Overview

URLrcu6.com/email-account.php
IP 45.133.200.3 (Seychelles)
ASN#200313 WEB_GroupInternet INC
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-07 13:03:17 UTC
StatusLoading report..
IDS alerts0
Blocklist alert79
urlquery alerts
33
Phishing - Huntington
Tags None

Domain Summary (34)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-12-06 17:31:54 UTC 34.120.237.76
mef957.dynatrace-managed.com (2) 107553 2019-04-14 21:07:15 UTC 2022-12-07 00:39:27 UTC 100.24.162.178
ocsp.godaddy.com (1) 698 2012-05-20 19:28:57 UTC 2022-12-06 17:14:46 UTC 192.124.249.23
px.ads.linkedin.com (1) 522 2017-08-08 16:28:50 UTC 2022-12-07 00:13:11 UTC 13.107.42.14
www.googletagmanager.com (6) 75 2012-10-04 01:07:32 UTC 2022-12-06 23:57:23 UTC 142.250.74.40
sp.analytics.yahoo.com (1) 816 2014-01-31 20:48:24 UTC 2022-12-06 17:43:34 UTC 212.82.100.181
adservice.google.com (1) 76 2017-09-26 14:24:07 UTC 2022-12-07 00:41:02 UTC 216.58.207.226
rcu6.com (79) 0 2022-11-25 11:18:34 UTC 2022-12-07 00:30:21 UTC 45.133.200.3 Unknown ranking
r3.o.lencr.org (7) 344 2020-12-02 08:52:13 UTC 2022-12-06 17:12:17 UTC 95.101.11.115
cdn.clinch.co (1) 7154 2016-06-28 14:52:48 UTC 2022-12-07 00:39:25 UTC 95.101.10.90
snap.licdn.com (1) 1044 2014-10-06 08:43:45 UTC 2022-12-06 17:12:24 UTC 95.101.11.57
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2022-12-06 17:19:43 UTC 35.163.38.240
huntingtonbank.inq.com (2) 92998 2019-10-05 04:12:49 UTC 2022-12-07 00:39:25 UTC 52.177.241.160
ocsp.pki.goog (14) 175 2017-06-14 07:23:31 UTC 2022-12-06 17:12:08 UTC 142.250.74.131
www.facebook.com (1) 99 No data No data 31.13.72.36
www.huntington.com (25) 56151 2014-08-03 07:06:58 UTC 2022-12-07 00:39:24 UTC 23.72.139.51
ensighten.huntingtonbank.com (3) 91425 2019-02-13 11:49:10 UTC 2022-12-07 00:39:25 UTC 52.51.219.145
firefox.settings.services.mozilla.com (2) 867 2020-05-25 20:06:39 UTC 2022-12-06 17:12:34 UTC 34.102.187.140
s.yimg.com (1) 375 2012-05-20 22:45:00 UTC 2022-12-06 18:52:25 UTC 188.125.94.206
cdn.linkedin.oribi.io (2) 0 2022-10-19 14:36:39 UTC 2022-12-06 17:12:25 UTC 143.204.55.61 Domain (oribi.io) ranked at: 21988
trk.clinch.co (3) 5423 2014-12-18 18:54:09 UTC 2022-12-07 00:39:28 UTC 34.203.147.81
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-12-06 17:13:17 UTC 34.117.237.239
connect.facebook.net (1) 139 2012-05-22 02:51:28 UTC 2022-12-06 17:12:12 UTC 157.240.247.8
2782440.fls.doubleclick.net (1) 0 2013-09-06 16:38:29 UTC 2022-12-07 00:39:26 UTC 142.250.74.38 Domain (doubleclick.net) ranked at: 2267
media-lax1.inq.com (1) 41901 2016-05-03 07:58:42 UTC 2022-12-07 00:39:25 UTC 35.186.193.174
f1.media.brightcove.com (1) 21505 2017-08-29 06:13:23 UTC 2022-12-07 00:39:24 UTC 151.101.194.27
fls.doubleclick.net (1) 436 2012-05-29 19:25:55 UTC 2022-12-07 00:39:25 UTC 142.250.74.166
www.google.no (4) 25607 2012-06-26 23:22:08 UTC 2022-12-06 20:15:41 UTC 142.250.74.67
www.google.com (4) 7 2012-11-08 00:08:21 UTC 2022-12-06 23:42:40 UTC 142.250.74.132
adservice.google.no (1) 96969 2017-09-26 14:23:08 UTC 2022-12-06 17:12:04 UTC 142.250.74.162
ocsp.digicert.com (7) 86 2012-05-21 07:02:23 UTC 2022-12-06 21:45:35 UTC 93.184.220.29
content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-12-06 17:17:39 UTC 34.160.144.191
players.brightcove.net (1) 3805 2014-10-07 17:45:09 UTC 2022-12-07 00:37:53 UTC 2.18.173.25
googleads.g.doubleclick.net (4) 42 2012-05-21 07:15:40 UTC 2022-12-07 01:04:57 UTC 142.250.74.34

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-12-06 2 rcu6.com/email-account.php Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank
2022-12-06 2 rcu6.com/ Huntington Bank

PhishTank
 No alerts detected

Fortinet's Web Filter
 No alerts detected

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 45.133.200.3
Date UQ / IDS / BL URL IP
2023-01-31 03:40:28 +0000 0 - 0 - 5 web22.name/ 45.133.200.3
2023-01-31 02:31:10 +0000 0 - 0 - 2 blockchain.ssl-coin-base.com/ 45.133.200.3
2023-01-31 02:18:30 +0000 0 - 0 - 2 www.blockchain.ssl-coin-base.com/ 45.133.200.3
2023-01-28 23:33:14 +0000 0 - 2 - 0 umper.cc/ 45.133.200.3
2023-01-28 20:35:53 +0000 0 - 0 - 2 favaey.com/citizen_bank/darkx/ms/index.php 45.133.200.3


Last 5 reports on ASN: WEB_GroupInternet INC
Date UQ / IDS / BL URL IP
2023-01-31 03:40:28 +0000 0 - 0 - 5 web22.name/ 45.133.200.3
2023-01-31 03:21:39 +0000 0 - 4 - 1 45.83.122.177/hstart.exe 45.83.122.177
2023-01-31 02:31:10 +0000 0 - 0 - 2 blockchain.ssl-coin-base.com/ 45.133.200.3
2023-01-31 02:18:30 +0000 0 - 0 - 2 www.blockchain.ssl-coin-base.com/ 45.133.200.3
2023-01-28 23:33:14 +0000 0 - 2 - 0 umper.cc/ 45.133.200.3


Last 5 reports on domain: rcu6.com
Date UQ / IDS / BL URL IP
2022-12-07 13:03:17 +0000 33 - 0 - 79 rcu6.com/email-account.php 45.133.200.3
2022-12-07 13:02:34 +0000 34 - 0 - 79 rcu6.com/ 45.133.200.3
2022-12-07 03:42:24 +0000 31 - 0 - 77 rcu6.com/ 45.133.200.3
2022-12-07 00:39:35 +0000 28 - 0 - 77 rcu6.com/email-account.php 45.133.200.3
2022-12-06 20:16:38 +0000 32 - 0 - 35 rcu6.com/email-account.php 45.133.200.3


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-12-07 13:02:34 +0000 34 - 0 - 79 rcu6.com/ 45.133.200.3
2022-12-07 03:42:24 +0000 31 - 0 - 77 rcu6.com/ 45.133.200.3
2022-12-06 20:16:38 +0000 32 - 0 - 35 rcu6.com/email-account.php 45.133.200.3
2022-11-28 06:55:25 +0000 40 - 0 - 57 afumdw4.cf/Huntington/index.php 142.4.16.67
2022-11-28 06:55:35 +0000 37 - 0 - 58 afumdw4.cf/Huntington/ 142.4.16.67

JavaScript

Executed Scripts (40)

