Report - founeedapaidomainamenomainamengedinetworked.work.gd/recover

Report Overview

Submitted URL
founeedapaidomainamenomainamengedinetworked.work.gd/recover
IP
174.136.228.135
ASN
#396362 LEASEWEB-USA-NYC
Submitted
2023-06-01 01:25:28
Access
public
Website Title
Final URL
Tags
crypto phishing dyndns
urlquery detections
Phishing - Generic Crypto/Wallet
Suspicious - DynDNS domain

Detections

urlquery
91
Network Intrusion Detection
45
Threat Detection Systems
96

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
tracking-protection.cdn.mozilla.net	9282	1998-01-31	2015-09-17	2023-05-31	2.0 kB	1.9 MB	34.120.158.37
founeedapaidomainamenomainamengedinetworked.work.gd	unknown	2022-06-18	2023-05-29	2023-05-30	27 kB	2.1 MB	174.136.228.135
ocsp.pki.goog	175	2016-06-13	2018-07-01	2023-05-31	1.7 kB	3.5 kB	142.250.74.131
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2023-06-01	2.9 kB	165 kB	216.58.207.227
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2023-05-31	1.5 kB	338 kB	142.250.74.106
www.gstatic.com	unknown	2008-02-11	2016-07-26	2023-05-31	4.6 kB	14 kB	142.250.74.35

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-06-01 01:25:07	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:07	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:07	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:07	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:07	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:08	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:08	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:08	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:08	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:08	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:08	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:08	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:08	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:08	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:08	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:08	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:09	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:09	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:09	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:09	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:09	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:09	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:09	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:20	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:20	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:20	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:20	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:20	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:20	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:20	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:20	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:20	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:20	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:20	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:20	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:20	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:21	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:21	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:21	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:21	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:21	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:21	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:21	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:21	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-01 01:25:23	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator
2023-05-31	medium	founeedapaidomainamenomainamengedinetworked.work.gd/recover
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/authen
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-31	medium	founeedapaidomainamenomainamengedinetworked.work.gd/recover
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/
2023-05-29	medium	founeedapaidomainamenomainamengedinetworked.work.gd/

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	founeedapaidomainamenomainamengedinetworked.work.gd/meta/jquery-3.5.1.min.dc5e7f18c8.js.download	90 kB	2023-03-07	2024-04-23
Pretty URL founeedapaidomainamenomainamengedinetworked.work.gd/meta/jquery-3.5.1.min.dc5e7f18c8.js.download IP 174.136.228.135 ASN #396362 LEASEWEB-USA-NYC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-23 12:49:29 Times Seen138790 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	founeedapaidomainamenomainamengedinetworked.work.gd/recover	101 B	2023-03-07	2024-01-01
Pretty URL founeedapaidomainamenomainamengedinetworked.work.gd/recover IP 174.136.228.135 ASN #396362 LEASEWEB-USA-NYC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:29:10 Last Seen2024-01-01 17:30:26 Times Seen100 Hash a21f8b439e3c709f9b3beda1c78b6e68 2f78ba7561b5a579ce38a147364771cf81a317e2 c33563ce5dd8db5f49c9aa77f0168aa69dcade416932a2d40a2fb16e72c1ce7d Loading...

	founeedapaidomainamenomainamengedinetworked.work.gd/meta/bframe.html	75 B	2023-03-07	2024-04-23
Pretty URL founeedapaidomainamenomainamengedinetworked.work.gd/meta/bframe.html IP 174.136.228.135 ASN #396362 LEASEWEB-USA-NYC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15:59 Last Seen2024-04-23 13:01:32 Times Seen10318 Hash dca9d53787fff314e5bd1a123b28906a 1350c858f60bbb03d1b53b05cbad6cea82ff29d1 2475d902b4182bac667d464a44c89ee405e5cfd64156b30f811557cf2b347e2f Loading...

	founeedapaidomainamenomainamengedinetworked.work.gd/meta/enterprise.js.download	1.0 kB	2023-03-07	2024-04-12
Pretty URL founeedapaidomainamenomainamengedinetworked.work.gd/meta/enterprise.js.download IP 174.136.228.135 ASN #396362 LEASEWEB-USA-NYC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:29:10 Last Seen2024-04-12 19:27:20 Times Seen572 Hash d07e7630bc23cbdd7520d0a4f086c922 b50685923a96d55109959fdf21f369d902971b2a 15c0f679abecff8fba48dbe673343f3e0f2a07c439d3f631722fccd2af2e1df2 Loading...

	founeedapaidomainamenomainamengedinetworked.work.gd/meta/jsonp	278 kB	2023-03-07	2024-03-12
Pretty URL founeedapaidomainamenomainamengedinetworked.work.gd/meta/jsonp IP 174.136.228.135 ASN #396362 LEASEWEB-USA-NYC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:29:10 Last Seen2024-03-12 06:48:21 Times Seen411 Hash 7efac8c0fa8e30db7a423500ef59abab be73717f776f24dd31498c27a1b02b784570d5bb 102411780270584690575675e14e574ef8a16cf6fdd5700d5682e68a8d2cc00d Loading...

	founeedapaidomainamenomainamengedinetworked.work.gd/meta/js	92 kB	2023-03-07	2024-03-12
Pretty URL founeedapaidomainamenomainamengedinetworked.work.gd/meta/js IP 174.136.228.135 ASN #396362 LEASEWEB-USA-NYC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:20:36 Last Seen2024-03-12 06:48:21 Times Seen508 Hash fb2ab9b8632250b0d7aa50c08150cfe1 73b3f266ac08c9fb07e1de1664fed384ccd5bc86 5d419e0ff614b331e4f8fed2ba7c1380b1f5983f98d820a6a0f7040b55f60b5b Loading...

	founeedapaidomainamenomainamengedinetworked.work.gd/recover	241 B	2023-03-07	2023-11-29
Pretty URL founeedapaidomainamenomainamengedinetworked.work.gd/recover IP 174.136.228.135 ASN #396362 LEASEWEB-USA-NYC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:29:10 Last Seen2023-11-29 08:44:34 Times Seen98 Hash 080e4144f0d34b9ed798406dbe568378 c161bb59ce93d05c318c95d634671cceb11b146a 24b98b55f46e8cc2b1eaee5562ecc67a3e00a404b8166aadae00c7d85bc60176 Loading...

	founeedapaidomainamenomainamengedinetworked.work.gd/meta/webfont.js.download	13 kB	2023-03-07	2024-04-23
Pretty URL founeedapaidomainamenomainamengedinetworked.work.gd/meta/webfont.js.download IP 174.136.228.135 ASN #396362 LEASEWEB-USA-NYC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:17 Last Seen2024-04-23 12:59:30 Times Seen22353 Hash 7c96a5f11d9741541d5e3c42ff6380d7 d3fa2564c021cf730e58ffddb138cf6b57ed126e 81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee Loading...

	founeedapaidomainamenomainamengedinetworked.work.gd/meta/storage.secure.min.js.download	39 kB	2023-03-07	2024-04-12
Pretty URL founeedapaidomainamenomainamengedinetworked.work.gd/meta/storage.secure.min.js.download IP 174.136.228.135 ASN #396362 LEASEWEB-USA-NYC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:45 Last Seen2024-04-12 19:27:20 Times Seen657 Hash 3386ec5559f1ba569cf0ab6acab436cc e98e11d37c5172ee128a85f68447efb3cb0e853c 996ab3c1e26cb00ec7d3d29650e784755ba46f33613563b7173b0dab03fa3d73 Loading...

	founeedapaidomainamenomainamengedinetworked.work.gd/recover	234 B	2023-03-08	2023-07-11
Pretty URL founeedapaidomainamenomainamengedinetworked.work.gd/recover IP 174.136.228.135 ASN #396362 LEASEWEB-USA-NYC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 03:03:15 Last Seen2023-07-11 16:51:34 Times Seen22 Hash e151792a4107384e8478b79c6c107748 c1c41af265614b40a173cdb12f393a10fd58df93 db6add705544b42351e8a8afad3b72b0ad3371cdd5e2ab4df7df9a98a04d9610 Loading...

