Saw this circulating on Twitter today:
No outside comms, i know, but thought i'd open it up for discussion.
whois says it was registered yesterday (the 17th (Q day)).
.
whois data:
. .
Domain Name: QOFFICIAL.NET
Registry Domain ID: 2830664517_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2023-11-17T23:22:13Z
Creation Date: 2023-11-17T23:22:13Z
Registry Expiry Date: 2024-11-17T23:22:13Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: 480-624-2505
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Name Server: NS53.DOMAINCONTROL.COM
Name Server: NS54.DOMAINCONTROL.COM
DNSSEC: unsigned
. . . .
Server's response headers:
.
wget -O /dev/null -S https://qofficial.net/
Resolving qofficial.net (qofficial.net)... 34.117.223.165
HTTP/1.1 302 Found
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
link: https://imgproxy.fourthwall.com; rel=preconnect; crossorigin, Link:
https://themes.fourthwall.com; rel="preconnect"; crossorigin
location: https://qofficial.net/password
content-type: text/html; charset=utf-8
content-security-policy-report-only: report-uri https://o276638.ingest.sentry.io/api/3755835/security/? sentry_key=3ca837c4b889463d8ab50e4ebb014331
x-request-id: 16ad520e-380c-49f9-9fae-531dd097aee9
x-runtime: 0.127367
x-envoy-upstream-service-time: 129
date: Sun, 19 Nov 2023 00:29:01 GMT
server: istio-envoy
vary: Accept-Encoding
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
Location: https://qofficial.net/password [following]
--2023-11-18 19:29:02-- https://qofficial.net/password
Reusing existing connection to qofficial.net:443.
HTTP request sent, awaiting response...
HTTP/1.1 200 OK
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
link: https://imgproxy.fourthwall.com; rel=preconnect; crossorigin, Link: https://themes.fourthwall.com; rel="preconnect"; crossorigin
x-robots-tag: noindex
content-type: text/html; charset=utf-8
content-security-policy-report-only: report-uri https://o276638.ingest.sentry.io/api/3755835/security/? sentry_key=3ca837c4b889463d8ab50e4ebb014331
x-request-id: 20c81050-1edb-45c0-a3e7-3d335c8693c4
x-runtime: 0.175434
x-envoy-upstream-service-time: 178
date: Sun, 19 Nov 2023 00:29:02 GMT
server: istio-envoy
vary: Accept-Encoding
Via: 1.1 google
Cache-Control: max-age=0,public,s-maxage=10
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
. . .
I've never heard of a "istio-envoy" server. Interesting.
Hasn't even been 48 hours yet. Let's see what happens.