Report - jdo20.hkqwo.com

Report Overview

Visited public
2023-12-03 22:55:42
Tags
URL
jdo20.hkqwo.com
Finishing URL
jdo20.hkqwo.com/
IP / ASN
104.21.20.223
#13335 CLOUDFLARENET
Title
FREE FIRE - Event Gratisan Garena

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2023-12-03 05:09:22	422 B	33 kB	151.101.130.137
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-12-03 07:59:58	884 B	61 kB	142.250.74.74
k.top4top.io	985927	2019-11-19	2020-01-06 08:43:09	2023-11-28 04:09:32	872 B	70 kB	65.21.235.194
i.ibb.co	13485	2010-07-20	2018-11-25 11:13:48	2023-12-03 13:11:12	440 B	1.2 kB	162.19.58.161
f.top4top.io	unknown	2019-11-19	2019-12-11 11:34:58	2023-12-02 18:15:37	436 B	49 kB	195.154.118.206
a.top4top.io	588496	2019-11-19	2019-12-05 19:36:40	2023-12-01 21:14:13	436 B	27 kB	51.159.59.190
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-03 05:48:43	543 B	8.6 kB	216.58.207.227
i.top4top.io	844348	2019-11-19	2020-01-25 09:04:01	2023-11-29 02:52:05	438 B	0 B	0.0.0.0
freefiremobile-a.akamaihd.net	20326	2009-09-14	2017-11-25 22:17:31	2023-12-01 05:56:19	1.8 kB	48 kB	23.36.76.249
b.top4top.io	unknown	2019-11-19	2019-12-11 04:03:13	2023-12-02 21:33:50	438 B	0 B	0.0.0.0
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2023-12-03 05:09:13	1.1 kB	47 kB	104.17.24.14
jdo20.hkqwo.com	unknown	unknown	No data	No data	9.4 kB	613 kB	172.67.194.181
d.top4top.io	994502	2019-11-19	2019-12-11 14:03:50	2023-12-02 02:06:32	450 B	222 kB	195.154.118.206
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-03 06:08:10	456 B	1.7 kB	142.250.74.106
g.top4top.io	907555	2019-11-19	2019-12-13 00:50:22	2023-12-02 17:32:13	438 B	0 B	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-12-02	medium	jdo20.hkqwo.com/	Tencent
2023-12-02	medium	jdo20.hkqwo.com/	Tencent
2023-12-02	medium	jdo20.hkqwo.com/	Tencent
2023-12-02	medium	jdo20.hkqwo.com/	Tencent
2023-12-02	medium	jdo20.hkqwo.com/	Tencent
2023-12-02	medium	jdo20.hkqwo.com/	Tencent
2023-12-02	medium	jdo20.hkqwo.com/	Tencent
2023-12-02	medium	jdo20.hkqwo.com/	Tencent
2023-12-02	medium	jdo20.hkqwo.com/	Tencent
2023-12-02	medium	jdo20.hkqwo.com/	Tencent
2023-12-02	medium	jdo20.hkqwo.com/	Tencent
2023-12-02	medium	jdo20.hkqwo.com/	Tencent
2023-12-02	medium	jdo20.hkqwo.com/	Tencent
2023-12-02	medium	jdo20.hkqwo.com/	Tencent
2023-12-02	medium	jdo20.hkqwo.com/	Tencent
2023-12-02	medium	jdo20.hkqwo.com/	Tencent
2023-12-02	medium	jdo20.hkqwo.com/	Tencent
2023-12-02	medium	jdo20.hkqwo.com/	Tencent
2023-12-02	medium	jdo20.hkqwo.com/	Tencent
2023-12-02	medium	jdo20.hkqwo.com/	Tencent
2023-12-02	medium	jdo20.hkqwo.com/	Tencent

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (7)

	URL	From	Size	First Seen	Last Seen
	jdo20.hkqwo.com/js/popup.js	ScriptElement	1.8 kB	2023-04-13	2024-08-20
Pretty URL jdo20.hkqwo.com/js/popup.js IP 172.67.194.181 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-13 07:35 Last Seen2024-08-20 16:53 Times Seen3 Hash fae27d764327b60873d41597d3ba1aad d18e77ca3f5e92d68e4ab892992371f327f29202 6a3a17e264547a17697a5a00a671691bb8261d93e3ed471347b61ebfb3a40c05 Loading...

	ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js	ScriptElement	84 kB	2023-03-07	2025-05-08
Pretty URL ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js IP 142.250.74.74 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-08 17:05 Times Seen7258 Hash 32015dd42e9582a80a84736f5d9a44d7 41b4bfbaa96be6d1440db6e78004ade1c134e276 8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3 Loading...

	jdo20.hkqwo.com/js/tab.js	ScriptElement	651 B	2023-03-08	2025-04-30
Pretty URL jdo20.hkqwo.com/js/tab.js IP 172.67.194.181 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 11:58 Last Seen2025-04-30 14:56 Times Seen55 Hash 7c718a725f7e25aeb30ccb2897345e24 20c4080a0dbd8214f0ea636c68fba7d58b233194 540026665ffdea5632b232fa0186d4af1c02c0efa9ccff9cde261e1f5c390a65 Loading...

	jdo20.hkqwo.com/	ScriptElement	224 B	2023-03-08	2024-08-21
Pretty URL jdo20.hkqwo.com/ IP 172.67.194.181 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 11:58 Last Seen2024-08-21 10:19 Times Seen43 Hash 468a3942ba887403ad9aa8af6407bb3d 2430a461d0bc402f545fdd9a9af469cfa9fc32e8 790c2bb2eaeafc988febcb266ff628be2024ebf0855c0951f56ee4fe25eda7f0 Loading...

	code.jquery.com/jquery-1.10.2.min.js	ScriptElement	93 kB	2023-03-07	2025-05-08
Pretty URL code.jquery.com/jquery-1.10.2.min.js IP 151.101.130.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-08 14:38 Times Seen6550 Hash 628072e7212db1e8cdacb22b21752cda 0511abe9863c2ea7084efa7e24d1d86c5b3974f1 0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988 Loading...

	ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js	ScriptElement	84 kB	2023-03-07	2025-05-09
Pretty URL ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js IP 142.250.74.74 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 11:37 Times Seen8025 Hash e40ec2161fe7993196f23c8a07346306 afb90752e0a90c24b7f724faca86c5f3d15d1178 874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4 Loading...

	unknown	EventHandler	29 B	2023-04-13	2025-04-30
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-13 07:35 Last Seen2025-04-30 14:56 Times Seen141 Hash 02fa9b3b5834fb8d73fece466e9b82d4 8695833e9963122b398db6289f1c9771055b1b21 48c7944ccb995f19e4a3d911f25ef7e040d041f0c69a641020e8fab11363b302 Loading...

HTTP Transactions (41)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/css/material-design-iconic-font.css

104.17.24.14

200 OK

6.3 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/css/material-design-iconic-font.css
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text
Size
6.3 kB (6252 bytes)
Hash
0920ea34072683229e6ea8299345cd09
0903033a844336f7c78ed4abbbcd92cd3115a03e
f37d6f502a5a961ac5c3f17c8d58685ff6b0dc0f69c2dcdd379ccabc96ec3bf2

HTTP Headers

GET /ajax/libs/material-design-iconic-font/2.2.0/css/material-design-iconic-font.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:55:24 GMT
content-type: text/css; charset=utf-8
content-length: 6252
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ed9-14d38"
last-modified: Mon, 04 May 2020 16:12:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 744346
expires: Fri, 22 Nov 2024 22:55:24 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=30Wy8TSxuV2yqmyKPpkbNl%2FVtyzSv8rvUSbDWoyctn%2B2JDRGlarIOsenaAmst8jXvHqLHk0RVFuwRewL8syrSWCapZY8zYr1ViAlzGLjx1dvIryGK6QBogm3DnazLtQuoWhuiWLa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 82ff65a1ce37569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

jdo20.hkqwo.com/img/reward/season/sg2.png

172.67.194.181

200 OK

6.7 kB

URL GET HTTP/3
jdo20.hkqwo.com/img/reward/season/sg2.png
IP
172.67.194.181:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthkqwo.com
Fingerprint72:78:41:C2:00:0B:A2:1A:06:7E:F6:B1:37:EA:8B:B1:AB:10:3D:67
ValidityThu, 19 Oct 2023 06:12:29 GMT - Wed, 17 Jan 2024 06:12:28 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 256x281, components 3\012- data
Size
6.7 kB (6671 bytes)
Hash
c2bbb2493e91d8db0d47b58a9fbd819a
edbc9815e543fa043d3c3a9a0dda904bb178a3a4
fe648eab2bbfecd429d31533b10d395de19bff2a836956b53c059fecedf0e5c3

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Tencent

HTTP Headers

GET /img/reward/season/sg2.png HTTP/1.1
Host: jdo20.hkqwo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:55:24 GMT
content-type: image/png
content-length: 6671
cache-control: public, max-age=604800
expires: Sun, 10 Dec 2023 22:55:24 GMT
last-modified: Sat, 18 Sep 2021 19:58:58 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tzX5lLY2GRLRZZ6JqIxZQSpwB%2FPiFTyH273uEpxXJnz6LU1ssecVCepv0C1emczorikuVjefWN2Yv7F5P5TkIlC3xYV3LhAL3DdVtpvFOxpBXTuhEaHA%2Bn9eLy2IoLn%2BbNc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff65a19fc556b9-OSL
alt-svc: h3=":443"; ma=86400

jdo20.hkqwo.com/img/reward/season/m1014.png

172.67.194.181

200 OK

7.4 kB

URL GET HTTP/3
jdo20.hkqwo.com/img/reward/season/m1014.png
IP
172.67.194.181:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthkqwo.com
Fingerprint72:78:41:C2:00:0B:A2:1A:06:7E:F6:B1:37:EA:8B:B1:AB:10:3D:67
ValidityThu, 19 Oct 2023 06:12:29 GMT - Wed, 17 Jan 2024 06:12:28 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 255x279, components 3\012- data
Size
7.4 kB (7416 bytes)
Hash
21656287a79f813c24a29dd3214eea75
c68604a72eea42128a05754611b03de60cb1391f
ccedebc3d5fd56d5b6b408ef8351a577d4c9334d422d005ab557c9e6f9ac0b06

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Tencent

HTTP Headers

GET /img/reward/season/m1014.png HTTP/1.1
Host: jdo20.hkqwo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:55:24 GMT
content-type: image/png
content-length: 7416
cache-control: public, max-age=604800
expires: Sun, 10 Dec 2023 22:55:24 GMT
last-modified: Sat, 18 Sep 2021 19:58:58 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O4FC7b1O3RbQnipYemrrDbgQobA%2FzU61sGbir0osqEaw%2F%2FRMDNn7kmnW6WATuFeDl7mnLYHFWp9UlyECzFvHwaIai19FjFOkYGzk5JAzqU8hBKB%2FBpvbX16%2Frykf4vcgjhA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff65a1afd056b9-OSL
alt-svc: h3=":443"; ma=86400

jdo20.hkqwo.com/img/reward/season/sg2v2.png

172.67.194.181

200 OK

5.2 kB

URL GET HTTP/3
jdo20.hkqwo.com/img/reward/season/sg2v2.png
IP
172.67.194.181:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthkqwo.com
Fingerprint72:78:41:C2:00:0B:A2:1A:06:7E:F6:B1:37:EA:8B:B1:AB:10:3D:67
ValidityThu, 19 Oct 2023 06:12:29 GMT - Wed, 17 Jan 2024 06:12:28 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 185x234, components 3\012- data
Size
5.2 kB (5161 bytes)
Hash
0420771522168c66627ef34560e08652
3d986435160449958ce1481a906fe830332e4b99
145c1c61215abfb0e9d565fcc12caf0589a20a6fbf7be74170d1af19c2a53681

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Tencent

HTTP Headers

GET /img/reward/season/sg2v2.png HTTP/1.1
Host: jdo20.hkqwo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:55:24 GMT
content-type: image/png
content-length: 5161
cache-control: public, max-age=604800
expires: Sun, 10 Dec 2023 22:55:24 GMT
last-modified: Sat, 18 Sep 2021 19:58:58 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0ufAZ7rUQth97C3rK1UXh%2BMDSeQnygP4bTpPeQwhZ45TM7BPYESZ7Lv%2F2tXjenR%2BBd5fRnrA5EYO8M8r9q%2BUyeVXmmhxqJbkeM1jk5vnfBieVxtAoqQHOfq5ria%2BiBC3kkc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff65a1bfd556b9-OSL
alt-svc: h3=":443"; ma=86400

jdo20.hkqwo.com/hadiah/5.png

172.67.194.181

200 OK

34 kB

URL GET HTTP/3
jdo20.hkqwo.com/hadiah/5.png
IP
172.67.194.181:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthkqwo.com
Fingerprint72:78:41:C2:00:0B:A2:1A:06:7E:F6:B1:37:EA:8B:B1:AB:10:3D:67
ValidityThu, 19 Oct 2023 06:12:29 GMT - Wed, 17 Jan 2024 06:12:28 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 336x371, components 3\012- data
Size
34 kB (33878 bytes)
Hash
e5f52df7a6fe9b1d8cbb6344dd1e54c9
4e888fcaf94655783a4ac004d7f6e8598f5e27f2
4c8c501f2643af6e7cf81a765e7b7cdb8a76dcea523fb875bd17faa355aada23

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Tencent

HTTP Headers

GET /hadiah/5.png HTTP/1.1
Host: jdo20.hkqwo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:55:24 GMT
content-type: image/png
content-length: 33878
cache-control: public, max-age=604800
expires: Sun, 10 Dec 2023 22:55:24 GMT
last-modified: Sat, 18 Sep 2021 19:59:00 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9LUGytfRp6PlQR9UhGTv37Y9PkEWXVpwfn6sv2rr3%2Bxr6jMSLqPmH6BOV7TB0GSZZy52Cl5JMeIR4jKYOwbLgsDRuUigtipZiCYAWOdg%2FzbDXHbm%2FkTZOFHTpvNSkU73eH4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff65a18fb356b9-OSL
alt-svc: h3=":443"; ma=86400

jdo20.hkqwo.com/hadiah/7.png

172.67.194.181

200 OK

24 kB

URL GET HTTP/3
jdo20.hkqwo.com/hadiah/7.png
IP
172.67.194.181:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthkqwo.com
Fingerprint72:78:41:C2:00:0B:A2:1A:06:7E:F6:B1:37:EA:8B:B1:AB:10:3D:67
ValidityThu, 19 Oct 2023 06:12:29 GMT - Wed, 17 Jan 2024 06:12:28 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 270x344, components 3\012- data
Size
24 kB (24340 bytes)
Hash
247d941ec211c1011eb36382af80fe6d
46f4aed3061612e9a4d2adeedcb82babf443247d
b1a212ba42e56d054647c28e79c04f745569523cd3082ebdd30898271507e2fe

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Tencent

HTTP Headers

GET /hadiah/7.png HTTP/1.1
Host: jdo20.hkqwo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:55:24 GMT
content-type: image/png
content-length: 24340
cache-control: public, max-age=604800
expires: Sun, 10 Dec 2023 22:55:24 GMT
last-modified: Sat, 18 Sep 2021 19:59:00 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ksyhdQlw7hrzj8vBdWsD5BB6NkvzR7eNViLcEg5J4xU1hXXcUzrvalvqMfXbJIxM1MWlSi0gr4q2Ym3RtZnWpX3d7L2O8eLbln54LS9KYRaYKXG8m%2BdMbwkchT2yKeocH9w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff65a19fbd56b9-OSL
alt-svc: h3=":443"; ma=86400

jdo20.hkqwo.com/hadiah/9.png

172.67.194.181

200 OK

15 kB

URL GET HTTP/3
jdo20.hkqwo.com/hadiah/9.png
IP
172.67.194.181:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthkqwo.com
Fingerprint72:78:41:C2:00:0B:A2:1A:06:7E:F6:B1:37:EA:8B:B1:AB:10:3D:67
ValidityThu, 19 Oct 2023 06:12:29 GMT - Wed, 17 Jan 2024 06:12:28 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 171x229, components 3\012- data
Size
15 kB (14610 bytes)
Hash
3ca39831410c114cd628c096f0746a03
3518cd6ce86078f5251b2dfedc5abca0697c398f
91720cc832af5016e3bb65f1c44c497f3542824a8f13d636552c146792bb581a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Tencent

HTTP Headers

GET /hadiah/9.png HTTP/1.1
Host: jdo20.hkqwo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:55:24 GMT
content-type: image/png
content-length: 14610
cache-control: public, max-age=604800
expires: Sun, 10 Dec 2023 22:55:24 GMT
last-modified: Sat, 18 Sep 2021 19:59:00 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sc3C3CVPQe2aRHPDO4Z9zeEs3bZGWbEwTzG4lYdLqcUV%2FZ0KsEfsU8%2BWocsjmxqANHi9CsyqlVHk9MlQKv9%2BYPTj85E9vANncOrogjYC4KZm7120Bqt9afNK1iOu1BKPzDk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff65a19fbe56b9-OSL
alt-svc: h3=":443"; ma=86400

jdo20.hkqwo.com/img/other/dm.png

172.67.194.181

200 OK

13 kB

URL GET HTTP/3
jdo20.hkqwo.com/img/other/dm.png
IP
172.67.194.181:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthkqwo.com
Fingerprint72:78:41:C2:00:0B:A2:1A:06:7E:F6:B1:37:EA:8B:B1:AB:10:3D:67
ValidityThu, 19 Oct 2023 06:12:29 GMT - Wed, 17 Jan 2024 06:12:28 GMT

File type
PNG image data, 183 x 97, 8-bit/color RGBA, non-interlaced\012- data
Size
13 kB (12847 bytes)
Hash
9501d601e510f2815bbf2f2df049b5f4
afdfd5813751fa52c2006018fd8adb5aa3c532f6
268523b73611cfc71afb01bb12a0350655371688590f38808eaa72af73e4fe22

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Tencent

HTTP Headers

GET /img/other/dm.png HTTP/1.1
Host: jdo20.hkqwo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:55:24 GMT
content-type: image/png
content-length: 12847
cache-control: public, max-age=604800
expires: Sun, 10 Dec 2023 22:55:24 GMT
last-modified: Sat, 18 Sep 2021 19:58:58 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e9xzpjdaoZ4Xa6s9%2FaEVFt%2BBugLBAgNFJY%2Bx6dc5Quj%2Fnn8nlLW%2BCClm3vUYD2axsV6dMsLp4UnQ7Z2kqnfYp624b2W2KFAzxZMqQty24owoEqTDMf5KHQSTZZNf7UIvXVg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff65a1bfd656b9-OSL
alt-svc: h3=":443"; ma=86400

jdo20.hkqwo.com/hadiah/1.png

172.67.194.181

200 OK

52 kB

URL GET HTTP/3
jdo20.hkqwo.com/hadiah/1.png
IP
172.67.194.181:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthkqwo.com
Fingerprint72:78:41:C2:00:0B:A2:1A:06:7E:F6:B1:37:EA:8B:B1:AB:10:3D:67
ValidityThu, 19 Oct 2023 06:12:29 GMT - Wed, 17 Jan 2024 06:12:28 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 537x824, components 3\012- data
Size
52 kB (51741 bytes)
Hash
18d7879e3459cf3d30591fbe08250528
801549b4fab86cc04546c13857d52b0ccb15fcff
2faa2ad92f0af43b4f6a0b2b9c39b0a87073a928c451a12c19f61227f0d05d7a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Tencent

HTTP Headers

GET /hadiah/1.png HTTP/1.1
Host: jdo20.hkqwo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:55:24 GMT
content-type: image/png
content-length: 51741
cache-control: public, max-age=604800
expires: Sun, 10 Dec 2023 22:55:24 GMT
last-modified: Sat, 18 Sep 2021 19:59:00 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pwl7AO1rY%2BF2SY4av7972zr4tbgYrKm2eERS8RS2rhCoeKfcBqWJZ5VMFyqJnZoscKXSMDBrJWVvOUDjoMlO4Vd7MIXqHIeP5sOxRQalfcYLPAdGKBdcIPqXTgA7IQk%2B9rw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff65a18fb056b9-OSL
alt-svc: h3=":443"; ma=86400

jdo20.hkqwo.com/hadiah/2.png

172.67.194.181

200 OK

53 kB

URL GET HTTP/3
jdo20.hkqwo.com/hadiah/2.png
IP
172.67.194.181:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthkqwo.com
Fingerprint72:78:41:C2:00:0B:A2:1A:06:7E:F6:B1:37:EA:8B:B1:AB:10:3D:67
ValidityThu, 19 Oct 2023 06:12:29 GMT - Wed, 17 Jan 2024 06:12:28 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 566x847, components 3\012- data
Size
53 kB (53179 bytes)
Hash
eac78412ce1621cf15eae2186e14510a
422938c91bff2da79aa2d21f6deb7376af6ce393
88f2b3ad9a9c7361edf94eb80bba6a6081aba191746c92040727abc31e5fc1aa

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Tencent

HTTP Headers

GET /hadiah/2.png HTTP/1.1
Host: jdo20.hkqwo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:55:24 GMT
content-type: image/png
content-length: 53179
cache-control: public, max-age=604800
expires: Sun, 10 Dec 2023 22:55:24 GMT
last-modified: Sat, 18 Sep 2021 19:59:00 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nLVhzZ9BGLZ6Zof33APDDhtD7TpCDiTX4hAmDpa7kYFFisdEwx%2FQBFNK9xnP57nosP4GZVcPc1iFSlRiOQ5rbMyTa5JfPpzdtWtTqcdXCpgtVyjHucKuc9ofMMOHlaqtEfk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff65a18fb156b9-OSL
alt-svc: h3=":443"; ma=86400

jdo20.hkqwo.com/hadiah/3.png

172.67.194.181

200 OK

53 kB

URL GET HTTP/3
jdo20.hkqwo.com/hadiah/3.png
IP
172.67.194.181:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthkqwo.com
Fingerprint72:78:41:C2:00:0B:A2:1A:06:7E:F6:B1:37:EA:8B:B1:AB:10:3D:67
ValidityThu, 19 Oct 2023 06:12:29 GMT - Wed, 17 Jan 2024 06:12:28 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 561x828, components 3\012- data
Size
53 kB (53011 bytes)
Hash
1bf9b01e715147c6a75072906b2ec71f
223661494150392530a32559883c7b7c6c79d0b2
2e3bf52f33a6258303aeb310aaa4121db4ba002353d3d8d3bbbf1127a3ad2925

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Tencent

HTTP Headers

GET /hadiah/3.png HTTP/1.1
Host: jdo20.hkqwo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:55:24 GMT
content-type: image/png
content-length: 53011
cache-control: public, max-age=604800
expires: Sun, 10 Dec 2023 22:55:24 GMT
last-modified: Sat, 18 Sep 2021 19:59:00 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jdH4CDEwH%2FhnA287iGlA01Qyns6MJeQOwBCVOPhUULENFhc9YVDwwDCyCgBNnIeB9E1X3CCuwu8KA8jTy1BrCnLlPTEKQB%2FWHJbRAbzV8%2FeeF4k0YHFIHq%2F3WVP8b1Wn5m0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff65a18fb256b9-OSL
alt-svc: h3=":443"; ma=86400

jdo20.hkqwo.com/hadiah/6.png

172.67.194.181

200 OK

55 kB

URL GET HTTP/3
jdo20.hkqwo.com/hadiah/6.png
IP
172.67.194.181:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthkqwo.com
Fingerprint72:78:41:C2:00:0B:A2:1A:06:7E:F6:B1:37:EA:8B:B1:AB:10:3D:67
ValidityThu, 19 Oct 2023 06:12:29 GMT - Wed, 17 Jan 2024 06:12:28 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 554x837, components 3\012- data
Size
55 kB (55330 bytes)
Hash
5969fd22c7daa813287a12ef44109d49
789f33c53957ce8907fd9604ef46e1f97ba15cc4
7bd1e4557b769f1420306954ec799ae6d0918a209077531eb5cd0fc5ccb9c08e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Tencent

HTTP Headers

GET /hadiah/6.png HTTP/1.1
Host: jdo20.hkqwo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:55:24 GMT
content-type: image/png
content-length: 55330
cache-control: public, max-age=604800
expires: Sun, 10 Dec 2023 22:55:24 GMT
last-modified: Sat, 18 Sep 2021 19:59:00 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TQto3j3zvF9Wc8PYctB5D%2BJdYNRY6TH1YwgNM%2FC26rx7T67iTkSEhnwIzcz8nOW1uTOgo3DXppsRvsRnX%2FusO68VarJCU3HrMu%2Bt8oMa3yjPqEusT0%2FrRVHeh7KYmZBTCfA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff65a18fb456b9-OSL
alt-svc: h3=":443"; ma=86400

code.jquery.com/jquery-1.10.2.min.js

151.101.130.137

200 OK

33 kB

URL GET HTTP/2
code.jquery.com/jquery-1.10.2.min.js
IP
151.101.130.137:443
ASN
#54113 FASTLY

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32072)
Size
33 kB (32788 bytes)
Hash
628072e7212db1e8cdacb22b21752cda
0511abe9863c2ea7084efa7e24d1d86c5b3974f1
0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988

HTTP Headers

GET /jquery-1.10.2.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-16bb3"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sun, 03 Dec 2023 22:55:24 GMT
age: 6841924
x-served-by: cache-lga13622-LGA, cache-bma1641-BMA
x-cache: HIT, HIT
x-cache-hits: 47, 109980
x-timer: S1701644125.625760,VS0,VE0
vary: Accept-Encoding
content-length: 32788
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js

142.250.74.74

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (32061)
Size
30 kB (29671 bytes)
Hash
e40ec2161fe7993196f23c8a07346306
afb90752e0a90c24b7f724faca86c5f3d15d1178
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4

HTTP Headers

GET /ajax/libs/jquery/2.1.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29671
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 14:08:06 GMT
expires: Fri, 29 Nov 2024 14:08:06 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 290838
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

k.top4top.io/p_21610u4rb0.jpg

65.21.235.194

200 OK

32 kB

URL GET HTTP/2
k.top4top.io/p_21610u4rb0.jpg
IP
65.21.235.194:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerLet's Encrypt
Subject*.top4top.co
Fingerprint98:C6:A8:2C:16:D5:04:38:85:B0:AF:12:09:89:3E:5D:88:01:7D:F5
ValidityWed, 01 Nov 2023 00:07:36 GMT - Tue, 30 Jan 2024 00:07:35 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 710x433, components 3\012- data
Size
32 kB (31923 bytes)
Hash
1b5a18244319bfab623092ec6318c2ff
aab7dfcf4e415a6d7a775330c99069c49b46305f
e98754d1732cd94970d37c0c290f7a670e671b671d85114b8dcd0f39dc4dc071

HTTP Headers

GET /p_21610u4rb0.jpg HTTP/1.1
Host: k.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 22:55:24 GMT
content-type: image/jpeg
content-length: 31923
set-cookie: klj_40d147_downloads=pfjcy; Max-Age=85000; Domain=.top4top.io; Path=/; Expires=Mon, 04 Dec 2023 22:32:04 GMT
last-modified: Wed, 01 Dec 2021 15:54:13 GMT
content-disposition: inline; filename="4.jpg"
etag: "61a79aa5-7cb3"
expires: Mon, 04 Dec 2023 00:55:24 GMT
cache-control: max-age=7200
x-file-id: x42715330x
accept-ranges: bytes
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js

142.250.74.74

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (32180)
Size
30 kB (29707 bytes)
Hash
32015dd42e9582a80a84736f5d9a44d7
41b4bfbaa96be6d1440db6e78004ade1c134e276
8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3

HTTP Headers

GET /ajax/libs/jquery/2.1.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29707
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 19:17:06 GMT
expires: Thu, 28 Nov 2024 19:17:06 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 358698
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

k.top4top.io/p_21612pf750.jpg

65.21.235.194

200 OK

37 kB

URL GET HTTP/2
k.top4top.io/p_21612pf750.jpg
IP
65.21.235.194:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerLet's Encrypt
Subject*.top4top.co
Fingerprint98:C6:A8:2C:16:D5:04:38:85:B0:AF:12:09:89:3E:5D:88:01:7D:F5
ValidityWed, 01 Nov 2023 00:07:36 GMT - Tue, 30 Jan 2024 00:07:35 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 727x435, components 3\012- data
Size
37 kB (37110 bytes)
Hash
1d0964f7711856391340235b6d4a3984
77809d3e96c3bd51074e8553db998f9de4df6fea
2ed58aed0b708834055729c0c59e78399595187687d7ae2e128c9700cffd11b6

HTTP Headers

GET /p_21612pf750.jpg HTTP/1.1
Host: k.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 22:55:24 GMT
content-type: image/jpeg
content-length: 37110
set-cookie: klj_40d147_downloads=pfjaa; Max-Age=85000; Domain=.top4top.io; Path=/; Expires=Mon, 04 Dec 2023 22:32:04 GMT
last-modified: Wed, 01 Dec 2021 15:49:18 GMT
content-disposition: inline; filename="1.jpg"
etag: "61a7997e-90f6"
expires: Mon, 04 Dec 2023 00:55:24 GMT
cache-control: max-age=7200
x-file-id: x42715234x
accept-ranges: bytes
X-Firefox-Spdy: h2

i.ibb.co/W0V2vPK/twitter-text.png

162.19.58.161

404 Not Found

1.0 kB

URL GET HTTP/2
i.ibb.co/W0V2vPK/twitter-text.png
IP
162.19.58.161:443
ASN
#16276 OVH SAS

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerLet's Encrypt
Subjectibb.co
FingerprintCC:72:96:95:90:7F:15:8E:AC:C5:40:3A:D2:6F:83:A3:DF:5E:72:56
ValidityMon, 09 Oct 2023 14:39:49 GMT - Sun, 07 Jan 2024 14:39:48 GMT

File type
PNG image data, 180 x 180, 4-bit colormap, non-interlaced\012- data
Size
1.0 kB (1031 bytes)
Hash
7325e2012a6cf941a6ea14f0061ff764
0d2ba63e280b979a98bc431bec8a7af985578769
63e3696c5e5e8b037e28e8fbef871184b0d1d60a7314c965b1426d9cce84dd69

HTTP Headers

GET /W0V2vPK/twitter-text.png HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx
date: Sun, 03 Dec 2023 22:55:24 GMT
content-type: image/png
content-length: 1031
X-Firefox-Spdy: h2

a.top4top.io/p_2161oexqy0.jpg

51.159.59.190

200 OK

27 kB

URL GET HTTP/2
a.top4top.io/p_2161oexqy0.jpg
IP
51.159.59.190:443
ASN
#12876 Online S.a.s.

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerLet's Encrypt
Subject*.top4top.co
Fingerprint98:C6:A8:2C:16:D5:04:38:85:B0:AF:12:09:89:3E:5D:88:01:7D:F5
ValidityWed, 01 Nov 2023 00:07:36 GMT - Tue, 30 Jan 2024 00:07:35 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 701x432, components 3\012- data
Size
27 kB (26605 bytes)
Hash
4237a20c662c1d7799230896ac34edfc
07c088965f330a7a006728518be804bd99aaecf8
3ea4a6ee7ed5451bc4e1b8a871e6b247d173ba5faa9481abee7c407e4f2d6581

HTTP Headers

GET /p_2161oexqy0.jpg HTTP/1.1
Host: a.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 22:55:24 GMT
content-type: image/jpeg
content-length: 26605
set-cookie: klj_40d147_downloads=pfjec; Max-Age=85000; Domain=.top4top.io; Path=/; Expires=Mon, 04 Dec 2023 22:32:04 GMT
last-modified: Wed, 01 Dec 2021 15:56:43 GMT
content-disposition: inline; filename="5.jpg"
etag: "61a79b3b-67ed"
expires: Mon, 04 Dec 2023 00:55:24 GMT
cache-control: max-age=7200
x-file-id: x42715380x
accept-ranges: bytes
X-Firefox-Spdy: h2

d.top4top.io/p_21616e01k0.jpg

195.154.118.206

200 OK

221 kB

URL GET HTTP/2
d.top4top.io/p_21616e01k0.jpg
IP
195.154.118.206:443
ASN
#12876 Online S.a.s.

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerLet's Encrypt
Subject*.top4top.co
Fingerprint98:C6:A8:2C:16:D5:04:38:85:B0:AF:12:09:89:3E:5D:88:01:7D:F5
ValidityWed, 01 Nov 2023 00:07:36 GMT - Tue, 30 Jan 2024 00:07:35 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 720x1014, components 3\012- data
Size
221 kB (221069 bytes)
Hash
5f0bdd70a5cc3e5852a81b466537db0f
1c87a3808e958bc1fcdcd24223e1deec2d03f5fd
1bbd5e03658f2a4c542da0358ef13a63fdd3620fb65950ff1f72a1009e7bffdb

HTTP Headers

GET /p_21616e01k0.jpg HTTP/1.1
Host: d.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 22:55:24 GMT
content-type: image/jpeg
content-length: 221069
set-cookie: klj_40d147_downloads=pfjq3; Max-Age=85000; Domain=.top4top.io; Path=/; Expires=Mon, 04 Dec 2023 22:32:04 GMT
last-modified: Wed, 01 Dec 2021 16:20:24 GMT
content-disposition: inline; filename="IMG_20211201_231911.jpg"
etag: "61a7a0c8-35f8d"
expires: Mon, 04 Dec 2023 00:55:24 GMT
cache-control: max-age=7200
x-file-id: x42715803x
accept-ranges: bytes
X-Firefox-Spdy: h2

f.top4top.io/p_21615khm80.jpg

195.154.118.206

200 OK

48 kB

URL GET HTTP/2
f.top4top.io/p_21615khm80.jpg
IP
195.154.118.206:443
ASN
#12876 Online S.a.s.

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerLet's Encrypt
Subject*.top4top.co
Fingerprint98:C6:A8:2C:16:D5:04:38:85:B0:AF:12:09:89:3E:5D:88:01:7D:F5
ValidityWed, 01 Nov 2023 00:07:36 GMT - Tue, 30 Jan 2024 00:07:35 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 385x384, components 3\012- data
Size
48 kB (48388 bytes)
Hash
111a3298118672cf439f72e440370777
f8c7bf3c59c294a0504a6cee7921002390711c55
3047c2c9aa5681a3491b8aabb82f4fb7f3a332f8515816e33056decac3acc450

HTTP Headers

GET /p_21615khm80.jpg HTTP/1.1
Host: f.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 22:55:24 GMT
content-type: image/jpeg
content-length: 48388
set-cookie: klj_40d147_downloads=pfjtt; Max-Age=85000; Domain=.top4top.io; Path=/; Expires=Mon, 04 Dec 2023 22:32:04 GMT
last-modified: Wed, 01 Dec 2021 16:26:19 GMT
content-disposition: inline; filename="IMG_20211201_232556.jpg"
etag: "61a7a22b-bd04"
expires: Mon, 04 Dec 2023 00:55:24 GMT
cache-control: max-age=7200
x-file-id: x42715937x
accept-ranges: bytes
X-Firefox-Spdy: h2

jdo20.hkqwo.com/js/popup.js

172.67.194.181

200 OK

39 kB

URL GET HTTP/3
jdo20.hkqwo.com/js/popup.js
IP
172.67.194.181:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthkqwo.com
Fingerprint72:78:41:C2:00:0B:A2:1A:06:7E:F6:B1:37:EA:8B:B1:AB:10:3D:67
ValidityThu, 19 Oct 2023 06:12:29 GMT - Wed, 17 Jan 2024 06:12:28 GMT

File type
ASCII text
Size
39 kB (39019 bytes)
Hash
fae27d764327b60873d41597d3ba1aad
d18e77ca3f5e92d68e4ab892992371f327f29202
6a3a17e264547a17697a5a00a671691bb8261d93e3ed471347b61ebfb3a40c05

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Tencent

HTTP Headers

GET /js/popup.js HTTP/1.1
Host: jdo20.hkqwo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:55:24 GMT
content-type: text/javascript
last-modified: Sun, 17 Oct 2021 16:17:24 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WevAqJle1%2BgF1nMJQuuVsR4gAm9nkxJV1BEQjQcJKU%2BtOVEVYG7ivunjpM6INPO2PHt0OSYgJXwKnsqVDasfLWE72cRxn5PnTynkQxn9euSNDVoZvbXZRUQwjgDeng56q5Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff65a1cfe556b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/teko/v20/LYjYdG7kmE0gV69VVPPdFl06VN8XG4S11zM.woff2

216.58.207.227

200 OK

7.8 kB

URL GET HTTP/2
fonts.gstatic.com/s/teko/v20/LYjYdG7kmE0gV69VVPPdFl06VN8XG4S11zM.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7780, version 1.0\012- data
Size
7.8 kB (7780 bytes)
Hash
507c329139e1756ce9bff8c6552d0412
b56bbcc8b220ab2839e5713f03d1d445f43d120b
064e4592bfa4dfda87fd9808ee81f704c1f7bab179ba6558de6853d8854e4f12

HTTP Headers

GET /s/teko/v20/LYjYdG7kmE0gV69VVPPdFl06VN8XG4S11zM.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://jdo20.hkqwo.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7780
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 00:00:34 GMT
expires: Fri, 29 Nov 2024 00:00:34 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Aug 2023 21:55:09 GMT
content-type: font/woff2
age: 341691
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

jdo20.hkqwo.com/img/container.jpg

172.67.194.181

200 OK

61 kB

URL GET HTTP/3
jdo20.hkqwo.com/img/container.jpg
IP
172.67.194.181:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthkqwo.com
Fingerprint72:78:41:C2:00:0B:A2:1A:06:7E:F6:B1:37:EA:8B:B1:AB:10:3D:67
ValidityThu, 19 Oct 2023 06:12:29 GMT - Wed, 17 Jan 2024 06:12:28 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=6, height=0, orientation=[*0*], datetime=2020:12:14 18:26:48, GPS-Data, width=0], baseline, precision 8, 301x431, components 3\012- data
Size
61 kB (61252 bytes)
Hash
34f948b7f09960898db436eb52f4585e
f5d7bda7a050eb60c34e2daab22b6fad76f383aa
0fdd9daeec011c38cd91d4c1fb8c3dfe2dd85e55f4e1afac97f1aeb84ad6c635

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Tencent

HTTP Headers

GET /img/container.jpg HTTP/1.1
Host: jdo20.hkqwo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:55:25 GMT
content-type: image/jpeg
content-length: 61252
cache-control: public, max-age=604800
expires: Sun, 10 Dec 2023 22:55:25 GMT
last-modified: Sat, 18 Sep 2021 19:58:58 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5aP7zpw6yBoYwl5IzOE4BX5iIqu9%2BVLoOvEtXxUWjb9gpW6jaKpTrTfwxd24b9gMcFNXg%2BCBtEbyqX31I5dhIOC3FscqU7lF%2Fq3utkbP8zkih5KJARtt52Bi61JerGOqvL8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff65a6dc0656b9-OSL
alt-svc: h3=":443"; ma=86400

freefiremobile-a.akamaihd.net/ffwebsite/images/logo-small-fixed.png

23.36.76.249

200 OK

11 kB

URL GET HTTP/1.1
freefiremobile-a.akamaihd.net/ffwebsite/images/logo-small-fixed.png
IP
23.36.76.249:443
ASN
#20940 Akamai International B.V.

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT

File type
PNG image data, 240 x 100, 8-bit/color RGBA, non-interlaced\012- data
Size
11 kB (10700 bytes)
Hash
bd03f747be802d6ada38e233546dfc5e
d32cc84163bd4cdd6e239cfec91c0528a663504b
f1da7d56ec1e2c36a66bf41364f3dbcaa254e2a64e1fb6fc961fbf6bb9bb0e2a

HTTP Headers

GET /ffwebsite/images/logo-small-fixed.png HTTP/1.1
Host: freefiremobile-a.akamaihd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: OBS
Content-Type: image/png
Content-Length: 10700
x-obs-request-id: 0000018C30D2E31A90194FA73717B660
Accept-Ranges: bytes
ETag: "bd03f747be802d6ada38e233546dfc5e"
Last-Modified: Thu, 04 Aug 2022 12:38:52 GMT
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSVBN2u+gPVy3iMo9swhcV4HEVRBFqy8
Date: Sun, 03 Dec 2023 22:55:26 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Cache-Control: public, max-age=3600
Access-Control-Allow-Origin: *

freefiremobile-a.akamaihd.net/ffwebsite/images/logo-small-fixed.png

23.36.76.249

200 OK

11 kB

URL GET HTTP/1.1
freefiremobile-a.akamaihd.net/ffwebsite/images/logo-small-fixed.png
IP
23.36.76.249:443
ASN
#20940 Akamai International B.V.

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT

File type
PNG image data, 240 x 100, 8-bit/color RGBA, non-interlaced\012- data
Size
11 kB (10700 bytes)
Hash
bd03f747be802d6ada38e233546dfc5e
d32cc84163bd4cdd6e239cfec91c0528a663504b
f1da7d56ec1e2c36a66bf41364f3dbcaa254e2a64e1fb6fc961fbf6bb9bb0e2a

HTTP Headers

GET /ffwebsite/images/logo-small-fixed.png HTTP/1.1
Host: freefiremobile-a.akamaihd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: OBS
Content-Type: image/png
Content-Length: 10700
x-obs-request-id: 0000018C30D2E31A90194FA73717B660
Accept-Ranges: bytes
ETag: "bd03f747be802d6ada38e233546dfc5e"
Last-Modified: Thu, 04 Aug 2022 12:38:52 GMT
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSVBN2u+gPVy3iMo9swhcV4HEVRBFqy8
Date: Sun, 03 Dec 2023 22:55:26 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Cache-Control: public, max-age=3600
Access-Control-Allow-Origin: *

freefiremobile-a.akamaihd.net/ffwebsite/images/app-icon.png

23.36.76.249

200 OK

12 kB

URL GET HTTP/1.1
freefiremobile-a.akamaihd.net/ffwebsite/images/app-icon.png
IP
23.36.76.249:443
ASN
#20940 Akamai International B.V.

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT

File type
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced\012- data
Size
12 kB (12092 bytes)
Hash
6939bf661102c88284e29c6869ca6b76
3d9f354e4a65658b93aeeeee69eb2f24ec420f39
09dbef6fe2c290c0e263be3a3af6bded42c0250895328f47ad049c6fd67d598e

HTTP Headers

GET /ffwebsite/images/app-icon.png HTTP/1.1
Host: freefiremobile-a.akamaihd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: OBS
Content-Type: image/png
Content-Length: 12092
x-obs-request-id: 0000018C0BB2EECC94128F6F55A8F065
Accept-Ranges: bytes
ETag: "6939bf661102c88284e29c6869ca6b76"
Last-Modified: Thu, 04 Aug 2022 12:38:42 GMT
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSM1mjMaqjtjP/338rcsVfwKFxfhJYLk
Date: Sun, 03 Dec 2023 22:55:26 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Cache-Control: public, max-age=3600
Access-Control-Allow-Origin: *

freefiremobile-a.akamaihd.net/ffwebsite/images/app-icon.png

23.36.76.249

200 OK

12 kB

URL GET HTTP/1.1
freefiremobile-a.akamaihd.net/ffwebsite/images/app-icon.png
IP
23.36.76.249:443
ASN
#20940 Akamai International B.V.

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT

File type
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced\012- data
Size
12 kB (12092 bytes)
Hash
6939bf661102c88284e29c6869ca6b76
3d9f354e4a65658b93aeeeee69eb2f24ec420f39
09dbef6fe2c290c0e263be3a3af6bded42c0250895328f47ad049c6fd67d598e

HTTP Headers

GET /ffwebsite/images/app-icon.png HTTP/1.1
Host: freefiremobile-a.akamaihd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: OBS
Content-Type: image/png
Content-Length: 12092
x-obs-request-id: 0000018C0BB2EECC94128F6F55A8F065
Accept-Ranges: bytes
ETag: "6939bf661102c88284e29c6869ca6b76"
Last-Modified: Thu, 04 Aug 2022 12:38:42 GMT
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSM1mjMaqjtjP/338rcsVfwKFxfhJYLk
Date: Sun, 03 Dec 2023 22:55:26 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Cache-Control: public, max-age=3600
Access-Control-Allow-Origin: *

jdo20.hkqwo.com/

172.67.194.181

200 OK

31 kB

URL User Request GET HTTP/2
jdo20.hkqwo.com/
IP
172.67.194.181:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjecthkqwo.com
Fingerprint72:78:41:C2:00:0B:A2:1A:06:7E:F6:B1:37:EA:8B:B1:AB:10:3D:67
ValidityThu, 19 Oct 2023 06:12:29 GMT - Wed, 17 Jan 2024 06:12:28 GMT

File type

Size
31 kB (30646 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Tencent

HTTP Headers

GET / HTTP/1.1
Host: jdo20.hkqwo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:55:23 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=affpvu%2FJkCmwHHjrZKN0tnkUT3rKGk2EuLzxJFZpozG55QdbcqrqJZhUfSSZByT%2FzjRuLVDbGJWRBIKWIcD50LP%2Bvp%2Fr2BDpTq7ZY1INwNLpBb63KcYA86JvowIkDiqlcAU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff659cfd3956b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

jdo20.hkqwo.com/css/login/facebook.css

172.67.194.181

200 OK

3.1 kB

URL GET HTTP/3
jdo20.hkqwo.com/css/login/facebook.css
IP
172.67.194.181:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthkqwo.com
Fingerprint72:78:41:C2:00:0B:A2:1A:06:7E:F6:B1:37:EA:8B:B1:AB:10:3D:67
ValidityThu, 19 Oct 2023 06:12:29 GMT - Wed, 17 Jan 2024 06:12:28 GMT

File type
ASCII text, with very long lines (3358), with no line terminators
Size
3.1 kB (3149 bytes)
Hash
bbebeacccd930c7d1ecd4e6d8af7cc9d
619cb00e35275b5413c8f41436a46a2244fe4a75
c02d26826c43d679f6f7f35dcb5f9f81057281c564c721b29108493b0274638e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Tencent

HTTP Headers

GET /css/login/facebook.css HTTP/1.1
Host: jdo20.hkqwo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:55:24 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Sun, 10 Dec 2023 22:55:24 GMT
last-modified: Sat, 18 Sep 2021 19:59:00 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FVPqt2RnjF%2FWYSAFJZ5eJWajbq0nm94w%2F6wWwyV1%2B4ibdkUD9MPPE8kUSq7JbaGYT5rIH%2BRw1ZH4WwIfQSvBiIrwk3Ps6lLoHHfa2rqyI8Bm4wam5gWzsTUP8jR77OnjLuY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff65a17fa156b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

jdo20.hkqwo.com/

172.67.194.181

200 OK

31 kB

URL GET HTTP/3
jdo20.hkqwo.com/
IP
172.67.194.181:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthkqwo.com
Fingerprint72:78:41:C2:00:0B:A2:1A:06:7E:F6:B1:37:EA:8B:B1:AB:10:3D:67
ValidityThu, 19 Oct 2023 06:12:29 GMT - Wed, 17 Jan 2024 06:12:28 GMT

File type

Size
31 kB (30646 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Tencent

HTTP Headers

GET / HTTP/1.1
Host: jdo20.hkqwo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:55:24 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vmJLnhhCqkqhU56r0CCXYX6pZhl%2Bmc1HsAy9cmr1gc7tSrWznmp2vTbzRze37%2BuK3qQbx23CmhmIREKnj3ze9apS1BdOeG4xy9y6nYipGKWGJpUgjw9eFXPqZtsjSEjWn1E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff65a1cfe656b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/fonts/Material-Design-Iconic-Font.woff2?v=2.2.0

104.17.24.14

200 OK

38 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/fonts/Material-Design-Iconic-Font.woff2?v=2.2.0
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 38384, version 1.0\012- data
Size
38 kB (38384 bytes)
Hash
a4d31128b633bc0b1cc1f18a34fb3851
6ee4c79372c3fd679706306ede47e4b03cf53d60
e8eea96e29a7c0a72612ab85ca3229979666467a28349642c2176e7189a1a39c

HTTP Headers

GET /ajax/libs/material-design-iconic-font/2.2.0/fonts/Material-Design-Iconic-Font.woff2?v=2.2.0 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://jdo20.hkqwo.com
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:55:25 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 38384
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "5eb03ed9-95f0"
last-modified: Mon, 04 May 2020 16:12:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1010207
expires: Fri, 22 Nov 2024 22:55:25 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nY%2F2JLyI9qVPiiU%2BhZdhKSayY6d1Gpdgsfst%2Fy9lj3FqW3KAvH688D2zoaa3hkfqMUxf3Ioz7a92mlVWbn1peSojPrs56FFyWPVt%2BM2WDddJ3h7szYC9yPxsTQibz2iDFHEIGtzd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 82ff65a72e5db4ff-OSL
alt-svc: h3=":443"; ma=86400

jdo20.hkqwo.com/

172.67.194.181

200 OK

31 kB

URL GET HTTP/3
jdo20.hkqwo.com/
IP
172.67.194.181:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthkqwo.com
Fingerprint72:78:41:C2:00:0B:A2:1A:06:7E:F6:B1:37:EA:8B:B1:AB:10:3D:67
ValidityThu, 19 Oct 2023 06:12:29 GMT - Wed, 17 Jan 2024 06:12:28 GMT

