Report - secure-usa.com/auth.php?country_x=&locale-8731002x=E?

Report Overview

Submitted URL
secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
IP
72.167.104.111
ASN
#398101 GO-DADDY-COM-LLC
Submitted
2024-05-02 12:26:22
Access
public
Website Title
Chase Online
Final URL
secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Tags
chase financial phishing
urlquery detections
Phishing - Chase

Detections

urlquery
23
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.starfieldtech.com	6616	2003-03-06	2012-06-22	2024-05-01	334 B	374 B	192.124.249.41
secure-usa.com	unknown	unknown	2021-02-01	2021-02-01	5.7 kB	1.1 MB	72.167.104.111

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	secure-usa.com/auth.php?country_x=&locale-8731002x=E?_	411 B	2023-03-07	2024-05-02
Pretty URL secure-usa.com/auth.php?country_x=&locale-8731002x=E?_ IP 72.167.104.111 ASN #398101 GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:24:56 Last Seen2024-05-02 15:26:27 Times Seen143 Hash d0a8e5b9476de42e8aad2fbe9f1d1cc2 c8cff8beb6f3afaffc8ae5292b199804cbac0973 d5bd6adbeb57fff52409279259672e886bcb5cf1cd22bddb7303ba6b638281c4 Loading...

	secure-usa.com/js/jquery.min.js	160 kB	2023-03-07	2024-05-12
Pretty URL secure-usa.com/js/jquery.min.js IP 72.167.104.111 ASN #398101 GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:56 Last Seen2024-05-12 19:00:01 Times Seen465 Hash 3e0ddb6a634db21d0eb75c99045a9854 5dfcfccfa6816c6327f4e367e8dfa303232b0999 89db88fadaf63fd4e91d869fed81834918debd6eacbe6e47b5ad54e061996aed Loading...

	secure-usa.com/js/jquery.validate.min.js	34 kB	2023-03-07	2024-05-02
Pretty URL secure-usa.com/js/jquery.validate.min.js IP 72.167.104.111 ASN #398101 GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-05-02 15:26:27 Times Seen421 Hash 9ea64390e300ed1a23e2b62b7cd5cb20 7df056209ee2091fc674aa9f59a1063c072e9e32 b8302f6aead75ca339781930167f4e1ad42f50cf7e17b654c93159037fc9fd20 Loading...

	secure-usa.com/js/sire.form.js	9.0 kB	2023-03-07	2024-05-02
Pretty URL secure-usa.com/js/sire.form.js IP 72.167.104.111 ASN #398101 GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:56 Last Seen2024-05-02 15:26:27 Times Seen235 Hash 6341469002b60e3d385eb78e9303160f e2ba4c2aa7371c294bb213194b69cdc45c06744c 7bff3e895288a7e759ee3ed42fff7fcffc951e11db133ee1c8e39d65ed1f225c Loading...

HTTP Transactions (12)

URL IP Response Size

ocsp.starfieldtech.com/

192.124.249.41

5 B

URL
ocsp.starfieldtech.com/
IP
192.124.249.41:0
ASN
#30148 SUCURI-SEC

File type
data
Size
5 B (5 bytes)
Hash
5bfa51f3a417b98e7443eca90fc94703
8c015d80b8a23f780bdd215dc842b0f5551f63bd
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

HTTP Headers

POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 02 May 2024 12:25:55 GMT
Content-Type: application/ocsp-response
Content-Length: 5
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
Cache-Control: public, no-transform, must-revalidate

secure-usa.com/auth.php?country_x=&locale-8731002x=E?_

72.167.104.111

200 OK

3.4 kB

URL User Request GET HTTP/2
secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
IP
72.167.104.111:443
ASN
#398101 GO-DADDY-COM-LLC

Certificate
IssuerStarfield Technologies, Inc.
Subjectsecure-usa.com
Fingerprint3D:09:9F:A2:9F:79:48:B6:BC:00:41:A0:0D:81:B2:7B:15:DC:97:96
ValidityThu, 02 May 2024 12:20:05 GMT - Fri, 02 May 2025 06:20:48 GMT

File type
JavaScript source, ASCII text, with very long lines (481), with CRLF line terminators
Size
3.4 kB (3356 bytes)
Hash
1340dc1b663b7f9adcb5e3868f181d0d
8d57544d889814ce0f14c97051d6170c5ad4f733
66b78933fe25e0a4c19b813ba8e1bdda9332b1c6b6eef6ff08e09983cbc58ebe

