flowerself.xyz - urlscan.io

Summary

This website contacted 5 IPs in 4 countries across 5 domains to perform 5 HTTP transactions. The main IP is 5.45.112.153, located in Estonia and belongs to PAGM-AS, EE. The main domain is flowerself.xyz.
TLS certificate: Issued by R3 on January 9th 2023. Valid for: 3 months.

This is the only time flowerself.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	52.7.54.238 52.7.54.238	14618 (AMAZON-AES) (AMAZON-AES)
1 2	195.201.136.171 195.201.136.171	24940 (HETZNER-AS) (HETZNER-AS)
1	5.45.112.153 5.45.112.153	198068 (PAGM-AS) (PAGM-AS)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:1b	20446 (STACKPATH...) (STACKPATH-CDN)
1	142.132.255.57 142.132.255.57	24940 (HETZNER-AS) (HETZNER-AS)
5	5

1 52.7.54.238 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-7-54-238.compute-1.amazonaws.com

belia-glp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 195.201.136.171 (Gunzenhausen, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.171.136.201.195.clients.your-server.de

awasrqp.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 5.45.112.153 (Estonia)

ASN198068 (PAGM-AS, EE)
PTR: s5ff4df57.fastvps-server.com

flowerself.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:1b (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.132.255.57 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.57.255.132.142.clients.your-server.de

pushtorm.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	awasrqp.xyz 1 redirects awasrqp.xyz	1 KB
1	pushtorm.net pushtorm.net — Cisco Umbrella Rank: 99044	4 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 699	30 KB
1	flowerself.xyz flowerself.xyz	6 KB
1	belia-glp.com belia-glp.com — Cisco Umbrella Rank: 111766	1 KB
5	5

	Domain	Requested by
2	awasrqp.xyz	1 redirects belia-glp.com
1	pushtorm.net	flowerself.xyz
1	code.jquery.com	flowerself.xyz
1	flowerself.xyz
1	belia-glp.com
5	5

This site contains no links.

Subject Issuer	Validity	Valid
awasrqp.xyz R3	`2023-01-01` - `2023-04-01`	3 months	crt.sh
flowerself.xyz R3	`2023-01-09` - `2023-04-09`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
pushtorm.net R3	`2023-02-14` - `2023-05-15`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://flowerself.xyz/c.html?clickid=4d96fbza4ntmyd39&t1=1070&t2=17&t3=4d96fbza4ntmyd39&t4=mike-ado-zel46f5yt&t5=Unknown
Frame ID: 3A7A6AD693E725E5051F03784E4B1F64
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Notification Confirmation

Page URL History Show full URLs

http://belia-glp.com/zcredirect?visitid=5903b1e1-aec8-11ed-91f6-12550ce29ae5&type=js&browserWidth... Page URL
https://awasrqp.xyz/click.php?key=wbguypgu5yssbqngfp4l&cid=zr5903b1e1aec811ed91f612550ce29ae5bbc... HTTP 302
https://awasrqp.xyz/nlp/index.php?clickid=4d96fbza4ntmyd39&t1=1070&t2=17&t3=4d96fbza4ntmyd39&t4=... Page URL
https://flowerself.xyz/c.html?clickid=4d96fbza4ntmyd39&t1=1070&t2=17&t3=4d96fbza4ntmyd39&t4=mike-ad... Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

5
Requests

80 %
HTTPS

20 %
IPv6

5
Domains

5
Subdomains

5
IPs

4
Countries

42 kB
Transfer

118 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://belia-glp.com/zcredirect?visitid=5903b1e1-aec8-11ed-91f6-12550ce29ae5&type=js&browserWidth=1873&browserHeight=937&iframeDetected=false&webdriverDetected=false Page URL
https://awasrqp.xyz/click.php?key=wbguypgu5yssbqngfp4l&cid=zr5903b1e1aec811ed91f612550ce29ae5bbc519da1d434359960b46e5336efb3507126993376afdafd0&vsc=0.0&trgt=mike-ado-zel46f5yt&src=lateritious-falcon&kwd=&vrt=NON-ADULT HTTP 302
https://awasrqp.xyz/nlp/index.php?clickid=4d96fbza4ntmyd39&t1=1070&t2=17&t3=4d96fbza4ntmyd39&t4=mike-ado-zel46f5yt&t5=Unknown&url_bnm_redirect=https://flowerself.xyz/c.html Page URL
https://flowerself.xyz/c.html?clickid=4d96fbza4ntmyd39&t1=1070&t2=17&t3=4d96fbza4ntmyd39&t4=mike-ado-zel46f5yt&t5=Unknown Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://awasrqp.xyz/click.php?key=wbguypgu5yssbqngfp4l&cid=zr5903b1e1aec811ed91f612550ce29ae5bbc519da1d434359960b46e5336efb3507126993376afdafd0&vsc=0.0&trgt=mike-ado-zel46f5yt&src=lateritious-falcon&kwd=&vrt=NON-ADULT HTTP 302
https://awasrqp.xyz/nlp/index.php?clickid=4d96fbza4ntmyd39&t1=1070&t2=17&t3=4d96fbza4ntmyd39&t4=mike-ado-zel46f5yt&t5=Unknown&url_bnm_redirect=https://flowerself.xyz/c.html

5 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200 zcredirect
belia-glp.com/ 616 B
1 KB 233ms
99ms Document
text/html 52.7.54.238
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

http://belia-glp.com/zcredirect?visitid=5903b1e1-aec8-11ed-91f6-12550ce29ae5&type=js&browserWidth=1873&browserHeight=937&iframeDetected=false&webdriverDetected=false

Protocol

HTTP/1.1

Server

52.7.54.238 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-7-54-238.compute-1.amazonaws.com

Software

LVlSfHVB /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Connection: keep-alive
Content-Type: text/html;charset=UTF-8
Date: Fri, 17 Feb 2023 13:47:13 GMT
Server: LVlSfHVB
Transfer-Encoding: chunked
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
redirected: JS
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'

GET
H/1.1

200
OK

index.php Show response
awasrqp.xyz/nlp/
Redirect Chain

https://awasrqp.xyz/click.php?key=wbguypgu5yssbqngfp4l&cid=zr5903b1e1aec811ed91f612550ce29ae5bbc519da1d434359960b46e5336efb3507126993376afdafd0&vsc=0.0&trgt=mike-ado-zel46f5yt&src=lateritious-falco...
https://awasrqp.xyz/nlp/index.php?clickid=4d96fbza4ntmyd39&t1=1070&t2=17&t3=4d96fbza4ntmyd39&t4=mike-ado-zel46f5yt&t5=Unknown&url_bnm_redirect=https://flowerself.xyz/c.html

166 B
404 B

11ms
10ms

Document
text/html

195.201.136.171
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://awasrqp.xyz/nlp/index.php?clickid=4d96fbza4ntmyd39&t1=1070&t2=17&t3=4d96fbza4ntmyd39&t4=mike-ado-zel46f5yt&t5=Unknown&url_bnm_redirect=https://flowerself.xyz/c.html

Requested by

Host: belia-glp.com
URL: http://belia-glp.com/zcredirect?visitid=5903b1e1-aec8-11ed-91f6-12550ce29ae5&type=js&browserWidth=1873&browserHeight=937&iframeDetected=false&webdriverDetected=false

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

195.201.136.171 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.171.136.201.195.clients.your-server.de

Software

nginx/1.22.0 /

Resource Hash

401a4cd6617a3fca16b75c7150047889b51baa02712326a9b18bb864ffa7b676

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: http://belia-glp.com/zcredirect?visitid=5903b1e1-aec8-11ed-91f6-12550ce29ae5&type=js&browserWidth=1873&browserHeight=937&iframeDetected=false&webdriverDetected=false
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Fri, 17 Feb 2023 13:47:13 GMT
Server: nginx/1.22.0
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked

Redirect headers

Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Fri, 17 Feb 2023 13:47:13 GMT
Location: https://awasrqp.xyz/nlp/index.php?clickid=4d96fbza4ntmyd39&t1=1070&t2=17&t3=4d96fbza4ntmyd39&t4=mike-ado-zel46f5yt&t5=Unknown&url_bnm_redirect=https://flowerself.xyz/c.html
Server: nginx/1.22.0
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked

GET
H2 200 Primary Request c.html Show response
flowerself.xyz/ 16 KB
6 KB 163ms
34ms Document
text/html 5.45.112.153
PAGM-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://flowerself.xyz/c.html?clickid=4d96fbza4ntmyd39&t1=1070&t2=17&t3=4d96fbza4ntmyd39&t4=mike-ado-zel46f5yt&t5=Unknown

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

5.45.112.153 , Estonia, ASN198068 (PAGM-AS, EE),

Reverse DNS

s5ff4df57.fastvps-server.com

Software

nginx/1.18.0 /

Resource Hash

8a7a84a433198c7f2cec520e6bed7bdb973b34c1aeadaa5f96c023c920a6c65a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://awasrqp.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html
date: Fri, 17 Feb 2023 13:47:13 GMT
etag: W/"62d02426-3ef2"
last-modified: Thu, 14 Jul 2022 14:11:50 GMT
server: nginx/1.18.0
strict-transport-security: max-age=31536000

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 45ms
11ms Script
application/javascript 2001:4de0:ac18::1:a:1b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: flowerself.xyz
URL: https://flowerself.xyz/c.html?clickid=4d96fbza4ntmyd39&t1=1070&t2=17&t3=4d96fbza4ntmyd39&t4=mike-ado-zel46f5yt&t5=Unknown
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:1b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer: https://flowerself.xyz/
Origin: https://flowerself.xyz
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 13:47:13 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-15d9d"
vary: Accept-Encoding
x-hw: 1676641633.dop241.fr8.t,1676641633.cds011.fr8.hn,1676641633.cds144.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30875

GET
H/1.1 200
OK subscription.js Show response
pushtorm.net/ 14 KB
4 KB 82ms
11ms Script
application/javascript 142.132.255.57
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pushtorm.net/subscription.js

Requested by

Host: flowerself.xyz
URL: https://flowerself.xyz/c.html?clickid=4d96fbza4ntmyd39&t1=1070&t2=17&t3=4d96fbza4ntmyd39&t4=mike-ado-zel46f5yt&t5=Unknown

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

142.132.255.57 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.57.255.132.142.clients.your-server.de

Software

nginx/1.14.2 /

Resource Hash

d2cfe72bfbc69132aea6712ba2f460cafec47237707b28a8be26f4a8724a17ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://flowerself.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Fri, 17 Feb 2023 13:47:13 GMT
Content-Encoding: br
Strict-Transport-Security: max-age=31536000
Last-Modified: Mon, 13 Feb 2023 14:49:45 GMT
Server: nginx/1.14.2
ETag: "1d93fba6976fd6c"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			awasrqp.xyz/	1970-01-20 09:45:28	Name: uclick Value: bza4ntmy
			awasrqp.xyz/	1970-01-20 09:45:28	Name: uclickhash Value: bza4ntmy-bza4ntmy-2tp2-0-ciir-dvoc-dv4p-2802e2

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

awasrqp.xyz
belia-glp.com
code.jquery.com
flowerself.xyz
pushtorm.net
142.132.255.57
195.201.136.171
2001:4de0:ac18::1:a:1b
5.45.112.153
52.7.54.238
401a4cd6617a3fca16b75c7150047889b51baa02712326a9b18bb864ffa7b676
8a7a84a433198c7f2cec520e6bed7bdb973b34c1aeadaa5f96c023c920a6c65a
d2cfe72bfbc69132aea6712ba2f460cafec47237707b28a8be26f4a8724a17ce
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

flowerself.xyz Open in urlscan Pro 5.45.112.153 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

5 Requests

80 %HTTPS

20 %IPv6

5 Domains

5 Subdomains

5 IPs

4 Countries

42 kBTransfer

118 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

2 Cookies

Security Headers

Indicators

flowerself.xyz Open in urlscan Pro
5.45.112.153 Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

80 %
HTTPS

20 %
IPv6

5
Domains

5
Subdomains

5
IPs

4
Countries

42 kB
Transfer

118 kB
Size

2
Cookies

5 HTTP transactions
0 data transactions