Executed Evals (11)
#1 JavaScript::Eval (size: 16195) - SHA256: 44e8e2163cdbde2338d98ff05168f6c7f5d14796b2f8c39e94715fa766300dee
var initRulesData = function(programRulesData) {
    rtnObj = {
        rules: programRulesData.append([]).append([Rule.create({
            id: 400,
            name: "MobileSuppression",
            vars: [],
            tt1: function(rule) {
                return [{
                    id: "onPageLanding"
                }]
            },
            cc2: function(rule, evt) {
                return ((!(isServiceBlocked("ANY"))) && (d8t("Unsupported")));
            },
            af3: function(rule, evt) {
                Inq.blockServices(["ALL"], 0);
                log("** TC: Chat is suppressed because this device is not supported [deviceType = Unsupported].");
            },
            active: true
        }), Rule.create({
            id: 100101,
            name: "reset VA DataPass Counters",
            vars: [],
            tt1: function(rule) {
                return [{
                    id: "onChatClosed",
                    serviceType: "ALL"
                }]
            },
            cc2: function(rule, evt) {
                return (true);
            },
            af3: function(rule, evt) {
                PM.getVar("ninaDPEventQueueCount", rule).z3(0);
                PM.getVar("ninaPageEventQueueCount", rule).z3(0);
            },
            active: true
        }), Rule.create({
            id: 100102,
            name: "parseVADatapass",
            vars: [],
            tt1: function(rule) {
                return [{
                    id: "onReceiveVADataPass"
                }]
            },
            cc2: function(rule, evt) {
                return (true);
            },
            af3: function(rule, evt) {
                PM.getVar("ninaPageEventQueueCount", rule).z3((PM.getVar("ninaPageEventQueueCount", rule).getValueOrDefault() + 1));
                if (PM.getVar("ninaPageEventQueueCount", rule).getValueOrDefault() > PM.getVar("ninaDPEventQueueCount", rule).getValueOrDefault()) {
                    EVM.fireCustomEvent('parsedVADataPass', rule, evt, function() {
                        return {
                            vaDataPass: FM.ex8(function(vaDataPassString) {
                                try {
                                    var vaDataPassObj = JSON.parse(vaDataPassString);
                                    return vaDataPassObj;
                                } catch (e) {
                                    return vaDataPassString;
                                }
                            }, (e9(evt.vaDataPass) ? evt.vaDataPass.toString() : ""))
                        };
                    });
                    PM.getVar("ninaDPEventQueueCount", rule).z3((PM.getVar("ninaDPEventQueueCount", rule).getValueOrDefault() + 1));
                }
            },
            active: true
        }), Rule.create({
            id: 13398001,
            name: "HB-setPreProdVA-TestFlag",
            vars: [],
            tt1: function(rule) {
                return [{
                    id: "onPageLanding"
                }]
            },
            cc2: function(rule, evt) {
                return (win.document.URL.match("(.*)(t|T)(E|e)(S|s)(T|t)=(P|p)(r|R)(E|e)(P|p)(R|r)(O|o)(D|d)(v|V)(a|A)(.*)") != null ? true : false);
            },
            af3: function(rule, evt) {
                PM.getVar("VA-SpecID", rule).z3("18000763");
                PM.getVar("NinaEnv", rule).z3("ninaPreprod");
                if ((win.document.URL.match("(.*)stage(.*)") != null ? true : false) || (win.document.URL.match("(.*)dev(.*)") != null ? true : false)) {
                    PM.getVar("VA-OpenerName", rule).z3("HNB-VA-AO-PREPROD");
                } else {
                    PM.getVar("VA-OpenerName", rule).z3("HNB-VA-AO-PREPROD-NONSTAGING");
                }
                log("*************TESTING NINA PRE-PROD****************");
            },
            active: true
        }), Rule.create({
            id: 14710001,
            name: "HB-setVAOpener",
            vars: [],
            tt1: function(rule) {
                return [{
                    id: "onPageLanding"
                }]
            },
            cc2: function(rule, evt) {
                return ((!(win.document.URL.match("(.*)(t|T)(E|e)(S|s)(T|t)=(P|p)(r|R)(E|e)(P|p)(R|r)(O|o)(D|d)(v|V)(a|A)(.*)") != null ? true : false)) && ((win.document.URL.match("(.*)stage(.*)") != null ? true : false) || (win.document.URL.match("(.*)dev(.*)") != null ? true : false)));
            },
            af3: function(rule, evt) {
                PM.getVar("VA-OpenerName", rule).z3("HNB-VA-AO");
            },
            active: true
        }), Rule.create({
            id: 14710002,
            name: "HB-datapassOverwrite",
            vars: [],
            tt1: function(rule) {
                return [{
                    id: "onPageLanding"
                }]
            },
            cc2: function(rule, evt) {
                return (true);
            },
            af3: function(rule, evt) {
                ROM.sendDataToAgent(CHM.getAgentID(), {
                    "datapass": pd1d(PM.getVar("automatonDatapass", rule).getValueOrDefault()),
                    agentID: CHM.getAgentID(),
                    engagementID: CHM.getChatID()
                });
            },
            active: true
        }), Rule.create({
            id: 12551001,
            name: "HB-DIV-Injection",
            vars: [],
            tt1: function(rule) {
                return [{
                    id: "onPageLanding"
                }]
            },
            cc2: function(rule, evt) {
                return (true);
            },
            af3: function(rule, evt) {
                if (!(e9(function() {
                        return s7("document.getElementById('inqC2CImgContainer_Anchored')");
                    }, false, true))) {
                    processReceivedExternalDataThrows("\n                \n                  if (null == top.document.getElementById(\"inqC2CImgContainer_Anchored\")){\n                    try {\n                      var div = top.document.createElement(\"DIV\");\n                      div.innerHTML = '<div id=\"inqC2CImgContainer_Anchored\" style=\"position: fixed; right: 10px; bottom: 10px; z-index: 1000;\"></div>';\n                      top.document.body.appendChild(div.firstChild);\n                    } catch (e) {}\n                  }\n                \n              ");
                }
            },
            active: true
        }), Rule.create({
            id: 7001,
            name: "set-VisitorAttribute",
            vars: [],
            tt1: function(rule) {
                return [{
                    id: "onPageLanding"
                }]
            },
            cc2: function(rule, evt) {
                return (e9(function() {
                    return s7("nuanceData");
                }, false, true));
            },
            af3: function(rule, evt) {
                if ((e9(function() {
                        return s7("nuanceData.cust_name");
                    }, false, true)) && ((new Boolean(s7("nuanceData.cust_name.trim().length>0")).valueOf()))) {
                    VAM.add({
                        "cust_name": {
                            "values": MI8.unmixMutatable(MI8.mixMutatable().set((e9(FM.ex8(function() {
                                return nuanceData.cust_name;
                            })) ? FM.ex8(function() {
                                return nuanceData.cust_name;
                            }).toString() : ""), true))
                        },
                        "mutuallyExclusive": true
                    }, 0);
                }
                if ((e9(function() {
                        return s7("nuanceData.cust_perm_id");
                    }, false, true)) && ((new Boolean(s7("nuanceData.cust_perm_id.trim().length>0")).valueOf()))) {
                    VAM.add({
                        "cust_perm_id": {
                            "values": MI8.unmixMutatable(MI8.mixMutatable().set((e9(FM.ex8(function() {
                                return nuanceData.cust_perm_id;
                            })) ? FM.ex8(function() {
                                return nuanceData.cust_perm_id;
                            }).toString() : ""), true))
                        },
                        "mutuallyExclusive": true
                    }, 0);
                }
                if ((e9(function() {
                        return s7("nuanceData.cust_perm_id_hash");
                    }, false, true)) && ((new Boolean(s7("nuanceData.cust_perm_id_hash.trim().length>0")).valueOf()))) {
                    VAM.add({
                        "cust_perm_id_hash": {
                            "values": MI8.unmixMutatable(MI8.mixMutatable().set((e9(FM.ex8(function() {
                                return nuanceData.cust_perm_id_hash;
                            })) ? FM.ex8(function() {
                                return nuanceData.cust_perm_id_hash;
                            }).toString() : ""), true))
                        },
                        "mutuallyExclusive": true
                    }, 0);
                }
                if ((e9(function() {
                        return s7("nuanceData.guid");
                    }, false, true)) && ((new Boolean(s7("nuanceData.guid.trim().length>0")).valueOf()))) {
                    VAM.add({
                        "guid": {
                            "values": MI8.unmixMutatable(MI8.mixMutatable().set((e9(FM.ex8(function() {
                                return nuanceData.guid;
                            })) ? FM.ex8(function() {
                                return nuanceData.guid;
                            }).toString() : ""), true))
                        },
                        "mutuallyExclusive": true
                    }, 0);
                }
                if ((e9(function() {
                        return s7("nuanceData.wave_id");
                    }, false, true)) && ((new Boolean(s7("nuanceData.wave_id.trim().length>0")).valueOf()))) {
                    VAM.add({
                        "wave_id": {
                            "values": MI8.unmixMutatable(MI8.mixMutatable().set((e9(FM.ex8(function() {
                                return nuanceData.wave_id;
                            })) ? FM.ex8(function() {
                                return nuanceData.wave_id;
                            }).toString() : ""), true))
                        },
                        "mutuallyExclusive": true
                    }, 0);
                }
                if ((e9(function() {
                        return s7("nuanceData.rol_domain");
                    }, false, true)) && ((new Boolean(s7("nuanceData.rol_domain.trim().length>0")).valueOf()))) {
                    VAM.add({
                        "rol_domain": {
                            "values": MI8.unmixMutatable(MI8.mixMutatable().set((e9(FM.ex8(function() {
                                return nuanceData.rol_domain;
                            })) ? FM.ex8(function() {
                                return nuanceData.rol_domain;
                            }).toString() : ""), true))
                        },
                        "mutuallyExclusive": true
                    }, 0);
                }
                if ((e9(function() {
                        return s7("nuanceData.usc_domain");
                    }, false, true)) && ((new Boolean(s7("nuanceData.usc_domain.trim().length>0")).valueOf()))) {
                    VAM.add({
                        "usc_domain": {
                            "values": MI8.unmixMutatable(MI8.mixMutatable().set((e9(FM.ex8(function() {
                                return nuanceData.usc_domain;
                            })) ? FM.ex8(function() {
                                return nuanceData.usc_domain;
                            }).toString() : ""), true))
                        },
                        "mutuallyExclusive": true
                    }, 0);
                }
                if ((e9(function() {
                        return s7("nuanceData.hcom_domain");
                    }, false, true)) && ((new Boolean(s7("nuanceData.hcom_domain.trim().length>0")).valueOf()))) {
                    VAM.add({
                        "hcom_domain": {
                            "values": MI8.unmixMutatable(MI8.mixMutatable().set((e9(FM.ex8(function() {
                                return nuanceData.hcom_domain;
                            })) ? FM.ex8(function() {
                                return nuanceData.hcom_domain;
                            }).toString() : ""), true))
                        },
                        "mutuallyExclusive": true
                    }, 0);
                }
                if ((e9(function() {
                        return s7("nuanceData.oao_domain");
                    }, false, true)) && ((new Boolean(s7("nuanceData.oao_domain.trim().length>0")).valueOf()))) {
                    VAM.add({
                        "oao_domain": {
                            "values": MI8.unmixMutatable(MI8.mixMutatable().set((e9(FM.ex8(function() {
                                return nuanceData.oao_domain;
                            })) ? FM.ex8(function() {
                                return nuanceData.oao_domain;
                            }).toString() : ""), true))
                        },
                        "mutuallyExclusive": true
                    }, 0);
                }
            },
            active: true
        }), Rule.create({
            id: 12551003,
            name: "HB-ChatTheme-Set",
            vars: [],
            tt1: function(rule) {
                return [{
                    id: "onPageLanding"
                }]
            },
            cc2: function(rule, evt) {
                return (true);
            },
            af3: function(rule, evt) {
                if ((d8t("Standard")) || (d8t("Tablet"))) {
                    if (win.document.URL.match("(.*)chatskin=qa(.*)") != null ? true : false) {
                        VAM.add({
                            "chat_env": {
                                "values": MI8.unmixMutatable(MI8.mixMutatable().set("qa", true))
                            },
                            "mutuallyExclusive": true
                        }, 0);
                        PM.getVar("ChatThemeName", rule).z3("HNB-VA-DT-QA");
                        PM.getVar("automatonDatapass", rule).set("chat_env", "qa");
                    } else if (win.document.URL.match("(.*)chatskin=int(.*)") != null ? true : false) {
                        VAM.add({
                            "chat_env": {
                                "values": MI8.unmixMutatable(MI8.mixMutatable().set("int", true))
                            },
                            "mutuallyExclusive": true
                        }, 0);
                        PM.getVar("ChatThemeName", rule).z3("HNB-VA-DT-INT");
                        PM.getVar("automatonDatapass", rule).set("chat_env", "int");
                    } else if ((win.document.URL.match("(.*)chatskin=prod(.*)") != null ? true : false) || (typeof(PM.getVar("ChatThemeName", rule).getValueOrDefault()) === "string" ? PM.getVar("ChatThemeName", rule).getValueOrDefault().equals("HNB-VA-S", false) : false)) {
                        VAM.add({
                            "chat_env": {
                                "values": MI8.unmixMutatable(MI8.mixMutatable().set("prod", true))
                            },
                            "mutuallyExclusive": true
                        }, 0);
                        PM.getVar("ChatThemeName", rule).z3("HNB-VA-DT");
                        PM.getVar("automatonDatapass", rule).set("chat_env", "prod");
                    }
                } else if (d8t("Phone")) {
                    if (win.document.URL.match("(.*)chatskin=qa(.*)") != null ? true : false) {
                        VAM.add({
                            "chat_env": {
                                "values": MI8.unmixMutatable(MI8.mixMutatable().set("qa", true))
                            },
                            "mutuallyExclusive": true
                        }, 0);
                        PM.getVar("ChatThemeName", rule).z3("HNB-VA-S-QA");
                        PM.getVar("automatonDatapass", rule).set("chat_env", "qa");
                    } else if (win.document.URL.match("(.*)chatskin=int(.*)") != null ? true : false) {
                        VAM.add({
                            "chat_env": {
                                "values": MI8.unmixMutatable(MI8.mixMutatable().set("int", true))
                            },
                            "mutuallyExclusive": true
                        }, 0);
                        PM.getVar("ChatThemeName", rule).z3("HNB-VA-S-INT");
                        PM.getVar("automatonDatapass", rule).set("chat_env", "int");
                    } else if ((win.document.URL.match("(.*)chatskin=prod(.*)") != null ? true : false) || (typeof(PM.getVar("ChatThemeName", rule).getValueOrDefault()) === "string" ? PM.getVar("ChatThemeName", rule).getValueOrDefault().equals("HNB-VA-DT", false) : false)) {
                        VAM.add({
                            "chat_env": {
                                "values": MI8.unmixMutatable(MI8.mixMutatable().set("prod", true))
                            },
                            "mutuallyExclusive": true
                        }, 0);
                        PM.getVar("ChatThemeName", rule).z3("HNB-VA-S");
                        PM.getVar("automatonDatapass", rule).set("chat_env", "prod");
                    }
                }
            },
            active: true
        }), Rule.create({
            id: 12551004,
            name: "HB-setADAComplianceAttributes",
            vars: [],
            tt1: function(rule) {
                return [{
                    id: "onChatLaunched",
                    serviceType: "ALL",
                    delayInMS: 1000,
                    onlyInFocus: false
                }]
            },
            cc2: function(rule, evt) {
                return (true);
            },
            af3: function(rule, evt) {
                processReceivedExternalDataThrows("\n          \n            (function(){\n              try {\n                var divs = document.querySelectorAll('[name=DragSafe]');\n                for (var i = 0; i < divs.length; i++) {\n                  divs[i].setAttribute('alt', '');\n                }\n                divs = document.querySelectorAll('#tcChat_ClickPersistent_img');\n                for (var i = 0; i < divs.length; i++) {\n                  divs[i].setAttribute('alt', '');\n                }\n                divs = document.querySelectorAll('#tcChat_chatWindow_span>table');\n                for (var i = 0; i < divs.length; i++) {\n                  divs[i].setAttribute('role', 'presentation');\n                }\n              } catch (e) {}\n            })();\n          \n        ");
            },
            active: true
        }), Rule.create({
            id: 14671001,
            name: "HB-CloseChat",
            vars: [],
            tt1: function(rule) {
                return [{
                    id: "on" + "closeActiveChat"
                }]
            },
            cc2: function(rule, evt) {
                return (true);
            },
            af3: function(rule, evt) {
                processReceivedExternalDataThrows("\n          \n            if (Inq != null){\n              try {\n                Inq.closeChat();\n              } catch (e) {}\n            }\n          \n        ");
            },
            active: true
        }), BusinessRule.create({
            id: 13269001,
            name: "HNB-C-VA-HNB_Care-O-R-HBSite-DT-EN-C2C_Anchored",
            ruleType: "C2C",
            asyncChat: function() {
                return false;
            },
            funnelLevel: 5,
            businessUnitID: 19001207,
            vars: [],
            tt1: function(rule) {
                return [{
                    id: "onPageLanding"
                }]
            },
            getRuleQueueThreshold: function() {
                return 999.0;
            },
            agID: 10006715,
            businessUnitId: 19001207,
            getRAtts: function() {
                return [{
                    name: 'NinaEnv',
                    value: encodeURIComponent(PM.getVar("NinaEnv", rule).getValueOrDefault())
                }]
            },
            cc2: function(rule, evt) {
                return (((d8t("Standard")) || (d8t("Tablet"))) && ((LDM.checkCG("HNB-Care")) || (win.document.URL.match(".*onlinebanking.huntington.com.*") != null ? true : false)));
            },
            af3: function(rule, evt) {
                C2CM.request(rule, CHM.CHAT_TYPES.C2C, function(rule) {
                    return {
                        name: "HNB-VA-Anchored-DT",
                        c2cTheme: {
                            name: "HNB-VA-Anchored-DT"
                        },
                        chatSpec: {
                            name: "HNB-VA-DT",
                            oName: PM.getVar("VA-OpenerName", rule).getValueOrDefault(),
                            aId: PM.getVar("VA-SpecID", rule).getValueOrDefault(),
                            chatTheme: {
                                name: PM.getVar("ChatThemeName", rule).getValueOrDefault()
                            }
                        }
                    };
                }, false, false);
            },
            active: true
        }), BusinessRule.create({
            id: 13269002,
            name: "HNB-C-VA-HNB_Care-O-R-HBSite-S-EN-C2C_Anchored",
            ruleType: "C2C",
            asyncChat: function() {
                return false;
            },
            funnelLevel: 5,
            businessUnitID: 19001207,
            vars: [],
            tt1: function(rule) {
                return [{
                    id: "onPageLanding"
                }]
            },
            getRuleQueueThreshold: function() {
                return 999.0;
            },
            agID: 10006715,
            businessUnitId: 19001207,
            getRAtts: function() {
                return [{
                    name: 'NinaEnv',
                    value: encodeURIComponent(PM.getVar("NinaEnv", rule).getValueOrDefault())
                }]
            },
            cc2: function(rule, evt) {
                return ((d8t("Phone")) && ((LDM.checkCG("HNB-Care")) || (win.document.URL.match(".*onlinebanking.huntington.com.*") != null ? true : false)));
            },
            af3: function(rule, evt) {
                C2CM.request(rule, CHM.CHAT_TYPES.C2C, function(rule) {
                    return {
                        name: "HNB-VA-Anchored-S",
                        c2cTheme: {
                            name: "HNB-VA-Anchored-S"
                        },
                        chatSpec: {
                            name: "HNB-VA-S",
                            oName: PM.getVar("VA-OpenerName", rule).getValueOrDefault(),
                            aId: PM.getVar("VA-SpecID", rule).getValueOrDefault(),
                            chatTheme: {
                                name: PM.getVar("ChatThemeName", rule).getValueOrDefault()
                            }
                        }
                    };
                }, false, false);
            },
            active: true
        }), Rule.create({
            id: 1646301,
            name: "close chat and trigger salesforce",
            vars: [],
            tt1: function(rule) {
                return [{
                    id: "on" + "parsedVADataPass"
                }]
            },
            cc2: function(rule, evt) {
                return ((e9(function() {
                    return evt.vaDataPass.name;
                }, false, true)) && (typeof("closeChatTriggerSalesforce") === "string" ? "closeChatTriggerSalesforce".equals((e9(evt.vaDataPass.name) ? evt.vaDataPass.name.toString() : ""), true) : false));
            },
            af3: function(rule, evt) {
                FM.ex8(function(custPermID, visitorName, chatIntent, transcript, deploymentUrl, instanceUrl, deploymentId, orgId, buttonId) {
                    function loadScriptAsync(id, src, callback, myWindow) {
                        if (myWindow.document.getElementById(id, myWindow.document) == null) {
                            script = myWindow.document.createElement("script");
                            script.id = id;
                            script.src = src;
                        }
                        if (callback !== null) {
                            if (script.readyState) {
                                script.onreadystatechange = function() {
                                    if (script.readyState === "loaded" || script.readyState === "complete") {
                                        script.onreadystatechange = null;
                                        callback();
                                    }
                                };
                            } else {
                                script.onload = function() {
                                    callback();
                                };
                            }
                        }
                        myWindow.document.getElementsByTagName("head")[0].appendChild(script);
                    }

                    function afterLoad() {
                        if (!window._laq) {
                            window._laq = [];
                        }
                        window._laq.push(function() {
                            console.log('Within window._laq push.');
                            liveagent.showWhenOnline(buttonId, document.getElementById('liveagent_button_online_' + buttonId));
                            liveagent.showWhenOffline(buttonId, document.getElementById('liveagent_button_offline_' + buttonId));
                        });
                        liveagent.addCustomDetail("CustPermID", custPermID, true).saveToTranscript("CustPermId__c");
                        liveagent.addCustomDetail("Visitor Name", visitorName, true);
                        liveagent.addCustomDetail("What can we help you with today", chatIntent, true);
                        liveagent.addCustomDetail("VA Transcript", transcript, true).saveToTranscript("VATranscriptChat__c");
                        liveagent.addButtonEventHandler(buttonId, function(e) {
                            if (window._laq.length <= 0) {
                                return;
                            }
                            console.log('within addButtonEventHandler.');
                            if (e == liveagent.BUTTON_EVENT.BUTTON_AVAILABLE) {
                                document.getElementsByClassName("sfdcLiveChat")[0].setAttribute("data-vtz-link-type", "Dialog");
                                document.getElementsByClassName("sfdcLiveChat")[0].onclick = function() {
                                    liveagent.startChatWithWindow(buttonId, 'mywindowid');
                                    window._laq.pop();
                                    setTimeout(Inq.closeChat, 10000);
                                };
                            } else {
                                console.log('liveagent button not available');
                            }
                        });
                        liveagent.init(instanceUrl, deploymentId, orgId);
                    }
                    var deploymentScriptElement = document.getElementById("salesforceDeploymentScript");
                    if (deploymentScriptElement) {
                        deploymentScriptElement.parentNode.removeChild(deploymentScriptElement);
                        if (typeof(liveagent) === 'object') {
                            delete liveagent;
                            delete liveAgentDeployment;
                        }
                        loadScriptAsync("salesforceDeploymentScript", deploymentUrl, afterLoad, window);
                    } else {
                        loadScriptAsync("salesforceDeploymentScript", deploymentUrl, afterLoad, window);
                    }
                }, evt.vaDataPass.custPermID, evt.vaDataPass.visitorName, evt.vaDataPass.chatIntent, evt.vaDataPass.transcript, evt.vaDataPass.deploymentUrl, evt.vaDataPass.instanceUrl, evt.vaDataPass.deploymentId, evt.vaDataPass.orgId, evt.vaDataPass.buttonId);
            },
            active: true
        })])
    };
    return rtnObj;
}
#2 JavaScript::Eval (size: 15) - SHA256: a86a4ccc459fd4c19c3bc96fc9d54597c33198af95ec665dfb7e729c53ba3c2e
nuanceData.guid
#3 JavaScript::Eval (size: 20) - SHA256: 1ad74da51608a5830dc65b73a416e1182289e1e46f653e798c02b22f53d09e11
nuanceData.cust_name
#4 JavaScript::Eval (size: 21) - SHA256: a9a4ed8860c1ea2527c90e6bd39985850fd4a2627faad24560b2f3d877ea08d8
nuanceData.rol_domain
#5 JavaScript::Eval (size: 21) - SHA256: 92b445b1a5af92ca2a9349d1a8237ad3cdb081b4d6388a7e99f35593c23be6bb
nuanceData.oao_domain
#6 JavaScript::Eval (size: 28) - SHA256: 8a96d5c96f7c639f2c3d3fb2f4dc0da580f54d5e191f4674380da731e871bf1b
nuanceData.cust_perm_id_hash
#7 JavaScript::Eval (size: 22) - SHA256: 594d5abbc9f4e285b8be7425b07db97f9c6306c800d8072081a003080ebd429f
nuanceData.hcom_domain
#8 JavaScript::Eval (size: 30225) - SHA256: 400dc27c5435c3ac3a33555c05ac84a993101f38b3c96ae17547026c1358152c
var initSiteData = function() {
    var cobrowseSettings = [];
    var businessUnitDictionary = {};
    businessUnitDictionary["19001207"] = "10006714";
    businessUnitDictionary["19001202"] = "10006681";
    var agentGroupsActive = true;
    var siteAgentGroups = {};
    siteAgentGroups["10006680"] = "POC";
    siteAgentGroups["10006715"] = "HNB_Care";
    var siteAgentGroupsDisplayNames = {};
    var siteBusinessUnitsNames = {};
    siteBusinessUnitsNames["19001207"] = "HNB_VA";
    siteBusinessUnitsNames["19001202"] = "POC";
    var siteBusinessUnitsDisplayNames = {};
    return {
        siteID: 10006663,
        chatSkinFormat: "mxml",
        noJSHosting: false,
        noChatV3Frame: false,
        clientStaticUrl: "",
        secureCookie: true,
        cacheSolutionEnabled: true,
        cobrowseSettings: cobrowseSettings,
        businessUnitDictionary: businessUnitDictionary,
        agentGroupsActive: agentGroupsActive,
        siteAgentGroups: siteAgentGroups,
        siteAgentGroupsDisplayNames: siteAgentGroupsDisplayNames,
        siteBusinessUnitsNames: siteBusinessUnitsNames,
        siteBusinessUnitsDisplayNames: siteBusinessUnitsDisplayNames,
        psHosturlList: "https://nuance.huntington.com/nuance/nuanceChat.html",
        productionFilter: "",
        vanityDomainName: "https://huntingtonbank.inq.com",
        dataCenter: "4",
        cdnURL: "static.inq.com",
        chatRouterVanityDomain: "chatrouter-huntingtonbank.inq.com",
        clusterEnvironment: "lax1-",
        mediaServer: "https://media-lax1.inq.com",
        cobrowseURL: "https://cobrowse-huntingtonbank.inq.com",
        xformsVanityDomain: "forms-huntingtonbank.inq.com",
        language: "en",
        persistenceMode: "Self-Detection",
        ciObfuscation: "0",
        JSLoggingDisabled: false,
        disableLogToServer: false,
        JSDebugMode: false,
        rechatinterval: 1,
        enableCobrowse: false,
        enableAgentEncryptedData: false,
        cookiePath: "/",
        rootDomain: "",
        c2cToPersistent: false,
        hostedFileURL: "//www.tcsandbox.com/huntington/nuanceChat.html,//tcsandbox.com/huntington/nuanceChat.html,//demo.digital.nuance.com/imp/hb/nuanceChat.html,//ui-dev.nina-nuance.com/ps/sfdc/nuanceChat.html,/nuance/nuanceChat.html",
        fileTransferSize: "5",
        fileTransferUrl: "",
        fileTransferApiUrl: "",
        fileDeleteSetting: "THIRTY_DAYS",
        rootDomainsList: "",
        refreshIframeDelayIncrement: 5000,
        maxRefreshIframeDelay: 30000,
        clearOutdatedCookies: false,
        fireC2CRulesOnChatClose: false,
        defaultAgentGroup: 10006680,
        vaList: ["18000763", "18000764"],
        sameOriginReferrerFilterRegex: function() {
            return true
        },
        JSBusinessFunctions: function() {
            return {}
        },
        surveySpecs: function() {
            return {}
        },
        mediaMgrData: function() {
            return {
                chatThemes: {
                    24002972: {
                        id: 24002972,
                        an: "Jessica",
                        fn: "24002972.zip",
                        name: "POC",
                        tbh: Number("60"),
                        ciw: Number("237"),
                        cih: Number("60"),
                        d: true,
                        cn: "You",
                        dw: Number("500"),
                        dh: Number("300"),
                        pos: "CENTER",
                        lx: Number("0"),
                        ly: Number("0"),
                        wm: "NONE",
                        px: Number("0"),
                        py: Number("0"),
                        ph: Number("0"),
                        pw: Number("0")
                    },
                    24002981: {
                        id: 24002981,
                        an: "HB Agent",
                        fn: "Salesforce-POC.zip",
                        name: "Salesforce-POC",
                        tbh: Number("60"),
                        ciw: Number("237"),
                        cih: Number("60"),
                        d: true,
                        cn: "You",
                        dw: Number("500"),
                        dh: Number("300"),
                        pos: "CENTER",
                        lx: Number("0"),
                        ly: Number("0"),
                        wm: "NONE",
                        px: Number("0"),
                        py: Number("0"),
                        ph: Number("0"),
                        pw: Number("0")
                    },
                    24003001: {
                        id: 24003001,
                        an: "Jessica",
                        fn: "HuntingtonBank-VA-DT.zip",
                        name: "HNB-VA-DT",
                        tbh: Number("66"),
                        ciw: Number("33"),
                        cih: Number("33"),
                        d: true,
                        cn: "You",
                        dw: Number("415"),
                        dh: Number("574"),
                        pos: "BOTTOM_RIGHT",
                        lx: Number("0"),
                        ly: Number("0"),
                        wm: "TRANSPARENT",
                        px: Number("0"),
                        py: Number("0"),
                        ph: Number("574"),
                        pw: Number("415")
                    },
                    24003002: {
                        id: 24003002,
                        an: "Jessica",
                        fn: "HuntingtonBank-VA-S.zip",
                        name: "HNB-VA-S",
                        tbh: Number("0"),
                        ciw: Number("0"),
                        cih: Number("0"),
                        d: false,
                        cn: "You",
                        dw: Number("0"),
                        dh: Number("0"),
                        pos: "CENTER",
                        lx: Number("0"),
                        ly: Number("0"),
                        wm: "TRANSPARENT",
                        px: Number("0"),
                        py: Number("0"),
                        ph: Number("0"),
                        pw: Number("0")
                    },
                    24003004: {
                        id: 24003004,
                        an: "Jessica",
                        fn: "HuntingtonBank-VA-DT-QA.zip",
                        name: "HNB-VA-DT-QA",
                        tbh: Number("66"),
                        ciw: Number("33"),
                        cih: Number("33"),
                        d: true,
                        cn: "You",
                        dw: Number("415"),
                        dh: Number("574"),
                        pos: "BOTTOM_RIGHT",
                        lx: Number("0"),
                        ly: Number("0"),
                        wm: "TRANSPARENT",
                        px: Number("0"),
                        py: Number("0"),
                        ph: Number("574"),
                        pw: Number("415")
                    },
                    24003005: {
                        id: 24003005,
                        an: "Jessica",
                        fn: "HuntingtonBank-VA-S-QA.zip",
                        name: "HNB-VA-S-QA",
                        tbh: Number("0"),
                        ciw: Number("0"),
                        cih: Number("0"),
                        d: false,
                        cn: "You",
                        dw: Number("0"),
                        dh: Number("0"),
                        pos: "CENTER",
                        lx: Number("0"),
                        ly: Number("0"),
                        wm: "TRANSPARENT",
                        px: Number("0"),
                        py: Number("0"),
                        ph: Number("0"),
                        pw: Number("0")
                    },
                    24003008: {
                        id: 24003008,
                        an: "Jessica",
                        fn: "HuntingtonBank-VA-DT-INT.zip",
                        name: "HNB-VA-DT-INT",
                        tbh: Number("66"),
                        ciw: Number("33"),
                        cih: Number("33"),
                        d: true,
                        cn: "You",
                        dw: Number("415"),
                        dh: Number("574"),
                        pos: "BOTTOM_RIGHT",
                        lx: Number("0"),
                        ly: Number("0"),
                        wm: "TRANSPARENT",
                        px: Number("0"),
                        py: Number("0"),
                        ph: Number("574"),
                        pw: Number("415")
                    },
                    24003009: {
                        id: 24003009,
                        an: "Jessica",
                        fn: "HuntingtonBank-VA-S-INT.zip",
                        name: "HNB-VA-S-INT",
                        tbh: Number("0"),
                        ciw: Number("0"),
                        cih: Number("0"),
                        d: false,
                        cn: "You",
                        dw: Number("0"),
                        dh: Number("0"),
                        pos: "CENTER",
                        lx: Number("0"),
                        ly: Number("0"),
                        wm: "TRANSPARENT",
                        px: Number("0"),
                        py: Number("0"),
                        ph: Number("0"),
                        pw: Number("0")
                    }
                },
                chatSpecs: {
                    29001996: {
                        id: 29001996,
                        name: "POC",
                        oId: 17422955,
                        stId: 12201410,
                        ctId: 24002972,
                        emSpId: 3000081,
                        aaoId: 17423149,
                        uaa: false,
                        oct: false
                    },
                    29001999: {
                        id: 29001999,
                        name: "Salesforce-POC",
                        oId: 17422955,
                        stId: 12201410,
                        ctId: 24002981,
                        emSpId: 3000081,
                        aaoId: 17423149,
                        uaa: false,
                        oct: false
                    },
                    29002010: {
                        id: 29002010,
                        name: "HNB-VA-DT",
                        oId: 17434020,
                        stId: 12201410,
                        ctId: 24003001,
                        emSpId: 3000081,
                        aaoId: 17423149,
                        uaa: false,
                        oct: false
                    },
                    29002011: {
                        id: 29002011,
                        name: "HNB-VA-S",
                        oId: 17434020,
                        stId: 12201410,
                        ctId: 24003002,
                        emSpId: 3000081,
                        aaoId: 17423149,
                        uaa: false,
                        oct: false
                    }
                },
                c2cSpecs: {
                    30001474: {
                        id: 30001474,
                        name: "POC",
                        igaa: true,
                        thId: 33001727,
                        chSpId: 29001996,
                        peId: "inqC2CImgContainer_Anchored"
                    },
                    30001503: {
                        id: 30001503,
                        name: "HNB-VA-Anchored-DT",
                        igaa: true,
                        thId: 33001753,
                        chSpId: 29002010,
                        peId: "inqC2CImgContainer_Anchored"
                    },
                    30001504: {
                        id: 30001504,
                        name: "HNB-VA-Anchored-S",
                        igaa: true,
                        thId: 33001754,
                        chSpId: 29002011,
                        peId: "inqC2CImgContainer_Anchored"
                    }
                },
                c2cThemes: {
                    33001727: {
                        id: 33001727,
                        name: "POC",
                        r: "<style>\n    button.HB-FAB-aval .cls-1 {\n        fill: #5ba63c;\n    }\n    button.HB-FAB-aval .cls-2 {\n        fill: #fff;\n    }\n</style>\n\n<button aria-label=\"Click to chat\" class=\"HB-FAB-aval\" style=\"width: 150px; background-color:transparent; border: transparent; cursor: pointer;\" role=\"button\">\n    <svg xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 148.62415 92.40895\"><title>FAB_AskUs</title><g id=\"Layer_2\" data-name=\"Layer 2\"><g id=\"Layer_1-2\" data-name=\"Layer 1\"><path class=\"cls-1\" d=\"M145.11386,91.40919a2.40971,2.40971,0,0,1-1.73193-.73486L129.14609,76.438H7.10458a6.11117,6.11117,0,0,1-6.10449-6.10449V7.10451A6.11117,6.11117,0,0,1,7.10458,1h134.415a6.11117,6.11117,0,0,1,6.10449,6.10449L147.62265,70.353l-.00781.14112a1.56764,1.56764,0,0,0,.01465.2207L147.62411,88.917a2.40149,2.40149,0,0,1-.76562,1.80322,2.585,2.585,0,0,1-1.74463.689Z\"/><path class=\"cls-2\" d=\"M141.51974,2a5.1102,5.1102,0,0,1,5.10441,5.10442v63.2292L146.62408,70.3c-.004.0567-.00738.11345-.00894.17077l-.00149.05535.00155.05533.00873.16574.00022.00146V88.917a1.492,1.492,0,0,1-1.51008,1.49188,1.41226,1.41226,0,0,1-1.02481-.44189L130.146,76.02382l-.58579-.58579H7.1044A5.1102,5.1102,0,0,1,2,70.33362V7.10442A5.11021,5.11021,0,0,1,7.1044,2H141.51974m0-2H7.1044A7.12531,7.12531,0,0,0,0,7.10442v63.2292A7.1253,7.1253,0,0,0,7.1044,77.438H128.73181l13.94324,13.94321a3.41263,3.41263,0,0,0,2.439,1.02771,3.48236,3.48236,0,0,0,3.51008-3.49191V70.62155c0-.03309-.00882-.06376-.00974-.09662.00174-.06415.00974-.12674.00974-.19131V7.10442A7.12528,7.12528,0,0,0,141.51974,0Z\"/><polygon class=\"cls-2\" points=\"109.616 29.134 109.616 13.498 103.961 16.784 103.961 32.419 109.616 29.134\"/><polygon class=\"cls-2\" points=\"111.737 48.304 111.737 63.94 117.434 60.655 117.434 45.019 111.737 48.304\"/><polygon class=\"cls-2\" points=\"103.961 43.771 103.961 60.655 109.616 63.94 109.616 47.181 119.555 41.443 119.555 59.407 125.252 56.163 125.252 21.275 119.555 18.031 119.555 34.748 103.961 43.771\"/><polygon class=\"cls-2\" points=\"101.799 18.031 96.143 21.316 96.143 56.163 101.799 59.407 101.799 42.69 117.434 33.667 117.434 16.784 111.737 13.498 111.737 30.257 101.799 35.995 101.799 18.031\"/><path class=\"cls-2\" d=\"M94.02234,22.52209l-4.82373,2.78612a1.86413,1.86413,0,0,0-.87326,1.37227V50.75756a1.81855,1.81855,0,0,0,.87326,1.37227L94.02234,54.916Z\"/><path class=\"cls-2\" d=\"M127.37263,54.916l4.82373-2.78612a1.86416,1.86416,0,0,0,.87326-1.37227V26.68048a1.81855,1.81855,0,0,0-.87326-1.37227l-4.82373-2.78612Z\"/><path class=\"cls-2\" d=\"M15.17734,46.19337,18.92245,32.6172H22.235l3.74512,13.57617H22.91953l-.63038-2.77294H18.86826l-.63038,2.77294Zm4.249-5.05957h2.30469L20.5787,36.02052Z\"/><path class=\"cls-2\" d=\"M33.88144,39.81935a7.77793,7.77793,0,0,0-2.89893-.57617c-.81054,0-1.26025.18018-1.26025.63037,0,.46826.30566.57617.8999.63037,2.84522.252,3.63721,1.00781,3.63721,2.88086,0,1.72852-1.02637,3.06055-4.06934,3.06055a8.15543,8.15543,0,0,1-3.27685-.57617v-2.4126a8.74648,8.74648,0,0,0,3.20508.68408c.918,0,1.33252-.17969,1.33252-.62988,0-.46826-.30616-.57617-.9004-.63037-2.84472-.252-3.6372-1.0083-3.6372-2.88086,0-1.83643,1.18847-3.061,3.96142-3.061a7.1716,7.1716,0,0,1,3.00684.46826Z\"/><path class=\"cls-2\" d=\"M38.39755,40.0713l2.30469-2.88086h3.60107l-3.49316,3.67334,3.76318,5.32959H41.0621l-2.08838-3.40283-.57617.61182v2.791h-2.791V32.68947h2.791Z\"/><path class=\"cls-2\" d=\"M48.89072,41.92628V32.68947h2.88086v9.09277c0,1.7461,1.13427,2.05225,2.14257,2.05225s2.14258-.30615,2.14258-2.05225V32.68947h2.88086v9.23681c0,3.709-2.9707,4.51905-5.02344,4.51905S48.89072,45.63527,48.89072,41.92628Z\"/><path class=\"cls-2\" d=\"M67.21689,39.81935a7.77994,7.77994,0,0,0-2.89893-.57617c-.81054,0-1.26074.18018-1.26074.63037,0,.46826.30615.57617.90039.63037,2.84473.252,3.63721,1.00781,3.63721,2.88086,0,1.72852-1.02637,3.06055-4.06934,3.06055a8.15543,8.15543,0,0,1-3.27685-.57617v-2.4126a8.74647,8.74647,0,0,0,3.20507.68408c.918,0,1.332-.17969,1.332-.62988,0-.46826-.30567-.57617-.89991-.63037-2.84521-.252-3.6372-1.0083-3.6372-2.88086,0-1.83643,1.18847-3.061,3.96093-3.061a7.17269,7.17269,0,0,1,3.00733.46826Z\"/></g></g></svg>\n</button>",
                        b: "<style>\n\n.blank {\n\n background-color: transparent !important;\n \n border-color: transparent !important;\n\n height: 0;\n\n width: 0;\n\n border: 0px !important;\n\n}\n\n</style>\n\n\n\n<button class=\"blank\" aria-label=\"Chat is offline\" role=\"button\"></button>",
                        ah: "<style>\n\n.blank {\n\n background-color: transparent !important;\n \n border-color: transparent !important;\n\n height: 0;\n\n width: 0;\n\n border: 0px !important;\n\n}\n\n</style>\n\n\n\n<button class=\"blank\" aria-label=\"Chat is offline\" role=\"button\"></button>",
                        d: "<style>\n\n.blank {\n\n background-color: transparent !important;\n \n border-color: transparent !important;\n\n height: 0;\n\n width: 0;\n\n border: 0px !important;\n\n}\n\n</style>\n\n\n\n<button class=\"blank\" aria-label=\"Chat is offline\" role=\"button\"></button>",
                        ralt: null,
                        balt: null,
                        ahalt: null,
                        dalt: null,
                        renderAsHTML: true
                    },
                    33001753: {
                        id: 33001753,
                        name: "HNB-VA-Anchored-DT",
                        r: "<button aria-label=\"Click to chat\" class=\"HB-FAB-aval\" style=\"width: 115px; background-color:transparent; border: transparent; cursor: pointer; padding: 0px;\" role=\"button\">\n    <svg xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 148.62415 92.40895\"><title>FAB_AskUs</title><g id=\"Layer_2\" data-name=\"Layer 2\"><g id=\"Layer_1-2\" data-name=\"Layer 1\"><path class=\"cls-1\" style=\"fill:#5ba63c;\" d=\"M145.11386,91.40919a2.40971,2.40971,0,0,1-1.73193-.73486L129.14609,76.438H7.10458a6.11117,6.11117,0,0,1-6.10449-6.10449V7.10451A6.11117,6.11117,0,0,1,7.10458,1h134.415a6.11117,6.11117,0,0,1,6.10449,6.10449L147.62265,70.353l-.00781.14112a1.56764,1.56764,0,0,0,.01465.2207L147.62411,88.917a2.40149,2.40149,0,0,1-.76562,1.80322,2.585,2.585,0,0,1-1.74463.689Z\"/><path class=\"cls-2\" style=\"fill:#fff;\" d=\"M141.51974,2a5.1102,5.1102,0,0,1,5.10441,5.10442v63.2292L146.62408,70.3c-.004.0567-.00738.11345-.00894.17077l-.00149.05535.00155.05533.00873.16574.00022.00146V88.917a1.492,1.492,0,0,1-1.51008,1.49188,1.41226,1.41226,0,0,1-1.02481-.44189L130.146,76.02382l-.58579-.58579H7.1044A5.1102,5.1102,0,0,1,2,70.33362V7.10442A5.11021,5.11021,0,0,1,7.1044,2H141.51974m0-2H7.1044A7.12531,7.12531,0,0,0,0,7.10442v63.2292A7.1253,7.1253,0,0,0,7.1044,77.438H128.73181l13.94324,13.94321a3.41263,3.41263,0,0,0,2.439,1.02771,3.48236,3.48236,0,0,0,3.51008-3.49191V70.62155c0-.03309-.00882-.06376-.00974-.09662.00174-.06415.00974-.12674.00974-.19131V7.10442A7.12528,7.12528,0,0,0,141.51974,0Z\"/><polygon class=\"cls-2\" style=\"fill:#fff;\" points=\"109.616 29.134 109.616 13.498 103.961 16.784 103.961 32.419 109.616 29.134\"/><polygon class=\"cls-2\" style=\"fill:#fff;\" points=\"111.737 48.304 111.737 63.94 117.434 60.655 117.434 45.019 111.737 48.304\"/><polygon class=\"cls-2\" style=\"fill:#fff;\" points=\"103.961 43.771 103.961 60.655 109.616 63.94 109.616 47.181 119.555 41.443 119.555 59.407 125.252 56.163 125.252 21.275 119.555 18.031 119.555 34.748 103.961 43.771\"/><polygon class=\"cls-2\" style=\"fill:#fff;\" points=\"101.799 18.031 96.143 21.316 96.143 56.163 101.799 59.407 101.799 42.69 117.434 33.667 117.434 16.784 111.737 13.498 111.737 30.257 101.799 35.995 101.799 18.031\"/><path class=\"cls-2\" style=\"fill:#fff;\" d=\"M94.02234,22.52209l-4.82373,2.78612a1.86413,1.86413,0,0,0-.87326,1.37227V50.75756a1.81855,1.81855,0,0,0,.87326,1.37227L94.02234,54.916Z\"/><path class=\"cls-2\" style=\"fill:#fff;\" d=\"M127.37263,54.916l4.82373-2.78612a1.86416,1.86416,0,0,0,.87326-1.37227V26.68048a1.81855,1.81855,0,0,0-.87326-1.37227l-4.82373-2.78612Z\"/><path class=\"cls-2\" style=\"fill:#fff;\" d=\"M15.17734,46.19337,18.92245,32.6172H22.235l3.74512,13.57617H22.91953l-.63038-2.77294H18.86826l-.63038,2.77294Zm4.249-5.05957h2.30469L20.5787,36.02052Z\"/><path class=\"cls-2\" style=\"fill:#fff;\" d=\"M33.88144,39.81935a7.77793,7.77793,0,0,0-2.89893-.57617c-.81054,0-1.26025.18018-1.26025.63037,0,.46826.30566.57617.8999.63037,2.84522.252,3.63721,1.00781,3.63721,2.88086,0,1.72852-1.02637,3.06055-4.06934,3.06055a8.15543,8.15543,0,0,1-3.27685-.57617v-2.4126a8.74648,8.74648,0,0,0,3.20508.68408c.918,0,1.33252-.17969,1.33252-.62988,0-.46826-.30616-.57617-.9004-.63037-2.84472-.252-3.6372-1.0083-3.6372-2.88086,0-1.83643,1.18847-3.061,3.96142-3.061a7.1716,7.1716,0,0,1,3.00684.46826Z\"/><path class=\"cls-2\" style=\"fill:#fff;\" d=\"M38.39755,40.0713l2.30469-2.88086h3.60107l-3.49316,3.67334,3.76318,5.32959H41.0621l-2.08838-3.40283-.57617.61182v2.791h-2.791V32.68947h2.791Z\"/><path class=\"cls-2\" style=\"fill:#fff;\" d=\"M48.89072,41.92628V32.68947h2.88086v9.09277c0,1.7461,1.13427,2.05225,2.14257,2.05225s2.14258-.30615,2.14258-2.05225V32.68947h2.88086v9.23681c0,3.709-2.9707,4.51905-5.02344,4.51905S48.89072,45.63527,48.89072,41.92628Z\"/><path class=\"cls-2\" style=\"fill:#fff;\" d=\"M67.21689,39.81935a7.77994,7.77994,0,0,0-2.89893-.57617c-.81054,0-1.26074.18018-1.26074.63037,0,.46826.30615.57617.90039.63037,2.84473.252,3.63721,1.00781,3.63721,2.88086,0,1.72852-1.02637,3.06055-4.06934,3.06055a8.15543,8.15543,0,0,1-3.27685-.57617v-2.4126a8.74647,8.74647,0,0,0,3.20507.68408c.918,0,1.332-.17969,1.332-.62988,0-.46826-.30567-.57617-.89991-.63037-2.84521-.252-3.6372-1.0083-3.6372-2.88086,0-1.83643,1.18847-3.061,3.96093-3.061a7.17269,7.17269,0,0,1,3.00733.46826Z\"/></g></g></svg>\n</button>",
                        b: "<button class=\"blank\" aria-hidden=\"true\" role=\"button\" style=\"background-color: transparent !important; border-color: transparent !important; height: 0; width: 0; border: 0px !important;\" tabIndex=\"-1\" alt=\"\"></button>",
                        ah: "<button class=\"blank\" aria-hidden=\"true\" role=\"button\" style=\"background-color: transparent !important; border-color: transparent !important; height: 0; width: 0; border: 0px !important;\" tabIndex=\"-1\" alt=\"\"></button>",
                        d: "<button class=\"blank\" aria-hidden=\"true\" role=\"button\" style=\"background-color: transparent !important; border-color: transparent !important; height: 0; width: 0; border: 0px !important;\" tabIndex=\"-1\" alt=\"\"></button>",
                        ralt: "",
                        balt: "",
                        ahalt: "",
                        dalt: "",
                        renderAsHTML: true
                    },
                    33001754: {
                        id: 33001754,
                        name: "HNB-VA-Anchored-S",
                        r: "<button aria-label=\"Click to chat\" class=\"HB-FAB-aval\" style=\"width: 115px; background-color:transparent; border: transparent; cursor: pointer; padding: 0px;\" role=\"button\">\n    <svg xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 148.62415 92.40895\"><title>FAB_AskUs</title><g id=\"Layer_2\" data-name=\"Layer 2\"><g id=\"Layer_1-2\" data-name=\"Layer 1\"><path class=\"cls-1\" style=\"fill:#5ba63c;\" d=\"M145.11386,91.40919a2.40971,2.40971,0,0,1-1.73193-.73486L129.14609,76.438H7.10458a6.11117,6.11117,0,0,1-6.10449-6.10449V7.10451A6.11117,6.11117,0,0,1,7.10458,1h134.415a6.11117,6.11117,0,0,1,6.10449,6.10449L147.62265,70.353l-.00781.14112a1.56764,1.56764,0,0,0,.01465.2207L147.62411,88.917a2.40149,2.40149,0,0,1-.76562,1.80322,2.585,2.585,0,0,1-1.74463.689Z\"/><path class=\"cls-2\" style=\"fill:#fff;\" d=\"M141.51974,2a5.1102,5.1102,0,0,1,5.10441,5.10442v63.2292L146.62408,70.3c-.004.0567-.00738.11345-.00894.17077l-.00149.05535.00155.05533.00873.16574.00022.00146V88.917a1.492,1.492,0,0,1-1.51008,1.49188,1.41226,1.41226,0,0,1-1.02481-.44189L130.146,76.02382l-.58579-.58579H7.1044A5.1102,5.1102,0,0,1,2,70.33362V7.10442A5.11021,5.11021,0,0,1,7.1044,2H141.51974m0-2H7.1044A7.12531,7.12531,0,0,0,0,7.10442v63.2292A7.1253,7.1253,0,0,0,7.1044,77.438H128.73181l13.94324,13.94321a3.41263,3.41263,0,0,0,2.439,1.02771,3.48236,3.48236,0,0,0,3.51008-3.49191V70.62155c0-.03309-.00882-.06376-.00974-.09662.00174-.06415.00974-.12674.00974-.19131V7.10442A7.12528,7.12528,0,0,0,141.51974,0Z\"/><polygon class=\"cls-2\" style=\"fill:#fff;\" points=\"109.616 29.134 109.616 13.498 103.961 16.784 103.961 32.419 109.616 29.134\"/><polygon class=\"cls-2\" style=\"fill:#fff;\" points=\"111.737 48.304 111.737 63.94 117.434 60.655 117.434 45.019 111.737 48.304\"/><polygon class=\"cls-2\" style=\"fill:#fff;\" points=\"103.961 43.771 103.961 60.655 109.616 63.94 109.616 47.181 119.555 41.443 119.555 59.407 125.252 56.163 125.252 21.275 119.555 18.031 119.555 34.748 103.961 43.771\"/><polygon class=\"cls-2\" style=\"fill:#fff;\" points=\"101.799 18.031 96.143 21.316 96.143 56.163 101.799 59.407 101.799 42.69 117.434 33.667 117.434 16.784 111.737 13.498 111.737 30.257 101.799 35.995 101.799 18.031\"/><path class=\"cls-2\" style=\"fill:#fff;\" d=\"M94.02234,22.52209l-4.82373,2.78612a1.86413,1.86413,0,0,0-.87326,1.37227V50.75756a1.81855,1.81855,0,0,0,.87326,1.37227L94.02234,54.916Z\"/><path class=\"cls-2\" style=\"fill:#fff;\" d=\"M127.37263,54.916l4.82373-2.78612a1.86416,1.86416,0,0,0,.87326-1.37227V26.68048a1.81855,1.81855,0,0,0-.87326-1.37227l-4.82373-2.78612Z\"/><path class=\"cls-2\" style=\"fill:#fff;\" d=\"M15.17734,46.19337,18.92245,32.6172H22.235l3.74512,13.57617H22.91953l-.63038-2.77294H18.86826l-.63038,2.77294Zm4.249-5.05957h2.30469L20.5787,36.02052Z\"/><path class=\"cls-2\" style=\"fill:#fff;\" d=\"M33.88144,39.81935a7.77793,7.77793,0,0,0-2.89893-.57617c-.81054,0-1.26025.18018-1.26025.63037,0,.46826.30566.57617.8999.63037,2.84522.252,3.63721,1.00781,3.63721,2.88086,0,1.72852-1.02637,3.06055-4.06934,3.06055a8.15543,8.15543,0,0,1-3.27685-.57617v-2.4126a8.74648,8.74648,0,0,0,3.20508.68408c.918,0,1.33252-.17969,1.33252-.62988,0-.46826-.30616-.57617-.9004-.63037-2.84472-.252-3.6372-1.0083-3.6372-2.88086,0-1.83643,1.18847-3.061,3.96142-3.061a7.1716,7.1716,0,0,1,3.00684.46826Z\"/><path class=\"cls-2\" style=\"fill:#fff;\" d=\"M38.39755,40.0713l2.30469-2.88086h3.60107l-3.49316,3.67334,3.76318,5.32959H41.0621l-2.08838-3.40283-.57617.61182v2.791h-2.791V32.68947h2.791Z\"/><path class=\"cls-2\" style=\"fill:#fff;\" d=\"M48.89072,41.92628V32.68947h2.88086v9.09277c0,1.7461,1.13427,2.05225,2.14257,2.05225s2.14258-.30615,2.14258-2.05225V32.68947h2.88086v9.23681c0,3.709-2.9707,4.51905-5.02344,4.51905S48.89072,45.63527,48.89072,41.92628Z\"/><path class=\"cls-2\" style=\"fill:#fff;\" d=\"M67.21689,39.81935a7.77994,7.77994,0,0,0-2.89893-.57617c-.81054,0-1.26074.18018-1.26074.63037,0,.46826.30615.57617.90039.63037,2.84473.252,3.63721,1.00781,3.63721,2.88086,0,1.72852-1.02637,3.06055-4.06934,3.06055a8.15543,8.15543,0,0,1-3.27685-.57617v-2.4126a8.74647,8.74647,0,0,0,3.20507.68408c.918,0,1.332-.17969,1.332-.62988,0-.46826-.30567-.57617-.89991-.63037-2.84521-.252-3.6372-1.0083-3.6372-2.88086,0-1.83643,1.18847-3.061,3.96093-3.061a7.17269,7.17269,0,0,1,3.00733.46826Z\"/></g></g></svg>\n</button>",
                        b: "<button class=\"blank\" aria-hidden=\"true\" role=\"button\" style=\"background-color: transparent !important; border-color: transparent !important; height: 0; width: 0; border: 0px !important;\" tabIndex=\"-1\" alt=\"\"></button>",
                        ah: "<button class=\"blank\" aria-hidden=\"true\" role=\"button\" style=\"background-color: transparent !important; border-color: transparent !important; height: 0; width: 0; border: 0px !important;\" tabIndex=\"-1\" alt=\"\"></button>",
                        d: "<button class=\"blank\" aria-hidden=\"true\" role=\"button\" style=\"background-color: transparent !important; border-color: transparent !important; height: 0; width: 0; border: 0px !important;\" tabIndex=\"-1\" alt=\"\"></button>",
                        ralt: null,
                        balt: null,
                        ahalt: null,
                        dalt: null,
                        renderAsHTML: true
                    }
                }
            };
        },
        queueMessagingSpecs: {},
        xmlData: {
            businessSchedules: function() {
                return {};
            },
            dfvs: function() {
                return {};
            }
        },
        displayTYImage: false,
        disableMutationObservation: false,
        enableCobrowseOnMobile: false,
        c2cMgrData: function() {
            return {
                adaCompliant: false,
                adaAndroidC2cSupportDomains: null
            }
        },
        businessRuleActionLists: function() {
            return {}
        },
        ruleActionLists: function() {
            return {
                "setAssistedStateActionList": function(rule, evt) {
                    if ((!(typeof("0") === "string" ? "0".equals(CHM.getChatID(), false) : false)) && (e9(function() {
                            return PM.getVar("assistChatID", rule).getValueOrDefault();
                        }, false, true)) && (!(typeof(CHM.getChatID()) === "string" ? CHM.getChatID().equals(PM.getVar("assistChatID", rule).getValueOrDefault(), false) : false))) {
                        Inq.doRuleActionList("saveAssistedVariablesActionList", rule, evt);
                        PM.getVar("assistChatID", rule).z3(CHM.getChatID());
                        PM.getVar("assistDT", rule).z3(new Date());
                        if (e9(function() {
                                return evt.assistAgtOverride;
                            }, false, true)) {
                            PM.getVar("assistAgt", rule).z3((e9(evt.assistAgtOverride) ? evt.assistAgtOverride.toString() : ""));
                        } else {
                            PM.getVar("assistAgt", rule).z3(CHM.getAgentID());
                        }
                        PM.getVar("asstRuleID", rule).z3((e9(CHM.getChat().getRuleId()) ? CHM.getChat().getRuleId().toString() : ""));
                        PM.getVar("asstRuleName", rule).z3((e9(CHM.getChat().getRuleName()) ? CHM.getChat().getRuleName().toString() : ""));
                        if (!(typeof(PM.getVar("saleState", rule).getValueOrDefault()) === "string" ? PM.getVar("saleState", rule).getValueOrDefault().equals(gc7("SALE_STATE_CONVERTED", rule), false) : false)) {
                            PM.getVar("saleState", rule).z3(gc7("SALE_STATE_ASSISTED", rule));
                        }
                        EVM.fireCustomEvent('Assisted', rule, evt, function() {
                            return {
                                businessUnitID: CHM.getBusinessUnitID(evt, rule)
                            };
                        });
                        try {
                            ROM.send(resources["SET_ASSISTED_CONTROLLER"].url, {
                                "chatID": pd1d(CHM.getChatID()),
                                "siteID": pd1d(getSiteID()),
                                "pageID": pd1d(LDM.getPageID(0, evt)),
                                "customerID": pd1d(Inq.getCustID()),
                                "initialCustomerID": pd1d(CONVM.getInitialCustomerID()),
                                "conversationID": pd1d(CONVM.getConversationID()),
                                "incrementalityID": pd1d(asi4()),
                                "sessionID": pd1d(getSessionID()),
                                "brID": pd1d(CHM.getChat() ? CHM.getChat().getRuleId() : (evt.rule ? evt.rule.id : rule.getID())),
                                "businessUnitID": pd1d(CHM.getBusinessUnitID(evt, rule)),
                                "targetAgentAttributes": pd1d(CHM.getChat().getAgentAttributesAsString()),
                                "brAttributes": pd1d(CHM.getChat().ra1t()),
                                "type": pd1d(CHM.getConversionType())
                            }, false, false, null, null);
                        } catch (e) {
                            lmt12("Error occurred when trying to send data to TagServer " + cf21(e), LOG_LEVELS.ERROR);
                        }
                        PM.getVar("assistedType", rule).z3(gc7("UNDEFINED_ASSISTED", rule));
                        PM.getVar("incState", rule).z3(gc7("INC_STATE_ASSISTED", rule));
                        try {
                            ROM.send(resources["INC_EVENT_URL"].url, {
                                "evt": pd1d(gc7("INC_STATE_ASSISTED", rule)),
                                "siteID": pd1d(getSiteID()),
                                "pageID": pd1d(LDM.getPageID(0, evt)),
                                "customerID": pd1d(Inq.getCustID()),
                                "incrementalityID": pd1d(asi4()),
                                "sessionID": pd1d(getSessionID()),
                                "brID": pd1d(CHM.getChat() ? CHM.getChat().getRuleId() : (evt.rule ? evt.rule.id : rule.getID())),
                                "chatID": pd1d(CHM.getChatID()),
                                "businessUnitID": pd1d(CHM.getBusinessUnitID(evt, rule)),
                                "targetAgentAttributes": pd1d(CHM.getChat().getAgentAttributesAsString()),
                                "brAttributes": pd1d(CHM.getChat().ra1t()),
                                "type": pd1d(CHM.getConversionType())
                            }, true, true, 10, 5000);
                        } catch (e) {
                            lmt12("Error occurred when trying to send data to TagServer " + cf21(e), LOG_LEVELS.ERROR);
                        }
                        EVM.fireCustomEvent('SaleStateTransition', rule, evt, function() {
                            return {};
                        });
                    }
                },
                "saveAssistedVariablesActionList": function(rule, evt) {
                    PM.getVar("oldAssistChatID", rule).z3(PM.getVar("assistChatID", rule).getValueOrDefault());
                    PM.getVar("oldAssistDT", rule).z3(PM.getVar("assistDT", rule).getValueOrDefault());
                    PM.getVar("oldAssistAgt", rule).z3(PM.getVar("assistAgt", rule).getValueOrDefault());
                    PM.getVar("oldAsstRuleID", rule).z3(PM.getVar("asstRuleID", rule).getValueOrDefault());
                    PM.getVar("oldAsstRuleName", rule).z3(PM.getVar("asstRuleName", rule).getValueOrDefault());
                    PM.getVar("oldSaleState", rule).z3(PM.getVar("saleState", rule).getValueOrDefault());
                    PM.getVar("oldIncState", rule).z3(PM.getVar("incState", rule).getValueOrDefault());
                    PM.getVar("oldSaleID", rule).z3(PM.getVar("saleID", rule).getValueOrDefault());
                    PM.getVar("oldSoldDT", rule).z3(PM.getVar("soldDT", rule).getValueOrDefault());
                }
            }
        },
        businessConstants: function() {
            return {
                "RESET_CHAT_ON_BROWSER_CLOSE": true
            }
        },
        businessCustomEvents: function() {
            return [new EXCBTT({
                name: "closeActiveChat",
                getEvtData: function(rule, evt) {
                    return MI8.mixAbsorber({}).absorb(evt);
                }
            }), new EXCBTT({
                name: "parsedVADataPass",
                getEvtData: function(rule, evt) {
                    return MI8.mixAbsorber({}).absorb(evt);
                }
            }), new EXCBTT({
                name: "closeChatTriggerSalesforce",
                getEvtData: function(rule, evt) {
                    return MI8.mixAbsorber({}).absorb(evt);
                }
            })]
        },
        resources: function() {
            return {
                "RESOLVE_IP_CONTROLLER": new WebResource("RESOLVE_IP_CONTROLLER", secureProtocol(urls.vanityURL + "/tagserver/address/resolveIpToHostName"), "rw", "GET"),
                "SET_SALE_CONTROLLER": new WebResource("SET_SALE_CONTROLLER", secureProtocol(urls.vanityURL + "/tagserver/sale/setSale"), "rw", "GET"),
                "SALE_LANDING_CONTROLLER": new WebResource("SALE_LANDING_CONTROLLER", secureProtocol(urls.vanityURL + "/tagserver/sale/saleLanding"), "rw", "GET"),
                "INC_EVENT_URL": new WebResource("INC_EVENT_URL", secureProtocol(urls.vanityURL + "/tagserver/incrementality/onEvent"), "w", "GET"),
                "JASPER_ETL": new WebResource("JASPER_ETL", secureProtocol(urls.logDataURL), "w", "GET"),
                "ARRAY_JASPER_ETL": new WebResource("ARRAY_JASPER_ETL", secureProtocol(urls.logDataEvtListURL), "w", "GET"),
                "SET_ASSISTED_CONTROLLER": new WebResource("SET_ASSISTED_CONTROLLER", secureProtocol(urls.vanityURL + "/tagserver/assisted/setAssisted"), "rw", "GET"),
                "rVar": new JSResource("rVar", "rw"),
                "tmpVars": new JSResource("tmpVars", "rw")
            }
        },
        coBrowseConfigs: function() {
            return {
                cobrowseMaskingConfig: ([]),
                isEmbeddedResource: function(url, markerID) {
                    var isMarkerMatch = true;
                    return false;
                }
            }
        },
        setPersistentCustomerId: null,
        setAuthenticatedUser: null,
        setUserObject: null,
        vamAttributes: {
            programVisitorAttributes: {
                "vis_attr_incr_val": {
                    "values": {},
                    "mutuallyExclusive": true,
                    "externalCustomerID": false,
                    "writeToCookie": true,
                    maxLength: "15"
                }
            },
            businessVisitorAttributes: {
                "cust_name": {
                    "values": {
                        "Not Set": true
                    },
                    "mutuallyExclusive": true,
                    "externalCustomerID": false,
                    "writeToCookie": false,
                    maxLength: "15"
                },
                "cust_perm_id": {
                    "values": {
                        "Not Set": true
                    },
                    "mutuallyExclusive": true,
                    "externalCustomerID": false,
                    "writeToCookie": false,
                    maxLength: "15"
                },
                "cust_perm_id_hash": {
                    "values": {
                        "Not Set": true
                    },
                    "mutuallyExclusive": true,
                    "externalCustomerID": false,
                    "writeToCookie": false,
                    maxLength: "15"
                },
                "guid": {
                    "values": {
                        "Not Set": true
                    },
                    "mutuallyExclusive": true,
                    "externalCustomerID": false,
                    "writeToCookie": false,
                    maxLength: "15"
                },
                "wave_id": {
                    "values": {
                        "Not Set": true
                    },
                    "mutuallyExclusive": true,
                    "externalCustomerID": false,
                    "writeToCookie": false,
                    maxLength: "15"
                },
                "rol_domain": {
                    "values": {
                        "Not Set": true
                    },
                    "mutuallyExclusive": true,
                    "externalCustomerID": false,
                    "writeToCookie": false,
                    maxLength: "15"
                },
                "usc_domain": {
                    "values": {
                        "Not Set": true
                    },
                    "mutuallyExclusive": true,
                    "externalCustomerID": false,
                    "writeToCookie": false,
                    maxLength: "15"
                },
                "hcom_domain": {
                    "values": {
                        "Not Set": true
                    },
                    "mutuallyExclusive": true,
                    "externalCustomerID": false,
                    "writeToCookie": false,
                    maxLength: "15"
                },
                "oao_domain": {
                    "values": {
                        "Not Set": true
                    },
                    "mutuallyExclusive": true,
                    "externalCustomerID": false,
                    "writeToCookie": false,
                    maxLength: "15"
                },
                "chat_env": {
                    "values": {
                        "Not Set": true
                    },
                    "mutuallyExclusive": true,
                    "externalCustomerID": false,
                    "writeToCookie": false,
                    maxLength: "15"
                }
            }
        },
        businessVars: function() {
            return [{
                name: "ninaDPEventQueueCount",
                defVal: 0,
                rId: "session",
                shName: "ndpeq",
                fnCast: function(o) {
                    return parseFloat(o);
                },
                type: "generic"
            }, {
                name: "ninaPageEventQueueCount",
                defVal: 0,
                rId: "tmpVars",
                shName: "npeq",
                fnCast: function(o) {
                    return parseFloat(o);
                },
                type: "generic"
            }, {
                name: "VA-SpecID",
                defVal: "18000764",
                rId: "session",
                shName: "vaID",
                fnCast: function(o) {
                    return o ? o.toString() : o;
                },
                fnSer: null,
                maxSize: null,
                type: "String"
            }, {
                name: "VA-OpenerName",
                defVal: "HNB-VA-AO-NONSTAGING",
                rId: "session",
                shName: "vaOp",
                fnCast: function(o) {
                    return o ? o.toString() : o;
                },
                fnSer: null,
                maxSize: null,
                type: "String"
            }, {
                name: "ChatThemeName",
                defVal: "HNB-VA-DT",
                rId: "session",
                shName: "ctNm",
                fnCast: function(o) {
                    return o ? o.toString() : o;
                },
                fnSer: null,
                maxSize: null,
                type: "String"
            }, {
                name: "NinaEnv",
                defVal: "ninaProd",
                rId: "state",
                shName: "NiEn",
                fnCast: function(o) {
                    return o ? o.toString() : o;
                },
                fnSer: null,
                maxSize: null,
                type: "String"
            }, {
                name: "automatonDatapass",
                defVal: [{
                    key: "cust_name",
                    value: s7("nuanceData.cust_name")
                }, {
                    key: "cust_perm_id",
                    value: s7("nuanceData.cust_perm_id")
                }, {
                    key: "cust_perm_id_hash",
                    value: s7("nuanceData.cust_perm_id_hash")
                }, {
                    key: "guid",
                    value: s7("nuanceData.guid")
                }, {
                    key: "wave_id",
                    value: s7("nuanceData.wave_id")
                }, {
                    key: "rol_domain",
                    value: s7("nuanceData.rol_domain")
                }, {
                    key: "usc_domain",
                    value: s7("nuanceData.usc_domain")
                }, {
                    key: "hcom_domain",
                    value: s7("nuanceData.hcom_domain")
                }, {
                    key: "oao_domain",
                    value: s7("nuanceData.oao_domain")
                }, {
                    key: "chat_env",
                    value: "prod"
                }],
                rId: "tmpVars",
                shName: "VaDP",
                type: "Map"
            }];
        },
        timezoneID: 'US/Eastern',
        frameworkCanRun: function(deviceType, _3pcSupported, _1pcSupported, xdActive) {
            if (_1pcSupported === false || (xdActive && !_3pcSupported)) {
                return false;
            }
            return true;
        },
        c2cPageElementIDs: function() {
            return {
                "30001474": "inqC2CImgContainer_Anchored",
                "30001503": "inqC2CImgContainer_Anchored",
                "30001504": "inqC2CImgContainer_Anchored"
            };
        },
        getDefaultBusinessUnitID: function() {
            return 19001202;
        },
        v3framesrc: window.location.pathname,
        multiHost: true,
        oneToManyChatrouterDomain: ''
    };
}
#9 JavaScript::Eval (size: 23) - SHA256: ff00ecc4d338e97894d9afc638f3184b3ecab052c80d6b3377fbabe6afe3d71f
nuanceData.cust_perm_id
#10 JavaScript::Eval (size: 18) - SHA256: f152bee9780f82664f1561f59d4cfb7a8aa6490e08066899276dda831b3f3b53
nuanceData.wave_id
#11 JavaScript::Eval (size: 21) - SHA256: 3d151b0dcd0bd79e4e6a5ae0535d85337c94a8f5c9447fb13974d4f75e5ca361
nuanceData.usc_domain

Executed Writes (0)


HTTP Transactions (188)


Request Response
                                        
                                            GET /email-account.php HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.40
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (65462)
Size:   76897
Md5:    169bea45749cac78cc97c9325bb38479
Sha1:   e18dbfda554822dfe6cd4e1c0c8bb3ab406c056b
Sha256: 901c495f9f856b0444110355fddab1247720516fa8a36aa810e9687cf64a68eb

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "9C4E52E7E17158307D752DB0BC3D1FBEDAE4F305CC301FD73B260F73AB796492"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4356
Expires: Wed, 07 Dec 2022 14:15:42 GMT
Date: Wed, 07 Dec 2022 13:03:06 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2494
Cache-Control: max-age=166183
Date: Wed, 07 Dec 2022 13:03:06 GMT
Etag: "63906b73-1d7"
Expires: Fri, 09 Dec 2022 11:12:49 GMT
Last-Modified: Wed, 07 Dec 2022 10:31:15 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "B85D98F8DF05431777D96C767CE4C152302EC3F653CDF6E61C8C3FA9574F3255"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13796
Expires: Wed, 07 Dec 2022 16:53:02 GMT
Date: Wed, 07 Dec 2022 13:03:06 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 07 Dec 2022 12:20:28 GMT
cache-control: public,max-age=3600
age: 2558
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    14cd9a0afb6ba9a763651d5112760d1e
Sha1:   75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
Sha256: 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: VALn+LW39hhp+YTrpy3TzWf1sVU9nASaa4Tdeg2hvnGjLxVWArHIZ+Rp4/Czs+104pFFfmOnGSs=
x-amz-request-id: 915804JYQ7WVQ13P
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 07 Dec 2022 12:47:30 GMT
age: 936
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    53341dea33f4f3d9b4966f80589f429a
Sha1:   20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
Sha256: 651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 07 Dec 2022 13:03:06 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /index_files/f.txt HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 23 Apr 2020 00:07:36 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (2178)
Size:   10707
Md5:    9e120391b1445bfc8a515e6b89afe3f5
Sha1:   11bdbb0d38fd31061215db952d2582c213993a41
Sha256: 47267bd2d5fe706c248b9dc9c661700103a5f6006dd96f08a6c32e237b60ea8b

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/ytc.js.download HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 23 Apr 2020 00:07:38 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (14425), with no line terminators
Size:   5402
Md5:    5c22659ed572937e05833727e8f4a584
Sha1:   67bd23ee9158220d50843d0029704e672eb2405e
Sha256: 6c59667107d6b44e35ea0fcb09cb683262c17d4af67967b7c9425b81e6cbcc43

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/bat.js.download HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 23 Apr 2020 00:07:38 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (25365), with no line terminators
Size:   7676
Md5:    b09794b457be07c7414b263198776b11
Sha1:   67741bdf8ce97757272f34917aab475b768d8deb
Sha256: 1389ff7051cdea2115d27f4313999891bad03e6287fe3ef1ef07ac4e0057cea3

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/insight.min.js.download HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 23 Apr 2020 00:07:38 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (3577)
Size:   1576
Md5:    7bdf4661ce6abab2120ac346a3612058
Sha1:   dff1fe656645628e794209c01739ee5e95336999
Sha256: 886930d0ea428223e0f94506b4b58fc4a6f0f5906e30054b237e0197dcd79214

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/fbevents.js.download HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 23 Apr 2020 00:07:38 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (41711)
Size:   54810
Md5:    79684b2fc18c6e003d0747a1b66b4794
Sha1:   80db7f5cc9bbd1510129549f9868431dec1f37f7
Sha256: 73e953dbffd99e765effdc6a94c2440dc573004340b31acf084b613d032a4de6

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/serverComponent.php HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.40
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (317)
Size:   245
Md5:    a7309779c48b334d766b986aecf5cddb
Sha1:   714a41e74edf262392c590e60e6eef99869d307a
Sha256: 49fd8d1bdd49f9207bc8dfe11bbd93dbaebd3b51218a2e294786703797a6554d

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/82154ef468aff3ad267e57006a5dd605.js.download HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 23 Apr 2020 00:07:38 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (1076)
Size:   29432
Md5:    be01d01f9f9f3c93343e51b5896c4a35
Sha1:   76460ba4d0a3f22736272ca0290d0abb423ead81
Sha256: 6d2f6cf60b985bde6202c5730039e6171a6513a3f2bf969cfebe2c355ec22d15

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/5151e22e HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:06 GMT
Content-Length: 32829
Connection: keep-alive
Last-Modified: Thu, 23 Apr 2020 00:07:38 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (19024)
Size:   32829
Md5:    0efa0e41898f378d45b2e935e65175ce
Sha1:   8c4205a8e2286045d4d6af9403025b658c538e1a
Sha256: 1d4cab71cdc96860f4a8e41483bba4d5ec05b02a68244c77750207d799210fcf

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/ruxitagentjs_ICA27SVfjoqrux_10183200114120852.js.download HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 23 Apr 2020 00:07:38 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (1626)
Size:   62219
Md5:    141e11e309fdb988e32be71c7da45987
Sha1:   11cb014f0425fb9a168965b561d23c41fca35592
Sha256: fb615084208716c4da546de3239500033d961cec32a78c15d5c79c5f8b7a84c4

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/jquery-3.4.1.min.js.download HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 23 Apr 2020 00:07:38 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (65451)
Size:   30908
Md5:    70ae57c52553459fc7e2740d86e28d43
Sha1:   905b3ee7cd29abbfbd21bd4e48a0de2890e8e5c3
Sha256: 5663ddb0bccc63ab7f656836cc2224cca38d7466a38b64ae5b1e758615821778

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/site-survey.min.css HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
Expires: Fri, 06 Jan 2023 13:03:06 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (4339)
Size:   1135
Md5:    63d09db2bd679641083c0aff8ab3b1b4
Sha1:   d79dba31f3f0bf25b02f2839996f97e50878284f
Sha256: d3e564ec855a3d8a6cad6a96c725ed3a4770325088ccb3b5c14afaf86c749d50

Alerts:
  urlquery:
    - Phishing - Huntington
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/oo_engine.min.js.download HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (45689), with no line terminators
Size:   12307
Md5:    e45837c55805cce944b422746f556a39
Sha1:   1ea5a420c8e0612b3513679af7cee0d87d6afe2e
Sha256: 37bfd875914b6d2c2a9b20ffac4aa1c09d2bf689f6112e99bbfc7d053be572d0

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/f(2).txt HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (2363), with no line terminators
Size:   1061
Md5:    17e4836ec326947f02ea476bdfe36e6d
Sha1:   cccd88b1907fa766f8ef708397ee968a6c22927e
Sha256: db73f4b968037c9ba8ed7be2d42213db46107f13ae86ce255d55e6a5a7006266

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/f(1).txt HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (2481), with no line terminators
Size:   1091
Md5:    6f7f515205027a83b55900908b3d6109
Sha1:   696752d6d1f6558e29bfe47077fb00731dbf9f7f
Sha256: 96290b705666e12aa9dcdcb5d245674174382b0f4aa693b52affcc5a48ae2105

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/Bootstrap.js.download HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 23 Apr 2020 00:07:38 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (598)
Size:   72441
Md5:    a8259b151a76ac24ca9018a708d4b1c6
Sha1:   5a675dcd030d42935778e96edef25b904b362f32
Sha256: cca1bdeeccae0a6a27e1fb51e1674c39d7349aed80abe6017d67e8818ac100e0

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6218
Cache-Control: max-age=136796
Date: Wed, 07 Dec 2022 13:03:06 GMT
Etag: "638fea1c-1d7"
Expires: Fri, 09 Dec 2022 03:03:02 GMT
Last-Modified: Wed, 07 Dec 2022 01:19:24 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /index_files/chat-fab.js.download HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (19644)
Size:   6323
Md5:    193ba8444b77f08b1eb325e0aee68745
Sha1:   aa0975262462a6960b234e579c28e53d03f1806d
Sha256: 2dd8bdb1439ebad9950f78a4adba3be7e2e9cfb9f83881a4deaf732c57417e73

Alerts:
  urlquery:
    - Phishing - Huntington
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/vtt.global.min.js.download HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (20659)
Size:   7245
Md5:    a00dc8be608a8b2bb165ead03958d121
Sha1:   bca9c86df6db0afaaf9103a932bbaf803c88cf3c
Sha256: f54be073e9c0d6b224352ec66ebdab497b316ef610bcdc73b2a7e34733d051a9

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6424
Cache-Control: max-age=137002
Date: Wed, 07 Dec 2022 13:03:06 GMT
Etag: "638fea1c-1d7"
Expires: Fri, 09 Dec 2022 03:06:28 GMT
Last-Modified: Wed, 07 Dec 2022 01:19:24 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5178
Cache-Control: max-age=135755
Date: Wed, 07 Dec 2022 13:03:06 GMT
Etag: "638fea1c-1d7"
Expires: Fri, 09 Dec 2022 02:45:41 GMT
Last-Modified: Wed, 07 Dec 2022 01:19:24 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /index_files/outdated.min.js.download HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (1083)
Size:   580
Md5:    1092d509c02f6352093dd0991fcd517b
Sha1:   f2b07135845174cc694d4b23cf721ee94c1a4298
Sha256: cf92f08f9a232899bdf740305ee5fb5ded6374b783ca8e4859ea351f76c20dd4

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/site-survey.min.js.download HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (7496)
Size:   2814
Md5:    fa7430e7735dcd145aecd7174b7bb6f9
Sha1:   fe6fe710c6d27cef3a68b39f8c956378761ffb5d
Sha256: aa5f7e98e35aa5a4e7f9f682e9457e4f10de89444bd7754419178834cfa66a81

Alerts:
  urlquery:
    - Phishing - Huntington
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /Presentation/fonts/HuntingtonApexWeb-MediumCaps.woff2 HTTP/1.1 
Host: www.huntington.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rcu6.com
Connection: keep-alive
Referer: http://rcu6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         23.72.139.51
HTTP/2 200 OK
content-type: application/font-woff2
                                        
accept-ranges: bytes
content-length: 18636
etag: "09cbc8223f9d81:0:dtagent10249220905100923HoHr"
last-modified: Tue, 15 Nov 2022 18:53:11 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin: *
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
timing-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer-when-downgrade
server-timing: dtSInfo;desc="0", dtRpid;desc="-465350977", dtTao;desc="1"
x-ua-compatible: IE=edge
cache-control: public, max-age=1731032
expires: Tue, 27 Dec 2022 13:53:38 GMT
date: Wed, 07 Dec 2022 13:03:06 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 18636, version 1.131\012- data
Size:   18636
Md5:    6bcfcbed1f0aa26a245423d2e4bcde4f
Sha1:   d17df2ba457e3009ee38db903b88671885c3984e
Sha256: 9a5b0c5eba9dfa18bae071303b7cd96ef716a5bb6d8dcf39dd53a6e931dc6b22
                                        
                                            GET /index_files/serverComponent.php HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.40
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: HIT
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (317)
Size:   245
Md5:    a7309779c48b334d766b986aecf5cddb
Sha1:   714a41e74edf262392c590e60e6eef99869d307a
Sha256: 49fd8d1bdd49f9207bc8dfe11bbd93dbaebd3b51218a2e294786703797a6554d

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/sp.pl(1).download HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:06 GMT
Content-Length: 0
Connection: keep-alive
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Accept-Ranges: bytes


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /Presentation/fonts/HuntingtonApexWeb-Book.woff2 HTTP/1.1 
Host: www.huntington.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rcu6.com
Connection: keep-alive
Referer: http://rcu6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         23.72.139.51
HTTP/2 200 OK
content-type: application/font-woff2
                                        
accept-ranges: bytes
content-length: 20592
etag: "0f59ebaf2e3d81:0:dtagent10243220606153550X/NY"
last-modified: Wed, 19 Oct 2022 19:41:05 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin: *
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
timing-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer-when-downgrade
server-timing: dtSInfo;desc="0", dtRpid;desc="897722665", dtTao;desc="1"
x-ua-compatible: IE=edge
cache-control: public, max-age=1912457
expires: Thu, 29 Dec 2022 16:17:23 GMT
date: Wed, 07 Dec 2022 13:03:06 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 20592, version 1.66\012- data
Size:   20592
Md5:    a075767d12a8cc86d52367ef3aacec11
Sha1:   9aef8898e7a319ee5cbe08c5b0cec63512561d7d
Sha256: e744a36d486c70943378751b1d1623c2c8f25ee10abd89365ff20162d98dd555
                                        
                                            GET /index_files/sp.pl.download HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 500 Internal Server Error
Content-Type: text/html; charset=iso-8859-1
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:06 GMT
Content-Length: 662
Connection: keep-alive
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   662
Md5:    40f86d54cd7619752be6acca297bed90
Sha1:   240ba6fb3b28037daa0cd65ed2f84d359b9d9f73
Sha256: eae6939a2208653cef791a2da52efc6cc46c7df04076fafba5d6f9b266554ef1

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /Presentation/fonts/HuntingtonApexWeb-Bold.woff2 HTTP/1.1 
Host: www.huntington.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rcu6.com
Connection: keep-alive
Referer: http://rcu6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         23.72.139.51
HTTP/2 200 OK
content-type: application/font-woff2
                                        
accept-ranges: bytes
content-length: 19712
etag: "09cbc8223f9d81:0:dtagent10249220905100923HoHr"
last-modified: Tue, 15 Nov 2022 18:53:11 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin: *
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
timing-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer-when-downgrade
server-timing: dtSInfo;desc="0", dtRpid;desc="1293310310", dtTao;desc="1"
x-ua-compatible: IE=edge
cache-control: public, max-age=1127984
expires: Tue, 20 Dec 2022 14:22:50 GMT
date: Wed, 07 Dec 2022 13:03:06 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 19712, version 1.66\012- data
Size:   19712
Md5:    ee5e65624970575e475f375b29b0b22b
Sha1:   6e622749b6f7092e825eb7ed90b74c3d70fa43b9
Sha256: deb1a78860a2c7ab88ddaa4a522a47ad93e26f1cc1bdd1425d108f770ce93215
                                        
                                            GET /index_files/oo_icon_retina_black.gif HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:06 GMT
Content-Length: 552
Connection: keep-alive
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
Expires: Sun, 05 Feb 2023 13:03:06 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 18 x 18\012- data
Size:   552
Md5:    0f74fe3f4f85d3c7f096f2416efa893a
Sha1:   bffedd9c6e9b04c0e6f7f77bd689013de5e8d01e
Sha256: 15f5836e52324d46e89eed325a5de5158f0d9bb29d59e1ffc381d961a1f6980d

Alerts:
  urlquery:
    - Phishing - Huntington
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/icon_ENERGY_RGB_Location.png HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:06 GMT
Content-Length: 7543
Connection: keep-alive
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
Expires: Sun, 05 Feb 2023 13:03:06 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 300 x 216, 8-bit/color RGBA, non-interlaced\012- data
Size:   7543
Md5:    a58a87032c6c7175484ded7dcc54917e
Sha1:   6e00910f7b8d37f45918a7f20d5384e2e3ac363a
Sha256: e4190662de958e1a2c8377c7ff106609da73fc394c8991ebd9ab81368e129b9c

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/lockup.svg HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
Expires: Sun, 05 Feb 2023 13:03:06 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (3937), with CRLF line terminators
Size:   1420
Md5:    90002463cd647f45170da29025d307c8
Sha1:   0c4fab566cd4ef37c0e594d54fa8424f6a296d8a
Sha256: f03472b08b791ca4ecbd74fe8efb0c1c928f80addb0d2d2441551b1169606ff9

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/hero-mobile-woman-standing.jpg HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:06 GMT
Content-Length: 34344
Connection: keep-alive
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
Expires: Sun, 05 Feb 2023 13:03:06 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 736x480, components 3\012- data
Size:   34344
Md5:    097569ac7ca97d9d6538a35d6ab28927
Sha1:   c39c33070b20c2f7d92866e4e915e65944d62766
Sha256: 330892c01cfa66bf7c89a67960cdb733ea6fe00cce8e5cd05df1f54ca5fe3f65

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/icon_arrow-simple-right-lightgreen.svg HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Content-Length: 236
Connection: keep-alive
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
Expires: Sun, 05 Feb 2023 13:03:07 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Accept-Ranges: bytes


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   236
Md5:    ef60e363ad319ed80a9726e47dfb7fde
Sha1:   bdfd20cdabe3b80ebdf6f38528ea696af6ef9ee7
Sha256: 5c4c8971c0dbcb22c58ef1601a338af72af941e616da0b51a551a102582094ca

Alerts:
  urlquery:
    - Phishing - Huntington
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/v-mobile-white-glasses-grn.jpg HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:06 GMT
Content-Length: 33545
Connection: keep-alive
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
Expires: Sun, 05 Feb 2023 13:03:06 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, baseline, precision 8, 736x480, components 3\012- data
Size:   33545
Md5:    a0d1664331d8eb21ff5dee44dfa8f50e
Sha1:   6fe36cc3bb0fb70a92a0285a1b82b26d838f5371
Sha256: 2bb709222096c8b6748a66c23e1ba6fc88c0d1520425b0c7982b24be1eecada5

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/v-desktop-privatebank-man-on-chair.jpg HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Content-Length: 151142
Connection: keep-alive
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
Expires: Sun, 05 Feb 2023 13:03:07 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1400x801, components 3\012- data
Size:   151142
Md5:    81deb151736e7ae75ea57e2085465344
Sha1:   04b2e330b890ad5eb654f50935ebeb2fba9e4f46
Sha256: 5964da57696a9334edd52b5b0d89c3489323d3174a716b1601c74afa042cd1ed

Alerts:
  urlquery:
    - Phishing - Huntington
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/icon_arrow-simple-right-green.svg HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Content-Length: 236
Connection: keep-alive
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
Expires: Sun, 05 Feb 2023 13:03:07 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Accept-Ranges: bytes


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   236
Md5:    c15fb067b96520fab546ea19cbdec4cf
Sha1:   6e12531154a8eae1ffd69a304adef6e36b7f7395
Sha256: c02e4c11a4c75d01c124759b5c9e9ea61ab52faca11dacd13fd4f36b111c61d9

Alerts:
  urlquery:
    - Phishing - Huntington
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/v-mobile-business-woman-standing.jpg HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Content-Length: 25812
Connection: keep-alive
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
Expires: Sun, 05 Feb 2023 13:03:07 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 736x480, components 3\012- data
Size:   25812
Md5:    b8c9c25b56c5bc795c02895e55d00ab9
Sha1:   c9e7f5f939525f6dd6ae7abae39d5cb7b6eb40fe
Sha256: 13f5b82be3a4369ef637e7963b1b62af963de2e9087a6767df07c18356fc0d66

Alerts:
  urlquery:
    - Phishing - Huntington
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/icon_arrow-simple-down-green.svg HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Content-Length: 251
Connection: keep-alive
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
Expires: Sun, 05 Feb 2023 13:03:07 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Accept-Ranges: bytes


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   251
Md5:    f8c517c8e11bb3b923c3b40d5a97a558
Sha1:   aec1f36fbbce0c666d22e3111dc8cea51cd66d8a
Sha256: 205542c1a66e2af533470d79ab37d6dcceb6e62b3b0ed44dd28a185a009fa64f

Alerts:
  urlquery:
    - Phishing - Huntington
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/CML-hero-NEW-mobile.jpg HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Content-Length: 172824
Connection: keep-alive
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
Expires: Sun, 05 Feb 2023 13:03:07 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=725, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1400], progressive, precision 8, 1400x725, components 3\012- data
Size:   172824
Md5:    91f8937c5225b661b1e8fa0c5a0906ac
Sha1:   4c507a0f9431e566dcb6a287d61e50870b99e2af
Sha256: 00fb13972a54aee58558dd11a63c70737a3462decfaa67606684f694b45b44da

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/pelotonia-riders.jpg HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Content-Length: 82993
Connection: keep-alive
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
Expires: Sun, 05 Feb 2023 13:03:07 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 675x379, components 3\012- data
Size:   82993
Md5:    d0a3a0ddf6579ddb74b4aabe794c7273
Sha1:   a1402b31d2070f37f63b6b2ee9dd778683f38990
Sha256: 0fe72bc26a43b42874029da0f84022b13dc1c61915ed121ab03b6b3e0fa5b690

Alerts:
  urlquery:
    - Phishing - Huntington
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/5151e22e HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Content-Length: 32829
Connection: keep-alive
Last-Modified: Thu, 23 Apr 2020 00:07:38 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: HIT
X-Server-Powered-By: Engintron
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (19024)
Size:   32829
Md5:    0efa0e41898f378d45b2e935e65175ce
Sha1:   8c4205a8e2286045d4d6af9403025b658c538e1a
Sha256: 1d4cab71cdc96860f4a8e41483bba4d5ec05b02a68244c77750207d799210fcf

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/west-broad-elementary-kids.jpg HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Content-Length: 32055
Connection: keep-alive
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
Expires: Sun, 05 Feb 2023 13:03:07 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.00, resolution (DPI), density 120x120, segment length 16, comment: "LEAD Technologies Inc. V1.01", baseline, precision 8, 548x308, components 3\012- data
Size:   32055
Md5:    dc55374efaafedc5193b9f4c57e8f1a1
Sha1:   3dd9bd8ce4d6ef2eb8cd882ed580d57fc6991393
Sha256: 0dab592cbf8f71bce76059647380cb6e82ecb8c96b0e2d45c271563af101da3f

Alerts:
  urlquery:
    - Phishing - Huntington
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/jd-power-award-2019-mobile-online.png HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Content-Length: 64084
Connection: keep-alive
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
Expires: Sun, 05 Feb 2023 13:03:07 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 406 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size:   64084
Md5:    8d223f884315d4a6cbe5ec5ae6e5d56c
Sha1:   e69f13b1a66d9bda11112758a50d2cd666a9624d
Sha256: 2f1795a79395cc96ae535538ae9dcd826f83e2f8b6d998dab5d122f5ec1594b5

Alerts:
  urlquery:
    - Phishing - Huntington
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/f(1).txt HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: HIT
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (2481), with no line terminators
Size:   1091
Md5:    6f7f515205027a83b55900908b3d6109
Sha1:   696752d6d1f6558e29bfe47077fb00731dbf9f7f
Sha256: 96290b705666e12aa9dcdcb5d245674174382b0f4aa693b52affcc5a48ae2105

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/columbus-urban-league.jpg HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Content-Length: 38135
Connection: keep-alive
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
Expires: Sun, 05 Feb 2023 13:03:07 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.00, resolution (DPI), density 120x120, segment length 16, comment: "LEAD Technologies Inc. V1.01", baseline, precision 8, 548x309, components 3\012- data
Size:   38135
Md5:    c387f7385b09799a1ed335ea997d838f
Sha1:   ef5c0a09094bcc0184b3445846146bfd844a880f
Sha256: 8dd84ba8c46c05c00cc9ee5ca020b95f976a0087cc3a70253bf3ff561ea66c3a

Alerts:
  urlquery:
    - Phishing - Huntington
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/EHL_Black_HouseOnly.svg HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
Expires: Sun, 05 Feb 2023 13:03:07 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   362
Md5:    154fab8e5b522f196f0ee37531af9c86
Sha1:   ebe3f81861334d969b43620e2637dd3357870aa0
Sha256: 9020cc818e67a2cbd69bbcef14df9e2bbe1af307f6311e7604ae15a26355f0e2

Alerts:
  urlquery:
    - Phishing - Huntington
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 07 Dec 2022 12:08:58 GMT
cache-control: public,max-age=3600
age: 3249
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /index_files/logo-honeycomb.svg HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
Expires: Sun, 05 Feb 2023 13:03:07 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (841), with no line terminators
Size:   435
Md5:    1e8ab5050c6d9f1b254f92c9f9cb1842
Sha1:   4213f9baa531ca13becb8fac61701243474f9fc1
Sha256: 4d881d3e3a79ee19b069ba39938689bfca1f42c7fa47ecbe20fd2a390056e497

Alerts:
  urlquery:
    - Phishing - Huntington
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/f(2).txt HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: HIT
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (2363), with no line terminators
Size:   1061
Md5:    17e4836ec326947f02ea476bdfe36e6d
Sha1:   cccd88b1907fa766f8ef708397ee968a6c22927e
Sha256: db73f4b968037c9ba8ed7be2d42213db46107f13ae86ce255d55e6a5a7006266

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/0 HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Content-Length: 0
Connection: keep-alive
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Accept-Ranges: bytes


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/0(1) HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Content-Length: 0
Connection: keep-alive
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Accept-Ranges: bytes


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/eeb40badb221607a1bf7e89412ef77 HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Content-Length: 66005
Connection: keep-alive
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: HIT
X-Server-Powered-By: Engintron
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   66005
Md5:    93e3090f4a1ac38fc394a901ba3136b9
Sha1:   17c8b1d598a83d82c125bf701f5ff79ad0d63ffc
Sha256: 8bd5e5729a3fb989a0bcb99fd966df11e1c44198c447712fa4136996e2b28c0a

Alerts:
  urlquery:
    - Phishing - Huntington
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/eeb40badb221607a1bf7e89412ef77 HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:06 GMT
Content-Length: 66005
Connection: keep-alive
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Accept-Ranges: bytes


--- Additional Info ---
Magic:  data
Size:   34899
Md5:    e999077d9bf73ce02184a1a2bc4ece77
Sha1:   eeb1397636d570ce12854632f4db43ae2f945c0b
Sha256: a4111831fb9c0820ad0b0203e6849be61650bed45d5e7601840eb72cb20bbdba

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /-/media/hcom/BackgroundImages/charcoal-block.png?rev=e2081e239c1446eca50211281c3c5209 HTTP/1.1 
Host: www.huntington.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rcu6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.72.139.51
HTTP/2 200 OK
content-type: image/webp
                                        
etag: 77183e5a07ca45fcbaf010bf53aff281
last-modified: Fri, 14 Oct 2022 11:49:17 GMT
server: Akamai Image Manager
content-length: 48
cache-control: private, no-transform, max-age=471627
expires: Tue, 13 Dec 2022 00:03:34 GMT
date: Wed, 07 Dec 2022 13:03:07 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 10x10, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   48
Md5:    6cbb1156f106670a020e38cf19fcc217
Sha1:   1b7325891051a3dc891b704084a7df0f8579c37d
Sha256: a26c2e015e5e7986a5f83c09da99d9a7ab04c42d650ac2a69d680538e82eb1dd
                                        
                                            GET /fonts/muli-v11-latin-700.woff2 HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://rcu6.com/index_files/toolkit.min.css

search
                                         45.133.200.3
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Content-Length: 315
Connection: keep-alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   315
Md5:    a34ac19f4afae63adc5d2f7bc970c07f
Sha1:   a82190fc530c265aa40a045c21770d967f4767b8
Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Alerts:
  urlquery:
    - Phishing - Huntington
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/toolkit.min.js.download HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 23 Apr 2020 00:07:38 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  data
Size:   83152
Md5:    c68a9e2543b10e14437e3b111d86e108
Sha1:   12735eb461d8eb440011bc11cf3e944048853f18
Sha256: 03f70d1db573b5987f41774ef060492888d7047c977e65a97017cb0153253d10

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /-/media/hcom/Redesign/hex-pattern3.png?rev=e76241c021b44e92a7f9d3a1409cfb9b&h=292&w=1242&la=en&hash=A8569DEE27F3793E9FE16F5E5F4CE04F HTTP/1.1 
Host: www.huntington.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rcu6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.72.139.51
HTTP/2 200 OK
content-type: image/webp
                                        
etag: 4fb20a3a01f5492ca8289996b580052a
last-modified: Thu, 09 Jun 2022 17:50:18 GMT
server: Akamai Image Manager
content-length: 10388
cache-control: private, no-transform, max-age=68503
expires: Thu, 08 Dec 2022 08:04:50 GMT
date: Wed, 07 Dec 2022 13:03:07 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image\012- data
Size:   10388
Md5:    10b43fef9c52b9d14a97c7ca5ce00b13
Sha1:   b3976f1f9a817c80c98040df7f6eafbb1e5396ee
Sha256: 42836d28ddb87bdb39b52eabe6038e5f1541efe542515adddcfb8efb17ea020c
                                        
                                            GET /-/media/hcom/Redesign/hex-pattern4.png?rev=99c678cf4fae4e75875d664eddd46fc3&h=72&w=1054&la=en&hash=C37D5A31D3EE7679D9A333715887649E HTTP/1.1 
Host: www.huntington.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rcu6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.72.139.51
HTTP/2 200 OK
content-type: image/webp
                                        
etag: 8ac43a653e8f4954b8919fe5d18f2481
last-modified: Thu, 09 Jun 2022 18:21:54 GMT
server: Akamai Image Manager
content-length: 3568
cache-control: private, no-transform, max-age=43200
expires: Thu, 08 Dec 2022 01:03:07 GMT
date: Wed, 07 Dec 2022 13:03:07 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image\012- data
Size:   3568
Md5:    56604a7df3f4c9c9b03ec95a8a54b3db
Sha1:   ed50b495fcc27a35158336e37098001191cf4a54
Sha256: 815f38d3f26ce6455ca858ce73abb3bf6192065c09e8c7118eb736ed20e6dbb9
                                        
                                            GET /fonts/HuntingtonApexWeb-Medium.woff2 HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://rcu6.com/index_files/toolkit.min.css

search
                                         45.133.200.3
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Content-Length: 315
Connection: keep-alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   315
Md5:    a34ac19f4afae63adc5d2f7bc970c07f
Sha1:   a82190fc530c265aa40a045c21770d967f4767b8
Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Alerts:
  urlquery:
    - Phishing - Huntington
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /fonts/muli-v11-latin-300.woff2 HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://rcu6.com/index_files/toolkit.min.css

search
                                         45.133.200.3
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Content-Length: 315
Connection: keep-alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   315
Md5:    a34ac19f4afae63adc5d2f7bc970c07f
Sha1:   a82190fc530c265aa40a045c21770d967f4767b8
Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Alerts:
  urlquery:
    - Phishing - Huntington
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /fonts/HuntingtonApexWeb-Book.woff2 HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://rcu6.com/index_files/toolkit.min.css

search
                                         45.133.200.3
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Content-Length: 315
Connection: keep-alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   315
Md5:    a34ac19f4afae63adc5d2f7bc970c07f
Sha1:   a82190fc530c265aa40a045c21770d967f4767b8
Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Alerts:
  urlquery:
    - Phishing - Huntington
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /fonts/HuntingtonApexWeb-Bold.woff2 HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://rcu6.com/index_files/toolkit.min.css

search
                                         45.133.200.3
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Content-Length: 315
Connection: keep-alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   315
Md5:    a34ac19f4afae63adc5d2f7bc970c07f
Sha1:   a82190fc530c265aa40a045c21770d967f4767b8
Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Alerts:
  urlquery:
    - Phishing - Huntington
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /fonts/muli-v11-latin-600.woff2 HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://rcu6.com/index_files/toolkit.min.css

search
                                         45.133.200.3
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Content-Length: 315
Connection: keep-alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   315
Md5:    a34ac19f4afae63adc5d2f7bc970c07f
Sha1:   a82190fc530c265aa40a045c21770d967f4767b8
Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Alerts:
  urlquery:
    - Phishing - Huntington
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /-/media/hcom/Redesign/video-hero/hero-bg-video-garcias.jpg?rev=0af5f97d8911497cb477a860238dfefe HTTP/1.1 
Host: www.huntington.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rcu6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.72.139.51
HTTP/2 200 OK
content-type: image/webp
                                        
etag: c69b1afaa18b4dcd9f9d1422ebfd2153
last-modified: Fri, 11 Nov 2022 21:24:13 GMT
server: Akamai Image Manager
content-length: 46614
cache-control: private, no-transform, max-age=118550
expires: Thu, 08 Dec 2022 21:58:57 GMT
date: Wed, 07 Dec 2022 13:03:07 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 1440x810, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   46614
Md5:    f46268f2799d168f6a57d30321938f75
Sha1:   7dbb0732e4a0bb2aad4a24274f37867ccff0846e
Sha256: 1214167d2deea4ca58c92c53ce99080170ca94aa5c5d9c226fec34c68370bf49
                                        
                                            GET /-/media/hcom/Redesign/Icons/icon_arrow-right.svg?rev=4d327dc783dc41b3aa3242850fc405be HTTP/1.1 
Host: www.huntington.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rcu6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.72.139.51
HTTP/2 200 OK
content-type: image/svg+xml
                                        
accept-ranges: bytes
content-length: 400
etag: fa17d379df254ed5a6f66038800ebf7d
last-modified: Wed, 05 Jun 2019 17:54:26 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-disposition: inline; filename="icon_arrow-right.svg"
x-permitted-cross-domain-policies: master-only
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer-when-downgrade
x-ua-compatible: IE=edge
cache-control: public, max-age=1683532
expires: Tue, 27 Dec 2022 00:41:59 GMT
date: Wed, 07 Dec 2022 13:03:07 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   400
Md5:    9c75d30bead00eb80005940547a8a8bb
Sha1:   948e77324d5a0f9709bddb0b1438cd7a271337e8
Sha256: 8781a8a5abfa3b4adbfbe3a8b3028d7f6516b65432cebd89a51cf655a360d441
                                        
                                            GET /-/media/hcom/Redesign/hex-pattern-small-top.png?rev=f9b4b1a3499b453c80177a819db84182&h=304&w=860&la=en&hash=4FC2E701A91D28132D87C5378FDA60FA HTTP/1.1 
Host: www.huntington.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rcu6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.72.139.51
HTTP/2 200 OK
content-type: image/webp
                                        
etag: d2a2c6d72c0a4a7883edfc4fc924ad35
last-modified: Wed, 08 Jun 2022 20:23:36 GMT
server: Akamai Image Manager
content-length: 5672
cache-control: private, no-transform, max-age=153807
expires: Fri, 09 Dec 2022 07:46:34 GMT
date: Wed, 07 Dec 2022 13:03:07 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image\012- data
Size:   5672
Md5:    8976af11a2fb4ffb56c2de37d1501a5c
Sha1:   9131cc4c70a5f09777eca0163cfe001841f121ab
Sha256: 27f5c7ecff862d66273a687cd0193b65d06cc3ab748d76e885ae39b295df9d06
                                        
                                            GET /-/media/hcom/Redesign/hex-pattern-small-bot.png?rev=7ddd0b462b0949b3b43ab9cbe6111cd7&h=74&w=814&la=en&hash=8135CC9BB731030973D2853C3D715157 HTTP/1.1 
Host: www.huntington.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rcu6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.72.139.51
HTTP/2 200 OK
content-type: image/png
                                        
etag: 76a4f8542fb0448e94b8414051022b40
last-modified: Wed, 08 Jun 2022 21:50:39 GMT
server: Akamai Image Manager
content-length: 1709
cache-control: private, no-transform, max-age=156186
expires: Fri, 09 Dec 2022 08:26:13 GMT
date: Wed, 07 Dec 2022 13:03:07 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 814 x 74, 8-bit colormap, non-interlaced\012- data
Size:   1709
Md5:    e275909623f8a06dea733b9f50d68189
Sha1:   ee712255204c913c4adb9a2a9cd0f9ba9971ea8c
Sha256: 11c468e07fa0178954d85e2789a16c1c3d4d1b55ab5ca9f86f9f6512d1136b93
                                        
                                            GET /-/media/hcom/Redesign/hex-pattern2-flipped.png?rev=f4c179ded56e412d818b5d7e0f387ba5&h=544&w=1258&la=en&hash=0E38C798934E18F877D3B4F8BBC6FAA9 HTTP/1.1 
Host: www.huntington.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rcu6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.72.139.51
HTTP/2 200 OK
content-type: image/webp
                                        
etag: ed53b70faaa446babf67dfa1dcd7dfe4
last-modified: Wed, 08 Jun 2022 20:13:40 GMT
server: Akamai Image Manager
x-serial: 1629
x-check-cacheable: YES
content-length: 14408
cache-control: private, no-transform, max-age=151660
expires: Fri, 09 Dec 2022 07:10:47 GMT
date: Wed, 07 Dec 2022 13:03:07 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image\012- data
Size:   14408
Md5:    ed356b3bede532165cb20ff1a100bf79
Sha1:   f1309cf6ed05e63704e4f63419807fc7764d76ea
Sha256: db95aed35b2785ab0bcce9d4364fe30f6bd04f2d68cb3411f1cac43667d0e2d7
                                        
                                            GET /-/media/hcom/Redesign/Icons/icon_money.svg?rev=00af80dda3084648b98ead158ac045c0 HTTP/1.1 
Host: www.huntington.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rcu6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.72.139.51
HTTP/2 200 OK
content-type: image/svg+xml
                                        
accept-ranges: bytes
content-encoding: gzip
etag: d3efa4d87fc24098b87f344a935558be
last-modified: Wed, 05 Jun 2019 17:56:55 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-disposition: inline; filename="icon_money.svg"
x-permitted-cross-domain-policies: master-only
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer-when-downgrade
server-timing: dtSInfo;desc="0", dtRpid;desc="1494600350"
x-ua-compatible: IE=edge
content-length: 1384
cache-control: public, max-age=216725
expires: Sat, 10 Dec 2022 01:15:12 GMT
date: Wed, 07 Dec 2022 13:03:07 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with very long lines (2831), with CRLF line terminators
Size:   1384
Md5:    1ac44f61f40159cf891a29575701fa00
Sha1:   7b0aecb51d7c565310e39c1946704aec22748d37
Sha256: 36a47ff572326ab045f24fbb8fa2d835e093fee269316de3446272248d2f5a04
                                        
                                            GET /-/media/hcom/Redesign/hex-pattern1-flipped.png?rev=335b1807cd914c6a9cfa1bdb1c029612&h=548&w=1258&la=en&hash=87E8C5CF8C9D907A224924701413713D HTTP/1.1 
Host: www.huntington.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rcu6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.72.139.51
HTTP/2 200 OK
content-type: image/webp
                                        
etag: e29268cf6e3344b5a85a51723c7d981e
last-modified: Thu, 13 Oct 2022 23:11:12 GMT
server: Akamai Image Manager
content-length: 15490
cache-control: private, no-transform, max-age=287560
expires: Sat, 10 Dec 2022 20:55:47 GMT
date: Wed, 07 Dec 2022 13:03:07 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image\012- data
Size:   15490
Md5:    951228a305b66576a1ea5e8c0de62b9b
Sha1:   46af907560964bbbe009b2ccad280ea33a743af3
Sha256: 9a752738f5e04abde40c93be70a7b5bcca992d206864ce95f7825bfb7081afd0
                                        
                                            GET /-/media/hcom/Redesign/Icons/icon_check.svg?rev=329190a3c28b47f1bf946311a98c5f95 HTTP/1.1 
Host: www.huntington.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rcu6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.72.139.51
HTTP/2 200 OK
content-type: image/svg+xml
                                        
accept-ranges: bytes
etag: 7d2f6b352081426d90293ee580660924
last-modified: Wed, 05 Jun 2019 17:55:49 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-disposition: inline; filename="icon_check.svg"
x-permitted-cross-domain-policies: master-only
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer-when-downgrade
x-ua-compatible: IE=edge
vary: Accept-Encoding
content-encoding: gzip
cache-control: public, max-age=231563
expires: Sat, 10 Dec 2022 05:22:30 GMT
date: Wed, 07 Dec 2022 13:03:07 GMT
content-length: 980
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with very long lines (2132), with CRLF line terminators
Size:   980
Md5:    b458b2b05ca5d4504443dc1acd27e1b3
Sha1:   28840cccc8d7a75ea11f681fe0c692aea1f4eb5d
Sha256: 1d0cb599a83bda7ac4da5d34139d74016fac29366d04abfeb28d74b609860c76
                                        
                                            GET /-/media/hcom/home/tab/v-desktop-white-glasses-grn.jpg?rev=313d718a427a45ab98aea611f4fcb99e HTTP/1.1 
Host: www.huntington.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rcu6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.72.139.51
HTTP/2 200 OK
content-type: image/jpeg
                                        
etag: 2206b44971fd446d95c06e37683211a2
last-modified: Wed, 08 Jun 2022 20:16:41 GMT
server: Akamai Image Manager
content-length: 119802
cache-control: private, no-transform, max-age=123072
expires: Thu, 08 Dec 2022 23:14:19 GMT
date: Wed, 07 Dec 2022 13:03:07 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 982x1270, components 3\012- data
Size:   119802
Md5:    5ae74a975c38365d32213c22d43bb7ea
Sha1:   55e76e42524741c38d83f7fdf26b6c892050ab87
Sha256: ec251060273f77a254fa4766a6a103c02f34ce37f1250b688a86f048c885585c
                                        
                                            GET /index_files/dest5.html HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php
Upgrade-Insecure-Requests: 1

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 23 Apr 2020 00:07:42 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (39172)
Size:   12812
Md5:    ff9d4ce7b23b16e751778b9b7db68a4a
Sha1:   5d4c4a9b965531b47d64cd9a386ce0e85e3d4cc1
Sha256: 1755659d1b6b8d1b4ea20fefe959efc053e6f7b80577d32cb958d9429c7ff78c

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/activityi.html HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php
Upgrade-Insecure-Requests: 1

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 23 Apr 2020 00:07:42 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (39448)
Size:   10376
Md5:    6407abad084e7cec781df39f65144b8e
Sha1:   05112c0e133ba3c328c139e6afbc68b9f198cf4a
Sha256: 0ccd314537fcfa535aab32727e29d27c68512077f7d0f4c9017e10fa91f7aa82

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/activityi(1).html HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php
Upgrade-Insecure-Requests: 1

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 23 Apr 2020 00:07:42 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (39448)
Size:   10383
Md5:    60d756468fb835fc12cbcf5facb1240a
Sha1:   6ccc7817e45707432fa72a45aaaef8a937a85d4c
Sha256: 1781e7d7cb0de6af4ea25ad6282930ab4ab9f3edc650905d0e04f1c33bc69faa

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/activityi(2).html HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php
Upgrade-Insecure-Requests: 1

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 23 Apr 2020 00:07:42 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (39448)
Size:   10295
Md5:    d98e27adb0f77a62ddf42b21485c581a
Sha1:   c07f9b26535af18befd9ecf3d5b222866f8cd7f0
Sha256: 9be967cc4b4673c040c64b92c7a7d2cacf5d604a798b8da50a85184222bcdeb7

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/nuanceChat.html HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php
Upgrade-Insecure-Requests: 1

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 23 Apr 2020 00:07:42 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (39157)
Size:   10427
Md5:    c17602da7ee65c095997507dc05409b5
Sha1:   40cc86b4b4500c7474e85817bd70b8de23da6bcc
Sha256: d30e7cd4571d41d58b098279d395a8c833e9ef506ca386ffbe0253674bcfd4ac

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/sp.pl.download HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 500 Internal Server Error
Content-Type: text/html; charset=iso-8859-1
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Content-Length: 662
Connection: keep-alive
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   662
Md5:    40f86d54cd7619752be6acca297bed90
Sha1:   240ba6fb3b28037daa0cd65ed2f84d359b9d9f73
Sha256: eae6939a2208653cef791a2da52efc6cc46c7df04076fafba5d6f9b266554ef1

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /-/media/hcom/Redesign/v-desktop-privatebank-man-on-chair.jpg?rev=06f9d4fed776478797de6eba39488e9c HTTP/1.1 
Host: www.huntington.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rcu6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.72.139.51
HTTP/2 200 OK
content-type: image/webp
                                        
etag: efd57170b2f44cc3b266f06b8d9243c7
last-modified: Thu, 09 Jun 2022 17:54:43 GMT
server: Akamai Image Manager
content-length: 91480
cache-control: private, no-transform, max-age=313857
expires: Sun, 11 Dec 2022 04:14:04 GMT
date: Wed, 07 Dec 2022 13:03:07 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 1400x801, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   91480
Md5:    ce99a1fb536d02f0dcc782ffb8438c0c
Sha1:   25560e8eca53546add5f3369e769b4b0b1d43557
Sha256: 0b5a268c9e87c892162c2771ad7e2e38a7fed8093583f95b29295ea8d582f80c
                                        
                                            GET /-/media/hcom/Redesign/Icons/icon_money-green.svg?rev=10b98fbda07945aeaada0a77aabdb0e9 HTTP/1.1 
Host: www.huntington.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rcu6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.72.139.51
HTTP/2 200 OK
content-type: image/svg+xml
                                        
accept-ranges: bytes
content-encoding: gzip
etag: bcda849763ff48be83f5925ec46aa828
last-modified: Wed, 05 Jun 2019 17:57:06 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-disposition: inline; filename="icon_money-green.svg"
x-permitted-cross-domain-policies: master-only
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer-when-downgrade
x-ua-compatible: IE=edge
content-length: 1387
cache-control: public, max-age=216686
expires: Sat, 10 Dec 2022 01:14:33 GMT
date: Wed, 07 Dec 2022 13:03:07 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with very long lines (2831), with CRLF line terminators
Size:   1387
Md5:    530a243cc209cd8afce6d3a197c5bd17
Sha1:   e5a7c57ce240c2ac73e936359600a30ae62fd58a
Sha256: 8c46775a644575089db972ec9730ca8107c1f5c22f34b2dfaeb0764f59fcc767
                                        
