{"report_id":"ec6fbb08-2774-4632-a072-970374276343","version":6,"status":"done","tags":["google"],"date":"2026-03-22T12:53:27Z","url":{"schema":"http","addr":"account-recovery-process-google.com","fqdn":"account-recovery-process-google.com","domain":"account-recovery-process-google.com","tld":"com"},"ip":{"addr":"216.24.57.1","port":0,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"account-recovery-process-google.com/","fqdn":"account-recovery-process-google.com","domain":"account-recovery-process-google.com","tld":"com"},"title":"Sign in - Google Accounts","dom":{"size":275379,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (494)","md5":"ac895190aa260d2b0cfc8480946e18b6","sha1":"82a5b7fc4bc9a4a4e2bb0a2cbf501f31ec072560","sha256":"0ad79d3c99c4bfe446f043ce219287969658c3e43b05e9a85efd31672bc4bc87","sha512":"ddf7410fb8cc2cfb8425cdb7e36aa4e6fbad63baa1c054a19fc5b1205d3ca6ef2dde51b61e08610f5fc595165d553e2577d9dbad4a8129c96ff2b9247e38b726","ssdeep":"3072:TM1ro+4E/4t4z2yurKb3LjXoUfwvBU2/4t4z2yurKb3LjXoUfwvBUNY5SO7:TMBo+4w4BubnXoUIvr4BubnXoUIvsA7","tlshash":"30446bfa9e73106bac23317a12ebc608af78d543e519afa57ddc3105cf887e804a6745","dom_hash":"domhash2a5ab31e35753de72eeb47b812229c7f","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"account-recovery-process-google.com","fqdn":"account-recovery-process-google.com","domain":"account-recovery-process-google.com","tld":"com"},"ip":{"addr":"216.24.57.1","port":0,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-26T12:53:27Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-22","alert":"Phishing Block","trigger":"account-recovery-process-google.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Google","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Google phishing","tags":["google"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Google","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Google phishing","tags":["google"],"meta":null}]},"summary":[{"fqdn":"account-recovery-process-google.com","ip":{"addr":"216.24.57.1","port":443,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"domain_registered":"2026-03-21","domain_rank":0,"first_seen":"2026-03-22T12:53:28.074398Z","last_seen":"2026-03-22T12:53:28.074398Z","alert_count":95,"request_count":19,"received_data":294462,"sent_data":9702,"comment":"","tags":null,"fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Render","description":"Render is a cloud computing platform that provides a wide range of services, including web hosting, cloud computing, and application development. Render offers several hosting options, including static site hosting, web application hosting, and managed databases.","website":"https://render.com","common_platform_enumeration":"","icon":"Render.svg","categories":["PaaS"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Google","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Google phishing","tags":["google"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"account-recovery-process-google.com/","fqdn":"account-recovery-process-google.com","domain":"account-recovery-process-google.com","tld":"com"},"ip":{"addr":"216.24.57.1","port":443,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"7948d1f733da616af5bbdc72a9599e98","sha1":"48f044336caa3185230484a50547f5efee2eab95","sha256":"f3d1ec8985c8fc466cb11660249a97fcebfe595f958505d72c051680c05b9a3b","sha512":"0acb1685678c6b7b5e92652194a2ec3be1744f9df5919f6044b4b15c13503abd88f17564bc7016d8d332200eee4a10c77a637ccce350e75fa61d754c53ddae6d","ssdeep":"","tlshash":"8b51cc6a30b6583409fb75bb33abc388363100577c08ad4a3a6d5e440f20e95aab27d5","size":3103,"data":"","first_seen":"2026-03-22T12:53:32.11034Z","last_seen":"2026-04-10T02:27:17.155441Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"account-recovery-process-google.com/","fqdn":"account-recovery-process-google.com","domain":"account-recovery-process-google.com","tld":"com"},"ip":{"addr":"216.24.57.1","port":443,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"3764638033cb620332138d4dfea67389","sha1":"124b177ec914f8977a851f0c59397034c3b5f214","sha256":"9be423612353e91e8a5f0d52a60b27add5f1861f138bb8752fd94ef9c62dab81","sha512":"3a62b384076be21ce82cd4ac929aa90516149f04a6d349055d602fb99e0310730ccc9c986c1f8b0745dbb080e388d6a1ee76455f55f5b9903fc653b6ea89ef78","ssdeep":"","tlshash":"d97000000000300000000030000000000000000300000c00300c00000f003000c00000","size":25,"data":"","first_seen":"2025-05-31T14:42:33.292382Z","last_seen":"2026-04-10T02:27:17.156419Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"account-recovery-process-google.com/","fqdn":"account-recovery-process-google.com","domain":"account-recovery-process-google.com","tld":"com"},"ip":{"addr":"216.24.57.1","port":443,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"2ea0e8eb3c02fa4ed55c382efeda54d3","sha1":"b7c8b972dd587c1c000193151ce9746c263a6a8b","sha256":"88f94f2e7c5eb4639e786438abf460c0b4063720a3338d18405bda847aebdc73","sha512":"7ed06c164f780b61f83fdccaffd0e8653994f9d47d2f7693a500608b643828dc9c537e7360763cbdfae91cee3d9b5077a439b53153aa64ad606c91b150ad0758","ssdeep":"","tlshash":"ade07d8e95b44008575f90385d6f401f20234013355ece2cf60c7a102fc8f76d513bd9","size":336,"data":"","first_seen":"2025-07-10T20:53:26.373159Z","last_seen":"2026-04-10T02:27:17.157379Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"account-recovery-process-google.com/user/check-redirect","fqdn":"account-recovery-process-google.com","domain":"account-recovery-process-google.com","tld":"com"},"ip":{"addr":"216.24.57.1","port":443,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://account-recovery-process-google.com/","date":"2026-03-22T12:53:10.777Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"account-recovery-process-google.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 21 Mar 2026 22:32:25 GMT","end":"Fri, 19 Jun 2026 23:32:17 GMT"},"fingerprint":{"sha1":"66:E2:84:94:FE:21:17:C7:50:C8:4B:A4:1C:2D:E8:87:5D:FF:51:A5","sha256":"A0:7A:FA:49:39:EA:A1:EC:A0:D0:12:8C:88:90:00:CF:28:D3:A1:20:30:2F:A4:A8:69:88:31:8A:A1:CC:6E:C9"}}},"request":{"raw":"GET /user/check-redirect HTTP/1.1\r\nHost: account-recovery-process-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: connect.sid=s%3AO84kmkkGhXzLtaeuAQWm_0EjCo3MKqCH.RZzGyf0x7hT%2FtfdA1ui9y1kTDBu5brQddg%2BtLNQWuwY\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 22 Mar 2026 12:53:11 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 23\r\ncf-ray: 9e0556765e6e4e4c-OSL\r\ncontent-encoding: br\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\netag: W/\"13-8e0pd64kmIH2EuiauLUIHHWiPjI\"\r\nrndr-id: 24d35d3b-599b-465d\r\nvary: Accept-Encoding\r\nx-powered-by: Express\r\nx-render-origin-server: Render\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Render","description":"Render is a cloud computing platform that provides a wide range of services, including web hosting, cloud computing, and application development. Render offers several hosting options, including static site hosting, web application hosting, and managed databases.","website":"https://render.com","common_platform_enumeration":"","icon":"Render.svg","categories":["PaaS"]}],"data":{"size":19,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"531aa36335921ee8f38a1029a8ea2a8e","sha1":"f1ed2977ae249881f612e89ab8b5081c75a23e32","sha256":"db6b410bd7af84f81376b32b99e27a40bd403c8a839efeead05ffbb6a1a65607","sha512":"47573ade4a4eb56c0e3fe39354647525c5676c8648c02f47635cfed3bf97084d8afb6fa963f84c1f3f28a4e0d6c9a6832fcaa9566927ed96ae06ac6c281e658e","ssdeep":"","tlshash":"db70000020ab2000208fa0c8000a880002020800200c0a28c00822280a082020008082","first_seen":"2024-07-09T18:14:15Z","last_seen":"2026-04-10T02:27:17.15192Z","times_seen":52,"resource_available":false,"data":null}},"time_used":267,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":267,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-22","alert":"Phishing Block","trigger":"account-recovery-process-google.