r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 507011ccb9124dcd57e84a90a0965cc4
1a6575d0ac979c7184490cc9836ac4812ad2afd1
01626c18e1e68507aa33ef7448dbc3311901ab6f29adc2f51d449409b0680dce
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01626C18E1E68507AA33EF7448DBC3311901AB6F29ADC2F51D449409B0680DCE"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15377
Expires: Tue, 07 Feb 2023 02:28:51 GMT
Date: Mon, 06 Feb 2023 22:12:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3076
Expires: Mon, 06 Feb 2023 23:03:50 GMT
Date: Mon, 06 Feb 2023 22:12:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12009
Expires: Tue, 07 Feb 2023 01:32:43 GMT
Date: Mon, 06 Feb 2023 22:12:34 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 06 Feb 2023 21:34:06 GMT
content-type: application/json
age: 2308
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: s8nJEEPYtirnF7zG5TSfTttsebbCJbXG9XmH4zcmGHqq4X96d7t277Tl+T7WoSlvP31xGH1sseg=
x-amz-request-id: W6M05YPXCY423H27
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 06 Feb 2023 21:45:19 GMT
age: 1635
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 22:12:34 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Expires, Pragma, Retry-After, Last-Modified, ETag, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 06 Feb 2023 22:07:20 GMT
age: 315
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14516
Expires: Tue, 07 Feb 2023 02:14:31 GMT
Date: Mon, 06 Feb 2023 22:12:35 GMT
Connection: keep-alive
gpbez.gq/Verify/arvest.com/
162.240.17.225200 OK 50 B URL HTTP/1.1 gpbez.gq/Verify/arvest.com/
IP 162.240.17.225:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with no line terminators
Hash 3bb490de94ac10f96dbea2eb4e1b93c2
fad08a871d18e0c9b95ac7662306fd2b7e1ec1d9
d2f856045d3f53aa24d9a6ea664474ac4c7a505259ee8d598aa4f7d9b60caa3b
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /Verify/arvest.com/ HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:34 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c; path=/
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
push.services.mozilla.com/
54.186.209.73101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.186.209.73:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: lMnIZsXkr2SHU5Zdncpvag==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: iDaF5fWwOue/YzZ2T2pJGGHpP78=
gpbez.gq/Verify/arvest.com/login.php
162.240.17.225200 OK 40 kB URL HTTP/1.1 gpbez.gq/Verify/arvest.com/login.php
IP 162.240.17.225:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1253)
Hash 5a24f8931660a92c55c00596baec140b
620c924c0384e272104d08915f34e5c8f7dd2f33
f73f8e7a91ba34f43f7e505d6c64f68e5408b73a8251e6f156541f8849522844
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /Verify/arvest.com/login.php HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:35 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gpbez.gq/Verify/arvest.com/login_files/MyFontsWebfontsKit.css
162.240.17.225200 OK 1.6 kB URL HTTP/1.1 gpbez.gq/Verify/arvest.com/login_files/MyFontsWebfontsKit.css
IP 162.240.17.225:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 1b1c179db02ba0e2deba96630637faaa
e6115b48f3242936132522fd3151f829bf296f89
3a9a65db465405beedb31be92695e4f272dd4d10e27dad13b46f9437d14c494b
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /Verify/arvest.com/login_files/MyFontsWebfontsKit.css HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:35 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 19 Aug 2022 00:33:16 GMT
Accept-Ranges: bytes
Content-Length: 1592
Keep-Alive: timeout=5, max=100
Content-Type: text/css
gpbez.gq/Verify/arvest.com/login_files/box-1ada912494ba7fc7aca15fcef1c2a7ae.html
162.240.17.225200 OK 2.7 kB URL HTTP/1.1 gpbez.gq/Verify/arvest.com/login_files/box-1ada912494ba7fc7aca15fcef1c2a7ae.html
IP 162.240.17.225:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (2623)
Hash 7ac14838d4258046898c9c83f3c00b27
c39214aa3c3f660174e741ca6591e22da7128913
7072e9c4eac5f9f4335f267e7b9252996c54d2ed7fd9293beb7aa83f8f36f5c8
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /Verify/arvest.com/login_files/box-1ada912494ba7fc7aca15fcef1c2a7ae.html HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:35 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 19 Aug 2022 00:27:50 GMT
Accept-Ranges: bytes
Content-Length: 2735
Keep-Alive: timeout=5, max=100
Content-Type: text/html
gpbez.gq/Verify/arvest.com/login_files/saved_resource.html
162.240.17.225200 OK 312 B URL HTTP/1.1 gpbez.gq/Verify/arvest.com/login_files/saved_resource.html
IP 162.240.17.225:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 2439e33fe2ba421dec432c16d812f032
a28fe42c9f80f7d2b602f7d9f12934a91993d3c6
573d2b5c436a10347f29ef96609b5bfa2636bb8a80dfcdb5880946992c59d812
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /Verify/arvest.com/login_files/saved_resource.html HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:35 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 19 Aug 2022 00:27:50 GMT
Accept-Ranges: bytes
Content-Length: 312
Keep-Alive: timeout=5, max=100
Content-Type: text/html
gpbez.gq/Verify/arvest.com/login_files/layout2.css
162.240.17.225200 OK 33 kB URL HTTP/1.1 gpbez.gq/Verify/arvest.com/login_files/layout2.css
IP 162.240.17.225:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (7998)
Hash e4801be6552ae2790cb410cd72b1d66b
5940147fcff7f319d1790d65a81f09ae1b160698
61d516c5c9deb2d2bb62350909e1d3afec7021fb150d4d711d83445fa244f436
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /Verify/arvest.com/login_files/layout2.css HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:35 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 19 Aug 2022 00:27:30 GMT
Accept-Ranges: bytes
Content-Length: 32880
Keep-Alive: timeout=5, max=100
Content-Type: text/css
gpbez.gq/Verify/arvest.com/login_files/bootstrap_custom.css
162.240.17.225200 OK 84 kB URL HTTP/1.1 gpbez.gq/Verify/arvest.com/login_files/bootstrap_custom.css
IP 162.240.17.225:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (7997)
Hash 9f1c1c514952f5bc7102914375e30c2d
031768717f7518e928fd9302c2f2dd6d3849a16d
a5f1602216b655be0fce8a78560a14357cb7f13fbd96d1a71e6bc9d4da6b8589
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /Verify/arvest.com/login_files/bootstrap_custom.css HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:35 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 19 Aug 2022 00:27:30 GMT
Accept-Ranges: bytes
Content-Length: 84224
Keep-Alive: timeout=5, max=100
Content-Type: text/css
gpbez.gq/Verify/arvest.com/login_files/awm-trust-mainnav-ad.png
162.240.17.225200 OK 29 kB URL HTTP/1.1 gpbez.gq/Verify/arvest.com/login_files/awm-trust-mainnav-ad.png
IP 162.240.17.225:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 217 x 234, 8-bit colormap, interlaced\012- data
Hash a8f4bd728e6eabd68138be06777eb0e5
179dfde17a8cc71c8ae5cebb053f43e1193359b2
e7cf593c0726db50aeaeb0f6973332ae8c226f467b28463e5cb225c07a9ad5da
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /Verify/arvest.com/login_files/awm-trust-mainnav-ad.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:44 GMT
Accept-Ranges: bytes
Content-Length: 29336
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
gpbez.gq/Verify/arvest.com/login_files/soc-fb.png
162.240.17.225200 OK 589 B URL HTTP/1.1 gpbez.gq/Verify/arvest.com/login_files/soc-fb.png
IP 162.240.17.225:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 23 x 23, 8-bit/color RGBA, non-interlaced\012- data
Hash 751b8ec0162efb0faf7d37ff3a1c9467
3a524903ab49b0273f484b62e5740e306aad2f6f
610c99d9f333e8e356584239f9cbf91592f1c38877fce7d1d1da4bf3aac94e44
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /Verify/arvest.com/login_files/soc-fb.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:44 GMT
Accept-Ranges: bytes
Content-Length: 589
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
gpbez.gq/Verify/arvest.com/login_files/soc-share-circle.png
162.240.17.225200 OK 717 B URL HTTP/1.1 gpbez.gq/Verify/arvest.com/login_files/soc-share-circle.png
IP 162.240.17.225:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 23 x 23, 8-bit/color RGBA, non-interlaced\012- data
Hash 61e6e6016584e2d1ee3a7ff2fba0e7fd
3cfcf1223ded85b667aed1a925038cf719a0b7c5
16eba136a35400f1100a450d2f48d656b67296e74c62521aedcd8fab29c7d4ce
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /Verify/arvest.com/login_files/soc-share-circle.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:44 GMT
Accept-Ranges: bytes
Content-Length: 717
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
gpbez.gq/Verify/arvest.com/login_files/android.png
162.240.17.225200 OK 11 kB URL HTTP/1.1 gpbez.gq/Verify/arvest.com/login_files/android.png
IP 162.240.17.225:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 225 x 90, 8-bit/color RGBA, non-interlaced\012- data
Hash 0353a29da87ee93aed52a13e71efcde4
77b401c4b2e7d8bdc0070698097702b50ff37ab7
1824114fa0f97dc2a8666b7ded239fea959c877e6b4a04fc86b29ddd9608844a
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /Verify/arvest.com/login_files/android.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:44 GMT
Accept-Ranges: bytes
Content-Length: 11267
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
gpbez.gq/Verify/arvest.com/login_files/soc-twitter.png
162.240.17.225200 OK 542 B URL HTTP/1.1 gpbez.gq/Verify/arvest.com/login_files/soc-twitter.png
IP 162.240.17.225:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 23 x 23, 8-bit/color RGBA, non-interlaced\012- data
Hash ed724d47f6d81a1a1904aafdd523c1ad
3bf38baca232251233a2f59b5bf4a3946931940d
39f485ef565c7ced26632fea1c6fb2f67b5c90c49c38fe856ead961258b65682
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /Verify/arvest.com/login_files/soc-twitter.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:44 GMT
Accept-Ranges: bytes
Content-Length: 542
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7741
Expires: Tue, 07 Feb 2023 00:21:37 GMT
Date: Mon, 06 Feb 2023 22:12:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7741
Expires: Tue, 07 Feb 2023 00:21:37 GMT
Date: Mon, 06 Feb 2023 22:12:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7741
Expires: Tue, 07 Feb 2023 00:21:37 GMT
Date: Mon, 06 Feb 2023 22:12:36 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ba57757-8c86-4311-801e-5e416095984a.jpeg
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ba57757-8c86-4311-801e-5e416095984a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7d8c3ebd17a435401c7f9fe3b8f842be
f2106be148fea23bf961fcdb69ea4cb127aa5f3e
ee708e68414539c75ddc077e0be7b75a86fd4fc9b6c1ddd1da86d0b9aca35558
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ba57757-8c86-4311-801e-5e416095984a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4442
x-amzn-requestid: 1bb3d1b3-ff58-4b0d-9a2b-c25797530c5d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiQG1JoAMFRtg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-1bb478453ececa9613e7e4a2;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: a6qwcT9sfonMVlyq2ZX6CSXWeW2upfeAWqqNEgVI2sqq7280sCfolw==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 21:50:14 GMT
age: 1342
etag: "f2106be148fea23bf961fcdb69ea4cb127aa5f3e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b3e78aa-f2de-4a48-82bf-952d0a22f875.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b3e78aa-f2de-4a48-82bf-952d0a22f875.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f0f48a44e1aece8d271028a7b0684cac
9f7247a3bb9248cd281c568ebba6e52b38b00149
0a34b5dc66f170403e79b2315a7cacef1703ce3777a20914525f86d46c0cd637
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b3e78aa-f2de-4a48-82bf-952d0a22f875.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11481
x-amzn-requestid: b50de2d1-c23b-4908-8fc3-e84eea0382a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiRFL-oAMFnSw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-0254cda141886e0f39e8f8b3;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: MMng1v3N8xzpjYVfdSDS7QfZX6DmvbEt1pWXM5GXicjxt8lZwItNoA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 21:55:53 GMT
age: 1003
etag: "9f7247a3bb9248cd281c568ebba6e52b38b00149"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f78f981-25b3-46b1-a96b-baa8e001cc8e.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f78f981-25b3-46b1-a96b-baa8e001cc8e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ad2298793399bf73c51c7d60952065c1
816bd4c36ceea2c46489ae72fde0b4a94c7c4bef
dc540d64e5e0835c7007e89ca3b5dd620b43a87e13309f323f3843a5f908a199
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f78f981-25b3-46b1-a96b-baa8e001cc8e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8649
x-amzn-requestid: f85f3c9d-95c1-4db6-af5f-595070fe46c3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiRHzboAMFQCA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-6eed72bf20887cac6dc1a56a;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: z7HTSLYJmhfIGlCjeG2EeN3q2Cd9vKlq71nqo3iIuhwkgwlEAlRPmQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 21:51:13 GMT
age: 1283
etag: "816bd4c36ceea2c46489ae72fde0b4a94c7c4bef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3694634-2f5a-47ff-b75c-9cb394881acc.jpeg
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3694634-2f5a-47ff-b75c-9cb394881acc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ccc8078cc937b7de0b299bcee1496f1b
395f04af71767acc9516387c8b07bde08968fdfe
cf959fc4a72d80dcab20c235bec6d21eadaab87efa7a8969744cd228628ba050
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3694634-2f5a-47ff-b75c-9cb394881acc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9808
x-amzn-requestid: 75cc8041-19f5-4994-96b6-b14d3c90ec6e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiSFZAIAMF65g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-355d272c345c8c37595b4bb2;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: bKYMmv-CTu5g0q9cDF0dV8USpQzNB7hfSUzT7ehM9z--o8QMqzjV6w==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 22:10:59 GMT
age: 97
etag: "395f04af71767acc9516387c8b07bde08968fdfe"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1a4eed23b240d04a3cd6b085cfa93375
f29b9dc3f6bbd2ba76a5a4570ce044d5f240fd00
93e8371f80c12d3753842e36001dbb8d3dc2223b10a594639752cd816c492d4e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10905
x-amzn-requestid: 093778fc-231c-452f-a6fc-15f4eb41ade0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmNJCEDzIAMFmxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8c239-7f56d6e56392f373541db219;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:24:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: gcy4nCriTOJhhTqFJBuks649uy0s4r3TVV3-yAcUhImLwqKpn1d2_w==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 14:03:29 GMT
age: 29347
etag: "f29b9dc3f6bbd2ba76a5a4570ce044d5f240fd00"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F731dc7de-ce12-4639-9ceb-3218584c3d56.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F731dc7de-ce12-4639-9ceb-3218584c3d56.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9046d887fd45a0940e31a74173d17798
1ff698b9cf660165e846dfc4770f29852aedce45
0c7b0e1250aa7718b7b35b80a1442f62e94ace1fb578fb781ec8204ee96386d0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F731dc7de-ce12-4639-9ceb-3218584c3d56.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10514
x-amzn-requestid: ac2a383b-833d-4dae-9bd9-43dc3d9e373d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiPEIyoAMFqUw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-436bb6816b269ce45b9f8600;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: s4aaciuNuISH_IBccafT_H4hK8g0BRI7KaA1ZKSTIZCKAb3PcvGZTw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 21:50:12 GMT
age: 1344
etag: "1ff698b9cf660165e846dfc4770f29852aedce45"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
gpbez.gq/Verify/arvest.com/login_files/26DA37_0_0.woff
162.240.17.225200 OK 23 kB URL HTTP/1.1 gpbez.gq/Verify/arvest.com/login_files/26DA37_0_0.woff
IP 162.240.17.225:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format, TrueType, length 23258, version 0.0\012- data
Hash 89f5d8dea6b4b179a2e2a1384ff12b27
056e30f79b5defebe8cff6d08b7d7976979e6853
1252843b50c568f5a207600688226e7c516d706623b50ab4ad33fe438f25a514
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /Verify/arvest.com/login_files/26DA37_0_0.woff HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login_files/MyFontsWebfontsKit.css
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:32:44 GMT
Accept-Ranges: bytes
Content-Length: 23258
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff
gpbez.gq/Verify/arvest.com/images/template/top-nav-bg.png
162.240.17.225404 Not Found 315 B URL HTTP/1.1 gpbez.gq/Verify/arvest.com/images/template/top-nav-bg.png
IP 162.240.17.225:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /Verify/arvest.com/images/template/top-nav-bg.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login_files/layout2.css
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
HTTP/1.1 404 Not Found
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
gpbez.gq/Verify/arvest.com/login_files/26DA37_1_0.woff
162.240.17.225200 OK 24 kB URL HTTP/1.1 gpbez.gq/Verify/arvest.com/login_files/26DA37_1_0.woff
IP 162.240.17.225:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format, TrueType, length 23644, version 0.0\012- data
Hash 13ec1868a49e8c03270efbcb20fa4950
de672c9b89b0e881458bc14ce6880450e7ead228
b9be58dfbf40a15b63977356d7a343d790e89f241cf28bcb7883da48e2eea19f
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /Verify/arvest.com/login_files/26DA37_1_0.woff HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login_files/MyFontsWebfontsKit.css
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:32:48 GMT
Accept-Ranges: bytes
Content-Length: 23644
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff
gpbez.gq/Verify/arvest.com/login_files/arvest-logo.png
162.240.17.225200 OK 4.1 kB URL HTTP/1.1 gpbez.gq/Verify/arvest.com/login_files/arvest-logo.png
IP 162.240.17.225:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 201 x 69, 8-bit/color RGBA, non-interlaced\012- data
Hash f6ac29e98162f51a7782eb78160dd31c
32effa4f9335e1d4308256fb20fd61c381a6f83b
8d8f81b3deb15a8d8a4d940347fb3322ca6d49640e7ce14514ccbe07862a1aba
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /Verify/arvest.com/login_files/arvest-logo.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:44 GMT
Accept-Ranges: bytes
Content-Length: 4092
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
gpbez.gq/Verify/arvest.com/images/template/nav-search-bar-bg.png
162.240.17.225404 Not Found 315 B URL HTTP/1.1 gpbez.gq/Verify/arvest.com/images/template/nav-search-bar-bg.png
IP 162.240.17.225:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /Verify/arvest.com/images/template/nav-search-bar-bg.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login_files/layout2.css
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
HTTP/1.1 404 Not Found
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
gpbez.gq/Verify/arvest.com/login_files/soc-youtube.png
162.240.17.225200 OK 15 kB URL HTTP/1.1 gpbez.gq/Verify/arvest.com/login_files/soc-youtube.png
IP 162.240.17.225:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 23 x 23, 8-bit/color RGBA, non-interlaced\012- data
Hash c8bdada8e3406cb7f96ca9a3f28977b1
dc7ed96e2c5c32999cdd6ada4bfe0b4b93269667
3ffbb276d8124704f5a7e0035b5bb87e4adc7a7e4b322ae2ed476ee37ffa7ffc
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /Verify/arvest.com/login_files/soc-youtube.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:44 GMT
Accept-Ranges: bytes
Content-Length: 15201
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
gpbez.gq/Verify/arvest.com/images/icons/myArvest.png
162.240.17.225404 Not Found 315 B URL HTTP/1.1 gpbez.gq/Verify/arvest.com/images/icons/myArvest.png
IP 162.240.17.225:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /Verify/arvest.com/images/icons/myArvest.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login_files/layout2.css
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
HTTP/1.1 404 Not Found
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
gpbez.gq/arvest.com/images/small/button-arrow.png
162.240.17.225404 Not Found 315 B URL HTTP/1.1 gpbez.gq/arvest.com/images/small/button-arrow.png
IP 162.240.17.225:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /arvest.com/images/small/button-arrow.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login_files/bootstrap_custom.css
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
HTTP/1.1 404 Not Found
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
gpbez.gq/Verify/arvest.com/login_files/login-arrow-icon.png
162.240.17.225200 OK 271 B URL HTTP/1.1 gpbez.gq/Verify/arvest.com/login_files/login-arrow-icon.png
IP 162.240.17.225:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 15 x 10, 8-bit/color RGBA, non-interlaced\012- data
Hash 5b7b9d12e8761792332ba60dc88d4a0f
9460decf6b3018147c938608402e9f0245755d77
01d1a470c25a6f60c6fa9e7de42b0158533a7bf3de3c0d7c2687f5a5a8269377
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /Verify/arvest.com/login_files/login-arrow-icon.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:44 GMT
Accept-Ranges: bytes
Content-Length: 271
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
gpbez.gq/Verify/arvest.com/images/icons/lg/custserv.png
162.240.17.225404 Not Found 315 B URL HTTP/1.1 gpbez.gq/Verify/arvest.com/images/icons/lg/custserv.png
IP 162.240.17.225:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /Verify/arvest.com/images/icons/lg/custserv.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login_files/layout2.css
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
HTTP/1.1 404 Not Found
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
gpbez.gq/Verify/arvest.com/images/template/footer-bg960.png
162.240.17.225404 Not Found 315 B URL HTTP/1.1 gpbez.gq/Verify/arvest.com/images/template/footer-bg960.png
IP 162.240.17.225:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /Verify/arvest.com/images/template/footer-bg960.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login_files/layout2.css
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
HTTP/1.1 404 Not Found
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
gpbez.gq/Verify/arvest.com/login_files/soc-instagram.png
162.240.17.225200 OK 686 B URL HTTP/1.1 gpbez.gq/Verify/arvest.com/login_files/soc-instagram.png
IP 162.240.17.225:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 23 x 23, 8-bit colormap, non-interlaced\012- data
Hash 91b6ec862551b25a5a254bc219d2d0d6
49a743ec6e545e31b8074f0b09ba12a6eeba5080
2ee5b697a7b857ffe13445f6b2ee5ca3f0ab76be6c03b51bc53879648c7bd9a8
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /Verify/arvest.com/login_files/soc-instagram.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:44 GMT
Accept-Ranges: bytes
Content-Length: 686
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
gpbez.gq/Verify/arvest.com/login_files/fdic-logo.png
162.240.17.225200 OK 916 B URL HTTP/1.1 gpbez.gq/Verify/arvest.com/login_files/fdic-logo.png
IP 162.240.17.225:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 36 x 23, 8-bit/color RGBA, non-interlaced\012- data
Hash 800553ff197a72440416efc73af23684
dede91df387cb2af03b09ab56050ebd5648087c4
4bf5ca21167bd44e7b547a5c908f0cb82a9420f0b4927ff1ded1232446f6f17e
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /Verify/arvest.com/login_files/fdic-logo.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:44 GMT
Accept-Ranges: bytes
Content-Length: 916
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
gpbez.gq/Verify/arvest.com/login_files/housing-logo2.png
162.240.17.225200 OK 653 B URL HTTP/1.1 gpbez.gq/Verify/arvest.com/login_files/housing-logo2.png
IP 162.240.17.225:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 32 x 33, 8-bit/color RGBA, non-interlaced\012- data
Hash 8c339bc63e8f842ea73fbd6f6c05738b
001b1bba7b4a22d4216d7a2f9a5d87a21e2ed7da
3132b69dbeb859635eea70dbdae8557c143d111eeb9a473fb84fe5fac904cc18
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /Verify/arvest.com/login_files/housing-logo2.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:46 GMT
Accept-Ranges: bytes
Content-Length: 653
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
gpbez.gq/Verify/arvest.com/login_files/wr-dialog-close-btn-white.png
162.240.17.225200 OK 254 B URL HTTP/1.1 gpbez.gq/Verify/arvest.com/login_files/wr-dialog-close-btn-white.png
IP 162.240.17.225:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 36 x 36, 8-bit gray+alpha, non-interlaced\012- data
Hash 48240b2998738f29efb197386e688338
2a864e0cdba56126f8eb46d4945b758c7c732bcd
cd5496f75a7c1029bc681f639794b83f034d5ecd884e8514ae12b13eee9eec70
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /Verify/arvest.com/login_files/wr-dialog-close-btn-white.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:50 GMT
Accept-Ranges: bytes
Content-Length: 254
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
gpbez.gq/Verify/arvest.com/login_files/nhl.png
162.240.17.225200 OK 1.3 kB URL HTTP/1.1 gpbez.gq/Verify/arvest.com/login_files/nhl.png
IP 162.240.17.225:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 39 x 41, 8-bit/color RGB, non-interlaced\012- data
Hash 830f5671b5f424dbdec5eceef461f89c
fda690c867fdb5a93c0011d5c164491fdeca60b9
f4d067fab799e99b87904f659c692a443efdefb8d5eefcc98fc7db2cd5bd39cb
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /Verify/arvest.com/login_files/nhl.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:46 GMT
Accept-Ranges: bytes
Content-Length: 1277
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png
gpbez.gq/Verify/arvest.com/login_files/fdic.png
162.240.17.225200 OK 1.4 kB URL HTTP/1.1 gpbez.gq/Verify/arvest.com/login_files/fdic.png
IP 162.240.17.225:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 43 x 41, 8-bit/color RGB, non-interlaced\012- data
Hash 4d7d634e423739bcc12cf93f7f9d526c
a28a5ab097bd295ac094206062902a6271995fd8
971cbfd037bdfa175bbcc512eb44ef5430b917a88df8b0b0344d85dff95f795e
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /Verify/arvest.com/login_files/fdic.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:46 GMT
Accept-Ranges: bytes
Content-Length: 1411
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
gpbez.gq/Verify/arvest.com/login_files/merchant-services-mainnav-ad.png
162.240.17.225200 OK 22 kB URL HTTP/1.1 gpbez.gq/Verify/arvest.com/login_files/merchant-services-mainnav-ad.png
IP 162.240.17.225:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 217 x 234, 8-bit colormap, interlaced\012- data
Hash 877277fc1f039ddd2b3fb681fa69d442
108b83c05ecd920d2161217fb99cd3db337e497f
13cdcd37ed238e27c50fac06ba440885e95bbae7a85c8c7447111738f7bdbaaf
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /Verify/arvest.com/login_files/merchant-services-mainnav-ad.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:44 GMT
Accept-Ranges: bytes
Content-Length: 22341
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png
gpbez.gq/Verify/arvest.com/login_files/debit-card-beach-mainnav-ad.png
162.240.17.225200 OK 23 kB URL HTTP/1.1 gpbez.gq/Verify/arvest.com/login_files/debit-card-beach-mainnav-ad.png
IP 162.240.17.225:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 217 x 234, 8-bit colormap, interlaced\012- data
Hash 0a01c98ed517204fcd4635e15c8ac4d1
9adeaf3d815c03a9da07c99ffef364be618fdcec
5566d8578cf4b69b5523a1d983aa31de64c5e40bc55db1c5551ac01f647ca529
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /Verify/arvest.com/login_files/debit-card-beach-mainnav-ad.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:44 GMT
Accept-Ranges: bytes
Content-Length: 23282
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png
gpbez.gq/Verify/arvest.com/login_files/mortgage-home4me-mainnav-ad.png
162.240.17.225200 OK 54 kB URL HTTP/1.1 gpbez.gq/Verify/arvest.com/login_files/mortgage-home4me-mainnav-ad.png
IP 162.240.17.225:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 217 x 234, 8-bit/color RGB, non-interlaced\012- data
Hash 908bb95330d7cba223bacb9f76d92c91
8ace44f4e715599a5ac2402c8f424f3e186657c1
fbd9e72fc8811406de10190f29478f63524a88c6c33ac96017c2f38374787c55
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /Verify/arvest.com/login_files/mortgage-home4me-mainnav-ad.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:44 GMT
Accept-Ranges: bytes
Content-Length: 54009
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a3d7474790bd1bb7085e24507afccff4
8281e5304c45e41aa96d6395fcc6dea9f81c251c
ef207bdfff69a7b45ebb93af668cd77bbd1d197c8bf2ce7abe08a7b98a93f4d4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3860
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 22:12:37 GMT
Last-Modified: Mon, 06 Feb 2023 21:08:17 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
www.arvest.com/arvest.com/favicon.ico
45.60.198.180200 OK 7.9 kB URL HTTP/2 www.arvest.com/arvest.com/favicon.ico
IP 45.60.198.180:0
File type MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel\012- data
Hash ad053d2d9bb4ba80e0ae86e7b0d7a876
3429c252087308b419c134136b23510e56a700c3
f07b37b5d3250cbc2a9f9fbed17db228e7e1633ee128c729b06d208b5c196807
GET /arvest.com/favicon.ico HTTP/1.1
Host: www.arvest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gpbez.gq/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
etag: "1ece-4f37b5952d7b8"
last-modified: Fri, 28 Feb 2014 18:10:11 GMT
content-type: image/vnd.microsoft.icon
content-length: 7886
cache-control: max-age=0
date: Mon, 06 Feb 2023 22:12:37 GMT
set-cookie: nlbi_2181318=hXxMc/oYlDhUCsextj1qRwAAAABSluLS5if89Lcu90MTqymB; path=/; Domain=.arvest.com; Secure; SameSite=None
visid_incap_2181318=o5zlvIn7RqGKb+0LtzkUSVV74WMAAAAAQUIPAAAAAAD3BJn5SZkp9hhIbr2QqqP4; expires=Mon, 05 Feb 2024 22:31:14 GMT; HttpOnly; path=/; Domain=.arvest.com; Secure; SameSite=None
incap_ses_7233_2181318=+MqCORcVxClaEVZBucdgZFV74WMAAAAAGCkSgxXYyzc+tJFs0OMkrQ==; path=/; Domain=.arvest.com; Secure; SameSite=None
strict-transport-security: max-age=31536000
x-cdn: Imperva
x-iinfo: 7-11883234-11882616 2VNN RT(1675721557032 37) q(0 0 0 0) r(5 5)
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f49c6ce-40f8-40bf-9423-2de34118bace.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f49c6ce-40f8-40bf-9423-2de34118bace.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 714723c38877e0d1655c7118a88ec064
809a42ce7c76cea0ce16af8172d852723c3a5f02
6bad7253694d155de31a8f5a3c635545a39aac340ca49d1bc10efb6739d4a356
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f49c6ce-40f8-40bf-9423-2de34118bace.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 8981
x-amzn-requestid: 0054e925-c381-4737-bd92-32b2af3a604e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiQHRFoAMFw6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-45ea5ee33d07326c593d21d3;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ixAMZh_xOYWVESJ0jOEPOXZ4GQBDUZZsh26yEDYfl8APcBF2x2sZYg==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 22:02:54 GMT
age: 589
etag: "809a42ce7c76cea0ce16af8172d852723c3a5f02"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2