Report - personal-finance.xyz/mx-mccain-l3/

Report Overview

Submitted URL
personal-finance.xyz/mx-mccain-l3/
IP
172.67.203.132
ASN
#13335 CLOUDFLARENET
Submitted
2023-05-15 20:53:54
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
16

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
personal-finance.xyz	unknown	unknown	2021-10-30	2023-04-27	6.9 kB	680 kB	172.67.203.132
unphionetor.com	54035	2022-02-04	2022-02-11	2023-05-15	1.8 kB	2.8 kB	139.45.197.236
accentbiz.com	unknown	2019-05-01	2019-05-01	2023-05-13	868 B	514 B	3.93.65.61

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator
2023-05-15	medium	personal-finance.xyz/mx-mccain-l3/js_1
2023-05-15	medium	personal-finance.xyz/mx-mccain-l3/fonts/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
2023-05-15	medium	personal-finance.xyz/mx-mccain-l3/fonts/KFOkCnqEu92Fr1Mu51xIIzI.woff2
2023-05-15	medium	personal-finance.xyz/mx-mccain-l3/fonts/KFOmCnqEu92Fr1Mu4mxK.woff2
2023-05-15	medium	personal-finance.xyz/mx-mccain-l3/fonts/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
2023-05-15	medium	personal-finance.xyz/mx-mccain-l3/fonts/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
2023-05-15	medium	personal-finance.xyz/mx-mccain-l3/js/jquery-3.4.1.min.js
2023-05-15	medium	personal-finance.xyz/mx-mccain-l3/js/fv_1.js

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (9)

	URL	Size	First Seen	Last Seen
	personal-finance.xyz/mx-mccain-l3/js/fv_1.js	5.2 kB	2023-03-07	2024-04-24
Pretty URL personal-finance.xyz/mx-mccain-l3/js/fv_1.js IP 172.67.203.132 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:56 Last Seen2024-04-24 01:48:23 Times Seen2355 Hash 563d777535ce88943a94a6be86f378c8 8753745424d367275e3fe55a5661fe51b1e1fb72 0f467a48a494f7f63968707dc43785b728d0c17f93c12937c1e5b12798f3a98a Loading...

	personal-finance.xyz/mx-mccain-l3/	175 B	2023-03-11	2023-05-15
Pretty URL personal-finance.xyz/mx-mccain-l3/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-11 13:59:02 Last Seen2023-05-15 22:53:55 Times Seen2 Hash 98853ae17f719cdf3d879a04e14e860e b1418ed52bf2bc27cdd96a83038dcf0af353d494 8143bcf2c06e6ee56623f8fb50274955fce603aadf1981d6155ac9bd213a55a4 Loading...

	personal-finance.xyz/mx-mccain-l3/	734 B	2023-03-11	2023-05-15
Pretty URL personal-finance.xyz/mx-mccain-l3/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-11 13:59:02 Last Seen2023-05-15 22:53:55 Times Seen2 Hash a90daced06bdb1856199465adf76332a f75ebaf57c37777a83f8e66ae2641e26c67291f8 b65214727024e5c6b2695ec5fc041973f7ab5332cee416f6dfed8f8e9fb56d94 Loading...

	personal-finance.xyz/mx-mccain-l3/	268 B	2023-03-11	2023-05-15
Pretty URL personal-finance.xyz/mx-mccain-l3/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-11 13:59:02 Last Seen2023-05-15 22:53:55 Times Seen2 Hash c7b2de3bdb977256adb2f4faea9095ec c86a42f841785bf104e9e94e6a64dd07d7c54efd 04444ab96b762dc9dacf1b2541c5000701e5597ffbc636c921feb6a8fd0f9df4 Loading...

	personal-finance.xyz/mx-mccain-l3/	225 B	2023-03-11	2023-05-15
Pretty URL personal-finance.xyz/mx-mccain-l3/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-11 13:59:02 Last Seen2023-05-15 22:53:55 Times Seen2 Hash 381cb2abb7ddce9ece72c7159b11bb49 b2fb0394d6622cb701107570662eb9702f8e8c47 51a88ed52cbbef0c0a6e82d1e5cf2673f73ead31f75b9827a903adf4920956de Loading...

	personal-finance.xyz/mx-mccain-l3/	435 B	2023-03-08	2024-02-29
Pretty URL personal-finance.xyz/mx-mccain-l3/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 14:32:27 Last Seen2024-02-29 22:55:41 Times Seen7 Hash 5ae98aa40958b80b0fc958987c5c9bb7 649f98e758a5e33b7dc2bb9349595dfe29abf99d 7841661321dfa7627b22d442122abca850a0544b83cf9f91fa0d610651cc096a Loading...

	personal-finance.xyz/mx-mccain-l3/	323 B	2023-03-12	2023-05-15
Pretty URL personal-finance.xyz/mx-mccain-l3/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 23:49:38 Last Seen2023-05-15 22:53:55 Times Seen3 Hash b793fdd8d2483f35d368a9b205933ae4 7dd2fd0e7d2bf2533990427317465b715ec2ddc0 41aea96b07e55188fda6124f8db09849172b0fb90726bcfacab1c71643992fc3 Loading...

	personal-finance.xyz/mx-mccain-l3/js_1	225 kB	2023-05-15	2023-05-15
Pretty URL personal-finance.xyz/mx-mccain-l3/js_1 IP 172.67.203.132 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-15 22:53:55 Last Seen2023-05-15 22:53:55 Times Seen2 Hash 25e8e2de96780dcb5061e6f6dce87b82 4c709f0ec37cead5c6a274bce735b8fd94cc0167 4061c81fa0d1efd48164607d82c2376ef9f381870c498920ed07ad62306a03f8 Loading...

	personal-finance.xyz/mx-mccain-l3/js/jquery-3.4.1.min.js	88 kB	2023-03-07	2024-04-25
Pretty URL personal-finance.xyz/mx-mccain-l3/js/jquery-3.4.1.min.js IP 172.67.203.132 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:34 Last Seen2024-04-25 20:05:30 Times Seen95515 Hash 220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Loading...

HTTP Transactions (20)

URL IP Response Size

personal-finance.xyz/mx-mccain-l3/js_1

172.67.203.132

225 kB

URL
personal-finance.xyz/mx-mccain-l3/js_1
IP
172.67.203.132:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (3288)
Size
225 kB (224900 bytes)
Hash
25e8e2de96780dcb5061e6f6dce87b82
4c709f0ec37cead5c6a274bce735b8fd94cc0167
4061c81fa0d1efd48164607d82c2376ef9f381870c498920ed07ad62306a03f8

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /mx-mccain-l3/js_1 HTTP/1.1
Host: personal-finance.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://personal-finance.xyz/mx-mccain-l3/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 20:53:38 GMT
content-type: application/octet-stream
content-length: 224900
x-powered-by: Express
access-control-allow-origin: *
etag: W/"36e84-THCfDsN86tXGonS85zW4/ZTMAWc"
cache-control: max-age=2678400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pXA9pRvaYr69M1UtuCaKsQpU04Mm%2FCu579cUhS9vnJLDg5%2FTxzvZsKxBZpcftnjk5bskhImiU0gXFqBc%2FAsnduFh3w6yxFfpKm%2BnUWFI0kyFDUaMCJWz8EFjhf7fCxoKvXebW%2Bk48A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c7e457e5c25b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

unphionetor.com/vctx?t=undefined

139.45.197.236

0 B

URL
unphionetor.com/vctx?t=undefined
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /vctx?t=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://personal-finance.xyz
DNT: 1
Connection: keep-alive
Referer: https://personal-finance.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Mon, 15 May 2023 20:53:39 GMT
access-control-allow-origin: https://personal-finance.xyz
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: f762ceca9ba065edca19c2a0d1c14557
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

unphionetor.com/vctx?t=undefined

139.45.197.236

0 B

URL
unphionetor.com/vctx?t=undefined
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /vctx?t=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://personal-finance.xyz
DNT: 1
Connection: keep-alive
Referer: https://personal-finance.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Mon, 15 May 2023 20:53:39 GMT
access-control-allow-origin: https://personal-finance.xyz
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 1c9679d5478d63599481f0278719e80b
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

accentbiz.com/click.php?event9=0

3.93.65.61

200 OK

20 B

URL GET HTTP/1.1
accentbiz.com/click.php?event9=0
IP
3.93.65.61:443
ASN
#14618 AMAZON-AES

Requested by
https://personal-finance.xyz/mx-mccain-l3/
Certificate
IssuerLet's Encrypt
Subjectaccentbiz.com
FingerprintB5:C8:47:03:C5:35:5B:9A:D7:D6:D4:84:AD:F2:EA:C4:A9:D1:33:52
ValidityTue, 11 Apr 2023 02:03:27 GMT - Mon, 10 Jul 2023 02:03:26 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /click.php?event9=0 HTTP/1.1
Host: accentbiz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://personal-finance.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 15 May 2023 20:53:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip

personal-finance.xyz/mx-mccain-l3/fonts/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

172.67.203.132

16 kB

URL
personal-finance.xyz/mx-mccain-l3/fonts/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
172.67.203.132:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 15872, version 1.0\012- data
Size
16 kB (15872 bytes)
Hash
020c97dc8e0463259c2f9df929bb0c69
8f956a31154047d1b6527b63db2ecf0f3a463f24
24369e1b2461af9dcefecaf9cc93d64cf22a4c5bac32506100b9e21014507bcf

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /mx-mccain-l3/fonts/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: personal-finance.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://personal-finance.xyz/mx-mccain-l3/css/css.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 20:53:39 GMT
content-type: font/woff2
content-length: 15872
x-powered-by: Express
access-control-allow-origin: *
etag: W/"3e00-j5VqMRVAR9G2Untj2y7PDzpGPyQ"
cache-control: max-age=2678400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=23ANPLaIeTrXIX5qQQKpE273u25E9VFRePwzxw5QVgACAx8yzRqn6ido9rPWZY0%2FZd7bAKpaovOHJpTGmElBAdwyNGtqp64ExZy2so8I8lkT5scjMVNp5HTvk3epNxYp79ggbsqVcA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c7e4587fcc4b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

personal-finance.xyz/mx-mccain-l3/fonts/KFOkCnqEu92Fr1Mu51xIIzI.woff2

172.67.203.132

17 kB

URL
personal-finance.xyz/mx-mccain-l3/fonts/KFOkCnqEu92Fr1Mu51xIIzI.woff2
IP
172.67.203.132:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 17324, version 1.0\012- data
Size
17 kB (17324 bytes)
Hash
51521a2a8da71e50d871ac6fd2187e87
f94000b9ce048908c52269b3705e251a50c6979e
401e6c25801ba2d59795d05a6dd973f95566b41070d3939ba9307d65860ae50e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /mx-mccain-l3/fonts/KFOkCnqEu92Fr1Mu51xIIzI.woff2 HTTP/1.1
Host: personal-finance.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://personal-finance.xyz/mx-mccain-l3/css/css.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 20:53:39 GMT
content-type: font/woff2
content-length: 17324
x-powered-by: Express
access-control-allow-origin: *
etag: W/"43ac-+UAAuc4EiQjFImmzcF4lGlDGl54"
cache-control: max-age=2678400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G09B5o9eHhXaIh1wJm0oT%2FqZ7FNDUe0kUL70gtgxb7xZ%2BODAje%2FXx4f726fGYLLM8jynsh0Sj3BnDZNIGKcUcQ3Bj%2Fd%2FV%2B1vRhDhNWdXMIWqbELJkysJXm%2BDFFz8hUHmTX9NouIcfw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c7e4587fcc0b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

personal-finance.xyz/mx-mccain-l3/fonts/KFOmCnqEu92Fr1Mu4mxK.woff2

172.67.203.132

16 kB

URL
personal-finance.xyz/mx-mccain-l3/fonts/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
172.67.203.132:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 15736, version 1.0\012- data
Size
16 kB (15736 bytes)
Hash
479970ffb74f2117317f9d24d9e317fe
81c796737cbe44d4a719777f0aff14b73a3efb1e
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /mx-mccain-l3/fonts/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: personal-finance.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://personal-finance.xyz/mx-mccain-l3/css/css.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 20:53:39 GMT
content-type: font/woff2
content-length: 15736
x-powered-by: Express
access-control-allow-origin: *
etag: W/"3d78-gceWc3y+RNSnGXd/Cv8Utzo++x4"
cache-control: max-age=2678400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=toSqiLShc3pM1v148kEYjnWsDKMc%2FD4oXDYvWTp2pboMmuR0JJfBpy9IaziYGGuAOpgyM3%2BFCUl9Jr5qh%2Fr2SHMh6O2NiFBxNMb7lsMiTygfS8wi%2BA4fRc3UMkF5%2Bm3qIDR1D8yZMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c7e4587ecb6b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

personal-finance.xyz/mx-mccain-l3/fonts/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

172.67.203.132

16 kB

URL
personal-finance.xyz/mx-mccain-l3/fonts/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
172.67.203.132:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 15816, version 1.0\012- data
Size
16 kB (15816 bytes)
Hash
2735a3a69b509faf3577afd25bdf552e
8621aff863b67040010ccc183da5b9079ce6fd1d
b4d07892cde715d50bb69c1982df496385d1dfd8f9d1867c31f19a3c8634cfae

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /mx-mccain-l3/fonts/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: personal-finance.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://personal-finance.xyz/mx-mccain-l3/css/css.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 20:53:39 GMT
content-type: font/woff2
content-length: 15816
x-powered-by: Express
access-control-allow-origin: *
etag: W/"3dc8-hiGv+GO2cEABDMwYPaW5B5zm/R0"
cache-control: max-age=2678400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c2LV%2FNfnCUqi1YSA48zuWU%2BQdl2BN3f1Mr%2BdnNNHqlvyltC%2BM7WVE16buOveXVgbk2PHSXIBuFfSQE6XucXV7zG2khitJEKdp6RcvaFAVyzHdV9yL%2BjRntRabr2WTUYRq42KwHX5Ew%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c7e4587ecb9b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

personal-finance.xyz/mx-mccain-l3/fonts/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

172.67.203.132

16 kB

URL
personal-finance.xyz/mx-mccain-l3/fonts/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
172.67.203.132:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 15784, version 1.0\012- data
Size
16 kB (15784 bytes)
Hash
ef7c6637c68f269a882e73bcb57a7f6a
65025b0cedc3b795c87ad050443c09081d1a8581
29f6da0a8c21c5681511bb9b08663d3fd2c5d09c9bd8054ec354c563b8c8b7c1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /mx-mccain-l3/fonts/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: personal-finance.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://personal-finance.xyz/mx-mccain-l3/css/css.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 20:53:39 GMT
content-type: font/woff2
content-length: 15784
x-powered-by: Express
access-control-allow-origin: *
etag: W/"3da8-ZQJbDO3Dt5XIetBQRDwJCB0ahYE"
cache-control: max-age=2678400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xe7CT0uwYrtIH3HEn8DeD8RAN%2Frk230uCY9i2m216j1iSG9R60N37DocWch6x29KDis%2F%2BWClms2jmCRAvYz0K92vQWrkdcyYMcVL9NTJeRz0p7hSSae1OdRjygKwq4puugZ9h7mWXA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c7e4587fcc3b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

unphionetor.com/vbl?t=NaN&bid=undefined&aid=undefined

139.45.197.236

204 No Content

0 B

URL POST HTTP/2
unphionetor.com/vbl?t=NaN&bid=undefined&aid=undefined
IP
139.45.197.236:443
ASN
#9002 RETN Limited

Requested by
https://personal-finance.xyz/mx-mccain-l3/
Certificate
IssuerLet's Encrypt
Subjectunphionetor.com
Fingerprint4B:AB:04:0A:B6:60:F0:0A:CD:92:AC:93:15:79:CF:21:57:6D:1B:97
ValiditySat, 18 Mar 2023 19:00:29 GMT - Fri, 16 Jun 2023 19:00:28 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /vbl?t=NaN&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://personal-finance.xyz
DNT: 1
Connection: keep-alive
Referer: https://personal-finance.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Mon, 15 May 2023 20:53:40 GMT
access-control-allow-origin: https://personal-finance.xyz
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: af00eb0e270e77c2d62f59366bcb8a55
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

unphionetor.com/vbl?t=NaN&bid=undefined&aid=undefined

139.45.197.236

204 No Content

0 B

URL POST HTTP/2
unphionetor.com/vbl?t=NaN&bid=undefined&aid=undefined
IP
139.45.197.236:443
ASN
#9002 RETN Limited

Requested by
https://personal-finance.xyz/mx-mccain-l3/
Certificate
IssuerLet's Encrypt
Subjectunphionetor.com
Fingerprint4B:AB:04:0A:B6:60:F0:0A:CD:92:AC:93:15:79:CF:21:57:6D:1B:97
ValiditySat, 18 Mar 2023 19:00:29 GMT - Fri, 16 Jun 2023 19:00:28 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /vbl?t=NaN&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://personal-finance.xyz
DNT: 1
Connection: keep-alive
Referer: https://personal-finance.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Mon, 15 May 2023 20:53:40 GMT
access-control-allow-origin: https://personal-finance.xyz
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 23a14615154f14f997d7301bd52d33ad
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

personal-finance.xyz/mx-mccain-l3/images/favicon.png

172.67.203.132

200 OK

97 kB

URL GET HTTP/3
personal-finance.xyz/mx-mccain-l3/images/favicon.png
IP
172.67.203.132:443
ASN
#13335 CLOUDFLARENET

Requested by
https://personal-finance.xyz/mx-mccain-l3/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint76:9F:EA:0D:A5:A0:67:F6:B8:02:90:CF:7D:33:85:8C:76:56:45:33
ValidityThu, 29 Sep 2022 00:00:00 GMT - Fri, 29 Sep 2023 23:59:59 GMT

File type
PNG image data, 2180 x 2202, 8-bit/color RGBA, non-interlaced\012- data
Size
97 kB (96804 bytes)
Hash
70aa62df1b45fc6fd9cfef5055decc68
7f22b2eefd5d9ad28dba69ea9a73a5ce98bcb2e5
c11b562f153526ab6c0ba2ed7fffd88b6287373a5f4dec61c70b79cd85e2f385

HTTP Headers

GET /mx-mccain-l3/images/favicon.png HTTP/1.1
Host: personal-finance.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://personal-finance.xyz/mx-mccain-l3/
Cookie: _ga_BQ7LG68G3K=GS1.1.1684184018.1.0.1684184018.0.0.0; _ga=GA1.1.774483501.1684184019
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 20:53:40 GMT
content-type: image/png
content-length: 96804
x-powered-by: Express
access-control-allow-origin: *
etag: W/"17a24-fyKy7v1dmtKNumnqmnOlzpi8suU"
cache-control: max-age=2678400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3PZz8NNwhfTNQxApkpsUOP4GFQUXlqkxpP3fu%2BUsUJ9Z8Q4bNkGRV%2FNWUDfsBSyvGtLhYBzn0Y3uQ9RS9xBjViaro59TXYhgSYznn3GI6jcCfKX3o%2BsnljP9AQXi4I0tJJpl9xVuTw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c7e458cf910b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

accentbiz.com/click.php?event7=1

3.93.65.61

200 OK

20 B

URL GET HTTP/1.1
accentbiz.com/click.php?event7=1
IP
3.93.65.61:443
ASN
#14618 AMAZON-AES

Requested by
https://personal-finance.xyz/mx-mccain-l3/
Certificate
IssuerLet's Encrypt
Subjectaccentbiz.com
FingerprintB5:C8:47:03:C5:35:5B:9A:D7:D6:D4:84:AD:F2:EA:C4:A9:D1:33:52
ValidityTue, 11 Apr 2023 02:03:27 GMT - Mon, 10 Jul 2023 02:03:26 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /click.php?event7=1 HTTP/1.1
Host: accentbiz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://personal-finance.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 15 May 2023 20:53:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip

personal-finance.xyz/mx-mccain-l3/css/animations.css

172.67.203.132

200 OK

18 kB

URL GET HTTP/3
personal-finance.xyz/mx-mccain-l3/css/animations.css
IP
172.67.203.132:443
ASN
#13335 CLOUDFLARENET

Requested by
https://personal-finance.xyz/mx-mccain-l3/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint76:9F:EA:0D:A5:A0:67:F6:B8:02:90:CF:7D:33:85:8C:76:56:45:33
ValidityThu, 29 Sep 2022 00:00:00 GMT - Fri, 29 Sep 2023 23:59:59 GMT

File type
ASCII text, with very long lines (10019)
Size
18 kB (18468 bytes)
Hash
4601ba55044413706c2022cb6c1c3d05
5103ec2fbb389568ebf5cfe4fd721f3df2ff7aec
fe513ef974b767510d0a2b9f1b4d3afa53185b89ab617c869e5e3d6db960192c

HTTP Headers

GET /mx-mccain-l3/css/animations.css HTTP/1.1
Host: personal-finance.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://personal-finance.xyz/mx-mccain-l3/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 15 May 2023 20:53:38 GMT
content-type: text/css; charset=utf-8
x-powered-by: Express
access-control-allow-origin: *
etag: W/"4824-UQPsL7s4lWjr9c/k/XIfPfL/euw"
cache-control: max-age=2678400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FLcmOBhdnQeVBp0B3Z2CC%2B7wR0jwzAtYuJV%2BenTNk9bB4AhIfVlGLeGwmqoCAEVwBR4eKmwPQhx4JiEGiIJCtqqB8u54%2Fp6E39YfsQYH4QNEmr6ky3ySarc9VOiwyG6uKY3HCm2C7g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c7e457e4c14b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

personal-finance.xyz/mx-mccain-l3/js/jquery-3.4.1.min.js

172.67.203.132

200 OK

88 kB

URL GET HTTP/3
personal-finance.xyz/mx-mccain-l3/js/jquery-3.4.1.min.js
IP
172.67.203.132:443
ASN
#13335 CLOUDFLARENET

Requested by
https://personal-finance.xyz/mx-mccain-l3/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint76:9F:EA:0D:A5:A0:67:F6:B8:02:90:CF:7D:33:85:8C:76:56:45:33
ValidityThu, 29 Sep 2022 00:00:00 GMT - Fri, 29 Sep 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65451)
Size
88 kB (88145 bytes)
Hash
220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /mx-mccain-l3/js/jquery-3.4.1.min.js HTTP/1.1
Host: personal-finance.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://personal-finance.xyz/mx-mccain-l3/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 15 May 2023 20:53:38 GMT
content-type: application/javascript; charset=utf-8
x-powered-by: Express
access-control-allow-origin: *
etag: W/"15851-iFI5JDUbrAtdVg/gxXgeJVbnaT0"
cache-control: max-age=2678400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gE0Rz1aGLksJjnToW8YFjMWyYW3ngXcxpJKQG4g0ZbrXkdgDH6oCYhFsjzUCnK8n8s2nHWyHmZmRLAxbiuJal4HNAS5TRk%2BcVmw%2BxnxYK2%2B9tGgng0AgFb%2F1QsekFHat2CKiOIVesQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c7e457e4c05b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

personal-finance.xyz/mx-mccain-l3/css/style_002.css

172.67.203.132

200 OK

58 kB

URL GET HTTP/3
personal-finance.xyz/mx-mccain-l3/css/style_002.css
IP
172.67.203.132:443
ASN
#13335 CLOUDFLARENET

Requested by
https://personal-finance.xyz/mx-mccain-l3/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint76:9F:EA:0D:A5:A0:67:F6:B8:02:90:CF:7D:33:85:8C:76:56:45:33
ValidityThu, 29 Sep 2022 00:00:00 GMT - Fri, 29 Sep 2023 23:59:59 GMT

File type

Size
58 kB (58200 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /mx-mccain-l3/css/style_002.css HTTP/1.1
Host: personal-finance.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://personal-finance.xyz/mx-mccain-l3/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 15 May 2023 20:53:38 GMT
content-type: text/css; charset=utf-8
x-powered-by: Express
access-control-allow-origin: *
etag: W/"e358-DvrSi/6Kr2FRhsQgftdGY25g8+w"
cache-control: max-age=2678400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=slVKoY%2B9OR1l%2Fb5OSnTrgT0eOj6k1o4V7f%2B1L7szftXigbi6QTya7JbxzcJoILL%2Fr0t47ZZdvpjRGQVDWb6mpOPr5Pg5Atj8w%2FX7x0Is2oxXnd%2BykK00zgpwpt8vaJdwH7HZf6DmSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c7e457e4c08b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

personal-finance.xyz/mx-mccain-l3/css/fontawesome.css

172.67.203.132

200 OK

58 kB

URL GET HTTP/3
personal-finance.xyz/mx-mccain-l3/css/fontawesome.css
IP
172.67.203.132:443
ASN
#13335 CLOUDFLARENET

Requested by
https://personal-finance.xyz/mx-mccain-l3/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint76:9F:EA:0D:A5:A0:67:F6:B8:02:90:CF:7D:33:85:8C:76:56:45:33
ValidityThu, 29 Sep 2022 00:00:00 GMT - Fri, 29 Sep 2023 23:59:59 GMT

File type
ASCII text, with very long lines (57726)
Size
58 kB (57912 bytes)
Hash
3df0b27b3e75de7efd800af1d77d56cc
e8138ee186548f18db7642d80860124b86809446
f8d00356859998784bda26e1d14f2d981515921b96ded50d5d6f6f0e75bac15c

HTTP Headers

GET /mx-mccain-l3/css/fontawesome.css HTTP/1.1
Host: personal-finance.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://personal-finance.xyz/mx-mccain-l3/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 15 May 2023 20:53:39 GMT
content-type: text/css; charset=utf-8
x-powered-by: Express
access-control-allow-origin: *
etag: W/"e238-6BOO4YZUjxjbdkLYCGASS4aAlEY"
cache-control: max-age=2678400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BUKkXVPAySTwKQPHd2TTCPxCNnVOonpuhf%2Fw0gfI90y5TM25AdvIOexmEsPMcv2fW5T6zx%2FOhsaSR31FioMi%2BHICEABgZOpT3%2F1pVA9v9v3lz2OitKx5QULg9CRjYATOCkpaO%2FHjnA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c7e457e5c21b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

personal-finance.xyz/mx-mccain-l3/js/fv_1.js

172.67.203.132

200 OK

5.2 kB

URL GET HTTP/3
personal-finance.xyz/mx-mccain-l3/js/fv_1.js
IP
172.67.203.132:443
ASN
#13335 CLOUDFLARENET

Requested by
https://personal-finance.xyz/mx-mccain-l3/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint76:9F:EA:0D:A5:A0:67:F6:B8:02:90:CF:7D:33:85:8C:76:56:45:33
ValidityThu, 29 Sep 2022 00:00:00 GMT - Fri, 29 Sep 2023 23:59:59 GMT

File type
ASCII text, with very long lines (5331), with no line terminators
Size
5.2 kB (5213 bytes)
Hash
061bf31ab8394112d1dffdd5ec872c2a
f87a9877e0b08b1ddcc15351cee29a4d8ba34315
b24829831c07c3a35bc35c242324c3ee90c151e4e53de8e28f579e4161819414

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /mx-mccain-l3/js/fv_1.js HTTP/1.1
Host: personal-finance.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://personal-finance.xyz/mx-mccain-l3/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 15 May 2023 20:53:38 GMT
content-type: application/javascript; charset=utf-8
x-powered-by: Express
access-control-allow-origin: *
etag: W/"145d-h1N0VCTTZydeP+VaVmH+UbHh+3I"
cache-control: max-age=2678400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A5vgqC8Ynoz%2FWSCBFdc4iKYHnfuvu%2BH9T31aCKuytV%2BRRrV2BaKlqpXdbzLfBvpQ4FgqeOkU52o3l5rxnD6PvgOo10XkK79wUAlwwSoTrLHmsjYkMI3I8hAlfbQ8WVb%2BQN%2Bo%2BIyNpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c7e457e6c28b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

personal-finance.xyz/mx-mccain-l3/css/theme.css

172.67.203.132

200 OK

5.4 kB

URL GET HTTP/3
personal-finance.xyz/mx-mccain-l3/css/theme.css
IP
172.67.203.132:443
ASN
#13335 CLOUDFLARENET

Requested by
https://personal-finance.xyz/mx-mccain-l3/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint76:9F:EA:0D:A5:A0:67:F6:B8:02:90:CF:7D:33:85:8C:76:56:45:33
ValidityThu, 29 Sep 2022 00:00:00 GMT - Fri, 29 Sep 2023 23:59:59 GMT

File type
ASCII text, with very long lines (5412), with no line terminators
Size
5.4 kB (5403 bytes)
Hash
2f78abdefa760d4a1a5e2e41fcab175e
702ace5c545230846501f98266b7e3e883b99c56
362cb7d3b1cae1480834a38656de475e0bd6b6c400d7da66a2029d96b3bb6ae9

HTTP Headers

GET /mx-mccain-l3/css/theme.css HTTP/1.1
Host: personal-finance.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://personal-finance.xyz/mx-mccain-l3/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 15 May 2023 20:53:38 GMT
content-type: text/css; charset=utf-8
x-powered-by: Express
access-control-allow-origin: *
etag: W/"151b-RuAuCKRTn5SL5UdjgiDj/RxlpUg"
cache-control: max-age=2678400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ofDVHTKknJqrg5JQcjD1dlVdDvHYr5%2FKEWAJUI7UNhzFBAe92NCklosNDxKwRn4Il4NFWnmIFZHBItwJXpVPVj9DZkkL1n1XJzIzcd94AwruSxMbcjYGq0PY67x3A6rOfjjfSUd8Ow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c7e457e4c0cb52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

personal-finance.xyz/mx-mccain-l3/css/global.css

172.67.203.132

200 OK

34 kB

URL GET HTTP/3
personal-finance.xyz/mx-mccain-l3/css/global.css
IP
172.67.203.132:443
ASN
#13335 CLOUDFLARENET

Requested by
https://personal-finance.xyz/mx-mccain-l3/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint76:9F:EA:0D:A5:A0:67:F6:B8:02:90:CF:7D:33:85:8C:76:56:45:33
ValidityThu, 29 Sep 2022 00:00:00 GMT - Fri, 29 Sep 2023 23:59:59 GMT

File type
ASCII text, with very long lines (13336)
Size
34 kB (33780 bytes)
Hash
5a425a14749875c0ca5a28527bba4675
7ef12514b77f9175a385348ea48f7f62fe407dc2
d67f40bdbf49fe1e1b7d2605592a880d4b084325526c4681428ce82542ffb3a6

HTTP Headers

GET /mx-mccain-l3/css/global.css HTTP/1.1
Host: personal-finance.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://personal-finance.xyz/mx-mccain-l3/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 15 May 2023 20:53:38 GMT
content-type: text/css; charset=utf-8
x-powered-by: Express
access-control-allow-origin: *
etag: W/"83f4-fvElFLd/kXWjhTSOpI9/Yv5AfcI"
cache-control: max-age=2678400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a56k4Z4I%2FzxYbpU%2F%2F0nkT9BzTKTviAWEdzLshPLb41ZcuYBh5D6zNuNYaLo0jX9ibs3WnITso6BviH29sSnm4pqL%2BKwKIZ4L9yo6vYdPQjJm4wkacEbWvZ%2FK9ci9NWwChHrw7xKjDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c7e457e5c1cb52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML