{"report_id":"b6bed79d-e7be-4e87-a519-ec8ad09320df","version":6,"status":"done","tags":["phishing_box","phishing"],"date":"2025-04-20T12:43:33Z","url":{"schema":"https","addr":"drivesupport-google.com/","fqdn":"drivesupport-google.com","domain":"drivesupport-google.com","tld":"com"},"ip":{"addr":"64.191.166.205","port":0,"asn":13776,"as":"QX-NET-ASN-1","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"drivesupport-google.com/","fqdn":"drivesupport-google.com","domain":"drivesupport-google.com","tld":"com"},"title":"Phishing Simulation Landing Page"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-29T12:43:33Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"drivesupport-google.com","ip":{"addr":"64.191.166.205","port":443,"asn":13776,"as":"QX-NET-ASN-1","country":"United States","country_code":"US"},"domain_registered":"2025-02-19","domain_rank":0,"first_seen":"2025-04-20T12:43:33.279148Z","last_seen":"2025-04-20T12:43:33.279148Z","alert_count":10,"request_count":6,"received_data":290999,"sent_data":2692,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-20","alert":"Sinkholed","trigger":"drivesupport-google.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-20","alert":"Sinkholed","trigger":"drivesupport-google.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-20","alert":"Sinkholed","trigger":"drivesupport-google.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-20","alert":"Sinkholed","trigger":"drivesupport-google.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-20","alert":"Sinkholed","trigger":"drivesupport-google.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-20","alert":"Sinkholed","trigger":"drivesupport-google.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Phishing Box","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Phishing Box","tags":["phishing_box","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"drivesupport-google.com/assets/js/jquery.js","fqdn":"drivesupport-google.com","domain":"drivesupport-google.com","tld":"com"},"ip":{"addr":"64.191.166.205","port":443,"asn":13776,"as":"QX-NET-ASN-1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6c013ea4cf6af491ac038943a68ad4fe","sha1":"7704864ce63adb0d61f79acc3e5cc9ea488e35f6","sha256":"35dc8edc236b06df2825bce1b00900e2e976ecdb928b02809647e7eb2f91bfc8","sha512":"60cd96a316e40daf530e06bfd59df9f3f25826e2a072c137ceceb66f89a5eddf512e3a64b8081149249aa486a81de9e4da5e7555c4ffebd03a5585342f404f09","ssdeep":"1536:cNhEyjjTikEJO4edXXe9J578go6MWXqcVhcLyB4Lw13sh2bzrlc+iuH7U3gBORDU:axcq0hcLZwpsYbDzORDU8Cu+","tlshash":"9583d5d9b2c670529b7730b850bf450bb17a98dab44c8d60f068c5d57eb8a8e507bf2c","size":86717,"data":"","first_seen":"2023-03-07T12:08:30Z","last_seen":"2026-06-12T22:47:17.425215Z","times_seen":617,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"drivesupport-google.com/assets/js/bootstrap.min.js","fqdn":"drivesupport-google.com","domain":"drivesupport-google.com","tld":"com"},"ip":{"addr":"64.191.166.205","port":443,"asn":13776,"as":"QX-NET-ASN-1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5869c96cc8f19086aee625d670d741f9","sha1":"430a443d74830fe9be26efca431f448c1b3740f9","sha256":"53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef","sha512":"8b3b64a1bb2f9e329f02d4cd7479065630184ebaed942ee61a9ff9e1ce34c28c0eecb854458977815cf3704a8697fa8a5d096d2761f032b74b70d51da3e37f45","ssdeep":"768:o2rGy27UwlNqMl95qNmCFejhqs8snmi+CSFXfbx8Gf3Zq7Q:Jg73zhq0GvbJ3ZKQ","tlshash":"b6f28606b23031a147efb1e1525b020e7239696ee906907c78b99af53db9c48717bf3d","size":37045,"data":"","first_seen":"2023-03-07T01:02:54Z","last_seen":"2026-06-14T01:03:09.960042Z","times_seen":91245,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"drivesupport-google.com/","fqdn":"drivesupport-google.com","domain":"drivesupport-google.com","tld":"com"},"ip":{"addr":"64.191.166.205","port":443,"asn":13776,"as":"QX-NET-ASN-1","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-04-20T12:43:11.525Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"drivesupport-google.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Apr 2025 09:04:54 GMT","end":"Sat, 19 Jul 2025 09:04:53 GMT"},"fingerprint":{"sha1":"23:FA:A8:64:F1:83:C1:5B:D1:D1:1E:3E:18:03:5E:A5:C4:9F:0F:07","sha256":"63:B1:B4:F0:23:E3:9C:EE:4B:25:DA:28:60:BB:90:7A:E0:C9:C8:EE:B7:D2:24:C2:7B:22:E4:74:94:08:61:E9"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: drivesupport-google.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":769,"data":"[[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,null,[1,0,1]]],373,[[\"1745152704633\",null,null,null,null,null,null,\"[1,40400,30,null,\\\"744546992.0\\\",\\\"v-oEaNmpEtfZwt0P_uCi0AQ\\\",null,null,null,\\\"no\\\",\\\"NOR\\\",0,7,1926,null,0,0,null,\\\"og-8d6f11d1-29bd-4124-ad16-aefa731f304d\\\",null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,null,null,null,null,null,null,null,null,null,null,null,null,0,null,null,null,0,null,[2,5,\\\"ug\\\",140],null,null,0,0,1]\",null,null,null,null,null,null,0,[null,null,null,\"[]\"],null,null,null,null,1]],\"1745152708160\",null,null,null,null,null,null,null,null,null,null,null,null,null,[[null,[null,null,null,null,null,null,null,null,null,null,null,null,122505695]],9]]"}},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Sun, 20 Apr 2025 12:43:12 GMT\r\nserver: Apache\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 1112\r\ncontent-type: text/html; charset=UTF-8\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2534,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"430ad4c945f2aa3dc048e10e6e4a931e","sha1":"530e00d359c370609cd8dd2d5f55eee79a9dd450","sha256":"4f73f4a16a6992dfe170c3155b997ec250d09048d392189275063c0cd9bdb1e6","sha512":"e6b1bbfc6a7fadd4bf4d234a13cd663de151bdc630d599239de84495519f69daaa7116c63419693cf7c93fe8ebdd9ad02c07991b207818efd4abf6501060e00e","ssdeep":"","tlshash":"405174aa9d40080a817792369b63714cf9780543d603096e7abda3978fb1acc8b33f94","first_seen":"2025-04-20T12:43:34.944154Z","last_seen":"2025-04-21T10:40:42.299075Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1308,"timings":{"blocked":584,"dns":22,"connect":124,"send":0,"wait":139,"receive":0,"ssl":435},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-20","alert":"Sinkholed","trigger":"drivesupport-google.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"drivesupport-google.com/assets/css/bootstrap.css","fqdn":"drivesupport-google.com","domain":"drivesupport-google.com","tld":"com"},"ip":{"addr":"64.191.166.205","port":443,"asn":13776,"as":"QX-NET-ASN-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://drivesupport-google.com/","date":"2025-04-20T12:43:12.558Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"drivesupport-google.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Apr 2025 09:04:54 GMT","end":"Sat, 19 Jul 2025 09:04:53 GMT"},"fingerprint":{"sha1":"23:FA:A8:64:F1:83:C1:5B:D1:D1:1E:3E:18:03:5E:A5:C4:9F:0F:07","sha256":"63:B1:B4:F0:23:E3:9C:EE:4B:25:DA:28:60:BB:90:7A:E0:C9:C8:EE:B7:D2:24:C2:7B:22:E4:74:94:08:61:E9"}}},"request":{"raw":"GET /assets/css/bootstrap.css HTTP/1.1\r\nHost: drivesupport-google.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://drivesupport-google.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":194,"data":"{\"p\":\"68037e9f485a86191013b811\",\"w\":\"1ip6qd9kn\",\"platform\":\"desktop\",\"tzo\":0,\"url\":\"https://firstsafes.com.fabuloustores.com/\",\"vss\":\"\",\"consent\":false,\"wss\":\"min\",\"uik\":\"FxZffDeBDydCcTopWvKt_\"}"}},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Sun, 20 Apr 2025 12:43:12 GMT\r\nserver: Apache\r\nlast-modified: Mon, 06 Nov 2023 21:15:03 GMT\r\netag: \"23a5a-6098258f67fcc-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 21330\r\ncontent-type: text/css\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":146010,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (540)","md5":"2a31dca112f26923b51676cb764c58d5","sha1":"f597f59f955cda06e5d7a79342d9e0c22b5ec6d2","sha256":"7e630d90c7234b0df1729f62b8f9e4bbfaf293d91a5a0ac46df25f2a6759e39a","sha512":"a658bd68aabbe7c3cc76caa3340f80bb8089ed96ad2c20978a79e549fbf4db7cf8c66ce5f2cf896e3daa351ed123c0ecc45a797bc3af6d8183002cca9ed644f7","ssdeep":"1536:n8dvmSUZjywX7H53/BHsWj8g1UCFz96nOdG/JP9IZptcJ23NsOCj+:noUZO4ZpHkgCc8nOU/JP9IZptcJ23z","tlshash":"b7e395d8f6b039407223c09835938e52b71d9143d41fed79b7ea35acafc81958973b8a","first_seen":"2023-04-05T04:22:28Z","last_seen":"2026-06-14T00:20:47.665092Z","times_seen":3944,"resource_available":false,"data":null}},"time_used":284,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":160,"receive":124,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-20","alert":"Sinkholed","trigger":"drivesupport-google.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Phishing Box","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Phishing Box","tags":["phishing_box","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"drivesupport-google.com/assets/js/bootstrap.min.js","fqdn":"drivesupport-google.com","domain":"drivesupport-google.com","tld":"com"},"ip":{"addr":"64.191.166.205","port":443,"asn":13776,"as":"QX-NET-ASN-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://drivesupport-google.com/","date":"2025-04-20T12:43:12.566Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"drivesupport-google.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Apr 2025 09:04:54 GMT","end":"Sat, 19 Jul 2025 09:04:53 GMT"},"fingerprint":{"sha1":"23:FA:A8:64:F1:83:C1:5B:D1:D1:1E:3E:18:03:5E:A5:C4:9F:0F:07","sha256":"63:B1:B4:F0:23:E3:9C:EE:4B:25:DA:28:60:BB:90:7A:E0:C9:C8:EE:B7:D2:24:C2:7B:22:E4:74:94:08:61:E9"}}},"request":{"raw":"GET /assets/js/bootstrap.min.js HTTP/1.1\r\nHost: drivesupport-google.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://drivesupport-google.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":83,"data":"{\"jsonrpc\":\"2.0\",\"method\":\"CustomerAccounts::getAccountDetails\",\"params\":[],\"id\":0}"}},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Sun, 20 Apr 2025 12:43:13 GMT\r\nserver: Apache\r\nlast-modified: Tue, 05 Nov 2024 21:37:21 GMT\r\netag: \"90b5-6263134d4b7db-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 9833\r\ncontent-type: application/javascript\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":37045,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32033)","md5":"5869c96cc8f19086aee625d670d741f9","sha1":"430a443d74830fe9be26efca431f448c1b3740f9","sha256":"53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef","sha512":"8b3b64a1bb2f9e329f02d4cd7479065630184ebaed942ee61a9ff9e1ce34c28c0eecb854458977815cf3704a8697fa8a5d096d2761f032b74b70d51da3e37f45","ssdeep":"768:o2rGy27UwlNqMl95qNmCFejhqs8snmi+CSFXfbx8Gf3Zq7Q:Jg73zhq0GvbJ3ZKQ","tlshash":"b6f28606b23031a147efb1e1525b020e7239696ee906907c78b99af53db9c48717bf3d","first_seen":"2023-03-07T01:02:54Z","last_seen":"2026-06-14T01:03:09.960042Z","times_seen":91245,"resource_available":true,"data":null}},"time_used":1129,"timings":{"blocked":489,"dns":1,"connect":126,"send":0,"wait":140,"receive":1,"ssl":369},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-20","alert":"Sinkholed","trigger":"drivesupport-google.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Phishing Box","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Phishing Box","tags":["phishing_box","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"drivesupport-google.com/assets/img/phishingbox_logo.png","fqdn":"drivesupport-google.com","domain":"drivesupport-google.com","tld":"com"},"ip":{"addr":"64.191.166.205","port":443,"asn":13776,"as":"QX-NET-ASN-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://drivesupport-google.com/","date":"2025-04-20T12:43:12.561Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"drivesupport-google.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Apr 2025 09:04:54 GMT","end":"Sat, 19 Jul 2025 09:04:53 GMT"},"fingerprint":{"sha1":"23:FA:A8:64:F1:83:C1:5B:D1:D1:1E:3E:18:03:5E:A5:C4:9F:0F:07","sha256":"63:B1:B4:F0:23:E3:9C:EE:4B:25:DA:28:60:BB:90:7A:E0:C9:C8:EE:B7:D2:24:C2:7B:22:E4:74:94:08:61:E9"}}},"request":{"raw":"GET /assets/img/phishingbox_logo.png HTTP/1.1\r\nHost: drivesupport-google.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://drivesupport-google.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":25,"data":"action=updateLastActivity"}},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Sun, 20 Apr 2025 12:43:12 GMT\r\nserver: Apache\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nlast-modified: Wed, 14 Sep 2022 19:02:17 GMT\r\netag: \"391f-5e8a7c4813ccc\"\r\naccept-ranges: bytes\r\ncontent-length: 14623\r\ncontent-type: image/png\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":14623,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1200 x 523, 8-bit colormap, non-interlaced","md5":"dbd7fc56bc4da8db26060ace8755af73","sha1":"3da1f0716f969c4c621e0b0a688c6638df72a6b3","sha256":"537772c08f4088cd4c535a38aad43346ea650b1f964cefae4b91e3def40721cd","sha512":"5224618ac640bf008ec04d5fd3f7629f10011841805cf612cd0afd4c4f486c81ae774829c307a522a1c3140f7bad310746db2a5947fd1aea3895f7894cbe3713","ssdeep":"192:y4Dob6OF46tQ3VISVG2Zlk2fZ4MsZMcN81AoEonypo7qXqMkHddqTHyKPOds56U:yB6otQ9JZlRfZTGM+8+RSy2OXSLq2+","tlshash":"5362c0763625f6e4e07dd7fdb67069112206e39eead2386314a9638ec8d70cced5b900","first_seen":"2023-05-01T05:35:39Z","last_seen":"2026-06-12T22:47:17.428191Z","times_seen":617,"resource_available":false,"data":null}},"time_used":462,"timings":{"blocked":272,"dns":0,"connect":0,"send":0,"wait":162,"receive":28,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-20","alert":"Sinkholed","trigger":"drivesupport-google.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Phishing Box","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Phishing Box","tags":["phishing_box","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"drivesupport-google.com/assets/js/jquery.js","fqdn":"drivesupport-google.com","domain":"drivesupport-google.com","tld":"com"},"ip":{"addr":"64.191.166.205","port":443,"asn":13776,"as":"QX-NET-ASN-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://drivesupport-google.com/","date":"2025-04-20T12:43:12.564Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"drivesupport-google.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Apr 2025 09:04:54 GMT","end":"Sat, 19 Jul 2025 09:04:53 GMT"},"fingerprint":{"sha1":"23:FA:A8:64:F1:83:C1:5B:D1:D1:1E:3E:18:03:5E:A5:C4:9F:0F:07","sha256":"63:B1:B4:F0:23:E3:9C:EE:4B:25:DA:28:60:BB:90:7A:E0:C9:C8:EE:B7:D2:24:C2:7B:22:E4:74:94:08:61:E9"}}},"request":{"raw":"GET /assets/js/jquery.js HTTP/1.1\r\nHost: drivesupport-google.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://drivesupport-google.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":703,"data":"{\"csp-report\":{\"blocked-uri\":\"inline\",\"column-number\":1,\"disposition\":\"report\",\"document-uri\":\"https://fairpointcustomercares.weebly.com/\",\"effective-directive\":\"script-src-elem\",\"line-number\":114,\"original-policy\":\"script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=I9nF_msB4D1r98oPt1Hd6sNDDQz02F7DMZeB7xQYLM0-1745152869-1.0.1.1-FxZNI3jTs6QmdO10azva5o7_LO8jhqqRAfYQ086ohDHLfyuYTm3MXzdOon4okLtVgJh.Gh41xNGZ2IDXVVvTEXkDOKMWY632Mm4rrN_Xe3nTHs9f2mRKtT2eYqevlRX4.6uvbX6r_eAEI9J10YBSBUmUSAZRE6EaV4YF0Ezsz2PzBupvRiHt.bS9vp1.68DN\",\"referrer\":\"\",\"source-file\":\"https://fairpointcustomercares.weebly.com/\",\"status-code\":200,\"violated-directive\":\"script-src-elem\"}}"}},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Sun, 20 Apr 2025 12:43:13 GMT\r\nserver: Apache\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nlast-modified: Wed, 14 Sep 2022 19:02:19 GMT\r\netag: \"152bd-5e8a7c49f5cb8-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 30085\r\ncontent-type: application/javascript\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":86717,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32030), with CR line terminators","md5":"6c013ea4cf6af491ac038943a68ad4fe","sha1":"7704864ce63adb0d61f79acc3e5cc9ea488e35f6","sha256":"35dc8edc236b06df2825bce1b00900e2e976ecdb928b02809647e7eb2f91bfc8","sha512":"60cd96a316e40daf530e06bfd59df9f3f25826e2a072c137ceceb66f89a5eddf512e3a64b8081149249aa486a81de9e4da5e7555c4ffebd03a5585342f404f09","ssdeep":"1536:cNhEyjjTikEJO4edXXe9J578go6MWXqcVhcLyB4Lw13sh2bzrlc+iuH7U3gBORDU:axcq0hcLZwpsYbDzORDU8Cu+","tlshash":"9583d5d9b2c670529b7730b850bf450bb17a98dab44c8d60f068c5d57eb8a8e507bf2c","first_seen":"2023-03-07T12:08:30Z","last_seen":"2026-06-12T22:47:17.425215Z","times_seen":617,"resource_available":true,"data":null}},"time_used":1267,"timings":{"blocked":491,"dns":4,"connect":126,"send":0,"wait":247,"receive":24,"ssl":373},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-20","alert":"Sinkholed","trigger":"drivesupport-google.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Phishing Box","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Phishing Box","tags":["phishing_box","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"drivesupport-google.com/favicon.ico","fqdn":"drivesupport-google.com","domain":"drivesupport-google.com","tld":"com"},"ip":{"addr":"64.191.166.205","port":443,"asn":13776,"as":"QX-NET-ASN-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://drivesupport-google.com/","date":"2025-04-20T12:43:13.588Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"drivesupport-google.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Apr 2025 09:04:54 GMT","end":"Sat, 19 Jul 2025 09:04:53 GMT"},"fingerprint":{"sha1":"23:FA:A8:64:F1:83:C1:5B:D1:D1:1E:3E:18:03:5E:A5:C4:9F:0F:07","sha256":"63:B1:B4:F0:23:E3:9C:EE:4B:25:DA:28:60:BB:90:7A:E0:C9:C8:EE:B7:D2:24:C2:7B:22:E4:74:94:08:61:E9"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: drivesupport-google.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://drivesupport-google.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":677,"data":"{\"csp-report\":{\"blocked-uri\":\"https://fairpointcustomercares.weebly.com/files/theme/plugins.js?1573850854\",\"disposition\":\"report\",\"document-uri\":\"https://fairpointcustomercares.weebly.com/\",\"effective-directive\":\"script-src-elem\",\"original-policy\":\"script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=I9nF_msB4D1r98oPt1Hd6sNDDQz02F7DMZeB7xQYLM0-1745152869-1.0.1.1-FxZNI3jTs6QmdO10azva5o7_LO8jhqqRAfYQ086ohDHLfyuYTm3MXzdOon4okLtVgJh.Gh41xNGZ2IDXVVvTEXkDOKMWY632Mm4rrN_Xe3nTHs9f2mRKtT2eYqevlRX4.6uvbX6r_eAEI9J10YBSBUmUSAZRE6EaV4YF0Ezsz2PzBupvRiHt.bS9vp1.68DN\",\"referrer\":\"\",\"status-code\":200,\"violated-directive\":\"script-src-elem\"}}"}},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Sun, 20 Apr 2025 12:43:13 GMT\r\nserver: Apache\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 1112\r\ncontent-type: text/html; charset=UTF-8\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2534,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"430ad4c945f2aa3dc048e10e6e4a931e","sha1":"530e00d359c370609cd8dd2d5f55eee79a9dd450","sha256":"4f73f4a16a6992dfe170c3155b997ec250d09048d392189275063c0cd9bdb1e6","sha512":"e6b1bbfc6a7fadd4bf4d234a13cd663de151bdc630d599239de84495519f69daaa7116c63419693cf7c93fe8ebdd9ad02c07991b207818efd4abf6501060e00e","ssdeep":"","tlshash":"405174aa9d40080a817792369b63714cf9780543d603096e7abda3978fb1acc8b33f94","first_seen":"2025-04-20T12:43:34.944154Z","last_seen":"2025-04-21T10:40:42.299075Z","times_seen":2,"resource_available":false,"data":null}},"time_used":158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-20","alert":"Sinkholed","trigger":"drivesupport-google.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}