Report - 0gsq6hpnoy.pgqshippingline.com/dir/script/

Report Overview

Visited public
2023-12-10 05:38:14
Tags
URL
0gsq6hpnoy.pgqshippingline.com/dir/script/
Finishing URL
0gsq6hpnoy.pgqshippingline.com/dir/script/
IP / ASN
192.185.195.27
#46606 UNIFIEDLAYER-AS-1
Title
SkyDrop Enterprises

Detections

urlquery

Network Intrusion Detection

117

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
maps.gstatic.com	unknown	2008-02-11	2016-01-11 17:55:17	2023-12-09 13:34:14	441 B	62 kB	142.250.74.3
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-09 07:42:19	1.0 kB	24 kB	142.250.74.106
0gsq6hpnoy.pgqshippingline.com	unknown	2020-12-28	2023-07-26 22:12:36	2023-07-26 22:12:45	16 kB	438 kB	192.185.195.27
maps.google.com	1899	1997-09-15	2012-09-11 01:07:43	2023-12-09 21:28:37	641 B	480 B	142.250.74.46
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-09 06:06:20	2.3 kB	132 kB	216.58.211.3
www.google.com	7	1997-09-15	2015-05-10 13:11:19	2023-12-09 10:58:51	633 B	1.6 kB	142.250.74.132
maps.googleapis.com	33876	2005-01-25	2019-10-17 17:56:16	2023-12-09 08:00:33	3.7 kB	217 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:54	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:55	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:37:56	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:37:56	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:37:56	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:38:01	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:38:01	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:38:01	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:38:01	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:38:01	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:38:01	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:38:01	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:38:01	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:38:01	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:38:01	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:38:01	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:38:01	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:38:01	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:38:01	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:38:01	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-12-10 05:38:01	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-12-10 05:38:01	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-12-10 05:38:01	low	192.185.195.27	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (15)

	URL	From	Size	First Seen	Last Seen
	maps.gstatic.com/maps-api-v3/embed/js/55/4/init_embed.js	ScriptElement	232 kB	2023-12-06	2024-12-24
Pretty URL maps.gstatic.com/maps-api-v3/embed/js/55/4/init_embed.js IP 142.250.74.3 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-06 20:41 Last Seen2024-12-24 07:02 Times Seen736 Hash e5f346e72fb065c353010d0d8076499e 53bbae9cada660daf922ca2010fcf65bb3a3bf76 91c517b650261a41b75a3dff1ba8d77ab069db61b32df2cd470bc3bfad5409ce Loading...

	maps.googleapis.com/maps-api-v3/api/js/55/4/overlay.js	ScriptElement	3.4 kB	2023-12-06	2024-12-24
Pretty URL maps.googleapis.com/maps-api-v3/api/js/55/4/overlay.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-06 20:41 Last Seen2024-12-24 07:02 Times Seen813 Hash d1290de5da8a835304b6f7206d907119 53960cc38980f6c3c96308c205713bf2a8afab41 88e2d34a2ecd255e7c30d9436d1f8f7156973f2badc72161da7f3c1901ae5bec Loading...

	maps.googleapis.com/maps-api-v3/api/js/55/4/search_impl.js	ScriptElement	3.3 kB	2023-12-06	2024-12-24
Pretty URL maps.googleapis.com/maps-api-v3/api/js/55/4/search_impl.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-06 20:41 Last Seen2024-12-24 07:02 Times Seen683 Hash 2518ef679c2d0c0c0758a3f97795e60d 260f8b57aa076ecd6092d7d80f5fd9bfe838d20d c15a24cfd927f84920b607b2764a5f7fde792140f08c64ea3808eec291b6d038 Loading...

	0gsq6hpnoy.pgqshippingline.com/dir/script/	ScriptElement	7.2 kB	2023-10-25	2024-08-21
Pretty URL 0gsq6hpnoy.pgqshippingline.com/dir/script/ IP 192.185.195.27 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-25 08:58 Last Seen2024-08-21 03:29 Times Seen3 Hash 005ce1f4ce4429c59c9bbf4e822336f8 a84dadffb78fdf7386756462e45e032bc574c396 887b037b8a4d251c2c30484e168ffbe070a7be28c989c7895cb52a38dc716fc8 Loading...

