{"report_id":"251ecf7c-f6b4-48e8-babb-54e8687b44b0","version":0,"status":"done","tags":["chase","financial","phishing","dyndns","suspicious"],"date":"2026-06-24T13:02:33Z","url":{"schema":"http","addr":"reqnosa.com/login.php","fqdn":"reqnosa.com","domain":"reqnosa.com","tld":"com"},"ip":{"addr":"108.179.194.89","port":0,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"reqnosa.com/login.php","fqdn":"reqnosa.com","domain":"reqnosa.com","tld":"com"},"title":"chase","dom":{"size":1129,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"a826549a0ab34346bc4899446da83ba0","sha1":"ff90a48a05b82870b7a22ea406bc7bfed46b006e","sha256":"8c13e06f9b4a698545b947a8447386b437c70666f9ef2aa480dac3e9bde64400","sha512":"ab1bcf942662197304d146ee26f8e63ebd7760a4e63306426f43cd8d35e3d770970542f9bde51549bc49c01da65a2943d6e76a89bd1b66a96688d4a5333f6697","ssdeep":"","tlshash":"2d21d41284f0acb1415194b44de1e9085ec9c613c75b9c00baec5fdd2fe9edacd8766d","dom_hash":"domhashba4422545ba3cc708930bfa1df6f9dbd","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"reqnosa.com/login.php","fqdn":"reqnosa.com","domain":"reqnosa.com","tld":"com"},"ip":{"addr":"108.179.194.89","port":0,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-29T13:02:33Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":4,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"reqnosa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-24","alert":"Phishing Block","trigger":"telegrambotcheck.duckdns.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"telegrambotcheck.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Chase","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Chase phishing","tags":["chase","financial","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"reqnosa.com","ip":{"addr":"108.179.194.89","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"domain_registered":"2021-04-02","domain_rank":0,"first_seen":"2026-05-28T01:51:37.51234Z","last_seen":"2026-06-24T08:18:13.3678Z","alert_count":13,"request_count":6,"received_data":692824,"sent_data":2921,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"jQuery:3.3.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"telegrambotcheck.duckdns.org","ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2013-04-12","domain_rank":0,"first_seen":"2024-05-03T19:21:27Z","last_seen":"2026-06-18T09:33:11.968984Z","alert_count":3,"request_count":1,"received_data":0,"sent_data":568,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Chase","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Chase phishing","tags":["chase","financial","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"reqnosa.com/login.php","fqdn":"reqnosa.com","domain":"reqnosa.com","tld":"com"},"ip":{"addr":"108.179.194.89","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"bbb30dc85ceb7b6153e3b1787451dc3b","sha1":"317bdece21a4b7734cca63b8668983e0ef82cf8a","sha256":"4b6ad4142e97969267461aac79c57e3eecbdffd0d9fa192ea333bfaf57f8ff24","sha512":"b3694536d697b32826b202c16e5df9c1ea65a0c0545bb7bbe2c47e5a98a0ba28a9405407aef2d4a0cac9c063ea75d4397fb43eb965d0eb3214163e4b96768c2e","ssdeep":"","tlshash":"04a0220a00a0cca82ba0002c0c3088000a8c8c83ca2a830b28000880088e002c20e300","size":59,"data":"","first_seen":"2026-06-24T08:18:15.43054Z","last_seen":"2026-06-24T15:29:32.336614Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"reqnosa.com/res/jq.js","fqdn":"reqnosa.com","domain":"reqnosa.com","tld":"com"},"ip":{"addr":"108.179.194.89","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"b474ebe504a9f439726d5ec696a64dae","sha1":"47d69f02c67a82fbc654642b8bb1738334ab7876","sha256":"d9b25f5ed5a4e51c2cb6f07f77e130a24632ecbedffa430888fff41cda8ad009","sha512":"7900b78ff77cf9a296f574670b5ac359afbf390251561dc1a95c614d058956ebcd16d8310bc48b1d168a709051bd