Report - haqcontracting.com/

Report Overview

Submitted URL
haqcontracting.com/
IP
192.111.150.72
ASN
#31863 DACEN-2
Submitted
2022-09-28 01:44:25
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
74

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	515 B	1.7 kB	142.250.74.164
maps.google.com	1899	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	520 B	897 B	216.58.211.14
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	982 B	28 kB	142.250.74.163
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	73 kB	34.120.237.76
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.49
haqcontracting.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	12 kB	1.1 MB	192.111.150.72
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.0 kB	6.3 kB	142.250.74.3
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	414 B	1.9 kB	142.250.74.10
region1.google-analytics.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	639 B	565 B	216.239.34.36
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	44.242.41.15
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.36
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	3.5 kB	23.36.77.32
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	374 B	77 kB	142.250.74.72

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-09-20	medium	haqcontracting.com/	Generic/Spear Phishing
2022-09-20	medium	haqcontracting.com/	Generic/Spear Phishing
2022-09-20	medium	haqcontracting.com/	Generic/Spear Phishing
2022-09-20	medium	haqcontracting.com/	Generic/Spear Phishing
2022-09-20	medium	haqcontracting.com/	Generic/Spear Phishing
2022-09-20	medium	haqcontracting.com/	Generic/Spear Phishing
2022-09-20	medium	haqcontracting.com/	Generic/Spear Phishing
2022-09-20	medium	haqcontracting.com/	Generic/Spear Phishing
2022-09-20	medium	haqcontracting.com/	Generic/Spear Phishing
2022-09-20	medium	haqcontracting.com/	Generic/Spear Phishing
2022-09-20	medium	haqcontracting.com/	Generic/Spear Phishing
2022-09-20	medium	haqcontracting.com/	Generic/Spear Phishing
2022-09-20	medium	haqcontracting.com/	Generic/Spear Phishing
2022-09-20	medium	haqcontracting.com/	Generic/Spear Phishing
2022-09-20	medium	haqcontracting.com/	Generic/Spear Phishing
2022-09-20	medium	haqcontracting.com/	Generic/Spear Phishing
2022-09-20	medium	haqcontracting.com/	Generic/Spear Phishing
2022-09-20	medium	haqcontracting.com/	Generic/Spear Phishing
2022-09-20	medium	haqcontracting.com/	Generic/Spear Phishing
2022-09-20	medium	haqcontracting.com/	Generic/Spear Phishing
2022-09-20	medium	haqcontracting.com/	Generic/Spear Phishing
2022-09-20	medium	haqcontracting.com/	Generic/Spear Phishing
2022-09-20	medium	haqcontracting.com/	Generic/Spear Phishing
2022-09-20	medium	haqcontracting.com/	Generic/Spear Phishing
2022-09-20	medium	haqcontracting.com/	Generic/Spear Phishing
2022-09-20	medium	haqcontracting.com/	Generic/Spear Phishing
2022-09-20	medium	haqcontracting.com/	Generic/Spear Phishing
2022-09-20	medium	haqcontracting.com/	Generic/Spear Phishing
2022-09-20	medium	haqcontracting.com/	Generic/Spear Phishing
2022-09-20	medium	haqcontracting.com/	Generic/Spear Phishing

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-28	medium	haqcontracting.com/	Phishing
2022-09-28	medium	haqcontracting.com/	Phishing
2022-09-28	medium	haqcontracting.com/js/templatemo-script.js	Phishing
2022-09-28	medium	haqcontracting.com/js/slick.js	Phishing
2022-09-28	medium	haqcontracting.com/js/bootstrap.min.js	Phishing
2022-09-28	medium	haqcontracting.com/js/jquery-3.5.1.min.js	Phishing
2022-09-28	medium	haqcontracting.com/video/gfp-astro-timelapse.mp4	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (18)

	URL	Size	First Seen	Last Seen
	haqcontracting.com/	162 B	2023-03-07	2023-03-13
Pretty URL haqcontracting.com/ IP 192.111.150.72 ASN #31863 DACEN-2 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:12:34 Last Seen2023-03-13 00:41:42 Times Seen1 Hash fb1a2f780b3508af5ad1aaa39bb000b9 9295ed14a0dd356bd25c104761880bde216eed18 7e92dd4ab9826b54c2fd0d43b19e992f38a97eb7bb49ea776b0c987d4b04415a Loading...

	haqcontracting.com/js/slick.js	88 kB	2023-03-07	2024-04-28
Pretty URL haqcontracting.com/js/slick.js IP 192.111.150.72 ASN #31863 DACEN-2 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:45 Last Seen2024-04-28 05:43:23 Times Seen432 Hash da910267cd968a7d269efaed738025bd 5ec4668718b141fdce606a471be60543746378e8 3e65bc436e35cb24f4020abe8a71906ea53ca284df84095d6824e27f55883f90 Loading...

	haqcontracting.com/js/bootstrap.min.js	62 kB	2023-03-07	2024-05-02
Pretty URL haqcontracting.com/js/bootstrap.min.js IP 192.111.150.72 ASN #31863 DACEN-2 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:05:17 Last Seen2024-05-02 20:24:32 Times Seen486 Hash 86c66103329d2d376c5ec84117058497 d65c1eda71a436de34a324b73708421225785f59 83ce8dec787fb3ceacaf7a5b61f36475a8a8ec525717aabd73dd6e25522d28b8 Loading...

	haqcontracting.com/js/templatemo-script.js	2.0 kB	2023-03-07	2023-03-14
Pretty URL haqcontracting.com/js/templatemo-script.js IP 192.111.150.72 ASN #31863 DACEN-2 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:12:34 Last Seen2023-03-14 08:41:30 Times Seen1 Hash 177a803c5a3bef2dab28a76a73704830 116736aae0cb1649ddba182c2d28fcbc03ad5f83 b073332110447188e27c9289e46f2ce4462fde4facffed616e7c1e5e24bb5d7d Loading...

	www.google.com/maps/embed?origin=mfe&pb=!1m3!2m1!1s25.183492,+51.447021!6i15	1.8 kB	2023-03-08	2023-03-08
Pretty URL www.google.com/maps/embed?origin=mfe&pb=!1m3!2m1!1s25.183492,+51.447021!6i15 IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:50:15 Last Seen2023-03-08 02:50:15 Times Seen1 Hash ac80a6e73be7913f6980782a52fdb7f6 4b55ca0716101cc58cead7dc977ee464146ff178 1d47fb69aa5b562b82880f289332700d57b13433e46d341085390412b549f5bc Loading...

	maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=en_US&callback=onApiLoad	174 kB	2023-03-08	2023-03-08
Pretty URL maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=en_US&callback=onApiLoad IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:50:15 Last Seen2023-03-08 02:56:52 Times Seen1 Hash f9e4eb1830419ddb977af3358f2c56a8 ec9ca8396d0198139ef279def191a467f7c3bcf9 a4878c61a67bce16f7ccf558630e10334dccedfa1b8ed924f1ca5c7da0bba10b Loading...

	maps.googleapis.com/maps-api-v3/api/js/50/6/overlay.js	3.6 kB	2023-03-07	2023-03-08
Pretty URL maps.googleapis.com/maps-api-v3/api/js/50/6/overlay.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:54:54 Last Seen2023-03-08 03:07:26 Times Seen1 Hash 8c0b67a456bdaf58f051ef9afafa46ae c45b6fa01721570237877c828a8467cddecf5ba7 30c95c3b9adb7f826844bfd1966319f6801cc3432f57f1c6f79ddb49a64721df Loading...

	www.googletagmanager.com/gtag/js?id=G-P2MKF1KVKZ	219 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=G-P2MKF1KVKZ IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:50:15 Last Seen2023-03-08 02:50:15 Times Seen1 Hash 1e0f91b3e091aa755eb904ef58a99fbc 65e52024661374630457cf7d05e2cffafa6a89ef 707c5b34dbc5886ed98d0fb446a61a29b05e08d2270711bfb0b1428950c5628b Loading...

	maps.googleapis.com/maps-api-v3/api/js/50/6/search_impl.js	2.8 kB	2023-03-07	2023-03-08
Pretty URL maps.googleapis.com/maps-api-v3/api/js/50/6/search_impl.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:54:54 Last Seen2023-03-08 03:07:26 Times Seen1 Hash e68d4a524db9e4eec94e4e574bcf462e 13a4ac9984de00040b2ffa4d9545922c1c8ffa46 0237bccee042a397442b7e204d07e524ffcde76100a42f1ffb5acf3b8fb719ea Loading...

	maps.googleapis.com/maps-api-v3/api/js/50/6/common.js	252 kB	2023-03-07	2023-03-08
Pretty URL maps.googleapis.com/maps-api-v3/api/js/50/6/common.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:47:31 Last Seen2023-03-08 03:11:05 Times Seen1 Hash d3fd1f634c6bb18b363f3d03b7b3925e a2a082e3a12138256cc67310c21e4378d4378508 f37f4f2ac2c66956043d95284071e516a633f7113819e8a675a68577c82b29ad Loading...

	maps.googleapis.com/maps-api-v3/api/js/50/6/map.js	72 kB	2023-03-07	2023-03-08
Pretty URL maps.googleapis.com/maps-api-v3/api/js/50/6/map.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:53:41 Last Seen2023-03-08 03:07:26 Times Seen1 Hash 3879b8ce682bd9aeddae1ec171d598e4 cce0e90503509ca5a313c9e2720d41dafab21d43 b123f4c5ea191fa6460046c73664b0be01b82c5344f13a014694848062b82862 Loading...

	maps.googleapis.com/maps/api/js/QuotaService.RecordEvent?1shttps%3A%2F%2Fwww.google.com%2Fmaps%2Fembed&2sgoogle-maps-embed&7skysa5g&10e1&callback=_xdc_._xw49dw&client=google-maps-embed&token=117583	62 B	2023-03-08	2023-03-08
Pretty URL maps.googleapis.com/maps/api/js/QuotaService.RecordEvent?1shttps%3A%2F%2Fwww.google.com%2Fmaps%2Fembed&2sgoogle-maps-embed&7skysa5g&10e1&callback=_xdc_._xw49dw&client=google-maps-embed&token=117583 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:50:15 Last Seen2023-03-08 02:50:15 Times Seen1 Hash f7efe472a219bd13d749a91764e774a1 e992b4e04090507f52f01a0fc7bfe8e63df324c9 49af5938f5abb8d8d2e18f031868170f2c1e855fb530e81fdd13b9af6144bd3f Loading...

	haqcontracting.com/js/jquery-3.5.1.min.js	90 kB	2023-03-07	2024-05-04
Pretty URL haqcontracting.com/js/jquery-3.5.1.min.js IP 192.111.150.72 ASN #31863 DACEN-2 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:27 Last Seen2024-05-04 19:55:03 Times Seen4900 Hash 12b69d0ae6c6f0c42942ae6da2896e84 d2cc8d43ce1c854b1172e42b1209502ad563db83 6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f Loading...

	unknown	0 B	2023-03-07	2024-05-04
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-04 22:38:40 Times Seen37348167 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	maps.googleapis.com/maps-api-v3/api/js/50/6/onion.js	28 kB	2023-03-07	2023-03-08
Pretty URL maps.googleapis.com/maps-api-v3/api/js/50/6/onion.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:53:41 Last Seen2023-03-08 03:07:26 Times Seen1 Hash 504e2af1af235b43a9f7087334afe36b bdb6022c92e76752ac0860db6472c3d717eeb6b8 34725ee368d02e21f81a344faf32a5b543d3294ed4bc3aa4a7ee50b7dc08b44f Loading...

	maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo?1m6&1m2&1d25.159661540461418&2d51.4176115909936&2m2&1d25.207818462402283&2d51.47664265659854&2u15&4sen-US&5e0&6sm%40620000000&7b0&8e0&11e289&12e1&13shttps%3A%2F%2Fwww.google.com%2Fmaps%2Fembed&14b1&callback=_xdc_._l7lpc8&client=google-maps-embed&token=49275	26 kB	2023-03-08	2023-03-08
Pretty URL maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo?1m6&1m2&1d25.159661540461418&2d51.4176115909936&2m2&1d25.207818462402283&2d51.47664265659854&2u15&4sen-US&5e0&6sm%40620000000&7b0&8e0&11e289&12e1&13shttps%3A%2F%2Fwww.google.com%2Fmaps%2Fembed&14b1&callback=_xdc_._l7lpc8&client=google-maps-embed&token=49275 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:50:15 Last Seen2023-03-08 02:50:15 Times Seen1 Hash 36042b6bda7fb9e87246f40c04ae6c18 12e01dfebe9b27a15121fcd06bf65a6074eca8c3 ab9ed5e913a7d90cf52bc7e3b1e846be16709cf158bf9cae98160446f3e165ff Loading...

	maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate?1shttps%3A%2F%2Fwww.google.com%2Fmaps%2Fembed&2sgoogle-maps-embed&7m1&1e0&callback=_xdc_._lkdbea&client=google-maps-embed&token=33359	62 B	2023-03-07	2023-03-17
Pretty URL maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate?1shttps%3A%2F%2Fwww.google.com%2Fmaps%2Fembed&2sgoogle-maps-embed&7m1&1e0&callback=_xdc_._lkdbea&client=google-maps-embed&token=33359 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:47 Last Seen2023-03-17 12:55:46 Times Seen1 Hash 0e17a392d717b51a588445d5d37fde38 bf28db243e1250adcbc26ead733c95fde9b8ff9d e8787b986ce1452c351a4976cb95b95be50429a278530debf91d524e72a65ec8 Loading...

	maps.gstatic.com/maps-api-v3/embed/js/50/6/init_embed.js	226 kB	2023-03-07	2023-03-08
Pretty URL maps.gstatic.com/maps-api-v3/embed/js/50/6/init_embed.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:54:54 Last Seen2023-03-08 03:07:26 Times Seen1 Hash ecea07c3fe85e8678aac6c89c9dc1cec 022f651a99df0dc5b2da73bb751557923c7de8ae 0ce14757ada5db3cb6f1c10cb80357a99984c34517f220d1728afdc6a3bc2583 Loading...

HTTP Transactions (62)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

143.204.55.36

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 28 Sep 2022 01:15:37 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: gQwILuoRmWc5YpH4dzTabqQxRucQRtUbTb2h_s6uZ5jwOAY90dxR-A==
Age: 1717

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7fb7c70f7f4e2cee27eb0e7d875931f7
98fca3817a551b1daecebae103a48e718b8b5a53
2a40f957a6b1734aa3f87cff51b673f0536732db15b09033dd604879692df349

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A40F957A6B1734AA3F87CFF51B673F0536732DB15B09033DD604879692DF349"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8340
Expires: Wed, 28 Sep 2022 04:03:14 GMT
Date: Wed, 28 Sep 2022 01:44:14 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

143.204.55.49

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
143.204.55.49:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 27 Sep 2022 09:24:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: oqBWe0h_9HljpZSpGpnqFgAwEPCudmeEAcldXOX4BksyYeuki9ZvJQ==
age: 58801
X-Firefox-Spdy: h2

haqcontracting.com/

192.111.150.72

301 Moved Permanently

150 B

URL HTTP/1.1
haqcontracting.com/
IP
192.111.150.72:0
ASN
#31863 DACEN-2

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
150 B (150 bytes)
Hash
8f977a4dec4e2f873ef1c2065eec8b6e
5b20cca42a13085f554040a653c1a6fa71750a3a
1bc6f0b2cbde1e878384f6bec7ab654fd91bec16496b305aad722f911139d6e5

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: haqcontracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: https://haqcontracting.com/
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Wed, 28 Sep 2022 02:01:40 GMT
Content-Length: 150

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 01:44:14 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.36

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Wed, 28 Sep 2022 01:10:47 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Wed, 28 Sep 2022 01:12:03 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: YyR-fXcTC_0AIS6aZ_X_rcVGZZm6Jaxkw1TKIUwSMeyIhBrB06d8PA==
Age: 2009

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3a31cf7a26373252c50706f8dafcd3f4
b7ef419123020962a2e6db61c703b9fbb3a97cf9
9a94dd4ce5cb413cd8a7f343a5492f0d39963912e5b3be2e5a0e0eb8f10bddf2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9A94DD4CE5CB413CD8A7F343A5492F0D39963912E5B3BE2E5A0E0EB8F10BDDF2"
Last-Modified: Tue, 27 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Wed, 28 Sep 2022 07:44:15 GMT
Date: Wed, 28 Sep 2022 01:44:15 GMT
Connection: keep-alive

haqcontracting.com/

192.111.150.72

200 OK

2.9 kB

URL HTTP/1.1
haqcontracting.com/
IP
192.111.150.72:0
ASN
#31863 DACEN-2

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
2.9 kB (2929 bytes)
Hash
3a4343017f6b25e47b50b1cbfca70ea5
309b24383333369a6d369bf33c2e889ffc346a5d
5164336d2a957902d1c9e405cb7b1508ccba6fc13c9eda5e618590d9a6ed2a52

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: haqcontracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Sat, 17 Sep 2022 06:03:08 GMT
Accept-Ranges: bytes
ETag: "076a2285bcad81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Wed, 28 Sep 2022 02:01:41 GMT
Content-Length: 2929

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
c18823050f86339eaa73ddb1bf80d64c
ac4ee81f59f706cee8a74458d498bbc20d8d351a
9a505647517bd02d8ff994fd4ad98dc2f4b519916145b0c327691420c1084c46

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5795
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:44:15 GMT
Last-Modified: Wed, 28 Sep 2022 00:07:40 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
11b1f146fa6fa4a88b1efc65b548fb73
f3f12e14f8f66a2e7c43015c394af199e4a94e06
74441efb7e39672af50ce0b6190b20d20bc3ae744b415a17f8b96a0f89aa0491

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:44:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2f76d47ed4f3c90f557522303bb760bc
f34542cabea7a4517debf64c298b59fc009ea56c
5ce5c216b7cb6a4425f12453e447ad364bcc1cd7d23a9d2468a8a40adfc2cb10

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:44:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=G-P2MKF1KVKZ

142.250.74.72

200 OK

76 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=G-P2MKF1KVKZ
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (20189)
Size
76 kB (76432 bytes)
Hash
6b5e73963fc59c098992a60775878be6
6219147d1e0aff2262e9a40376a9d34276ae9ff8
e7eb2608bb63f539970bccf1e460e78bdb1be2b3f8e927e3dca12cf9ab9b912d

HTTP Headers

GET /gtag/js?id=G-P2MKF1KVKZ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haqcontracting.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 28 Sep 2022 01:44:15 GMT
expires: Wed, 28 Sep 2022 01:44:15 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76432
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@300;400&display=swap

142.250.74.10

200 OK

1.1 kB

URL HTTP/2
fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@300;400&display=swap
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
data
Size
1.1 kB (1104 bytes)
Hash
c06ba1e2a7481c0cea047eda1a60c91b
92f4abd4da8307e412fc663f9c8bd3533efeb6ea
36d3081f4b9a91081cb863a94425e2f8cff897311ec9ab2bfefe86800861d5f8

HTTP Headers

GET /css2?family=Source+Sans+Pro:wght@300;400&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haqcontracting.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 28 Sep 2022 01:44:15 GMT
date: Wed, 28 Sep 2022 01:44:15 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2f76d47ed4f3c90f557522303bb760bc
f34542cabea7a4517debf64c298b59fc009ea56c
5ce5c216b7cb6a4425f12453e447ad364bcc1cd7d23a9d2468a8a40adfc2cb10

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:44:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

push.services.mozilla.com/

44.242.41.15

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.242.41.15:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: rV9nqzbodZuh9UhQHRANPw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: mYHM3kjjKJ+lQMdQyNYJDO+043g=

haqcontracting.com/css/bootstrap.min.css

192.111.150.72

200 OK

153 kB

URL HTTP/1.1
haqcontracting.com/css/bootstrap.min.css
IP
192.111.150.72:0
ASN
#31863 DACEN-2

File type
Unicode text, UTF-8 text, with very long lines (65300)
Size
153 kB (153445 bytes)
Hash
a3e83a98e7bc7b8a3a5732bff71d7a1e
c5e420bb8a8d20b1d3c55ae86184b928f1ed681c
dcb81e082bb4150d01b9cdf732dc4a6ab9f82224597ea67533f00225b120f215

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing

HTTP Headers

GET /css/bootstrap.min.css HTTP/1.1
Host: haqcontracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haqcontracting.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Thu, 16 Sep 2021 18:10:36 GMT
Accept-Ranges: bytes
ETag: "036ae2526abd71:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Wed, 28 Sep 2022 02:01:41 GMT

haqcontracting.com/css/slick.css

192.111.150.72

200 OK

4.3 kB

URL HTTP/1.1
haqcontracting.com/css/slick.css
IP
192.111.150.72:0
ASN
#31863 DACEN-2

File type
ASCII text
Size
4.3 kB (4323 bytes)
Hash
6c2c4ab4ba0e3e8695cd7a5c3bfee474
e803979914fe7ddd16804d844bd74caa95bc04c7
f1b2f507b52e6ea0766b9cf647d8227483c993822ff2a0a1a99e15ff73fe3837

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing

HTTP Headers

GET /css/slick.css HTTP/1.1
Host: haqcontracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haqcontracting.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Thu, 16 Sep 2021 18:10:36 GMT
Accept-Ranges: bytes
ETag: "036ae2526abd71:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Wed, 28 Sep 2022 02:01:41 GMT
Content-Length: 4323

haqcontracting.com/js/templatemo-script.js

192.111.150.72

200 OK

2.1 kB

URL HTTP/1.1
haqcontracting.com/js/templatemo-script.js
IP
192.111.150.72:0
ASN
#31863 DACEN-2

File type
ASCII text, with CRLF line terminators
Size
2.1 kB (2053 bytes)
Hash
938c3a6567d2de32171def6bd3aad695
fbca4c847918e35fabae46e3d5fbc90c9ff327cb
df86c8e7052b269fec30526fddab52d1526975d9e65d065e259a58d6c5faaffa

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing
fortinet	Phishing

HTTP Headers

GET /js/templatemo-script.js HTTP/1.1
Host: haqcontracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haqcontracting.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 16 Sep 2021 18:10:38 GMT
Accept-Ranges: bytes
ETag: "063df2626abd71:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Wed, 28 Sep 2022 02:01:41 GMT
Content-Length: 2053

haqcontracting.com/css/templatemo-style.css

192.111.150.72

200 OK

14 kB

URL HTTP/1.1
haqcontracting.com/css/templatemo-style.css
IP
192.111.150.72:0
ASN
#31863 DACEN-2

File type
ASCII text, with CRLF line terminators
Size
14 kB (13779 bytes)
Hash
219553eedf979ee6efcee55e8612b4d8
ef7511901dc87c026817ffd512bf90f31e46c7c9
e76501dc09a147fe372c0a43ee27b6fb0256d3c5d37f3caa54694cc266197523

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing

HTTP Headers

GET /css/templatemo-style.css HTTP/1.1
Host: haqcontracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haqcontracting.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Sat, 18 Sep 2021 22:54:00 GMT
Accept-Ranges: bytes
ETag: "034ae11e0acd71:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Wed, 28 Sep 2022 02:01:41 GMT
Content-Length: 13779

haqcontracting.com/js/slick.js

192.111.150.72

200 OK

88 kB

URL HTTP/1.1
haqcontracting.com/js/slick.js
IP
192.111.150.72:0
ASN
#31863 DACEN-2

File type
ASCII text
Size
88 kB (88487 bytes)
Hash
7b22899e881644ea2309b1e7121d48a2
e8d59b06aa386de66c3b4327cebf5db68f9f226d
f5426160c0d43ce12823246c4969fab7192f8e46fe368a03a121dad18a1fe2bc

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing
fortinet	Phishing

HTTP Headers

GET /js/slick.js HTTP/1.1
Host: haqcontracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haqcontracting.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 16 Sep 2021 18:10:38 GMT
Accept-Ranges: bytes
ETag: "063df2626abd71:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Wed, 28 Sep 2022 02:01:41 GMT

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
be52dbe2d47697a7f007d69c486b77b4
fe445ea87749e97423e7865bc559ad78f672a62d
65d16df2b3095c658d2bdf39b06d57486967bba7b43c43108e5025d7af5b7ab6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:44:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

haqcontracting.com/img/proj_pics/pp_3.jpg

192.111.150.72

200 OK

13 kB

URL HTTP/1.1
haqcontracting.com/img/proj_pics/pp_3.jpg
IP
192.111.150.72:0
ASN
#31863 DACEN-2

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Size
13 kB (13057 bytes)
Hash
30e1c12222cc87f9143794ff11c79554
4c6dfe9a4b0708e6b2193d8d8c44551418392134
030c32c64807d1c51223cc65d2607c04e8d7b7c77cdd759b006d80e22911d97f

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing

HTTP Headers

GET /img/proj_pics/pp_3.jpg HTTP/1.1
Host: haqcontracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haqcontracting.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Sat, 18 Sep 2021 21:56:42 GMT
Accept-Ranges: bytes
ETag: "097910d8acd71:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Wed, 28 Sep 2022 02:01:42 GMT
Content-Length: 13057

haqcontracting.com/img/proj_pics/pp_1.jpg

192.111.150.72

200 OK

15 kB

URL HTTP/1.1
haqcontracting.com/img/proj_pics/pp_1.jpg
IP
192.111.150.72:0
ASN
#31863 DACEN-2

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Size
15 kB (14568 bytes)
Hash
d88ea2f69924b8b8804cb90ad79a10be
15a2a5401f257821e7efd55f42da5224bf4b3f9a
6aeb525a4ae09deaf98cbd03bed128b63486c34162f2fd14dbb10d6b93ad17cf

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing

HTTP Headers

GET /img/proj_pics/pp_1.jpg HTTP/1.1
Host: haqcontracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haqcontracting.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Sat, 18 Sep 2021 21:54:28 GMT
Accept-Ranges: bytes
ETag: "0429ac0d7acd71:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Wed, 28 Sep 2022 02:01:42 GMT
Content-Length: 14568

maps.google.com/maps?q=25.183492,%2051.447021&t=&z=15&ie=UTF8&iwloc=&output=embed

216.58.211.14

301 Moved Permanently

285 B

URL HTTP/2
maps.google.com/maps?q=25.183492,%2051.447021&t=&z=15&ie=UTF8&iwloc=&output=embed
IP
216.58.211.14:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
285 B (285 bytes)
Hash
31c5e36411856bbb5811e6e3f789daf9
b48e069d6f21f70051a482f6072567180163840f
c507b87b448317a3b0d5cdeba6a966d679bca3a9eaf61e1395dce7c65bbaf0d0

HTTP Headers

GET /maps?q=25.183492,%2051.447021&t=&z=15&ie=UTF8&iwloc=&output=embed HTTP/1.1
Host: maps.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haqcontracting.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 301 Moved Permanently
date: Wed, 28 Sep 2022 01:44:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://www.google.com/maps/embed?origin=mfe&pb=!1m3!2m1!1s25.183492,+51.447021!6i15
content-type: text/html; charset=UTF-8
server: mafe
content-length: 285
x-xss-protection: 0
x-frame-options: SAMEORIGIN
server-timing: gfet4t7; dur=1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
fc82211401f793132f7d43c2fd253af5
605d8371709b5d2a41967fd390c34fa649f89ea3
b23fd36ec037710672ac1aa6fea284e3869c4bae7941d9b53c771cff8743478e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:44:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
fc82211401f793132f7d43c2fd253af5
605d8371709b5d2a41967fd390c34fa649f89ea3
b23fd36ec037710672ac1aa6fea284e3869c4bae7941d9b53c771cff8743478e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:44:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2

142.250.74.163

200 OK

13 kB

URL HTTP/2
fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 12956, version 1.0\012- data
Size
13 kB (12956 bytes)
Hash
1c772d9d0531b187db80bcfc199c1786
c0c04fb334190e10dffed0dcc5c817c2a6041a15
122854df4f39cf922db317714c2ff0eccab27a1028c14a5aa2211f48b7e0eade

HTTP Headers

GET /s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://haqcontracting.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12956
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:28:30 GMT
expires: Thu, 21 Sep 2023 19:28:30 GMT
cache-control: public, max-age=31536000
age: 540946
last-modified: Wed, 27 Apr 2022 16:54:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

haqcontracting.com/img/proj_pics/pp_4.jpg

192.111.150.72

200 OK

21 kB

URL HTTP/1.1
haqcontracting.com/img/proj_pics/pp_4.jpg
IP
192.111.150.72:0
ASN
#31863 DACEN-2

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Size
21 kB (20606 bytes)
Hash
11f3ab79c25ec8ab1909c2b9734b067d
af114bdf0947eb428c5cc2be8924091a3eb08a3a
ddabd867dce49148cf399455a3fa8edffd766e0db7eddcbd4b72079a2e108476

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing

HTTP Headers

GET /img/proj_pics/pp_4.jpg HTTP/1.1
Host: haqcontracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haqcontracting.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Sat, 18 Sep 2021 21:57:46 GMT
Accept-Ranges: bytes
ETag: "0a99e36d8acd71:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Wed, 28 Sep 2022 02:01:42 GMT
Content-Length: 20606

fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

142.250.74.163

200 OK

13 kB

URL HTTP/2
fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 13036, version 1.0\012- data
Size
13 kB (13036 bytes)
Hash
0ad032b3d07aaf33b160ac4799dda40f
06b931e0d0bf37f5037d9e66d6feedfddd21c0ba
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0

HTTP Headers

GET /s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://haqcontracting.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13036
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:26:57 GMT
expires: Thu, 21 Sep 2023 19:26:57 GMT
cache-control: public, max-age=31536000
age: 541039
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
be52dbe2d47697a7f007d69c486b77b4
fe445ea87749e97423e7865bc559ad78f672a62d
65d16df2b3095c658d2bdf39b06d57486967bba7b43c43108e5025d7af5b7ab6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:44:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
5e01e4cfb215a3f052b4c716bc77c1a6
6e63b3e883051319571310c44b87591f0312d83f
aebb544e0762c6c3eb289d85c20299baa3f742dc46cfa5bcc33ac6df411285ae

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:44:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
fc82211401f793132f7d43c2fd253af5
605d8371709b5d2a41967fd390c34fa649f89ea3
b23fd36ec037710672ac1aa6fea284e3869c4bae7941d9b53c771cff8743478e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:44:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

haqcontracting.com/img/proj_pics/pp_2.jpg

192.111.150.72

200 OK

17 kB

URL HTTP/1.1
haqcontracting.com/img/proj_pics/pp_2.jpg
IP
192.111.150.72:0
ASN
#31863 DACEN-2

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Size
17 kB (16727 bytes)
Hash
675ac313a11f7369bbc83555be989b62
0dd16dae45a7404a6c686990e5dad865b5719dbd
dc7ce8cf1642b156cd1ecaa881dbdf825ba5b8adc77926f5fa495786a14884e1

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing

HTTP Headers

GET /img/proj_pics/pp_2.jpg HTTP/1.1
Host: haqcontracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haqcontracting.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Sat, 18 Sep 2021 21:55:30 GMT
Accept-Ranges: bytes
ETag: "0b58ee5d7acd71:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Wed, 28 Sep 2022 02:01:42 GMT
Content-Length: 16727

haqcontracting.com/js/bootstrap.min.js

192.111.150.72

200 OK

62 kB

URL HTTP/1.1
haqcontracting.com/js/bootstrap.min.js
IP
192.111.150.72:0
ASN
#31863 DACEN-2

File type
ASCII text, with very long lines (61483)
Size
62 kB (61796 bytes)
Hash
f9ea713b576bbebcc400dc1b43827fcc
2ab8552f811d7a57c5c7e958a670d069cb00128e
63b72c2ada67a04b0a4b2768753441eb207f9a815060a9818304bfc27dbd8ace

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing
fortinet	Phishing

HTTP Headers

GET /js/bootstrap.min.js HTTP/1.1
Host: haqcontracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haqcontracting.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 16 Sep 2021 18:10:38 GMT
Accept-Ranges: bytes
ETag: "063df2626abd71:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Wed, 28 Sep 2022 02:01:41 GMT
Content-Length: 61796

haqcontracting.com/img/home_screen_logo.png

192.111.150.72

200 OK

20 kB

URL HTTP/1.1
haqcontracting.com/img/home_screen_logo.png
IP
192.111.150.72:0
ASN
#31863 DACEN-2

File type
PNG image data, 250 x 189, 8-bit/color RGB, non-interlaced\012- data
Size
20 kB (20409 bytes)
Hash
38c98ae67b7295681e6d8c3af2640683
8166e51cae651cb29f1ac88124d0d75b4a4f4a89
6b9ee231aba335360b608dc367aa4a1d8c8b70a29cb0b0ecfcce0c9d9ca1b038

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing

HTTP Headers

GET /img/home_screen_logo.png HTTP/1.1
Host: haqcontracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haqcontracting.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Sat, 18 Sep 2021 19:16:06 GMT
Accept-Ranges: bytes
ETag: "01ff8a0c1acd71:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Wed, 28 Sep 2022 02:01:42 GMT
Content-Length: 20409

haqcontracting.com/js/jquery-3.5.1.min.js

192.111.150.72

200 OK

90 kB

URL HTTP/1.1
haqcontracting.com/js/jquery-3.5.1.min.js
IP
192.111.150.72:0
ASN
#31863 DACEN-2

File type
ASCII text, with very long lines (65451)
Size
90 kB (89508 bytes)
Hash
8a83dfa82d156ad44411fa532b3683c7
7227f5fce258c66427dd71af5977c3c59dee8cc7
68d9e4491b24eb480d8cda81852edcade3e92feebab8df5a1af1c09d8d63f607

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing
fortinet	Phishing

HTTP Headers

GET /js/jquery-3.5.1.min.js HTTP/1.1
Host: haqcontracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haqcontracting.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 16 Sep 2021 18:10:38 GMT
Accept-Ranges: bytes
ETag: "063df2626abd71:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Wed, 28 Sep 2022 02:01:41 GMT

haqcontracting.com/img/home_slides/home_slide_1.jpg

192.111.150.72

200 OK

12 kB

URL HTTP/1.1
haqcontracting.com/img/home_slides/home_slide_1.jpg
IP
192.111.150.72:0
ASN
#31863 DACEN-2

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 250x180, components 3\012- data
Size
12 kB (12511 bytes)
Hash
433492b9d19d08ba638c07b0956359c8
7e9f002f13e07f6130c784616e85c708068d0c50
fec1b1f5e73cb9e3cd872f1c51cddda1da0fd7b45bdc352a3eef719efea5a14e

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing

HTTP Headers

GET /img/home_slides/home_slide_1.jpg HTTP/1.1
Host: haqcontracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haqcontracting.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Sat, 18 Sep 2021 19:19:50 GMT
Accept-Ranges: bytes
ETag: "0cf7b26c2acd71:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Wed, 28 Sep 2022 02:01:42 GMT
Content-Length: 12511

haqcontracting.com/img/home_slides/home_slide_2.jpg

192.111.150.72

200 OK

11 kB

URL HTTP/1.1
haqcontracting.com/img/home_slides/home_slide_2.jpg
IP
192.111.150.72:0
ASN
#31863 DACEN-2

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 250x180, components 3\012- data
Size
11 kB (10599 bytes)
Hash
75223d5b8999ae8188a8847a18b7e243
2547308d3fc3ae671c7f461d117b65c485e80055
e4e7c47223d588c5c80555a323b30786f07cf1c452b7619335dcc6eb86fcc79a

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing

HTTP Headers

GET /img/home_slides/home_slide_2.jpg HTTP/1.1
Host: haqcontracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haqcontracting.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Sat, 18 Sep 2021 19:19:50 GMT
Accept-Ranges: bytes
ETag: "0cf7b26c2acd71:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Wed, 28 Sep 2022 02:01:42 GMT
Content-Length: 10599

haqcontracting.com/img/proj_pics/pp_5.jpg

192.111.150.72

200 OK

23 kB

URL HTTP/1.1
haqcontracting.com/img/proj_pics/pp_5.jpg
IP
192.111.150.72:0
ASN
#31863 DACEN-2

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Size
23 kB (23052 bytes)
Hash
0a6c09542947ab8598432b71541ca557
b4cf5a5c4315b5a164ad9611c2dc3570e0395ff0
cf9d42abef7ecb155dec697269a00b80fc9fd71fb39754a6152410f145043ac1

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing

HTTP Headers

GET /img/proj_pics/pp_5.jpg HTTP/1.1
Host: haqcontracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haqcontracting.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Sat, 18 Sep 2021 21:58:52 GMT
Accept-Ranges: bytes
ETag: "076f55dd8acd71:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Wed, 28 Sep 2022 02:01:42 GMT
Content-Length: 23052

haqcontracting.com/img/proj_pics/pp_6.jpg

192.111.150.72

200 OK

16 kB

URL HTTP/1.1
haqcontracting.com/img/proj_pics/pp_6.jpg
IP
192.111.150.72:0
ASN
#31863 DACEN-2

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Size
16 kB (16179 bytes)
Hash
3f927591a5bb31caaa5d434d40e4b49d
f2d7c094de2e6877ccda4e872e659222b8e37ec6
b01d926def9d6345f9249c5f4fe6e1ea0f3bc43a120d2de6cd09c1af03eaff82

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing

HTTP Headers

GET /img/proj_pics/pp_6.jpg HTTP/1.1
Host: haqcontracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haqcontracting.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Sat, 18 Sep 2021 21:59:56 GMT
Accept-Ranges: bytes
ETag: "0161b84d8acd71:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Wed, 28 Sep 2022 02:01:42 GMT
Content-Length: 16179

www.google.com/maps/embed?origin=mfe&pb=!1m3!2m1!1s25.183492,+51.447021!6i15

142.250.74.164

200 OK

935 B

URL HTTP/2
www.google.com/maps/embed?origin=mfe&pb=!1m3!2m1!1s25.183492,+51.447021!6i15
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1547)
Size
935 B (935 bytes)
Hash
432424d2351296cbbf9904b78f007501
eb9f4c0a81bd1afcc69333218cb7fe588d64a0cf
04836aaf88dc778f126116bfbd4cf812220d8980e9d21bec384a9c845357bda5

HTTP Headers

GET /maps/embed?origin=mfe&pb=!1m3!2m1!1s25.183492,+51.447021!6i15 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://haqcontracting.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Wed, 28 Sep 2022 01:44:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
vary: Accept-Language
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-uNTAHuSOrWcbvkLCy0zVmg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/geo-maps-api/1
content-encoding: gzip
server: mafe
content-length: 935
x-xss-protection: 0
server-timing: gfet4t7; dur=212
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

haqcontracting.com/img/proj_pics/pp_9.jpg

192.111.150.72

200 OK

9.9 kB

URL HTTP/1.1
haqcontracting.com/img/proj_pics/pp_9.jpg
IP
192.111.150.72:0
ASN
#31863 DACEN-2

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Size
9.9 kB (9934 bytes)
Hash
b8fabf93ba48cda7623203c9b8369240
4eec8050f3331df4d0d1bb5a78eb5dc0a66a416c
1c61edae0923f4220a5bbb6cb6b5d2d1ae80b39f910e6539d762e16213f7388b

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing

HTTP Headers

GET /img/proj_pics/pp_9.jpg HTTP/1.1
Host: haqcontracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haqcontracting.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Sat, 18 Sep 2021 22:02:26 GMT
Accept-Ranges: bytes
ETag: "04583ddd8acd71:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Wed, 28 Sep 2022 02:01:42 GMT
Content-Length: 9934

haqcontracting.com/img/proj_pics/pp_8.jpg

192.111.150.72

200 OK

16 kB

URL HTTP/1.1
haqcontracting.com/img/proj_pics/pp_8.jpg
IP
192.111.150.72:0
ASN
#31863 DACEN-2

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Size
16 kB (15845 bytes)
Hash
c81d0b43eec8b4712fea5cfa65db2888
ce252ecabaa4e0eab04285d9961ca897821b5a04
1e1b838b5e4c45331a128d1be8067ce707e19d0a7cb613356f0e37963d92fd25

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing

HTTP Headers

GET /img/proj_pics/pp_8.jpg HTTP/1.1
Host: haqcontracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haqcontracting.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Sat, 18 Sep 2021 22:01:22 GMT
Accept-Ranges: bytes
ETag: "0a55db7d8acd71:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Wed, 28 Sep 2022 02:01:42 GMT
Content-Length: 15845

haqcontracting.com/img/proj_pics/pp_11.jpg

192.111.150.72

200 OK

16 kB

URL HTTP/1.1
haqcontracting.com/img/proj_pics/pp_11.jpg
IP
192.111.150.72:0
ASN
#31863 DACEN-2

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Size
16 kB (15641 bytes)
Hash
227fd75c4f5232e52ce7f02949b503be
e601b971a90c3f1dd6ac835c8d9497c8dec40ec3
ad6a141654a50a06907d995f4d83be9d787fdd61d207d9856a3360b72bdb1764

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing

HTTP Headers

GET /img/proj_pics/pp_11.jpg HTTP/1.1
Host: haqcontracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haqcontracting.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Sat, 18 Sep 2021 22:17:56 GMT
Accept-Ranges: bytes
ETag: "02d67dbacd71:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Wed, 28 Sep 2022 02:01:42 GMT
Content-Length: 15641

haqcontracting.com/img/proj_pics/pp_10.jpg

192.111.150.72

200 OK

16 kB

URL HTTP/1.1
haqcontracting.com/img/proj_pics/pp_10.jpg
IP
192.111.150.72:0
ASN
#31863 DACEN-2

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Size
16 kB (15633 bytes)
Hash
7d364efdc73bd3ca381e225f18b250e8
5bec25da8835de72c071b9fc7ef7cd05c2f6735d
99a19618e601349e40ce840c376d07c857356bc56e0d58923502e8c855879391

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing

HTTP Headers

GET /img/proj_pics/pp_10.jpg HTTP/1.1
Host: haqcontracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haqcontracting.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Sat, 18 Sep 2021 22:16:44 GMT
Accept-Ranges: bytes
ETag: "0aeebdcdaacd71:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Wed, 28 Sep 2022 02:01:42 GMT
Content-Length: 15633

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6627
Expires: Wed, 28 Sep 2022 03:34:43 GMT
Date: Wed, 28 Sep 2022 01:44:16 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6627
Expires: Wed, 28 Sep 2022 03:34:43 GMT
Date: Wed, 28 Sep 2022 01:44:16 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0369629e-f44d-439f-a279-b5ae6ecc0cf1.png

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0369629e-f44d-439f-a279-b5ae6ecc0cf1.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (14464 bytes)
Hash
aa5cad224dbddd71881bd07255beb4da
bc214d60be395d4cf753216ff8f9691c33d25e75
82935e52aa59929a448d17a5a2d58fda86bb5c25bf6628a05bd904f82517dada

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0369629e-f44d-439f-a279-b5ae6ecc0cf1.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 14464
x-amzn-requestid: 5cbbafdb-3f69-4ee2-9e46-c1ff0ed4ef14
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UPFiooAMFulA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-633a649700e040b91deadb64;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: cNryG5vkxZuFATZfcNW9Z1-0teUBWLRyWslX1onwYlDCQBUjU2xVdA==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:46:03 GMT
age: 14293
etag: "bc214d60be395d4cf753216ff8f9691c33d25e75"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

haqcontracting.com/video/gfp-astro-timelapse.mp4

192.111.150.72

206 Partial Content

104 kB

URL HTTP/1.1
haqcontracting.com/video/gfp-astro-timelapse.mp4
IP
192.111.150.72:0
ASN
#31863 DACEN-2

File type
ISO Media, MP4 v2 [ISO 14496-14]\012- data
Size
104 kB (104128 bytes)
Hash
8942e9f3bce538c0e3edac10a9ee6f14
426178c71405fbd15af609de8a83db45986cb539
bb01c7e0864dfb54c510d30495714f33274815894171009ae136e7a6429dbfbf

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing
fortinet	Phishing

HTTP Headers

GET /video/gfp-astro-timelapse.mp4 HTTP/1.1
Host: haqcontracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://haqcontracting.com/
Cookie: _ga_P2MKF1KVKZ=GS1.1.1664329453.1.0.1664329453.0.0.0; _ga=GA1.1.1147220275.1664329454
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 206 Partial Content
Content-Type: video/mp4
Last-Modified: Thu, 16 Sep 2021 18:10:38 GMT
Accept-Ranges: bytes
ETag: "063df2626abd71:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Wed, 28 Sep 2022 02:01:42 GMT
Content-Length: 9433601
Content-Range: bytes 0-9433600/9433601

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd9715fa-0606-41f2-b3fa-1c7048f24b48.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9710 bytes)
Hash
c761355e3b9bdf64113c92591306b959
5dcf4fbd065e0850c2602a5e8791ba7af1999d9f
03464d30ae3a3199bb3b19e1c730385fc8f68444d41eb0099542bd83108e6ed5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd9715fa-0606-41f2-b3fa-1c7048f24b48.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9710
x-amzn-requestid: 34553ef5-773c-4c06-835f-0382202b706d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZDCWDE74IAMF0xA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63311759-3a8cc99a4d529adc23d1dfc1;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 03:07:05 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 6WtNGTt-HH__-2fhF-DwduAIhqNW2D0nB24FIIwmSuNVLsQuLDQy1g==
via: 1.1 b48dedcc55e63f14261aa92cf2d61522.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 05:04:56 GMT
age: 74360
etag: "5dcf4fbd065e0850c2602a5e8791ba7af1999d9f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad593ee0-d404-46e3-b129-229e09b263b0.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12016 bytes)
Hash
4b794c6812cb546de0295e087ebe66a7
a54803cca7d3c509c195f65961e1110c8ec56f55
6a207f75eb3951f3dea5252bc8d185cd604d3d657f15b838774e8087e91f37f5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad593ee0-d404-46e3-b129-229e09b263b0.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12016
x-amzn-requestid: ec1b3715-5d0f-4045-aa5b-b70a55c81d72
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e3EtyIAMFdZg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5e-201dd1ef1426a09965c68dab;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: pR4b1-lZZRMnWf-PdXFGXaHBCGAfOyp3AjeuCvtu5imWmf9N9l2wKQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:48:38 GMT
age: 14138
etag: "a54803cca7d3c509c195f65961e1110c8ec56f55"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11314 bytes)
Hash
ee83d08d024d127fad5918e1ffacb78b
8ad289a77705358ab660b6123e9d90de991b6c13
aaab3590ef3777ce8b7a9a34f18866fa20ecaa554cbcdcdb3f1fa3c34c88ceb4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11314
x-amzn-requestid: 0ceafc65-764c-4367-b031-257061eb65d4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UPF00oAMFUpw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-0d46481b7394081b14a81131;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: ve8l6PxpMuBLt5BxwywNpqM2ISt0zy2r_gweYnVw4X65PBEhpMbckg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:46:00 GMT
age: 14296
etag: "8ad289a77705358ab660b6123e9d90de991b6c13"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9646ccba-7fc2-470a-b04e-5cef02e234cd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (13058 bytes)
Hash
e49757d877a437a57f39d458862e8369
7d8b30445dadc44a17e5a26301212fced3aaa2af
e8b481bd5fe7ce92aa614cb77c9318ef8b763e71a178126805a4c363e6f91a9b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9646ccba-7fc2-470a-b04e-5cef02e234cd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13058
x-amzn-requestid: 2ce70ac3-0451-41f4-bd82-596a92582a04
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e3EiiIAMFQLg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5e-25deabef6235856b6d9bb19f;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:22 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: oGmQtgwLy_unp2_L3WP10HsyeCSgao4_37Kf6K8JeeVgz8YXbDvDWQ==
via: 1.1 73b60e9a9fd08eae9e034cedba707280.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:57:53 GMT
age: 13583
etag: "7d8b30445dadc44a17e5a26301212fced3aaa2af"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

haqcontracting.com/img/proj_pics/pp_12.jpg

192.111.150.72

200 OK

12 kB

URL HTTP/1.1
haqcontracting.com/img/proj_pics/pp_12.jpg
IP
192.111.150.72:0
ASN
#31863 DACEN-2

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Size
12 kB (12161 bytes)
Hash
e013818fa9fddd65f5b3eb662f0cfee3
54821964e808831f9f90c75bb9e351ff7a0dee24
f2357d31e42826d24ec0b66ffc4e14bc0d636eb54b89911fb17f45a15d4cf376

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing

HTTP Headers

GET /img/proj_pics/pp_12.jpg HTTP/1.1
Host: haqcontracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haqcontracting.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Sat, 18 Sep 2021 22:18:26 GMT
Accept-Ranges: bytes
ETag: "0a5b719dbacd71:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Wed, 28 Sep 2022 02:01:42 GMT
Content-Length: 12161

region1.google-analytics.com/g/collect?v=2&tid=G-P2MKF1KVKZ&gtm=2oe9q0&_p=777097114&cid=1147220275.1664329454&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664329453&sct=1&seg=0&dl=https%3A%2F%2Fhaqcontracting.com%2F&dt=HAQ&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1

216.239.34.36

204 No Content

0 B

URL HTTP/2
region1.google-analytics.com/g/collect?v=2&tid=G-P2MKF1KVKZ&gtm=2oe9q0&_p=777097114&cid=1147220275.1664329454&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664329453&sct=1&seg=0&dl=https%3A%2F%2Fhaqcontracting.com%2F&dt=HAQ&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP
216.239.34.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-P2MKF1KVKZ&gtm=2oe9q0&_p=777097114&cid=1147220275.1664329454&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664329453&sct=1&seg=0&dl=https%3A%2F%2Fhaqcontracting.com%2F&dt=HAQ&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://haqcontracting.com
Connection: keep-alive
Referer: https://haqcontracting.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://haqcontracting.com
date: Wed, 28 Sep 2022 01:44:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

haqcontracting.com/img/proj_pics/pp_14.jpg

192.111.150.72

200 OK

11 kB

URL HTTP/1.1
haqcontracting.com/img/proj_pics/pp_14.jpg
IP
192.111.150.72:0
ASN
#31863 DACEN-2

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Size
11 kB (11323 bytes)
Hash
c56badd4b6cbaa4522b979c9793aba1c
7ee4a85d321d516f5011978db78c624610d49584
43916a076355c413fd7ed4e2e963056e312e3b125836063388e1d39c1dd83091

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing

HTTP Headers

GET /img/proj_pics/pp_14.jpg HTTP/1.1
Host: haqcontracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haqcontracting.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Sat, 18 Sep 2021 21:51:50 GMT
Accept-Ranges: bytes
ETag: "05f6d62d7acd71:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Wed, 28 Sep 2022 02:01:42 GMT
Content-Length: 11323

haqcontracting.com/img/tm-astro-bg.jpg

192.111.150.72

200 OK

255 kB

URL HTTP/1.1
haqcontracting.com/img/tm-astro-bg.jpg
IP
192.111.150.72:0
ASN
#31863 DACEN-2

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=8, orientation=upper-left, xresolution=110, yresolution=118, resolutionunit=2, software=ACDSee Pro 8, datetime=2021:02:16 14:08:59], baseline, precision 8, 1920x1080, components 3\012- data
Size
255 kB (255016 bytes)
Hash
64a4f66a00be644adaec3f3bfe114e76
2411872beaa418b652440508bc841dade447ffec
f4431ccae22b216c3ca8a7958ff22f7e08c273f900828b8856b1ce90326b0dc8

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing

HTTP Headers

GET /img/tm-astro-bg.jpg HTTP/1.1
Host: haqcontracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haqcontracting.com/css/templatemo-style.css
Cookie: _ga_P2MKF1KVKZ=GS1.1.1664329453.1.0.1664329453.0.0.0; _ga=GA1.1.1147220275.1664329454
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 16 Sep 2021 18:10:38 GMT
Accept-Ranges: bytes
ETag: "063df2626abd71:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Wed, 28 Sep 2022 02:01:42 GMT
Content-Length: 255016

haqcontracting.com/img/proj_pics/pp_15.jpg

192.111.150.72

200 OK

9.9 kB

URL HTTP/1.1
haqcontracting.com/img/proj_pics/pp_15.jpg
IP
192.111.150.72:0
ASN
#31863 DACEN-2

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Size
9.9 kB (9857 bytes)
Hash
1caa050f766f1b2e4d16df9692569532
efd5f14605da714cec28c95a374cd39255a3acae
9af33ab8fd20a7f790442c49222de93d7aff95dd8bfb17c669c1af09cacf9d93

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing

HTTP Headers

GET /img/proj_pics/pp_15.jpg HTTP/1.1
Host: haqcontracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haqcontracting.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Sat, 18 Sep 2021 21:52:52 GMT
Accept-Ranges: bytes
ETag: "0d26187d7acd71:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Wed, 28 Sep 2022 02:01:42 GMT
Content-Length: 9857

haqcontracting.com/img/proj_pics/pp_16.jpg

192.111.150.72

200 OK

17 kB

URL HTTP/1.1
haqcontracting.com/img/proj_pics/pp_16.jpg
IP
192.111.150.72:0
ASN
#31863 DACEN-2

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Size
17 kB (17089 bytes)
Hash
5dc1d5720920db43bd07181e17d0d053
4b341b594cf049c7291b93a969086be520b52e52
805a581263fa4006e9399ba1d15e741908c0d30166168496d287d74bf66f13e1

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing

HTTP Headers

GET /img/proj_pics/pp_16.jpg HTTP/1.1
Host: haqcontracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haqcontracting.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Sat, 18 Sep 2021 21:53:40 GMT
Accept-Ranges: bytes
ETag: "0afea3d7acd71:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Wed, 28 Sep 2022 02:01:42 GMT
Content-Length: 17089

haqcontracting.com/img/proj_pics/pp_7.jpg

192.111.150.72

200 OK

14 kB

URL HTTP/1.1
haqcontracting.com/img/proj_pics/pp_7.jpg
IP
192.111.150.72:0
ASN
#31863 DACEN-2

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Size
14 kB (13573 bytes)
Hash
fd54275180d779dcf0b6204d5fc11a67
1bcbd58b7a0d7992cf66648dd0ac08cf2b23170d
eedb7a45cb2652c5ec588827a5425cec3d187edf48382691912b5ec48ae53b87

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing

HTTP Headers

GET /img/proj_pics/pp_7.jpg HTTP/1.1
Host: haqcontracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haqcontracting.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Sat, 18 Sep 2021 22:00:38 GMT
Accept-Ranges: bytes
ETag: "0c7239dd8acd71:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Wed, 28 Sep 2022 02:01:42 GMT
Content-Length: 13573

haqcontracting.com/img/favicon.png

192.111.150.72

200 OK

1.8 kB

URL HTTP/1.1
haqcontracting.com/img/favicon.png
IP
192.111.150.72:0
ASN
#31863 DACEN-2

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1785 bytes)
Hash
2075a6568237a6cea50ca5ff82eb4965
5cfec822bbd2e4687829f57a645c2fdc5508a3f4
d7597d3432b298ee78c7ed78d63b5b93ec3e5f06c25c3856a23ed2fb854dcf31

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing

HTTP Headers

GET /img/favicon.png HTTP/1.1
Host: haqcontracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haqcontracting.com/
Cookie: _ga_P2MKF1KVKZ=GS1.1.1664329453.1.0.1664329453.0.0.0; _ga=GA1.1.1147220275.1664329454
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Sat, 18 Sep 2021 19:15:58 GMT
Accept-Ranges: bytes
ETag: "06b339cc1acd71:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Wed, 28 Sep 2022 02:01:42 GMT
Content-Length: 1785

34.120.237.76

200 OK

5.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc40456fc-e6ad-484b-8754-8b2b0e7abc7c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.9 kB (5944 bytes)
Hash
1fa8cb4f4be5057788cd1a2a4d0e76d6
1aec1d67a36867bee8069a144fb1b0d95ff2cb54
5193131db8040ef254554d59109002ec7b8cfc2eab1e872b63e5f65db7cf5105

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc40456fc-e6ad-484b-8754-8b2b0e7abc7c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 5944
x-amzn-requestid: 040b4452-4120-4ae5-9ad2-c5b341abbb13
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI34BFdmIAMFmew=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336cff-103adde82b57535e4f3fb16a;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:37:04 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: q03mXCSikJcsTBGqk1Xq7452EiDz4t9PFbp5Qj4xwobiFgqtPwGCBw==
via: 1.1 d2575afea3774df33dcf5e5ff475025e.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 22:21:35 GMT
age: 12168
etag: "1aec1d67a36867bee8069a144fb1b0d95ff2cb54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (18)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations