzaNnsAVFP1PSyEsBG4m
accept-ranges: bytes
content-type: text/javascript
vary: Accept-Encoding
content-encoding: gzip
content-length: 20
cache-control: max-age=31536000
expires: Sat, 09 May 2026 00:37:49 GMT
date: Fri, 09 May 2025 00:37:49 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2

ww8.galyqaz.com/favicon.ico

0.0.0.0

0 B

URL GET
ww8.galyqaz.com/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
http://ww8.galyqaz.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ww8.galyqaz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww8.galyqaz.com/
Pragma: no-cache
Cache-Control: no-cache

www42.galyqaz.com/

0.0.0.0

0 B

URL User Request GET
www42.galyqaz.com/
IP
0.0.0.0:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: www42.galyqaz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

www42.galyqaz.com/lander

0.0.0.0

0 B

URL User Request GET
www42.galyqaz.com/lander
IP
0.0.0.0:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander HTTP/1.1
Host: www42.galyqaz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www42.galyqaz.com/
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

www42.galyqaz.com/lander

15.197.204.56

200 OK

536 B

URL User Request GET
www42.galyqaz.com/lander
IP
15.197.204.56:80
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (535)
Size
536 B (536 bytes)
Hash
07cc4aa8634887e2c479da84c91542e7
6fd3e866887fe4f0474e661b2d806bad58e58fea
a248d85b2a135a1daed50e4ca58fe05e4445b43023d50b1f09caa41c85b88c16

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander HTTP/1.1
Host: www42.galyqaz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www42.galyqaz.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
cache-control: private, max-age=86400
content-type: text/html
date: Fri, 09 May 2025 00:37:49 GMT
server: openresty
set-cookie: expiry_partner=; Path=/; Max-Age=86400
caf_ipaddr=91.90.42.154; Path=/; Max-Age=86400
country=NO; Path=/; Max-Age=86400
city=Oslo; Path=/; Max-Age=86400
lander_type=parking; Path=/; Max-Age=86400
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_YeNLFYefSNUdZuqrYocFcsUWjy0Iv9zocmdT/SFnUX1gqUvqgcprm0RIz0v4bzlXSi49GWKqR/RXlX4XNCN6HA
x-content-type-options: nosniff
transfer-encoding: chunked

img1.wsimg.com/parking-lander/static/js/main.49d047bd.js

23.36.77.185

200 OK

1.4 MB

URL GET
img1.wsimg.com/parking-lander/static/js/main.49d047bd.js
IP
23.36.77.185:443
ASN
#20940 Akamai International B.V.

Requested by
http://www42.galyqaz.com/lander
Certificate
IssuerStarfield Technologies, Inc.
Subject*.wsimg.com
FingerprintEA:61:02:4F:B7:92:44:AD:09:4C:03:D9:59:C6:B7:3B:E5:1E:ED:F3
ValidityThu, 19 Sep 2024 21:02:42 GMT - Tue, 21 Oct 2025 21:02:42 GMT

File type
JavaScript source, ASCII text, with very long lines (65465)
Size
1.4 MB (1381908 bytes)
Hash
a0af4d1715cdb16fdba1673f563a8d4b
5b3b9a15ccd1432d3106b3904ea2f6a712570f00
8cbc2fa4fe48035ea2b10821cc81108e2f2f9c370495209452d9595df4de97ac

HTTP Headers

GET /parking-lander/static/js/main.49d047bd.js HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www42.galyqaz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: kWcR4WUQuwHtLLYLGiLZVJiEU5QxyUv2iSr4dehipBlrXcD6uyZbUWutCzgFzmNHv5A3b0g2My3KYkqdDjCYuA==
x-amz-request-id: 8PTPFC22845T47CJ
last-modified: Mon, 28 Apr 2025 16:05:00 GMT
etag: "a0af4d1715cdb16fdba1673f563a8d4b"
x-amz-server-side-encryption: AES256
x-amz-version-id: xIs2LUoDKqx1sZHHNS7V4XKi7pT9au3B
accept-ranges: bytes
content-type: text/javascript
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Sat, 09 May 2026 00:37:49 GMT
date: Fri, 09 May 2025 00:37:49 GMT
content-length: 352836
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2

galyqaz.com/login.phphT

199.191.50.83

302 Found

0 B

URL User Request GET
galyqaz.com/login.phphT
IP
199.191.50.83:443
ASN
#40034 CONFLUENCE-NETWORK-INC

Certificate
IssuerZeroSSL
Subjectgalyqaz.com
Fingerprint51:71:10:42:65:E4:49:4D:3B:23:B5:29:2C:0A:13:C2:EC:3B:B8:BA
ValidityThu, 20 Feb 2025 00:00:00 GMT - Wed, 21 May 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login.phphT HTTP/1.1
Host: galyqaz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: openresty
Date: Fri, 09 May 2025 00:37:39 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Referrer-Policy: no-referrer-when-downgrade
Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
Location: //ww8.galyqaz.com

ww8.galyqaz.com/?gp=1&js=1&uuid=1746751067.0092735714&other_args=eyJ1cmkiOiAiLyIsICJhcmdzIjogIiIsICJyZWZlcmVyIjogIiIsICJhY2NlcHQiOiAidGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksaW1hZ2UvYXZpZixpbWFnZS93ZWJwLCovKjtxPTAuOCJ9

0.0.0.0

0 B

URL User Request GET
ww8.galyqaz.com/?gp=1&js=1&uuid=1746751067.0092735714&other_args=eyJ1cmkiOiAiLyIsICJhcmdzIjogIiIsICJyZWZlcmVyIjogIiIsICJhY2NlcHQiOiAidGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksaW1hZ2UvYXZpZixpbWFnZS93ZWJwLCovKjtxPTAuOCJ9
IP
0.0.0.0:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?gp=1&js=1&uuid=1746751067.0092735714&other_args=eyJ1cmkiOiAiLyIsICJhcmdzIjogIiIsICJyZWZlcmVyIjogIiIsICJhY2NlcHQiOiAidGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksaW1hZ2UvYXZpZixpbWFnZS93ZWJwLCovKjtxPTAuOCJ9 HTTP/1.1
Host: ww8.galyqaz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ww8.galyqaz.com/
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

198.58.118.167

302 Found

0 B

URL User Request GET
ww8.galyqaz.com/?gp=1&js=1&uuid=1746751067.0092735714&other_args=eyJ1cmkiOiAiLyIsICJhcmdzIjogIiIsICJyZWZlcmVyIjogIiIsICJhY2NlcHQiOiAidGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksaW1hZ2UvYXZpZixpbWFnZS93ZWJwLCovKjtxPTAuOCJ9
IP
198.58.118.167:80
ASN
#63949 Akamai Connected Cloud

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?gp=1&js=1&uuid=1746751067.0092735714&other_args=eyJ1cmkiOiAiLyIsICJhcmdzIjogIiIsICJyZWZlcmVyIjogIiIsICJhY2NlcHQiOiAidGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksaW1hZ2UvYXZpZixpbWFnZS93ZWJwLCovKjtxPTAuOCJ9 HTTP/1.1
Host: ww8.galyqaz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww8.galyqaz.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
server: openresty/1.13.6.1
date: Fri, 09 May 2025 00:37:48 GMT
content-type: text/html; charset=utf-8
content-length: 0
location: http://www42.galyqaz.com
referrer-policy: no-referrer
vary: Accept-Language
content-language: en
connection: close

ww8.galyqaz.com/

72.14.185.43

200 OK

916 B

URL User Request GET
ww8.galyqaz.com/
IP
72.14.185.43:80
ASN
#63949 Akamai Connected Cloud

