r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 150792cfc458af013998f4ef6bdf5f74
d5179b2dcb11d06f82606bf6eb6648319998d63e
72937c756d3feeae6d04a6f445398b0436bdf559f8c7437e3a3233263943900e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "72937C756D3FEEAE6D04A6F445398B0436BDF559F8C7437E3A3233263943900E"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10007
Expires: Mon, 28 Nov 2022 23:10:03 GMT
Date: Mon, 28 Nov 2022 20:23:16 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 71f9c681a82440fd55e76c780a20e55d
3147768cfbcdd06e0c6e69684292e68e99917a80
5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4223
Expires: Mon, 28 Nov 2022 21:33:39 GMT
Date: Mon, 28 Nov 2022 20:23:16 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash 9408cc0694fcbea57966c3a3ba906092
fddcee1fdcf3209298e41a4b1b5560357fa165f0
6ef7120d9463f56e3ddfadd5766d02da8523f34061b13bdba54bf9ab72a1e979
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6419
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 20:23:16 GMT
Last-Modified: Mon, 28 Nov 2022 18:36:17 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: yiqpNw11/MNQXibMjHZruxUlnJfrZYQ1sV5oOY1yv9UtXnJglAATIwh3uN6DL0ullanGOQ4JDIjO06SaKnuRfQ==
x-amz-request-id: VX8M6E06GQGH3HJN
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 28 Nov 2022 19:42:12 GMT
age: 2464
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 28 Nov 2022 20:17:49 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 327
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 20:23:17 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
secure-truist-login-online.duckdns.org/as/s41726790920868
200 OK 5.5 kB URL HTTP/1.1 secure-truist-login-online.duckdns.org/as/s41726790920868
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (5537)
Hash 64b868e22ffef1f224b869de726b825d
dcf2b762fa538402830676cce8a4c5e679047db6
7755cf60d7a2e8ab769068f918431c6579d2a586e9a4687a966eac8962c35a52
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /as/s41726790920868 HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country=US
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 20:23:17 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:48 GMT
Accept-Ranges: bytes
Content-Length: 5538
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
secure-truist-login-online.duckdns.org/as/dbc-min.js
200 OK 1.0 kB URL HTTP/1.1 secure-truist-login-online.duckdns.org/as/dbc-min.js
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (1008)
Hash b11f34c50275765a9b3a0acbe1bd75aa
6103a85e4b0cf9fdca904a5793fb8af8c7a6dcea
3a646c145be3980978aaa0740511189e7d4aaac97f7731321fddb3a3e52f1a35
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /as/dbc-min.js HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D75_sn_IAAJA1BKP7I1GU5QQR54KAIS08RFCIFQ; rxVisitor=1669666996431Q3JIDH6O5CT0I5QL7BHEP49VGRL8OKG6; dtPC=-75$466996425_795h1vCCAFMAVGARPKTUGRPQURRQKBHMCDDMRF-0e0; rxvt=1669668796432|1669666996432
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 20:23:17 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:50 GMT
Accept-Ranges: bytes
Content-Length: 1009
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country=US
200 OK 264 kB URL HTTP/1.1 secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country=US
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (24953)
Size 264 kB (264151 bytes)
Hash 491376cc52444fbf96b08dfe0583e23e
f3e3d20d3029bc491bfee651f1cd5242643ce3dc
a5565c237bcc41b5603a96dcc0b388dec61707d6314f80654d8421dba88e17aa
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /login.php?Verification=TRUE&Country=US HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 20:23:16 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 28 Nov 2022 20:11:12 GMT
cache-control: public,max-age=3600
age: 725
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
secure-truist-login-online.duckdns.org/as/AppMeasurement.min.js
200 OK 34 kB URL HTTP/1.1 secure-truist-login-online.duckdns.org/as/AppMeasurement.min.js
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (32768)
Hash d860c16ac938f7d839f0ec158d02d0f0
8710f81ed151233677f7e32b229cb35293dd6840
9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /as/AppMeasurement.min.js HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D75_sn_IAAJA1BKP7I1GU5QQR54KAIS08RFCIFQ; rxVisitor=1669666996431Q3JIDH6O5CT0I5QL7BHEP49VGRL8OKG6; dtPC=-75$466996425_795h1vCCAFMAVGARPKTUGRPQURRQKBHMCDDMRF-0e0; rxvt=1669668796432|1669666996432
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 20:23:17 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:52 GMT
Accept-Ranges: bytes
Content-Length: 33557
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
secure-truist-login-online.duckdns.org/as/styles.300dc7a1784cb961.css
200 OK 74 kB URL HTTP/1.1 secure-truist-login-online.duckdns.org/as/styles.300dc7a1784cb961.css
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (65536), with no line terminators