	0gsq6hpnoy.pgqshippingline.com/dir/script/	ScriptElement	19 B	2023-03-09	2025-03-05
Pretty URL 0gsq6hpnoy.pgqshippingline.com/dir/script/ IP 192.185.195.27 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 09:02 Last Seen2025-03-05 07:53 Times Seen26 Hash b722d783041a5c70930234daeadfd378 978aaef396830f0034ee4aa0a169de6f03577bde 55eaaa243fc385f3b5a3ac28da1a68c30df7b12e5eb6f1d054bfbbe03c5264d8 Loading...

	www.google.com/maps/embed?origin=mfe&pb=!1m3!2m1!1s1685+Briargate+Pkwy,+Colorado+Springs,+CO+80920!6i8!3m1!1sen!5m1!1sen	ScriptElement	0 B	0001-01-01	2025-05-10
Pretty URL www.google.com/maps/embed?origin=mfe&pb=!1m3!2m1!1s1685+Briargate+Pkwy,+Colorado+Springs,+CO+80920!6i8!3m1!1sen!5m1!1sen IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-10 07:17 Times Seen4641685 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=en&callback=onApiLoad	ScriptElement	184 kB	2023-12-10	2023-12-10
Pretty URL maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=en&callback=onApiLoad IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-10 06:38 Last Seen2023-12-10 06:38 Times Seen1 Hash c57c3c6c8bfb4ad552683aaf3e218400 4dd153328d22dea8aac247cf938f5d3a47e254b1 87d7c3ebd1c4e2e47cdf0d6d9c46080152d1dd7407b847d4f1da967bd897b2c9 Loading...

	maps.googleapis.com/maps-api-v3/api/js/55/4/onion.js	ScriptElement	27 kB	2023-12-06	2024-12-24
Pretty URL maps.googleapis.com/maps-api-v3/api/js/55/4/onion.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-06 20:41 Last Seen2024-12-24 07:02 Times Seen803 Hash 86a8ef66f5412b1da4106dfffbc074bd fa74c571ebb7bb185cc60075edfccc3f8c13e74c f192fc1904ff65df2e882e7cb7afa1432a424adeecefeb081c53c4fde85be8fe Loading...

	0gsq6hpnoy.pgqshippingline.com/dir/script/	ScriptElement	19 B	2023-03-09	2025-03-05
Pretty URL 0gsq6hpnoy.pgqshippingline.com/dir/script/ IP 192.185.195.27 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 09:02 Last Seen2025-03-05 07:53 Times Seen20 Hash bd9133eaa3c8469bb4c37d44fbcf9c53 52ea0b2a6fb85639ee93d7f4ee7fa80c746cadac 51c62232121ff7849b63595f052d6c7fae6ed50212d395f67819993a90e502e2 Loading...

	0gsq6hpnoy.pgqshippingline.com/dir/script/	ScriptElement	19 B	2023-03-12	2025-02-18
Pretty URL 0gsq6hpnoy.pgqshippingline.com/dir/script/ IP 192.185.195.27 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 08:11 Last Seen2025-02-18 18:48 Times Seen23 Hash e26c17e43163d99e18193bfe7ed83289 7d502c00fb6d184b7c7e3a54833619a916473b8f 46c8196fe47a5709001857e2bcecf575e9f1d6c3f0d6a491f370a66ee5f75204 Loading...

	0gsq6hpnoy.pgqshippingline.com/dir/script/	ScriptElement	743 B	2023-10-25	2024-08-21
Pretty URL 0gsq6hpnoy.pgqshippingline.com/dir/script/ IP 192.185.195.27 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-25 08:58 Last Seen2024-08-21 03:29 Times Seen3 Hash 309f7356958f086ef55f1a8504762d8c 34996a92a96029ecf31fb62f0521d7606867e759 78e0fa6937a94cc4233638a41972f1af25b9dbde4e664b9ad2656afc84371bee Loading...

	maps.googleapis.com/maps-api-v3/api/js/55/4/common.js	ScriptElement	262 kB	2023-12-06	2024-12-24
Pretty URL maps.googleapis.com/maps-api-v3/api/js/55/4/common.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-06 20:41 Last Seen2024-12-24 07:02 Times Seen1958 Hash 2f1f93a50ec0f20d9429cd4486075cd9 7e899396ac3541ac2ce40993a60cb3ef15ea4e6f 969dace001ef24f99f38bd00c5578b85ba9368e77a5667cfcaeaa29d2f57657b Loading...

	maps.googleapis.com/maps-api-v3/api/js/55/4/util.js	ScriptElement	178 kB	2023-12-06	2024-12-24
Pretty URL maps.googleapis.com/maps-api-v3/api/js/55/4/util.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-06 20:41 Last Seen2024-12-24 07:02 Times Seen1959 Hash 3aecc4da8982cd3ee2c71448592b54bd 2af800db00e7fe620d1a3828420c8d866ebd579c e759dc710ec6d9f9438d5a77f834b247254512fb90cf520764ab591db32cf5cb Loading...

	maps.googleapis.com/maps-api-v3/api/js/55/4/map.js	ScriptElement	73 kB	2023-12-06	2024-12-24
Pretty URL maps.googleapis.com/maps-api-v3/api/js/55/4/map.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-06 20:41 Last Seen2024-12-24 07:02 Times Seen983 Hash 86808d6e775e7ab077eadd3952b9769a 1c7d8a35e618e143952d5bfe8900788b1b95fe34 0cf6d91acfbd231daa3ccf96e67596a75ea04458209786b2814f13a7f14fbf6c Loading...

	0gsq6hpnoy.pgqshippingline.com/dir/script/	ScriptElement	1.2 kB	2023-05-26	2025-03-05
Pretty URL 0gsq6hpnoy.pgqshippingline.com/dir/script/ IP 192.185.195.27 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-26 14:54 Last Seen2025-03-05 07:53 Times Seen5 Hash 95c32d353a55d8e1c2662266018e12c5 41f1ad5d00d006e9498d6efdf1b2abc1b44a8c4b 9a91ed80f09d74789029487a3a58a86b6a428644cb101797309820d986309fd1 Loading...

HTTP Transactions (57)

URL IP Response Size

0gsq6hpnoy.pgqshippingline.com/dir/script/

192.185.195.27

403 Forbidden

11 kB

URL User Request GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF, LF line terminators
Size
11 kB (10697 bytes)
Hash
d2bb70c107b0b1f410d7690be9894751
70ff0adb276a8acfbbfe30564671717b836c8d41
ed0c93e70b357d83dd1d8c583a73d93267593ce372d7a77d032f2729baf31555

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/ HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
last-modified: Wed, 03 May 2023 12:38:34 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 10697
content-type: text/html
date: Sun, 10 Dec 2023 05:37:45 GMT
server: Apache
X-Firefox-Spdy: h2

0gsq6hpnoy.pgqshippingline.com/dir/script/

192.185.195.27

403 Forbidden

11 kB

URL User Request GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF, LF line terminators
Size
11 kB (10697 bytes)
Hash
d2bb70c107b0b1f410d7690be9894751
70ff0adb276a8acfbbfe30564671717b836c8d41
ed0c93e70b357d83dd1d8c583a73d93267593ce372d7a77d032f2729baf31555

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/ HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Sun, 10 Dec 2023 05:37:46 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 03 May 2023 12:38:34 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10697
Keep-Alive: timeout=5, max=75
Content-Type: text/html

0gsq6hpnoy.pgqshippingline.com/dir/script/dir/style/boot.css

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/dir/style/boot.css
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/dir/style/boot.css HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:46 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

0gsq6hpnoy.pgqshippingline.com/dir/script/dir/style/button.css

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/dir/style/button.css
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/dir/style/button.css HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:46 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=utf-8

0gsq6hpnoy.pgqshippingline.com/dir/script/dir/style/boot.min.css.map

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/dir/style/boot.min.css.map
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/dir/style/boot.min.css.map HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:46 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=utf-8

0gsq6hpnoy.pgqshippingline.com/dir/script/dir/style/fancy.css

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/dir/style/fancy.css
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/dir/style/fancy.css HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:46 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=utf-8

0gsq6hpnoy.pgqshippingline.com/dir/script/dir/style/icon.css

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/dir/style/icon.css
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/dir/style/icon.css HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:46 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=utf-8

0gsq6hpnoy.pgqshippingline.com/dir/script/dir/style/sli.css

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/dir/style/sli.css
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/dir/style/sli.css HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:46 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=utf-8

0gsq6hpnoy.pgqshippingline.com/dir/script/dir/style/sli-theme.css

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/dir/style/sli-theme.css
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/dir/style/sli-theme.css HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:47 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

0gsq6hpnoy.pgqshippingline.com/dir/script/dir/style/query.css

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/dir/style/query.css
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/dir/style/query.css HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:47 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

0gsq6hpnoy.pgqshippingline.com/dir/script/dir/script/jqueryv36.min.js

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/dir/script/jqueryv36.min.js
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/dir/script/jqueryv36.min.js HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:47 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

0gsq6hpnoy.pgqshippingline.com/dir/script/dir/script/boot.min.js

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/dir/script/boot.min.js
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/dir/script/boot.min.js HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:47 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

0gsq6hpnoy.pgqshippingline.com/dir/script/dir/script/fancy.js

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/dir/script/fancy.js
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/dir/script/fancy.js HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:47 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

0gsq6hpnoy.pgqshippingline.com/dir/script/dir/script/getdate.js

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/dir/script/getdate.js
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/dir/script/getdate.js HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:47 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

0gsq6hpnoy.pgqshippingline.com/dir/script/dir/script/sli.min.js

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/dir/script/sli.min.js
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/dir/script/sli.min.js HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:47 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

maps.google.com/maps?hl=en&q=1685%20Briargate%20Pkwy%2C%20Colorado%20Springs%2C%20CO%2080920&ie=UTF8&t=&z=8&iwloc=B&output=embed

142.250.74.46

301 Moved Permanently

0 B

URL GET HTTP/2
maps.google.com/maps?hl=en&q=1685%20Briargate%20Pkwy%2C%20Colorado%20Springs%2C%20CO%2080920&ie=UTF8&t=&z=8&iwloc=B&output=embed
IP
142.250.74.46:443
ASN
#15169 GOOGLE

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint5D:3A:D9:47:14:B0:78:30:A1:BF:B4:45:F6:F5:81:AD:0A:C7:76:89
ValidityMon, 20 Nov 2023 08:02:55 GMT - Mon, 12 Feb 2024 08:02:54 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /maps?hl=en&q=1685%20Briargate%20Pkwy%2C%20Colorado%20Springs%2C%20CO%2080920&ie=UTF8&t=&z=8&iwloc=B&output=embed HTTP/1.1
Host: maps.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
location: https://www.google.com/maps/embed?origin=mfe&pb=!1m3!2m1!1s1685+Briargate+Pkwy,+Colorado+Springs,+CO+80920!6i8!3m1!1sen!5m1!1sen
vary: Origin, X-Origin, Referer
date: Sun, 10 Dec 2023 05:37:47 GMT
content-type: text/html
server: scaffolding on HTTPServer2
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/piazzolla/v35/N0bE2SlTPu5rIkWIZjVKKtYtfxYqZ4RJBFzFV4kLYA.woff2

216.58.211.3

200 OK

32 kB

URL GET HTTP/2
fonts.gstatic.com/s/piazzolla/v35/N0bE2SlTPu5rIkWIZjVKKtYtfxYqZ4RJBFzFV4kLYA.woff2
IP
216.58.211.3:443
ASN
#15169 GOOGLE

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 31992, version 1.0 - data
Size
32 kB (31992 bytes)
Hash
e17de8e866de6deb125ae6ca9bde6d9c
0392f306a384793c21e46b30e2b4f9113287c8f5
ac8139c1d4d1bdcd97b41ac5e728e8c0159eca8c054af1c59c4511f1e5f3bce5

HTTP Headers

GET /s/piazzolla/v35/N0bE2SlTPu5rIkWIZjVKKtYtfxYqZ4RJBFzFV4kLYA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://0gsq6hpnoy.pgqshippingline.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 31992
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 15:48:57 GMT
expires: Fri, 06 Dec 2024 15:48:57 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Aug 2023 17:23:28 GMT
content-type: font/woff2
age: 222530
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/piazzolla/v35/N0bE2SlTPu5rIkWIZjVKKtYtfxYqZ4RJBFzFV4kLYA.woff2

216.58.211.3

200 OK

32 kB

URL GET HTTP/2
fonts.gstatic.com/s/piazzolla/v35/N0bE2SlTPu5rIkWIZjVKKtYtfxYqZ4RJBFzFV4kLYA.woff2
IP
216.58.211.3:443
ASN
#15169 GOOGLE

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 31992, version 1.0 - data
Size
32 kB (31992 bytes)
Hash
e17de8e866de6deb125ae6ca9bde6d9c
0392f306a384793c21e46b30e2b4f9113287c8f5
ac8139c1d4d1bdcd97b41ac5e728e8c0159eca8c054af1c59c4511f1e5f3bce5

HTTP Headers

GET /s/piazzolla/v35/N0bE2SlTPu5rIkWIZjVKKtYtfxYqZ4RJBFzFV4kLYA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://0gsq6hpnoy.pgqshippingline.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 31992
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 15:48:57 GMT
expires: Fri, 06 Dec 2024 15:48:57 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Aug 2023 17:23:28 GMT
content-type: font/woff2
age: 222530
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/piazzolla/v35/N0bE2SlTPu5rIkWIZjVKKtYtfxYqZ4RJBFzFV4kLYA.woff2

216.58.211.3

200 OK

32 kB

URL GET HTTP/2
fonts.gstatic.com/s/piazzolla/v35/N0bE2SlTPu5rIkWIZjVKKtYtfxYqZ4RJBFzFV4kLYA.woff2
IP
216.58.211.3:443
ASN
#15169 GOOGLE

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 31992, version 1.0 - data
Size
32 kB (31992 bytes)
Hash
e17de8e866de6deb125ae6ca9bde6d9c
0392f306a384793c21e46b30e2b4f9113287c8f5
ac8139c1d4d1bdcd97b41ac5e728e8c0159eca8c054af1c59c4511f1e5f3bce5

HTTP Headers

GET /s/piazzolla/v35/N0bE2SlTPu5rIkWIZjVKKtYtfxYqZ4RJBFzFV4kLYA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://0gsq6hpnoy.pgqshippingline.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 31992
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 15:48:57 GMT
expires: Fri, 06 Dec 2024 15:48:57 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Aug 2023 17:23:28 GMT
content-type: font/woff2
age: 222530
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/piazzolla/v35/N0bG2SlTPu5rIkWIZjVgI-TckS03oGpPETyEJ887YtBF.woff2

216.58.211.3

200 OK

33 kB

URL GET HTTP/2
fonts.gstatic.com/s/piazzolla/v35/N0bG2SlTPu5rIkWIZjVgI-TckS03oGpPETyEJ887YtBF.woff2
IP
216.58.211.3:443
ASN
#15169 GOOGLE

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 33188, version 1.0 - data
Size
33 kB (33188 bytes)
Hash
3ea8b709a5d58ef1e31c2e51f16ab53d
dd78d8889ab90ab4dc94e8a99225c1914feb932d
94caa9a18d2579d11aba57a2223f9e7b885543df734738b68d9d444648920f13

HTTP Headers

GET /s/piazzolla/v35/N0bG2SlTPu5rIkWIZjVgI-TckS03oGpPETyEJ887YtBF.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://0gsq6hpnoy.pgqshippingline.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 33188
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 08 Dec 2023 09:19:09 GMT
expires: Sat, 07 Dec 2024 09:19:09 GMT
cache-control: public, max-age=31536000
age: 159518
last-modified: Thu, 24 Aug 2023 17:30:32 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

0gsq6hpnoy.pgqshippingline.com/dir/script/dir/script/main.js

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/dir/script/main.js
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/dir/script/main.js HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:47 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

0gsq6hpnoy.pgqshippingline.com/dir/script/avatar/w-1.jpg

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/avatar/w-1.jpg
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/avatar/w-1.jpg HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:47 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

0gsq6hpnoy.pgqshippingline.com/dir/script/avatar/m-0.jpg

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/avatar/m-0.jpg
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/avatar/m-0.jpg HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:47 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

0gsq6hpnoy.pgqshippingline.com/dir/script/gallery/5-gallery.jpg

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/gallery/5-gallery.jpg
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/gallery/5-gallery.jpg HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:47 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

0gsq6hpnoy.pgqshippingline.com/dir/script/avatar/w-0.jpg

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/avatar/w-0.jpg
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/avatar/w-0.jpg HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:47 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

0gsq6hpnoy.pgqshippingline.com/dir/script/logotip.svg

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/logotip.svg
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/logotip.svg HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:47 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

www.google.com/maps/embed?origin=mfe&pb=!1m3!2m1!1s1685+Briargate+Pkwy,+Colorado+Springs,+CO+80920!6i8!3m1!1sen!5m1!1sen

142.250.74.132

200 OK

968 B

URL GET HTTP/2
www.google.com/maps/embed?origin=mfe&pb=!1m3!2m1!1s1685+Briargate+Pkwy,+Colorado+Springs,+CO+80920!6i8!3m1!1sen!5m1!1sen
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
Fingerprint50:3E:DA:12:EC:7F:39:A5:E9:4F:16:D7:D6:AA:BF:45:15:44:7F:E9
ValidityMon, 20 Nov 2023 08:09:47 GMT - Mon, 12 Feb 2024 08:09:46 GMT

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document text - exported SGML document, ASCII text, with very long lines (1409)
Size
968 B (968 bytes)
Hash
250463586e9cb54c1fb2081323554956
899ad3071570a0a177fa067e5c706cf43dc80ed7
bbabf8189e65656533245753d6d466275083cf37dd09351c7e5e105af7a5d48c

HTTP Headers

GET /maps/embed?origin=mfe&pb=!1m3!2m1!1s1685+Briargate+Pkwy,+Colorado+Springs,+CO+80920!6i8!3m1!1sen!5m1!1sen HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://0gsq6hpnoy.pgqshippingline.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
pragma: no-cache
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce--y-UdfuUr_wa4F6_hZevfw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/geo-maps-api/1
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT
content-type: text/html; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sun, 10 Dec 2023 05:37:48 GMT
server: scaffolding on HTTPServer2
content-length: 968
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

0gsq6hpnoy.pgqshippingline.com/dir/script/dir/style/bg/0_opacity.png

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/dir/style/bg/0_opacity.png
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/dir/style/bg/0_opacity.png HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/dir/style/query.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:47 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

0gsq6hpnoy.pgqshippingline.com/dir/script/gallery/2-gallery.jpg

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/gallery/2-gallery.jpg
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/gallery/2-gallery.jpg HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:48 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

0gsq6hpnoy.pgqshippingline.com/dir/script/bg/0_bg.jpg

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/bg/0_bg.jpg
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/bg/0_bg.jpg HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:47 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

0gsq6hpnoy.pgqshippingline.com/dir/script/gallery/0-gallery.jpg

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/gallery/0-gallery.jpg
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/gallery/0-gallery.jpg HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:47 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

0gsq6hpnoy.pgqshippingline.com/dir/script/gallery/1-gallery.jpg

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/gallery/1-gallery.jpg
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/gallery/1-gallery.jpg HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:48 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

0gsq6hpnoy.pgqshippingline.com/dir/script/gallery/3-gallery.jpg

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/gallery/3-gallery.jpg
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/gallery/3-gallery.jpg HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:48 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=en&callback=onApiLoad