File type
HTML document, ASCII text, with very long lines (302)
Size
916 B (916 bytes)
Hash
156e8164d9e70556491e5f8ad3a27a7d
c3beddbc295294a32d2c955fc0d3c57d95e35c02
754e9c3ab0f6c31bfe3634cbaa20ac25d48a269d2bcd372812c0aeea4db7c26e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: ww8.galyqaz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
server: openresty/1.13.6.1
date: Fri, 09 May 2025 00:37:47 GMT
content-type: text/html
transfer-encoding: chunked
content-encoding: gzip
connection: close

www.google.com/adsense/domains/caf.js?abp=1&gdabp=true

142.250.74.68

200 OK

144 kB

URL GET
www.google.com/adsense/domains/caf.js?abp=1&gdabp=true
IP
142.250.74.68:443
ASN
#15169 GOOGLE

Requested by
http://www42.galyqaz.com/lander
Certificate
IssuerGoogle Trust Services
Subjectwww.google.com
FingerprintFD:1E:8C:23:6E:3E:CE:28:8F:BB:1E:C1:87:A0:77:5D:45:20:F7:03
ValidityMon, 31 Mar 2025 08:56:21 GMT - Mon, 23 Jun 2025 08:56:20 GMT

File type
JavaScript source, ASCII text, with very long lines (1839)
Size
144 kB (143584 bytes)
Hash
cf90846af0ff89998e4a64de3fc93b6e
d1d6f0f2afe23eea7652b9c3490cf5d0c27fda15
4b9f4a950a65d4ceb49c174b9b86ac8b677436758d6ecabc8fa1ce915643ea30

HTTP Headers

GET /adsense/domains/caf.js?abp=1&gdabp=true HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www42.galyqaz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Fri, 09 May 2025 00:37:49 GMT
expires: Fri, 09 May 2025 00:37:49 GMT
cache-control: private, max-age=3600
etag: "10661147436050861548"
x-content-type-options: nosniff
link: <https://syndicatedsearch.goog>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

img1.wsimg.com/parking-lander/static/css/main.fbee4dfb.css

23.36.77.185

200 OK

196 kB

URL GET
img1.wsimg.com/parking-lander/static/css/main.fbee4dfb.css
IP
23.36.77.185:443
ASN
#20940 Akamai International B.V.

Requested by
http://www42.galyqaz.com/lander
Certificate
IssuerStarfield Technologies, Inc.
Subject*.wsimg.com
FingerprintEA:61:02:4F:B7:92:44:AD:09:4C:03:D9:59:C6:B7:3B:E5:1E:ED:F3
ValidityThu, 19 Sep 2024 21:02:42 GMT - Tue, 21 Oct 2025 21:02:42 GMT

File type
Unicode text, UTF-8 text, with very long lines (65526), with no line terminators
Size
196 kB (196041 bytes)
Hash
086a72011cfbc8faa67c84a2b2e3a4a2
0f5668c1c609b9e9e9e9f7dee83336efe4c862c6
87c9be78912ba06d26ad87d2dbb8b0b37638e0d24d24b3a4e2bf357e674c56b3

HTTP Headers

GET /parking-lander/static/css/main.fbee4dfb.css HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www42.galyqaz.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: ARnFLuMrXm4050G7DHI5sRFAAGwgeujNhVs9LxSBjFvZ7LoXDO3YyykWPmV+bSFYdibCQv0/OXQPr5mJW9XAWg==
x-amz-request-id: 9W4X70HAY0GPYE0F
last-modified: Mon, 28 Apr 2025 16:05:06 GMT
etag: "086a72011cfbc8faa67c84a2b2e3a4a2"
x-amz-server-side-encryption: AES256
x-amz-version-id: FLNccLmJosW8ooExzdktxBAdq4UpfnUS
accept-ranges: bytes
content-type: text/css
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Sat, 09 May 2026 00:37:49 GMT
date: Fri, 09 May 2025 00:37:49 GMT
content-length: 32982
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (15)

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers