ocsp.starfieldtech.com/
192.124.249.41 5 B IP 192.124.249.41:0
Hash 5bfa51f3a417b98e7443eca90fc94703
8c015d80b8a23f780bdd215dc842b0f5551f63bd
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 02 May 2024 12:25:55 GMT
Content-Type: application/ocsp-response
Content-Length: 5
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
Cache-Control: public, no-transform, must-revalidate
secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
72.167.104.111200 OK 3.4 kB URL User Request GET HTTP/2 secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
IP 72.167.104.111:443
ASN #398101 GO-DADDY-COM-LLC
Certificate IssuerStarfield Technologies, Inc.
Subjectsecure-usa.com
Fingerprint3D:09:9F:A2:9F:79:48:B6:BC:00:41:A0:0D:81:B2:7B:15:DC:97:96
ValidityThu, 02 May 2024 12:20:05 GMT - Fri, 02 May 2025 06:20:48 GMT
File type JavaScript source, ASCII text, with very long lines (481), with CRLF line terminators
Hash 1340dc1b663b7f9adcb5e3868f181d0d
8d57544d889814ce0f14c97051d6170c5ad4f733
66b78933fe25e0a4c19b813ba8e1bdda9332b1c6b6eef6ff08e09983cbc58ebe
Analyzer Verdict Alert urlquery phishing Phishing - Chase
GET /auth.php?country_x=&locale-8731002x=E?_ HTTP/1.1
Host: secure-usa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
x-powered-by: PHP/8.2.18
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=1rdu6nlguljm8uo8oh16cuc43c; path=/
vary: Accept-Encoding
content-encoding: br
content-length: 3356
content-type: text/html; charset=UTF-8
date: Thu, 02 May 2024 12:25:55 GMT
server: Apache
X-Firefox-Spdy: h2
secure-usa.com/js/jquery.validate.min.js
72.167.104.111200 OK 7.8 kB URL GET HTTP/2 secure-usa.com/js/jquery.validate.min.js
IP 72.167.104.111:443
ASN #398101 GO-DADDY-COM-LLC
Requested by https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Certificate IssuerStarfield Technologies, Inc.
Subjectsecure-usa.com
Fingerprint3D:09:9F:A2:9F:79:48:B6:BC:00:41:A0:0D:81:B2:7B:15:DC:97:96
ValidityThu, 02 May 2024 12:20:05 GMT - Fri, 02 May 2025 06:20:48 GMT
File type JavaScript source, ASCII text, with very long lines (833), with CRLF line terminators
Hash 9ea64390e300ed1a23e2b62b7cd5cb20
7df056209ee2091fc674aa9f59a1063c072e9e32
b8302f6aead75ca339781930167f4e1ad42f50cf7e17b654c93159037fc9fd20
Analyzer Verdict Alert urlquery phishing Phishing - Chase
GET /js/jquery.validate.min.js HTTP/1.1
Host: secure-usa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Cookie: PHPSESSID=1rdu6nlguljm8uo8oh16cuc43c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 11 Aug 2018 12:12:40 GMT
etag: "31211b2-8687-57327c6d01e00-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 7825
content-type: text/javascript
date: Thu, 02 May 2024 12:25:55 GMT
server: Apache
X-Firefox-Spdy: h2
secure-usa.com/style/login.css
72.167.104.111200 OK 17 kB URL GET HTTP/2 secure-usa.com/style/login.css
IP 72.167.104.111:443
ASN #398101 GO-DADDY-COM-LLC
Requested by https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Certificate IssuerStarfield Technologies, Inc.
Subjectsecure-usa.com
Fingerprint3D:09:9F:A2:9F:79:48:B6:BC:00:41:A0:0D:81:B2:7B:15:DC:97:96
ValidityThu, 02 May 2024 12:20:05 GMT - Fri, 02 May 2025 06:20:48 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 34239eb04798513c4f4598aaf0681fd5
2f480d6ecc89dcd590ecdba662271867275f0834
8d9d13b8736cbc7fa34c0fb69933b88f6dcd7633826cc7581ab72d72df2685db
Analyzer Verdict Alert urlquery phishing Phishing - Chase
GET /style/login.css HTTP/1.1
Host: secure-usa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Cookie: PHPSESSID=1rdu6nlguljm8uo8oh16cuc43c
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 11 Aug 2018 15:42:12 GMT
etag: "31211e5-220f6-5732ab4299d00-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 16899
content-type: text/css
date: Thu, 02 May 2024 12:25:55 GMT
server: Apache
X-Firefox-Spdy: h2
secure-usa.com/js/sire.form.js
72.167.104.111200 OK 1.1 kB URL GET HTTP/2 secure-usa.com/js/sire.form.js
IP 72.167.104.111:443
ASN #398101 GO-DADDY-COM-LLC
Requested by https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Certificate IssuerStarfield Technologies, Inc.
Subjectsecure-usa.com
Fingerprint3D:09:9F:A2:9F:79:48:B6:BC:00:41:A0:0D:81:B2:7B:15:DC:97:96
ValidityThu, 02 May 2024 12:20:05 GMT - Fri, 02 May 2025 06:20:48 GMT
File type JavaScript source, ASCII text, with very long lines (611), with CRLF line terminators
Hash 6341469002b60e3d385eb78e9303160f
e2ba4c2aa7371c294bb213194b69cdc45c06744c
7bff3e895288a7e759ee3ed42fff7fcffc951e11db133ee1c8e39d65ed1f225c
Analyzer Verdict Alert urlquery phishing Phishing - Chase
GET /js/sire.form.js HTTP/1.1
Host: secure-usa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Cookie: PHPSESSID=1rdu6nlguljm8uo8oh16cuc43c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 11 Aug 2018 13:18:32 GMT
etag: "31211b3-2325-57328b25eda00-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 1146
content-type: text/javascript
date: Thu, 02 May 2024 12:25:55 GMT
server: Apache
X-Firefox-Spdy: h2
secure-usa.com/js/jquery.min.js
72.167.104.111200 OK 39 kB URL GET HTTP/2 secure-usa.com/js/jquery.min.js
IP 72.167.104.111:443
ASN #398101 GO-DADDY-COM-LLC
Requested by https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Certificate IssuerStarfield Technologies, Inc.
Subjectsecure-usa.com
Fingerprint3D:09:9F:A2:9F:79:48:B6:BC:00:41:A0:0D:81:B2:7B:15:DC:97:96
ValidityThu, 02 May 2024 12:20:05 GMT - Fri, 02 May 2025 06:20:48 GMT
File type JavaScript source, ASCII text, with very long lines (568)
Hash 3e0ddb6a634db21d0eb75c99045a9854
5dfcfccfa6816c6327f4e367e8dfa303232b0999
89db88fadaf63fd4e91d869fed81834918debd6eacbe6e47b5ad54e061996aed
Analyzer Verdict Alert urlquery phishing Phishing - Chase
GET /js/jquery.min.js HTTP/1.1
Host: secure-usa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Cookie: PHPSESSID=1rdu6nlguljm8uo8oh16cuc43c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 12 Jul 2018 09:40:24 GMT
etag: "31211b1-26f30-570ca27069200-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 38555
content-type: text/javascript
date: Thu, 02 May 2024 12:25:55 GMT
server: Apache
X-Firefox-Spdy: h2
secure-usa.com/style/dashboard.css
72.167.104.111200 OK 245 kB URL GET HTTP/2 secure-usa.com/style/dashboard.css
IP 72.167.104.111:443
ASN #398101 GO-DADDY-COM-LLC
Requested by https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Certificate IssuerStarfield Technologies, Inc.
Subjectsecure-usa.com
Fingerprint3D:09:9F:A2:9F:79:48:B6:BC:00:41:A0:0D:81:B2:7B:15:DC:97:96
ValidityThu, 02 May 2024 12:20:05 GMT - Fri, 02 May 2025 06:20:48 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 245 kB (245318 bytes)
Hash c808795d929909f616e72f635ba36646
1ade6a560461803cb57dc87e16176f41b6c14327
b0287447a9450c74bcfab8140d7c4b43ccb5b8b69db5216e4712121716afef18
Analyzer Verdict Alert urlquery phishing Phishing - Chase
GET /style/dashboard.css HTTP/1.1
Host: secure-usa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Cookie: PHPSESSID=1rdu6nlguljm8uo8oh16cuc43c
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 11 Aug 2018 15:41:24 GMT
etag: "31211b9-1d3adb-5732ab14d3100-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/css
date: Thu, 02 May 2024 12:25:55 GMT
server: Apache
X-Firefox-Spdy: h2
secure-usa.com/style/img/test.jpeg
72.167.104.111200 OK 302 kB URL GET HTTP/2 secure-usa.com/style/img/test.jpeg
IP 72.167.104.111:443
ASN #398101 GO-DADDY-COM-LLC
Requested by https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Certificate IssuerStarfield Technologies, Inc.
Subjectsecure-usa.com
Fingerprint3D:09:9F:A2:9F:79:48:B6:BC:00:41:A0:0D:81:B2:7B:15:DC:97:96
ValidityThu, 02 May 2024 12:20:05 GMT - Fri, 02 May 2025 06:20:48 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x1080, components 3
Size 302 kB (302236 bytes)
Hash d61371368790cf13ed5525a44008a72d
9e384a75eb00dc37fddb28eee789135c09872426
0d90c23ffd9891ceaa10448ae2ad40e81104a2ac28d234c83218a8274ad34f86
Analyzer Verdict Alert urlquery phishing Phishing - Chase
GET /style/img/test.jpeg HTTP/1.1
Host: secure-usa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Cookie: PHPSESSID=1rdu6nlguljm8uo8oh16cuc43c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 03 Aug 2018 09:30:34 GMT
etag: "31211e2-49c9c-57284945e2280"
accept-ranges: bytes
content-length: 302236
content-type: image/jpeg
date: Thu, 02 May 2024 12:25:56 GMT
server: Apache
X-Firefox-Spdy: h2
secure-usa.com/img/wordmark-white.svg
72.167.104.111404 Not Found 315 B URL GET HTTP/2 secure-usa.com/img/wordmark-white.svg
IP 72.167.104.111:443
ASN #398101 GO-DADDY-COM-LLC
Requested by https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Certificate IssuerStarfield Technologies, Inc.
Subjectsecure-usa.com
Fingerprint3D:09:9F:A2:9F:79:48:B6:BC:00:41:A0:0D:81:B2:7B:15:DC:97:96
ValidityThu, 02 May 2024 12:20:05 GMT - Fri, 02 May 2025 06:20:48 GMT
File type HTML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - Chase
GET /img/wordmark-white.svg HTTP/1.1
Host: secure-usa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://secure-usa.com/style/login.css
Cookie: PHPSESSID=1rdu6nlguljm8uo8oh16cuc43c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
content-length: 315
content-type: text/html; charset=iso-8859-1
date: Thu, 02 May 2024 12:25:57 GMT
server: Apache
X-Firefox-Spdy: h2
secure-usa.com/style/img/dcefont.woff
72.167.104.111200 OK 54 kB URL GET HTTP/2 secure-usa.com/style/img/dcefont.woff
IP 72.167.104.111:443
ASN #398101 GO-DADDY-COM-LLC
Requested by https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Certificate IssuerStarfield Technologies, Inc.
Subjectsecure-usa.com
Fingerprint3D:09:9F:A2:9F:79:48:B6:BC:00:41:A0:0D:81:B2:7B:15:DC:97:96
ValidityThu, 02 May 2024 12:20:05 GMT - Fri, 02 May 2025 06:20:48 GMT
File type Web Open Font Format, TrueType, length 53792, version 1.0
Hash 5dfe91292c95b3ac04c826a3985e738b
41c833e8f744935668501544ff49022627709aee
d75bef30599959292f501c97f1c3bbe31dbba72560b4602b9332a83a7794ba37
Analyzer Verdict Alert urlquery phishing Phishing - Chase
GET /style/img/dcefont.woff HTTP/1.1
Host: secure-usa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://secure-usa.com/style/css/blue-ui.css
Cookie: PHPSESSID=1rdu6nlguljm8uo8oh16cuc43c
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 21 May 2018 10:36:02 GMT
etag: "31211dd-d220-56cb4de3ce880"
accept-ranges: bytes
content-length: 53792
vary: Accept-Encoding
content-type: font/woff
date: Thu, 02 May 2024 12:25:57 GMT
server: Apache
X-Firefox-Spdy: h2
secure-usa.com/style/img/chasefavicon.ico
72.167.104.111404 Not Found 315 B URL GET HTTP/2 secure-usa.com/style/img/chasefavicon.ico
IP 72.167.104.111:443
ASN #398101 GO-DADDY-COM-LLC
Requested by https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Certificate IssuerStarfield Technologies, Inc.
Subjectsecure-usa.com
Fingerprint3D:09:9F:A2:9F:79:48:B6:BC:00:41:A0:0D:81:B2:7B:15:DC:97:96
ValidityThu, 02 May 2024 12:20:05 GMT - Fri, 02 May 2025 06:20:48 GMT
File type HTML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - Chase
GET /style/img/chasefavicon.ico HTTP/1.1
Host: secure-usa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Cookie: PHPSESSID=1rdu6nlguljm8uo8oh16cuc43c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
content-length: 315
content-type: text/html; charset=iso-8859-1
date: Thu, 02 May 2024 12:25:57 GMT
server: Apache
X-Firefox-Spdy: h2
secure-usa.com/style/css/blue-ui.css
72.167.104.111200 OK 428 kB URL GET HTTP/2 secure-usa.com/style/css/blue-ui.css
IP 72.167.104.111:443
ASN #398101 GO-DADDY-COM-LLC
Requested by https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Certificate IssuerStarfield Technologies, Inc.
Subjectsecure-usa.com
Fingerprint3D:09:9F:A2:9F:79:48:B6:BC:00:41:A0:0D:81:B2:7B:15:DC:97:96
ValidityThu, 02 May 2024 12:20:05 GMT - Fri, 02 May 2025 06:20:48 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 428 kB (428432 bytes)
Hash c919e7eb6fdb917c81bb58d4e62d1ee6
43de0123cc0009713bb992f07b07a3584b5c471f
f81bcbda5218bdf462b2d17c817594735b27dbc73a6073e7f3f07ec2a4c0e79b
Analyzer Verdict Alert urlquery phishing Phishing - Chase
GET /style/css/blue-ui.css HTTP/1.1
Host: secure-usa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://secure-usa.com/style/dashboard.css
Cookie: PHPSESSID=1rdu6nlguljm8uo8oh16cuc43c
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
last-modified: Sat, 11 Aug 2018 15:43:02 GMT
etag: "31211b6-68990-5732ab7248d80-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 47049
content-type: text/css
date: Thu, 02 May 2024 12:25:56 GMT
server: Apache
X-Firefox-Spdy: h2