Saw this circulating on Twitter today:
No outside comms, i know, but thought i'd open it up for discussion.
whois says it was registered yesterday (the 17th (Q day)).
.
whois data:
. .
Domain Name: QOFFICIAL.NET
Registry Domain ID: 2830664517_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2023-11-17T23:22:13Z
Creation Date: 2023-11-17T23:22:13Z
Registry Expiry Date: 2024-11-17T23:22:13Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: 480-624-2505
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Name Server: NS53.DOMAINCONTROL.COM
Name Server: NS54.DOMAINCONTROL.COM
DNSSEC: unsigned
. . . .
Server's response headers:
.
wget -O /dev/null -S https://qofficial.net/
Resolving qofficial.net (qofficial.net)... 34.117.223.165
HTTP/1.1 302 Found
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
link: https://imgproxy.fourthwall.com; rel=preconnect; crossorigin, Link:
https://themes.fourthwall.com; rel="preconnect"; crossorigin
location: https://qofficial.net/password
content-type: text/html; charset=utf-8
content-security-policy-report-only: report-uri https://o276638.ingest.sentry.io/api/3755835/security/? sentry_key=3ca837c4b889463d8ab50e4ebb014331
x-request-id: 16ad520e-380c-49f9-9fae-531dd097aee9
x-runtime: 0.127367
x-envoy-upstream-service-time: 129
date: Sun, 19 Nov 2023 00:29:01 GMT
server: istio-envoy
vary: Accept-Encoding
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
Location: https://qofficial.net/password [following]
--2023-11-18 19:29:02-- https://qofficial.net/password
Reusing existing connection to qofficial.net:443.
HTTP request sent, awaiting response...
HTTP/1.1 200 OK
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
link: https://imgproxy.fourthwall.com; rel=preconnect; crossorigin, Link: https://themes.fourthwall.com; rel="preconnect"; crossorigin
x-robots-tag: noindex
content-type: text/html; charset=utf-8
content-security-policy-report-only: report-uri https://o276638.ingest.sentry.io/api/3755835/security/? sentry_key=3ca837c4b889463d8ab50e4ebb014331
x-request-id: 20c81050-1edb-45c0-a3e7-3d335c8693c4
x-runtime: 0.175434
x-envoy-upstream-service-time: 178
date: Sun, 19 Nov 2023 00:29:02 GMT
server: istio-envoy
vary: Accept-Encoding
Via: 1.1 google
Cache-Control: max-age=0,public,s-maxage=10
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
. . .
I've never heard of a "istio-envoy" server. Interesting.
Yes, interesting... thanks for posting
Do you have a theory? Or, a decision tree, perhaps as simple as... legit, or not? And if so, to what end?
I don't think it's legit. Probably some "paytriot" looking to make a little cash. Who knows though because qagg.news is back up and saying something is coming soon.
Oh? That adds to the intrigue!
They posted on Truth that they'll be operational tomorrow, the 19th