142.250.74.106

200 OK

63 kB

URL GET HTTP/3
maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=en&callback=onApiLoad
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/maps/embed?origin=mfe&pb=!1m3!2m1!1s1685+Briargate+Pkwy,+Colorado+Springs,+CO+80920!6i8!3m1!1sen!5m1!1sen
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC
ValidityMon, 20 Nov 2023 08:08:50 GMT - Mon, 12 Feb 2024 08:08:49 GMT

File type
ASCII text, with very long lines (2458)
Size
63 kB (63100 bytes)
Hash
c57c3c6c8bfb4ad552683aaf3e218400
4dd153328d22dea8aac247cf938f5d3a47e254b1
87d7c3ebd1c4e2e47cdf0d6d9c46080152d1dd7407b847d4f1da967bd897b2c9

HTTP Headers

GET /maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=en&callback=onApiLoad HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=1800
content-type: text/javascript; charset=UTF-8
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sun, 10 Dec 2023 05:37:48 GMT
server: scaffolding on HTTPServer2
content-length: 63100
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

0gsq6hpnoy.pgqshippingline.com/dir/script/dir/style/bg/1_opacity.png

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/dir/style/bg/1_opacity.png
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/dir/style/bg/1_opacity.png HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/dir/style/query.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:48 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

142.250.74.106

200 OK

23 B

URL GET HTTP/3
maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/maps/embed?origin=mfe&pb=!1m3!2m1!1s1685+Briargate+Pkwy,+Colorado+Springs,+CO+80920!6i8!3m1!1sen!5m1!1sen
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC
ValidityMon, 20 Nov 2023 08:08:50 GMT - Mon, 12 Feb 2024 08:08:49 GMT

File type
JSON data - , ASCII text
Size
23 B (23 bytes)
Hash
8a80554c91d9fca8acb82f023de02f11
5f36b2ea290645ee34d943220a14b54ee5ea5be5
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

HTTP Headers

GET /maps/api/mapsjs/gen_204?csp_test=true HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sun, 10 Dec 2023 05:37:48 GMT
server: scaffolding on HTTPServer2
cache-control: private
content-length: 23
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.google.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

maps.gstatic.com/maps-api-v3/embed/js/55/4/init_embed.js

142.250.74.3

200 OK

61 kB

URL GET HTTP/2
maps.gstatic.com/maps-api-v3/embed/js/55/4/init_embed.js
IP
142.250.74.3:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/maps/embed?origin=mfe&pb=!1m3!2m1!1s1685+Briargate+Pkwy,+Colorado+Springs,+CO+80920!6i8!3m1!1sen!5m1!1sen
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
ASCII text, with very long lines (3246)
Size
61 kB (61041 bytes)
Hash
e5f346e72fb065c353010d0d8076499e
53bbae9cada660daf922ca2010fcf65bb3a3bf76
91c517b650261a41b75a3dff1ba8d77ab069db61b32df2cd470bc3bfad5409ce

HTTP Headers

GET /maps-api-v3/embed/js/55/4/init_embed.js HTTP/1.1
Host: maps.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 61041
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 15:43:57 GMT
expires: Fri, 06 Dec 2024 15:43:57 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 04 Dec 2023 22:55:19 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 222831
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

0gsq6hpnoy.pgqshippingline.com/dir/script/1683088714.jpg

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/1683088714.jpg
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/1683088714.jpg HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:48 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

0gsq6hpnoy.pgqshippingline.com/dir/script/partners/4.svg

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/partners/4.svg
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/partners/4.svg HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:48 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

maps.googleapis.com/maps-api-v3/api/js/55/4/common.js

142.250.74.106

200 OK

58 kB

URL GET HTTP/3
maps.googleapis.com/maps-api-v3/api/js/55/4/common.js
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/maps/embed?origin=mfe&pb=!1m3!2m1!1s1685+Briargate+Pkwy,+Colorado+Springs,+CO+80920!6i8!3m1!1sen!5m1!1sen
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC
ValidityMon, 20 Nov 2023 08:08:50 GMT - Mon, 12 Feb 2024 08:08:49 GMT

File type
ASCII text, with very long lines (6638)
Size
58 kB (57512 bytes)
Hash
2f1f93a50ec0f20d9429cd4486075cd9
7e899396ac3541ac2ce40993a60cb3ef15ea4e6f
969dace001ef24f99f38bd00c5578b85ba9368e77a5667cfcaeaa29d2f57657b

HTTP Headers

GET /maps-api-v3/api/js/55/4/common.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 57512
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 15:55:08 GMT
expires: Fri, 06 Dec 2024 15:55:08 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 04 Dec 2023 22:55:43 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 222160
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

0gsq6hpnoy.pgqshippingline.com/dir/script/partners/10.svg

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/partners/10.svg
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/partners/10.svg HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:48 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

maps.googleapis.com/maps-api-v3/api/js/55/4/util.js

142.250.74.106

200 OK

55 kB

URL GET HTTP/3
maps.googleapis.com/maps-api-v3/api/js/55/4/util.js
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/maps/embed?origin=mfe&pb=!1m3!2m1!1s1685+Briargate+Pkwy,+Colorado+Springs,+CO+80920!6i8!3m1!1sen!5m1!1sen
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC
ValidityMon, 20 Nov 2023 08:08:50 GMT - Mon, 12 Feb 2024 08:08:49 GMT

File type
ASCII text, with very long lines (562)
Size
55 kB (55175 bytes)
Hash
3aecc4da8982cd3ee2c71448592b54bd
2af800db00e7fe620d1a3828420c8d866ebd579c
e759dc710ec6d9f9438d5a77f834b247254512fb90cf520764ab591db32cf5cb

HTTP Headers

GET /maps-api-v3/api/js/55/4/util.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 55175
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 15:46:02 GMT
expires: Fri, 06 Dec 2024 15:46:02 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 04 Dec 2023 22:55:43 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 222706
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

0gsq6hpnoy.pgqshippingline.com/dir/script/gallery/4-gallery.jpg

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/gallery/4-gallery.jpg
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/gallery/4-gallery.jpg HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:48 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

maps.googleapis.com/maps-api-v3/api/js/55/4/map.js

142.250.74.106

200 OK

24 kB

URL GET HTTP/3
maps.googleapis.com/maps-api-v3/api/js/55/4/map.js
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/maps/embed?origin=mfe&pb=!1m3!2m1!1s1685+Briargate+Pkwy,+Colorado+Springs,+CO+80920!6i8!3m1!1sen!5m1!1sen
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC
ValidityMon, 20 Nov 2023 08:08:50 GMT - Mon, 12 Feb 2024 08:08:49 GMT

File type
ASCII text, with very long lines (2312)
Size
24 kB (23771 bytes)
Hash
86808d6e775e7ab077eadd3952b9769a
1c7d8a35e618e143952d5bfe8900788b1b95fe34
0cf6d91acfbd231daa3ccf96e67596a75ea04458209786b2814f13a7f14fbf6c

HTTP Headers

GET /maps-api-v3/api/js/55/4/map.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 23771
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 15:43:25 GMT
expires: Fri, 06 Dec 2024 15:43:25 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 04 Dec 2023 22:55:43 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 222863
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

0gsq6hpnoy.pgqshippingline.com/dir/script/partners/1.svg

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/partners/1.svg
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/partners/1.svg HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:48 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

maps.googleapis.com/maps-api-v3/api/js/55/4/overlay.js

142.250.74.106

200 OK

1.3 kB

URL GET HTTP/3
maps.googleapis.com/maps-api-v3/api/js/55/4/overlay.js
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/maps/embed?origin=mfe&pb=!1m3!2m1!1s1685+Briargate+Pkwy,+Colorado+Springs,+CO+80920!6i8!3m1!1sen!5m1!1sen
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC
ValidityMon, 20 Nov 2023 08:08:50 GMT - Mon, 12 Feb 2024 08:08:49 GMT

File type
ASCII text, with very long lines (1152)
Size
1.3 kB (1273 bytes)
Hash
d1290de5da8a835304b6f7206d907119
53960cc38980f6c3c96308c205713bf2a8afab41
88e2d34a2ecd255e7c30d9436d1f8f7156973f2badc72161da7f3c1901ae5bec

HTTP Headers

GET /maps-api-v3/api/js/55/4/overlay.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 1273
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 06 Dec 2023 19:31:39 GMT
expires: Thu, 05 Dec 2024 19:31:39 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 04 Dec 2023 22:55:43 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 295569
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

maps.googleapis.com/maps-api-v3/api/js/55/4/onion.js

142.250.74.106

200 OK

8.9 kB

URL GET HTTP/3
maps.googleapis.com/maps-api-v3/api/js/55/4/onion.js
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/maps/embed?origin=mfe&pb=!1m3!2m1!1s1685+Briargate+Pkwy,+Colorado+Springs,+CO+80920!6i8!3m1!1sen!5m1!1sen
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC
ValidityMon, 20 Nov 2023 08:08:50 GMT - Mon, 12 Feb 2024 08:08:49 GMT

File type
ASCII text, with very long lines (2559)
Size
8.9 kB (8900 bytes)
Hash
86a8ef66f5412b1da4106dfffbc074bd
fa74c571ebb7bb185cc60075edfccc3f8c13e74c
f192fc1904ff65df2e882e7cb7afa1432a424adeecefeb081c53c4fde85be8fe

HTTP Headers

GET /maps-api-v3/api/js/55/4/onion.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 8900
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 15:48:42 GMT
expires: Fri, 06 Dec 2024 15:48:42 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 04 Dec 2023 22:55:43 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 222546
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

maps.googleapis.com/maps-api-v3/api/js/55/4/search_impl.js

142.250.74.106

200 OK

1.3 kB

URL GET HTTP/3
maps.googleapis.com/maps-api-v3/api/js/55/4/search_impl.js
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/maps/embed?origin=mfe&pb=!1m3!2m1!1s1685+Briargate+Pkwy,+Colorado+Springs,+CO+80920!6i8!3m1!1sen!5m1!1sen
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC
ValidityMon, 20 Nov 2023 08:08:50 GMT - Mon, 12 Feb 2024 08:08:49 GMT

File type
ASCII text, with very long lines (1470)
Size
1.3 kB (1253 bytes)
Hash
2518ef679c2d0c0c0758a3f97795e60d
260f8b57aa076ecd6092d7d80f5fd9bfe838d20d
c15a24cfd927f84920b607b2764a5f7fde792140f08c64ea3808eec291b6d038

HTTP Headers

GET /maps-api-v3/api/js/55/4/search_impl.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 1253
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 15:46:00 GMT
expires: Fri, 06 Dec 2024 15:46:00 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 04 Dec 2023 22:55:43 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 222708
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

0gsq6hpnoy.pgqshippingline.com/dir/script/partners/12.svg

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/partners/12.svg
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/partners/12.svg HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:48 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

0gsq6hpnoy.pgqshippingline.com/dir/script/partners/13.svg

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/partners/13.svg
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/partners/13.svg HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:48 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

0gsq6hpnoy.pgqshippingline.com/dir/script/partners/14.svg

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/partners/14.svg
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/partners/14.svg HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:48 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

0gsq6hpnoy.pgqshippingline.com/dir/script/partners/7.svg

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/partners/7.svg
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/partners/7.svg HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:48 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

0gsq6hpnoy.pgqshippingline.com/dir/script/avatar/m-1.jpg

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/avatar/m-1.jpg
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/avatar/m-1.jpg HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:48 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

0gsq6hpnoy.pgqshippingline.com/dir/script/partners/2.svg

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/partners/2.svg
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/partners/2.svg HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:48 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

0gsq6hpnoy.pgqshippingline.com/dir/script/logotip.svg

192.185.195.27

200 OK

11 kB

URL GET HTTP/1.1
0gsq6hpnoy.pgqshippingline.com/dir/script/logotip.svg
IP
192.185.195.27:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (7196), with CRLF line terminators
Size
11 kB (10720 bytes)
Hash
e59ca3e6f7b3e845f56a1d7c7179d10f
f6f5a945806fc4ee30ea3ea4eb94319b2969925d
7e20bd683429e1d880ebf57eb589b8f1f2ee350d6c61f7f4f1e495ab208c31fa

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /dir/script/logotip.svg HTTP/1.1
Host: 0gsq6hpnoy.pgqshippingline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 10 Dec 2023 05:37:49 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10720
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

fonts.googleapis.com/css2?family=Piazzolla:ital,wght@0,300;0,400;0,500;0,600;0,700;1,400;1,500;1,600;1,700&display=swap

142.250.74.106

200 OK

22 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Piazzolla:ital,wght@0,300;0,400;0,500;0,600;0,700;1,400;1,500;1,600;1,700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC
ValidityMon, 20 Nov 2023 08:08:50 GMT - Mon, 12 Feb 2024 08:08:49 GMT

File type
ASCII text
Size
22 kB (22094 bytes)
Hash
b15a13a7fae3b5e14165adbf8b69cab9
ea164fc9db0f21773a1d142e75cd58b054f63bf6
85559fc5eaaf64e7c9c9292a14bb288e210f5a09c5b9735bed6ce5a4b19740a7

HTTP Headers

GET /css2?family=Piazzolla:ital,wght@0,300;0,400;0,500;0,600;0,700;1,400;1,500;1,600;1,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 10 Dec 2023 05:37:46 GMT
date: Sun, 10 Dec 2023 05:37:46 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Anton&display=swap

142.250.74.106

200 OK

1.2 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Anton&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
http://0gsq6hpnoy.pgqshippingline.com/dir/script/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC
ValidityMon, 20 Nov 2023 08:08:50 GMT - Mon, 12 Feb 2024 08:08:49 GMT

File type
ASCII text, with very long lines (1182), with no line terminators
Size
1.2 kB (1155 bytes)
Hash
942f885d5031ad9f1e4258611dd07a47
c31cd5cf436995a0bae2425ee8dda9815ab0af1d
2a315003d58895dbbc1242697b2489b389f836490705633f96fa8024edda9590

HTTP Headers

GET /css2?family=Anton&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://0gsq6hpnoy.pgqshippingline.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 10 Dec 2023 05:37:46 GMT
date: Sun, 10 Dec 2023 05:37:46 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (15)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by