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase

HTTP Headers

GET /auth.php?country_x=&locale-8731002x=E?_ HTTP/1.1
Host: secure-usa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-powered-by: PHP/8.2.18
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=1rdu6nlguljm8uo8oh16cuc43c; path=/
vary: Accept-Encoding
content-encoding: br
content-length: 3356
content-type: text/html; charset=UTF-8
date: Thu, 02 May 2024 12:25:55 GMT
server: Apache
X-Firefox-Spdy: h2

secure-usa.com/js/jquery.validate.min.js

72.167.104.111

200 OK

7.8 kB

URL GET HTTP/2
secure-usa.com/js/jquery.validate.min.js
IP
72.167.104.111:443
ASN
#398101 GO-DADDY-COM-LLC

Requested by
https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Certificate
IssuerStarfield Technologies, Inc.
Subjectsecure-usa.com
Fingerprint3D:09:9F:A2:9F:79:48:B6:BC:00:41:A0:0D:81:B2:7B:15:DC:97:96
ValidityThu, 02 May 2024 12:20:05 GMT - Fri, 02 May 2025 06:20:48 GMT

File type
JavaScript source, ASCII text, with very long lines (833), with CRLF line terminators
Size
7.8 kB (7825 bytes)
Hash
9ea64390e300ed1a23e2b62b7cd5cb20
7df056209ee2091fc674aa9f59a1063c072e9e32
b8302f6aead75ca339781930167f4e1ad42f50cf7e17b654c93159037fc9fd20

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase

HTTP Headers

GET /js/jquery.validate.min.js HTTP/1.1
Host: secure-usa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Cookie: PHPSESSID=1rdu6nlguljm8uo8oh16cuc43c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 11 Aug 2018 12:12:40 GMT
etag: "31211b2-8687-57327c6d01e00-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 7825
content-type: text/javascript
date: Thu, 02 May 2024 12:25:55 GMT
server: Apache
X-Firefox-Spdy: h2

secure-usa.com/style/login.css

72.167.104.111

200 OK

17 kB

URL GET HTTP/2
secure-usa.com/style/login.css
IP
72.167.104.111:443
ASN
#398101 GO-DADDY-COM-LLC

Requested by
https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Certificate
IssuerStarfield Technologies, Inc.
Subjectsecure-usa.com
Fingerprint3D:09:9F:A2:9F:79:48:B6:BC:00:41:A0:0D:81:B2:7B:15:DC:97:96
ValidityThu, 02 May 2024 12:20:05 GMT - Fri, 02 May 2025 06:20:48 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
17 kB (16899 bytes)
Hash
34239eb04798513c4f4598aaf0681fd5
2f480d6ecc89dcd590ecdba662271867275f0834
8d9d13b8736cbc7fa34c0fb69933b88f6dcd7633826cc7581ab72d72df2685db

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase

HTTP Headers

GET /style/login.css HTTP/1.1
Host: secure-usa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Cookie: PHPSESSID=1rdu6nlguljm8uo8oh16cuc43c
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 11 Aug 2018 15:42:12 GMT
etag: "31211e5-220f6-5732ab4299d00-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 16899
content-type: text/css
date: Thu, 02 May 2024 12:25:55 GMT
server: Apache
X-Firefox-Spdy: h2

secure-usa.com/js/sire.form.js

72.167.104.111

200 OK

1.1 kB

URL GET HTTP/2
secure-usa.com/js/sire.form.js
IP
72.167.104.111:443
ASN
#398101 GO-DADDY-COM-LLC

Requested by
https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Certificate
IssuerStarfield Technologies, Inc.
Subjectsecure-usa.com
Fingerprint3D:09:9F:A2:9F:79:48:B6:BC:00:41:A0:0D:81:B2:7B:15:DC:97:96
ValidityThu, 02 May 2024 12:20:05 GMT - Fri, 02 May 2025 06:20:48 GMT

File type
JavaScript source, ASCII text, with very long lines (611), with CRLF line terminators
Size
1.1 kB (1146 bytes)
Hash
6341469002b60e3d385eb78e9303160f
e2ba4c2aa7371c294bb213194b69cdc45c06744c
7bff3e895288a7e759ee3ed42fff7fcffc951e11db133ee1c8e39d65ed1f225c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase

HTTP Headers

GET /js/sire.form.js HTTP/1.1
Host: secure-usa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Cookie: PHPSESSID=1rdu6nlguljm8uo8oh16cuc43c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 11 Aug 2018 13:18:32 GMT
etag: "31211b3-2325-57328b25eda00-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 1146
content-type: text/javascript
date: Thu, 02 May 2024 12:25:55 GMT
server: Apache
X-Firefox-Spdy: h2

secure-usa.com/js/jquery.min.js

72.167.104.111

200 OK

39 kB

URL GET HTTP/2
secure-usa.com/js/jquery.min.js
IP
72.167.104.111:443
ASN
#398101 GO-DADDY-COM-LLC

