urlquery - report: brendand.gq/data/auth/auth.php?md=hwfoitbyaordjwhusmxj&hwfoitbyaordjwhusmxj=

Fully Qualifying Domain Name	Rank	First Seen	Last Seen	IP	Comment
push.services.mozilla.com (1)	2140	2014-10-24 08:27:06 UTC	2023-01-31 17:12:09 UTC	35.82.48.240
brendand.gq (19)	0	2022-11-25 13:22:52 UTC	2023-01-31 06:59:28 UTC	162.240.217.49	Unknown ranking
cdnjs.cloudflare.com (1)	235	2012-05-23 12:49:49 UTC	2023-01-31 17:17:09 UTC	104.17.25.14
img-getpocket.cdn.mozilla.net (7)	1631	2017-09-01 03:40:57 UTC	2023-01-31 18:04:35 UTC	34.120.237.76
r3.o.lencr.org (8)	344	2020-12-02 08:52:13 UTC	2023-01-31 17:12:22 UTC	23.36.76.226
firefox.settings.services.mozilla.com (2)	867	2020-05-25 20:06:39 UTC	2023-01-31 17:12:20 UTC	35.241.9.150
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03 12:26:46 UTC	2023-01-31 17:14:22 UTC	34.160.144.191
contile.services.mozilla.com (1)	1114	2021-05-27 18:32:35 UTC	2023-01-31 17:12:38 UTC	34.117.237.239

Timestamp	Severity	Source IP	Destination IP	Alert
2023-01-31 23:25:25 UTC	2	Client IP	Internal IP	ET INFO DNS Query for Suspicious .gq Domain
2023-01-31 23:25:27 UTC	2	Client IP	162.240.217.49	ET INFO HTTP Request to a *.gq domain
2023-01-31 23:25:27 UTC	2	Client IP	162.240.217.49	ET INFO HTTP Request to a *.gq domain
2023-01-31 23:25:27 UTC	2	Client IP	162.240.217.49	ET INFO HTTP Request to a *.gq domain
2023-01-31 23:25:27 UTC	2	Client IP	162.240.217.49	ET INFO HTTP Request to a *.gq domain
2023-01-31 23:25:27 UTC	2	Client IP	162.240.217.49	ET INFO HTTP Request to a *.gq domain
2023-01-31 23:25:27 UTC	2	Client IP	162.240.217.49	ET INFO HTTP Request to a *.gq domain
2023-01-31 23:25:27 UTC	2	Client IP	162.240.217.49	ET INFO HTTP Request to a *.gq domain
2023-01-31 23:25:28 UTC	2	Client IP	162.240.217.49	ET INFO HTTP Request to a *.gq domain
2023-01-31 23:25:28 UTC	2	Client IP	162.240.217.49	ET INFO HTTP Request to a *.gq domain
2023-01-31 23:25:28 UTC	2	Client IP	162.240.217.49	ET INFO HTTP Request to a *.gq domain
2023-01-31 23:25:28 UTC	2	Client IP	162.240.217.49	ET INFO HTTP Request to a *.gq domain
2023-01-31 23:25:28 UTC	2	Client IP	162.240.217.49	ET INFO HTTP Request to a *.gq domain
2023-01-31 23:25:28 UTC	2	Client IP	162.240.217.49	ET INFO HTTP Request to a *.gq domain
2023-01-31 23:25:28 UTC	2	Client IP	162.240.217.49	ET INFO HTTP Request to a *.gq domain
2023-01-31 23:25:28 UTC	2	Client IP	162.240.217.49	ET INFO HTTP Request to a *.gq domain
2023-01-31 23:25:28 UTC	2	Client IP	162.240.217.49	ET INFO HTTP Request to a *.gq domain
2023-01-31 23:25:28 UTC	2	Client IP	162.240.217.49	ET INFO HTTP Request to a *.gq domain
2023-01-31 23:25:28 UTC	2	Client IP	162.240.217.49	ET INFO HTTP Request to a *.gq domain
2023-01-31 23:25:29 UTC	2	Client IP	162.240.217.49	ET INFO HTTP Request to a *.gq domain

Scan Date	Severity	Indicator	Comment
2023-01-31	2	brendand.gq/data/auth/js/jquery.CardValidator.js	Phishing
2023-01-31	2	brendand.gq/data/auth/js/jquery.player.js	Phishing
2023-01-31	2	brendand.gq/data/auth/js/jquery.validate.min.js	Phishing
2023-01-31	2	brendand.gq/data/auth/js/jquery.min.js	Phishing
2023-01-31	2	brendand.gq/data/auth/img/logo.svg	Phishing
2023-01-31	2	brendand.gq/data/auth/fonts/opensans-regular.ttf	Phishing
2023-01-31	2	brendand.gq/data/auth/fonts/dcefont.woff	Phishing
2023-01-31	2	brendand.gq/data/auth/img/icon.ico	Phishing
2023-01-31	2	brendand.gq/data/auth/img/background.desktop.13.jpeg	Phishing

Date	UQ / IDS / BL	URL	IP
2023-03-02 01:16:54 +0000	0 - 3 - 1	gdesnny.ga/flow.exe	162.240.217.49
2023-03-01 22:08:21 +0000	0 - 3 - 1	gdesnny.ga/flow.exe	162.240.217.49
2023-03-01 20:15:52 +0000	0 - 3 - 1	gdesnny.ga/flow.exe	162.240.217.49
2023-03-01 19:46:21 +0000	0 - 3 - 1	gdesnny.ga/flow.exe	162.240.217.49
2023-03-01 12:35:20 +0000	4 - 3 - 0	qkdee.gq/office.com/quad/	162.240.217.49

Date	UQ / IDS / BL	URL	IP
2023-03-25 23:05:33 +0000	0 - 0 - 16	timehunter.co/dum/ubdqqsumiaeau	162.241.61.69
2023-03-25 22:39:40 +0000	0 - 0 - 5	aloverdao.com.br/assets/login.microsoftonline (...)	162.241.74.72
2023-03-25 22:30:47 +0000	0 - 1 - 2	lacrossescores.com/qeuo/oilemtsealve	50.116.95.135
2023-03-25 22:30:43 +0000	0 - 0 - 2	lacrossescores.com/	50.116.95.135
2023-03-25 22:10:43 +0000	0 - 0 - 1	trumptowerkolkata.com/is/g2186947384.zip	192.185.52.155

Date	UQ / IDS / BL	URL	IP
2023-01-31 23:25:18 +0000	37 - 20 - 9	brendand.gq/data/auth/auth.php?md=hwfoitbyaor (...)	162.240.217.49

Date	UQ / IDS / BL	URL	IP
2023-03-07 03:00:54 +0000	37 - 0 - 9	dorainsurance.com/auth.php?md=ROUgtFXanJHLhNS (...)	107.180.11.206
2022-10-04 03:24:04 +0000	7 - 0 - 9	printearte.com.br/a2/auth.php?md=jRnoSzwkglMY (...)	162.214.12.116
2022-10-04 01:53:50 +0000	7 - 0 - 9	printearte.com.br/a2/auth.php?md=nXCaljPRKGDU (...)	162.214.12.116
2022-10-03 11:01:12 +0000	8 - 0 - 9	printearte.com.br/fx2/auth.php?md=rnlWLvKTzdb (...)	162.214.12.116
2022-10-03 09:50:30 +0000	8 - 0 - 9	printearte.com.br/s3c/auth.php?md=FGNynvfouIi (...)	162.214.12.116

HTTP Transactions (40)

Request	Response
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 4c946a026114ff05316d92277750facf3d5f5d162839149da0b7fb1a4cff6b5e 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "4C946A026114FF05316D92277750FACF3D5F5D162839149DA0B7FB1A4CFF6B5E" Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=2916 Expires: Wed, 01 Feb 2023 00:13:43 GMT Date: Tue, 31 Jan 2023 23:25:07 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 0c35c3ec659d3a26ea97e68d787bb043 Sha1: d97e3672244efec5b7814f2d8a734cd1a9387854 Sha256: 4c946a026114ff05316d92277750facf3d5f5d162839149da0b7fb1a4cff6b5e
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 4d9ea085d5dda9dabed11af9847c2b0aa6182358673b356a4e2bd631e22a9922 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "4D9EA085D5DDA9DABED11AF9847C2B0AA6182358673B356A4E2BD631E22A9922" Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=11773 Expires: Wed, 01 Feb 2023 02:41:20 GMT Date: Tue, 31 Jan 2023 23:25:07 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 7e05c8461bd2dc5a149f71e2c465ea29 Sha1: 705983959c887e243cb55a8a1796757b579ee977 Sha256: 4d9ea085d5dda9dabed11af9847c2b0aa6182358673b356a4e2bd631e22a9922
GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: firefox.settings.services.mozilla.com/v1/ FQDN: firefox.settings.services.mozilla.com IP: 35.241.9.150 HASH: b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e 35.241.9.150 HTTP/2 200 OK content-type: application/json access-control-allow-origin: * access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 939 via: 1.1 google date: Tue, 31 Jan 2023 22:35:55 GMT age: 2952 cache-control: max-age=3600,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size: 939 Md5: 30db107dcf4380cef05efea409c2e6a3 Sha1: 96e6a306fbc07299aba64e5c14e2bfca35872fa9 Sha256: b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 50d7d516f446458145a304b288a0a39d391cd37ea50dabea36ae48d291c65ba7 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "50D7D516F446458145A304B288A0A39D391CD37EA50DABEA36AE48D291C65BA7" Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=6542 Expires: Wed, 01 Feb 2023 01:14:09 GMT Date: Tue, 31 Jan 2023 23:25:07 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: a8d45deaa7ebfcd996c2055dae592ab8 Sha1: 55befe074589fe7b39757c145968058162a8fc6b Sha256: 50d7d516f446458145a304b288a0a39d391cd37ea50dabea36ae48d291c65ba7
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: content-signature-2.cdn.mozilla.net/chains/remote-setti (...) FQDN: content-signature-2.cdn.mozilla.net IP: 34.160.144.191 HASH: adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c 34.160.144.191 HTTP/2 200 OK content-type: binary/octet-stream x-amz-id-2: //2qm/1Hz23K3vEj/lMgk/t99/6Bghb0kZz5bqahwSGSjwx/oSZl9qJWK7/J8pJ8Ns9JHVbNSNI= x-amz-request-id: 48SQQC1DB52T00JJ content-disposition: attachment accept-ranges: bytes server: AmazonS3 content-length: 5348 via: 1.1 google date: Tue, 31 Jan 2023 22:51:20 GMT age: 2027 last-modified: Mon, 09 Jan 2023 18:04:21 GMT etag: "7b922915ebf1fa3639b333f994c74f24" cache-control: public,max-age=3600 alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: PEM certificate\012- , ASCII text Size: 5348 Md5: 7b922915ebf1fa3639b333f994c74f24 Sha1: 144a3f80b98fd0652d4614f24cf6cbbee40f8938 Sha256: adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: contile.services.mozilla.com/v1/tiles FQDN: contile.services.mozilla.com IP: 34.117.237.239 HASH: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3 34.117.237.239 HTTP/2 200 OK content-type: application/json server: nginx date: Tue, 31 Jan 2023 23:25:07 GMT content-length: 12 access-control-allow-credentials: true access-control-expose-headers: content-type vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with no line terminators Size: 12 Md5: 23e88fb7b99543fb33315b29b1fad9d6 Sha1: a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: firefox.settings.services.mozilla.com/v1/buckets/main/c (...) FQDN: firefox.settings.services.mozilla.com IP: 35.241.9.150 HASH: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300 35.241.9.150 HTTP/2 200 OK content-type: application/json access-control-allow-origin: * access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 329 via: 1.1 google date: Tue, 31 Jan 2023 22:49:04 GMT age: 2163 last-modified: Fri, 25 Mar 2022 17:45:46 GMT etag: "1648230346554" cache-control: max-age=3600,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size: 329 Md5: 0333b0655111aa68de771adfcc4db243 Sha1: 63f295a144ac87a7c8e23417626724eeca68a7eb Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E" Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=9753 Expires: Wed, 01 Feb 2023 02:07:40 GMT Date: Tue, 31 Jan 2023 23:25:07 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 22b9916fc1fafc9bdc9bb37f9eac8a9a Sha1: 86f640e134a741a0f906a8e3a0f5c6659dd0e394 Sha256: a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e
GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: aH9LJ4lBdrEw6PwQexRZaQ== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket	URL: push.services.mozilla.com/ FQDN: push.services.mozilla.com IP: 35.82.48.240 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 35.82.48.240 HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: adR3ITU4hbmIFjWUfz365XDpmPs= --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /data/auth/auth.php?md=hwfoitbyaordjwhusmxj&hwfoitbyaordjwhusmxj= HTTP/1.1 Host: brendand.gq User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1	URL: brendand.gq/data/auth/auth.php?md=hwfoitbyaordjwhusmxj& (...) FQDN: brendand.gq IP: 162.240.217.49 HASH: 965222fe124847d1b9f23513cd76bcddfc24a3b387b8b79a7bc95216b7a57ae3 162.240.217.49 HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Date: Tue, 31 Jan 2023 23:25:07 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=9c7f099cb41a464810e02c9e65090147; path=/ Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Keep-Alive: timeout=5, max=100 Transfer-Encoding: chunked --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (478), with CRLF line terminators Size: 106184 Md5: 4393c9ed8235c0f5f15c463f6a5be8e9 Sha1: b4331e23f12711990ce8c27ca001938b44ee3f9a Sha256: 965222fe124847d1b9f23513cd76bcddfc24a3b387b8b79a7bc95216b7a57ae3 Alerts: IDS: - ET INFO HTTP Request to a *.gq domain
GET /ajax/libs/jquery.mask/1.14.10/jquery.mask.js HTTP/1.1 Host: cdnjs.cloudflare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: http://brendand.gq/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jque (...) FQDN: cdnjs.cloudflare.com IP: 104.17.25.14 HASH: fcc8a86d2e89e8fbe9815d50c23bf205191ab8a6c0bec67358cd975d94283ff8 104.17.25.14 HTTP/2 200 OK content-type: application/javascript; charset=utf-8 date: Tue, 31 Jan 2023 23:25:08 GMT content-length: 4517 access-control-allow-origin: * cache-control: public, max-age=30672000 content-encoding: br etag: "5eb03ec3-4e98" last-modified: Mon, 04 May 2020 16:11:47 GMT cf-cdnjs-via: cfworker/kv cross-origin-resource-policy: cross-origin timing-allow-origin: * x-content-type-options: nosniff vary: Accept-Encoding cf-cache-status: HIT age: 9012623 expires: Sun, 21 Jan 2024 23:25:08 GMT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9kkmjnsAG28GTzAHawbuoEce1tYNEdOiRuvmqdDYQjA7PPYdKtU%2B%2FzCVf1GqcV%2BlTVX23XO7e7jrVQVd7GtoWUMvuzHJQ6fXl48JWl1Rmg1QXT1G0dQ2DSaHmSEj%2BxlIjGBkxB4c"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security: max-age=15780000 server: cloudflare cf-ray: 79263472cabd0b02-OSL alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 X-Firefox-Spdy: h2 --- Additional Info --- Magic: ASCII text Size: 4517 Md5: e40e054c5726f042bad463e3774a2777 Sha1: 5c9413b72837a440b327444104830c35ae3b052c Sha256: fcc8a86d2e89e8fbe9815d50c23bf205191ab8a6c0bec67358cd975d94283ff8
GET /data/auth/js/jquery.CardValidator.js HTTP/1.1 Host: brendand.gq User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://brendand.gq/data/auth/auth.php?md=hwfoitbyaordjwhusmxj&hwfoitbyaordjwhusmxj= Cookie: PHPSESSID=9c7f099cb41a464810e02c9e65090147	URL: brendand.gq/data/auth/js/jquery.CardValidator.js FQDN: brendand.gq IP: 162.240.217.49 HASH: 2e31f31633d04598c60731878851d821eaa4403af63b930d58bb10bc9c0428a2 162.240.217.49 HTTP/1.1 200 OK Content-Type: application/javascript Date: Tue, 31 Jan 2023 23:25:08 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Last-Modified: Mon, 28 Aug 2017 20:03:08 GMT Accept-Ranges: bytes Content-Length: 6367 Keep-Alive: timeout=5, max=100 --- Additional Info --- Magic: ASCII text Size: 6367 Md5: fb905575d35b1762182c0bdb0156a8e7 Sha1: 5d7364bb8423174608a55975e985138b09ef16f0 Sha256: 2e31f31633d04598c60731878851d821eaa4403af63b930d58bb10bc9c0428a2 Alerts: urlquery: - Phishing - Chase - Phishing - Chase Blocklists: - fortinet: Phishing IDS: - ET INFO HTTP Request to a *.gq domain
GET /data/auth/js/jquery.player.js HTTP/1.1 Host: brendand.gq User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://brendand.gq/data/auth/auth.php?md=hwfoitbyaordjwhusmxj&hwfoitbyaordjwhusmxj= Cookie: PHPSESSID=9c7f099cb41a464810e02c9e65090147	URL: brendand.gq/data/auth/js/jquery.player.js FQDN: brendand.gq IP: 162.240.217.49 HASH: d3cf43e8926e14a71047a083c03faf8fceff25d377caea7c76b2be07f907ee8d 162.240.217.49 HTTP/1.1 200 OK Content-Type: application/javascript Date: Tue, 31 Jan 2023 23:25:08 GMT Server: Apache Last-Modified: Fri, 24 Sep 2021 14:01:06 GMT Accept-Ranges: bytes Content-Length: 50474 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive --- Additional Info --- Magic: ASCII text, with very long lines (50474), with no line terminators Size: 50474 Md5: e4b10b6902438873f01ffed7c22bca34 Sha1: 6aabc0c82d7f658a2b2aaac003dfad8929d2c936 Sha256: d3cf43e8926e14a71047a083c03faf8fceff25d377caea7c76b2be07f907ee8d Alerts: urlquery: - Phishing - Chase - Phishing - Chase Blocklists: - fortinet: Phishing IDS: - ET INFO HTTP Request to a *.gq domain
GET /data/auth/js/jquery.validate.min.js HTTP/1.1 Host: brendand.gq User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://brendand.gq/data/auth/auth.php?md=hwfoitbyaordjwhusmxj&hwfoitbyaordjwhusmxj= Cookie: PHPSESSID=9c7f099cb41a464810e02c9e65090147	URL: brendand.gq/data/auth/js/jquery.validate.min.js FQDN: brendand.gq IP: 162.240.217.49 HASH: b8302f6aead75ca339781930167f4e1ad42f50cf7e17b654c93159037fc9fd20 162.240.217.49 HTTP/1.1 200 OK Content-Type: application/javascript Date: Tue, 31 Jan 2023 23:25:08 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Last-Modified: Sat, 11 Aug 2018 11:12:40 GMT Accept-Ranges: bytes Content-Length: 34439 Keep-Alive: timeout=5, max=100 --- Additional Info --- Magic: ASCII text, with very long lines (833), with CRLF line terminators Size: 34439 Md5: 9ea64390e300ed1a23e2b62b7cd5cb20 Sha1: 7df056209ee2091fc674aa9f59a1063c072e9e32 Sha256: b8302f6aead75ca339781930167f4e1ad42f50cf7e17b654c93159037fc9fd20 Alerts: urlquery: - Phishing - Chase - Phishing - Chase Blocklists: - fortinet: Phishing IDS: - ET INFO HTTP Request to a *.gq domain
GET /data/auth/css/lostyle.css HTTP/1.1 Host: brendand.gq User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://brendand.gq/data/auth/auth.php?md=hwfoitbyaordjwhusmxj&hwfoitbyaordjwhusmxj= Cookie: PHPSESSID=9c7f099cb41a464810e02c9e65090147	URL: brendand.gq/data/auth/css/lostyle.css FQDN: brendand.gq IP: 162.240.217.49 HASH: 40629451d22593898772dcc33427f6f86bf9b839dd030e5e96a93efd2d0d0caa 162.240.217.49 HTTP/1.1 200 OK Content-Type: text/css Date: Tue, 31 Jan 2023 23:25:08 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Last-Modified: Wed, 08 Apr 2020 19:00:34 GMT Accept-Ranges: bytes Content-Length: 118559 Keep-Alive: timeout=5, max=100 --- Additional Info --- Magic: ASCII text, with CRLF line terminators Size: 118559 Md5: 173fd2caf419331c9272c3e2ea6980e9 Sha1: 10ad738e08b5565cd61528dd864dfd35d5d69f4c Sha256: 40629451d22593898772dcc33427f6f86bf9b839dd030e5e96a93efd2d0d0caa Alerts: urlquery: - Phishing - Chase - Phishing - Chase IDS: - ET INFO HTTP Request to a *.gq domain
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC" Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3062 Expires: Wed, 01 Feb 2023 00:16:11 GMT Date: Tue, 31 Jan 2023 23:25:09 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 43bc5afe1d7330aa521e0efc78185a92 Sha1: f53e9daa0a32e0acf7a10d9494fb383c1d039305 Sha256: 429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC" Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3062 Expires: Wed, 01 Feb 2023 00:16:11 GMT Date: Tue, 31 Jan 2023 23:25:09 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 43bc5afe1d7330aa521e0efc78185a92 Sha1: f53e9daa0a32e0acf7a10d9494fb383c1d039305 Sha256: 429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC" Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3062 Expires: Wed, 01 Feb 2023 00:16:11 GMT Date: Tue, 31 Jan 2023 23:25:09 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 43bc5afe1d7330aa521e0efc78185a92 Sha1: f53e9daa0a32e0acf7a10d9494fb383c1d039305 Sha256: 429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC" Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3062 Expires: Wed, 01 Feb 2023 00:16:11 GMT Date: Tue, 31 Jan 2023 23:25:09 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 43bc5afe1d7330aa521e0efc78185a92 Sha1: f53e9daa0a32e0acf7a10d9494fb383c1d039305 Sha256: 429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0378a78-c173-4036-ab09-812b1651c606.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: d52297e17f93932aa7c99ae734d4b68f3b9b09b9938db95ecc96bac9f3bb588c 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 8542 x-amzn-requestid: ad485963-7e2e-410d-ad1c-6386fb738f18 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: foJaVHXcoAMFuhw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63d9890e-12d7e4502d1fc1511b6f2260;Sampled=0 x-amzn-remapped-date: Tue, 31 Jan 2023 21:33:02 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: M1OD8v_jLlitIjUwxyZSke4kBfIFy0C_tbDQAHe5iDBrm_Fha7uwFg== via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google date: Tue, 31 Jan 2023 21:51:28 GMT etag: "c2c6279d74efdcceb319d6943cbcb9d1d1b686ca" age: 5621 cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 8542 Md5: 85cde231b700eec450e0611b97742a43 Sha1: c2c6279d74efdcceb319d6943cbcb9d1d1b686ca Sha256: d52297e17f93932aa7c99ae734d4b68f3b9b09b9938db95ecc96bac9f3bb588c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a7557cc-bf07-438f-8710-ba1b44e30270.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: d00272557742c57d084ab7e46b9b1722b28b869ae9c63e2169e7124e5107c009 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 5583 x-amzn-requestid: f37b4455-c9fb-46e4-a287-f40c1138a77a x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: fflQWGqCIAMFvjA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63d61c02-01d34b0d3a9a0101555081f5;Sampled=0 x-amzn-remapped-date: Sun, 29 Jan 2023 07:10:58 GMT x-amz-cf-pop: SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: KTfQ_pc9OU0WnnQlmhjYlFAInn2Cwz6xNGtjL3FtP5XJX8vHTidkoA== via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google date: Tue, 31 Jan 2023 07:37:27 GMT age: 56862 etag: "6524837e65b070341f9c8f4589492876ae293f17" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 5583 Md5: fec00239dceb510f051645ae93dac5f2 Sha1: 6524837e65b070341f9c8f4589492876ae293f17 Sha256: d00272557742c57d084ab7e46b9b1722b28b869ae9c63e2169e7124e5107c009
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: baedfbdb08a67f9ff4c698f7e65b08d7e4c5078d0a4233e6bff529b44812735a 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 12967 x-amzn-requestid: cb487bb4-9de3-42f6-9c1e-482c712cf80f x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: fcRasEBfoAMFp3g= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63d4c911-218f03e61f9d25b74dddbc7e;Sampled=0 x-amzn-remapped-date: Sat, 28 Jan 2023 07:04:49 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: AwcqjAd0sV06M3tVkQvR0UNKrSlIhGv5_FbOdPa6Cw7Tjqiw6f6-QA== via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google date: Tue, 31 Jan 2023 21:51:30 GMT age: 5619 etag: "4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 12967 Md5: 8e0be7db14d930d6227443314bcd1747 Sha1: 4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d Sha256: baedfbdb08a67f9ff4c698f7e65b08d7e4c5078d0a4233e6bff529b44812735a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbaa9536b-a4e6-42f5-99dd-75298eecbbb1.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: b368d87d3a0fe4e1a8ddc82bed704b3056ad2874b8d325111b399b18807c1e5e 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 15656 x-amzn-requestid: 6723d22f-8b16-4fb2-af92-9b3257fc2a1d x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: fi3bIHpRoAMFRYQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63d76c47-03b1c6646f63ba716a6298e1;Sampled=0 x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:43 GMT x-amz-cf-pop: SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: fLrUWOhE6x_v3sqe6kr1hacSgt9H53ld51XXKvh7dL04gc-NDJKmOg== via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google date: Tue, 31 Jan 2023 07:25:12 GMT age: 57597 etag: "b89eebf2b8adac69487262100b07da8bc171ecf7" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 15656 Md5: a4392f298c9e98515493f1235810838f Sha1: b89eebf2b8adac69487262100b07da8bc171ecf7 Sha256: b368d87d3a0fe4e1a8ddc82bed704b3056ad2874b8d325111b399b18807c1e5e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3e99cd9-0681-47a5-bd03-80ff73a169b8.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 7a838e4e1aff60581fbf939920955ea67dae8fb3fa4e31572787c773404d071e 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 14809 x-amzn-requestid: fc920367-4bb1-40fd-9f1d-1d50b27cfc77 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: foJaXEQEoAMF3Zw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63d9890e-0f70e0252fc3a3e5248bb372;Sampled=0 x-amzn-remapped-date: Tue, 31 Jan 2023 21:33:02 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: 8SGqBRt27x1A3p1Z55UzPW8myS3BPu1ows_X76xLB8KY5xNnfs1pUw== via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google date: Tue, 31 Jan 2023 21:45:15 GMT age: 5994 etag: "6382ee41cb26e42293e1ba5d9f0d3af64ddb672c" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 14809 Md5: 1ad49e3ca0f9935c7ff8f922039e5864 Sha1: 6382ee41cb26e42293e1ba5d9f0d3af64ddb672c Sha256: 7a838e4e1aff60581fbf939920955ea67dae8fb3fa4e31572787c773404d071e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 927bf3a04b011b4e3bc8d8772a3d5813507f7f523312d43627767b64615562f3 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 15857 x-amzn-requestid: cfe36b9d-34f6-4f3f-896e-e70ec45c4a04 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: fmJ2JGGWoAMFSLA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63d8bcf3-0dd68dd778b9aba268a129b0;Sampled=0 x-amzn-remapped-date: Tue, 31 Jan 2023 07:02:11 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: pU_436f27nMZKPxZZWqZekERHFTvcG5NT5p_CYEXHRPtIWjDtSA-uA== via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google date: Tue, 31 Jan 2023 07:18:42 GMT age: 57987 etag: "8e30002699e9fbf2047f9ac11a36d2175fc9c591" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 15857 Md5: 4bb3a6fba496d54cdbbccaf2b9600386 Sha1: 8e30002699e9fbf2047f9ac11a36d2175fc9c591 Sha256: 927bf3a04b011b4e3bc8d8772a3d5813507f7f523312d43627767b64615562f3
GET /data/auth/css/style.css HTTP/1.1 Host: brendand.gq User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://brendand.gq/data/auth/auth.php?md=hwfoitbyaordjwhusmxj&hwfoitbyaordjwhusmxj= Cookie: PHPSESSID=9c7f099cb41a464810e02c9e65090147	URL: brendand.gq/data/auth/css/style.css FQDN: brendand.gq IP: 162.240.217.49 HASH: a9b2194a163f7309caa12f626ef199273b8a354649d5d150eff47c53a2baa425 162.240.217.49 HTTP/1.1 200 OK Content-Type: text/css Date: Tue, 31 Jan 2023 23:25:08 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Last-Modified: Fri, 03 Apr 2020 19:40:52 GMT Accept-Ranges: bytes Content-Length: 618839 Keep-Alive: timeout=5, max=100 --- Additional Info --- Magic: ASCII text, with CRLF line terminators Size: 618839 Md5: cfb7cd54bb257cfb218e05a5a731c29a Sha1: 3f760b093710e3f987dd4390c26d8956db6d8893 Sha256: a9b2194a163f7309caa12f626ef199273b8a354649d5d150eff47c53a2baa425 Alerts: urlquery: - Phishing - Chase - Phishing - Chase IDS: - ET INFO HTTP Request to a *.gq domain
GET /data/auth/js/jquery.min.js HTTP/1.1 Host: brendand.gq User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://brendand.gq/data/auth/auth.php?md=hwfoitbyaordjwhusmxj&hwfoitbyaordjwhusmxj= Cookie: PHPSESSID=9c7f099cb41a464810e02c9e65090147	URL: brendand.gq/data/auth/js/jquery.min.js FQDN: brendand.gq IP: 162.240.217.49 HASH: 6e1297448cf350be58ab05a6c413fa4d4b97440a0a3ab97fb03c09ff49af5ad4 162.240.217.49 HTTP/1.1 200 OK Content-Type: application/javascript Date: Tue, 31 Jan 2023 23:25:08 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Last-Modified: Fri, 17 Apr 2020 06:17:40 GMT Accept-Ranges: bytes Content-Length: 159538 Keep-Alive: timeout=5, max=100 --- Additional Info --- Magic: ASCII text, with very long lines (568) Size: 159538 Md5: 50f1aacb05fc40763064d74404c5bcb2 Sha1: b3c28cab2fc387c630cf23704dde2f1b5013747c Sha256: 6e1297448cf350be58ab05a6c413fa4d4b97440a0a3ab97fb03c09ff49af5ad4 Alerts: urlquery: - Phishing - Chase - Phishing - Chase Blocklists: - fortinet: Phishing IDS: - ET INFO HTTP Request to a *.gq domain
GET /data/auth/img/aioe_icon_2_card_lg.png HTTP/1.1 Host: brendand.gq User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://brendand.gq/data/auth/auth.php?md=hwfoitbyaordjwhusmxj&hwfoitbyaordjwhusmxj= Cookie: PHPSESSID=9c7f099cb41a464810e02c9e65090147	URL: brendand.gq/data/auth/img/aioe_icon_2_card_lg.png FQDN: brendand.gq IP: 162.240.217.49 HASH: ec7a2e669f551ad0588a2ce4b1ee04fd5ae9ee16042fc97d022c6b287b9a6494 162.240.217.49 HTTP/1.1 200 OK Content-Type: image/png Date: Tue, 31 Jan 2023 23:25:09 GMT Server: Apache Last-Modified: Mon, 20 Sep 2021 16:53:10 GMT Accept-Ranges: bytes Content-Length: 3262 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive --- Additional Info --- Magic: PNG image data, 112 x 112, 8-bit/color RGBA, non-interlaced\012- data Size: 3262 Md5: b8ce783abcee5ceb012b84d6f275b908 Sha1: ef64977d3f752bdefd0df2360600908ef8575324 Sha256: ec7a2e669f551ad0588a2ce4b1ee04fd5ae9ee16042fc97d022c6b287b9a6494 Alerts: urlquery: - Phishing - Chase - Phishing - Chase IDS: - ET INFO HTTP Request to a *.gq domain
GET /data/auth/img/aioe_icon_1_pid_lg.png HTTP/1.1 Host: brendand.gq User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://brendand.gq/data/auth/auth.php?md=hwfoitbyaordjwhusmxj&hwfoitbyaordjwhusmxj= Cookie: PHPSESSID=9c7f099cb41a464810e02c9e65090147	URL: brendand.gq/data/auth/img/aioe_icon_1_pid_lg.png FQDN: brendand.gq IP: 162.240.217.49 HASH: 8e2e5ed99b3cf11d88f281c0ad9ac0aaa30c311515536c8a9c90be58ca56ec39 162.240.217.49 HTTP/1.1 200 OK Content-Type: image/png Date: Tue, 31 Jan 2023 23:25:09 GMT Server: Apache Last-Modified: Mon, 20 Sep 2021 16:51:00 GMT Accept-Ranges: bytes Content-Length: 4004 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive --- Additional Info --- Magic: PNG image data, 112 x 112, 8-bit/color RGBA, non-interlaced\012- data Size: 4004 Md5: 210d4f89d07fe1f8fd4d9a319e63933f Sha1: 8b9f60d4c9368881d3cfb41fb7426675e03619db Sha256: 8e2e5ed99b3cf11d88f281c0ad9ac0aaa30c311515536c8a9c90be58ca56ec39 Alerts: urlquery: - Phishing - Chase - Phishing - Chase IDS: - ET INFO HTTP Request to a *.gq domain
GET /data/auth/img/loading.gif HTTP/1.1 Host: brendand.gq User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://brendand.gq/data/auth/auth.php?md=hwfoitbyaordjwhusmxj&hwfoitbyaordjwhusmxj= Cookie: PHPSESSID=9c7f099cb41a464810e02c9e65090147	URL: brendand.gq/data/auth/img/loading.gif FQDN: brendand.gq IP: 162.240.217.49 HASH: 5e3d5246b17e19e65385092db07554d8e1c5c4a226a6d7f97824b8e1e8571e34 162.240.217.49 HTTP/1.1 200 OK Content-Type: image/gif Date: Tue, 31 Jan 2023 23:25:09 GMT Server: Apache Last-Modified: Sat, 11 Aug 2018 10:03:50 GMT Accept-Ranges: bytes Content-Length: 38636 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive --- Additional Info --- Magic: GIF image data, version 89a, 200 x 200\012- data Size: 38636 Md5: d10ef01e81faa2c2d812bdf670b4e072 Sha1: 77d09a57b2091fd7665dff763a5eab23e0ff907e Sha256: 5e3d5246b17e19e65385092db07554d8e1c5c4a226a6d7f97824b8e1e8571e34 Alerts: urlquery: - Phishing - Chase - Phishing - Chase IDS: - ET INFO HTTP Request to a *.gq domain
GET /data/auth/img/alert.gif HTTP/1.1 Host: brendand.gq User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://brendand.gq/data/auth/auth.php?md=hwfoitbyaordjwhusmxj&hwfoitbyaordjwhusmxj= Cookie: PHPSESSID=9c7f099cb41a464810e02c9e65090147	URL: brendand.gq/data/auth/img/alert.gif FQDN: brendand.gq IP: 162.240.217.49 HASH: 86a86f9ba8a23418cb079bbf61fe64974770fb416a27384ef80045976487894e 162.240.217.49 HTTP/1.1 200 OK Content-Type: image/gif Date: Tue, 31 Jan 2023 23:25:09 GMT Server: Apache Last-Modified: Mon, 06 Apr 2020 23:12:04 GMT Accept-Ranges: bytes Content-Length: 6926 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive --- Additional Info --- Magic: GIF image data, version 89a, 240 x 240\012- data Size: 6926 Md5: 6b3fe3fcfdc8a4f64ce935194f5591ab Sha1: 64d7c83fa447c9b84997b034d8434155ae53163e Sha256: 86a86f9ba8a23418cb079bbf61fe64974770fb416a27384ef80045976487894e Alerts: urlquery: - Phishing - Chase - Phishing - Chase IDS: - ET INFO HTTP Request to a *.gq domain
GET /data/auth/img/aioe_icon_3_devices_lg.png HTTP/1.1 Host: brendand.gq User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://brendand.gq/data/auth/auth.php?md=hwfoitbyaordjwhusmxj&hwfoitbyaordjwhusmxj= Cookie: PHPSESSID=9c7f099cb41a464810e02c9e65090147	URL: brendand.gq/data/auth/img/aioe_icon_3_devices_lg.png FQDN: brendand.gq IP: 162.240.217.49 HASH: e457f20d64d186c61a8467fe70d4eec890ed7fb85d5de2a9fc31834567131a1f 162.240.217.49 HTTP/1.1 200 OK Content-Type: image/png Date: Tue, 31 Jan 2023 23:25:09 GMT Server: Apache Last-Modified: Mon, 20 Sep 2021 16:54:26 GMT Accept-Ranges: bytes Content-Length: 3677 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive --- Additional Info --- Magic: PNG image data, 112 x 112, 8-bit/color RGBA, non-interlaced\012- data Size: 3677 Md5: 33ac311a458863ee4fc16b6fae4a40b5 Sha1: 9b65fd7af34bdaaddcde363383114f706b335ad8 Sha256: e457f20d64d186c61a8467fe70d4eec890ed7fb85d5de2a9fc31834567131a1f Alerts: urlquery: - Phishing - Chase - Phishing - Chase IDS: - ET INFO HTTP Request to a *.gq domain
GET /data/auth/img/emdef213.png HTTP/1.1 Host: brendand.gq User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://brendand.gq/data/auth/auth.php?md=hwfoitbyaordjwhusmxj&hwfoitbyaordjwhusmxj= Cookie: PHPSESSID=9c7f099cb41a464810e02c9e65090147	URL: brendand.gq/data/auth/img/emdef213.png FQDN: brendand.gq IP: 162.240.217.49 HASH: 9f926e83679171e34c289ff3aa5b7f067e75cfa564345f53941ca824c42d5f77 162.240.217.49 HTTP/1.1 200 OK Content-Type: image/png Date: Tue, 31 Jan 2023 23:25:09 GMT Server: Apache Last-Modified: Sat, 04 Apr 2020 22:34:26 GMT Accept-Ranges: bytes Content-Length: 26120 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive --- Additional Info --- Magic: PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data Size: 26120 Md5: f97e9297a90a73c16b5734c0910785ce Sha1: d9df719d58da061ccf75349314e562f8b22b76d3 Sha256: 9f926e83679171e34c289ff3aa5b7f067e75cfa564345f53941ca824c42d5f77 Alerts: urlquery: - Phishing - Chase - Phishing - Chase IDS: - ET INFO HTTP Request to a *.gq domain
GET /data/auth/img/logo.svg HTTP/1.1 Host: brendand.gq User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://brendand.gq/data/auth/css/lostyle.css Cookie: PHPSESSID=9c7f099cb41a464810e02c9e65090147	URL: brendand.gq/data/auth/img/logo.svg FQDN: brendand.gq IP: 162.240.217.49 HASH: d3bf9c143e5e360da41736b1d4e833b5ac6b6f7093ddc91ffc538233a78488d0 162.240.217.49 HTTP/1.1 200 OK Content-Type: image/svg+xml Date: Tue, 31 Jan 2023 23:25:09 GMT Server: Apache Last-Modified: Fri, 03 Apr 2020 18:54:14 GMT Accept-Ranges: bytes Content-Length: 1409 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive --- Additional Info --- Magic: SVG Scalable Vector Graphics image\012- , ASCII text Size: 1409 Md5: b55b042f907bc7108f5dca2103a8476b Sha1: 9fcdcc86bfe1f3c7d4f774775670fbd08fe7556c Sha256: d3bf9c143e5e360da41736b1d4e833b5ac6b6f7093ddc91ffc538233a78488d0 Alerts: urlquery: - Phishing - Chase - Phishing - Chase Blocklists: - fortinet: Phishing IDS: - ET INFO HTTP Request to a *.gq domain
GET /data/auth/fonts/opensans-regular.ttf HTTP/1.1 Host: brendand.gq User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://brendand.gq/data/auth/auth.php?md=hwfoitbyaordjwhusmxj&hwfoitbyaordjwhusmxj= Cookie: PHPSESSID=9c7f099cb41a464810e02c9e65090147	URL: brendand.gq/data/auth/fonts/opensans-regular.ttf FQDN: brendand.gq IP: 162.240.217.49 HASH: c03c23a10c648cdb736fe0c1459cd94b7ed7029cb87eefbf32f9de0536c4236d 162.240.217.49 HTTP/1.1 200 OK Content-Type: font/ttf Date: Tue, 31 Jan 2023 23:25:09 GMT Server: Apache Last-Modified: Wed, 15 Apr 2020 10:35:48 GMT Accept-Ranges: bytes Content-Length: 45372 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive --- Additional Info --- Magic: TrueType Font data, 19 tables, 1st "FFTM", 18 names, Microsoft, language 0x409, Digitized data copyright \251 2010-2011, Google Corporation.Open SansRegularAscender - Open Sans\012- data Size: 45372 Md5: 5eb12c4256bb7c968f2a807222b09543 Sha1: b8acd3e311fbe0c9ab3d63bfab9f1a448602bd0d Sha256: c03c23a10c648cdb736fe0c1459cd94b7ed7029cb87eefbf32f9de0536c4236d Alerts: urlquery: - Phishing - Chase - Phishing - Chase Blocklists: - fortinet: Phishing IDS: - ET INFO HTTP Request to a *.gq domain
GET /data/auth/fonts/dcefont.woff HTTP/1.1 Host: brendand.gq User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Connection: keep-alive Referer: http://brendand.gq/data/auth/css/style.css Cookie: PHPSESSID=9c7f099cb41a464810e02c9e65090147	URL: brendand.gq/data/auth/fonts/dcefont.woff FQDN: brendand.gq IP: 162.240.217.49 HASH: 6ea71f4189e78297e3d1834c586a10dd39826ed8361cb1268b847cef45e03cb1 162.240.217.49 HTTP/1.1 200 OK Content-Type: font/woff Date: Tue, 31 Jan 2023 23:25:09 GMT Server: Apache Last-Modified: Fri, 03 Apr 2020 19:34:38 GMT Accept-Ranges: bytes Content-Length: 70296 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive --- Additional Info --- Magic: Web Open Font Format, TrueType, length 70296, version 0.0\012- data Size: 70296 Md5: 2ec43bffa4424b28d0cc96b37cca33a4 Sha1: 1cde2661fb95ece87155c7931d5da6911331ef43 Sha256: 6ea71f4189e78297e3d1834c586a10dd39826ed8361cb1268b847cef45e03cb1 Alerts: urlquery: - Phishing - Chase - Phishing - Chase Blocklists: - fortinet: Phishing IDS: - ET INFO HTTP Request to a *.gq domain
GET /data/auth/img/congra.png HTTP/1.1 Host: brendand.gq User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://brendand.gq/data/auth/auth.php?md=hwfoitbyaordjwhusmxj&hwfoitbyaordjwhusmxj= Cookie: PHPSESSID=9c7f099cb41a464810e02c9e65090147	URL: brendand.gq/data/auth/img/congra.png FQDN: brendand.gq IP: 162.240.217.49 HASH: 065a5ede3e090578c581c77883c6acfa9dc9393efc2f19775cfb410263fa8e1c 162.240.217.49 HTTP/1.1 200 OK Content-Type: image/png Date: Tue, 31 Jan 2023 23:25:09 GMT Server: Apache Last-Modified: Mon, 02 Dec 2019 17:22:14 GMT Accept-Ranges: bytes Content-Length: 22060 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive --- Additional Info --- Magic: PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data Size: 22060 Md5: 1cb46cbb550a7047d40ff30244ca144b Sha1: 8c41692d4a18624338f9ec32f569b028aa20f827 Sha256: 065a5ede3e090578c581c77883c6acfa9dc9393efc2f19775cfb410263fa8e1c Alerts: urlquery: - Phishing - Chase - Phishing - Chase IDS: - ET INFO HTTP Request to a *.gq domain
GET /data/auth/img/icon.ico HTTP/1.1 Host: brendand.gq User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://brendand.gq/data/auth/auth.php?md=hwfoitbyaordjwhusmxj&hwfoitbyaordjwhusmxj= Cookie: PHPSESSID=9c7f099cb41a464810e02c9e65090147	URL: brendand.gq/data/auth/img/icon.ico FQDN: brendand.gq IP: 162.240.217.49 HASH: 625816f80596303e9de8e68695973369faa462b416202825b03899c781464fb9 162.240.217.49 HTTP/1.1 200 OK Content-Type: image/x-icon Date: Tue, 31 Jan 2023 23:25:09 GMT Server: Apache Last-Modified: Fri, 17 Apr 2020 07:43:34 GMT Accept-Ranges: bytes Content-Length: 32038 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive --- Additional Info --- Magic: MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data Size: 32038 Md5: 5744986eb3dc6f2da92157a651889902 Sha1: 5a558b58498fab2aeb742acdab51e0c2fbc78385 Sha256: 625816f80596303e9de8e68695973369faa462b416202825b03899c781464fb9 Alerts: urlquery: - Phishing - Chase - Phishing - Chase Blocklists: - fortinet: Phishing IDS: - ET INFO HTTP Request to a *.gq domain
GET /data/auth/img/background.desktop.13.jpeg HTTP/1.1 Host: brendand.gq User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://brendand.gq/data/auth/auth.php?md=hwfoitbyaordjwhusmxj&hwfoitbyaordjwhusmxj= Cookie: PHPSESSID=9c7f099cb41a464810e02c9e65090147	URL: brendand.gq/data/auth/img/background.desktop.13.jpeg FQDN: brendand.gq IP: 162.240.217.49 HASH: cebbe70886b381c8f98b5d70e85b401b6a242c11e71c0cb0ab1716b185dddfa1 162.240.217.49 HTTP/1.1 200 OK Content-Type: image/jpeg Date: Tue, 31 Jan 2023 23:25:09 GMT Server: Apache Last-Modified: Wed, 22 Sep 2021 13:56:58 GMT Accept-Ranges: bytes Content-Length: 241394 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive --- Additional Info --- Magic: JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x1080, components 3\012- data Size: 241394 Md5: e484e23bca3c31f364df8ff9df47d068 Sha1: 880091ca3384d68d57cd0aeb0153e816493b4e62 Sha256: cebbe70886b381c8f98b5d70e85b401b6a242c11e71c0cb0ab1716b185dddfa1 Alerts: urlquery: - Phishing - Chase - Phishing - Chase Blocklists: - fortinet: Phishing IDS: - ET INFO HTTP Request to a *.gq domain
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82a4ade3-0c43-4f21-9738-0bc1dbb9a6a6.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site TE: trailers	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: b32e7e1a2eee367c5bf9e99bcb38f4c74c4e9e7bdfe7fb0f8f2a657060c0624c 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 8597 x-amzn-requestid: e7bf4ac9-d86d-4ee9-9e10-8a42e5dfe2c6 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: fcRaNEW4IAMFatA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63d4c90d-7731312f630b00ba028836ca;Sampled=0 x-amzn-remapped-date: Sat, 28 Jan 2023 07:04:45 GMT x-amz-cf-pop: SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: z3ZJ7bq6LuJd-9I9D22VIs0avctNGVDKnYmt-fxevCheQibivmUomQ== via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google date: Tue, 31 Jan 2023 07:52:17 GMT age: 55979 etag: "eb27fae0bb17dbe0929a620002195233ef50c1d0" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 8597 Md5: 27e95b7912edc909d6b031e36fe83534 Sha1: eb27fae0bb17dbe0929a620002195233ef50c1d0 Sha256: b32e7e1a2eee367c5bf9e99bcb38f4c74c4e9e7bdfe7fb0f8f2a657060c0624c

URL	brendand.gq/data/auth/auth.php?md=hwfoitbyaordjwhusmxj&hwfoitbyaordjwhusmxj=
IP	162.240.217.49 (United States)
ASN	#46606 UNIFIEDLAYER-AS-1
UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed	2023-01-31 23:25:18 UTC
Status	Loading report..
IDS alerts	20
Blocklist alert	9
urlquery alerts	37 Phishing - Chase
Tags	chase financial phishing

Overview

Domain Summary (8)

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 162.240.217.49

Last 5 reports on ASN: UNIFIEDLAYER-AS-1

Last 1 reports on domain: brendand.gq

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (7)

Executed Evals (0)

Executed Writes (1)

#1 JavaScript::Write (size: 4) - SHA256: d398b29d3dbbb9bf201d4c7e1c19ff9d43c15fd45a0cec46fbe9885ec3f6e97f

HTTP Transactions (40)

Overview

Domain Summary (8)

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 162.240.217.49

Last 5 reports on ASN: UNIFIEDLAYER-AS-1

Last 1 reports on domain: brendand.gq

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (7)

Executed Evals (0)

Executed Writes (1)

#1 JavaScript::Write (size: 4) - SHA256: d398b29d3dbbb9bf201d4c7e1c19ff9d43c15fd45a0cec46fbe9885ec3f6e97f

HTTP Transactions (40)

Network Intrusion Detection Systems