File type

Size
31 kB (30646 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Tencent

HTTP Headers

GET / HTTP/1.1
Host: jdo20.hkqwo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:55:25 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1s%2FQvq%2BlVQEibS%2FtqsGeT%2B6RzsFz1ZyN%2BLOcCrMcviQhCPttQhnOBxgReynUBiFY6TNt%2Fbl8beUc5BAtqbnMjEub9y5bpGKBuaM8i7Tq%2BK%2BwQ8ADLB4ND9Tgc8MiW7Z%2Fo%2FM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff65a71c2456b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

jdo20.hkqwo.com/css/login/google.css

172.67.194.181

200 OK

4.4 kB

URL GET HTTP/3
jdo20.hkqwo.com/css/login/google.css
IP
172.67.194.181:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthkqwo.com
Fingerprint72:78:41:C2:00:0B:A2:1A:06:7E:F6:B1:37:EA:8B:B1:AB:10:3D:67
ValidityThu, 19 Oct 2023 06:12:29 GMT - Wed, 17 Jan 2024 06:12:28 GMT

File type
ASCII text, with very long lines (4660), with no line terminators
Size
4.4 kB (4368 bytes)
Hash
01a8e2e01e9c0163625cdb23f3847e2d
e2c75e3df440f99896749e10f9ad431b373c8815
0779d44fa3b38a0736cbaae9a591d82324f59297e89eb6cec1030f3e110ea3ec

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Tencent

HTTP Headers

GET /css/login/google.css HTTP/1.1
Host: jdo20.hkqwo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:55:24 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Sun, 10 Dec 2023 22:55:24 GMT
last-modified: Sat, 18 Sep 2021 19:59:00 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8ptuuyf5DpzLTLMMLCWFJRsJ%2FcBLnNq9hkRxaywmOAN%2F84WkL0gJUsWHAPjTDFbXMKP2liLjRHWum1%2B329Uprb0EVlDGdpMN9%2Bc8b0po3FFqMyRCMBZ9uxSLYU1y4naoFPc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff65a17fa756b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

i.top4top.io/p_2161oidcm0.jpg

0.0.0.0

0 B

URL GET
i.top4top.io/p_2161oidcm0.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://jdo20.hkqwo.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /p_2161oidcm0.jpg HTTP/1.1
Host: i.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

fonts.googleapis.com/css2?family=Teko&display=swap

142.250.74.106

200 OK

1.1 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Teko&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (1090), with no line terminators
Size
1.1 kB (1066 bytes)
Hash
fd38c1df7aa784ddfca3a295637e8013
36a2a776bb99ddca21ec2ba7fe0123ef7fa5f785
3d58d0c25e0cf46f20c84b485cddf9927dc92b3d1c24e702553e96263fd4b032

HTTP Headers

GET /css2?family=Teko&amp;display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 03 Dec 2023 22:55:24 GMT
date: Sun, 03 Dec 2023 22:55:24 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

g.top4top.io/p_2161d4yf50.jpg

0.0.0.0

0 B

URL GET
g.top4top.io/p_2161d4yf50.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://jdo20.hkqwo.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /p_2161d4yf50.jpg HTTP/1.1
Host: g.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

jdo20.hkqwo.com/css/animate.css

172.67.194.181

200 OK

78 kB

URL GET HTTP/3
jdo20.hkqwo.com/css/animate.css
IP
172.67.194.181:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthkqwo.com
Fingerprint72:78:41:C2:00:0B:A2:1A:06:7E:F6:B1:37:EA:8B:B1:AB:10:3D:67
ValidityThu, 19 Oct 2023 06:12:29 GMT - Wed, 17 Jan 2024 06:12:28 GMT

File type
ASCII text
Size
78 kB (77907 bytes)
Hash
91cc40989e5e96e8d6bddc0f19598441
77b5378a2b4bfc120e52782dd869aeab7efe2fd4
6b6b686ecaa56e02ec5aced95541a03f922f599b31f1b4cd429ceca824a6e669

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Tencent

HTTP Headers

GET /css/animate.css HTTP/1.1
Host: jdo20.hkqwo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:55:24 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Sun, 10 Dec 2023 22:55:24 GMT
last-modified: Sat, 18 Sep 2021 19:59:00 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bc1vefNzdOxw%2FgfuNDZZXFBvt%2Bs1EBMTQ2bHYE8ZFpYSlff65UlDM%2FJnRqgVjotynJkqtpZgR2I5JG%2BIBvpN7%2B4PJfbPkb%2FoTmMlx0TIbKWe45YWpZbpPxhvaQVkc52rj58%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff65a17fa956b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

b.top4top.io/p_2161kkufp0.jpg

0.0.0.0

0 B

URL GET
b.top4top.io/p_2161kkufp0.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://jdo20.hkqwo.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /p_2161kkufp0.jpg HTTP/1.1
Host: b.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

jdo20.hkqwo.com/css/login/twitter.css

172.67.194.181

200 OK

1.8 kB

URL GET HTTP/3
jdo20.hkqwo.com/css/login/twitter.css
IP
172.67.194.181:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthkqwo.com
Fingerprint72:78:41:C2:00:0B:A2:1A:06:7E:F6:B1:37:EA:8B:B1:AB:10:3D:67
ValidityThu, 19 Oct 2023 06:12:29 GMT - Wed, 17 Jan 2024 06:12:28 GMT

File type
ASCII text, with very long lines (1961), with no line terminators
Size
1.8 kB (1835 bytes)
Hash
951641108d84968611b6eef53747a65c
81bdaa898e4a4a966f2078e2840ae87e4b631904
0ebb9cd0fd9589d23fdd146cae3ff29822314261289e20830d379e280c1b7bbe

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Tencent

HTTP Headers

GET /css/login/twitter.css HTTP/1.1
Host: jdo20.hkqwo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:55:24 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Sun, 10 Dec 2023 22:55:24 GMT
last-modified: Sat, 18 Sep 2021 19:59:00 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p1Py5XaaAtnSlLT5VWOCt08DJkPriLfkK3XOGYB%2Bnbg7jy9zi8U3QFUxELv6vVpLQyrVYhH1byxeamTXQps%2BlbzcUqs7EHekX1XO8XL8keosIbOEdwTrRidBUNHW8D4yBQc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff65a17fa356b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

jdo20.hkqwo.com/js/tab.js

172.67.194.181

200 OK

651 B

URL GET HTTP/3
jdo20.hkqwo.com/js/tab.js
IP
172.67.194.181:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jdo20.hkqwo.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthkqwo.com
Fingerprint72:78:41:C2:00:0B:A2:1A:06:7E:F6:B1:37:EA:8B:B1:AB:10:3D:67
ValidityThu, 19 Oct 2023 06:12:29 GMT - Wed, 17 Jan 2024 06:12:28 GMT

File type
ASCII text, with very long lines (680), with no line terminators
Size
651 B (651 bytes)
Hash
eed20613eb7d4e86b5c59a3059524e89
65b940197902e78b6edca6852f733cee40377714
645c490b9c32dd91d9fd3cf3470fe12e35372f105108cb4d9ac854dae5622d5a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Tencent

HTTP Headers

GET /js/tab.js HTTP/1.1
Host: jdo20.hkqwo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jdo20.hkqwo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:55:24 GMT
content-type: text/javascript
last-modified: Sat, 18 Sep 2021 19:58:58 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VGwL7HijKMqrCCkKHg76uCeCv4HEf2%2BKccg%2BOSldvp3c0Ydr%2FDyues6SIW5i%2FAHw%2FPdkmrhKYO7aEAmJRGx%2FrGkg5%2FYGmogdyjhQvN%2FRqDABmEqZ%2BIqEOlvo5Jp%2F65Y0Erk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff65a1f82c56b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (41)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3