Requested by
https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Certificate
IssuerStarfield Technologies, Inc.
Subjectsecure-usa.com
Fingerprint3D:09:9F:A2:9F:79:48:B6:BC:00:41:A0:0D:81:B2:7B:15:DC:97:96
ValidityThu, 02 May 2024 12:20:05 GMT - Fri, 02 May 2025 06:20:48 GMT

File type
JavaScript source, ASCII text, with very long lines (568)
Size
39 kB (38555 bytes)
Hash
3e0ddb6a634db21d0eb75c99045a9854
5dfcfccfa6816c6327f4e367e8dfa303232b0999
89db88fadaf63fd4e91d869fed81834918debd6eacbe6e47b5ad54e061996aed

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase

HTTP Headers

GET /js/jquery.min.js HTTP/1.1
Host: secure-usa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Cookie: PHPSESSID=1rdu6nlguljm8uo8oh16cuc43c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 12 Jul 2018 09:40:24 GMT
etag: "31211b1-26f30-570ca27069200-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 38555
content-type: text/javascript
date: Thu, 02 May 2024 12:25:55 GMT
server: Apache
X-Firefox-Spdy: h2

secure-usa.com/style/dashboard.css

72.167.104.111

200 OK

245 kB

URL GET HTTP/2
secure-usa.com/style/dashboard.css
IP
72.167.104.111:443
ASN
#398101 GO-DADDY-COM-LLC

Requested by
https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Certificate
IssuerStarfield Technologies, Inc.
Subjectsecure-usa.com
Fingerprint3D:09:9F:A2:9F:79:48:B6:BC:00:41:A0:0D:81:B2:7B:15:DC:97:96
ValidityThu, 02 May 2024 12:20:05 GMT - Fri, 02 May 2025 06:20:48 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
245 kB (245318 bytes)
Hash
c808795d929909f616e72f635ba36646
1ade6a560461803cb57dc87e16176f41b6c14327
b0287447a9450c74bcfab8140d7c4b43ccb5b8b69db5216e4712121716afef18

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase

HTTP Headers

GET /style/dashboard.css HTTP/1.1
Host: secure-usa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Cookie: PHPSESSID=1rdu6nlguljm8uo8oh16cuc43c
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 11 Aug 2018 15:41:24 GMT
etag: "31211b9-1d3adb-5732ab14d3100-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/css
date: Thu, 02 May 2024 12:25:55 GMT
server: Apache
X-Firefox-Spdy: h2

secure-usa.com/style/img/test.jpeg

72.167.104.111

200 OK

302 kB

URL GET HTTP/2
secure-usa.com/style/img/test.jpeg
IP
72.167.104.111:443
ASN
#398101 GO-DADDY-COM-LLC

Requested by
https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Certificate
IssuerStarfield Technologies, Inc.
Subjectsecure-usa.com
Fingerprint3D:09:9F:A2:9F:79:48:B6:BC:00:41:A0:0D:81:B2:7B:15:DC:97:96
ValidityThu, 02 May 2024 12:20:05 GMT - Fri, 02 May 2025 06:20:48 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x1080, components 3
Size
302 kB (302236 bytes)
Hash
d61371368790cf13ed5525a44008a72d
9e384a75eb00dc37fddb28eee789135c09872426
0d90c23ffd9891ceaa10448ae2ad40e81104a2ac28d234c83218a8274ad34f86

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase

HTTP Headers

GET /style/img/test.jpeg HTTP/1.1
Host: secure-usa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Cookie: PHPSESSID=1rdu6nlguljm8uo8oh16cuc43c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 03 Aug 2018 09:30:34 GMT
etag: "31211e2-49c9c-57284945e2280"
accept-ranges: bytes
content-length: 302236
content-type: image/jpeg
date: Thu, 02 May 2024 12:25:56 GMT
server: Apache
X-Firefox-Spdy: h2

secure-usa.com/img/wordmark-white.svg

72.167.104.111

404 Not Found

315 B

URL GET HTTP/2
secure-usa.com/img/wordmark-white.svg
IP
72.167.104.111:443
ASN
#398101 GO-DADDY-COM-LLC

Requested by
https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Certificate
IssuerStarfield Technologies, Inc.
Subjectsecure-usa.com
Fingerprint3D:09:9F:A2:9F:79:48:B6:BC:00:41:A0:0D:81:B2:7B:15:DC:97:96
ValidityThu, 02 May 2024 12:20:05 GMT - Fri, 02 May 2025 06:20:48 GMT

File type
HTML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase

HTTP Headers

GET /img/wordmark-white.svg HTTP/1.1
Host: secure-usa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://secure-usa.com/style/login.css
Cookie: PHPSESSID=1rdu6nlguljm8uo8oh16cuc43c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
content-length: 315
content-type: text/html; charset=iso-8859-1
date: Thu, 02 May 2024 12:25:57 GMT
server: Apache
X-Firefox-Spdy: h2

secure-usa.com/style/img/dcefont.woff

72.167.104.111

200 OK

54 kB

URL GET HTTP/2
secure-usa.com/style/img/dcefont.woff
IP
72.167.104.111:443
ASN
#398101 GO-DADDY-COM-LLC

Requested by
https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Certificate
IssuerStarfield Technologies, Inc.
Subjectsecure-usa.com
Fingerprint3D:09:9F:A2:9F:79:48:B6:BC:00:41:A0:0D:81:B2:7B:15:DC:97:96
ValidityThu, 02 May 2024 12:20:05 GMT - Fri, 02 May 2025 06:20:48 GMT

File type
Web Open Font Format, TrueType, length 53792, version 1.0
Size
54 kB (53792 bytes)
Hash
5dfe91292c95b3ac04c826a3985e738b
41c833e8f744935668501544ff49022627709aee
d75bef30599959292f501c97f1c3bbe31dbba72560b4602b9332a83a7794ba37

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase

HTTP Headers

GET /style/img/dcefont.woff HTTP/1.1
Host: secure-usa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://secure-usa.com/style/css/blue-ui.css
Cookie: PHPSESSID=1rdu6nlguljm8uo8oh16cuc43c
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 21 May 2018 10:36:02 GMT
etag: "31211dd-d220-56cb4de3ce880"
accept-ranges: bytes
content-length: 53792
vary: Accept-Encoding
content-type: font/woff
date: Thu, 02 May 2024 12:25:57 GMT
server: Apache
X-Firefox-Spdy: h2

secure-usa.com/style/img/chasefavicon.ico

72.167.104.111

404 Not Found

315 B

URL GET HTTP/2
secure-usa.com/style/img/chasefavicon.ico
IP
72.167.104.111:443
ASN
#398101 GO-DADDY-COM-LLC

Requested by
https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Certificate
IssuerStarfield Technologies, Inc.
Subjectsecure-usa.com
Fingerprint3D:09:9F:A2:9F:79:48:B6:BC:00:41:A0:0D:81:B2:7B:15:DC:97:96
ValidityThu, 02 May 2024 12:20:05 GMT - Fri, 02 May 2025 06:20:48 GMT

File type
HTML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase

HTTP Headers

GET /style/img/chasefavicon.ico HTTP/1.1
Host: secure-usa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Cookie: PHPSESSID=1rdu6nlguljm8uo8oh16cuc43c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
content-length: 315
content-type: text/html; charset=iso-8859-1
date: Thu, 02 May 2024 12:25:57 GMT
server: Apache
X-Firefox-Spdy: h2

secure-usa.com/style/css/blue-ui.css

72.167.104.111

200 OK

428 kB

URL GET HTTP/2
secure-usa.com/style/css/blue-ui.css
IP
72.167.104.111:443
ASN
#398101 GO-DADDY-COM-LLC

Requested by
https://secure-usa.com/auth.php?country_x=&locale-8731002x=E?_
Certificate
IssuerStarfield Technologies, Inc.
Subjectsecure-usa.com
Fingerprint3D:09:9F:A2:9F:79:48:B6:BC:00:41:A0:0D:81:B2:7B:15:DC:97:96
ValidityThu, 02 May 2024 12:20:05 GMT - Fri, 02 May 2025 06:20:48 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
428 kB (428432 bytes)
Hash
c919e7eb6fdb917c81bb58d4e62d1ee6
43de0123cc0009713bb992f07b07a3584b5c471f
f81bcbda5218bdf462b2d17c817594735b27dbc73a6073e7f3f07ec2a4c0e79b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase

HTTP Headers

GET /style/css/blue-ui.css HTTP/1.1
Host: secure-usa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://secure-usa.com/style/dashboard.css
Cookie: PHPSESSID=1rdu6nlguljm8uo8oh16cuc43c
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Sat, 11 Aug 2018 15:43:02 GMT
etag: "31211b6-68990-5732ab7248d80-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 47049
content-type: text/css
date: Thu, 02 May 2024 12:25:56 GMT
server: Apache
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (12)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections