Report - gpbez.gq/Verify/arvest.com/

Report Overview

Submitted URL
gpbez.gq/Verify/arvest.com/
IP
162.240.17.225
ASN
#46606 UNIFIEDLAYER-AS-1
Submitted
2023-02-06 22:12:45
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
33
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
gpbez.gq	unknown	2022-12-31T14:52:12Z	2022-12-31T14:52:12Z	13 kB	385 kB	162.240.17.225
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.8 kB	72 kB	34.120.237.76
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	341 B	737 B	93.184.220.29
www.arvest.com	205942	2012-08-07T23:03:50Z	2023-03-07T19:50:24Z	385 B	8.7 kB	45.60.198.180
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.4 kB	6.2 kB	23.33.119.27
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	54.186.209.73

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-06 22:13:21	medium	Client IP	Internal IP	ET INFO DNS Query for Suspicious .gq Domain
2023-02-06 22:13:22	medium	Client IP	162.240.17.225	ET INFO HTTP Request to a *.gq domain
2023-02-06 22:13:22	medium	Client IP	162.240.17.225	ET INFO HTTP Request to a *.gq domain
2023-02-06 22:13:22	medium	Client IP	162.240.17.225	ET INFO HTTP Request to a *.gq domain
2023-02-06 22:13:23	medium	Client IP	162.240.17.225	ET INFO HTTP Request to a *.gq domain
2023-02-06 22:13:23	medium	Client IP	162.240.17.225	ET INFO HTTP Request to a *.gq domain
2023-02-06 22:13:23	medium	Client IP	162.240.17.225	ET INFO HTTP Request to a *.gq domain
2023-02-06 22:13:23	medium	Client IP	162.240.17.225	ET INFO HTTP Request to a *.gq domain
2023-02-06 22:13:23	medium	Client IP	162.240.17.225	ET INFO HTTP Request to a *.gq domain
2023-02-06 22:13:23	medium	Client IP	162.240.17.225	ET INFO HTTP Request to a *.gq domain
2023-02-06 22:13:23	medium	Client IP	162.240.17.225	ET INFO HTTP Request to a *.gq domain
2023-02-06 22:13:23	medium	Client IP	162.240.17.225	ET INFO HTTP Request to a *.gq domain
2023-02-06 22:13:23	medium	Client IP	162.240.17.225	ET INFO HTTP Request to a *.gq domain
2023-02-06 22:13:23	medium	Client IP	162.240.17.225	ET INFO HTTP Request to a *.gq domain
2023-02-06 22:13:23	medium	Client IP	162.240.17.225	ET INFO HTTP Request to a *.gq domain
2023-02-06 22:13:23	medium	Client IP	162.240.17.225	ET INFO HTTP Request to a *.gq domain
2023-02-06 22:13:23	medium	Client IP	162.240.17.225	ET INFO HTTP Request to a *.gq domain
2023-02-06 22:13:23	medium	Client IP	162.240.17.225	ET INFO HTTP Request to a *.gq domain
2023-02-06 22:13:23	medium	Client IP	162.240.17.225	ET INFO HTTP Request to a *.gq domain
2023-02-06 22:13:23	medium	Client IP	162.240.17.225	ET INFO HTTP Request to a *.gq domain
2023-02-06 22:13:23	medium	Client IP	162.240.17.225	ET INFO HTTP Request to a *.gq domain
2023-02-06 22:13:23	medium	Client IP	162.240.17.225	ET INFO HTTP Request to a *.gq domain
2023-02-06 22:13:23	medium	Client IP	162.240.17.225	ET INFO HTTP Request to a *.gq domain
2023-02-06 22:13:23	medium	Client IP	162.240.17.225	ET INFO HTTP Request to a *.gq domain
2023-02-06 22:13:23	medium	Client IP	162.240.17.225	ET INFO HTTP Request to a *.gq domain
2023-02-06 22:13:24	medium	Client IP	162.240.17.225	ET INFO HTTP Request to a *.gq domain
2023-02-06 22:13:24	medium	Client IP	162.240.17.225	ET INFO HTTP Request to a *.gq domain
2023-02-06 22:13:24	medium	Client IP	162.240.17.225	ET INFO HTTP Request to a *.gq domain
2023-02-06 22:13:24	medium	Client IP	162.240.17.225	ET INFO HTTP Request to a *.gq domain
2023-02-06 22:13:24	medium	Client IP	162.240.17.225	ET INFO HTTP Request to a *.gq domain
2023-02-06 22:13:24	medium	Client IP	162.240.17.225	ET INFO HTTP Request to a *.gq domain
2023-02-06 22:13:24	medium	Client IP	162.240.17.225	ET INFO HTTP Request to a *.gq domain
2023-02-06 22:13:24	medium	Client IP	162.240.17.225	ET INFO HTTP Request to a *.gq domain

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	gpbez.gq/Verify/arvest.com/	33 B	2023-03-07	2023-03-26
Pretty URL gpbez.gq/Verify/arvest.com/ IP 162.240.17.225 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:42:22 Last Seen2023-03-26 09:12:24 Times Seen3 Hash 093b2bcaf9965fe4e1c48d3ecf48ede2 f3518f05da2ae6a8cbf06a7a809b313114769353 9a4db6b5995877bd546da311f21679d60ae26905c39cf3f4698e089486cc860a Loading...

	gpbez.gq/Verify/arvest.com/login_files/box-1ada912494ba7fc7aca15fcef1c2a7ae.html	2.3 kB	2023-03-07	2023-03-17
Pretty URL gpbez.gq/Verify/arvest.com/login_files/box-1ada912494ba7fc7aca15fcef1c2a7ae.html IP 162.240.17.225 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:30 Last Seen2023-03-17 10:41:48 Times Seen1 Hash 5865f399c24cc57cb46de74ac4a640ff 8381437171dd8dcc5fb411fa75059fb059eb6e0b 82ab863e1e4c6fe101da9839cd7977627f2fd9da5123a21d1cda32a15c9348aa Loading...

HTTP Transactions (53)

URL IP Response Size

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
507011ccb9124dcd57e84a90a0965cc4
1a6575d0ac979c7184490cc9836ac4812ad2afd1
01626c18e1e68507aa33ef7448dbc3311901ab6f29adc2f51d449409b0680dce

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01626C18E1E68507AA33EF7448DBC3311901AB6F29ADC2F51D449409B0680DCE"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15377
Expires: Tue, 07 Feb 2023 02:28:51 GMT
Date: Mon, 06 Feb 2023 22:12:34 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3076
Expires: Mon, 06 Feb 2023 23:03:50 GMT
Date: Mon, 06 Feb 2023 22:12:34 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12009
Expires: Tue, 07 Feb 2023 01:32:43 GMT
Date: Mon, 06 Feb 2023 22:12:34 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 06 Feb 2023 21:34:06 GMT
content-type: application/json
age: 2308
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: s8nJEEPYtirnF7zG5TSfTttsebbCJbXG9XmH4zcmGHqq4X96d7t277Tl+T7WoSlvP31xGH1sseg=
x-amz-request-id: W6M05YPXCY423H27
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 06 Feb 2023 21:45:19 GMT
age: 1635
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 22:12:34 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Expires, Pragma, Retry-After, Last-Modified, ETag, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 06 Feb 2023 22:07:20 GMT
age: 315
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14516
Expires: Tue, 07 Feb 2023 02:14:31 GMT
Date: Mon, 06 Feb 2023 22:12:35 GMT
Connection: keep-alive

gpbez.gq/Verify/arvest.com/

162.240.17.225

200 OK

50 B

URL HTTP/1.1
gpbez.gq/Verify/arvest.com/
IP
162.240.17.225:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document, ASCII text, with no line terminators
Size
50 B (50 bytes)
Hash
3bb490de94ac10f96dbea2eb4e1b93c2
fad08a871d18e0c9b95ac7662306fd2b7e1ec1d9
d2f856045d3f53aa24d9a6ea664474ac4c7a505259ee8d598aa4f7d9b60caa3b

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.gq domain

HTTP Headers

GET /Verify/arvest.com/ HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:34 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c; path=/
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

push.services.mozilla.com/

54.186.209.73

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.186.209.73:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: lMnIZsXkr2SHU5Zdncpvag==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: iDaF5fWwOue/YzZ2T2pJGGHpP78=

gpbez.gq/Verify/arvest.com/login.php

162.240.17.225

200 OK

40 kB

URL HTTP/1.1
gpbez.gq/Verify/arvest.com/login.php
IP
162.240.17.225:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1253)
Size
40 kB (39651 bytes)
Hash
5a24f8931660a92c55c00596baec140b
620c924c0384e272104d08915f34e5c8f7dd2f33
f73f8e7a91ba34f43f7e505d6c64f68e5408b73a8251e6f156541f8849522844

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.gq domain

HTTP Headers

GET /Verify/arvest.com/login.php HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:35 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

gpbez.gq/Verify/arvest.com/login_files/MyFontsWebfontsKit.css

162.240.17.225

200 OK

1.6 kB

URL HTTP/1.1
gpbez.gq/Verify/arvest.com/login_files/MyFontsWebfontsKit.css
IP
162.240.17.225:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Unicode text, UTF-8 text
Size
1.6 kB (1592 bytes)
Hash
1b1c179db02ba0e2deba96630637faaa
e6115b48f3242936132522fd3151f829bf296f89
3a9a65db465405beedb31be92695e4f272dd4d10e27dad13b46f9437d14c494b

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.gq domain

HTTP Headers

GET /Verify/arvest.com/login_files/MyFontsWebfontsKit.css HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:35 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 19 Aug 2022 00:33:16 GMT
Accept-Ranges: bytes
Content-Length: 1592
Keep-Alive: timeout=5, max=100
Content-Type: text/css

gpbez.gq/Verify/arvest.com/login_files/box-1ada912494ba7fc7aca15fcef1c2a7ae.html

162.240.17.225

200 OK

2.7 kB

URL HTTP/1.1
gpbez.gq/Verify/arvest.com/login_files/box-1ada912494ba7fc7aca15fcef1c2a7ae.html
IP
162.240.17.225:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (2623)
Size
2.7 kB (2735 bytes)
Hash
7ac14838d4258046898c9c83f3c00b27
c39214aa3c3f660174e741ca6591e22da7128913
7072e9c4eac5f9f4335f267e7b9252996c54d2ed7fd9293beb7aa83f8f36f5c8

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.gq domain

HTTP Headers

GET /Verify/arvest.com/login_files/box-1ada912494ba7fc7aca15fcef1c2a7ae.html HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:35 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 19 Aug 2022 00:27:50 GMT
Accept-Ranges: bytes
Content-Length: 2735
Keep-Alive: timeout=5, max=100
Content-Type: text/html

gpbez.gq/Verify/arvest.com/login_files/saved_resource.html

162.240.17.225

200 OK

312 B

URL HTTP/1.1
gpbez.gq/Verify/arvest.com/login_files/saved_resource.html
IP
162.240.17.225:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
312 B (312 bytes)
Hash
2439e33fe2ba421dec432c16d812f032
a28fe42c9f80f7d2b602f7d9f12934a91993d3c6
573d2b5c436a10347f29ef96609b5bfa2636bb8a80dfcdb5880946992c59d812

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.gq domain

HTTP Headers

GET /Verify/arvest.com/login_files/saved_resource.html HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:35 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 19 Aug 2022 00:27:50 GMT
Accept-Ranges: bytes
Content-Length: 312
Keep-Alive: timeout=5, max=100
Content-Type: text/html

gpbez.gq/Verify/arvest.com/login_files/layout2.css

162.240.17.225

200 OK

33 kB

URL HTTP/1.1
gpbez.gq/Verify/arvest.com/login_files/layout2.css
IP
162.240.17.225:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (7998)
Size
33 kB (32880 bytes)
Hash
e4801be6552ae2790cb410cd72b1d66b
5940147fcff7f319d1790d65a81f09ae1b160698
61d516c5c9deb2d2bb62350909e1d3afec7021fb150d4d711d83445fa244f436

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.gq domain

HTTP Headers

GET /Verify/arvest.com/login_files/layout2.css HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:35 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 19 Aug 2022 00:27:30 GMT
Accept-Ranges: bytes
Content-Length: 32880
Keep-Alive: timeout=5, max=100
Content-Type: text/css

gpbez.gq/Verify/arvest.com/login_files/bootstrap_custom.css

162.240.17.225

200 OK

84 kB

URL HTTP/1.1
gpbez.gq/Verify/arvest.com/login_files/bootstrap_custom.css
IP
162.240.17.225:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (7997)
Size
84 kB (84224 bytes)
Hash
9f1c1c514952f5bc7102914375e30c2d
031768717f7518e928fd9302c2f2dd6d3849a16d
a5f1602216b655be0fce8a78560a14357cb7f13fbd96d1a71e6bc9d4da6b8589

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.gq domain

HTTP Headers

GET /Verify/arvest.com/login_files/bootstrap_custom.css HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:35 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 19 Aug 2022 00:27:30 GMT
Accept-Ranges: bytes
Content-Length: 84224
Keep-Alive: timeout=5, max=100
Content-Type: text/css

gpbez.gq/Verify/arvest.com/login_files/awm-trust-mainnav-ad.png

162.240.17.225

200 OK

29 kB

URL HTTP/1.1
gpbez.gq/Verify/arvest.com/login_files/awm-trust-mainnav-ad.png
IP
162.240.17.225:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 217 x 234, 8-bit colormap, interlaced\012- data
Size
29 kB (29336 bytes)
Hash
a8f4bd728e6eabd68138be06777eb0e5
179dfde17a8cc71c8ae5cebb053f43e1193359b2
e7cf593c0726db50aeaeb0f6973332ae8c226f467b28463e5cb225c07a9ad5da

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.gq domain

HTTP Headers

GET /Verify/arvest.com/login_files/awm-trust-mainnav-ad.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:44 GMT
Accept-Ranges: bytes
Content-Length: 29336
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

gpbez.gq/Verify/arvest.com/login_files/soc-fb.png

162.240.17.225

200 OK

589 B

URL HTTP/1.1
gpbez.gq/Verify/arvest.com/login_files/soc-fb.png
IP
162.240.17.225:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 23 x 23, 8-bit/color RGBA, non-interlaced\012- data
Size
589 B (589 bytes)
Hash
751b8ec0162efb0faf7d37ff3a1c9467
3a524903ab49b0273f484b62e5740e306aad2f6f
610c99d9f333e8e356584239f9cbf91592f1c38877fce7d1d1da4bf3aac94e44

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.gq domain

HTTP Headers

GET /Verify/arvest.com/login_files/soc-fb.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:44 GMT
Accept-Ranges: bytes
Content-Length: 589
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

gpbez.gq/Verify/arvest.com/login_files/soc-share-circle.png

162.240.17.225

200 OK

717 B

URL HTTP/1.1
gpbez.gq/Verify/arvest.com/login_files/soc-share-circle.png
IP
162.240.17.225:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 23 x 23, 8-bit/color RGBA, non-interlaced\012- data
Size
717 B (717 bytes)
Hash
61e6e6016584e2d1ee3a7ff2fba0e7fd
3cfcf1223ded85b667aed1a925038cf719a0b7c5
16eba136a35400f1100a450d2f48d656b67296e74c62521aedcd8fab29c7d4ce

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.gq domain

HTTP Headers

GET /Verify/arvest.com/login_files/soc-share-circle.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:44 GMT
Accept-Ranges: bytes
Content-Length: 717
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

gpbez.gq/Verify/arvest.com/login_files/android.png

162.240.17.225

200 OK

11 kB

URL HTTP/1.1
gpbez.gq/Verify/arvest.com/login_files/android.png
IP
162.240.17.225:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 225 x 90, 8-bit/color RGBA, non-interlaced\012- data
Size
11 kB (11267 bytes)
Hash
0353a29da87ee93aed52a13e71efcde4
77b401c4b2e7d8bdc0070698097702b50ff37ab7
1824114fa0f97dc2a8666b7ded239fea959c877e6b4a04fc86b29ddd9608844a

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.gq domain

HTTP Headers

GET /Verify/arvest.com/login_files/android.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:44 GMT
Accept-Ranges: bytes
Content-Length: 11267
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

gpbez.gq/Verify/arvest.com/login_files/soc-twitter.png

162.240.17.225

200 OK

542 B

URL HTTP/1.1
gpbez.gq/Verify/arvest.com/login_files/soc-twitter.png
IP
162.240.17.225:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 23 x 23, 8-bit/color RGBA, non-interlaced\012- data
Size
542 B (542 bytes)
Hash
ed724d47f6d81a1a1904aafdd523c1ad
3bf38baca232251233a2f59b5bf4a3946931940d
39f485ef565c7ced26632fea1c6fb2f67b5c90c49c38fe856ead961258b65682

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.gq domain

HTTP Headers

GET /Verify/arvest.com/login_files/soc-twitter.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:44 GMT
Accept-Ranges: bytes
Content-Length: 542
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7741
Expires: Tue, 07 Feb 2023 00:21:37 GMT
Date: Mon, 06 Feb 2023 22:12:36 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7741
Expires: Tue, 07 Feb 2023 00:21:37 GMT
Date: Mon, 06 Feb 2023 22:12:36 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7741
Expires: Tue, 07 Feb 2023 00:21:37 GMT
Date: Mon, 06 Feb 2023 22:12:36 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ba57757-8c86-4311-801e-5e416095984a.jpeg

34.120.237.76

200 OK

4.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ba57757-8c86-4311-801e-5e416095984a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.4 kB (4442 bytes)
Hash
7d8c3ebd17a435401c7f9fe3b8f842be
f2106be148fea23bf961fcdb69ea4cb127aa5f3e
ee708e68414539c75ddc077e0be7b75a86fd4fc9b6c1ddd1da86d0b9aca35558

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ba57757-8c86-4311-801e-5e416095984a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4442
x-amzn-requestid: 1bb3d1b3-ff58-4b0d-9a2b-c25797530c5d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiQG1JoAMFRtg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-1bb478453ececa9613e7e4a2;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: a6qwcT9sfonMVlyq2ZX6CSXWeW2upfeAWqqNEgVI2sqq7280sCfolw==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 21:50:14 GMT
age: 1342
etag: "f2106be148fea23bf961fcdb69ea4cb127aa5f3e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b3e78aa-f2de-4a48-82bf-952d0a22f875.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11481 bytes)
Hash
f0f48a44e1aece8d271028a7b0684cac
9f7247a3bb9248cd281c568ebba6e52b38b00149
0a34b5dc66f170403e79b2315a7cacef1703ce3777a20914525f86d46c0cd637

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b3e78aa-f2de-4a48-82bf-952d0a22f875.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11481
x-amzn-requestid: b50de2d1-c23b-4908-8fc3-e84eea0382a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiRFL-oAMFnSw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-0254cda141886e0f39e8f8b3;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: MMng1v3N8xzpjYVfdSDS7QfZX6DmvbEt1pWXM5GXicjxt8lZwItNoA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 21:55:53 GMT
age: 1003
etag: "9f7247a3bb9248cd281c568ebba6e52b38b00149"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f78f981-25b3-46b1-a96b-baa8e001cc8e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8649 bytes)
Hash
ad2298793399bf73c51c7d60952065c1
816bd4c36ceea2c46489ae72fde0b4a94c7c4bef
dc540d64e5e0835c7007e89ca3b5dd620b43a87e13309f323f3843a5f908a199

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f78f981-25b3-46b1-a96b-baa8e001cc8e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8649
x-amzn-requestid: f85f3c9d-95c1-4db6-af5f-595070fe46c3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiRHzboAMFQCA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-6eed72bf20887cac6dc1a56a;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: z7HTSLYJmhfIGlCjeG2EeN3q2Cd9vKlq71nqo3iIuhwkgwlEAlRPmQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 21:51:13 GMT
age: 1283
etag: "816bd4c36ceea2c46489ae72fde0b4a94c7c4bef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3694634-2f5a-47ff-b75c-9cb394881acc.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.8 kB (9808 bytes)
Hash
ccc8078cc937b7de0b299bcee1496f1b
395f04af71767acc9516387c8b07bde08968fdfe
cf959fc4a72d80dcab20c235bec6d21eadaab87efa7a8969744cd228628ba050

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3694634-2f5a-47ff-b75c-9cb394881acc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9808
x-amzn-requestid: 75cc8041-19f5-4994-96b6-b14d3c90ec6e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiSFZAIAMF65g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-355d272c345c8c37595b4bb2;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: bKYMmv-CTu5g0q9cDF0dV8USpQzNB7hfSUzT7ehM9z--o8QMqzjV6w==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 22:10:59 GMT
age: 97
etag: "395f04af71767acc9516387c8b07bde08968fdfe"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10905 bytes)
Hash
1a4eed23b240d04a3cd6b085cfa93375
f29b9dc3f6bbd2ba76a5a4570ce044d5f240fd00
93e8371f80c12d3753842e36001dbb8d3dc2223b10a594639752cd816c492d4e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10905
x-amzn-requestid: 093778fc-231c-452f-a6fc-15f4eb41ade0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmNJCEDzIAMFmxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8c239-7f56d6e56392f373541db219;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:24:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: gcy4nCriTOJhhTqFJBuks649uy0s4r3TVV3-yAcUhImLwqKpn1d2_w==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 14:03:29 GMT
age: 29347
etag: "f29b9dc3f6bbd2ba76a5a4570ce044d5f240fd00"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F731dc7de-ce12-4639-9ceb-3218584c3d56.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10514 bytes)
Hash
9046d887fd45a0940e31a74173d17798
1ff698b9cf660165e846dfc4770f29852aedce45
0c7b0e1250aa7718b7b35b80a1442f62e94ace1fb578fb781ec8204ee96386d0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F731dc7de-ce12-4639-9ceb-3218584c3d56.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10514
x-amzn-requestid: ac2a383b-833d-4dae-9bd9-43dc3d9e373d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiPEIyoAMFqUw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-436bb6816b269ce45b9f8600;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: s4aaciuNuISH_IBccafT_H4hK8g0BRI7KaA1ZKSTIZCKAb3PcvGZTw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 21:50:12 GMT
age: 1344
etag: "1ff698b9cf660165e846dfc4770f29852aedce45"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

gpbez.gq/Verify/arvest.com/login_files/26DA37_0_0.woff

162.240.17.225

200 OK

23 kB

URL HTTP/1.1
gpbez.gq/Verify/arvest.com/login_files/26DA37_0_0.woff
IP
162.240.17.225:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Web Open Font Format, TrueType, length 23258, version 0.0\012- data
Size
23 kB (23258 bytes)
Hash
89f5d8dea6b4b179a2e2a1384ff12b27
056e30f79b5defebe8cff6d08b7d7976979e6853
1252843b50c568f5a207600688226e7c516d706623b50ab4ad33fe438f25a514

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.gq domain

HTTP Headers

GET /Verify/arvest.com/login_files/26DA37_0_0.woff HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login_files/MyFontsWebfontsKit.css
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:32:44 GMT
Accept-Ranges: bytes
Content-Length: 23258
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff

gpbez.gq/Verify/arvest.com/images/template/top-nav-bg.png

162.240.17.225

404 Not Found

315 B

URL HTTP/1.1
gpbez.gq/Verify/arvest.com/images/template/top-nav-bg.png
IP
162.240.17.225:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.gq domain

HTTP Headers

GET /Verify/arvest.com/images/template/top-nav-bg.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login_files/layout2.css
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c

HTTP/1.1 404 Not Found
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

gpbez.gq/Verify/arvest.com/login_files/26DA37_1_0.woff

162.240.17.225

200 OK

24 kB

URL HTTP/1.1
gpbez.gq/Verify/arvest.com/login_files/26DA37_1_0.woff
IP
162.240.17.225:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Web Open Font Format, TrueType, length 23644, version 0.0\012- data
Size
24 kB (23644 bytes)
Hash
13ec1868a49e8c03270efbcb20fa4950
de672c9b89b0e881458bc14ce6880450e7ead228
b9be58dfbf40a15b63977356d7a343d790e89f241cf28bcb7883da48e2eea19f

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.gq domain

HTTP Headers

GET /Verify/arvest.com/login_files/26DA37_1_0.woff HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login_files/MyFontsWebfontsKit.css
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:32:48 GMT
Accept-Ranges: bytes
Content-Length: 23644
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff

gpbez.gq/Verify/arvest.com/login_files/arvest-logo.png

162.240.17.225

200 OK

4.1 kB

URL HTTP/1.1
gpbez.gq/Verify/arvest.com/login_files/arvest-logo.png
IP
162.240.17.225:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 201 x 69, 8-bit/color RGBA, non-interlaced\012- data
Size
4.1 kB (4092 bytes)
Hash
f6ac29e98162f51a7782eb78160dd31c
32effa4f9335e1d4308256fb20fd61c381a6f83b
8d8f81b3deb15a8d8a4d940347fb3322ca6d49640e7ce14514ccbe07862a1aba

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.gq domain

HTTP Headers

GET /Verify/arvest.com/login_files/arvest-logo.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:44 GMT
Accept-Ranges: bytes
Content-Length: 4092
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

gpbez.gq/Verify/arvest.com/images/template/nav-search-bar-bg.png

162.240.17.225

404 Not Found

315 B

URL HTTP/1.1
gpbez.gq/Verify/arvest.com/images/template/nav-search-bar-bg.png
IP
162.240.17.225:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.gq domain

HTTP Headers

GET /Verify/arvest.com/images/template/nav-search-bar-bg.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login_files/layout2.css
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c

HTTP/1.1 404 Not Found
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

gpbez.gq/Verify/arvest.com/login_files/soc-youtube.png

162.240.17.225

200 OK

15 kB

URL HTTP/1.1
gpbez.gq/Verify/arvest.com/login_files/soc-youtube.png
IP
162.240.17.225:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 23 x 23, 8-bit/color RGBA, non-interlaced\012- data
Size
15 kB (15201 bytes)
Hash
c8bdada8e3406cb7f96ca9a3f28977b1
dc7ed96e2c5c32999cdd6ada4bfe0b4b93269667
3ffbb276d8124704f5a7e0035b5bb87e4adc7a7e4b322ae2ed476ee37ffa7ffc

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.gq domain

HTTP Headers

GET /Verify/arvest.com/login_files/soc-youtube.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:44 GMT
Accept-Ranges: bytes
Content-Length: 15201
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

gpbez.gq/Verify/arvest.com/images/icons/myArvest.png

162.240.17.225

404 Not Found

315 B

URL HTTP/1.1
gpbez.gq/Verify/arvest.com/images/icons/myArvest.png
IP
162.240.17.225:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.gq domain

HTTP Headers

GET /Verify/arvest.com/images/icons/myArvest.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login_files/layout2.css
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c

HTTP/1.1 404 Not Found
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

gpbez.gq/arvest.com/images/small/button-arrow.png

162.240.17.225

404 Not Found

315 B

URL HTTP/1.1
gpbez.gq/arvest.com/images/small/button-arrow.png
IP
162.240.17.225:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.gq domain

HTTP Headers

GET /arvest.com/images/small/button-arrow.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login_files/bootstrap_custom.css
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c

HTTP/1.1 404 Not Found
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

gpbez.gq/Verify/arvest.com/login_files/login-arrow-icon.png

162.240.17.225

200 OK

271 B

URL HTTP/1.1
gpbez.gq/Verify/arvest.com/login_files/login-arrow-icon.png
IP
162.240.17.225:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 15 x 10, 8-bit/color RGBA, non-interlaced\012- data
Size
271 B (271 bytes)
Hash
5b7b9d12e8761792332ba60dc88d4a0f
9460decf6b3018147c938608402e9f0245755d77
01d1a470c25a6f60c6fa9e7de42b0158533a7bf3de3c0d7c2687f5a5a8269377

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.gq domain

HTTP Headers

GET /Verify/arvest.com/login_files/login-arrow-icon.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:44 GMT
Accept-Ranges: bytes
Content-Length: 271
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

gpbez.gq/Verify/arvest.com/images/icons/lg/custserv.png

162.240.17.225

404 Not Found

315 B

URL HTTP/1.1
gpbez.gq/Verify/arvest.com/images/icons/lg/custserv.png
IP
162.240.17.225:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.gq domain

HTTP Headers

GET /Verify/arvest.com/images/icons/lg/custserv.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login_files/layout2.css
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c

HTTP/1.1 404 Not Found
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

gpbez.gq/Verify/arvest.com/images/template/footer-bg960.png

162.240.17.225

404 Not Found

315 B

URL HTTP/1.1
gpbez.gq/Verify/arvest.com/images/template/footer-bg960.png
IP
162.240.17.225:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.gq domain

HTTP Headers

GET /Verify/arvest.com/images/template/footer-bg960.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login_files/layout2.css
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c

HTTP/1.1 404 Not Found
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

gpbez.gq/Verify/arvest.com/login_files/soc-instagram.png

162.240.17.225

200 OK

686 B

URL HTTP/1.1
gpbez.gq/Verify/arvest.com/login_files/soc-instagram.png
IP
162.240.17.225:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 23 x 23, 8-bit colormap, non-interlaced\012- data
Size
686 B (686 bytes)
Hash
91b6ec862551b25a5a254bc219d2d0d6
49a743ec6e545e31b8074f0b09ba12a6eeba5080
2ee5b697a7b857ffe13445f6b2ee5ca3f0ab76be6c03b51bc53879648c7bd9a8

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.gq domain

HTTP Headers

GET /Verify/arvest.com/login_files/soc-instagram.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:44 GMT
Accept-Ranges: bytes
Content-Length: 686
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

gpbez.gq/Verify/arvest.com/login_files/fdic-logo.png

162.240.17.225

200 OK

916 B

URL HTTP/1.1
gpbez.gq/Verify/arvest.com/login_files/fdic-logo.png
IP
162.240.17.225:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 36 x 23, 8-bit/color RGBA, non-interlaced\012- data
Size
916 B (916 bytes)
Hash
800553ff197a72440416efc73af23684
dede91df387cb2af03b09ab56050ebd5648087c4
4bf5ca21167bd44e7b547a5c908f0cb82a9420f0b4927ff1ded1232446f6f17e

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.gq domain

HTTP Headers

GET /Verify/arvest.com/login_files/fdic-logo.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:44 GMT
Accept-Ranges: bytes
Content-Length: 916
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png

gpbez.gq/Verify/arvest.com/login_files/housing-logo2.png

162.240.17.225

200 OK

653 B

URL HTTP/1.1
gpbez.gq/Verify/arvest.com/login_files/housing-logo2.png
IP
162.240.17.225:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 32 x 33, 8-bit/color RGBA, non-interlaced\012- data
Size
653 B (653 bytes)
Hash
8c339bc63e8f842ea73fbd6f6c05738b
001b1bba7b4a22d4216d7a2f9a5d87a21e2ed7da
3132b69dbeb859635eea70dbdae8557c143d111eeb9a473fb84fe5fac904cc18

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.gq domain

HTTP Headers

GET /Verify/arvest.com/login_files/housing-logo2.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:46 GMT
Accept-Ranges: bytes
Content-Length: 653
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png

gpbez.gq/Verify/arvest.com/login_files/wr-dialog-close-btn-white.png

162.240.17.225

200 OK

254 B

URL HTTP/1.1
gpbez.gq/Verify/arvest.com/login_files/wr-dialog-close-btn-white.png
IP
162.240.17.225:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 36 x 36, 8-bit gray+alpha, non-interlaced\012- data
Size
254 B (254 bytes)
Hash
48240b2998738f29efb197386e688338
2a864e0cdba56126f8eb46d4945b758c7c732bcd
cd5496f75a7c1029bc681f639794b83f034d5ecd884e8514ae12b13eee9eec70

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.gq domain

HTTP Headers

GET /Verify/arvest.com/login_files/wr-dialog-close-btn-white.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:50 GMT
Accept-Ranges: bytes
Content-Length: 254
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png

gpbez.gq/Verify/arvest.com/login_files/nhl.png

162.240.17.225

200 OK

1.3 kB

URL HTTP/1.1
gpbez.gq/Verify/arvest.com/login_files/nhl.png
IP
162.240.17.225:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 39 x 41, 8-bit/color RGB, non-interlaced\012- data
Size
1.3 kB (1277 bytes)
Hash
830f5671b5f424dbdec5eceef461f89c
fda690c867fdb5a93c0011d5c164491fdeca60b9
f4d067fab799e99b87904f659c692a443efdefb8d5eefcc98fc7db2cd5bd39cb

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.gq domain

HTTP Headers

GET /Verify/arvest.com/login_files/nhl.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:46 GMT
Accept-Ranges: bytes
Content-Length: 1277
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png

gpbez.gq/Verify/arvest.com/login_files/fdic.png

162.240.17.225

200 OK

1.4 kB

URL HTTP/1.1
gpbez.gq/Verify/arvest.com/login_files/fdic.png
IP
162.240.17.225:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 43 x 41, 8-bit/color RGB, non-interlaced\012- data
Size
1.4 kB (1411 bytes)
Hash
4d7d634e423739bcc12cf93f7f9d526c
a28a5ab097bd295ac094206062902a6271995fd8
971cbfd037bdfa175bbcc512eb44ef5430b917a88df8b0b0344d85dff95f795e

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.gq domain

HTTP Headers

GET /Verify/arvest.com/login_files/fdic.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:46 GMT
Accept-Ranges: bytes
Content-Length: 1411
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png

gpbez.gq/Verify/arvest.com/login_files/merchant-services-mainnav-ad.png

162.240.17.225

200 OK

22 kB

URL HTTP/1.1
gpbez.gq/Verify/arvest.com/login_files/merchant-services-mainnav-ad.png
IP
162.240.17.225:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 217 x 234, 8-bit colormap, interlaced\012- data
Size
22 kB (22341 bytes)
Hash
877277fc1f039ddd2b3fb681fa69d442
108b83c05ecd920d2161217fb99cd3db337e497f
13cdcd37ed238e27c50fac06ba440885e95bbae7a85c8c7447111738f7bdbaaf

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.gq domain

HTTP Headers

GET /Verify/arvest.com/login_files/merchant-services-mainnav-ad.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:44 GMT
Accept-Ranges: bytes
Content-Length: 22341
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png

gpbez.gq/Verify/arvest.com/login_files/debit-card-beach-mainnav-ad.png

162.240.17.225

200 OK

23 kB

URL HTTP/1.1
gpbez.gq/Verify/arvest.com/login_files/debit-card-beach-mainnav-ad.png
IP
162.240.17.225:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 217 x 234, 8-bit colormap, interlaced\012- data
Size
23 kB (23282 bytes)
Hash
0a01c98ed517204fcd4635e15c8ac4d1
9adeaf3d815c03a9da07c99ffef364be618fdcec
5566d8578cf4b69b5523a1d983aa31de64c5e40bc55db1c5551ac01f647ca529

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.gq domain

HTTP Headers

GET /Verify/arvest.com/login_files/debit-card-beach-mainnav-ad.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:44 GMT
Accept-Ranges: bytes
Content-Length: 23282
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png

gpbez.gq/Verify/arvest.com/login_files/mortgage-home4me-mainnav-ad.png

162.240.17.225

200 OK

54 kB

URL HTTP/1.1
gpbez.gq/Verify/arvest.com/login_files/mortgage-home4me-mainnav-ad.png
IP
162.240.17.225:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 217 x 234, 8-bit/color RGB, non-interlaced\012- data
Size
54 kB (54009 bytes)
Hash
908bb95330d7cba223bacb9f76d92c91
8ace44f4e715599a5ac2402c8f424f3e186657c1
fbd9e72fc8811406de10190f29478f63524a88c6c33ac96017c2f38374787c55

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.gq domain

HTTP Headers

GET /Verify/arvest.com/login_files/mortgage-home4me-mainnav-ad.png HTTP/1.1
Host: gpbez.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gpbez.gq/Verify/arvest.com/login.php
Cookie: PHPSESSID=012b1e5977886e73fd80639bf1fd464c

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:12:36 GMT
Server: Apache
Last-Modified: Fri, 19 Aug 2022 00:27:44 GMT
Accept-Ranges: bytes
Content-Length: 54009
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
a3d7474790bd1bb7085e24507afccff4
8281e5304c45e41aa96d6395fcc6dea9f81c251c
ef207bdfff69a7b45ebb93af668cd77bbd1d197c8bf2ce7abe08a7b98a93f4d4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3860
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 22:12:37 GMT
Last-Modified: Mon, 06 Feb 2023 21:08:17 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

www.arvest.com/arvest.com/favicon.ico

45.60.198.180

200 OK

7.9 kB

URL HTTP/2
www.arvest.com/arvest.com/favicon.ico
IP
45.60.198.180:0
ASN
#19551 INCAPSULA

File type
MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel\012- data
Size
7.9 kB (7886 bytes)
Hash
ad053d2d9bb4ba80e0ae86e7b0d7a876
3429c252087308b419c134136b23510e56a700c3
f07b37b5d3250cbc2a9f9fbed17db228e7e1633ee128c729b06d208b5c196807

HTTP Headers

GET /arvest.com/favicon.ico HTTP/1.1
Host: www.arvest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gpbez.gq/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
etag: "1ece-4f37b5952d7b8"
last-modified: Fri, 28 Feb 2014 18:10:11 GMT
content-type: image/vnd.microsoft.icon
content-length: 7886
cache-control: max-age=0
date: Mon, 06 Feb 2023 22:12:37 GMT
set-cookie: nlbi_2181318=hXxMc/oYlDhUCsextj1qRwAAAABSluLS5if89Lcu90MTqymB; path=/; Domain=.arvest.com; Secure; SameSite=None
visid_incap_2181318=o5zlvIn7RqGKb+0LtzkUSVV74WMAAAAAQUIPAAAAAAD3BJn5SZkp9hhIbr2QqqP4; expires=Mon, 05 Feb 2024 22:31:14 GMT; HttpOnly; path=/; Domain=.arvest.com; Secure; SameSite=None
incap_ses_7233_2181318=+MqCORcVxClaEVZBucdgZFV74WMAAAAAGCkSgxXYyzc+tJFs0OMkrQ==; path=/; Domain=.arvest.com; Secure; SameSite=None
strict-transport-security: max-age=31536000
x-cdn: Imperva
x-iinfo: 7-11883234-11882616 2VNN RT(1675721557032 37) q(0 0 0 0) r(5 5)
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f49c6ce-40f8-40bf-9423-2de34118bace.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (8981 bytes)
Hash
714723c38877e0d1655c7118a88ec064
809a42ce7c76cea0ce16af8172d852723c3a5f02
6bad7253694d155de31a8f5a3c635545a39aac340ca49d1bc10efb6739d4a356

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f49c6ce-40f8-40bf-9423-2de34118bace.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 8981
x-amzn-requestid: 0054e925-c381-4737-bd92-32b2af3a604e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiQHRFoAMFw6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-45ea5ee33d07326c593d21d3;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ixAMZh_xOYWVESJ0jOEPOXZ4GQBDUZZsh26yEDYfl8APcBF2x2sZYg==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 22:02:54 GMT
age: 589
etag: "809a42ce7c76cea0ce16af8172d852723c3a5f02"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (53)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type