Hash 59376fa41035970dd399af380e087aea
190ecfa3c0b1136fe97c4034dc4f0853f87871a8
fdeec756eeb5e1678d56c408ab7b587cffdc028141bb321e6f9fc2ab07434f94
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /as/styles.300dc7a1784cb961.css HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D75_sn_IAAJA1BKP7I1GU5QQR54KAIS08RFCIFQ; rxVisitor=1669666996431Q3JIDH6O5CT0I5QL7BHEP49VGRL8OKG6; dtPC=-75$466996425_795h1vCCAFMAVGARPKTUGRPQURRQKBHMCDDMRF-0e0; rxvt=1669668796432|1669666996432
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 20:23:17 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:50 GMT
Accept-Ranges: bytes
Content-Length: 73801
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
secure-truist-login-online.duckdns.org/as/AppMeasurement_Module_AudienceManagement.min.js
200 OK 25 kB URL HTTP/1.1 secure-truist-login-online.duckdns.org/as/AppMeasurement_Module_AudienceManagement.min.js
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type exported SGML document, ASCII text, with very long lines (24999)
Hash 26a8cd142b539700557eb4710c3d56bd
46452cb34f2c181ebe255c96c9ea9522f1537500
4858af0bdd1175d3f6c795eb053e7cae348ecb67f0633020d7d925c7672de871
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /as/AppMeasurement_Module_AudienceManagement.min.js HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D75_sn_IAAJA1BKP7I1GU5QQR54KAIS08RFCIFQ; rxVisitor=1669666996431Q3JIDH6O5CT0I5QL7BHEP49VGRL8OKG6; dtPC=-75$466996425_795h1vCCAFMAVGARPKTUGRPQURRQKBHMCDDMRF-0e0; rxvt=1669668796432|1669666996432
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 20:23:17 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:52 GMT
Accept-Ranges: bytes
Content-Length: 25152
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
secure-truist-login-online.duckdns.org/as/ruxitagentjs_A27Vfgqrux_10247220811100421.js
200 OK 200 kB URL HTTP/1.1 secure-truist-login-online.duckdns.org/as/ruxitagentjs_A27Vfgqrux_10247220811100421.js
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (1629)
Size 200 kB (199861 bytes)
Hash 37b3017deb6e999f00fd4317ea993581
9088a383f8b4810ec07a7a7888078080b9d52571
d9142247fc7155831ec1b373a947f8a3028084e8dbdca813a6b098c0e1e45bcf
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /as/ruxitagentjs_A27Vfgqrux_10247220811100421.js HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D75_sn_IAAJA1BKP7I1GU5QQR54KAIS08RFCIFQ; rxVisitor=1669666996431Q3JIDH6O5CT0I5QL7BHEP49VGRL8OKG6; dtPC=-75$466996425_795h1vCCAFMAVGARPKTUGRPQURRQKBHMCDDMRF-0e0; rxvt=1669668796432|1669666996432
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 20:23:17 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:50 GMT
Accept-Ranges: bytes
Content-Length: 199861
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
secure-truist-login-online.duckdns.org/as/runtime.24e47bcca0e5b8df.js
200 OK 4.0 kB URL HTTP/1.1 secure-truist-login-online.duckdns.org/as/runtime.24e47bcca0e5b8df.js
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (3988), with no line terminators
Hash 19e82f6632beff47a591d8d9898844eb
745646fd24b19616736b1334a77595c8158c3096
53f683216b31c885d6613df4f654d8c76ee381c5e59d14c1580c4fb04f7e8dd1
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /as/runtime.24e47bcca0e5b8df.js HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D75_sn_IAAJA1BKP7I1GU5QQR54KAIS08RFCIFQ; rxVisitor=1669666996431Q3JIDH6O5CT0I5QL7BHEP49VGRL8OKG6; dtPC=-75$466996425_795h1vCCAFMAVGARPKTUGRPQURRQKBHMCDDMRF-0e0; rxvt=1669668796432|1669666996432
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 20:23:17 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:52 GMT
Accept-Ranges: bytes
Content-Length: 3988
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
secure-truist-login-online.duckdns.org/as/launch-866a03735382.min.js
200 OK 187 kB URL HTTP/1.1 secure-truist-login-online.duckdns.org/as/launch-866a03735382.min.js
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (32767)
Size 187 kB (186614 bytes)
Hash 3aa98593c529dd9249016d9eef0766f6
1efb9edd2917af402a4ab3c45589bc0da0f9de6c
8a29b6243bec9aea0e9c4284be37de91fde512b9b80d1c0a48636f95bfa14505
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /as/launch-866a03735382.min.js HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D75_sn_IAAJA1BKP7I1GU5QQR54KAIS08RFCIFQ; rxVisitor=1669666996431Q3JIDH6O5CT0I5QL7BHEP49VGRL8OKG6; dtPC=-75$466996425_795h1vCCAFMAVGARPKTUGRPQURRQKBHMCDDMRF-0e0; rxvt=1669668796432|1669666996432
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 20:23:17 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:50 GMT
Accept-Ranges: bytes
Content-Length: 186614
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
secure-truist-login-online.duckdns.org/as/polyfills.87d6b856162b755f.js
200 OK 34 kB URL HTTP/1.1 secure-truist-login-online.duckdns.org/as/polyfills.87d6b856162b755f.js
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (33921), with no line terminators
Hash a41a401158c68bce6c0449d976f94254
b6712540e7ca18ed5bf7a684a7fa6f60f77775eb
0a032317a19ef60ee4bf3a0bd74b3cdfff1e1a2e1d7cdef29f0de71c5e6e3f2e
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /as/polyfills.87d6b856162b755f.js HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D75_sn_IAAJA1BKP7I1GU5QQR54KAIS08RFCIFQ; rxVisitor=1669666996431Q3JIDH6O5CT0I5QL7BHEP49VGRL8OKG6; dtPC=-75$466996425_795h1vCCAFMAVGARPKTUGRPQURRQKBHMCDDMRF-0e0; rxvt=1669668796432|1669666996432
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 20:23:17 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:52 GMT
Accept-Ranges: bytes
Content-Length: 33921
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.digicert.com/
200 OK 471 B IP
Hash 7ab2ef968cb6a3078f4b9cb2dda813d4
e669116047ca058a2c1b2999ff0ea8682719162c
6ddecf0b21c44f3851da8efeb6ecdc6c8e9b83d7681153c31952b4ec8c23c940
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6482
Cache-Control: max-age=138699
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 20:23:17 GMT
Etag: "63847a2f-1d7"
Expires: Wed, 30 Nov 2022 10:54:56 GMT
Last-Modified: Mon, 28 Nov 2022 09:06:55 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
secure-truist-login-online.duckdns.org/as/scripts.1c82821384a86f51.js
200 OK 162 kB URL HTTP/1.1 secure-truist-login-online.duckdns.org/as/scripts.1c82821384a86f51.js
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (65536), with no line terminators
Size 162 kB (162165 bytes)
Hash d260f493770fd7a5ec4caf09e788726a
0575d3d4e11d738d5b34cb4422c12b5fe6f961ab
30792010f2ad793afae6214bbb28bfd1cedc615ea2370a1862d7a5ae8787a09a
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /as/scripts.1c82821384a86f51.js HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D75_sn_IAAJA1BKP7I1GU5QQR54KAIS08RFCIFQ; rxVisitor=1669666996431Q3JIDH6O5CT0I5QL7BHEP49VGRL8OKG6; dtPC=-75$466996425_795h1vCCAFMAVGARPKTUGRPQURRQKBHMCDDMRF-0e0; rxvt=1669668796432|1669666996432
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 20:23:17 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:52 GMT
Accept-Ranges: bytes
Content-Length: 162165
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
secure-truist-login-online.duckdns.org/as/truist_common.js
200 OK 243 kB URL HTTP/1.1 secure-truist-login-online.duckdns.org/as/truist_common.js
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (65536), with no line terminators
Size 243 kB (242738 bytes)
Hash 96883d65a2154b539f6d35d275d0204d
ffcdd9ad3c2eb9e2dc9bdf345b7634b7c0602e20
c9732b242d6e796c25b89e5c167f282fd75a499b8797c06d3451e6cbe28af3eb
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /as/truist_common.js HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D75_sn_IAAJA1BKP7I1GU5QQR54KAIS08RFCIFQ; rxVisitor=1669666996431Q3JIDH6O5CT0I5QL7BHEP49VGRL8OKG6; dtPC=-75$466996425_795h1vCCAFMAVGARPKTUGRPQURRQKBHMCDDMRF-0e0; rxvt=1669668796432|1669666996432
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 20:23:17 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:50 GMT
Accept-Ranges: bytes
Content-Length: 242738
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_AudienceManagement.min.js
200 OK 8.8 kB URL HTTP/2 assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_AudienceManagement.min.js
IP
File type exported SGML document, ASCII text, with very long lines (24999)
Hash 6f56f25549f094ee43918a26715f4c6b
0b75d52207556fa7879017f81a9445006a637047
57a0cc8a8dfd7a1ab1aa40a84c53b0db4caf025c5c5499bea095b91924139a96
GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_AudienceManagement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "26a8cd142b539700557eb4710c3d56bd:1644856531.982003"
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
expires: Mon, 28 Nov 2022 21:23:17 GMT
date: Mon, 28 Nov 2022 20:23:17 GMT
content-length: 8753
cache-control: no-cache
access-control-allow-origin: http://secure-truist-login-online.duckdns.org
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
200 OK 12 kB URL HTTP/2 assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
IP
File type ASCII text, with very long lines (32768)
Hash e616df092766c7ab7904619f971a35cc
a960429c42802a43e3ce728fc4d1e8bdab10e606
082ae7647bfdb639846791e5c0ca39b96544dff3aed0c365973c9589cd5b091e
GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 12163
expires: Mon, 28 Nov 2022 21:23:17 GMT
date: Mon, 28 Nov 2022 20:23:17 GMT
cache-control: no-cache
access-control-allow-origin: http://secure-truist-login-online.duckdns.org
timing-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 04a1e174fccea9e65be21b0c9746de94
a62527b64c568170053ef10f12f479c61848a6a8
b14de7ab62003f342cb84b98caa3bd291bf24d9cefdad1571edfd94aa0a483da
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5815
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 20:23:17 GMT
Last-Modified: Mon, 28 Nov 2022 18:46:22 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
secure-truist-login-online.duckdns.org/as/tru_lg_hrz_rgb_wht_rev.png
200 OK 15 kB URL HTTP/1.1 secure-truist-login-online.duckdns.org/as/tru_lg_hrz_rgb_wht_rev.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 1927 x 767, 8-bit/color RGBA, non-interlaced\012- data
Hash 84796985e04a9f463f26293d1919f3c4
db0a67a0de6fe6a06c4254b82e72e64ed80f0400
d938ee89009d30e5f4abe089c40c5d3ef3b4ae7e1965d451faadb7e61ccc32d9
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /as/tru_lg_hrz_rgb_wht_rev.png HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D75_sn_IAAJA1BKP7I1GU5QQR54KAIS08RFCIFQ; rxVisitor=1669666996431Q3JIDH6O5CT0I5QL7BHEP49VGRL8OKG6; dtPC=-75$466996425_795h1vCCAFMAVGARPKTUGRPQURRQKBHMCDDMRF-0e0; rxvt=1669668796432|1669666996432
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 20:23:17 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:52 GMT
Accept-Ranges: bytes
Content-Length: 14599
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
secure-truist-login-online.duckdns.org/as/trulogo_horz-trupurple.png
200 OK 4.4 kB URL HTTP/1.1 secure-truist-login-online.duckdns.org/as/trulogo_horz-trupurple.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 365 x 86, 8-bit/color RGBA, non-interlaced\012- data
Hash fe2af793fe57fcace53f91cfed335a8e
250d1d12ba58cade61d74f7f61dbc90bf2556bda
d2e2e20fc9729fb0389392bde5a8fd1b4cb390dd8689ce7a1c3fe83cc91b0d52
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /as/trulogo_horz-trupurple.png HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D75_sn_IAAJA1BKP7I1GU5QQR54KAIS08RFCIFQ; rxVisitor=1669666996431Q3JIDH6O5CT0I5QL7BHEP49VGRL8OKG6; dtPC=-75$466996425_795h1vCCAFMAVGARPKTUGRPQURRQKBHMCDDMRF-0e0; rxvt=1669668796432|1669666996432
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 20:23:17 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:52 GMT
Accept-Ranges: bytes
Content-Length: 4376
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=AA7A3BC75245B3BC0A490D4D%40AdobeOrg&d_nsid=0&ts=1669666997053
200 OK 1.3 kB URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=AA7A3BC75245B3BC0A490D4D%40AdobeOrg&d_nsid=0&ts=1669666997053
IP
File type JSON data\012- , ASCII text, with very long lines (4008), with no line terminators
Hash 58a12660827887339730946284778013
ac1fe240f69441ddaae930e8e53e683cdb610acc
6b2fce65e28dd0ce351c0ea7a3774e8bc9dceb1e3aef17d908cef9e6a2cfcfe6
GET /id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=AA7A3BC75245B3BC0A490D4D%40AdobeOrg&d_nsid=0&ts=1669666997053 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://secure-truist-login-online.duckdns.org
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://secure-truist-login-online.duckdns.org
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-00960800d.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=11375966042483109664246322042451088668; Max-Age=15552000; Expires=Sat, 27 May 2023 20:23:17 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: 14XbpFZjSm8=
Content-Length: 1333
Connection: keep-alive
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 3HyQjDThSiXz9ymAFB3EUQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 8dsI7imv4CTyq0PhqcQHZX5kxE8=
secure-truist-login-online.duckdns.org/as/dest5.html
200 OK 14 kB URL HTTP/1.1 secure-truist-login-online.duckdns.org/as/dest5.html
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash cbec4d4de9f31f17f6f9331f89383d7d
5524cbfba00706b21a72cb1c57e4e575b4e7ad1f
b26151b6cbca0ba0a30c98391039c7d300c1f344c8e118f932c6787470305128
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /as/dest5.html HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D75_sn_IAAJA1BKP7I1GU5QQR54KAIS08RFCIFQ; rxVisitor=1669666996431Q3JIDH6O5CT0I5QL7BHEP49VGRL8OKG6; dtPC=-75$466996425_795h2vCCAFMAVGARPKTUGRPQURRQKBHMCDDMRF-0e0; rxvt=1669668797053|1669666996432; dtLatC=96; dtSa=-; AMCV_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1176715910%7CMCIDTS%7C19325%7CvVersion%7C5.4.0
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 20:23:18 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:52 GMT
Accept-Ranges: bytes
Content-Length: 13579
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html
secure-truist-login-online.duckdns.org/assets/tru-core-icon-sprite.svg
404 Not Found 315 B URL HTTP/1.1 secure-truist-login-online.duckdns.org/assets/tru-core-icon-sprite.svg
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /assets/tru-core-icon-sprite.svg HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D75_sn_IAAJA1BKP7I1GU5QQR54KAIS08RFCIFQ; rxVisitor=1669666996431Q3JIDH6O5CT0I5QL7BHEP49VGRL8OKG6; dtPC=-75$466996425_795h2vCCAFMAVGARPKTUGRPQURRQKBHMCDDMRF-0e0; rxvt=1669668797053|1669666996432; dtLatC=96; dtSa=-; AMCV_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1176715910%7CMCIDTS%7C19325%7CvVersion%7C5.4.0
HTTP/1.1 404 Not Found
Date: Mon, 28 Nov 2022 20:23:18 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
secure-truist-login-online.duckdns.org/as/main.6b2b5be7c0191f9e.js
200 OK 2.2 MB URL HTTP/1.1 secure-truist-login-online.duckdns.org/as/main.6b2b5be7c0191f9e.js
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (65536), with no line terminators
Size 2.2 MB (2164385 bytes)
Hash 339a7b86b7bd9fa983e83fa76a63498a
6c890b832e26f7617a5861940706a1f129cc576a
8e7a992bcf52f3c70ac93d33ae5a90702425fc13486f55b3531f5519a5da45ad
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /as/main.6b2b5be7c0191f9e.js HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D75_sn_IAAJA1BKP7I1GU5QQR54KAIS08RFCIFQ; rxVisitor=1669666996431Q3JIDH6O5CT0I5QL7BHEP49VGRL8OKG6; dtPC=-75$466996425_795h1vCCAFMAVGARPKTUGRPQURRQKBHMCDDMRF-0e0; rxvt=1669668796432|1669666996432
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 20:23:17 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 10:21:02 GMT
Accept-Ranges: bytes
Content-Length: 2164385
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
dias.bank.truist.com/ui/assets/images/father-son.png
200 OK 140 kB URL HTTP/2 dias.bank.truist.com/ui/assets/images/father-son.png
IP
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1600x1600, components 3\012- data
Size 140 kB (140237 bytes)
Hash 13ef1dd9531309bed82c8587228ecb23
322ea99d980c4266d0d6ec4034994545b351e73f
2fb0edc4309fcb422b5a0a0649b316449435e6a4f9ae2f3dc294d4c207028d25
GET /ui/assets/images/father-son.png HTTP/1.1
Host: dias.bank.truist.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-length: 140237
content-type: image/png
etag: W/"140237-1667961614000"
last-modified: Wed, 09 Nov 2022 02:40:14 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
x-frame-options: DENY
x-content-type-options: nosniff
x-oneagent-js-injection: true
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 28 Nov 2022 20:23:18 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash f50d6bdd1de09d03bda431b6012dd7db
852ad8020ccd0ccc46ec8d98d80392833b600389
42acc7c1e4f6d2e784aeb53d10256a9d1237cb64a6acb2cf02a2bc66b388946e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=127918
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 20:23:18 GMT
Etag: "63846964-1d7"
Expires: Wed, 30 Nov 2022 07:55:16 GMT
Last-Modified: Mon, 28 Nov 2022 07:55:16 GMT
Server: nginx
Content-Length: 471
sstats.truist.com/id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=AA7A3BC75245B3BC0A490D4D%40AdobeOrg&mid=03169990215616263933549484796810866355&ts=1669666997440
200 OK 48 B URL HTTP/2 sstats.truist.com/id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=AA7A3BC75245B3BC0A490D4D%40AdobeOrg&mid=03169990215616263933549484796810866355&ts=1669666997440
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 7b5ec1b1a9485972d880f28559dc2ab4
d34befac34398de14dad0c9090677556711ac955
8a11115f9fa156a2e4c895f8d27d82dfc2a4de862422308585d911dc370797ed
GET /id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=AA7A3BC75245B3BC0A490D4D%40AdobeOrg&mid=03169990215616263933549484796810866355&ts=1669666997440 HTTP/1.1
Host: sstats.truist.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://secure-truist-login-online.duckdns.org
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://secure-truist-login-online.duckdns.org
access-control-allow-credentials: true
date: Mon, 28 Nov 2022 20:23:18 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_ecid=MCMID%7C03169990215616263933549484796810866355; Path=/; Domain=truist.com; Max-Age=63072000; Expires=Wed, 27 Nov 2024 20:23:23 GMT; SameSite=Lax;
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 48
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
secure-truist-login-online.duckdns.org/dias/info/config
404 Not Found 315 B URL HTTP/1.1 secure-truist-login-online.duckdns.org/dias/info/config
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /dias/info/config HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
x-dtpc: -75$466996425_795h4vCCAFMAVGARPKTUGRPQURRQKBHMCDDMRF-0e0
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D75_sn_IAAJA1BKP7I1GU5QQR54KAIS08RFCIFQ; rxVisitor=1669666996431Q3JIDH6O5CT0I5QL7BHEP49VGRL8OKG6; dtPC=-75$466996425_795h4vCCAFMAVGARPKTUGRPQURRQKBHMCDDMRF-0e0; rxvt=1669668797857|1669666996432; dtLatC=96; dtSa=-; AMCV_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1176715910%7CMCIDTS%7C19325%7CMCMID%7C03169990215616263933549484796810866355%7CMCAAMLH-1670271797%7C6%7CMCAAMB-1670271797%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1669674197s%7CNONE%7CvVersion%7C5.4.0; AMCVS_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1
HTTP/1.1 404 Not Found
Date: Mon, 28 Nov 2022 20:23:18 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
dias.bank.truist.com/ui/favicon.ico
200 OK 14 kB URL HTTP/2 dias.bank.truist.com/ui/favicon.ico
IP
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (673)
Hash ecdab1b25c05e085eaf648ffef881df8
b110666c6379424e9cf50843357eba5e60dea8f5
2299e4cd815978c60d22096d090cc8204b3d5a57d1595fb106b6c44e4bc3724d
GET /ui/favicon.ico HTTP/1.1
Host: dias.bank.truist.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: text/html
etag: W/"1074-1667961614000:dtagent10247220811100421uywL"
last-modified: Wed, 09 Nov 2022 02:40:13 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
x-frame-options: DENY
x-content-type-options: nosniff
cache-control: max-age=0
x-oneagent-js-injection: true
expires: Sun, 20 Nov 2022 19:49:02 GMT
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains
server-timing: dtRpid;desc="-1725343807", dtSInfo;desc="0"
vary: Accept-Encoding
content-encoding: gzip
date: Mon, 28 Nov 2022 20:23:18 GMT
content-length: 13675
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 3abfda95da9161a7940e489ba957e237
ddedb2266b851ea1e32ea00962e126b99d7709e4
7bddacb5331afb1e017c6a1e3cfaec6812354693597686f07328c2186200a538
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 28 Nov 2022 20:23:18 GMT
Last-Modified: Mon, 28 Nov 2022 19:49:08 GMT
Server: ECS (bsa/EB13)
X-Cache: Miss from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: j_Fn9Gux_ClD6lMlls6Jk1k0tp3BolnIqTsmLFFU3GGVCdweJZ4NlQ==
Age: 2050
cm.everesttech.net/cm/dd?d_uuid=11375966042483109664246322042451088668
302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=11375966042483109664246322042451088668
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=11375966042483109664246322042451088668 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Mon, 28 Nov 2022 20:23:18 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y4UYtgAAAB-UVQNn; Domain=.everesttech.net; Expires=Tue, 28-Nov-2023 20:23:18 GMT; Path=/
everest_session_v2=Y4UYtgAAAB-UVgNn; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y4UYtgAAAB-UVQNn
Server: AMO-cookiemap/1.1
dpm.demdex.net/ibs:dpid=411&dpuuid=Y4UYtgAAAB-UVQNn
302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=Y4UYtgAAAB-UVQNn
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=Y4UYtgAAAB-UVQNn HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://secure-truist-login-online.duckdns.org/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v045-05ee5fd88.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4UYtgAAAB-UVQNn
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=62630850178444984730452307246067340246; Max-Age=15552000; Expires=Sat, 27 May 2023 20:23:18 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: IQt5GuESQAM=
Content-Length: 0
Connection: keep-alive
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4UYtgAAAB-UVQNn
200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4UYtgAAAB-UVQNn
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4UYtgAAAB-UVQNn HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://secure-truist-login-online.duckdns.org/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-1-v045-0449b668e.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: eCWSOWoISTI=
Content-Length: 59
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6888
Expires: Mon, 28 Nov 2022 22:18:07 GMT
Date: Mon, 28 Nov 2022 20:23:19 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6888
Expires: Mon, 28 Nov 2022 22:18:07 GMT
Date: Mon, 28 Nov 2022 20:23:19 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6888
Expires: Mon, 28 Nov 2022 22:18:07 GMT
Date: Mon, 28 Nov 2022 20:23:19 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6888
Expires: Mon, 28 Nov 2022 22:18:07 GMT
Date: Mon, 28 Nov 2022 20:23:19 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1f434933b5bd6377d299ada22d1ae7ef
075531f525e625b117b2497f31139c9824d0e9c5
b587a3249e4f20112088608e3651c2ccbc44225a5c9d88d3bf5884d7f0e9029c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9430
x-amzn-requestid: 454ca8bd-a256-45f2-8b41-feee86c5af82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR7wyGCIIAMFhgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d99e-1488f8ce71a91ebc3ad6b7e0;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NMMuQ1NNks65LJK_HDAK69MfCJ3pS0Y6VzBs8_5Oku64v4FSWADCdw==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:01:46 GMT
age: 80493
etag: "075531f525e625b117b2497f31139c9824d0e9c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd56d2fad-ed89-4d96-831f-7f8467b7079b.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd56d2fad-ed89-4d96-831f-7f8467b7079b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 15bd53848c7082464273007e010c54e0
9a3ca698ca1aeae695923277ed2244465e01a1ea
36cfa29965173ea683992d4b436f393e92c978350347f869355d933613e2c005
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd56d2fad-ed89-4d96-831f-7f8467b7079b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10119
x-amzn-requestid: 20bfd6a6-2981-42ca-8997-9363676773c1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR782HEZIAMFTKQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d9eb-552581a92a69d6cd322bf334;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:43:07 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _jTN1lFL0_PS-9DYgE6O2V6s6AYnlGJs0xCEHn761Mxq_asytlaRoQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:51:40 GMT
age: 81099
etag: "9a3ca698ca1aeae695923277ed2244465e01a1ea"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2cd887044e91d7ed0f1a8d7119ff7dd0
ae8aa4ce6ddaccba771fe65446926b60fc5628da
bad283c15531000b7a8c126d442154b64a880cc26196a46cbd2e6266a526db67
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10199
x-amzn-requestid: baee3bbe-7ded-425a-ae39-fccfc8169217
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iF1VIAMF09g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-5522727b2f09b27e63b23270;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CXOqm7bjsSV0aJBTkTI7LsMovjgPeISPt3sZotEc7CjZnUL_y4_OoQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:42:14 GMT
age: 81665
etag: "ae8aa4ce6ddaccba771fe65446926b60fc5628da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f2e6328-f3c1-4a69-b0b6-73920b885144.jpeg
200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f2e6328-f3c1-4a69-b0b6-73920b885144.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3a1a4e00f1f15827cf651f373863c379
70c2a238f06ca7e56ef80c83738e081bf0de3330
3d936e1f0c96297f121faece12d6f8173e12eed5087165cd4eefc0fab368419f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f2e6328-f3c1-4a69-b0b6-73920b885144.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8885
x-amzn-requestid: 71b8367f-f79f-42a7-bcb8-c441a154babf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cGDTEFSeIAMF3rg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637f18e0-631b775d3430a8c30c3b4420;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 07:10:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jsmd6yxjJxLMEgv1jDa87iEoZXL2OuALsmUZ9Nxx1rUN-xOTdtN1-A==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 10:13:33 GMT
age: 36586
etag: "70c2a238f06ca7e56ef80c83738e081bf0de3330"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg
200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 78b1389f425425d0450c94d900404dc4
53b12a8702f7c5b7cc697e2a24da824d9434be65
0c1659ab3afc6e45f9e3acb12f8865bb99e4668f7df4501b1cc740e53f5b62ed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6376
x-amzn-requestid: 25b82353-9c15-44c0-ada5-55f4697de935
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR6_KGeaoAMFb_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d860-71711cca7c063030292c5e47;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:36:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: odmAWkNyUMevvXStu7zRJyckokhyBjUwu7-JSvj8by-JWJ9eAm9P5Q==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:01:46 GMT
age: 80493
etag: "53b12a8702f7c5b7cc697e2a24da824d9434be65"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F597d0b25-8af2-425a-be32-195ac8e4bc00.jpeg
200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F597d0b25-8af2-425a-be32-195ac8e4bc00.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 514b4077fad50ba782e4bbb2c95c6852
4770f56d4d9489df43f33952e4bfa84d8e46414e
a97ce7c911625345342731b96cf423ee36182e101e3039694a666d6508a702ef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F597d0b25-8af2-425a-be32-195ac8e4bc00.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4374
x-amzn-requestid: 16fa9401-4b57-4300-9377-3a7d96de3a38
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cGB7uFWJIAMFfTg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637f16b1-3386c7b54d828c3b1393b9ce;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 07:01:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: eX9k1m_ag1vLXej_GsA2VhKBdk__3zO5VGKuJnj76uD_ITKFrtKGdA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 07:24:06 GMT
age: 46753
etag: "4770f56d4d9489df43f33952e4bfa84d8e46414e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
secure-truist-login-online.duckdns.org/ui/rb_dd022447-99bb-4e4a-8e68-67aec1c3d505?type=js3&sn=v_4_srv_-2D75_sn_IAAJA1BKP7I1GU5QQR54KAIS08RFCIFQ&svrid=-75&flavor=post&vi=CCAFMAVGARPKTUGRPQURRQKBHMCDDMRF-0&modifiedSince=1668734971679&rf=http%3A%2F%2Fsecure-truist-login-online.duckdns.org%2Flogin.php%3FVerification%3DTRUE%26Country%3DUS&bp=3&app=307988b0f4afb8ec&crc=1242168576&en=9va2smjd&end=1
404 Not Found 315 B URL HTTP/1.1 secure-truist-login-online.duckdns.org/ui/rb_dd022447-99bb-4e4a-8e68-67aec1c3d505?type=js3&sn=v_4_srv_-2D75_sn_IAAJA1BKP7I1GU5QQR54KAIS08RFCIFQ&svrid=-75&flavor=post&vi=CCAFMAVGARPKTUGRPQURRQKBHMCDDMRF-0&modifiedSince=1668734971679&rf=http%3A%2F%2Fsecure-truist-login-online.duckdns.org%2Flogin.php%3FVerification%3DTRUE%26Country%3DUS&bp=3&app=307988b0f4afb8ec&crc=1242168576&en=9va2smjd&end=1
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery DynDNS domain detected
POST /ui/rb_dd022447-99bb-4e4a-8e68-67aec1c3d505?type=js3&sn=v_4_srv_-2D75_sn_IAAJA1BKP7I1GU5QQR54KAIS08RFCIFQ&svrid=-75&flavor=post&vi=CCAFMAVGARPKTUGRPQURRQKBHMCDDMRF-0&modifiedSince=1668734971679&rf=http%3A%2F%2Fsecure-truist-login-online.duckdns.org%2Flogin.php%3FVerification%3DTRUE%26Country%3DUS&bp=3&app=307988b0f4afb8ec&crc=1242168576&en=9va2smjd&end=1 HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/plain;charset=UTF-8
Content-Length: 2420
Origin: http://secure-truist-login-online.duckdns.org
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D75_sn_IAAJA1BKP7I1GU5QQR54KAIS08RFCIFQ; rxVisitor=1669666996431Q3JIDH6O5CT0I5QL7BHEP49VGRL8OKG6; dtPC=-75$466996425_795h-vCCAFMAVGARPKTUGRPQURRQKBHMCDDMRF-0e0; rxvt=1669668798324|1669666996432; dtLatC=96; dtSa=-; AMCV_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1176715910%7CMCIDTS%7C19325%7CMCMID%7C03169990215616263933549484796810866355%7CMCAAMLH-1670271797%7C6%7CMCAAMB-1670271797%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1669674197s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19332%7CvVersion%7C5.4.0; AMCVS_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1
HTTP/1.1 404 Not Found
Date: Mon, 28 Nov 2022 20:23:20 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
secure-truist-login-online.duckdns.org/ui/rb_dd022447-99bb-4e4a-8e68-67aec1c3d505?type=js3&sn=v_4_srv_-2D75_sn_IAAJA1BKP7I1GU5QQR54KAIS08RFCIFQ&svrid=-75&flavor=post&vi=CCAFMAVGARPKTUGRPQURRQKBHMCDDMRF-0&modifiedSince=1668734971679&rf=http%3A%2F%2Fsecure-truist-login-online.duckdns.org%2Flogin.php%3FVerification%3DTRUE%26Country%3DUS&bp=3&app=307988b0f4afb8ec&crc=2786207761&en=9va2smjd&end=1
404 Not Found 315 B URL HTTP/1.1 secure-truist-login-online.duckdns.org/ui/rb_dd022447-99bb-4e4a-8e68-67aec1c3d505?type=js3&sn=v_4_srv_-2D75_sn_IAAJA1BKP7I1GU5QQR54KAIS08RFCIFQ&svrid=-75&flavor=post&vi=CCAFMAVGARPKTUGRPQURRQKBHMCDDMRF-0&modifiedSince=1668734971679&rf=http%3A%2F%2Fsecure-truist-login-online.duckdns.org%2Flogin.php%3FVerification%3DTRUE%26Country%3DUS&bp=3&app=307988b0f4afb8ec&crc=2786207761&en=9va2smjd&end=1
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery DynDNS domain detected
POST /ui/rb_dd022447-99bb-4e4a-8e68-67aec1c3d505?type=js3&sn=v_4_srv_-2D75_sn_IAAJA1BKP7I1GU5QQR54KAIS08RFCIFQ&svrid=-75&flavor=post&vi=CCAFMAVGARPKTUGRPQURRQKBHMCDDMRF-0&modifiedSince=1668734971679&rf=http%3A%2F%2Fsecure-truist-login-online.duckdns.org%2Flogin.php%3FVerification%3DTRUE%26Country%3DUS&bp=3&app=307988b0f4afb8ec&crc=2786207761&en=9va2smjd&end=1 HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/plain;charset=UTF-8
Content-Length: 3905
Origin: http://secure-truist-login-online.duckdns.org
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D75_sn_IAAJA1BKP7I1GU5QQR54KAIS08RFCIFQ; rxVisitor=1669666996431Q3JIDH6O5CT0I5QL7BHEP49VGRL8OKG6; dtPC=-75$466996425_795h-vCCAFMAVGARPKTUGRPQURRQKBHMCDDMRF-0e0; rxvt=1669668798324|1669666996432; dtLatC=96; dtSa=-; AMCV_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1176715910%7CMCIDTS%7C19325%7CMCMID%7C03169990215616263933549484796810866355%7CMCAAMLH-1670271797%7C6%7CMCAAMB-1670271797%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1669674197s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19332%7CvVersion%7C5.4.0; AMCVS_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1
HTTP/1.1 404 Not Found
Date: Mon, 28 Nov 2022 20:23:22 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb4908162-9f1d-4654-8d78-fe85386ce233.jpeg
200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb4908162-9f1d-4654-8d78-fe85386ce233.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7e5051d8c06f69e1842a9295ce256a36
1a542a53ba0b1cd0fb23257ebed8166555f16dfb
a7c0dbbb4d0d9138f5ca318cc2aa44e12dadf7ed6263ec204ba756da64b29c41
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb4908162-9f1d-4654-8d78-fe85386ce233.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 7556
x-amzn-requestid: 1cda5313-2256-4830-bf84-2e6e15949d3e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR78KFTmoAMF4yg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d9e7-452e36d718a298d12a2374a9;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:43:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 70UuQl2XCoplrZYENrKleE2mcvB-xP9zZGs8Tuh21NidSiHvA97sXw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:51:09 GMT
age: 81136
etag: "1a542a53ba0b1cd0fb23257ebed8166555f16dfb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
secure-truist-login-online.duckdns.org/as/styles_r.css
200 OK 0 B URL HTTP/1.1 secure-truist-login-online.duckdns.org/as/styles_r.css
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /as/styles_r.css HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D75_sn_IAAJA1BKP7I1GU5QQR54KAIS08RFCIFQ; rxVisitor=1669666996431Q3JIDH6O5CT0I5QL7BHEP49VGRL8OKG6; dtPC=-75$466996425_795h1vCCAFMAVGARPKTUGRPQURRQKBHMCDDMRF-0e0; rxvt=1669668796432|1669666996432
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 20:23:17 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:50 GMT
Accept-Ranges: bytes
Content-Length: 159564
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
20.106.149.200
13.36.218.177
23.36.77.32
93.184.220.29
54.229.62.148
23.72.139.80