                                            GET /-/media/hcom/Redesign/v-desktop-business-woman-standing-grn.jpg?rev=817db1822cf3401c87aa78a03ff4b3d3 HTTP/1.1 
Host: www.huntington.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rcu6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.72.139.51
HTTP/2 200 OK
content-type: image/webp
                                        
etag: 5cb85c318c894340af50f107ee9f1c66
last-modified: Wed, 08 Jun 2022 19:55:58 GMT
server: Akamai Image Manager
x-serial: 1550
x-check-cacheable: YES
content-length: 42250
cache-control: private, no-transform, max-age=309223
expires: Sun, 11 Dec 2022 02:56:50 GMT
date: Wed, 07 Dec 2022 13:03:07 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 710x801, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   42250
Md5:    6f05a70c13af36e7fe5e62cfe6fbf57f
Sha1:   39e32f5cfc4132dce53bc536f05e5425a9832ae1
Sha256: aa0467ff6a034d37cae7552dd7a9ecda5d0e1add6e70fe88f8b123ebd6fc524f
                                        
                                            GET /-/media/hcom/Redesign/Icons/icon_people-green.svg?rev=d327b741cc9044fe883ff5f535d3e1c2 HTTP/1.1 
Host: www.huntington.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rcu6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.72.139.51
HTTP/2 200 OK
content-type: image/svg+xml
                                        
accept-ranges: bytes
etag: dcfd27c09cc34b5e842ea415ae9880e6
last-modified: Wed, 05 Jun 2019 17:59:00 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-disposition: inline; filename="icon_people-green.svg"
x-permitted-cross-domain-policies: master-only
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer-when-downgrade
server-timing: dtSInfo;desc="0", dtRpid;desc="-1579183973"
x-ua-compatible: IE=edge
vary: Accept-Encoding
content-encoding: gzip
cache-control: public, max-age=2222048
expires: Mon, 02 Jan 2023 06:17:15 GMT
date: Wed, 07 Dec 2022 13:03:07 GMT
content-length: 993
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with very long lines (1811), with CRLF line terminators
Size:   993
Md5:    cac6c8de29569656e3d94fa40e6dea0c
Sha1:   deb5ec56b0c824f8c1e4c24e4c5af4ddb4b80fde
Sha256: b064f32f5470e9dd978f554b692b13a158f8ba3d39d18937b523e8b09d226877
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Hm5RURKkF93aVyzdPcFLLw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         35.163.38.240
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: uiXN1H/iKed3sJlA8T2TcIrRo5c=

                                        
                                            GET /-/media/hcom/commercial/homepage/CML-hero-NEW-mobile.jpg?rev=22d08808a1ab4a47b597b976359f054e HTTP/1.1 
Host: www.huntington.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rcu6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.72.139.51
HTTP/2 200 OK
content-type: image/webp
                                        
etag: 7cebda52e3374a859172a0af2ce73326
last-modified: Wed, 08 Jun 2022 21:50:12 GMT
server: Akamai Image Manager
x-serial: 149
x-check-cacheable: YES
content-length: 91194
cache-control: private, no-transform, max-age=342008
expires: Sun, 11 Dec 2022 12:03:15 GMT
date: Wed, 07 Dec 2022 13:03:07 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 1400x725, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   91194
Md5:    a2931179dfaf48bba6876efb015b4f3c
Sha1:   7d7d6a94bd8a226cc38ab3c6134edb16b7e9f6ae
Sha256: 7a738c847e87cff5e7e3c8bc690528d4fda210f9f13362f627f6d18e1098bc24
                                        
                                            GET /-/media/hcom/Redesign/Icons/HNB_icon_DARK_RGB_34x34_Corporate.svg?rev=fb65e7ff1087421990aef12976e0ce12 HTTP/1.1 
Host: www.huntington.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rcu6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.72.139.51
HTTP/2 200 OK
content-type: image/svg+xml
                                        
accept-ranges: bytes
content-encoding: gzip
etag: 53a09414b63d41d48397fd1719ed6944
last-modified: Wed, 15 Apr 2020 14:40:36 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-disposition: inline; filename="HNB_icon_DARK_RGB_34x34_Corporate.svg"
x-permitted-cross-domain-policies: master-only
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer-when-downgrade
server-timing: dtSInfo;desc="0", dtRpid;desc="17512342"
x-ua-compatible: IE=edge
content-length: 1139
cache-control: public, max-age=387820
expires: Mon, 12 Dec 2022 00:46:47 GMT
date: Wed, 07 Dec 2022 13:03:07 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with very long lines (3770), with CRLF line terminators
Size:   1139
Md5:    1a230e5e8908d4ec9bd6bd525095ed31
Sha1:   5f49b0c7686d56b6371e69ad9e8908240de0f345
Sha256: bc023d7b3178af0a08eb58d08801599665c12f6fb08faf31c843633728cd6d52
                                        
                                            GET /-/media/hcom/Redesign/Icons/icon_hand.svg?rev=50addca3f66b427f9326d961ca6063cf HTTP/1.1 
Host: www.huntington.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rcu6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.72.139.51
HTTP/2 200 OK
content-type: image/svg+xml
                                        
accept-ranges: bytes
etag: 4e8db6ed00a645e18ee39fe6b51a08be
last-modified: Wed, 05 Jun 2019 17:56:14 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-disposition: inline; filename="icon_hand.svg"
x-permitted-cross-domain-policies: master-only
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer-when-downgrade
server-timing: dtSInfo;desc="0", dtRpid;desc="514354728"
x-ua-compatible: IE=edge
vary: Accept-Encoding
content-encoding: gzip
cache-control: public, max-age=2046038
expires: Sat, 31 Dec 2022 05:23:45 GMT
date: Wed, 07 Dec 2022 13:03:07 GMT
content-length: 1175
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with very long lines (2280), with CRLF line terminators
Size:   1175
Md5:    fdb0d7da9f5dc5e4542c13cdbcf47ed6
Sha1:   070fa7b80f5b3bdc7488310cd2bfe488723ebbb4
Sha256: a68268f938c5db2376f145fb4bca2598f5933edc3f0a891a376df9870f49e1d2
                                        
                                            GET /-/media/hcom/Redesign/Icons/HNB_icon_DARK_RGB_34x34_SecureLock.svg?rev=a8b52a2e7284441cae9630abfa6b1190 HTTP/1.1 
Host: www.huntington.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rcu6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.72.139.51
HTTP/2 200 OK
content-type: image/svg+xml
                                        
accept-ranges: bytes
etag: b6512779b80f4446945dfa410d8d0245
last-modified: Wed, 15 Apr 2020 14:42:16 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-disposition: inline; filename="HNB_icon_DARK_RGB_34x34_SecureLock.svg"
x-permitted-cross-domain-policies: master-only
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer-when-downgrade
server-timing: dtSInfo;desc="0", dtRpid;desc="912168674"
x-ua-compatible: IE=edge
vary: Accept-Encoding
content-encoding: gzip
cache-control: public, max-age=1172236
expires: Wed, 21 Dec 2022 02:40:23 GMT
date: Wed, 07 Dec 2022 13:03:07 GMT
content-length: 692
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with very long lines (1072), with CRLF line terminators
Size:   692
Md5:    54a931f3d67d12eebfaa0b1b8170de5f
Sha1:   d4155b224a910c1ed02e86dbe36ca2c2a23d3bdf
Sha256: c693de0e38e83e571ce78ac4c1bec5e71ce484d239d3c8f1ef44c7a8f29dc2e9
                                        
                                            GET /Presentation/Styles/site-survey.min.css?v=9wo2OrXUNeUe10c3vTcwXGC1EiWtIEx5MI-aYe1RKSk1 HTTP/1.1 
Host: www.huntington.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rcu6.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.72.139.51
HTTP/2 200 OK
content-type: text/css
                                        
accept-ranges: bytes
content-encoding: gzip
etag: "09cbc8223f9d81:0"
last-modified: Tue, 15 Nov 2022 18:53:12 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer-when-downgrade
server-timing: dtSInfo;desc="0", dtRpid;desc="1967403594"
x-ua-compatible: IE=edge
content-length: 1249
cache-control: public, max-age=1733603
expires: Tue, 27 Dec 2022 14:36:30 GMT
date: Wed, 07 Dec 2022 13:03:07 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (4339)
Size:   1249
Md5:    19ac7c952619cab53123eee38648d8bd
Sha1:   47e839324893deeef4e9f6b46dff135e1542dc9a
Sha256: 1a8ffa5f523a7a462b51616592473a2799bb0d687c1391d7d2ba3e5a58f95d78
                                        
                                            GET /1317241590001/default_default/index.min.js HTTP/1.1 
Host: players.brightcove.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rcu6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         2.18.173.25
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Content-Length: 112619
x-amz-id-2: 67OhGOGt29VU0S+HUUALb0LWHDcEbp5eeFkU9mFyEJsYJ80jw1Ely9pzSQ9WDSSOO9bICmso7DE=
x-amz-request-id: 2BM2KGQ19H2R64QG
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 27 Aug 2019 17:32:01 GMT
ETag: "17c587f03cae5f6efdd68553a9e5a267"
Content-Encoding: gzip
x-amz-version-id: kxoMNjsk74TqDku_pV2EDboTEDLATDw0
Server: AmazonS3
Accept-Ranges: bytes
X-Served-By: cache-cph2320059-CPH
X-Cache-Hits: 1
X-Timer: S1663611770.284762,VS0,VE414
Vary: Accept-Encoding
X-BCOV-Response-Mode: 1
Cache-Control: public, max-age=300
Date: Wed, 07 Dec 2022 13:03:07 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65493), with no line terminators
Size:   112619
Md5:    17c587f03cae5f6efdd68553a9e5a267
Sha1:   23187e28326aba9754c17c40b2f298ac61627d1b
Sha256: 4584ee27c422cb9720b72528671dc036e01f37b7baa9471bc1c9800babbecd2c
                                        
                                            GET /fonts/muli-v11-latin-700.woff HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://rcu6.com/index_files/toolkit.min.css

search
                                         45.133.200.3
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Content-Length: 315
Connection: keep-alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   315
Md5:    a34ac19f4afae63adc5d2f7bc970c07f
Sha1:   a82190fc530c265aa40a045c21770d967f4767b8
Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Alerts:
  urlquery:
    - Phishing - Huntington
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /fonts/muli-v11-latin-300.woff HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://rcu6.com/index_files/toolkit.min.css

search
                                         45.133.200.3
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Content-Length: 315
Connection: keep-alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   315
Md5:    a34ac19f4afae63adc5d2f7bc970c07f
Sha1:   a82190fc530c265aa40a045c21770d967f4767b8
Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Alerts:
  urlquery:
    - Phishing - Huntington
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /fonts/HuntingtonApexWeb-Book.woff HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://rcu6.com/index_files/toolkit.min.css

search
                                         45.133.200.3
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Content-Length: 315
Connection: keep-alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   315
Md5:    a34ac19f4afae63adc5d2f7bc970c07f
Sha1:   a82190fc530c265aa40a045c21770d967f4767b8
Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Alerts:
  urlquery:
    - Phishing - Huntington
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /fonts/HuntingtonApexWeb-Bold.woff HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://rcu6.com/index_files/toolkit.min.css

search
                                         45.133.200.3
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Content-Length: 315
Connection: keep-alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   315
Md5:    a34ac19f4afae63adc5d2f7bc970c07f
Sha1:   a82190fc530c265aa40a045c21770d967f4767b8
Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Alerts:
  urlquery:
    - Phishing - Huntington
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /fonts/HuntingtonApexWeb-Medium.woff HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://rcu6.com/index_files/toolkit.min.css

search
                                         45.133.200.3
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Content-Length: 315
Connection: keep-alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   315
Md5:    a34ac19f4afae63adc5d2f7bc970c07f
Sha1:   a82190fc530c265aa40a045c21770d967f4767b8
Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Alerts:
  urlquery:
    - Phishing - Huntington
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /fonts/muli-v11-latin-600.woff HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://rcu6.com/index_files/toolkit.min.css

search
                                         45.133.200.3
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Content-Length: 315
Connection: keep-alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   315
Md5:    a34ac19f4afae63adc5d2f7bc970c07f
Sha1:   a82190fc530c265aa40a045c21770d967f4767b8
Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Alerts:
  urlquery:
    - Phishing - Huntington
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /Presentation/Scripts/oo_engine.min.js?v=X-cSihwIHl195N120D5C4rXIsQ75PPW16cMbjy4g28g1 HTTP/1.1 
Host: www.huntington.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rcu6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.72.139.51
HTTP/2 200 OK
content-type: application/javascript
                                        
accept-ranges: bytes
content-encoding: gzip
etag: "0f59ebaf2e3d81:0"
last-modified: Wed, 19 Oct 2022 19:41:06 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer-when-downgrade
server-timing: dtSInfo;desc="1"
x-ua-compatible: IE=edge
content-length: 14478
cache-control: public, max-age=1609767
expires: Mon, 26 Dec 2022 04:12:34 GMT
date: Wed, 07 Dec 2022 13:03:07 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (45689), with no line terminators
Size:   14478
Md5:    1ee15309bb313a5479cf9d3c90953de2
Sha1:   0e1c797088d6be92035bff7e5495b3a953b5a6b4
Sha256: a57d97a52e080f530b7c9e39563b957174720ed6c8b57a119321ad4f9b70b7bf
                                        
                                            GET /index_files/index.min.js.download HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/email-account.php

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 23 Apr 2020 00:07:38 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  data
Size:   322
Md5:    55f45d358206ca31c4759defeea3be62
Sha1:   04c605b51629b94085bc2bd054b4e6c6989b2ffb
Sha256: 1c8581c1cc0ae1972eaf6022b377d3cb4c343f9c14d441376b1c546996685f51

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/dc_pre=COLax8Lq_OgCFcHiGwodQuAFKA HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/index_files/activityi.html

search
                                         45.133.200.3
HTTP/1.1 200 OK
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Content-Length: 42
Connection: keep-alive
Last-Modified: Thu, 23 Apr 2020 00:07:36 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Alerts:
  urlquery:
    - Phishing - Huntington
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/dc_pre=CLzUyMLq_OgCFcxIGwod_Z0CmA HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/index_files/activityi(1).html

search
                                         45.133.200.3
HTTP/1.1 200 OK
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Content-Length: 42
Connection: keep-alive
Last-Modified: Thu, 23 Apr 2020 00:07:36 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Alerts:
  urlquery:
    - Phishing - Huntington
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /8/1317241590001/1317241590001_6040303493001_6040298859001-vs.jpg?pubId=1317241590001&videoId=6040298859001 HTTP/1.1 
Host: f1.media.brightcove.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rcu6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         151.101.194.27
HTTP/2 200 OK
content-type: image/jpeg
                                        
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
etag: "4cc0c7dca6a70b838f366f14bbf0e7af"
expires: Tue, 08 Nov 2022 16:37:09 GMT
last-modified: Thu, 23 May 2019 15:36:19 GMT
via: 1.1 72b77c557ac4c265c32d99bdef4e9d6a.cloudfront.net (CloudFront), 1.1 varnish, 1.1 varnish
x-amz-cf-pop: IAD79-C3
x-amz-cf-id: qZydNnsGvqidKCtYzgMhSfDcUgLBlDLsk_Gn4shnzWqZkPbUjjlRRw==
cache-control: max-age=0
accept-ranges: bytes
date: Wed, 07 Dec 2022 13:03:07 GMT
age: 3097558
x-served-by: cache-iad-kiad7000060-IAD, cache-bma1636-BMA
x-cache: Miss from cloudfront, HIT, HIT
x-cache-hits: 152, 1
x-timer: S1670418188.863053,VS0,VE1
content-length: 51192
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1280x720, components 3\012- data
Size:   51192
Md5:    4cc0c7dca6a70b838f366f14bbf0e7af
Sha1:   145e954f96c3bc3f7cf9fe5f4bfdaa55e0a698a1
Sha256: 3ac85f38c5f9ae299a2dcbe4cac1af9f50baee5c25b2a392ff3136f299e2eb61
                                        
                                            GET /index_files/dc_pre=CM6-vsLq_OgCFVKRGwod-FIBAA HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/index_files/activityi(2).html

search
                                         45.133.200.3
HTTP/1.1 200 OK
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Content-Length: 42
Connection: keep-alive
Last-Modified: Thu, 23 Apr 2020 00:07:36 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Alerts:
  urlquery:
    - Phishing - Huntington
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/site_10006663_default.js.download HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/index_files/nuanceChat.html

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (22091)
Size:   9162
Md5:    be57db32f5a9906716069ada79401278
Sha1:   39bf1f856fe9be256d6ef27fb3ed413cfb1bd545
Sha256: 2a9ed68d31ad01792f47c0629170acf2568038cfcee438e0c4ddf95466d2738f

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/eeb40badb221607a1bf7e89412ef77 HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/index_files/nuanceChat.html

search
                                         45.133.200.3
HTTP/1.1 200 OK
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Content-Length: 66005
Connection: keep-alive
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: HIT
X-Server-Powered-By: Engintron
Accept-Ranges: bytes


--- Additional Info ---
Magic:  data
Size:   25961
Md5:    a040dcbb9faf765953fd05e8b2bdeeef
Sha1:   10016b59d917c89dbca02bc5b55b5afb20b80fe8
Sha256: 740d169a17b5e6fb92006a4b13b324ac5be02f435dbe976e50112514a6a4fdfa

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/ads-blocking-detector.js.download HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/index_files/nuanceChat.html

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text
Size:   1970
Md5:    e477e07ecebd567560d3a7e266a67dd2
Sha1:   bdb9989c4513effa36e9fbb2c0b878f320864bda
Sha256: 211bd742e866fd7cd0c2d9a36828488440d2101c6bc5d1bffb5a1298a7c7cc1e

Alerts:
  Blocklists:
    - openphish: Huntington Bank
                                        
                                            GET /index_files/tcFramework.min.js.download HTTP/1.1 
Host: rcu6.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rcu6.com/index_files/nuanceChat.html

search
                                         45.133.200.3
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 07 Dec 2022 13:03:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 23 Apr 2020 00:07:40 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip