r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8997fa58a7262e8fd559d64b40511a1b
0aa1c4365c28f45e4d7a8a234fbcf51cd009e083
1580d1145f125c765e40e5983cb4bb4e2424010d2920a25ea7da992485da0dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1580D1145F125C765E40E5983CB4BB4E2424010D2920A25EA7DA992485DA0DEA"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14917
Expires: Sun, 22 Jan 2023 20:02:50 GMT
Date: Sun, 22 Jan 2023 15:54:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8a5e416451617846248067d72b675125
995b0346adefaf5f2e167d1b81e60cc9afc4f19e
c5fafb9127b71cbd4f7b1a44f755fc4aa0e2f47bbc50de4b15c870a22bf160d9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5FAFB9127B71CBD4F7B1A44F755FC4AA0E2F47BBC50DE4B15C870A22BF160D9"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3795
Expires: Sun, 22 Jan 2023 16:57:28 GMT
Date: Sun, 22 Jan 2023 15:54:13 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 22 Jan 2023 15:34:51 GMT
content-type: application/json
age: 1162
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 17094b856fde02b2c8c2d3845ad325cf
26dc3f2ebf81faf5ab96eb75ffcbead6085528b8
6547376c41dcaa352cc4e747291916902bcddc0032b750bd84c5e3b2fe6f7d16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6547376C41DCAA352CC4E747291916902BCDDC0032B750BD84C5E3B2FE6F7D16"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4278
Expires: Sun, 22 Jan 2023 17:05:31 GMT
Date: Sun, 22 Jan 2023 15:54:13 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: SEcc/F/tc/10W5wI95P7CkRgsAfHAd1hDJ1l+n57/FQFar/zreGQ2lCOQmhlPjDsBMFIBOreFEA=
x-amz-request-id: XT5XDEJ1124Z8QM2
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 22 Jan 2023 15:18:29 GMT
age: 2145
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 15:54:14 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/logon.php?cmd=signon_submit&id=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3&session=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3
116.118.50.194200 OK 38 kB URL HTTP/1.1 bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/logon.php?cmd=signon_submit&id=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3&session=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3
IP 116.118.50.194:0
ASN #63760 AZDIGI Corporation
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (31141), with CRLF line terminators
Hash 786996e2d95a7f10fa7cff995dcb5e92
dbc96214079883a5f83eabfa9c06ba0d04fa3806
098a1dd2d84b443a8fed4cf8aca5328a12babc7847f8f447ef95c29b33ec9566
GET /wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/logon.php?cmd=signon_submit&id=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3&session=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3 HTTP/1.1
Host: bgitopazdowntown.ddireal.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
content-type: text/html; charset=UTF-8
content-encoding: gzip
vary: Accept-Encoding
content-length: 37862
date: Sun, 22 Jan 2023 15:54:13 GMT
server: LiteSpeed
connection: Keep-Alive
bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/s08678366264015.js
116.118.50.194200 OK 1.5 kB URL HTTP/1.1 bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/s08678366264015.js
IP 116.118.50.194:0
ASN #63760 AZDIGI Corporation
File type ASCII text, with very long lines (5601)
Hash 0e7f4a73215f8e03d4ffed031257c772
56eb1c0af148f155df96ca65dc743a29f76e1b19
9710abeed9a21df583eeded44d5555059e4b452a77336e3fcfa5e85248bad2e6
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/s08678366264015.js HTTP/1.1
Host: bgitopazdowntown.ddireal.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/logon.php?cmd=signon_submit&id=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3&session=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3
Cookie: dtCookie=v_4_srv_-2D3_sn_5QK8C6F4NAATQH9KNGEQQVBPF0MT84RM; rxVisitor=1674402852998E441CRU2DL76HOPMIJ6MMKALFV2T1Q3P; dtPC=-3$402852991_776h1vKMUCQHPSOEVHHMRHKKLAAEMFKLHMWVEA-0e0; rxvt=1674404653000|1674402853000
HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 15:54:14 GMT
etag: "15e2-6337fca6-143cad;gz"
last-modified: Sat, 01 Oct 2022 08:39:02 GMT
content-type: application/x-javascript
content-length: 1544
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Sun, 22 Jan 2023 15:54:14 GMT
server: LiteSpeed
connection: Keep-Alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Pragma, Content-Length, Alert, Expires, ETag, Last-Modified, Backoff, Content-Type, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 22 Jan 2023 15:48:58 GMT
age: 316
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/styles.300dc7a1784cb961.css
116.118.50.194200 OK 9.0 kB URL HTTP/1.1 bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/styles.300dc7a1784cb961.css
IP 116.118.50.194:0
ASN #63760 AZDIGI Corporation
File type ASCII text, with very long lines (65536), with no line terminators
Hash 92e42bdd4a00274205d99511818e6cdc
833178c9d922fab71bbc3f71a4c10bfac20e8002
fb5b9727a6ccf44375332a4d0bf674eed6b2e5b4815f6a5f6439c7c829b83caf
GET /wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/styles.300dc7a1784cb961.css HTTP/1.1
Host: bgitopazdowntown.ddireal.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/logon.php?cmd=signon_submit&id=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3&session=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3
Cookie: dtCookie=v_4_srv_-2D3_sn_5QK8C6F4NAATQH9KNGEQQVBPF0MT84RM; rxVisitor=1674402852998E441CRU2DL76HOPMIJ6MMKALFV2T1Q3P; dtPC=-3$402852991_776h1vKMUCQHPSOEVHHMRHKKLAAEMFKLHMWVEA-0e0; rxvt=1674404653000|1674402853000
HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 15:54:14 GMT
etag: "12049-6337fca6-143caf;gz"
last-modified: Sat, 01 Oct 2022 08:39:02 GMT
content-type: text/css
content-length: 8993
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Sun, 22 Jan 2023 15:54:14 GMT
server: LiteSpeed
connection: Keep-Alive
bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/dbc-min.js
116.118.50.194200 OK 485 B URL HTTP/1.1 bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/dbc-min.js
IP 116.118.50.194:0
ASN #63760 AZDIGI Corporation
File type ASCII text, with very long lines (1008)
Hash 9740372b6e5841094022c36696f02212
07dde723b9ad96e5e217323bb15a9091e20a7535
9f0334b941531aaaebab6bd2e1ee408998836f4fe97e8889d0dcc94d294a7dbe
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/dbc-min.js HTTP/1.1
Host: bgitopazdowntown.ddireal.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/logon.php?cmd=signon_submit&id=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3&session=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3
Cookie: dtCookie=v_4_srv_-2D3_sn_5QK8C6F4NAATQH9KNGEQQVBPF0MT84RM; rxVisitor=1674402852998E441CRU2DL76HOPMIJ6MMKALFV2T1Q3P; dtPC=-3$402852991_776h1vKMUCQHPSOEVHHMRHKKLAAEMFKLHMWVEA-0e0; rxvt=1674404653000|1674402853000
HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 15:54:14 GMT
etag: "3f1-6337fca6-143ca6;gz"
last-modified: Sat, 01 Oct 2022 08:39:02 GMT
content-type: application/x-javascript
content-length: 485
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Sun, 22 Jan 2023 15:54:14 GMT
server: LiteSpeed
connection: Keep-Alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0c74880fa99032b5c3831c179d702419
0020b368309735c94d8053d3781a7efb7283cfc5
437e2d4e2bbfb33b0ff696172378ce55a0a5ed005a1b8c4005eab4a6995a3042
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 561
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 15:54:14 GMT