19eb500c4dfb150c4db61755af85d70a240f","ssdeep":"3072:IM5LwijORnUkXCvM5LwijORnUkXCvM5LwijOhqvAnUkXCvM5LwijORnUkXCs:REiEpCUEiEpCUEi+qYpCUEiEpCs","tlshash":"2c7494cdf6d2b0a257e37674403f510bf23bae54b45a8090e266e1d16cbd94a807bf39","size":369368,"data":"","first_seen":"2024-05-27T08:59:51Z","last_seen":"2026-06-24T15:29:32.332683Z","times_seen":435,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"reqnosa.com/login.php","fqdn":"reqnosa.com","domain":"reqnosa.com","tld":"com"},"ip":{"addr":"108.179.194.89","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"e9261cd1aa7db7f1db8f03a87ab114d5","sha1":"02021974ae8984673c838f14d828c7ef6b8019c1","sha256":"41e93f575acad57cd7b7ad2780ed1e527b6e4018af0d7de0775085625b779795","sha512":"a09a1834970c713b988db54457b59d1bdae396ecc12bf562217115bb43b2fb64539ddb7ceac12bf1ec67f084dd01dc181bd655ed4d5dc21fe820023b6b9ba7cd","ssdeep":"","tlshash":"5e11ccb223260aed5fe104c29d6f25860ce58b305d89e0a85b11fc139ae0fc292adf30","size":916,"data":"","first_seen":"2024-05-27T08:59:51Z","last_seen":"2026-06-24T15:29:32.337338Z","times_seen":444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"reqnosa.com/login.php","fqdn":"reqnosa.com","domain":"reqnosa.com","tld":"com"},"ip":{"addr":"108.179.194.89","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"b79f65fca5868f7ec0debf8bd34e072f","sha1":"bb2297acd97ad0633ee07784ffb5076db605cc5a","sha256":"433b1cd3c494c0a787f779ae9e9b64d578970ab0e8483857f6f644ce0ced121b","sha512":"c3f28f3f64c66098402d36e2e612f6b4a515347f86a4ca60c71e08c5a8ae20c9c052a6dab666f6e887276a52a385e6ca32bbbfe8e70b1b29709f7a2e4a16b5fc","ssdeep":"","tlshash":"7a41e308387d77a8c3b35832085f0aadd156ae21a607ed44c14b9e987e71236375fdeb","size":2237,"data":"","first_seen":"2024-05-27T08:59:51Z","last_seen":"2026-06-24T15:29:32.335832Z","times_seen":444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":[{"level":"error","text":"Error:NetworkError when attempting to fetch resource.","filename":"https://reqnosa.com/res/jq.js line 4 \u003e Function","line_number":0,"column_number":0}]},"http":[{"url":{"schema":"https","addr":"reqnosa.com/res/img/back.png","fqdn":"reqnosa.com","domain":"reqnosa.com","tld":"com"},"ip":{"addr":"108.179.194.89","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://reqnosa.com/login.php","date":"2026-06-24T13:02:09.401Z","timestamp":1782306129401,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.reqnosa.com","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Tue, 16 Jun 2026 10:01:56 GMT","end":"Mon, 14 Sep 2026 10:01:55 GMT"},"fingerprint":{"sha1":"3C:86:C5:CE:72:E3:E0:68:96:22:8A:CA:85:5D:B6:28:21:D9:51:91","sha256":"7E:96:4C:18:7F:4E:E4:BA:A0:0D:06:BE:AB:D5:37:3E:18:CC:F3:7D:D2:56:7E:96:11:BE:DE:29:E3:A0:E2:5B"}}},"request":{"raw":"GET /res/img/back.png HTTP/1.1\r\nHost: reqnosa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://reqnosa.com/res/css/chase.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nlast-modified: Wed, 19 Jun 2024 14:23:58 GMT\r\naccept-ranges: bytes\r\ncontent-length: 306152\r\ncontent-type: image/png\r\ndate: Wed, 24 Jun 2026 13:02:09 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":306152,"size_decoded":306357,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x1080, components 3","md5":"ff4ccdb7a4428ead513943583665aa4e","sha1":"07bec642d24ae6fbc965251e147992df17bb71f0","sha256":"01978e63789284edde4bb064e7d3215fad57fb5b7ea373b031b5b97021868085","sha512":"f744783528c74871371ff5a51e5b257cd71999405757465292d395114ac056eededc7d9f90fb52251c855802b1299b6e9bc0525e775ca5d2f8fccf56eab4cc56","ssdeep":"6144:zP56h0fPhqOVfsXWp8QrBY75I4YxWATMenb/:zxPqIfZ5Y7i4P5K","tlshash":"885423755be9b1c686c1a6d2bed0273762d70d0c2b807a2c258266ccc24f77ca1cc4bb","first_seen":"2023-05-13T21:15:54Z","last_seen":"2026-07-05T02:36:52.867134Z","times_seen":1902,"resource_available":false,"data":null}},"time_used":729,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":429,"receive":300,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"reqnosa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Chase","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Chase phishing","tags":["chase","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"telegrambotcheck.duckdns.org:1001/receive_token?referrer=sarfita","fqdn":"telegrambotcheck.duckdns.org","domain":"telegrambotcheck.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://reqnosa.com/login.php","date":"2026-06-24T13:02:10.156Z","timestamp":1782306130156,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"POST /receive_token?referrer=sarfita HTTP/1.1\r\nHost: telegrambotcheck.duckdns.org:1001\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://reqnosa.com/\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 54\r\nOrigin: https://reqnosa.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-13T03:55:34.150879Z","times_seen":17203594,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-24","alert":"Phishing Block","trigger":"telegrambotcheck.duckdns.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"telegrambotcheck.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"reqnosa.com/favicon.ico","fqdn":"reqnosa.com","domain":"reqnosa.com","tld":"com"},"ip":{"addr":"108.179.194.89","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://reqnosa.com/login.php","date":"2026-06-24T13:02:10.157Z","timestamp":1782306130157,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.reqnosa.com","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Tue, 16 Jun 2026 10:01:56 GMT","end":"Mon, 14 Sep 2026 10:01:55 GMT"},"fingerprint":{"sha1":"3C:86:C5:CE:72:E3:E0:68:96:22:8A:CA:85:5D:B6:28:21:D9:51:91","sha256":"7E:96:4C:18:7F:4E:E4:BA:A0:0D:06:BE:AB:D5:37:3E:18:CC:F3:7D:D2:56:7E:96:11:BE:DE:29:E3:A0:E2:5B"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: reqnosa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://reqnosa.com/login.php\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\nlast-modified: Wed, 20 May 2026 01:06:07 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 4677\r\ncontent-type: text/html\r\ndate: Wed, 24 Jun 2026 13:02:10 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"jQuery:3.3.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":11816,"size_decoded":4927,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (358)","md5":"a8063bd37d3c8fb3176a6bf140558a4d","sha1":"e32cf4b407db3d3773ded13ff64b70fdbad7735f","sha256":"bccb23d41c2cc69cf0c7d22c4314ca8181a513c6999b73e45307792830f4e482","sha512":"82d749f6b17b21587fb345ca196a2aa83eca80ad66ed9c1ab88b36709bed14175d53afefe9acc0dafc4fad78ffb8df155193a6829bc857ad6d68b1c84af7b854","ssdeep":"192:bpvXn2H25Zx48DNYGu6C9tdDOxktft1zQOPtaUrzvHlPuPQXGuV27BHplXtAUU/s:FvX2H25v4CYn6etFTBvhtv4IcpRtlU/s","tlshash":"bd32940bab4c063b1312459a7458639a370fc87fe2661bb474bfc06867d16a649f23dc","first_seen":"2023-04-05T03:58:47Z","last_seen":"2026-07-13T01:47:49.76927Z","times_seen":15886,"resource_available":true,"data":null}},"time_used":150,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":150,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"reqnosa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Chase","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Chase phishing","tags":["chase","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"reqnosa.com/login.php","fqdn":"reqnosa.com","domain":"reqnosa.com","tld":"com"},"ip":{"addr":"108.179.194.89","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-24T13:02:08.128Z","timestamp":1782306128128,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.reqnosa.com","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Tue, 16 Jun 2026 10:01:56 GMT","end":"Mon, 14 Sep 2026 10:01:55 GMT"},"fingerprint":{"sha1":"3C:86:C5:CE:72:E3:E0:68:96:22:8A:CA:85:5D:B6:28:21:D9:51:91","sha256":"7E:96:4C:18:7F:4E:E4:BA:A0:0D:06:BE:AB:D5:37:3E:18:CC:F3:7D:D2:56:7E:96:11:BE:DE:29:E3:A0:E2:5B"}}},"request":{"raw":"GET /login.php HTTP/1.1\r\nHost: reqnosa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 574\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Wed, 24 Jun 2026 13:02:08 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":1197,"size_decoded":770,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"a0e5745f1c472d245e470436fc04ee2d","sha1":"3a85e898d4e027225007a95a588d14b560a67286","sha256":"ab5b3fe101af15384565fa02fd07e61235104437c14326c5dd4f7d951ad6c778","sha512":"1c5a538bbf976475903e8feb736778c69f359277b0e171855adff0a5a95c40b1c37166c0e5b52bb804910c136dc05c6ca140cd80ece8524793d4d533105f8669","ssdeep":"","tlshash":"5d21ab2a04c3ac554372d0b44da19e58ef89c253c78b190079ec679b3ff6d59ce8766c","first_seen":"2026-06-24T08:18:15.426565Z","last_seen":"2026-06-24T15:29:32.330461Z","times_seen":5,"resource_available":true,"data":null}},"time_used":882,"timings":{"blocked":-1,"dns":332,"connect":144,"send":0,"wait":256,"receive":0,"ssl":149},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"reqnosa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Chase","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Chase phishing","tags":["chase","financial","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"reqnosa.com/res/css/chase.css","fqdn":"reqnosa.com","domain":"reqnosa.com","tld":"com"},"ip":{"addr":"108.179.194.89","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://reqnosa.com/login.php","date":"2026-06-24T13:02:09.243Z","timestamp":1782306129243,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.reqnosa.com","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Tue, 16 Jun 2026 10:01:56 GMT","end":"Mon, 14 Sep 2026 10:01:55 GMT"},"fingerprint":{"sha1":"3C:86:C5:CE:72:E3:E0:68:96:22:8A:CA:85:5D:B6:28:21:D9:51:91","sha256":"7E:96:4C:18:7F:4E:E4:BA:A0:0D:06:BE:AB:D5:37:3E:18:CC:F3:7D:D2:56:7E:96:11:BE:DE:29:E3:A0:E2:5B"}}},"request":{"raw":"GET /res/css/chase.css HTTP/1.1\r\nHost: reqnosa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://reqnosa.com/login.php\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nlast-modified: Wed, 19 Jun 2024 14:23:58 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 585\r\ncontent-type: text/css\r\ndate: Wed, 24 Jun 2026 13:02:09 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":1542,"size_decoded":833,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"3f580fe9fc12600196e8f8053ab3a3fd","sha1":"5bdffb5b7cec8b38b1eee3ff11eeaf8b58f860f4","sha256":"2633590e4759069d4b0c1887ef2fd0a845716c02ac1dc2e8627a21708449037d","sha512":"d97ba079a3fabc6b17efb64a87a0c6e5fc0beabf52bb2ba1b36ec37ab44d694ac6949fadecbc7aba42ee07ec55a6d7a5a789c3c0262d88e15affc39cf8c4ed38","ssdeep":"","tlshash":"1631cd05ea410686f233dd94af765794db5808074b0207a9bfe872e08f7a1acc572fcc","first_seen":"2024-06-16T07:26:13Z","last_seen":"2026-07-01T11:08:08.822917Z","times_seen":372,"resource_available":false,"data":null}},"time_used":146,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"reqnosa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Chase","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Chase phishing","tags":["chase","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"reqnosa.com/res/jq.js","fqdn":"reqnosa.com","domain":"reqnosa.com","tld":"com"},"ip":{"addr":"108.179.194.89","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://reqnosa.com/login.php","date":"2026-06-24T13:02:09.249Z","timestamp":1782306129249,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.reqnosa.com","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Tue, 16 Jun 2026 10:01:56 GMT","end":"Mon, 14 Sep 2026 10:01:55 GMT"},"fingerprint":{"sha1":"3C:86:C5:CE:72:E3:E0:68:96:22:8A:CA:85:5D:B6:28:21:D9:51:91","sha256":"7E:96:4C:18:7F:4E:E4:BA:A0:0D:06:BE:AB:D5:37:3E:18:CC:F3:7D:D2:56:7E:96:11:BE:DE:29:E3:A0:E2:5B"}}},"request":{"raw":"GET /res/jq.js HTTP/1.1\r\nHost: reqnosa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://reqnosa.com/login.php\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nlast-modified: Wed, 19 Jun 2024 14:23:58 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-type: text/javascript\r\ndate: Wed, 24 Jun 2026 13:02:09 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":369368,"size_decoded":154342,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65434), with no line terminators","md5":"b474ebe504a9f439726d5ec696a64dae","sha1":"47d69f02c67a82fbc654642b8bb1738334ab7876","sha256":"d9b25f5ed5a4e51c2cb6f07f77e130a24632ecbedffa430888fff41cda8ad009","sha512":"7900b78ff77cf9a296f574670b5ac359afbf390251561dc1a95c614d058956ebcd16d8310bc48b1d168a709051bd19eb500c4dfb150c4db61755af85d70a240f","ssdeep":"3072:IM5LwijORnUkXCvM5LwijORnUkXCvM5LwijOhqvAnUkXCvM5LwijORnUkXCs:REiEpCUEiEpCUEi+qYpCUEiEpCs","tlshash":"2c7494cdf6d2b0a257e37674403f510bf23bae54b45a8090e266e1d16cbd94a807bf39","first_seen":"2024-05-27T08:59:51Z","last_seen":"2026-06-24T15:29:32.332683Z","times_seen":435,"resource_available":true,"data":null}},"time_used":291,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":291,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"reqnosa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Chase","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Chase phishing","tags":["chase","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"reqnosa.com/res/img/logo.svg","fqdn":"reqnosa.com","domain":"reqnosa.com","tld":"com"},"ip":{"addr":"108.179.194.89","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://reqnosa.com/login.php","date":"2026-06-24T13:02:09.253Z","timestamp":1782306129253,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.reqnosa.com","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Tue, 16 Jun 2026 10:01:56 GMT","end":"Mon, 14 Sep 2026 10:01:55 GMT"},"fingerprint":{"sha1":"3C:86:C5:CE:72:E3:E0:68:96:22:8A:CA:85:5D:B6:28:21:D9:51:91","sha256":"7E:96:4C:18:7F:4E:E4:BA:A0:0D:06:BE:AB:D5:37:3E:18:CC:F3:7D:D2:56:7E:96:11:BE:DE:29:E3:A0:E2:5B"}}},"request":{"raw":"GET /res/img/logo.svg HTTP/1.1\r\nHost: reqnosa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://reqnosa.com/login.php\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nlast-modified: Wed, 19 Jun 2024 14:23:58 GMT\r\naccept-ranges: bytes\r\ncontent-length: 1409\r\ncontent-type: image/svg+xml\r\ndate: Wed, 24 Jun 2026 13:02:09 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":1409,"size_decoded":1616,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b55b042f907bc7108f5dca2103a8476b","sha1":"9fcdcc86bfe1f3c7d4f774775670fbd08fe7556c","sha256":"d3bf9c143e5e360da41736b1d4e833b5ac6b6f7093ddc91ffc538233a78488d0","sha512":"45aa66abb6c075a1b3f5c76c1273ea21e7855b99031d46bfbcd7b8882f58e9f5612b556e218b41c902ada7fe0f77ed9f3849e8e675bbdddb21ae5397624b2c7c","ssdeep":"","tlshash":"ea21a485531aafd49d9801686d383481b5daac9cf170f6f4fd877415e06d0c9d4d4da2","first_seen":"2023-04-30T18:08:02Z","last_seen":"2026-07-08T13:43:25.845409Z","times_seen":2603,"resource_available":false,"data":null}},"time_used":431,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":431,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"reqnosa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Chase","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Chase phishing","tags":["chase","financial","phishing"],"meta":null}]}}]}