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Google","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Google phishing","tags":["google"],"meta":null}]}},{"url":{"schema":"https","addr":"account-recovery-process-google.com/user/check-redirect","fqdn":"account-recovery-process-google.com","domain":"account-recovery-process-google.com","tld":"com"},"ip":{"addr":"216.24.57.1","port":443,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://account-recovery-process-google.com/","date":"2026-03-22T12:53:12.778Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"account-recovery-process-google.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 21 Mar 2026 22:32:25 GMT","end":"Fri, 19 Jun 2026 23:32:17 GMT"},"fingerprint":{"sha1":"66:E2:84:94:FE:21:17:C7:50:C8:4B:A4:1C:2D:E8:87:5D:FF:51:A5","sha256":"A0:7A:FA:49:39:EA:A1:EC:A0:D0:12:8C:88:90:00:CF:28:D3:A1:20:30:2F:A4:A8:69:88:31:8A:A1:CC:6E:C9"}}},"request":{"raw":"GET /user/check-redirect HTTP/1.1\r\nHost: account-recovery-process-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: connect.sid=s%3AO84kmkkGhXzLtaeuAQWm_0EjCo3MKqCH.RZzGyf0x7hT%2FtfdA1ui9y1kTDBu5brQddg%2BtLNQWuwY\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 22 Mar 2026 12:53:12 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 23\r\ncf-ray: 9e055682ed764e4c-OSL\r\ncontent-encoding: br\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\netag: W/\"13-8e0pd64kmIH2EuiauLUIHHWiPjI\"\r\nrndr-id: f153323d-f3e1-41d8\r\nvary: Accept-Encoding\r\nx-powered-by: Express\r\nx-render-origin-server: Render\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Render","description":"Render is a cloud computing platform that provides a wide range of services, including web hosting, cloud computing, and application development. Render offers several hosting options, including static site hosting, web application hosting, and managed databases.","website":"https://render.com","common_platform_enumeration":"","icon":"Render.svg","categories":["PaaS"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"531aa36335921ee8f38a1029a8ea2a8e","sha1":"f1ed2977ae249881f612e89ab8b5081c75a23e32","sha256":"db6b410bd7af84f81376b32b99e27a40bd403c8a839efeead05ffbb6a1a65607","sha512":"47573ade4a4eb56c0e3fe39354647525c5676c8648c02f47635cfed3bf97084d8afb6fa963f84c1f3f28a4e0d6c9a6832fcaa9566927ed96ae06ac6c281e658e","ssdeep":"","tlshash":"db70000020ab2000208fa0c8000a880002020800200c0a28c00822280a082020008082","first_seen":"2024-07-09T18:14:15Z","last_seen":"2026-04-10T02:27:17.15192Z","times_seen":52,"resource_available":false,"data":null}},"time_used":205,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":203,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-22","alert":"Phishing Block","trigger":"account-recovery-process-google.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Google","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Google phishing","tags":["google"],"meta":null}]}},{"url":{"schema":"https","addr":"account-recovery-process-google.com/user/check-redirect","fqdn":"account-recovery-process-google.com","domain":"account-recovery-process-google.com","tld":"com"},"ip":{"addr":"216.24.57.1","port":443,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://account-recovery-process-google.com/","date":"2026-03-22T12:53:16.780Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"account-recovery-process-google.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 21 Mar 2026 22:32:25 GMT","end":"Fri, 19 Jun 2026 23:32:17 GMT"},"fingerprint":{"sha1":"66:E2:84:94:FE:21:17:C7:50:C8:4B:A4:1C:2D:E8:87:5D:FF:51:A5","sha256":"A0:7A:FA:49:39:EA:A1:EC:A0:D0:12:8C:88:90:00:CF:28:D3:A1:20:30:2F:A4:A8:69:88:31:8A:A1:CC:6E:C9"}}},"request":{"raw":"GET /user/check-redirect HTTP/1.1\r\nHost: account-recovery-process-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: connect.sid=s%3AO84kmkkGhXzLtaeuAQWm_0EjCo3MKqCH.RZzGyf0x7hT%2FtfdA1ui9y1kTDBu5brQddg%2BtLNQWuwY\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 22 Mar 2026 12:53:17 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 23\r\ncf-ray: 9e05569beb4e4e4c-OSL\r\ncontent-encoding: br\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\netag: W/\"13-8e0pd64kmIH2EuiauLUIHHWiPjI\"\r\nrndr-id: d2ccd5ac-7d43-4d86\r\nvary: Accept-Encoding\r\nx-powered-by: Express\r\nx-render-origin-server: Render\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Render","description":"Render is a cloud computing platform that provides a wide range of services, including web hosting, cloud computing, and application development. Render offers several hosting options, including static site hosting, web application hosting, and managed databases.","website":"https://render.com","common_platform_enumeration":"","icon":"Render.svg","categories":["PaaS"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"531aa36335921ee8f38a1029a8ea2a8e","sha1":"f1ed2977ae249881f612e89ab8b5081c75a23e32","sha256":"db6b410bd7af84f81376b32b99e27a40bd403c8a839efeead05ffbb6a1a65607","sha512":"47573ade4a4eb56c0e3fe39354647525c5676c8648c02f47635cfed3bf97084d8afb6fa963f84c1f3f28a4e0d6c9a6832fcaa9566927ed96ae06ac6c281e658e","ssdeep":"","tlshash":"db70000020ab2000208fa0c8000a880002020800200c0a28c00822280a082020008082","first_seen":"2024-07-09T18:14:15Z","last_seen":"2026-04-10T02:27:17.15192Z","times_seen":52,"resource_available":false,"data":null}},"time_used":228,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":228,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-22","alert":"Phishing Block","trigger":"account-recovery-process-google.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Google","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Google phishing","tags":["google"],"meta":null}]}},{"url":{"schema":"https","addr":"account-recovery-process-google.com/user/check-redirect","fqdn":"account-recovery-process-google.com","domain":"account-recovery-process-google.com","tld":"com"},"ip":{"addr":"216.24.57.1","port":443,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://account-recovery-process-google.com/","date":"2026-03-22T12:53:19.779Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"account-recovery-process-google.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 21 Mar 2026 22:32:25 GMT","end":"Fri, 19 Jun 2026 23:32:17 GMT"},"fingerprint":{"sha1":"66:E2:84:94:FE:21:17:C7:50:C8:4B:A4:1C:2D:E8:87:5D:FF:51:A5","sha256":"A0:7A:FA:49:39:EA:A1:EC:A0:D0:12:8C:88:90:00:CF:28:D3:A1:20:30:2F:A4:A8:69:88:31:8A:A1:CC:6E:C9"}}},"request":{"raw":"GET /user/check-redirect HTTP/1.1\r\nHost: account-recovery-process-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: connect.sid=s%3AO84kmkkGhXzLtaeuAQWm_0EjCo3MKqCH.RZzGyf0x7hT%2FtfdA1ui9y1kTDBu5brQddg%2BtLNQWuwY\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 22 Mar 2026 12:53:20 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 23\r\ncf-ray: 9e0556aea8894e4c-OSL\r\ncontent-encoding: br\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\netag: W/\"13-8e0pd64kmIH2EuiauLUIHHWiPjI\"\r\nrndr-id: 9c230013-6816-4cc4\r\nvary: Accept-Encoding\r\nx-powered-by: Express\r\nx-render-origin-server: Render\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Render","description":"Render is a cloud computing platform that provides a wide range of services, including web hosting, cloud computing, and application development. Render offers several hosting options, including static site hosting, web application hosting, and managed databases.","website":"https://render.com","common_platform_enumeration":"","icon":"Render.svg","categories":["PaaS"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":19,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"531aa36335921ee8f38a1029a8ea2a8e","sha1":"f1ed2977ae249881f612e89ab8b5081c75a23e32","sha256":"db6b410bd7af84f81376b32b99e27a40bd403c8a839efeead05ffbb6a1a65607","sha512":"47573ade4a4eb56c0e3fe39354647525c5676c8648c02f47635cfed3bf97084d8afb6fa963f84c1f3f28a4e0d6c9a6832fcaa9566927ed96ae06ac6c281e658e","ssdeep":"","tlshash":"db70000020ab2000208fa0c8000a880002020800200c0a28c00822280a082020008082","first_seen":"2024-07-09T18:14:15Z","last_seen":"2026-04-10T02:27:17.15192Z","times_seen":52,"resource_available":false,"data":null}},"time_used":569,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":569,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-22","alert":"Phishing Block","trigger":"account-recovery-process-google.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Google","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Google phishing","tags":["google"],"meta":null}]}},{"url":{"schema":"https","addr":"account-recovery-process-google.com/user/check-redirect","fqdn":"account-recovery-process-google.com","domain":"account-recovery-process-google.com","tld":"com"},"ip":{"addr":"216.24.57.1","port":443,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://account-recovery-process-google.com/","date":"2026-03-22T12:53:21.779Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"account-recovery-process-google.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 21 Mar 2026 22:32:25 GMT","end":"Fri, 19 Jun 2026 23:32:17 GMT"},"fingerprint":{"sha1":"66:E2:84:94:FE:21:17:C7:50:C8:4B:A4:1C:2D:E8:87:5D:FF:51:A5","sha256":"A0:7A:FA:49:39:EA:A1:EC:A0:D0:12:8C:88:90:00:CF:28:D3:A1:20:30:2F:A4:A8:69:88:31:8A:A1:CC:6E:C9"}}},"request":{"raw":"GET /user/check-redirect HTTP/1.1\r\nHost: account-recovery-process-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: connect.sid=s%3AO84kmkkGhXzLtaeuAQWm_0EjCo3MKqCH.RZzGyf0x7hT%2FtfdA1ui9y1kTDBu5brQddg%2BtLNQWuwY\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 22 Mar 2026 12:53:21 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 23\r\ncf-ray: 9e0556bb2be54e4c-OSL\r\ncontent-encoding: br\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\netag: W/\"13-8e0pd64kmIH2EuiauLUIHHWiPjI\"\r\nrndr-id: 901b9611-ea6b-48e4\r\nvary: Accept-Encoding\r\nx-powered-by: Express\r\nx-render-origin-server: Render\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Render","description":"Render is a cloud computing platform that provides a wide range of services, including web hosting, cloud computing, and application development. Render offers several hosting options, including static site hosting, web application hosting, and managed databases.","website":"https://render.com","common_platform_enumeration":"","icon":"Render.svg","categories":["PaaS"]}],"data":{"size":19,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"531aa36335921ee8f38a1029a8ea2a8e","sha1":"f1ed2977ae249881f612e89ab8b5081c75a23e32","sha256":"db6b410bd7af84f81376b32b99e27a40bd403c8a839efeead05ffbb6a1a65607","sha512":"47573ade4a4eb56c0e3fe39354647525c5676c8648c02f47635cfed3bf97084d8afb6fa963f84c1f3f28a4e0d6c9a6832fcaa9566927ed96ae06ac6c281e658e","ssdeep":"","tlshash":"db70000020ab2000208fa0c8000a880002020800200c0a28c00822280a082020008082","first_seen":"2024-07-09T18:14:15Z","last_seen":"2026-04-10T02:27:17.15192Z","times_seen":52,"resource_available":false,"data":null}},"time_used":202,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":202,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-22","alert":"Phishing Block","trigger":"account-recovery-process-google.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Google","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Google phishing","tags":["google"],"meta":null}]}},{"url":{"schema":"https","addr":"account-recovery-process-google.com/","fqdn":"account-recovery-process-google.com","domain":"account-recovery-process-google.com","tld":"com"},"ip":{"addr":"216.24.57.1","port":443,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-22T12:53:06.039Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"account-recovery-process-google.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 21 Mar 2026 22:32:25 GMT","end":"Fri, 19 Jun 2026 23:32:17 GMT"},"fingerprint":{"sha1":"66:E2:84:94:FE:21:17:C7:50:C8:4B:A4:1C:2D:E8:87:5D:FF:51:A5","sha256":"A0:7A:FA:49:39:EA:A1:EC:A0:D0:12:8C:88:90:00:CF:28:D3:A1:20:30:2F:A4:A8:69:88:31:8A:A1:CC:6E:C9"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: account-recovery-process-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 22 Mar 2026 12:53:06 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncf-ray: 9e05565a2862dfec-OSL\r\ncontent-encoding: br\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\netag: W/\"45569-5fPoqEpyxkv/THS0cm6BcWHGymU\"\r\nrndr-id: e64e3cfb-c52c-43a8\r\nset-cookie: connect.sid=s%3AO84kmkkGhXzLtaeuAQWm_0EjCo3MKqCH.RZzGyf0x7hT%2FtfdA1ui9y1kTDBu5brQddg%2BtLNQWuwY; Path=/; HttpOnly\r\nvary: Accept-Encoding\r\nx-powered-by: Express\r\nx-render-origin-server: Render\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Render","description":"Render is a cloud computing platform that provides a wide range of services, including web hosting, cloud computing, and application development. Render offers several hosting options, including static site hosting, web application hosting, and managed databases.","website":"https://render.com","common_platform_enumeration":"","icon":"Render.svg","categories":["PaaS"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":284009,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (494), with CRLF line terminators","md5":"3ddd9d04f96d0f33f0bcfd134fd20aa9","sha1":"e5f3e8a84a72c64bff4c74b4726e817161c6ca65","sha256":"a1aac2e3b04e484711ccb54fe64db7e4152252891df618659e152d67d44aeb00","sha512":"618764fa22de145c9ef1209a21d8661416eb7616f7fc606ddf4fabb52646e1f5ab68410d1223e8c010eee714b30b722aa12ee0bc1a3d167fec5042efc413495e","ssdeep":"3072:KEMXLjeRi/4t4z2yurKb3LjXoUfwvBUS/4t4z2yurKb3LjXoUfwvBUTcvq:KEoLjeR24BubnXoUIvH4BubnXoUIv6Cq","tlshash":"46547cfa8e12205aac33237a9ae7c60cff6a5553e6111f917eec71064fb46d400a2f5d","first_seen":"2026-03-22T12:53:32.107993Z","last_seen":"2026-04-10T02:27:17.152868Z","times_seen":4,"resource_available":false,"data":null}},"time_used":698,"timings":{"blocked":229,"dns":202,"connect":1,"send":0,"wait":240,"receive":0,"ssl":24},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-22","alert":"Phishing Block","trigger":"account-recovery-process-google.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Google","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Google phishing","tags":["google"],"meta":null}]}},{"url":{"schema":"https","addr":"account-recovery-process-google.com/user/check-redirect","fqdn":"account-recovery-process-google.com","domain":"account-recovery-process-google.com","tld":"com"},"ip":{"addr":"216.24.57.1","port":443,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://account-recovery-process-google.com/","date":"2026-03-22T12:53:09.783Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"account-recovery-process-google.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 21 Mar 2026 22:32:25 GMT","end":"Fri, 19 Jun 2026 23:32:17 GMT"},"fingerprint":{"sha1":"66:E2:84:94:FE:21:17:C7:50:C8:4B:A4:1C:2D:E8:87:5D:FF:51:A5","sha256":"A0:7A:FA:49:39:EA:A1:EC:A0:D0:12:8C:88:90:00:CF:28:D3:A1:20:30:2F:A4:A8:69:88:31:8A:A1:CC:6E:C9"}}},"request":{"raw":"GET /user/check-redirect HTTP/1.1\r\nHost: account-recovery-process-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: connect.sid=s%3AO84kmkkGhXzLtaeuAQWm_0EjCo3MKqCH.RZzGyf0x7hT%2FtfdA1ui9y1kTDBu5brQddg%2BtLNQWuwY\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 22 Mar 2026 12:53:10 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 23\r\ncf-ray: 9e0556702dc94e4c-OSL\r\ncontent-encoding: br\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\netag: W/\"13-8e0pd64kmIH2EuiauLUIHHWiPjI\"\r\nrndr-id: 68a53755-b265-4de9\r\nvary: Accept-Encoding\r\nx-powered-by: Express\r\nx-render-origin-server: Render\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Render","description":"Render is a cloud computing platform that provides a wide range of services, including web hosting, cloud computing, and application development. Render offers several hosting options, including static site hosting, web application hosting, and managed databases.","website":"https://render.com","common_platform_enumeration":"","icon":"Render.svg","categories":["PaaS"]}],"data":{"size":19,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"531aa36335921ee8f38a1029a8ea2a8e","sha1":"f1ed2977ae249881f612e89ab8b5081c75a23e32","sha256":"db6b410bd7af84f81376b32b99e27a40bd403c8a839efeead05ffbb6a1a65607","sha512":"47573ade4a4eb56c0e3fe39354647525c5676c8648c02f47635cfed3bf97084d8afb6fa963f84c1f3f28a4e0d6c9a6832fcaa9566927ed96ae06ac6c281e658e","ssdeep":"","tlshash":"db70000020ab2000208fa0c8000a880002020800200c0a28c00822280a082020008082","first_seen":"2024-07-09T18:14:15Z","last_seen":"2026-04-10T02:27:17.15192Z","times_seen":52,"resource_available":false,"data":null}},"time_used":218,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":218,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-22","alert":"Phishing Block","trigger":"account-recovery-process-google.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Google","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Google phishing","tags":["google"],"meta":null}]}},{"url":{"schema":"https","addr":"account-recovery-process-google.com/user/check-redirect","fqdn":"account-recovery-process-google.com","domain":"account-recovery-process-google.com","tld":"com"},"ip":{"addr":"216.24.57.1","port":443,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://account-recovery-process-google.com/","date":"2026-03-22T12:53:17.778Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"account-recovery-process-google.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 21 Mar 2026 22:32:25 GMT","end":"Fri, 19 Jun 2026 23:32:17 GMT"},"fingerprint":{"sha1":"66:E2:84:94:FE:21:17:C7:50:C8:4B:A4:1C:2D:E8:87:5D:FF:51:A5","sha256":"A0:7A:FA:49:39:EA:A1:EC:A0:D0:12:8C:88:90:00:CF:28:D3:A1:20:30:2F:A4:A8:69:88:31:8A:A1:CC:6E:C9"}}},"request":{"raw":"GET /user/check-redirect HTTP/1.1\r\nHost: account-recovery-process-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: connect.sid=s%3AO84kmkkGhXzLtaeuAQWm_0EjCo3MKqCH.RZzGyf0x7hT%2FtfdA1ui9y1kTDBu5brQddg%2BtLNQWuwY\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 22 Mar 2026 12:53:17 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 23\r\ncf-ray: 9e0556a22cdb4e4c-OSL\r\ncontent-encoding: br\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\netag: W/\"13-8e0pd64kmIH2EuiauLUIHHWiPjI\"\r\nrndr-id: 3929f9f0-02fd-444a\r\nvary: Accept-Encoding\r\nx-powered-by: Express\r\nx-render-origin-server: Render\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Render","description":"Render is a cloud computing platform that provides a wide range of services, including web hosting, cloud computing, and application development. Render offers several hosting options, including static site hosting, web application hosting, and managed databases.","website":"https://render.com","common_platform_enumeration":"","icon":"Render.svg","categories":["PaaS"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"531aa36335921ee8f38a1029a8ea2a8e","sha1":"f1ed2977ae249881f612e89ab8b5081c75a23e32","sha256":"db6b410bd7af84f81376b32b99e27a40bd403c8a839efeead05ffbb6a1a65607","sha512":"47573ade4a4eb56c0e3fe39354647525c5676c8648c02f47635cfed3bf97084d8afb6fa963f84c1f3f28a4e0d6c9a6832fcaa9566927ed96ae06ac6c281e658e","ssdeep":"","tlshash":"db70000020ab2000208fa0c8000a880002020800200c0a28c00822280a082020008082","first_seen":"2024-07-09T18:14:15Z","last_seen":"2026-04-10T02:27:17.15192Z","times_seen":52,"resource_available":false,"data":null}},"time_used":215,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":215,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-22","alert":"Phishing Block","trigger":"account-recovery-process-google.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Google","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Google phishing","tags":["google"],"meta":null}]}},{"url":{"schema":"https","addr":"account-recovery-process-google.com/user/check-redirect","fqdn":"account-recovery-process-google.com","domain":"account-recovery-process-google.com","tld":"com"},"ip":{"addr":"216.24.57.1","port":443,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://account-recovery-process-google.com/","date":"2026-03-22T12:53:18.778Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"account-recovery-process-google.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 21 Mar 2026 22:32:25 GMT","end":"Fri, 19 Jun 2026 23:32:17 GMT"},"fingerprint":{"sha1":"66:E2:84:94:FE:21:17:C7:50:C8:4B:A4:1C:2D:E8:87:5D:FF:51:A5","sha256":"A0:7A:FA:49:39:EA:A1:EC:A0:D0:12:8C:88:90:00:CF:28:D3:A1:20:30:2F:A4:A8:69:88:31:8A:A1:CC:6E:C9"}}},"request":{"raw":"GET /user/check-redirect HTTP/1.1\r\nHost: account-recovery-process-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: connect.sid=s%3AO84kmkkGhXzLtaeuAQWm_0EjCo3MKqCH.RZzGyf0x7hT%2FtfdA1ui9y1kTDBu5brQddg%2BtLNQWuwY\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 22 Mar 2026 12:53:19 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 23\r\ncf-ray: 9e0556a86ebb4e4c-OSL\r\ncontent-encoding: br\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\netag: W/\"13-8e0pd64kmIH2EuiauLUIHHWiPjI\"\r\nrndr-id: 3aec8199-de86-4c9a\r\nvary: Accept-Encoding\r\nx-powered-by: Express\r\nx-render-origin-server: Render\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Render","description":"Render is a cloud computing platform that provides a wide range of services, including web hosting, cloud computing, and application development. Render offers several hosting options, including static site hosting, web application hosting, and managed databases.","website":"https://render.com","common_platform_enumeration":"","icon":"Render.svg","categories":["PaaS"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":19,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"531aa36335921ee8f38a1029a8ea2a8e","sha1":"f1ed2977ae249881f612e89ab8b5081c75a23e32","sha256":"db6b410bd7af84f81376b32b99e27a40bd403c8a839efeead05ffbb6a1a65607","sha512":"47573ade4a4eb56c0e3fe39354647525c5676c8648c02f47635cfed3bf97084d8afb6fa963f84c1f3f28a4e0d6c9a6832fcaa9566927ed96ae06ac6c281e658e","ssdeep":"","tlshash":"db70000020ab2000208fa0c8000a880002020800200c0a28c00822280a082020008082","first_seen":"2024-07-09T18:14:15Z","last_seen":"2026-04-10T02:27:17.15192Z","times_seen":52,"resource_available":false,"data":null}},"time_used":279,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":279,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-22","alert":"Phishing Block","trigger":"account-recovery-process-google.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Google","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Google phishing","tags":["google"],"meta":null}]}},{"url":{"schema":"https","addr":"account-recovery-process-google.com/user/check-redirect","fqdn":"account-recovery-process-google.com","domain":"account-recovery-process-google.com","tld":"com"},"ip":{"addr":"216.24.57.1","port":443,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://account-recovery-process-google.com/","date":"2026-03-22T12:53:22.779Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"account-recovery-process-google.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 21 Mar 2026 22:32:25 GMT","end":"Fri, 19 Jun 2026 23:32:17 GMT"},"fingerprint":{"sha1":"66:E2:84:94:FE:21:17:C7:50:C8:4B:A4:1C:2D:E8:87:5D:FF:51:A5","sha256":"A0:7A:FA:49:39:EA:A1:EC:A0:D0:12:8C:88:90:00:CF:28:D3:A1:20:30:2F:A4:A8:69:88:31:8A:A1:CC:6E:C9"}}},"request":{"raw":"GET /user/check-redirect HTTP/1.1\r\nHost: account-recovery-process-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: connect.sid=s%3AO84kmkkGhXzLtaeuAQWm_0EjCo3MKqCH.RZzGyf0x7hT%2FtfdA1ui9y1kTDBu5brQddg%2BtLNQWuwY\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 22 Mar 2026 12:53:22 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 23\r\ncf-ray: 9e0556c16c6d4e4c-OSL\r\ncontent-encoding: br\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\netag: W/\"13-8e0pd64kmIH2EuiauLUIHHWiPjI\"\r\nrndr-id: 968a71d2-a0c1-47a8\r\nvary: Accept-Encoding\r\nx-powered-by: Express\r\nx-render-origin-server: Render\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Render","description":"Render is a cloud computing platform that provides a wide range of services, including web hosting, cloud computing, and application development. Render offers several hosting options, including static site hosting, web application hosting, and managed databases.","website":"https://render.com","common_platform_enumeration":"","icon":"Render.svg","categories":["PaaS"]}],"data":{"size":19,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"531aa36335921ee8f38a1029a8ea2a8e","sha1":"f1ed2977ae249881f612e89ab8b5081c75a23e32","sha256":"db6b410bd7af84f81376b32b99e27a40bd403c8a839efeead05ffbb6a1a65607","sha512":"47573ade4a4eb56c0e3fe39354647525c5676c8648c02f47635cfed3bf97084d8afb6fa963f84c1f3f28a4e0d6c9a6832fcaa9566927ed96ae06ac6c281e658e","ssdeep":"","tlshash":"db70000020ab2000208fa0c8000a880002020800200c0a28c00822280a082020008082","first_seen":"2024-07-09T18:14:15Z","last_seen":"2026-04-10T02:27:17.15192Z","times_seen":52,"resource_available":false,"data":null}},"time_used":204,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":204,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-22","alert":"Phishing Block","trigger":"account-recovery-process-google.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Google","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Google phishing","tags":["google"],"meta":null}]}},{"url":{"schema":"https","addr":"account-recovery-process-google.com/user/check-redirect","fqdn":"account-recovery-process-google.com","domain":"account-recovery-process-google.com","tld":"com"},"ip":{"addr":"216.24.57.1","port":443,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://account-recovery-process-google.com/","date":"2026-03-22T12:53:07.777Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"account-recovery-process-google.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 21 Mar 2026 22:32:25 GMT","end":"Fri, 19 Jun 2026 23:32:17 GMT"},"fingerprint":{"sha1":"66:E2:84:94:FE:21:17:C7:50:C8:4B:A4:1C:2D:E8:87:5D:FF:51:A5","sha256":"A0:7A:FA:49:39:EA:A1:EC:A0:D0:12:8C:88:90:00:CF:28:D3:A1:20:30:2F:A4:A8:69:88:31:8A:A1:CC:6E:C9"}}},"request":{"raw":"GET /user/check-redirect HTTP/1.1\r\nHost: account-recovery-process-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: connect.sid=s%3AO84kmkkGhXzLtaeuAQWm_0EjCo3MKqCH.RZzGyf0x7hT%2FtfdA1ui9y1kTDBu5brQddg%2BtLNQWuwY\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 22 Mar 2026 12:53:07 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 23\r\ncf-ray: 9e0556639ad44e4c-OSL\r\ncontent-encoding: br\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\netag: W/\"13-8e0pd64kmIH2EuiauLUIHHWiPjI\"\r\nrndr-id: 3570c37d-8534-471e\r\nvary: Accept-Encoding\r\nx-powered-by: Express\r\nx-render-origin-server: Render\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Render","description":"Render is a cloud computing platform that provides a wide range of services, including web hosting, cloud computing, and application development. Render offers several hosting options, including static site hosting, web application hosting, and managed databases.","website":"https://render.com","common_platform_enumeration":"","icon":"Render.svg","categories":["PaaS"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":19,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"531aa36335921ee8f38a1029a8ea2a8e","sha1":"f1ed2977ae249881f612e89ab8b5081c75a23e32","sha256":"db6b410bd7af84f81376b32b99e27a40bd403c8a839efeead05ffbb6a1a65607","sha512":"47573ade4a4eb56c0e3fe39354647525c5676c8648c02f47635cfed3bf97084d8afb6fa963f84c1f3f28a4e0d6c9a6832fcaa9566927ed96ae06ac6c281e658e","ssdeep":"","tlshash":"db70000020ab2000208fa0c8000a880002020800200c0a28c00822280a082020008082","first_seen":"2024-07-09T18:14:15Z","last_seen":"2026-04-10T02:27:17.15192Z","times_seen":52,"resource_available":false,"data":null}},"time_used":206,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":206,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-22","alert":"Phishing Block","trigger":"account-recovery-process-google.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Google","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Google phishing","tags":["google"],"meta":null}]}},{"url":{"schema":"https","addr":"account-recovery-process-google.com/user/check-redirect","fqdn":"account-recovery-process-google.com","domain":"account-recovery-process-google.com","tld":"com"},"ip":{"addr":"216.24.57.1","port":443,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://account-recovery-process-google.com/","date":"2026-03-22T12:53:11.777Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"account-recovery-process-google.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 21 Mar 2026 22:32:25 GMT","end":"Fri, 19 Jun 2026 23:32:17 GMT"},"fingerprint":{"sha1":"66:E2:84:94:FE:21:17:C7:50:C8:4B:A4:1C:2D:E8:87:5D:FF:51:A5","sha256":"A0:7A:FA:49:39:EA:A1:EC:A0:D0:12:8C:88:90:00:CF:28:D3:A1:20:30:2F:A4:A8:69:88:31:8A:A1:CC:6E:C9"}}},"request":{"raw":"GET /user/check-redirect HTTP/1.1\r\nHost: account-recovery-process-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: connect.sid=s%3AO84kmkkGhXzLtaeuAQWm_0EjCo3MKqCH.RZzGyf0x7hT%2FtfdA1ui9y1kTDBu5brQddg%2BtLNQWuwY\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 22 Mar 2026 12:53:11 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 23\r\ncf-ray: 9e05567c9a634e4c-OSL\r\ncontent-encoding: br\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\netag: W/\"13-8e0pd64kmIH2EuiauLUIHHWiPjI\"\r\nrndr-id: 89c8f4d3-7a0f-435a\r\nvary: Accept-Encoding\r\nx-powered-by: Express\r\nx-render-origin-server: Render\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Render","description":"Render is a cloud computing platform that provides a wide range of services, including web hosting, cloud computing, and application development. Render offers several hosting options, including static site hosting, web application hosting, and managed databases.","website":"https://render.com","common_platform_enumeration":"","icon":"Render.svg","categories":["PaaS"]}],"data":{"size":19,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"531aa36335921ee8f38a1029a8ea2a8e","sha1":"f1ed2977ae249881f612e89ab8b5081c75a23e32","sha256":"db6b410bd7af84f81376b32b99e27a40bd403c8a839efeead05ffbb6a1a65607","sha512":"47573ade4a4eb56c0e3fe39354647525c5676c8648c02f47635cfed3bf97084d8afb6fa963f84c1f3f28a4e0d6c9a6832fcaa9566927ed96ae06ac6c281e658e","ssdeep":"","tlshash":"db70000020ab2000208fa0c8000a880002020800200c0a28c00822280a082020008082","first_seen":"2024-07-09T18:14:15Z","last_seen":"2026-04-10T02:27:17.15192Z","times_seen":52,"resource_available":false,"data":null}},"time_used":222,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":222,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-22","alert":"Phishing Block","trigger":"account-recovery-process-google.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Google","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Google phishing","tags":["google"],"meta":null}]}},{"url":{"schema":"https","addr":"account-recovery-process-google.com/user/check-redirect","fqdn":"account-recovery-process-google.com","domain":"account-recovery-process-google.com","tld":"com"},"ip":{"addr":"216.24.57.1","port":443,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://account-recovery-process-google.com/","date":"2026-03-22T12:53:13.777Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"account-recovery-process-google.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 21 Mar 2026 22:32:25 GMT","end":"Fri, 19 Jun 2026 23:32:17 GMT"},"fingerprint":{"sha1":"66:E2:84:94:FE:21:17:C7:50:C8:4B:A4:1C:2D:E8:87:5D:FF:51:A5","sha256":"A0:7A:FA:49:39:EA:A1:EC:A0:D0:12:8C:88:90:00:CF:28:D3:A1:20:30:2F:A4:A8:69:88:31:8A:A1:CC:6E:C9"}}},"request":{"raw":"GET /user/check-redirect HTTP/1.1\r\nHost: account-recovery-process-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: connect.sid=s%3AO84kmkkGhXzLtaeuAQWm_0EjCo3MKqCH.RZzGyf0x7hT%2FtfdA1ui9y1kTDBu5brQddg%2BtLNQWuwY\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 22 Mar 2026 12:53:13 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 23\r\ncf-ray: 9e0556892f7f4e4c-OSL\r\ncontent-encoding: br\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\netag: W/\"13-8e0pd64kmIH2EuiauLUIHHWiPjI\"\r\nrndr-id: d108f5f6-5a05-4a90\r\nvary: Accept-Encoding\r\nx-powered-by: Express\r\nx-render-origin-server: Render\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Render","description":"Render is a cloud computing platform that provides a wide range of services, including web hosting, cloud computing, and application development. Render offers several hosting options, including static site hosting, web application hosting, and managed databases.","website":"https://render.com","common_platform_enumeration":"","icon":"Render.svg","categories":["PaaS"]}],"data":{"size":19,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"531aa36335921ee8f38a1029a8ea2a8e","sha1":"f1ed2977ae249881f612e89ab8b5081c75a23e32","sha256":"db6b410bd7af84f81376b32b99e27a40bd403c8a839efeead05ffbb6a1a65607","sha512":"47573ade4a4eb56c0e3fe39354647525c5676c8648c02f47635cfed3bf97084d8afb6fa963f84c1f3f28a4e0d6c9a6832fcaa9566927ed96ae06ac6c281e658e","ssdeep":"","tlshash":"db70000020ab2000208fa0c8000a880002020800200c0a28c00822280a082020008082","first_seen":"2024-07-09T18:14:15Z","last_seen":"2026-04-10T02:27:17.15192Z","times_seen":52,"resource_available":false,"data":null}},"time_used":188,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":188,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-22","alert":"Phishing Block","trigger":"account-recovery-process-google.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Google","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Google phishing","tags":["google"],"meta":null}]}},{"url":{"schema":"https","addr":"account-recovery-process-google.com/user/check-redirect","fqdn":"account-recovery-process-google.com","domain":"account-recovery-process-google.com","tld":"com"},"ip":{"addr":"216.24.57.1","port":443,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://account-recovery-process-google.com/","date":"2026-03-22T12:53:14.777Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"account-recovery-process-google.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 21 Mar 2026 22:32:25 GMT","end":"Fri, 19 Jun 2026 23:32:17 GMT"},"fingerprint":{"sha1":"66:E2:84:94:FE:21:17:C7:50:C8:4B:A4:1C:2D:E8:87:5D:FF:51:A5","sha256":"A0:7A:FA:49:39:EA:A1:EC:A0:D0:12:8C:88:90:00:CF:28:D3:A1:20:30:2F:A4:A8:69:88:31:8A:A1:CC:6E:C9"}}},"request":{"raw":"GET /user/check-redirect HTTP/1.1\r\nHost: account-recovery-process-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: connect.sid=s%3AO84kmkkGhXzLtaeuAQWm_0EjCo3MKqCH.RZzGyf0x7hT%2FtfdA1ui9y1kTDBu5brQddg%2BtLNQWuwY\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 22 Mar 2026 12:53:14 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 23\r\ncf-ray: 9e05568f5d564e4c-OSL\r\ncontent-encoding: br\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\netag: W/\"13-8e0pd64kmIH2EuiauLUIHHWiPjI\"\r\nrndr-id: 9c4abda9-2567-4230\r\nvary: Accept-Encoding\r\nx-powered-by: Express\r\nx-render-origin-server: Render\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Render","description":"Render is a cloud computing platform that provides a wide range of services, including web hosting, cloud computing, and application development. Render offers several hosting options, including static site hosting, web application hosting, and managed databases.","website":"https://render.com","common_platform_enumeration":"","icon":"Render.svg","categories":["PaaS"]}],"data":{"size":19,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"531aa36335921ee8f38a1029a8ea2a8e","sha1":"f1ed2977ae249881f612e89ab8b5081c75a23e32","sha256":"db6b410bd7af84f81376b32b99e27a40bd403c8a839efeead05ffbb6a1a65607","sha512":"47573ade4a4eb56c0e3fe39354647525c5676c8648c02f47635cfed3bf97084d8afb6fa963f84c1f3f28a4e0d6c9a6832fcaa9566927ed96ae06ac6c281e658e","ssdeep":"","tlshash":"db70000020ab2000208fa0c8000a880002020800200c0a28c00822280a082020008082","first_seen":"2024-07-09T18:14:15Z","last_seen":"2026-04-10T02:27:17.15192Z","times_seen":52,"resource_available":false,"data":null}},"time_used":188,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":188,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-22","alert":"Phishing Block","trigger":"account-recovery-process-google.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Google","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Google phishing","tags":["google"],"meta":null}]}},{"url":{"schema":"https","addr":"account-recovery-process-google.com/user/check-redirect","fqdn":"account-recovery-process-google.com","domain":"account-recovery-process-google.com","tld":"com"},"ip":{"addr":"216.24.57.1","port":443,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://account-recovery-process-google.com/","date":"2026-03-22T12:53:20.779Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"account-recovery-process-google.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 21 Mar 2026 22:32:25 GMT","end":"Fri, 19 Jun 2026 23:32:17 GMT"},"fingerprint":{"sha1":"66:E2:84:94:FE:21:17:C7:50:C8:4B:A4:1C:2D:E8:87:5D:FF:51:A5","sha256":"A0:7A:FA:49:39:EA:A1:EC:A0:D0:12:8C:88:90:00:CF:28:D3:A1:20:30:2F:A4:A8:69:88:31:8A:A1:CC:6E:C9"}}},"request":{"raw":"GET /user/check-redirect HTTP/1.1\r\nHost: account-recovery-process-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: connect.sid=s%3AO84kmkkGhXzLtaeuAQWm_0EjCo3MKqCH.RZzGyf0x7hT%2FtfdA1ui9y1kTDBu5brQddg%2BtLNQWuwY\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 22 Mar 2026 12:53:21 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 23\r\ncf-ray: 9e0556b4ea1e4e4c-OSL\r\ncontent-encoding: br\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\netag: W/\"13-8e0pd64kmIH2EuiauLUIHHWiPjI\"\r\nrndr-id: 44cbd7de-0593-4530\r\nvary: Accept-Encoding\r\nx-powered-by: Express\r\nx-render-origin-server: Render\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Render","description":"Render is a cloud computing platform that provides a wide range of services, including web hosting, cloud computing, and application development. Render offers several hosting options, including static site hosting, web application hosting, and managed databases.","website":"https://render.com","common_platform_enumeration":"","icon":"Render.svg","categories":["PaaS"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"531aa36335921ee8f38a1029a8ea2a8e","sha1":"f1ed2977ae249881f612e89ab8b5081c75a23e32","sha256":"db6b410bd7af84f81376b32b99e27a40bd403c8a839efeead05ffbb6a1a65607","sha512":"47573ade4a4eb56c0e3fe39354647525c5676c8648c02f47635cfed3bf97084d8afb6fa963f84c1f3f28a4e0d6c9a6832fcaa9566927ed96ae06ac6c281e658e","ssdeep":"","tlshash":"db70000020ab2000208fa0c8000a880002020800200c0a28c00822280a082020008082","first_seen":"2024-07-09T18:14:15Z","last_seen":"2026-04-10T02:27:17.15192Z","times_seen":52,"resource_available":false,"data":null}},"time_used":225,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":225,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-22","alert":"Phishing Block","trigger":"account-recovery-process-google.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Google","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Google phishing","tags":["google"],"meta":null}]}},{"url":{"schema":"https","addr":"account-recovery-process-google.com/user/check-redirect","fqdn":"account-recovery-process-google.com","domain":"account-recovery-process-google.com","tld":"com"},"ip":{"addr":"216.24.57.1","port":443,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://account-recovery-process-google.com/","date":"2026-03-22T12:53:24.780Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"account-recovery-process-google.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 21 Mar 2026 22:32:25 GMT","end":"Fri, 19 Jun 2026 23:32:17 GMT"},"fingerprint":{"sha1":"66:E2:84:94:FE:21:17:C7:50:C8:4B:A4:1C:2D:E8:87:5D:FF:51:A5","sha256":"A0:7A:FA:49:39:EA:A1:EC:A0:D0:12:8C:88:90:00:CF:28:D3:A1:20:30:2F:A4:A8:69:88:31:8A:A1:CC:6E:C9"}}},"request":{"raw":"GET /user/check-redirect HTTP/1.1\r\nHost: account-recovery-process-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: connect.sid=s%3AO84kmkkGhXzLtaeuAQWm_0EjCo3MKqCH.RZzGyf0x7hT%2FtfdA1ui9y1kTDBu5brQddg%2BtLNQWuwY\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 22 Mar 2026 12:53:25 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 23\r\ncf-ray: 9e0556cde8bf4e4c-OSL\r\ncontent-encoding: br\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\netag: W/\"13-8e0pd64kmIH2EuiauLUIHHWiPjI\"\r\nrndr-id: 6e25c84c-4045-4d90\r\nvary: Accept-Encoding\r\nx-powered-by: Express\r\nx-render-origin-server: Render\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Render","description":"Render is a cloud computing platform that provides a wide range of services, including web hosting, cloud computing, and application development. Render offers several hosting options, including static site hosting, web application hosting, and managed databases.","website":"https://render.com","common_platform_enumeration":"","icon":"Render.svg","categories":["PaaS"]}],"data":{"size":19,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"531aa36335921ee8f38a1029a8ea2a8e","sha1":"f1ed2977ae249881f612e89ab8b5081c75a23e32","sha256":"db6b410bd7af84f81376b32b99e27a40bd403c8a839efeead05ffbb6a1a65607","sha512":"47573ade4a4eb56c0e3fe39354647525c5676c8648c02f47635cfed3bf97084d8afb6fa963f84c1f3f28a4e0d6c9a6832fcaa9566927ed96ae06ac6c281e658e","ssdeep":"","tlshash":"db70000020ab2000208fa0c8000a880002020800200c0a28c00822280a082020008082","first_seen":"2024-07-09T18:14:15Z","last_seen":"2026-04-10T02:27:17.15192Z","times_seen":52,"resource_available":false,"data":null}},"time_used":236,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":236,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-22","alert":"Phishing Block","trigger":"account-recovery-process-google.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Google","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Google phishing","tags":["google"],"meta":null}]}},{"url":{"schema":"https","addr":"account-recovery-process-google.com/user/check-redirect","fqdn":"account-recovery-process-google.com","domain":"account-recovery-process-google.com","tld":"com"},"ip":{"addr":"216.24.57.1","port":443,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://account-recovery-process-google.com/","date":"2026-03-22T12:53:08.776Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"account-recovery-process-google.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 21 Mar 2026 22:32:25 GMT","end":"Fri, 19 Jun 2026 23:32:17 GMT"},"fingerprint":{"sha1":"66:E2:84:94:FE:21:17:C7:50:C8:4B:A4:1C:2D:E8:87:5D:FF:51:A5","sha256":"A0:7A:FA:49:39:EA:A1:EC:A0:D0:12:8C:88:90:00:CF:28:D3:A1:20:30:2F:A4:A8:69:88:31:8A:A1:CC:6E:C9"}}},"request":{"raw":"GET /user/check-redirect HTTP/1.1\r\nHost: account-recovery-process-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: connect.sid=s%3AO84kmkkGhXzLtaeuAQWm_0EjCo3MKqCH.RZzGyf0x7hT%2FtfdA1ui9y1kTDBu5brQddg%2BtLNQWuwY\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 22 Mar 2026 12:53:09 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 23\r\ncf-ray: 9e055669daf84e4c-OSL\r\ncontent-encoding: br\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\netag: W/\"13-8e0pd64kmIH2EuiauLUIHHWiPjI\"\r\nrndr-id: e4f4e0d2-cc1f-4237\r\nvary: Accept-Encoding\r\nx-powered-by: Express\r\nx-render-origin-server: Render\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Render","description":"Render is a cloud computing platform that provides a wide range of services, including web hosting, cloud computing, and application development. Render offers several hosting options, including static site hosting, web application hosting, and managed databases.","website":"https://render.com","common_platform_enumeration":"","icon":"Render.svg","categories":["PaaS"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"531aa36335921ee8f38a1029a8ea2a8e","sha1":"f1ed2977ae249881f612e89ab8b5081c75a23e32","sha256":"db6b410bd7af84f81376b32b99e27a40bd403c8a839efeead05ffbb6a1a65607","sha512":"47573ade4a4eb56c0e3fe39354647525c5676c8648c02f47635cfed3bf97084d8afb6fa963f84c1f3f28a4e0d6c9a6832fcaa9566927ed96ae06ac6c281e658e","ssdeep":"","tlshash":"db70000020ab2000208fa0c8000a880002020800200c0a28c00822280a082020008082","first_seen":"2024-07-09T18:14:15Z","last_seen":"2026-04-10T02:27:17.15192Z","times_seen":52,"resource_available":false,"data":null}},"time_used":224,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":224,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-22","alert":"Phishing Block","trigger":"account-recovery-process-google.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Google","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Google phishing","tags":["google"],"meta":null}]}},{"url":{"schema":"https","addr":"account-recovery-process-google.com/user/check-redirect","fqdn":"account-recovery-process-google.com","domain":"account-recovery-process-google.com","tld":"com"},"ip":{"addr":"216.24.57.1","port":443,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://account-recovery-process-google.com/","date":"2026-03-22T12:53:15.778Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"account-recovery-process-google.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 21 Mar 2026 22:32:25 GMT","end":"Fri, 19 Jun 2026 23:32:17 GMT"},"fingerprint":{"sha1":"66:E2:84:94:FE:21:17:C7:50:C8:4B:A4:1C:2D:E8:87:5D:FF:51:A5","sha256":"A0:7A:FA:49:39:EA:A1:EC:A0:D0:12:8C:88:90:00:CF:28:D3:A1:20:30:2F:A4:A8:69:88:31:8A:A1:CC:6E:C9"}}},"request":{"raw":"GET /user/check-redirect HTTP/1.1\r\nHost: account-recovery-process-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: connect.sid=s%3AO84kmkkGhXzLtaeuAQWm_0EjCo3MKqCH.RZzGyf0x7hT%2FtfdA1ui9y1kTDBu5brQddg%2BtLNQWuwY\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 22 Mar 2026 12:53:15 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 23\r\ncf-ray: 9e055695afc54e4c-OSL\r\ncontent-encoding: br\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\netag: W/\"13-8e0pd64kmIH2EuiauLUIHHWiPjI\"\r\nrndr-id: 8c3b136e-ee58-4fdf\r\nvary: Accept-Encoding\r\nx-powered-by: Express\r\nx-render-origin-server: Render\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Render","description":"Render is a cloud computing platform that provides a wide range of services, including web hosting, cloud computing, and application development. Render offers several hosting options, including static site hosting, web application hosting, and managed databases.","website":"https://render.com","common_platform_enumeration":"","icon":"Render.svg","categories":["PaaS"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"531aa36335921ee8f38a1029a8ea2a8e","sha1":"f1ed2977ae249881f612e89ab8b5081c75a23e32","sha256":"db6b410bd7af84f81376b32b99e27a40bd403c8a839efeead05ffbb6a1a65607","sha512":"47573ade4a4eb56c0e3fe39354647525c5676c8648c02f47635cfed3bf97084d8afb6fa963f84c1f3f28a4e0d6c9a6832fcaa9566927ed96ae06ac6c281e658e","ssdeep":"","tlshash":"db70000020ab2000208fa0c8000a880002020800200c0a28c00822280a082020008082","first_seen":"2024-07-09T18:14:15Z","last_seen":"2026-04-10T02:27:17.15192Z","times_seen":52,"resource_available":false,"data":null}},"time_used":218,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":218,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-22","alert":"Phishing Block","trigger":"account-recovery-process-google.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Google","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Google phishing","tags":["google"],"meta":null}]}},{"url":{"schema":"https","addr":"account-recovery-process-google.com/user/check-redirect","fqdn":"account-recovery-process-google.com","domain":"account-recovery-process-google.com","tld":"com"},"ip":{"addr":"216.24.57.1","port":443,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://account-recovery-process-google.com/","date":"2026-03-22T12:53:23.779Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"account-recovery-process-google.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 21 Mar 2026 22:32:25 GMT","end":"Fri, 19 Jun 2026 23:32:17 GMT"},"fingerprint":{"sha1":"66:E2:84:94:FE:21:17:C7:50:C8:4B:A4:1C:2D:E8:87:5D:FF:51:A5","sha256":"A0:7A:FA:49:39:EA:A1:EC:A0:D0:12:8C:88:90:00:CF:28:D3:A1:20:30:2F:A4:A8:69:88:31:8A:A1:CC:6E:C9"}}},"request":{"raw":"GET /user/check-redirect HTTP/1.1\r\nHost: account-recovery-process-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: connect.sid=s%3AO84kmkkGhXzLtaeuAQWm_0EjCo3MKqCH.RZzGyf0x7hT%2FtfdA1ui9y1kTDBu5brQddg%2BtLNQWuwY\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 22 Mar 2026 12:53:24 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 23\r\ncf-ray: 9e0556c7ac5e4e4c-OSL\r\ncontent-encoding: br\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\netag: W/\"13-8e0pd64kmIH2EuiauLUIHHWiPjI\"\r\nrndr-id: e61c347c-0f58-4b7c\r\nvary: Accept-Encoding\r\nx-powered-by: Express\r\nx-render-origin-server: Render\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Render","description":"Render is a cloud computing platform that provides a wide range of services, including web hosting, cloud computing, and application development. Render offers several hosting options, including static site hosting, web application hosting, and managed databases.","website":"https://render.com","common_platform_enumeration":"","icon":"Render.svg","categories":["PaaS"]}],"data":{"size":19,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"531aa36335921ee8f38a1029a8ea2a8e","sha1":"f1ed2977ae249881f612e89ab8b5081c75a23e32","sha256":"db6b410bd7af84f81376b32b99e27a40bd403c8a839efeead05ffbb6a1a65607","sha512":"47573ade4a4eb56c0e3fe39354647525c5676c8648c02f47635cfed3bf97084d8afb6fa963f84c1f3f28a4e0d6c9a6832fcaa9566927ed96ae06ac6c281e658e","ssdeep":"","tlshash":"db70000020ab2000208fa0c8000a880002020800200c0a28c00822280a082020008082","first_seen":"2024-07-09T18:14:15Z","last_seen":"2026-04-10T02:27:17.15192Z","times_seen":52,"resource_available":false,"data":null}},"time_used":241,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":241,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"account-recovery-process-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-22","alert":"Phishing Block","trigger":"account-recovery-process-google.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Google","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Google phishing","tags":["google"],"meta":null}]}}]}