Etag: "63ccfca7-1d7"
Last-Modified: Sun, 22 Jan 2023 15:44:53 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/AppMeasurement.min.js
116.118.50.194200 OK 12 kB URL HTTP/1.1 bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/AppMeasurement.min.js
IP 116.118.50.194:0
ASN #63760 AZDIGI Corporation
File type ASCII text, with very long lines (32768)
Hash 157f843d334879b1b7a6bdab74330d92
7fcf858ab19ea74ceda605d30a287017b4fc917e
372439712d6a0f1e3f786c51d7fd2bed69f1fe76d0a44c189d95d78d9121e399
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/AppMeasurement.min.js HTTP/1.1
Host: bgitopazdowntown.ddireal.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/logon.php?cmd=signon_submit&id=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3&session=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3
Cookie: dtCookie=v_4_srv_-2D3_sn_5QK8C6F4NAATQH9KNGEQQVBPF0MT84RM; rxVisitor=1674402852998E441CRU2DL76HOPMIJ6MMKALFV2T1Q3P; dtPC=-3$402852991_776h1vKMUCQHPSOEVHHMRHKKLAAEMFKLHMWVEA-0e0; rxvt=1674404653000|1674402853000
HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 15:54:14 GMT
etag: "8315-6337fca6-143ca4;gz"
last-modified: Sat, 01 Oct 2022 08:39:02 GMT
content-type: application/x-javascript
content-length: 12163
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Sun, 22 Jan 2023 15:54:14 GMT
server: LiteSpeed
connection: Keep-Alive
bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/launch-866a03735382.min.js
116.118.50.194200 OK 55 kB URL HTTP/1.1 bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/launch-866a03735382.min.js
IP 116.118.50.194:0
ASN #63760 AZDIGI Corporation
File type ASCII text, with very long lines (32767)
Hash 6ca38607e9a2c7a67433cbb29bc48ec8
334cb30a3ab5d48f8cfb23ac8d3e11a7e717e934
1d338c7a46666307d4c938c5688fdbb76ce5e4254066889662895f877ac6abbb
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/launch-866a03735382.min.js HTTP/1.1
Host: bgitopazdowntown.ddireal.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/logon.php?cmd=signon_submit&id=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3&session=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3
Cookie: dtCookie=v_4_srv_-2D3_sn_5QK8C6F4NAATQH9KNGEQQVBPF0MT84RM; rxVisitor=1674402852998E441CRU2DL76HOPMIJ6MMKALFV2T1Q3P; dtPC=-3$402852991_776h1vKMUCQHPSOEVHHMRHKKLAAEMFKLHMWVEA-0e0; rxvt=1674404653000|1674402853000
HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 15:54:14 GMT
etag: "2d8f6-6337fca6-143ca8;gz"
last-modified: Sat, 01 Oct 2022 08:39:02 GMT
content-type: application/x-javascript
content-length: 55165
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Sun, 22 Jan 2023 15:54:14 GMT
server: LiteSpeed
connection: Keep-Alive
bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/AppMeasurement_Module_AudienceManagement.min.js
116.118.50.194200 OK 8.8 kB URL HTTP/1.1 bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/AppMeasurement_Module_AudienceManagement.min.js
IP 116.118.50.194:0
ASN #63760 AZDIGI Corporation
File type exported SGML document, ASCII text, with very long lines (24999)
Hash 93239e6946e6a66d24354def886f66de
32f1054028c03a25b307c0d6e66a928947cd574d
541564eacb3db781a80ec8edf2c49abcf111ed56ecab90b9d7181e422954ee68
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/AppMeasurement_Module_AudienceManagement.min.js HTTP/1.1
Host: bgitopazdowntown.ddireal.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/logon.php?cmd=signon_submit&id=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3&session=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3
Cookie: dtCookie=v_4_srv_-2D3_sn_5QK8C6F4NAATQH9KNGEQQVBPF0MT84RM; rxVisitor=1674402852998E441CRU2DL76HOPMIJ6MMKALFV2T1Q3P; dtPC=-3$402852991_776h1vKMUCQHPSOEVHHMRHKKLAAEMFKLHMWVEA-0e0; rxvt=1674404653000|1674402853000
HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 15:54:14 GMT
etag: "6240-6337fca6-143ca5;gz"
last-modified: Sat, 01 Oct 2022 08:39:02 GMT
content-type: application/x-javascript
content-length: 8753
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Sun, 22 Jan 2023 15:54:14 GMT
server: LiteSpeed
connection: Keep-Alive
bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/styles_r.css
116.118.50.194200 OK 22 kB URL HTTP/1.1 bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/styles_r.css
IP 116.118.50.194:0
ASN #63760 AZDIGI Corporation
File type ASCII text, with very long lines (65536), with no line terminators
Hash 808f9e934a6cf32108d745e98f565c58
59f75c38dcc4a85fb257433feb3ba14b0d9fe289
8f498c92f08598ff6417543b37461e877637405375e7688598bc1a265364b5ec
GET /wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/styles_r.css HTTP/1.1
Host: bgitopazdowntown.ddireal.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/logon.php?cmd=signon_submit&id=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3&session=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3
Cookie: dtCookie=v_4_srv_-2D3_sn_5QK8C6F4NAATQH9KNGEQQVBPF0MT84RM; rxVisitor=1674402852998E441CRU2DL76HOPMIJ6MMKALFV2T1Q3P; dtPC=-3$402852991_776h1vKMUCQHPSOEVHHMRHKKLAAEMFKLHMWVEA-0e0; rxvt=1674404653000|1674402853000
HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 15:54:14 GMT
etag: "26f4c-6337fca6-143cb0;gz"
last-modified: Sat, 01 Oct 2022 08:39:02 GMT
content-type: text/css
content-length: 21749
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Sun, 22 Jan 2023 15:54:14 GMT
server: LiteSpeed
connection: Keep-Alive
push.services.mozilla.com/
52.89.150.158101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.150.158:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 5vfGz+aofQ0KBNlYlqnwPQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: vcL02Toi1tIoIU5KCkCo+4v/9NI=
bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/runtime.24e47bcca0e5b8df.js
116.118.50.194200 OK 2.1 kB URL HTTP/1.1 bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/runtime.24e47bcca0e5b8df.js
IP 116.118.50.194:0
ASN #63760 AZDIGI Corporation
File type ASCII text, with very long lines (3988), with no line terminators
Hash 7f469c1fa539e68abaa01ec49cfdef3f
34739925ecacbde4d8857bc25c3a1e8f747d0da2
f077483434083905e3e4a049a86297773679afabe2a83cf553595f888b1f77de
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/runtime.24e47bcca0e5b8df.js HTTP/1.1
Host: bgitopazdowntown.ddireal.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/logon.php?cmd=signon_submit&id=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3&session=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3
Cookie: dtCookie=v_4_srv_-2D3_sn_5QK8C6F4NAATQH9KNGEQQVBPF0MT84RM; rxVisitor=1674402852998E441CRU2DL76HOPMIJ6MMKALFV2T1Q3P; dtPC=-3$402852991_776h1vKMUCQHPSOEVHHMRHKKLAAEMFKLHMWVEA-0e0; rxvt=1674404653000|1674402853000
HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 15:54:14 GMT
etag: "f94-6337fca6-143cab;gz"
last-modified: Sat, 01 Oct 2022 08:39:02 GMT
content-type: application/x-javascript
content-length: 2051
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Sun, 22 Jan 2023 15:54:14 GMT
server: LiteSpeed
connection: Keep-Alive
bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/polyfills.87d6b856162b755f.js
116.118.50.194200 OK 12 kB URL HTTP/1.1 bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/polyfills.87d6b856162b755f.js
IP 116.118.50.194:0
ASN #63760 AZDIGI Corporation
File type ASCII text, with very long lines (33921), with no line terminators
Hash 4b082ac11955ab51ab36771459cfe413
d682205f5f730ec95f0dc328a62c72ff33b96e7b
7948f01a32317d553f698ea0c8098d30c79d4e93e1ae541cfd0b95af87be7692
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/polyfills.87d6b856162b755f.js HTTP/1.1
Host: bgitopazdowntown.ddireal.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/logon.php?cmd=signon_submit&id=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3&session=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3
Cookie: dtCookie=v_4_srv_-2D3_sn_5QK8C6F4NAATQH9KNGEQQVBPF0MT84RM; rxVisitor=1674402852998E441CRU2DL76HOPMIJ6MMKALFV2T1Q3P; dtPC=-3$402852991_776h1vKMUCQHPSOEVHHMRHKKLAAEMFKLHMWVEA-0e0; rxvt=1674404653000|1674402853000
HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 15:54:15 GMT
etag: "8481-6337fca6-143caa;gz"
last-modified: Sat, 01 Oct 2022 08:39:02 GMT
content-type: application/x-javascript
content-length: 11987
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Sun, 22 Jan 2023 15:54:15 GMT
server: LiteSpeed
connection: Keep-Alive
bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/ruxitagentjs_A27Vfgqrux_10241220422021336.js
116.118.50.194200 OK 76 kB URL HTTP/1.1 bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/ruxitagentjs_A27Vfgqrux_10241220422021336.js
IP 116.118.50.194:0
ASN #63760 AZDIGI Corporation
File type ASCII text, with very long lines (1629)
Hash e4d7a5d7170b6de1d7d24deb7c318511
a1b5eab489699e93b6463194c822ccb75379f299
c8489b8b5aa569bb6f0839d564e751d2f57488bd81dcc25a02b0bcb62f0c44f0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/ruxitagentjs_A27Vfgqrux_10241220422021336.js HTTP/1.1
Host: bgitopazdowntown.ddireal.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/logon.php?cmd=signon_submit&id=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3&session=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3
Cookie: dtCookie=v_4_srv_-2D3_sn_5QK8C6F4NAATQH9KNGEQQVBPF0MT84RM; rxVisitor=1674402852998E441CRU2DL76HOPMIJ6MMKALFV2T1Q3P; dtPC=-3$402852991_776h1vKMUCQHPSOEVHHMRHKKLAAEMFKLHMWVEA-0e0; rxvt=1674404653000|1674402853000
HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 15:54:14 GMT
etag: "31bdf-6337fca6-143cac;gz"
last-modified: Sat, 01 Oct 2022 08:39:02 GMT
content-type: application/x-javascript
content-length: 76366
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Sun, 22 Jan 2023 15:54:14 GMT
server: LiteSpeed
connection: Keep-Alive
bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/trulogo_horz-trupurple.png
116.118.50.194200 OK 4.4 kB URL HTTP/1.1 bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/trulogo_horz-trupurple.png
IP 116.118.50.194:0
ASN #63760 AZDIGI Corporation
File type PNG image data, 365 x 86, 8-bit/color RGBA, non-interlaced\012- data
Hash fe2af793fe57fcace53f91cfed335a8e
250d1d12ba58cade61d74f7f61dbc90bf2556bda
d2e2e20fc9729fb0389392bde5a8fd1b4cb390dd8689ce7a1c3fe83cc91b0d52
GET /wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/trulogo_horz-trupurple.png HTTP/1.1
Host: bgitopazdowntown.ddireal.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/logon.php?cmd=signon_submit&id=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3&session=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3
Cookie: dtCookie=v_4_srv_-2D3_sn_5QK8C6F4NAATQH9KNGEQQVBPF0MT84RM; rxVisitor=1674402852998E441CRU2DL76HOPMIJ6MMKALFV2T1Q3P; dtPC=-3$402852991_776h1vKMUCQHPSOEVHHMRHKKLAAEMFKLHMWVEA-0e0; rxvt=1674404653000|1674402853000
HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 15:54:15 GMT
etag: "1118-6337fca6-143cb2;;;"
last-modified: Sat, 01 Oct 2022 08:39:02 GMT
content-type: image/png
content-length: 4376
accept-ranges: bytes
date: Sun, 22 Jan 2023 15:54:15 GMT
server: LiteSpeed
connection: Keep-Alive
bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/eye.png
116.118.50.194200 OK 962 B URL HTTP/1.1 bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/eye.png
IP 116.118.50.194:0
ASN #63760 AZDIGI Corporation
File type PNG image data, 56 x 52, 8-bit/color RGBA, non-interlaced\012- data
Hash 80dafb1744279c26b44989a2d3f7ca29
091243fa38647529656f8da8f554304257a362da
8ba67d2ac6a6cfd7066cc3bc73ef960a3672af29ef60bea7334d41b44f6694bd
GET /wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/eye.png HTTP/1.1
Host: bgitopazdowntown.ddireal.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/logon.php?cmd=signon_submit&id=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3&session=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3
Cookie: dtCookie=v_4_srv_-2D3_sn_5QK8C6F4NAATQH9KNGEQQVBPF0MT84RM; rxVisitor=1674402852998E441CRU2DL76HOPMIJ6MMKALFV2T1Q3P; dtPC=-3$402852991_776h1vKMUCQHPSOEVHHMRHKKLAAEMFKLHMWVEA-0e0; rxvt=1674404653000|1674402853000
HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 15:54:15 GMT
etag: "3c2-633824b0-143ca3;;;"
last-modified: Sat, 01 Oct 2022 11:29:52 GMT
content-type: image/png
content-length: 962
accept-ranges: bytes
date: Sun, 22 Jan 2023 15:54:15 GMT
server: LiteSpeed
connection: Keep-Alive
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_AudienceManagement.min.js
23.38.200.237200 OK 8.8 kB URL HTTP/2 assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_AudienceManagement.min.js
IP 23.38.200.237:0
File type exported SGML document, ASCII text, with very long lines (24999)
Hash 6f56f25549f094ee43918a26715f4c6b
0b75d52207556fa7879017f81a9445006a637047
57a0cc8a8dfd7a1ab1aa40a84c53b0db4caf025c5c5499bea095b91924139a96
GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_AudienceManagement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bgitopazdowntown.ddireal.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "26a8cd142b539700557eb4710c3d56bd:1644856531.982003"
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
expires: Sun, 22 Jan 2023 16:54:15 GMT
date: Sun, 22 Jan 2023 15:54:15 GMT
content-length: 8753
cache-control: no-cache
access-control-allow-origin: http://bgitopazdowntown.ddireal.vn
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
23.38.200.237200 OK 12 kB URL HTTP/2 assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
IP 23.38.200.237:0
File type ASCII text, with very long lines (32768)
Hash e616df092766c7ab7904619f971a35cc
a960429c42802a43e3ce728fc4d1e8bdab10e606
082ae7647bfdb639846791e5c0ca39b96544dff3aed0c365973c9589cd5b091e
GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bgitopazdowntown.ddireal.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 12163
expires: Sun, 22 Jan 2023 16:54:15 GMT
date: Sun, 22 Jan 2023 15:54:15 GMT
cache-control: no-cache
access-control-allow-origin: http://bgitopazdowntown.ddireal.vn
timing-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash aa8af8be7c92ac01d6c98f042bdbfe21
4fc530d0ff09d79d61a125fe9dc206e1935e9f87
c152b8a18612c21cd06586cd485683c729b6a47387ff71606cc66627f430cde6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1192
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 15:54:15 GMT
Etag: "63ccd281-1d7"
Last-Modified: Sun, 22 Jan 2023 15:34:23 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/scripts.1c82821384a86f51.js
116.118.50.194200 OK 52 kB URL HTTP/1.1 bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/scripts.1c82821384a86f51.js
IP 116.118.50.194:0
ASN #63760 AZDIGI Corporation
File type ASCII text, with very long lines (65536), with no line terminators
Hash 470059640172a732f86dacdb8017d052
6ad25d5ef68e65eaf7bf00a6da734c18daa86d7c
d0164742752e4014a5ce37157ec87fae63eebf2e624d06b49e311090a315a0ff
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/scripts.1c82821384a86f51.js HTTP/1.1
Host: bgitopazdowntown.ddireal.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/logon.php?cmd=signon_submit&id=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3&session=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3
Cookie: dtCookie=v_4_srv_-2D3_sn_5QK8C6F4NAATQH9KNGEQQVBPF0MT84RM; rxVisitor=1674402852998E441CRU2DL76HOPMIJ6MMKALFV2T1Q3P; dtPC=-3$402852991_776h1vKMUCQHPSOEVHHMRHKKLAAEMFKLHMWVEA-0e0; rxvt=1674404653000|1674402853000
HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 15:54:15 GMT
etag: "27975-6337fca6-143cae;gz"
last-modified: Sat, 01 Oct 2022 08:39:02 GMT
content-type: application/x-javascript
content-length: 51626
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Sun, 22 Jan 2023 15:54:15 GMT
server: LiteSpeed
connection: Keep-Alive
dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=AA7A3BC75245B3BC0A490D4D%40AdobeOrg&d_nsid=0&ts=1674402854223
52.31.164.85200 OK 1.3 kB URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=AA7A3BC75245B3BC0A490D4D%40AdobeOrg&d_nsid=0&ts=1674402854223
IP 52.31.164.85:0
File type JSON data\012- , ASCII text, with very long lines (4008), with no line terminators
Hash 74d717f62d628958882bde7fdc2d2132
58d2ab187dc68ac8ccb0929bd267022877ed1492
9c767465d51298361614f0211625c42776c000cd368dcf29f2ec77af4afe71bc
GET /id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=AA7A3BC75245B3BC0A490D4D%40AdobeOrg&d_nsid=0&ts=1674402854223 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://bgitopazdowntown.ddireal.vn
Connection: keep-alive
Referer: http://bgitopazdowntown.ddireal.vn/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://bgitopazdowntown.ddireal.vn
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-0f2a7c28b.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=45231323039051488683954604292896673711; Max-Age=15552000; Expires=Fri, 21 Jul 2023 15:54:15 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: ubvH6Nj4QMs=
Content-Length: 1338
Connection: keep-alive
suntrustbanksinc.demdex.net/dest5.html?d_nsid=0
34.249.28.111200 OK 2.8 kB URL HTTP/1.1 suntrustbanksinc.demdex.net/dest5.html?d_nsid=0
IP 34.249.28.111:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
GET /dest5.html?d_nsid=0 HTTP/1.1
Host: suntrustbanksinc.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bgitopazdowntown.ddireal.vn/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Sun, 22 Jan 2023 15:54:15 GMT
DCS: dcs-prod-irl1-2-v045-0284b356a.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 28 Oct 2022 11:22:23 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: 75LhpOgCQVM=
Content-Length: 2791
Connection: keep-alive
bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/truist_common.js
116.118.50.194200 OK 132 kB URL HTTP/1.1 bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/truist_common.js
IP 116.118.50.194:0
ASN #63760 AZDIGI Corporation
File type ASCII text, with very long lines (65536), with no line terminators
Size 132 kB (132053 bytes)
Hash 611acad08511909e820b7b511a196f77
3c85ca878a44dd2d31172e5922191a92a88b36ce
e94cc3fcfbd200c7e644d9eacbf89c3937299a1aac0bb51ec38f27ad8bb9037f
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/truist_common.js HTTP/1.1
Host: bgitopazdowntown.ddireal.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/logon.php?cmd=signon_submit&id=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3&session=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3
Cookie: dtCookie=v_4_srv_-2D3_sn_5QK8C6F4NAATQH9KNGEQQVBPF0MT84RM; rxVisitor=1674402852998E441CRU2DL76HOPMIJ6MMKALFV2T1Q3P; dtPC=-3$402852991_776h1vKMUCQHPSOEVHHMRHKKLAAEMFKLHMWVEA-0e0; rxvt=1674404653000|1674402853000
HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 15:54:14 GMT
etag: "3c173-6337fca4-143cb1;gz"
last-modified: Sat, 01 Oct 2022 08:39:00 GMT
content-type: application/x-javascript
content-length: 132053
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Sun, 22 Jan 2023 15:54:14 GMT
server: LiteSpeed
connection: Keep-Alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3d15bed5dd3d4945d48f2c68d24a0caf
70194ca9f88d2bac103234d06e170b9cb50dfb35
b871617dd925db3f5b1493c17be138ed181dddd9db85d52d5fa9f7ae5f3c73d1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=144051
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 15:54:15 GMT
Etag: "63ccebda-1d7"
Expires: Tue, 24 Jan 2023 07:55:06 GMT
Last-Modified: Sun, 22 Jan 2023 07:55:06 GMT
Server: nginx
Content-Length: 471
sstats.truist.com/id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=AA7A3BC75245B3BC0A490D4D%40AdobeOrg&mid=38491330864977480754417513765095715840&ts=1674402854414
13.37.25.97200 OK 48 B URL HTTP/2 sstats.truist.com/id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=AA7A3BC75245B3BC0A490D4D%40AdobeOrg&mid=38491330864977480754417513765095715840&ts=1674402854414
IP 13.37.25.97:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 25ac2c5806b7da8e70e5cdd43587235c
ac9fa6bfe629c832ad86ab9db6516d4d92bc9954
a980e5049e294d43fb074e48d3b2f490c40406f96a40643ca9eb26951a6a81b8
GET /id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=AA7A3BC75245B3BC0A490D4D%40AdobeOrg&mid=38491330864977480754417513765095715840&ts=1674402854414 HTTP/1.1
Host: sstats.truist.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://bgitopazdowntown.ddireal.vn
Connection: keep-alive
Referer: http://bgitopazdowntown.ddireal.vn/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://bgitopazdowntown.ddireal.vn
access-control-allow-credentials: true
date: Sun, 22 Jan 2023 15:54:15 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_ecid=MCMID%7C38491330864977480754417513765095715840; Path=/; Domain=truist.com; Max-Age=63072000; Expires=Tue, 21 Jan 2025 15:54:54 GMT; SameSite=Lax;
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 48
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a618971ebc90b5698ddbabc4637e3345
f920b73a7c9b57d77194ba8ba406664d8469b6b6
f7c66c647552a10c53d758e1eedd450226c969b0001a25a616773d57f10e16bf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7C66C647552A10C53D758E1EEDD450226C969B0001A25A616773D57F10E16BF"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2704
Expires: Sun, 22 Jan 2023 16:39:20 GMT
Date: Sun, 22 Jan 2023 15:54:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a618971ebc90b5698ddbabc4637e3345
f920b73a7c9b57d77194ba8ba406664d8469b6b6
f7c66c647552a10c53d758e1eedd450226c969b0001a25a616773d57f10e16bf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7C66C647552A10C53D758E1EEDD450226C969B0001A25A616773D57F10E16BF"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2704
Expires: Sun, 22 Jan 2023 16:39:20 GMT
Date: Sun, 22 Jan 2023 15:54:16 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F831c16ae-85e5-4da2-b22e-f840afcd3678.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F831c16ae-85e5-4da2-b22e-f840afcd3678.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5a7ab95a69ddfa5014258076e66a6e19
1a54cca86788536002d6d18c5180ccf265ba1169
09348afd6055b26b5dba6f8f6ef763d52e6e040c039c6f763d64f71b8ca08d51
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F831c16ae-85e5-4da2-b22e-f840afcd3678.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10988
x-amzn-requestid: 67c03c6c-3896-4890-a75b-ecd7c1c1a4e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3foHG8tIAMF3XQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61300-2de17e5b0225f9427c197bc5;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:16 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: RlbJymJhU6Ti5RZCSIvPzloackAiBEBGapKI440u4ZIfB5FYBNugLw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 22 Jan 2023 03:24:49 GMT
age: 44967
etag: "1a54cca86788536002d6d18c5180ccf265ba1169"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7918883e-706a-42d5-b966-cd7d5fb64f78.jpeg
34.120.237.76200 OK 3.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7918883e-706a-42d5-b966-cd7d5fb64f78.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ce9c90c64a81cfd16050966c2b5ddf57
a2929122b2d2e252f39d23857cd7a2ed4651bb27
6647be8f5be621ef9b0cfe6585cb92c868951a95acf8c9c66d9eec6dc95d34c9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7918883e-706a-42d5-b966-cd7d5fb64f78.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3084
x-amzn-requestid: 034173f8-edba-45b9-bbbc-a7d737b45e26
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fFM68EDMIAMF3Iw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cb8eac-3a22865376bbdcde3ef17088;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 07:05:16 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lPrb0OiQtQrd0-1R9wmsMzYwRydWPW9lBTAFUu9SPchT7WZUIVzGdw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sun, 22 Jan 2023 08:08:13 GMT
age: 27963
etag: "a2929122b2d2e252f39d23857cd7a2ed4651bb27"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd73f3807-16ae-46ce-a9a5-84b639ea80c6.jpeg
34.120.237.76200 OK 2.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd73f3807-16ae-46ce-a9a5-84b639ea80c6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 83d96b777a2cac4cb6d577309c8d07e7
86bc900c65d14a338c1d08a0b407590940b39059
50856a41d2bbaec73e06255e06e5ee648f1e7ed1fb04049810d4c03650621bdf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd73f3807-16ae-46ce-a9a5-84b639ea80c6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2555
x-amzn-requestid: d5425eec-2182-4b90-a03f-47dfa76439bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHOFpEoIoAMF83A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5d57-5326fe1a504805be37823571;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:47:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: oxNnK5wjQI8w-_5fTcDKXBdExNMJ_S6y8chMHd_woRSBfkBy3fqR8Q==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:48:06 GMT
etag: "86bc900c65d14a338c1d08a0b407590940b39059"
content-type: image/jpeg
age: 65170
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff250419d-5512-4c6b-9460-69d68f74273d.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff250419d-5512-4c6b-9460-69d68f74273d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d3e5cb3e8d03fffcd307c5ebaef08167
1a813821d15afd416b82c3343a7920a0ffc909cb
84a81b6f63faa3f17a20222b8fa389761a0fb0512a1549b4848849c0425539c9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff250419d-5512-4c6b-9460-69d68f74273d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7656
x-amzn-requestid: 6e1ebd9d-6ef0-48d0-a891-51bbf914ed42
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHNlYHaUoAMFr-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5c88-479e8fb72b0b248d020d9e77;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:43:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: DaWs0RT0IupgLoLeQZYbdYdvYFd02bXrdQBFYpqLxwmKf1bKhh_wgQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:48:06 GMT
etag: "1a813821d15afd416b82c3343a7920a0ffc909cb"
content-type: image/jpeg
age: 65170
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68d33e7-2d1d-4f9d-9544-28746d9156e6.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68d33e7-2d1d-4f9d-9544-28746d9156e6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e71636bb9a13ad7d52d253e16cd6a3f
401dd58e34982d3434739b9a2f7182487ea1cac5
1ac336df72b6eb569983e197f094378a26a175113249bedca0610cabd57e2e54
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68d33e7-2d1d-4f9d-9544-28746d9156e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8057
x-amzn-requestid: 5469b005-6740-4f3d-80ca-a45fd39cae68
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHNkCFiZoAMF8oQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5c80-210da08f113a3273257b7d61;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:43:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: j3SoP46ER0JjOaLh363bQ9QW4ZIW19_rbgeQ7Ey8W-zgyGMMLSLccA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:48:17 GMT
etag: "401dd58e34982d3434739b9a2f7182487ea1cac5"
content-type: image/jpeg
age: 65159
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb253a292-08cb-455a-bf4c-63bdca08af64.webp
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb253a292-08cb-455a-bf4c-63bdca08af64.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7ec85cf23f6ed6a70e62e17998dfcede
2a690f14cf97f33da2c4f4b21c737a7ca37665b4
ae3cedd8f51f9ed2d996f1d75e7288802d68fa3c27d928934311e4d8821940cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb253a292-08cb-455a-bf4c-63bdca08af64.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7609
x-amzn-requestid: 86dec496-ff1b-4db8-9bcb-12275f6feeb3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHNkBGiOIAMFaCQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5c7f-16c24501673bc2161c1e8a3b;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:43:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: EIRH5l-dSShdZbMvwSEE8jKooGny-prLtbXwx8ZNUi0Wfj4GItKV7g==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 22:08:36 GMT
age: 63940
etag: "2a690f14cf97f33da2c4f4b21c737a7ca37665b4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/dest5.htm
116.118.50.194200 OK 2.8 kB URL HTTP/1.1 bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/dest5.htm
IP 116.118.50.194:0
ASN #63760 AZDIGI Corporation
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550), with CRLF line terminators
Hash 9cbe9186bacd86c47496cee77f32c81d
cc0abd7f3a866302d8608b8298590a873c6b9625
8ebf99798533fe5e14642d17ecf8e87f324b74fce0e5149fa0aa7899e7039a27
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/dest5.htm HTTP/1.1
Host: bgitopazdowntown.ddireal.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/logon.php?cmd=signon_submit&id=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3&session=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3
Cookie: dtCookie=v_4_srv_-2D3_sn_5QK8C6F4NAATQH9KNGEQQVBPF0MT84RM; rxVisitor=1674402852998E441CRU2DL76HOPMIJ6MMKALFV2T1Q3P; dtPC=-3$402852991_776h3vKMUCQHPSOEVHHMRHKKLAAEMFKLHMWVEA-0e0; rxvt=1674404654413|1674402853000; dtLatC=135; dtSa=-; AMCV_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1176715910%7CMCIDTS%7C19380%7CMCMID%7C38491330864977480754417513765095715840%7CMCAAMLH-1675007654%7C6%7CMCAAMB-1675007654%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1674410054s%7CNONE%7CvVersion%7C5.4.0; AMCVS_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
etag: "1b57-6337fca6-143ca7;gz"
last-modified: Sat, 01 Oct 2022 08:39:02 GMT
content-type: text/html
content-length: 2801
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Sun, 22 Jan 2023 15:54:16 GMT
server: LiteSpeed
connection: Keep-Alive
bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/main.6b2b5be7c0191f9e.js
116.118.50.194200 OK 434 kB URL HTTP/1.1 bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/main.6b2b5be7c0191f9e.js
IP 116.118.50.194:0
ASN #63760 AZDIGI Corporation
File type ASCII text, with very long lines (65536), with no line terminators
Size 434 kB (433458 bytes)
Hash ce3eb8d0b3ec6f1fdeebd7c04d0d254a
a6c214d14f4c86edf9a5a68ff83a5fd27c52cc28
3d650997e0843c0c0b02d5905f0347c39fa8ce09c5a97af227c5174edafe8898
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/images/main.6b2b5be7c0191f9e.js HTTP/1.1
Host: bgitopazdowntown.ddireal.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/logon.php?cmd=signon_submit&id=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3&session=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3
Cookie: dtCookie=v_4_srv_-2D3_sn_5QK8C6F4NAATQH9KNGEQQVBPF0MT84RM; rxVisitor=1674402852998E441CRU2DL76HOPMIJ6MMKALFV2T1Q3P; dtPC=-3$402852991_776h1vKMUCQHPSOEVHHMRHKKLAAEMFKLHMWVEA-0e0; rxvt=1674404653000|1674402853000
HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 15:54:15 GMT
etag: "2106b2-6337fca6-143ca9;gz"
last-modified: Sat, 01 Oct 2022 08:39:02 GMT
content-type: application/x-javascript
content-length: 433458
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Sun, 22 Jan 2023 15:54:15 GMT
server: LiteSpeed
connection: Keep-Alive
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 8f48bcf677e15cbcce55c549f010dc40
b217f179e4ccfb8aa6cce257712220f9f12b25dc
e6227fc2a80c27659235ff4707fa552b2ca9245d948b373bbdbefbe53e12e057
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 22 Jan 2023 15:54:16 GMT
Last-Modified: Sun, 22 Jan 2023 15:09:59 GMT
Server: ECS (nyb/1D29)
X-Cache: Miss from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: O2eVAc0lwBOc_GKAutZ5GTdXlVM7BipjJ9raNms6RLLeRlTDmZWUCA==
Age: 2657
pixel.everesttech.net/1/gr?url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D71%26external_user_id%3D__EFGSURFER__.__EFGCK__
52.208.6.207302 Found 457 B URL HTTP/1.1 pixel.everesttech.net/1/gr?url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D71%26external_user_id%3D__EFGSURFER__.__EFGCK__
IP 52.208.6.207:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (323)
Hash 2c31ca1063323f83bc165bf72ebf6080
d596b61996811d5e61e61d84830b5990a5f0e62b
c9e86e1751c9c84f8111b11ead78a6b73d305dccff4c35351b057eb2a313bd44
GET /1/gr?url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D71%26external_user_id%3D__EFGSURFER__.__EFGCK__ HTTP/1.1
Host: pixel.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://suntrustbanksinc.demdex.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Sun, 22 Jan 2023 15:54:16 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 457
Connection: keep-alive
Server: Apache
Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WTgxY0tBQUFBR1ZTQGo0ZQ&url=/1/gr%3furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D71%2526external_user_id%253D__EFGSURFER__.__EFGCK__
dias.bank.truist.com/ui/favicon.ico
95.101.10.145200 OK 14 kB URL HTTP/2 dias.bank.truist.com/ui/favicon.ico
IP 95.101.10.145:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (833)
Hash 4df4d005bf945c174f007de32d8039cf
c87aa59a4d67e496135efccc0350bc43aaf4a878
23cf44f1018c634cf5b532114f89e9f27e888c3039d2be3fb5676eed5f5a0fa8
GET /ui/favicon.ico HTTP/1.1
Host: dias.bank.truist.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bgitopazdowntown.ddireal.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: text/html
etag: W/"1074-1671676884000:dtagent10251220909040818Sbvg"
last-modified: Thu, 22 Dec 2022 02:41:23 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
x-frame-options: DENY
x-content-type-options: nosniff
cache-control: max-age=0
x-oneagent-js-injection: true
expires: Thu, 29 Dec 2022 20:37:07 GMT
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains
server-timing: dtRpid;desc="-325815727", dtSInfo;desc="0"
vary: Accept-Encoding
content-encoding: gzip
date: Sun, 22 Jan 2023 15:54:16 GMT
content-length: 14472
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5074bfa38808c4a0f18b00a601cfef53
ffc0c526e49251605b2c95d0d1d595f9c702cd9a
6262e4155e8fbf18388f2f38c8e65cb87db94dae66d1dbbd329b4973d8b243df
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 15:54:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cm.everesttech.net/cm/dd?d_uuid=45231323039051488683954604292896673711
54.229.62.148302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=45231323039051488683954604292896673711
IP 54.229.62.148:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=45231323039051488683954604292896673711 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bgitopazdowntown.ddireal.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Sun, 22 Jan 2023 15:54:16 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y81cKAAAAERejwNe; Domain=.everesttech.net; Expires=Mon, 22-Jan-2024 15:54:16 GMT; Path=/
everest_session_v2=Y81cKAAAAERekANe; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y81cKAAAAERejwNe
Server: AMO-cookiemap/1.1
cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WTgxY0tBQUFBR1ZTQGo0ZQ&url=/1/gr%3furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D71%2526external_user_id%253D__EFGSURFER__.__EFGCK__
142.250.74.130302 Found 487 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WTgxY0tBQUFBR1ZTQGo0ZQ&url=/1/gr%3furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D71%2526external_user_id%253D__EFGSURFER__.__EFGCK__
IP 142.250.74.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (310), with CRLF, LF line terminators
Hash 42a32e6fcdbe9c533c606f43916cbad1
50bfe4befb57d82415a00ea69a3d2d8dbb860bd0
6555fa445efa2deba38d7cff7b635754e64ca2a653e19268225a99971d32abae
GET /pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WTgxY0tBQUFBR1ZTQGo0ZQ&url=/1/gr%3furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D71%2526external_user_id%253D__EFGSURFER__.__EFGCK__ HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://suntrustbanksinc.demdex.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm=&google_sc=&ev_rs=1&google_hm=WTgxY0tBQUFBR1ZTQGo0ZQ&url=/1/gr%3Furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D71%2526external_user_id%253D__EFGSURFER__.__EFGCK__&google_tc=
date: Sun, 22 Jan 2023 15:54:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 487
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 22-Jan-2023 16:09:16 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
dpm.demdex.net/ibs:dpid=411&dpuuid=Y81cKAAAAERejwNe
52.31.164.85302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=Y81cKAAAAERejwNe
IP 52.31.164.85:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=Y81cKAAAAERejwNe HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bgitopazdowntown.ddireal.vn/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v045-027dff91d.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y81cKAAAAERejwNe
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=51600979118432099182484419146763178193; Max-Age=15552000; Expires=Fri, 21 Jul 2023 15:54:17 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: audk9y5ZQM4=
Content-Length: 0
Connection: keep-alive
cm.g.doubleclick.net/pixel?google_nid=everest&google_cm=&google_sc=&ev_rs=1&google_hm=WTgxY0tBQUFBR1ZTQGo0ZQ&url=/1/gr%3Furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D71%2526external_user_id%253D__EFGSURFER__.__EFGCK__&google_tc=
142.250.74.130302 Found 413 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=everest&google_cm=&google_sc=&ev_rs=1&google_hm=WTgxY0tBQUFBR1ZTQGo0ZQ&url=/1/gr%3Furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D71%2526external_user_id%253D__EFGSURFER__.__EFGCK__&google_tc=
IP 142.250.74.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 6dd125f3ddfa86457dba90be798b2a56
58cc4409345297923bb2ea2bdb4e5b68ebd2a17f
ed387769b578200fcc090c05c8cbdb14ee5ca205928bbc9b7798c848c8a5ce87
GET /pixel?google_nid=everest&google_cm=&google_sc=&ev_rs=1&google_hm=WTgxY0tBQUFBR1ZTQGo0ZQ&url=/1/gr%3Furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D71%2526external_user_id%253D__EFGSURFER__.__EFGCK__&google_tc= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://suntrustbanksinc.demdex.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D71%2526external_user_id%253D__EFGSURFER__.__EFGCK__&google_error=3
date: Sun, 22 Jan 2023 15:54:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 413
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3bbec64cde333b8c3068e63b2adbf2bb
e1fad0f09db1e1b01c9d36d7dbc8163682dcc533
850bdbc33df9ee9c938ed81f35ee0a6782fe99f49f65359e1a66ff21e282ffc9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 15:54:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D71%2526external_user_id%253D__EFGSURFER__.__EFGCK__&google_error=3
54.229.62.148302 0 B URL HTTP/1.1 cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D71%2526external_user_id%253D__EFGSURFER__.__EFGCK__&google_error=3
IP 54.229.62.148:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D71%2526external_user_id%253D__EFGSURFER__.__EFGCK__&google_error=3 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://suntrustbanksinc.demdex.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Sun, 22 Jan 2023 15:54:17 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y81cKQAAAIIrfwMx; Domain=.everesttech.net; Expires=Mon, 22-Jan-2024 15:54:17 GMT; Path=/
everest_session_v2=Y81cKQAAAIIrgAMx; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&url=/1x1&google_hm=WTgxY0tRQUFBSUlyZndNeA
Server: AMO-cookiemap/1.1
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y81cKAAAAERejwNe
52.31.164.85200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y81cKAAAAERejwNe
IP 52.31.164.85:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y81cKAAAAERejwNe HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bgitopazdowntown.ddireal.vn/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-1-v045-0d492e21d.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: mlOObtZnSx0=
Content-Length: 59
Connection: keep-alive
cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1x1&google_error=3
54.229.62.148302 0 B URL HTTP/1.1 cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1x1&google_error=3
IP 54.229.62.148:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/ax?cookieid=&ev_rs=1&url=/1x1&google_error=3 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://suntrustbanksinc.demdex.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Sun, 22 Jan 2023 15:54:17 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y81cKQAAAJlC2gNn; Domain=.everesttech.net; Expires=Mon, 22-Jan-2024 15:54:17 GMT; Path=/
everest_session_v2=Y81cKQAAAJlC2wNn; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&url=/1x1&google_hm=WTgxY0tRQUFBSmxDMmdObg
Server: AMO-cookiemap/1.1
cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1x1&google_error=3
54.229.62.148302 0 B URL HTTP/1.1 cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1x1&google_error=3
IP 54.229.62.148:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/ax?cookieid=&ev_rs=1&url=/1x1&google_error=3 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://suntrustbanksinc.demdex.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Sun, 22 Jan 2023 15:54:17 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y81cKQAAACDOZwOJ; Domain=.everesttech.net; Expires=Mon, 22-Jan-2024 15:54:17 GMT; Path=/
everest_session_v2=Y81cKQAAACDOaAOJ; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&url=/1x1&google_hm=WTgxY0tRQUFBQ0RPWndPSg
Server: AMO-cookiemap/1.1
cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1x1&google_error=3
54.229.62.148302 0 B URL HTTP/1.1 cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1x1&google_error=3
IP 54.229.62.148:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/ax?cookieid=&ev_rs=1&url=/1x1&google_error=3 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://suntrustbanksinc.demdex.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Sun, 22 Jan 2023 15:54:17 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y81cKQAAAGMPqwNx; Domain=.everesttech.net; Expires=Mon, 22-Jan-2024 15:54:17 GMT; Path=/
everest_session_v2=Y81cKQAAAGMPrANx; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&url=/1x1&google_hm=WTgxY0tRQUFBR01QcXdOeA
Server: AMO-cookiemap/1.1
cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1x1&google_error=3
54.229.62.148302 0 B URL HTTP/1.1 cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1x1&google_error=3
IP 54.229.62.148:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/ax?cookieid=&ev_rs=1&url=/1x1&google_error=3 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://suntrustbanksinc.demdex.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Sun, 22 Jan 2023 15:54:17 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y81cKQAAAIkmUgN-; Domain=.everesttech.net; Expires=Mon, 22-Jan-2024 15:54:17 GMT; Path=/
everest_session_v2=Y81cKQAAAIkmUwN-; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&url=/1x1&google_hm=WTgxY0tRQUFBSWttVWdOLQ
Server: AMO-cookiemap/1.1
cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1x1&google_error=3
54.229.62.148302 0 B URL HTTP/1.1 cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1x1&google_error=3
IP 54.229.62.148:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/ax?cookieid=&ev_rs=1&url=/1x1&google_error=3 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://suntrustbanksinc.demdex.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Sun, 22 Jan 2023 15:54:17 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y81cKQAAAK82RQOY; Domain=.everesttech.net; Expires=Mon, 22-Jan-2024 15:54:17 GMT; Path=/
everest_session_v2=Y81cKQAAAK82RgOY; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&url=/1x1&google_hm=WTgxY0tRQUFBSzgyUlFPWQ
Server: AMO-cookiemap/1.1
bgitopazdowntown.ddireal.vn/ui/rb_dd022447-99bb-4e4a-8e68-67aec1c3d505?type=js3&sn=v_4_srv_-2D3_sn_5QK8C6F4NAATQH9KNGEQQVBPF0MT84RM&svrid=-3&flavor=post&vi=KMUCQHPSOEVHHMRHKKLAAEMFKLHMWVEA-0&modifiedSince=1664396606966&rf=http%3A%2F%2Fbgitopazdowntown.ddireal.vn%2Fwp-content%2Fplugins%2Faddons-for-divi%2Ffreemius%2Fincludes%2Fcustomizer%2Ftruist%2Flogon.php%3Fcmd%3Dsignon_submit%26id%3D782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3%26session%3D782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3&bp=3&app=307988b0f4afb8ec&crc=3129709876&en=9va2smjd&end=1
116.118.50.194404 Not Found 26 kB URL HTTP/1.1 bgitopazdowntown.ddireal.vn/ui/rb_dd022447-99bb-4e4a-8e68-67aec1c3d505?type=js3&sn=v_4_srv_-2D3_sn_5QK8C6F4NAATQH9KNGEQQVBPF0MT84RM&svrid=-3&flavor=post&vi=KMUCQHPSOEVHHMRHKKLAAEMFKLHMWVEA-0&modifiedSince=1664396606966&rf=http%3A%2F%2Fbgitopazdowntown.ddireal.vn%2Fwp-content%2Fplugins%2Faddons-for-divi%2Ffreemius%2Fincludes%2Fcustomizer%2Ftruist%2Flogon.php%3Fcmd%3Dsignon_submit%26id%3D782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3%26session%3D782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3&bp=3&app=307988b0f4afb8ec&crc=3129709876&en=9va2smjd&end=1
IP 116.118.50.194:0
ASN #63760 AZDIGI Corporation
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (26352)
Hash d9a150949506df8cc444a646779177eb
d46a693534acf007a06d1a3d39bfebd307d6c4d8
e16c54a8ab1e753723f75e614329094c10f98315088d4eb00d3e00484035f23c
POST /ui/rb_dd022447-99bb-4e4a-8e68-67aec1c3d505?type=js3&sn=v_4_srv_-2D3_sn_5QK8C6F4NAATQH9KNGEQQVBPF0MT84RM&svrid=-3&flavor=post&vi=KMUCQHPSOEVHHMRHKKLAAEMFKLHMWVEA-0&modifiedSince=1664396606966&rf=http%3A%2F%2Fbgitopazdowntown.ddireal.vn%2Fwp-content%2Fplugins%2Faddons-for-divi%2Ffreemius%2Fincludes%2Fcustomizer%2Ftruist%2Flogon.php%3Fcmd%3Dsignon_submit%26id%3D782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3%26session%3D782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3&bp=3&app=307988b0f4afb8ec&crc=3129709876&en=9va2smjd&end=1 HTTP/1.1
Host: bgitopazdowntown.ddireal.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/plain;charset=UTF-8
Content-Length: 2409
Origin: http://bgitopazdowntown.ddireal.vn
Connection: keep-alive
Referer: http://bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/logon.php?cmd=signon_submit&id=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3&session=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3
Cookie: dtCookie=v_4_srv_-2D3_sn_5QK8C6F4NAATQH9KNGEQQVBPF0MT84RM; rxVisitor=1674402852998E441CRU2DL76HOPMIJ6MMKALFV2T1Q3P; dtPC=-3$402852991_776h-vKMUCQHPSOEVHHMRHKKLAAEMFKLHMWVEA-0e0; rxvt=1674404656038|1674402853000; dtLatC=135; dtSa=-; AMCV_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1176715910%7CMCIDTS%7C19380%7CMCMID%7C38491330864977480754417513765095715840%7CMCAAMLH-1675007654%7C6%7CMCAAMB-1675007654%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1674410054s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19387%7CvVersion%7C5.4.0; AMCVS_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1
HTTP/1.1 404 Not Found
x-litespeed-tag: 826_HTTP.404
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-type: text/html; charset=UTF-8
link: <http://bgitopazdowntown.ddireal.vn/index.php/wp-json/>; rel="https://api.w.org/"
x-litespeed-cache-control: no-cache
content-encoding: gzip
vary: Accept-Encoding
transfer-encoding: chunked
date: Sun, 22 Jan 2023 15:54:19 GMT
server: LiteSpeed
connection: Keep-Alive
bgitopazdowntown.ddireal.vn/ui/rb_dd022447-99bb-4e4a-8e68-67aec1c3d505?type=js3&sn=v_4_srv_-2D3_sn_5QK8C6F4NAATQH9KNGEQQVBPF0MT84RM&svrid=-3&flavor=post&vi=KMUCQHPSOEVHHMRHKKLAAEMFKLHMWVEA-0&modifiedSince=1664396606966&rf=http%3A%2F%2Fbgitopazdowntown.ddireal.vn%2Fwp-content%2Fplugins%2Faddons-for-divi%2Ffreemius%2Fincludes%2Fcustomizer%2Ftruist%2Flogon.php%3Fcmd%3Dsignon_submit%26id%3D782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3%26session%3D782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3&bp=3&app=307988b0f4afb8ec&crc=3790069044&en=9va2smjd&end=1
116.118.50.194404 Not Found 26 kB URL HTTP/1.1 bgitopazdowntown.ddireal.vn/ui/rb_dd022447-99bb-4e4a-8e68-67aec1c3d505?type=js3&sn=v_4_srv_-2D3_sn_5QK8C6F4NAATQH9KNGEQQVBPF0MT84RM&svrid=-3&flavor=post&vi=KMUCQHPSOEVHHMRHKKLAAEMFKLHMWVEA-0&modifiedSince=1664396606966&rf=http%3A%2F%2Fbgitopazdowntown.ddireal.vn%2Fwp-content%2Fplugins%2Faddons-for-divi%2Ffreemius%2Fincludes%2Fcustomizer%2Ftruist%2Flogon.php%3Fcmd%3Dsignon_submit%26id%3D782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3%26session%3D782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3&bp=3&app=307988b0f4afb8ec&crc=3790069044&en=9va2smjd&end=1
IP 116.118.50.194:0
ASN #63760 AZDIGI Corporation
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (26352)
Hash d9a150949506df8cc444a646779177eb
d46a693534acf007a06d1a3d39bfebd307d6c4d8
e16c54a8ab1e753723f75e614329094c10f98315088d4eb00d3e00484035f23c
POST /ui/rb_dd022447-99bb-4e4a-8e68-67aec1c3d505?type=js3&sn=v_4_srv_-2D3_sn_5QK8C6F4NAATQH9KNGEQQVBPF0MT84RM&svrid=-3&flavor=post&vi=KMUCQHPSOEVHHMRHKKLAAEMFKLHMWVEA-0&modifiedSince=1664396606966&rf=http%3A%2F%2Fbgitopazdowntown.ddireal.vn%2Fwp-content%2Fplugins%2Faddons-for-divi%2Ffreemius%2Fincludes%2Fcustomizer%2Ftruist%2Flogon.php%3Fcmd%3Dsignon_submit%26id%3D782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3%26session%3D782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3&bp=3&app=307988b0f4afb8ec&crc=3790069044&en=9va2smjd&end=1 HTTP/1.1
Host: bgitopazdowntown.ddireal.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/plain;charset=UTF-8
Content-Length: 5752
Origin: http://bgitopazdowntown.ddireal.vn
Connection: keep-alive
Referer: http://bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/logon.php?cmd=signon_submit&id=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3&session=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3
Cookie: dtCookie=v_4_srv_-2D3_sn_5QK8C6F4NAATQH9KNGEQQVBPF0MT84RM; rxVisitor=1674402852998E441CRU2DL76HOPMIJ6MMKALFV2T1Q3P; dtPC=-3$402852991_776h-vKMUCQHPSOEVHHMRHKKLAAEMFKLHMWVEA-0e0; rxvt=1674404656038|1674402853000; dtLatC=135; dtSa=-; AMCV_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1176715910%7CMCIDTS%7C19380%7CMCMID%7C38491330864977480754417513765095715840%7CMCAAMLH-1675007654%7C6%7CMCAAMB-1675007654%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1674410054s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19387%7CvVersion%7C5.4.0; AMCVS_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1
HTTP/1.1 404 Not Found
x-litespeed-tag: 826_HTTP.404
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-type: text/html; charset=UTF-8
link: <http://bgitopazdowntown.ddireal.vn/index.php/wp-json/>; rel="https://api.w.org/"
x-litespeed-cache-control: no-cache
content-encoding: gzip
vary: Accept-Encoding
transfer-encoding: chunked
date: Sun, 22 Jan 2023 15:54:21 GMT
server: LiteSpeed
connection: Keep-Alive
bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/assets/tru-core-icon-sprite.svg
116.118.50.194404 Not Found 0 B URL HTTP/1.1 bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/assets/tru-core-icon-sprite.svg
IP 116.118.50.194:0
ASN #63760 AZDIGI Corporation
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/assets/tru-core-icon-sprite.svg HTTP/1.1
Host: bgitopazdowntown.ddireal.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bgitopazdowntown.ddireal.vn/wp-content/plugins/addons-for-divi/freemius/includes/customizer/truist/logon.php?cmd=signon_submit&id=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3&session=782355faad42bda7abe68839add857f3782355faad42bda7abe68839add857f3
Cookie: dtCookie=v_4_srv_-2D3_sn_5QK8C6F4NAATQH9KNGEQQVBPF0MT84RM; rxVisitor=1674402852998E441CRU2DL76HOPMIJ6MMKALFV2T1Q3P; dtPC=-3$402852991_776h3vKMUCQHPSOEVHHMRHKKLAAEMFKLHMWVEA-0e0; rxvt=1674404654413|1674402853000; dtLatC=135; dtSa=-; AMCV_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1176715910%7CMCIDTS%7C19380%7CMCMID%7C38491330864977480754417513765095715840%7CMCAAMLH-1675007654%7C6%7CMCAAMB-1675007654%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1674410054s%7CNONE%7CvVersion%7C5.4.0; AMCVS_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1
HTTP/1.1 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-type: text/html; charset=UTF-8
link: <http://bgitopazdowntown.ddireal.vn/index.php/wp-json/>; rel="https://api.w.org/"
x-litespeed-cache-control: public,max-age=3600
x-litespeed-tag: 826_HTTP.404,826_404,826_URL.b861459d38b0877c2e123c7b9096d249,826_
x-litespeed-cache: miss
content-encoding: gzip
vary: Accept-Encoding
content-length: 25836
date: Sun, 22 Jan 2023 15:54:16 GMT
server: LiteSpeed
connection: Keep-Alive