	founeedapaidomainamenomainamengedinetworked.work.gd/meta/webflow.js.download	601 kB	2023-03-07	2024-04-12
Pretty URL founeedapaidomainamenomainamengedinetworked.work.gd/meta/webflow.js.download IP 174.136.228.135 ASN #396362 LEASEWEB-USA-NYC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:20:36 Last Seen2024-04-12 19:27:20 Times Seen596 Hash 9758f7e3aa0c79ea7a3cadb16d10087b 07f3c4e552e28eba6172f53d6dcf981a55f42031 0bb0c326dfc33136ad88e7454f06d22398a75f57f5eef79a30b218c171136f0d Loading...

	founeedapaidomainamenomainamengedinetworked.work.gd/meta/recaptcha__nl.js.download	354 kB	2023-03-07	2024-04-12
Pretty URL founeedapaidomainamenomainamengedinetworked.work.gd/meta/recaptcha__nl.js.download IP 174.136.228.135 ASN #396362 LEASEWEB-USA-NYC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:29:10 Last Seen2024-04-12 19:27:20 Times Seen583 Hash e735084e8ffed1ad8d89df08d98d4d23 6cdab8dac12030c8bc980ec129affecc626285c3 6cde5be2d724e53c8c4a97041365d3075e3af63ec08e1712b2f831b6e2bd357b Loading...

	founeedapaidomainamenomainamengedinetworked.work.gd/meta/bframe.html	175 B	2023-03-07	2024-04-12
Pretty URL founeedapaidomainamenomainamengedinetworked.work.gd/meta/bframe.html IP 174.136.228.135 ASN #396362 LEASEWEB-USA-NYC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:17:36 Last Seen2024-04-12 19:27:19 Times Seen275 Hash 117ee3a6ec35b36713c5e48205ff5fce 8f892b6a14a32c6e5e1cf000d06b18535a7b6238 7317f1aa4ede14314da978897b86477afe5fbc7b634899c0e33a740ca235e675 Loading...

	founeedapaidomainamenomainamengedinetworked.work.gd/meta/plx.chock.js	3.4 kB	2023-03-07	2024-04-02
Pretty URL founeedapaidomainamenomainamengedinetworked.work.gd/meta/plx.chock.js IP 174.136.228.135 ASN #396362 LEASEWEB-USA-NYC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:29:10 Last Seen2024-04-02 06:38:24 Times Seen660 Hash 5acfeead7d13511cdef767305b87e3f8 ec5337e62f1e64d3aaba3bf41a41b5f876964922 b9417c5359a2259bb564852a1ebd2b743b79ac06efdee42dc53456f8445ad246 Loading...

HTTP Transactions (75)

URL IP Response Size

tracking-protection.cdn.mozilla.net/ads-track-digest256/1684337778

34.120.158.37

56 kB

URL
tracking-protection.cdn.mozilla.net/ads-track-digest256/1684337778
IP
34.120.158.37:0
ASN
#15169 GOOGLE

File type
data
Size
56 kB (56534 bytes)
Hash
e82f812913b6a06c608d7bb688e184b4
ea5db373525ee7dfa0abaf0befb2dae54e62b699
46fb1d72ca8047216ad4c5349f791a385049e1025042a3fbca56a7bf94ff2e89

HTTP Headers

GET /ads-track-digest256/1684337778 HTTP/1.1
Host: tracking-protection.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: uJ6ZIMoE839Ys4+Yj3C+jbRbfVECZh0707onUtGlk5hdextGhsb3bh02VJkX5lXH4Bx+uTOOAnY=
x-amz-request-id: GNCXKCX6NQ2XPRDM
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
content-length: 56534
via: 1.1 google
date: Wed, 31 May 2023 15:37:05 GMT
age: 35283
last-modified: Wed, 17 May 2023 15:36:30 GMT
etag: "e82f812913b6a06c608d7bb688e184b4"
content-type: application/octet-stream
cache-control: public,max-age=86400
alt-svc: clear
X-Firefox-Spdy: h2

tracking-protection.cdn.mozilla.net/analytics-track-digest256/1683905755

34.120.158.37

10 kB

URL
tracking-protection.cdn.mozilla.net/analytics-track-digest256/1683905755
IP
34.120.158.37:0
ASN
#15169 GOOGLE

File type
data
Size
10 kB (10486 bytes)
Hash
feffee93ee53bd6b02687bb9d9a11425
f9fab28225d6eb2ed2e72ce675d5d5b624383658
3b09c3bc75d40a2dc370d7a9e88433d74de203f31056900b995b497950f2d672

HTTP Headers

GET /analytics-track-digest256/1683905755 HTTP/1.1
Host: tracking-protection.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: wT+mc42/laywQeKz+wF6+D9ftagqcE/RtlpvIcSD4UlepUDKaNTboaseMLJqoQxGiUzPmgu/Kr4=
x-amz-request-id: EA7724VDTEGQ54EA
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
content-length: 10486
via: 1.1 google
date: Wed, 31 May 2023 15:36:46 GMT
age: 35302
last-modified: Fri, 12 May 2023 15:36:10 GMT
etag: "feffee93ee53bd6b02687bb9d9a11425"
content-type: application/octet-stream
cache-control: public,max-age=86400
alt-svc: clear
X-Firefox-Spdy: h2

founeedapaidomainamenomainamengedinetworked.work.gd/recover

174.136.228.135

200 OK

0 B

URL User Request GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/recover
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /recover HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 01 Jun 2023 01:25:08 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io; expires=Thu, 01-Jun-2023 03:25:08 GMT; Max-Age=7200; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: https://founeedapaidomainamenomainamengedinetworked.work.gd/

tracking-protection.cdn.mozilla.net/content-track-digest256/1683905755

34.120.158.37

15 kB

URL
tracking-protection.cdn.mozilla.net/content-track-digest256/1683905755
IP
34.120.158.37:0
ASN
#15169 GOOGLE

File type
data
Size
15 kB (15350 bytes)
Hash
adff9f8518019ddb5b72e09fa471bd56
2a5cf28dcda107605da2bb4f6e56a07e514a927f
900f414ea63bb7f4e5a33041d77112c309aa8dfebd93681895c596d948ed12bf

HTTP Headers

GET /content-track-digest256/1683905755 HTTP/1.1
Host: tracking-protection.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: i/Ud7V7OlbaJWvAmKuf4WUnvlgmFEyWVOVzuWRZyo2RndALHx9vllvVaThREUG8hBxWsasULpX8=
x-amz-request-id: GNCVBFDZWNYXVZYA
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
content-length: 15350
via: 1.1 google
date: Wed, 31 May 2023 15:37:05 GMT
age: 35283
last-modified: Fri, 12 May 2023 15:36:06 GMT
etag: "adff9f8518019ddb5b72e09fa471bd56"
content-type: application/octet-stream
cache-control: public,max-age=86400
alt-svc: clear
X-Firefox-Spdy: h2

tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1683905755

34.120.158.37

1.5 MB

URL
tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1683905755
IP
34.120.158.37:0
ASN
#15169 GOOGLE

File type
data
Size
1.5 MB (1476920 bytes)
Hash
501d3f65be5457b0986a2f0b880e88f2
0df631bbe10a12e255c8d323fed084f51ffb842d
e3acbced9ab46ff7a41311445b2bd1f6f70f8716d35131670528417d2c9a6627

HTTP Headers

GET /google-trackwhite-digest256/1683905755 HTTP/1.1
Host: tracking-protection.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: zeomrkpP6+0WsAVu50PLaOJHtcQ1wsSgOo0Md30u1LY226GMa4El5hnDcR74uRV2HFu/gjAUO9A=
x-amz-request-id: T70G5DF1P5EQD5ZA
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
via: 1.1 google
date: Wed, 31 May 2023 15:36:58 GMT
age: 35290
last-modified: Fri, 12 May 2023 15:36:17 GMT
etag: "501d3f65be5457b0986a2f0b880e88f2"
content-type: application/octet-stream
content-length: 1476920
cache-control: public,max-age=86400
alt-svc: clear
X-Firefox-Spdy: h2

tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1684337778

34.120.158.37

346 kB

URL
tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1684337778
IP
34.120.158.37:0
ASN
#15169 GOOGLE

File type
data
Size
346 kB (345943 bytes)
Hash
dc048d310df250632824a0ef784c0503
349ed5134df1bb49ba48bab8498c932655795279
a217142987da561fafd04a5f77dcab5860687e0089002eec43cd8bd619b9870a

HTTP Headers

GET /mozstd-trackwhite-digest256/1684337778 HTTP/1.1
Host: tracking-protection.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: k893AxateR7sUqZdt0QLyIIEt3QfpoRUhDChE8JXypuA+cSIDO+XpD4N5OJ/pL6dDlpnWvE6dHE=
x-amz-request-id: Z62MZJB5T8XGJ490
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
content-length: 345943
via: 1.1 google
date: Wed, 31 May 2023 15:37:06 GMT
age: 35282
last-modified: Wed, 17 May 2023 15:36:35 GMT
etag: "dc048d310df250632824a0ef784c0503"
content-type: application/octet-stream
cache-control: public,max-age=86400
alt-svc: clear
X-Firefox-Spdy: h2

founeedapaidomainamenomainamengedinetworked.work.gd/

174.136.228.135

0 B

URL
founeedapaidomainamenomainamengedinetworked.work.gd/
IP
174.136.228.135:0
ASN
#396362 LEASEWEB-USA-NYC

Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET / HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 01 Jun 2023 01:25:08 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: https://founeedapaidomainamenomainamengedinetworked.work.gd/authen

founeedapaidomainamenomainamengedinetworked.work.gd/authen

174.136.228.135

5.8 kB

URL
founeedapaidomainamenomainamengedinetworked.work.gd/authen
IP
174.136.228.135:0
ASN
#396362 LEASEWEB-USA-NYC

Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (523)
Size
5.8 kB (5824 bytes)
Hash
37638df65df379f1822fa3f31e66cfe3
6138dfb376f559d83ac0f71056321b71d33fe121
4d3986504c99ca52a86aa714cf01eb0013b5e5c8eaaa0ef14d9233c472ae8fb3

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /authen HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:08 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 5824
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
582908ff8bc13bc9b5422491129d8b0e
8deb8d1987e09761ca90108160cc262f1ee8dffa
daa1cabdc684ac8d98c86cd6aa983b52bb982052a8a7b6632f565a606c85a8b2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Jun 2023 01:25:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

founeedapaidomainamenomainamengedinetworked.work.gd/meta/normalize.css

174.136.228.135

200 OK

2.7 kB

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/normalize.css
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
ASCII text
Size
2.7 kB (2659 bytes)
Hash
4951cc88307c632cf285d3ba988ab283
031d58bc40b4242b27d8171a01bb0ecb5f9d22d7
5c4a6fe64efc5d07833c35af9630d0f9b3d4d09a63f9358e441374e9102c9e81

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/normalize.css HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/authen
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:09 GMT
Content-Type: text/css
Last-Modified: Sun, 28 May 2023 22:06:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6473d05a-1e5c"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
582908ff8bc13bc9b5422491129d8b0e
8deb8d1987e09761ca90108160cc262f1ee8dffa
daa1cabdc684ac8d98c86cd6aa983b52bb982052a8a7b6632f565a606c85a8b2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Jun 2023 01:25:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

founeedapaidomainamenomainamengedinetworked.work.gd/meta/webflow.css

174.136.228.135

200 OK

9.3 kB

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/webflow.css
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
Unicode text, UTF-8 text, with very long lines (2587)
Size
9.3 kB (9290 bytes)
Hash
13fc860cb6eddbf469d986e1a6b6480b
6bb85ecdc704734f59d4984d202f75b02048a58d
ba6716203b5a6f128eab828aef79dcdfeab87ec1ee605392e4a9d6955de30842

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/webflow.css HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/authen
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:09 GMT
Content-Type: text/css
Last-Modified: Sun, 28 May 2023 22:06:30 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6473d066-98c5"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

founeedapaidomainamenomainamengedinetworked.work.gd/meta/plx.chock.js

174.136.228.135

200 OK

311 B

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/plx.chock.js
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
ASCII text
Size
311 B (311 bytes)
Hash
5acfeead7d13511cdef767305b87e3f8
ec5337e62f1e64d3aaba3bf41a41b5f876964922
b9417c5359a2259bb564852a1ebd2b743b79ac06efdee42dc53456f8445ad246

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/plx.chock.js HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/authen
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:09 GMT
Content-Type: application/javascript
Last-Modified: Sun, 28 May 2023 22:06:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6473d05b-d41"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

founeedapaidomainamenomainamengedinetworked.work.gd/meta/css.html

174.136.228.135

200 OK

684 B

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/css.html
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
ASCII text
Size
684 B (684 bytes)
Hash
147429fb2ddc3861e2ae0f473f17d78e
f2bdce63e15b9f3b90c8c3b153deb75b28eb69e3
25d501d70fcb9835f935fd47e045502700dc5f862cd7e763a49bbc7316396f2a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/css.html HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/authen
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:09 GMT
Content-Type: text/html
Content-Length: 684
Last-Modified: Sun, 28 May 2023 22:06:04 GMT
Connection: keep-alive
ETag: "6473d04c-2ac"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

founeedapaidomainamenomainamengedinetworked.work.gd/meta/metamask-staging-2.webflow.css

174.136.228.135

200 OK

18 kB

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/metamask-staging-2.webflow.css
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
ASCII text
Size
18 kB (17621 bytes)
Hash
d4ede0f1d47b3b9aac92ea8a29c2ec85
135c44809f03ce1360c7e74da033e4b4f5cfb87c
98489ee303fa850e7c3185248b30d64dfb6c7c55aa8726a98efb037525988e5a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/metamask-staging-2.webflow.css HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/authen
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:09 GMT
Content-Type: text/css
Last-Modified: Sun, 28 May 2023 22:06:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6473d058-22adb"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

founeedapaidomainamenomainamengedinetworked.work.gd/meta/enterprise.js.download

174.136.228.135

200 OK

614 B

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/enterprise.js.download
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
ASCII text, with very long lines (1008), with no line terminators
Size
614 B (614 bytes)
Hash
d07e7630bc23cbdd7520d0a4f086c922
b50685923a96d55109959fdf21f369d902971b2a
15c0f679abecff8fba48dbe673343f3e0f2a07c439d3f631722fccd2af2e1df2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/enterprise.js.download HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/authen
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:09 GMT
Content-Type: application/javascript
Content-Length: 614
Connection: keep-alive
Last-Modified: Sun, 28 May 2023 22:06:05 GMT
ETag: "3f0-5fcc82d350391-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

founeedapaidomainamenomainamengedinetworked.work.gd/meta/webfont.js.download

174.136.228.135

200 OK

5.4 kB

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/webfont.js.download
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
ASCII text, with very long lines (2134)
Size
5.4 kB (5415 bytes)
Hash
7c96a5f11d9741541d5e3c42ff6380d7
d3fa2564c021cf730e58ffddb138cf6b57ed126e
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/webfont.js.download HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/authen
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:09 GMT
Content-Type: application/javascript
Content-Length: 5415
Connection: keep-alive
Last-Modified: Sun, 28 May 2023 22:06:32 GMT
ETag: "3384-5fcc82ed0b2bc-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

founeedapaidomainamenomainamengedinetworked.work.gd/meta/js

174.136.228.135

200 OK

35 kB

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/js
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
ASCII text, with very long lines (1815)
Size
35 kB (35327 bytes)
Hash
fb2ab9b8632250b0d7aa50c08150cfe1
73b3f266ac08c9fb07e1de1664fed384ccd5bc86
5d419e0ff614b331e4f8fed2ba7c1380b1f5983f98d820a6a0f7040b55f60b5b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/js HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/authen
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:09 GMT
Content-Length: 35327
Connection: keep-alive
Last-Modified: Sun, 28 May 2023 22:06:14 GMT
ETag: "168a5-5fcc82db7ef5d-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

founeedapaidomainamenomainamengedinetworked.work.gd/meta/css.html

174.136.228.135

200 OK

684 B

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/css.html
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
ASCII text
Size
684 B (684 bytes)
Hash
147429fb2ddc3861e2ae0f473f17d78e
f2bdce63e15b9f3b90c8c3b153deb75b28eb69e3
25d501d70fcb9835f935fd47e045502700dc5f862cd7e763a49bbc7316396f2a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/css.html HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/authen
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:09 GMT
Content-Type: text/html
Content-Length: 684
Last-Modified: Sun, 28 May 2023 22:06:04 GMT
Connection: keep-alive
ETag: "6473d04c-2ac"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

founeedapaidomainamenomainamengedinetworked.work.gd/meta/storage.secure.min.js.download

174.136.228.135

200 OK

13 kB

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/storage.secure.min.js.download
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
ASCII text, with very long lines (38562), with no line terminators
Size
13 kB (13194 bytes)
Hash
3386ec5559f1ba569cf0ab6acab436cc
e98e11d37c5172ee128a85f68447efb3cb0e853c
996ab3c1e26cb00ec7d3d29650e784755ba46f33613563b7173b0dab03fa3d73

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/storage.secure.min.js.download HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/authen
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:09 GMT
Content-Type: application/javascript
Content-Length: 13194
Connection: keep-alive
Last-Modified: Sun, 28 May 2023 22:06:24 GMT
ETag: "96a2-5fcc82e546e12-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
fd0c5fcd552e140b1496b4697b18a3a4
264e38a9d130f40f54539a52cba317d16aea03ef
a7ed4a9f0a8b37cf7bcf3a12317f70c607fa56aac6a980a6fda121b2c30d5151

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Jun 2023 01:25:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/changaone/v18/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2

216.58.207.227

200 OK

8.4 kB

URL GET HTTP/2
fonts.gstatic.com/s/changaone/v18/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT

File type
Web Open Font Format (Version 2), TrueType, length 8404, version 1.0\012- data
Size
8.4 kB (8404 bytes)
Hash
141119ae119bf7ca75e10ef82f66e442
adebf435aa078db3c116cb9faae15f2ad81d3ac5
c6afeb967afd466210e4061473c4855684e84b7e850b248c0533e6288acfbaff

HTTP Headers

GET /s/changaone/v18/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://founeedapaidomainamenomainamengedinetworked.work.gd
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 8404
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 May 2023 07:46:50 GMT
expires: Fri, 24 May 2024 07:46:50 GMT
cache-control: public, max-age=31536000
age: 581899
last-modified: Thu, 21 Apr 2022 17:15:41 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/changaone/v18/xfu00W3wXn3QLUJXhzq42AHiuQ.woff2

216.58.207.227

200 OK

7.9 kB

URL GET HTTP/2
fonts.gstatic.com/s/changaone/v18/xfu00W3wXn3QLUJXhzq42AHiuQ.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7900, version 1.0\012- data
Size
7.9 kB (7900 bytes)
Hash
61e86e7a20ecf3ba181ca4b9a9a1cdbd
482a65cffc69109af26669d64accbef71db3b836
fbd0536d5b92c0dbe6ad2637800ae8da10c20755b564a3575bd12bba57f73b18

HTTP Headers

GET /s/changaone/v18/xfu00W3wXn3QLUJXhzq42AHiuQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://founeedapaidomainamenomainamengedinetworked.work.gd
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7900
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 May 2023 06:19:20 GMT
expires: Fri, 24 May 2024 06:19:20 GMT
cache-control: public, max-age=31536000
age: 587149
last-modified: Thu, 21 Apr 2022 17:15:19 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
fd0c5fcd552e140b1496b4697b18a3a4
264e38a9d130f40f54539a52cba317d16aea03ef
a7ed4a9f0a8b37cf7bcf3a12317f70c607fa56aac6a980a6fda121b2c30d5151

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Jun 2023 01:25:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

founeedapaidomainamenomainamengedinetworked.work.gd/meta/jquery-3.5.1.min.dc5e7f18c8.js.download

174.136.228.135

200 OK

31 kB

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/jquery-3.5.1.min.dc5e7f18c8.js.download
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
ASCII text, with very long lines (65451)
Size
31 kB (30910 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/jquery-3.5.1.min.dc5e7f18c8.js.download HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/authen
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:09 GMT
Content-Type: application/javascript
Content-Length: 30910
Connection: keep-alive
Last-Modified: Sun, 28 May 2023 22:06:13 GMT
ETag: "15d84-5fcc82da522d7-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

founeedapaidomainamenomainamengedinetworked.work.gd/meta/jsonp

174.136.228.135

200 OK

87 kB

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/jsonp
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
87 kB (87424 bytes)
Hash
7efac8c0fa8e30db7a423500ef59abab
be73717f776f24dd31498c27a1b02b784570d5bb
102411780270584690575675e14e574ef8a16cf6fdd5700d5682e68a8d2cc00d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/jsonp HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/authen
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:09 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 28 May 2023 22:06:15 GMT
ETag: "43f6e-5fcc82dcba644-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
fd0c5fcd552e140b1496b4697b18a3a4
264e38a9d130f40f54539a52cba317d16aea03ef
a7ed4a9f0a8b37cf7bcf3a12317f70c607fa56aac6a980a6fda121b2c30d5151

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Jun 2023 01:25:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

founeedapaidomainamenomainamengedinetworked.work.gd/meta/webflow.js.download

174.136.228.135

200 OK

147 kB

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/webflow.js.download
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
Unicode text, UTF-8 text, with very long lines (50020)
Size
147 kB (147184 bytes)
Hash
9758f7e3aa0c79ea7a3cadb16d10087b
07f3c4e552e28eba6172f53d6dcf981a55f42031
0bb0c326dfc33136ad88e7454f06d22398a75f57f5eef79a30b218c171136f0d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/webflow.js.download HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/authen
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 28 May 2023 22:06:33 GMT
ETag: "92c10-5fcc82ee36003-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

founeedapaidomainamenomainamengedinetworked.work.gd/meta/wpp.gif

174.136.228.135

3.9 kB

URL
founeedapaidomainamenomainamengedinetworked.work.gd/meta/wpp.gif
IP
174.136.228.135:0
ASN
#396362 LEASEWEB-USA-NYC

Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
GIF image data, version 87a, 470 x 40\012- data
Size
3.9 kB (3877 bytes)
Hash
941648b845842a709da73e24652cf8a4
099e5f97e602d026c51537c9b45328dc99261d7c
2a7344e607a878f0acac7f5c9c3a65fc8a4423f00e21d3fb7a814cae051631d9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/wpp.gif HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/authen
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:09 GMT
Content-Type: image/gif
Content-Length: 3877
Last-Modified: Sun, 28 May 2023 22:06:33 GMT
Connection: keep-alive
ETag: "6473d069-f25"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

founeedapaidomainamenomainamengedinetworked.work.gd/meta/mm-logo.svg

174.136.228.135

200 OK

3.4 kB

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/mm-logo.svg
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1001)
Size
3.4 kB (3369 bytes)
Hash
51bcea2625eb2c6e9268a7377a792c86
5eeb306e6584eed1747c36c11724f193711d430e
5e722754f038988ba4b6d7f380d60191eba3b6e01d4a00749a28b79c53521f5b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/mm-logo.svg HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/authen
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:09 GMT
Content-Type: image/svg+xml
Last-Modified: Sun, 28 May 2023 22:06:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6473d05a-2ef3"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

founeedapaidomainamenomainamengedinetworked.work.gd/meta/EuclidCircularB-Regular-WebXL.woff2

174.136.228.135

200 OK

45 kB

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/EuclidCircularB-Regular-WebXL.woff2
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
Web Open Font Format (Version 2), TrueType, length 45196, version 3.66\012- data
Size
45 kB (45196 bytes)
Hash
2d75957df3bb3aa6ed84f6591b0d5a1a
906424e75625f63b0188471067065794d0348536
8ff3b303322168b49a14878f195dbaf76d9da16e35094d1f83fa23245450155b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/EuclidCircularB-Regular-WebXL.woff2 HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/meta/metamask-staging-2.webflow.css
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:10 GMT
Content-Length: 45196
Connection: keep-alive
Last-Modified: Sun, 28 May 2023 22:06:09 GMT
ETag: "b08c-5fcc82d6dc6e4"
Accept-Ranges: bytes
Vary: Accept-Encoding

founeedapaidomainamenomainamengedinetworked.work.gd/meta/bframe.html

174.136.228.135

200 OK

4.1 kB

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/bframe.html
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3186)
Size
4.1 kB (4069 bytes)
Hash
ab544024d3cf8ee17b4995a04711bc92
da849c1c8b08864d499153a059e5d429b8df19ce
b9d7893f4e6f83b6dca5ec8e27e47e382f4ace81907591ab102345bef9d3bb5f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/bframe.html HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/authen
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:10 GMT
Content-Type: text/html
Last-Modified: Sun, 28 May 2023 22:06:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6473d04a-2e07"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

founeedapaidomainamenomainamengedinetworked.work.gd/meta/EuclidCircularB-Bold-WebXL.woff2

174.136.228.135

200 OK

44 kB

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/EuclidCircularB-Bold-WebXL.woff2
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
Web Open Font Format (Version 2), TrueType, length 44544, version 3.66\012- data
Size
44 kB (44544 bytes)
Hash
9024d0bf73943172297c4628d0054e20
36c3795e7b297d06589e15ef59592683d9ed0974
88fad87880ae6bb0d733c967419d5f0d68da547a88ad67e7af41f18dae2e20df

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/EuclidCircularB-Bold-WebXL.woff2 HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/meta/metamask-staging-2.webflow.css
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:10 GMT
Content-Length: 44544
Connection: keep-alive
Last-Modified: Sun, 28 May 2023 22:06:07 GMT
ETag: "ae00-5fcc82d56667c"
Accept-Ranges: bytes
Vary: Accept-Encoding

founeedapaidomainamenomainamengedinetworked.work.gd/meta/hero2.4.png

174.136.228.135

590 kB

URL
founeedapaidomainamenomainamengedinetworked.work.gd/meta/hero2.4.png
IP
174.136.228.135:0
ASN
#396362 LEASEWEB-USA-NYC

Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
PNG image data, 1752 x 1452, 8-bit/color RGBA, non-interlaced\012- data
Size
590 kB (589568 bytes)
Hash
d0ec70f4c666fbf6ad0d30a52d08c5c9
e48f0688bc4f592824840478d12c05df0dd12002
3f4bfc7c6cc471e9d95936dc109852c4f6a4bf1163b63eeabfe840565d5ad8d1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/hero2.4.png HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/meta/metamask-staging-2.webflow.css
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:10 GMT
Content-Type: image/png
Content-Length: 589568
Last-Modified: Sun, 28 May 2023 22:06:10 GMT
Connection: keep-alive
ETag: "6473d052-8ff00"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

founeedapaidomainamenomainamengedinetworked.work.gd/meta/styles__ltr.css

174.136.228.135

200 OK

24 kB

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/styles__ltr.css
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/meta/bframe.html
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
ASCII text, with very long lines (52368), with no line terminators
Size
24 kB (24092 bytes)
Hash
97c3d49b83dc004fcda822b1853b787b
a82fcfbd6b1cf4dd00f4a63d47b9119a69b40147
509bf9e83d3ca5add614196c02c8e0ce59731d3d1a10552c944b74d86019d866

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/styles__ltr.css HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/meta/bframe.html
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:10 GMT
Content-Type: text/css
Last-Modified: Sun, 28 May 2023 22:06:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6473d062-cc90"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

fonts.googleapis.com/icon?family=Material+Icons

142.250.74.106

200 OK

897 B

URL GET HTTP/3
fonts.googleapis.com/icon?family=Material+Icons
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint5F:AC:74:E6:97:66:CD:D0:F1:EA:0D:01:37:89:65:2E:98:22:84:6C
ValidityMon, 08 May 2023 08:24:50 GMT - Mon, 31 Jul 2023 08:24:49 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
897 B (897 bytes)
Hash
ebebecd890788101998fbfd81718d353
987ba7d3dd33a8283a93495edd3d2407ea140356
0d62a7f121b833b78ef6282cff6646d618fa037c77f016c89dd26fcb60897964

HTTP Headers

GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 01 Jun 2023 01:25:09 GMT
date: Thu, 01 Jun 2023 01:25:09 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

founeedapaidomainamenomainamengedinetworked.work.gd/metamask.io/images/webclip.png

174.136.228.135

557 B

URL
founeedapaidomainamenomainamengedinetworked.work.gd/metamask.io/images/webclip.png
IP
174.136.228.135:0
ASN
#396362 LEASEWEB-USA-NYC

Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
557 B (557 bytes)
Hash
fc10f358967a59750ef6fd9a698e2d60
3fc472d167c41a4193625aff84ee6e599b302002
16ce845440c38f491f80553aee7a8144dcc0a82c46258deaffdd10a0fa3d2db2

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /metamask.io/images/webclip.png HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/authen
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 01 Jun 2023 01:25:10 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 557
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

founeedapaidomainamenomainamengedinetworked.work.gd/meta/recaptcha__nl.js.download

174.136.228.135

200 OK

138 kB

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/recaptcha__nl.js.download
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/meta/bframe.html
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
ASCII text, with very long lines (820)
Size
138 kB (137504 bytes)
Hash
e735084e8ffed1ad8d89df08d98d4d23
6cdab8dac12030c8bc980ec129affecc626285c3
6cde5be2d724e53c8c4a97041365d3075e3af63ec08e1712b2f831b6e2bd357b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/recaptcha__nl.js.download HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/meta/bframe.html
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:10 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 28 May 2023 22:06:22 GMT
ETag: "56577-5fcc82e2e7745-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

www.gstatic.com/recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js

142.250.74.35

404 Not Found

1.6 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1621 bytes)
Hash
c90524d6a02b27addb56c350fe6fbb2d
d713d1b53323c0169ffe0649be8c9d04a189f999
4aefd395113d052a874ac1919aed0e288835e0377683f1e71e98838d16c986e0

HTTP Headers

GET /recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://founeedapaidomainamenomainamengedinetworked.work.gd
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Thu, 01 Jun 2023 01:25:10 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1621
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/api2/info_2x.png

142.250.74.35

200 OK

665 B

URL GET HTTP/3
www.gstatic.com/recaptcha/api2/info_2x.png
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/meta/bframe.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT

File type
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Size
665 B (665 bytes)
Hash
07bf314aab04047b9e9a959ee6f63da3
17bef6602672e2fd9956381e01356245144003e5
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee

HTTP Headers

GET /recaptcha/api2/info_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 665
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Jun 2023 00:56:35 GMT
expires: Thu, 08 Jun 2023 00:56:35 GMT
cache-control: public, max-age=604800
age: 1715
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/api2/audio_2x.png

142.250.74.35

530 B

URL
www.gstatic.com/recaptcha/api2/audio_2x.png
IP
142.250.74.35:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT

File type
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Size
530 B (530 bytes)
Hash
88e0f42c9fa4f94aa8bcd54d1685c180
5ad9d47a49b82718baa3be88550a0b3350270c42
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992

HTTP Headers

GET /recaptcha/api2/audio_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 530
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 30 May 2023 16:14:42 GMT
expires: Tue, 06 Jun 2023 16:14:42 GMT
cache-control: public, max-age=604800
age: 119428
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/api2/refresh_2x.png

142.250.74.35

600 B

URL
www.gstatic.com/recaptcha/api2/refresh_2x.png
IP
142.250.74.35:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT

File type
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Size
600 B (600 bytes)
Hash
0f2a4639b8a4cb30c76e8333c00d30a6
57e273a270bb864970d747c74b3f0a7c8e515b13
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98

HTTP Headers

GET /recaptcha/api2/refresh_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 May 2023 20:49:22 GMT
expires: Wed, 07 Jun 2023 20:49:22 GMT
cache-control: public, max-age=604800
age: 16548
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

founeedapaidomainamenomainamengedinetworked.work.gd/recover

174.136.228.135

200 OK

5.7 kB

URL User Request GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/recover
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (471)
Size
5.7 kB (5700 bytes)
Hash
d34161e20a0c54ea8a64ca035542edd4
3ac3a1f7c84ea61e4b948494e0d17dbec14689b3
0d067464a6eb48590e843d075b188b0557ac79a1709bf7cd920fccca0dca2e6f

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /recover HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:20 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 5700
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip

founeedapaidomainamenomainamengedinetworked.work.gd/meta/normalize.css

174.136.228.135

200 OK

2.7 kB

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/normalize.css
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
ASCII text
Size
2.7 kB (2659 bytes)
Hash
4951cc88307c632cf285d3ba988ab283
031d58bc40b4242b27d8171a01bb0ecb5f9d22d7
5c4a6fe64efc5d07833c35af9630d0f9b3d4d09a63f9358e441374e9102c9e81

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/normalize.css HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:20 GMT
Content-Type: text/css
Last-Modified: Sun, 28 May 2023 22:06:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6473d05a-1e5c"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

founeedapaidomainamenomainamengedinetworked.work.gd/meta/webflow.css

174.136.228.135

200 OK

9.3 kB

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/webflow.css
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
Unicode text, UTF-8 text, with very long lines (2587)
Size
9.3 kB (9290 bytes)
Hash
13fc860cb6eddbf469d986e1a6b6480b
6bb85ecdc704734f59d4984d202f75b02048a58d
ba6716203b5a6f128eab828aef79dcdfeab87ec1ee605392e4a9d6955de30842

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/webflow.css HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:20 GMT
Content-Type: text/css
Last-Modified: Sun, 28 May 2023 22:06:30 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6473d066-98c5"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

founeedapaidomainamenomainamengedinetworked.work.gd/meta/plx.chock.js

174.136.228.135

200 OK

311 B

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/plx.chock.js
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
ASCII text
Size
311 B (311 bytes)
Hash
5acfeead7d13511cdef767305b87e3f8
ec5337e62f1e64d3aaba3bf41a41b5f876964922
b9417c5359a2259bb564852a1ebd2b743b79ac06efdee42dc53456f8445ad246

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/plx.chock.js HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:20 GMT
Content-Type: application/javascript
Last-Modified: Sun, 28 May 2023 22:06:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6473d05b-d41"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

founeedapaidomainamenomainamengedinetworked.work.gd/meta/css.html

174.136.228.135

200 OK

684 B

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/css.html
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
ASCII text
Size
684 B (684 bytes)
Hash
147429fb2ddc3861e2ae0f473f17d78e
f2bdce63e15b9f3b90c8c3b153deb75b28eb69e3
25d501d70fcb9835f935fd47e045502700dc5f862cd7e763a49bbc7316396f2a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/css.html HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:20 GMT
Content-Type: text/html
Content-Length: 684
Last-Modified: Sun, 28 May 2023 22:06:04 GMT
Connection: keep-alive
ETag: "6473d04c-2ac"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

founeedapaidomainamenomainamengedinetworked.work.gd/meta/webfont.js.download

174.136.228.135

200 OK

5.4 kB

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/webfont.js.download
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
ASCII text, with very long lines (2134)
Size
5.4 kB (5415 bytes)
Hash
7c96a5f11d9741541d5e3c42ff6380d7
d3fa2564c021cf730e58ffddb138cf6b57ed126e
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/webfont.js.download HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:21 GMT
Content-Type: application/javascript
Content-Length: 5415
Connection: keep-alive
Last-Modified: Sun, 28 May 2023 22:06:32 GMT
ETag: "3384-5fcc82ed0b2bc-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

founeedapaidomainamenomainamengedinetworked.work.gd/meta/metamask-staging-2.webflow.css

174.136.228.135

200 OK

18 kB

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/metamask-staging-2.webflow.css
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
ASCII text
Size
18 kB (17621 bytes)
Hash
d4ede0f1d47b3b9aac92ea8a29c2ec85
135c44809f03ce1360c7e74da033e4b4f5cfb87c
98489ee303fa850e7c3185248b30d64dfb6c7c55aa8726a98efb037525988e5a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/metamask-staging-2.webflow.css HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:20 GMT
Content-Type: text/css
Last-Modified: Sun, 28 May 2023 22:06:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6473d058-22adb"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

founeedapaidomainamenomainamengedinetworked.work.gd/meta/enterprise.js.download

174.136.228.135

200 OK

614 B

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/enterprise.js.download
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
ASCII text, with very long lines (1008), with no line terminators
Size
614 B (614 bytes)
Hash
d07e7630bc23cbdd7520d0a4f086c922
b50685923a96d55109959fdf21f369d902971b2a
15c0f679abecff8fba48dbe673343f3e0f2a07c439d3f631722fccd2af2e1df2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/enterprise.js.download HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:21 GMT
Content-Type: application/javascript
Content-Length: 614
Connection: keep-alive
Last-Modified: Sun, 28 May 2023 22:06:05 GMT
ETag: "3f0-5fcc82d350391-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

founeedapaidomainamenomainamengedinetworked.work.gd/meta/storage.secure.min.js.download

174.136.228.135

200 OK

13 kB

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/storage.secure.min.js.download
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
ASCII text, with very long lines (38562), with no line terminators
Size
13 kB (13194 bytes)
Hash
3386ec5559f1ba569cf0ab6acab436cc
e98e11d37c5172ee128a85f68447efb3cb0e853c
996ab3c1e26cb00ec7d3d29650e784755ba46f33613563b7173b0dab03fa3d73

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/storage.secure.min.js.download HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:21 GMT
Content-Type: application/javascript
Content-Length: 13194
Connection: keep-alive
Last-Modified: Sun, 28 May 2023 22:06:24 GMT
ETag: "96a2-5fcc82e546e12-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

founeedapaidomainamenomainamengedinetworked.work.gd/meta/css.html

174.136.228.135

200 OK

684 B

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/css.html
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
ASCII text
Size
684 B (684 bytes)
Hash
147429fb2ddc3861e2ae0f473f17d78e
f2bdce63e15b9f3b90c8c3b153deb75b28eb69e3
25d501d70fcb9835f935fd47e045502700dc5f862cd7e763a49bbc7316396f2a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/css.html HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:21 GMT
Content-Type: text/html
Content-Length: 684
Last-Modified: Sun, 28 May 2023 22:06:04 GMT
Connection: keep-alive
ETag: "6473d04c-2ac"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

founeedapaidomainamenomainamengedinetworked.work.gd/meta/jquery-3.5.1.min.dc5e7f18c8.js.download

174.136.228.135

200 OK

31 kB

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/jquery-3.5.1.min.dc5e7f18c8.js.download
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
ASCII text, with very long lines (65451)
Size
31 kB (30910 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/jquery-3.5.1.min.dc5e7f18c8.js.download HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:21 GMT
Content-Type: application/javascript
Content-Length: 30910
Connection: keep-alive
Last-Modified: Sun, 28 May 2023 22:06:13 GMT
ETag: "15d84-5fcc82da522d7-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

fonts.gstatic.com/s/changaone/v18/xfu00W3wXn3QLUJXhzq42AHiuQ.woff2

216.58.207.227

200 OK

7.9 kB

URL GET HTTP/2
fonts.gstatic.com/s/changaone/v18/xfu00W3wXn3QLUJXhzq42AHiuQ.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7900, version 1.0\012- data
Size
7.9 kB (7900 bytes)
Hash
61e86e7a20ecf3ba181ca4b9a9a1cdbd
482a65cffc69109af26669d64accbef71db3b836
fbd0536d5b92c0dbe6ad2637800ae8da10c20755b564a3575bd12bba57f73b18

HTTP Headers

GET /s/changaone/v18/xfu00W3wXn3QLUJXhzq42AHiuQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://founeedapaidomainamenomainamengedinetworked.work.gd
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7900
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 May 2023 06:19:20 GMT
expires: Fri, 24 May 2024 06:19:20 GMT
cache-control: public, max-age=31536000
age: 587161
last-modified: Thu, 21 Apr 2022 17:15:19 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/changaone/v18/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2

216.58.207.227

200 OK

8.4 kB

URL GET HTTP/2
fonts.gstatic.com/s/changaone/v18/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT

File type
Web Open Font Format (Version 2), TrueType, length 8404, version 1.0\012- data
Size
8.4 kB (8404 bytes)
Hash
141119ae119bf7ca75e10ef82f66e442
adebf435aa078db3c116cb9faae15f2ad81d3ac5
c6afeb967afd466210e4061473c4855684e84b7e850b248c0533e6288acfbaff

HTTP Headers

GET /s/changaone/v18/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://founeedapaidomainamenomainamengedinetworked.work.gd
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 8404
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 May 2023 07:46:50 GMT
expires: Fri, 24 May 2024 07:46:50 GMT
cache-control: public, max-age=31536000
age: 581911
last-modified: Thu, 21 Apr 2022 17:15:41 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

founeedapaidomainamenomainamengedinetworked.work.gd/meta/jsonp

174.136.228.135

200 OK

87 kB

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/jsonp
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
87 kB (87424 bytes)
Hash
7efac8c0fa8e30db7a423500ef59abab
be73717f776f24dd31498c27a1b02b784570d5bb
102411780270584690575675e14e574ef8a16cf6fdd5700d5682e68a8d2cc00d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/jsonp HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 28 May 2023 22:06:15 GMT
ETag: "43f6e-5fcc82dcba644-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

founeedapaidomainamenomainamengedinetworked.work.gd/meta/webflow.js.download

174.136.228.135

200 OK

147 kB

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/webflow.js.download
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
Unicode text, UTF-8 text, with very long lines (50020)
Size
147 kB (147184 bytes)
Hash
9758f7e3aa0c79ea7a3cadb16d10087b
07f3c4e552e28eba6172f53d6dcf981a55f42031
0bb0c326dfc33136ad88e7454f06d22398a75f57f5eef79a30b218c171136f0d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/webflow.js.download HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 28 May 2023 22:06:33 GMT
ETag: "92c10-5fcc82ee36003-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

fonts.gstatic.com/s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2

216.58.207.227

128 kB

URL GET
fonts.gstatic.com/s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT

File type
Web Open Font Format (Version 2), TrueType, length 128352, version 1.0\012- data
Size
128 kB (128352 bytes)
Hash
53436aca8627a49f4deaaa44dc9e3c05
0bc0c675480d94ec7e8609dda6227f88c5d08d2c
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

HTTP Headers

GET /s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://founeedapaidomainamenomainamengedinetworked.work.gd
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 128352
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 May 2023 00:16:42 GMT
expires: Thu, 30 May 2024 00:16:42 GMT
cache-control: public, max-age=31536000
age: 90519
last-modified: Tue, 07 Mar 2023 19:51:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

founeedapaidomainamenomainamengedinetworked.work.gd/meta/js

174.136.228.135

200 OK

35 kB

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/js
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
ASCII text, with very long lines (1815)
Size
35 kB (35327 bytes)
Hash
fb2ab9b8632250b0d7aa50c08150cfe1
73b3f266ac08c9fb07e1de1664fed384ccd5bc86
5d419e0ff614b331e4f8fed2ba7c1380b1f5983f98d820a6a0f7040b55f60b5b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/js HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:21 GMT
Content-Length: 35327
Connection: keep-alive
Last-Modified: Sun, 28 May 2023 22:06:14 GMT
ETag: "168a5-5fcc82db7ef5d-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

founeedapaidomainamenomainamengedinetworked.work.gd/meta/mm-logo.svg

174.136.228.135

200 OK

3.4 kB

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/mm-logo.svg
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1001)
Size
3.4 kB (3369 bytes)
Hash
51bcea2625eb2c6e9268a7377a792c86
5eeb306e6584eed1747c36c11724f193711d430e
5e722754f038988ba4b6d7f380d60191eba3b6e01d4a00749a28b79c53521f5b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/mm-logo.svg HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:21 GMT
Content-Type: image/svg+xml
Last-Modified: Sun, 28 May 2023 22:06:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6473d05a-2ef3"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

founeedapaidomainamenomainamengedinetworked.work.gd/meta/EuclidCircularB-Regular-WebXL.woff2

174.136.228.135

200 OK

45 kB

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/EuclidCircularB-Regular-WebXL.woff2
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
Web Open Font Format (Version 2), TrueType, length 45196, version 3.66\012- data
Size
45 kB (45196 bytes)
Hash
2d75957df3bb3aa6ed84f6591b0d5a1a
906424e75625f63b0188471067065794d0348536
8ff3b303322168b49a14878f195dbaf76d9da16e35094d1f83fa23245450155b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/EuclidCircularB-Regular-WebXL.woff2 HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/meta/metamask-staging-2.webflow.css
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:21 GMT
Content-Length: 45196
Connection: keep-alive
Last-Modified: Sun, 28 May 2023 22:06:09 GMT
ETag: "b08c-5fcc82d6dc6e4"
Accept-Ranges: bytes
Vary: Accept-Encoding

fonts.googleapis.com/css?family=Changa+One:400,400italic

142.250.74.106

200 OK

45 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Changa+One:400,400italic
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint5F:AC:74:E6:97:66:CD:D0:F1:EA:0D:01:37:89:65:2E:98:22:84:6C
ValidityMon, 08 May 2023 08:24:50 GMT - Mon, 31 Jul 2023 08:24:49 GMT

File type
gzip compressed data, max compression\012- data
Size
45 kB (44856 bytes)
Hash
e8ee7f57f0b43435ec9f63d8043acb5f
c2fed0a44af70be0262ed346c31f4786e61b8e60
647595d8fd0ebceb3517f4e8da635cb43a1ab954bb0f7e17e9438b18b9a71c63

HTTP Headers

GET /css?family=Changa+One:400,400italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 01 Jun 2023 01:25:20 GMT
date: Thu, 01 Jun 2023 01:25:20 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

founeedapaidomainamenomainamengedinetworked.work.gd/meta/bframe.html

174.136.228.135

200 OK

4.1 kB

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/bframe.html
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3186)
Size
4.1 kB (4069 bytes)
Hash
ab544024d3cf8ee17b4995a04711bc92
da849c1c8b08864d499153a059e5d429b8df19ce
b9d7893f4e6f83b6dca5ec8e27e47e382f4ace81907591ab102345bef9d3bb5f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/bframe.html HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:21 GMT
Content-Type: text/html
Last-Modified: Sun, 28 May 2023 22:06:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6473d04a-2e07"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

fonts.googleapis.com/css?family=Changa+One:400,400italic

142.250.74.106

200 OK

290 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Changa+One:400,400italic
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint5F:AC:74:E6:97:66:CD:D0:F1:EA:0D:01:37:89:65:2E:98:22:84:6C
ValidityMon, 08 May 2023 08:24:50 GMT - Mon, 31 Jul 2023 08:24:49 GMT

File type
gzip compressed data, max compression\012- data
Size
290 kB (289876 bytes)
Hash
40977e5cad27cdfa6be597279671338a
ce153a2e0e3a232fb6fc53097d55ba9a75a60b00
cf1a2d45290ddd90bc87db3e325f89175bb32a5a2a0752afc48dc1fe9d108c8e

HTTP Headers

GET /css?family=Changa+One:400,400italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 01 Jun 2023 01:25:09 GMT
date: Thu, 01 Jun 2023 01:25:09 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

founeedapaidomainamenomainamengedinetworked.work.gd/meta/styles__ltr.css

174.136.228.135

200 OK

24 kB

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/styles__ltr.css
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/meta/bframe.html
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
ASCII text, with very long lines (52368), with no line terminators
Size
24 kB (24092 bytes)
Hash
97c3d49b83dc004fcda822b1853b787b
a82fcfbd6b1cf4dd00f4a63d47b9119a69b40147
509bf9e83d3ca5add614196c02c8e0ce59731d3d1a10552c944b74d86019d866

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/styles__ltr.css HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/meta/bframe.html
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:21 GMT
Content-Type: text/css
Last-Modified: Sun, 28 May 2023 22:06:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6473d062-cc90"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

founeedapaidomainamenomainamengedinetworked.work.gd/metamask.io/images/webclip.png

174.136.228.135

557 B

URL
founeedapaidomainamenomainamengedinetworked.work.gd/metamask.io/images/webclip.png
IP
174.136.228.135:0
ASN
#396362 LEASEWEB-USA-NYC

Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
557 B (557 bytes)
Hash
fc10f358967a59750ef6fd9a698e2d60
3fc472d167c41a4193625aff84ee6e599b302002
16ce845440c38f491f80553aee7a8144dcc0a82c46258deaffdd10a0fa3d2db2

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /metamask.io/images/webclip.png HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 01 Jun 2023 01:25:21 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 557
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

founeedapaidomainamenomainamengedinetworked.work.gd/metamask.io/images/favicon.png

174.136.228.135

404 Not Found

557 B

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/metamask.io/images/favicon.png
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
557 B (557 bytes)
Hash
fc10f358967a59750ef6fd9a698e2d60
3fc472d167c41a4193625aff84ee6e599b302002
16ce845440c38f491f80553aee7a8144dcc0a82c46258deaffdd10a0fa3d2db2

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /metamask.io/images/favicon.png HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 01 Jun 2023 01:25:21 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 557
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

www.gstatic.com/recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js

142.250.74.35

404 Not Found

1.6 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1621 bytes)
Hash
c90524d6a02b27addb56c350fe6fbb2d
d713d1b53323c0169ffe0649be8c9d04a189f999
4aefd395113d052a874ac1919aed0e288835e0377683f1e71e98838d16c986e0

HTTP Headers

GET /recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://founeedapaidomainamenomainamengedinetworked.work.gd
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Thu, 01 Jun 2023 01:25:22 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1621
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

founeedapaidomainamenomainamengedinetworked.work.gd/meta/recaptcha__nl.js.download

174.136.228.135

200 OK

138 kB

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/recaptcha__nl.js.download
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/meta/bframe.html
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
ASCII text, with very long lines (820)
Size
138 kB (137504 bytes)
Hash
e735084e8ffed1ad8d89df08d98d4d23
6cdab8dac12030c8bc980ec129affecc626285c3
6cde5be2d724e53c8c4a97041365d3075e3af63ec08e1712b2f831b6e2bd357b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/recaptcha__nl.js.download HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/meta/bframe.html
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:22 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 28 May 2023 22:06:22 GMT
ETag: "56577-5fcc82e2e7745-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

www.gstatic.com/recaptcha/api2/refresh_2x.png

142.250.74.35

600 B

URL
www.gstatic.com/recaptcha/api2/refresh_2x.png
IP
142.250.74.35:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT

File type
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Size
600 B (600 bytes)
Hash
0f2a4639b8a4cb30c76e8333c00d30a6
57e273a270bb864970d747c74b3f0a7c8e515b13
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98

HTTP Headers

GET /recaptcha/api2/refresh_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 May 2023 20:49:22 GMT
expires: Wed, 07 Jun 2023 20:49:22 GMT
cache-control: public, max-age=604800
age: 16560
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/api2/info_2x.png

142.250.74.35

200 OK

665 B

URL GET HTTP/3
www.gstatic.com/recaptcha/api2/info_2x.png
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/meta/bframe.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT

File type
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Size
665 B (665 bytes)
Hash
07bf314aab04047b9e9a959ee6f63da3
17bef6602672e2fd9956381e01356245144003e5
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee

HTTP Headers

GET /recaptcha/api2/info_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 665
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Jun 2023 00:56:35 GMT
expires: Thu, 08 Jun 2023 00:56:35 GMT
cache-control: public, max-age=604800
age: 1727
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/api2/audio_2x.png

142.250.74.35

530 B

URL
www.gstatic.com/recaptcha/api2/audio_2x.png
IP
142.250.74.35:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT

File type
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Size
530 B (530 bytes)
Hash
88e0f42c9fa4f94aa8bcd54d1685c180
5ad9d47a49b82718baa3be88550a0b3350270c42
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992

HTTP Headers

GET /recaptcha/api2/audio_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 530
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 30 May 2023 16:14:42 GMT
expires: Tue, 06 Jun 2023 16:14:42 GMT
cache-control: public, max-age=604800
age: 119440
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js

142.250.74.35

404 Not Found

1.6 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1621 bytes)
Hash
c90524d6a02b27addb56c350fe6fbb2d
d713d1b53323c0169ffe0649be8c9d04a189f999
4aefd395113d052a874ac1919aed0e288835e0377683f1e71e98838d16c986e0

HTTP Headers

GET /recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://founeedapaidomainamenomainamengedinetworked.work.gd
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Thu, 01 Jun 2023 01:25:22 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1621
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

founeedapaidomainamenomainamengedinetworked.work.gd/meta/bframe.html

174.136.228.135

200 OK

4.1 kB

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/bframe.html
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3186)
Size
4.1 kB (4069 bytes)
Hash
ab544024d3cf8ee17b4995a04711bc92
da849c1c8b08864d499153a059e5d429b8df19ce
b9d7893f4e6f83b6dca5ec8e27e47e382f4ace81907591ab102345bef9d3bb5f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/bframe.html HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:23 GMT
Content-Type: text/html
Last-Modified: Sun, 28 May 2023 22:06:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6473d04a-2e07"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

founeedapaidomainamenomainamengedinetworked.work.gd/meta/Institutional-Illustration.png

174.136.228.135

200 OK

290 kB

URL GET HTTP/1.1
founeedapaidomainamenomainamengedinetworked.work.gd/meta/Institutional-Illustration.png
IP
174.136.228.135:443
ASN
#396362 LEASEWEB-USA-NYC

Requested by
https://founeedapaidomainamenomainamengedinetworked.work.gd/recover
Certificate
IssuerLet's Encrypt
Subjectfouneedapaidomainamenomainamengedinetworked.work.gd
Fingerprint89:DE:31:20:22:2D:FF:40:83:9C:1F:5D:B5:DA:F0:77:D9:E2:28:2C
ValiditySun, 28 May 2023 21:04:27 GMT - Sat, 26 Aug 2023 21:04:26 GMT

File type
PNG image data, 876 x 1040, 8-bit/color RGBA, non-interlaced\012- data
Size
290 kB (289564 bytes)
Hash
85607339bb7e3cc70e1b7568ed4d29b2
7c6301d70e1ab599857be6e9795b94418cef6079
5bdf1ea203497adb942fa639a322195c744910ae8980d625d986ddead1f8ed37

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Crypto/Wallet

HTTP Headers

GET /meta/Institutional-Illustration.png HTTP/1.1
Host: founeedapaidomainamenomainamengedinetworked.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://founeedapaidomainamenomainamengedinetworked.work.gd/meta/metamask-staging-2.webflow.css
Cookie: cazanova=kmrslmqf2g1475a0p3pdcs5df13on5io
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:25:21 GMT
Content-Type: image/png
Content-Length: 289564
Last-Modified: Sun, 28 May 2023 22:06:11 GMT
Connection: keep-alive
ETag: "6473d053-46b1c"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML