Report - hpuusyr2.ml/Bank/Cancel-transfer/AFCU.com/pass.html

Report Overview

Submitted URL
hpuusyr2.ml/Bank/Cancel-transfer/AFCU.com/pass.html
IP
162.144.35.96
ASN
#46606 UNIFIEDLAYER-AS-1
Submitted
2022-11-25 04:46:41
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
12

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
assets.adobedtm.com	512	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	85 kB	23.38.200.237
dpm.demdex.net	204	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.5 kB	4.7 kB	52.50.158.189
canarytokens.com	380733	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	461 B	225 B	52.18.63.80
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	45 kB	34.120.237.76
americafirstcreditunion.demdex.net	387571	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	497 B	3.4 kB	3.248.120.148
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	367 B	21 kB	142.250.74.174
cm.everesttech.net	996	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	421 B	475 B	54.77.60.152
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
secure.americafirst.com	369107	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.5 kB	323 kB	216.51.43.116
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.36.76.226
hpuusyr2.ml	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	9.1 kB	54 kB	162.144.35.96
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	3.9 kB	172.64.155.188
americafirstcreditun.tt.omtrdc.net	341132	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	461 B	904 B	52.30.207.127
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	2.1 kB	142.250.74.35
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350 B	1.0 kB	143.204.42.158
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.189.157.130
sstats.americafirst.com	366317	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	524 B	900 B	15.188.95.229
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	3.1 kB	93.184.220.29

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-11-25	medium	hpuusyr2.ml/Bank/Cancel-transfer/AFCU.com/pass.html	America First Credit Union

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-25	medium	hpuusyr2.ml/js/app.9c330c31.js	Phishing
2022-11-25	medium	hpuusyr2.ml/Bank/Cancel-transfer/AFCU.com/pass.html	Phishing
2022-11-25	medium	hpuusyr2.ml/Bank/Cancel-transfer/AFCU.com/js/chunk-vendors.4c927ace.js	Phishing
2022-11-25	medium	hpuusyr2.ml/ruxitagentjs_D_10251220909040818.js	Phishing
2022-11-25	medium	hpuusyr2.ml/ruxitagentjs_D_10251220909040818.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	hpuusyr2.ml/Bank/Cancel-transfer/AFCU.com/pass.html	1.0 kB	2023-03-08	2023-03-25
Pretty URL hpuusyr2.ml/Bank/Cancel-transfer/AFCU.com/pass.html IP 162.144.35.96 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:15:00 Last Seen2023-03-25 22:16:15 Times Seen3 Hash 3b8cd64ae0a3307680c97568af6f6330 f509d3831a279a45935280264e8038443f627430 4e5736618d9f8d40742f05903859b164d15f2bad83c6f53246e1ae168834daca Loading...

	hpuusyr2.ml/Bank/Cancel-transfer/AFCU.com/pass.html	290 B	2023-03-08	2023-03-12
Pretty URL hpuusyr2.ml/Bank/Cancel-transfer/AFCU.com/pass.html IP 162.144.35.96 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:46:45 Last Seen2023-03-12 19:37:25 Times Seen1 Hash e0fd23a334e3651522e756651157d321 64d556cd819b991aa0fe6d0a81deae25248b5029 da37b464029eb915c7eb09c7f4d518dd751ebed3edb15db7b5d35b347b103e9b Loading...

	assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.min.js	34 kB	2023-03-07	2024-05-07
Pretty URL assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.min.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-05-07 18:26:24 Times Seen24988 Hash f259ee6445c19c2ce3c64a1b117a4f35 a4c64554f653ab4e5bd5d2d03ce5685bb0a9ddb8 d6b423c91328eec9c218dd8b21ae1e676987d574e5432411a32806e5dd2bde32 Loading...

	americafirstcreditunion.demdex.net/dest5.html?d_nsid=0#http%3A%2F%2Fhpuusyr2.ml	6.7 kB	2023-03-07	2024-03-23
Pretty URL americafirstcreditunion.demdex.net/dest5.html?d_nsid=0#http%3A%2F%2Fhpuusyr2.ml IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:36 Last Seen2024-03-23 05:26:10 Times Seen1169 Hash bea2f42512935b636558e81988e2d51f 2c9772b62f6eb8a3cec9c3a6fb9c0b22c927e59d 0cc5ff21c24654308609656ebcfda2d792d15f6fda17c0a88b551fcf8e456fdb Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-08	2024-05-07
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:22:31 Last Seen2024-05-07 19:59:08 Times Seen1643 Hash fda30e8a22c9bcd954fd8d0fadd0e77c ae47cd34cbde081a48d7f92fc80aaf06a1381193 b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Loading...

	unknown	0 B	2023-03-07	2024-05-07
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-07 20:55:38 Times Seen37417930 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	secure.americafirst.com/ruxitagentjs_ICA27QVfghjqrux_10251220909040818.js	350 kB	2023-03-11	2023-03-11
Pretty URL secure.americafirst.com/ruxitagentjs_ICA27QVfghjqrux_10251220909040818.js IP 216.51.43.116 ASN #17150 AFCU Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 10:16:09 Last Seen2023-03-11 20:35:35 Times Seen1 Hash 29043ac98b00dffee2031d370a943e1d 929b62fdfa1b5fa80a7c0ddbe5ab91adf2896b59 ed20762d5ba084b7065f35c5feb0da126edf43d80603be3ca5cc54c397d8ac20 Loading...

	hpuusyr2.ml/Bank/Cancel-transfer/AFCU.com/pass.html	417 B	2023-03-08	2023-03-25
Pretty URL hpuusyr2.ml/Bank/Cancel-transfer/AFCU.com/pass.html IP 162.144.35.96 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:15:00 Last Seen2023-03-25 22:16:15 Times Seen3 Hash 563c21625aac37211d3760dcc44fde2a 6251905fc4102d5bca00afd5dd5a510aec0af3dd cc8b52eabf3d37d1d238002028492fd51f6bc742114f6145ee9765423decebca Loading...

HTTP Transactions (63)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7c60904d097cde276e4e5632cef1b9f1
4f805026462589345d85e8df2d18eafba6237504
12af026999398f4976749e320667d43da3f99b7a2e8254aca7a410a964a106aa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "12AF026999398F4976749E320667D43DA3F99B7A2E8254ACA7A410A964A106AA"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14116
Expires: Fri, 25 Nov 2022 08:41:46 GMT
Date: Fri, 25 Nov 2022 04:46:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8c63b226725ca6e92e3ef586ac19e603
d21ae42a1927501e5293ff3564f52b49f6b0decc
141ac47acc3800e5d35a82012fa4b044277abad3a95dc24415f66fb72c972ae6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "141AC47ACC3800E5D35A82012FA4B044277ABAD3A95DC24415F66FB72C972AE6"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7483
Expires: Fri, 25 Nov 2022 06:51:13 GMT
Date: Fri, 25 Nov 2022 04:46:30 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
af40a2fcf8debb90c3608002da6c907a
3c75d6c0b557a3bd8d5db50155b8d896e852c145
555617a51ee3077552545a29a3baf0b43e8a82367e4c08110ee480ebedc8b523

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2041
Cache-Control: max-age=109122
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:46:30 GMT
Etag: "637f47ef-1d7"
Expires: Sat, 26 Nov 2022 11:05:12 GMT
Last-Modified: Thu, 24 Nov 2022 10:31:11 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: YmTpL7VdAS5SKdaxB2eJ/NbSZCxm3DghkEBV10S2tIh9XWl8KdWMAD/9Lwe6wtIR4WvTykCeqxk=
x-amz-request-id: 8936M1FAS60KGENJ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 25 Nov 2022 04:40:40 GMT
age: 350
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
567df7db606cf5d0871aa5bc9311b6da
4263faac7cbab2fcaf6661911dcad5091c06be17
e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 25 Nov 2022 04:19:03 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1647
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 04:46:30 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.min.js

23.38.200.237

200 OK

12 kB

URL HTTP/2
assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.min.js
IP
23.38.200.237:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (32766)
Size
12 kB (12184 bytes)
Hash
ef1dca45932932a17b01c4b6946f6042
0f0f0501b7d48e1e2b2aead666d9b9b59c07720c
37d818de56459121621e8df2e54ff42109e6ac62fab1ead9aae508fab006073d

HTTP Headers

GET /extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hpuusyr2.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "f259ee6445c19c2ce3c64a1b117a4f35:1597270192.577101"
last-modified: Wed, 12 Aug 2020 22:09:52 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 12184
expires: Fri, 25 Nov 2022 05:46:30 GMT
date: Fri, 25 Nov 2022 04:46:30 GMT
cache-control: no-cache
access-control-allow-origin: http://hpuusyr2.ml
timing-allow-origin: *
X-Firefox-Spdy: h2

assets.adobedtm.com/1fd1994c08c8/ef4083d7ef24/launch-b0a09017373d.min.js

23.38.200.237

200 OK

72 kB

URL HTTP/2
assets.adobedtm.com/1fd1994c08c8/ef4083d7ef24/launch-b0a09017373d.min.js
IP
23.38.200.237:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (32756)
Size
72 kB (71776 bytes)
Hash
dbec2f9e3d6edee3ee5663355cf3f490
0a446f0f5a77b6f1120ef9cb47387031c3ccd335
b5b3be9d314b8143117353b305cec74b6141a933474a502df815b819373b130a

HTTP Headers

GET /1fd1994c08c8/ef4083d7ef24/launch-b0a09017373d.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hpuusyr2.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "c7075b0fa700c4806db450e8979452e6:1614632448.042729"
last-modified: Mon, 01 Mar 2021 21:00:48 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 71776
cache-control: max-age=3600
expires: Fri, 25 Nov 2022 05:46:30 GMT
date: Fri, 25 Nov 2022 04:46:30 GMT
access-control-allow-origin: http://hpuusyr2.ml
timing-allow-origin: *
X-Firefox-Spdy: h2

hpuusyr2.ml/js/app.9c330c31.js

162.144.35.96

404 Not Found

315 B

URL HTTP/1.1
hpuusyr2.ml/js/app.9c330c31.js
IP
162.144.35.96:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/app.9c330c31.js HTTP/1.1
Host: hpuusyr2.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hpuusyr2.ml/Bank/Cancel-transfer/AFCU.com/pass.html

HTTP/1.1 404 Not Found
Date: Fri, 25 Nov 2022 04:46:31 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

hpuusyr2.ml/Bank/Cancel-transfer/AFCU.com/pass.html

162.144.35.96

200 OK

48 kB

URL HTTP/1.1
hpuusyr2.ml/Bank/Cancel-transfer/AFCU.com/pass.html
IP
162.144.35.96:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7241)
Size
48 kB (48535 bytes)
Hash
0434f326b3e1b7bc2ae16d81744e5b76
f13efe5669895e8e5de78ecc94bebbf9f901ebd6
c8add9a08edba1726975586269089344c0b4a3bd1ff4959720fcc9f52f17a738

Detections

Analyzer	Verdict	Alert
openphish	America First Credit Union
fortinet	Phishing

HTTP Headers

GET /Bank/Cancel-transfer/AFCU.com/pass.html HTTP/1.1
Host: hpuusyr2.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 04:46:30 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 19:30:42 GMT
Accept-Ranges: bytes
Content-Length: 48535
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

hpuusyr2.ml/Bank/Cancel-transfer/AFCU.com/js/chunk-vendors.4c927ace.js

162.144.35.96

404 Not Found

315 B

URL HTTP/1.1
hpuusyr2.ml/Bank/Cancel-transfer/AFCU.com/js/chunk-vendors.4c927ace.js
IP
162.144.35.96:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /Bank/Cancel-transfer/AFCU.com/js/chunk-vendors.4c927ace.js HTTP/1.1
Host: hpuusyr2.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hpuusyr2.ml/Bank/Cancel-transfer/AFCU.com/pass.html

HTTP/1.1 404 Not Found
Date: Fri, 25 Nov 2022 04:46:31 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

hpuusyr2.ml/css/app.4d13320b.css

162.144.35.96

404 Not Found

315 B

URL HTTP/1.1
hpuusyr2.ml/css/app.4d13320b.css
IP
162.144.35.96:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

HTTP Headers

GET /css/app.4d13320b.css HTTP/1.1
Host: hpuusyr2.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hpuusyr2.ml/Bank/Cancel-transfer/AFCU.com/pass.html

HTTP/1.1 404 Not Found
Date: Fri, 25 Nov 2022 04:46:31 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 25 Nov 2022 04:11:11 GMT
cache-control: public,max-age=3600
age: 2120
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
fb6949e7abaa473393f7c604691de14f
599681bba3947709baa603bbae2dd7afd04059a4
36c5165526ea9d34de14d36655ed494d0cffaa11ca3271ee47824ac11246ba13

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6383
Cache-Control: max-age=108401
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:46:31 GMT
Etag: "637f3429-1d7"
Expires: Sat, 26 Nov 2022 10:53:12 GMT
Last-Modified: Thu, 24 Nov 2022 09:06:49 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
30b16ddef5935cab97254d90cea42331
89c2ec37d9e1b15e424e9f2b4b3ec9db2d31e4ac
e078b1629de1c11b421570216094f7eb86facf7c2564325444356d97c1bfe1a4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 04:46:31 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 21 Nov 2022 19:27:28 GMT
Expires: Mon, 28 Nov 2022 19:27:27 GMT
Etag: "89c2ec37d9e1b15e424e9f2b4b3ec9db2d31e4ac"
Cache-Control: max-age=311455,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f7bdb6e917b517-OSL

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
30b16ddef5935cab97254d90cea42331
89c2ec37d9e1b15e424e9f2b4b3ec9db2d31e4ac
e078b1629de1c11b421570216094f7eb86facf7c2564325444356d97c1bfe1a4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 04:46:31 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 21 Nov 2022 19:27:28 GMT
Expires: Mon, 28 Nov 2022 19:27:27 GMT
Etag: "89c2ec37d9e1b15e424e9f2b4b3ec9db2d31e4ac"
Cache-Control: max-age=311455,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f7bdb6ed80b52d-OSL

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
30b16ddef5935cab97254d90cea42331
89c2ec37d9e1b15e424e9f2b4b3ec9db2d31e4ac
e078b1629de1c11b421570216094f7eb86facf7c2564325444356d97c1bfe1a4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 04:46:31 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 21 Nov 2022 19:27:28 GMT
Expires: Mon, 28 Nov 2022 19:27:27 GMT
Etag: "89c2ec37d9e1b15e424e9f2b4b3ec9db2d31e4ac"
Cache-Control: max-age=311455,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f7bdb6ec9c1c12-OSL

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
30b16ddef5935cab97254d90cea42331
89c2ec37d9e1b15e424e9f2b4b3ec9db2d31e4ac
e078b1629de1c11b421570216094f7eb86facf7c2564325444356d97c1bfe1a4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 04:46:31 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 21 Nov 2022 19:27:28 GMT
Expires: Mon, 28 Nov 2022 19:27:27 GMT
Etag: "89c2ec37d9e1b15e424e9f2b4b3ec9db2d31e4ac"
Cache-Control: max-age=311455,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f7bdb6e8eeb50b-OSL

secure.americafirst.com/css/app.4d13320b.css

216.51.43.116

200

1.0 kB

URL HTTP/1.1
secure.americafirst.com/css/app.4d13320b.css
IP
216.51.43.116:0
ASN
#17150 AFCU

File type
ASCII text, with very long lines (2605), with no line terminators
Size
1.0 kB (1030 bytes)
Hash
84b73235baa3afc397c97b7d5753ffce
d055e6293a59bd0e6f2f27153a0c1ef0d3cb6525
1a6b5d6b43fb52e8c8b41cf9c0de1ff852409d05f4e1f5e993376ded92ca7835

HTTP Headers

GET /css/app.4d13320b.css HTTP/1.1
Host: secure.americafirst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hpuusyr2.ml/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
Age: 2
Date: Fri, 25 Nov 2022 04:46:30 GMT
Cache-Control: private
Connection: Keep-Alive
Via: NS-CACHE-10.0: 155
ETag: W/"2605-1654822658000"
Accept-Ranges: bytes
Last-Modified: Fri, 10 Jun 2022 00:57:38 GMT
Content-Type: text/css
Cteonnt-Length: 2605
Referrer-Policy: STRICT-ORIGIN
Expect-CT: "enforce,max-age=30"
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Permissions-Policy: geolocation=(self "https://FAKE URL.com")
X-Powered-By: Fake Name
Server: Fake Name
Strict-Transport-Security: max-age=2592000
Content-Encoding: gzip
Content-Length: 1030

push.services.mozilla.com/

54.189.157.130

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.189.157.130:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: QlSf9akDFeZS2pq0aqV1Ig==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: fECC7soRHbuHpwijlPsjT2kYh/Y=

secure.americafirst.com/css/chunk-vendors.f18ab36e.css

216.51.43.116

200

107 kB

URL HTTP/1.1
secure.americafirst.com/css/chunk-vendors.f18ab36e.css
IP
216.51.43.116:0
ASN
#17150 AFCU

File type
Unicode text, UTF-8 text, with very long lines (60387)
Size
107 kB (107206 bytes)
Hash
7c31b75d7597ca1dc8d974b3ca08e7d8
c338fdf9afec7893e2a4f7da5cdfe772dbcbd2ee
bd8af0054c0f64d0713e733e7764af19161c9dc16a63c7d72f056b1b7e98d1e5

HTTP Headers

GET /css/chunk-vendors.f18ab36e.css HTTP/1.1
Host: secure.americafirst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hpuusyr2.ml/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
Set-Cookie: dtCookie=v_4_srv_1_sn_CB879842FA8BF2AC2BE4C9B58A1A7E6C_perc_100000_ol_0_mul_1_app-3Aec967b149da485d6_1; Path=/; Domain=.americafirst.com
X-OneAgent-JS-Injection: true
Accept-Ranges: bytes
ETag: W/"719475-1654822658000"
Last-Modified: Fri, 10 Jun 2022 00:57:38 GMT
Content-Type: text/css
ntCoent-Length: 719475
Date: Fri, 25 Nov 2022 04:46:30 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Referrer-Policy: STRICT-ORIGIN
Expect-CT: "enforce,max-age=30"
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Permissions-Policy: geolocation=(self "https://FAKE URL.com")
X-Powered-By: Fake Name
Server: Fake Name
Strict-Transport-Security: max-age=2592000
Cache-Control: private
Content-Encoding: gzip
Transfer-Encoding: chunked

secure.americafirst.com/ruxitagentjs_ICA27QVfghjqrux_10251220909040818.js

216.51.43.116

200

128 kB

URL HTTP/1.1
secure.americafirst.com/ruxitagentjs_ICA27QVfghjqrux_10251220909040818.js
IP
216.51.43.116:0
ASN
#17150 AFCU

File type
ASCII text, with very long lines (2058)
Size
128 kB (127777 bytes)
Hash
a3a5aec481537b10b2228badd7c33504
2fbee625044bf0f35c702193009ed4120a1f40f4
d2260c0fab13206a4d4ac7f12d4e6b30e203e4f0828ca045f25a9ad082ef417b

HTTP Headers

GET /ruxitagentjs_ICA27QVfghjqrux_10251220909040818.js HTTP/1.1
Host: secure.americafirst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hpuusyr2.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
Content-Encoding: gzip
Vary: Accept-Encoding
Expires: Sat, 25 Nov 2023 04:46:31 GMT
Cache-Control: public, max-age=31536000, immutable
Last-Modified: Wed, 03 Mar 2010 07:01:40 GMT
Content-Type: text/javascript;charset=utf-8
Content-Length: 127777
Date: Fri, 25 Nov 2022 04:46:31 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Referrer-Policy: STRICT-ORIGIN
Expect-CT: "enforce,max-age=30"
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Permissions-Policy: geolocation=(self "https://FAKE URL.com")
X-Powered-By: Fake Name
Server: Fake Name
Strict-Transport-Security: max-age=2592000

assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.min.js

23.38.200.237

304 Not Modified

0 B

URL HTTP/2
assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.min.js
IP
23.38.200.237:0
ASN
#16625 AKAMAI-AS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hpuusyr2.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Wed, 12 Aug 2020 22:09:52 GMT
If-None-Match: "f259ee6445c19c2ce3c64a1b117a4f35:1597270192.577101"
TE: trailers

HTTP/2 304 Not Modified
content-type: application/x-javascript
last-modified: Wed, 12 Aug 2020 22:09:52 GMT
etag: "f259ee6445c19c2ce3c64a1b117a4f35:1597270192.577101"
expires: Fri, 25 Nov 2022 05:46:32 GMT
date: Fri, 25 Nov 2022 04:46:32 GMT
cache-control: no-cache
access-control-allow-origin: http://hpuusyr2.ml
timing-allow-origin: *
X-Firefox-Spdy: h2

secure.americafirst.com/img/logo-desktop-inverse.a3a99f3a.png

216.51.43.116

200

8.9 kB

URL HTTP/1.1
secure.americafirst.com/img/logo-desktop-inverse.a3a99f3a.png
IP
216.51.43.116:0
ASN
#17150 AFCU

File type
PNG image data, 390 x 134, 8-bit/color RGBA, non-interlaced\012- data
Size
8.9 kB (8898 bytes)
Hash
a3a99f3aea38a0574c84d332fc5f871f
5a3bcb4c445e47551ad7fb98a1d57a34432c298d
c9a0078a7b8e70e1437317247095c89510a6c40bdb3bb37a26318133e2c1ab54

HTTP Headers

GET /img/logo-desktop-inverse.a3a99f3a.png HTTP/1.1
Host: secure.americafirst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hpuusyr2.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
Age: 2
Date: Fri, 25 Nov 2022 04:46:31 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 155
ETag: W/"8898-1654822658000"
X-OneAgent-JS-Injection: true
Accept-Ranges: bytes
Last-Modified: Fri, 10 Jun 2022 00:57:38 GMT
Content-Type: image/png
Content-Length: 8898
Keep-Alive: timeout=60
Referrer-Policy: STRICT-ORIGIN
Expect-CT: "enforce,max-age=30"
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Permissions-Policy: geolocation=(self "https://FAKE URL.com")
X-Powered-By: Fake Name
Server: Fake Name
Strict-Transport-Security: max-age=2592000

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
ebfc7cbd74089324a63ee2fbd512c436
4dd817c8cd4f918bd3bba8b4e9c7157f2d42e7b7
e0411c1f91e7f52f3be5fc42ef0b3778e4bd1c7e7bc17d669ce7b853e3fa3590

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3779
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:46:32 GMT
Last-Modified: Fri, 25 Nov 2022 03:43:33 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a082f67826212092d9e982d7b0aa3413
7cf16bb49c79582d6a6ea1ac49360d94b22e5585
fe9f96ce2e1f5cd4a64048563c296757728c2771ff28f3fb4062388b68bf659c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FE9F96CE2E1F5CD4A64048563C296757728C2771FF28F3FB4062388B68BF659C"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4659
Expires: Fri, 25 Nov 2022 06:04:11 GMT
Date: Fri, 25 Nov 2022 04:46:32 GMT
Connection: keep-alive

dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A7873BC75245AD770A490D4D%40AdobeOrg&d_nsid=0&ts=1669351592190

52.50.158.189

302 Found

0 B

URL HTTP/1.1
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A7873BC75245AD770A490D4D%40AdobeOrg&d_nsid=0&ts=1669351592190
IP
52.50.158.189:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A7873BC75245AD770A490D4D%40AdobeOrg&d_nsid=0&ts=1669351592190 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://hpuusyr2.ml
Connection: keep-alive
Referer: http://hpuusyr2.ml/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://hpuusyr2.ml
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v045-016466e2e.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/id/rd?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A7873BC75245AD770A490D4D%40AdobeOrg&d_nsid=0&ts=1669351592190
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=20732175894536040494475582162003851156; Max-Age=15552000; Expires=Wed, 24 May 2023 04:46:32 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: nWIs7XCtRag=
Content-Length: 0
Connection: keep-alive

hpuusyr2.ml/css/app.4d13320b.css

162.144.35.96

404 Not Found

315 B

URL HTTP/1.1
hpuusyr2.ml/css/app.4d13320b.css
IP
162.144.35.96:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

HTTP Headers

GET /css/app.4d13320b.css HTTP/1.1
Host: hpuusyr2.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hpuusyr2.ml/Bank/Cancel-transfer/AFCU.com/pass.html
Cookie: dtCookie=v_4_srv_-2D34_sn_KV4ICADTMJ9CIO1VIMVABJ66L8773TSP; rxVisitor=1669351592159SBR271TIOO6PMFTD9NNBADVGPR3HI74I; dtPC=-34$151592154_538h4vJQROJSHULBCAJFWRURKJEBPPIPFVSCOM-0e0; rxvt=1669353392191|1669351592160; dtLatC=80; dtSa=-; AMCV_A7873BC75245AD770A490D4D%40AdobeOrg=-1124106680%7CMCIDTS%7C19322%7CvVersion%7C5.2.0; mbox=session#a254b9f9d4ce451c9147a03dab0f893c#1669353453; at_check=true

HTTP/1.1 404 Not Found
Date: Fri, 25 Nov 2022 04:46:32 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

dpm.demdex.net/id/rd?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A7873BC75245AD770A490D4D%40AdobeOrg&d_nsid=0&ts=1669351592190

52.50.158.189

200 OK

124 B

URL HTTP/1.1
dpm.demdex.net/id/rd?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A7873BC75245AD770A490D4D%40AdobeOrg&d_nsid=0&ts=1669351592190
IP
52.50.158.189:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
124 B (124 bytes)
Hash
1f6783349ac4177ec3b3845fd520dca6
d84e7a43a8c8ff6f1a568ad6cb4162767f5b32b7
64bc30aa6a9d9e5396bb67c6af32c31f5ca6610641f0bdea10d759281df6adca

HTTP Headers

GET /id/rd?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A7873BC75245AD770A490D4D%40AdobeOrg&d_nsid=0&ts=1669351592190 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://hpuusyr2.ml
Content-Type: application/x-www-form-urlencoded
Referer: http://hpuusyr2.ml/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://hpuusyr2.ml
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-0f2a7c28b.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-Error: 172
X-TID: 1xlHXlq7TnY=
Content-Length: 124
Connection: keep-alive

canarytokens.com/d2e56x9ul6ndlib7seb3wevxl.jpg?l=http://hpuusyr2.ml/Bank/Cancel-transfer/AFCU.com/pass.html&r=

52.18.63.80

200 OK

55 B

URL HTTP/1.1
canarytokens.com/d2e56x9ul6ndlib7seb3wevxl.jpg?l=http://hpuusyr2.ml/Bank/Cancel-transfer/AFCU.com/pass.html&r=
IP
52.18.63.80:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
55 B (55 bytes)
Hash
185695cd1669914f5338d8b0461ce776
283cd2c856f899ff4a8c4b0b9c20b3b9e56140f3
35679d2e3f0639729b18de7ae45abb47073fbbf1aa4bc59aa065991494d63d7d

HTTP Headers

GET /d2e56x9ul6ndlib7seb3wevxl.jpg?l=http://hpuusyr2.ml/Bank/Cancel-transfer/AFCU.com/pass.html&r= HTTP/1.1
Host: canarytokens.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hpuusyr2.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 04:46:32 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

hpuusyr2.ml/ruxitagentjs_D_10251220909040818.js

162.144.35.96

404 Not Found

315 B

URL HTTP/1.1
hpuusyr2.ml/ruxitagentjs_D_10251220909040818.js
IP
162.144.35.96:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /ruxitagentjs_D_10251220909040818.js HTTP/1.1
Host: hpuusyr2.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hpuusyr2.ml/Bank/Cancel-transfer/AFCU.com/pass.html
Cookie: dtCookie=v_4_srv_-2D34_sn_KV4ICADTMJ9CIO1VIMVABJ66L8773TSP; rxVisitor=1669351592159SBR271TIOO6PMFTD9NNBADVGPR3HI74I; dtPC=-34$151592154_538h4vJQROJSHULBCAJFWRURKJEBPPIPFVSCOM-0e0; rxvt=1669353392191|1669351592160; dtLatC=80; dtSa=-; AMCV_A7873BC75245AD770A490D4D%40AdobeOrg=-1124106680%7CMCIDTS%7C19322%7CvVersion%7C5.2.0; mbox=session#a254b9f9d4ce451c9147a03dab0f893c#1669353453; at_check=true

HTTP/1.1 404 Not Found
Date: Fri, 25 Nov 2022 04:46:32 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b75c00c21f5854618bc06d14b8d83c40
ae14f585ae9682e6c2fad146c12c00ee4d83e8f3
a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16941
Expires: Fri, 25 Nov 2022 09:28:54 GMT
Date: Fri, 25 Nov 2022 04:46:33 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b75c00c21f5854618bc06d14b8d83c40
ae14f585ae9682e6c2fad146c12c00ee4d83e8f3
a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16941
Expires: Fri, 25 Nov 2022 09:28:54 GMT
Date: Fri, 25 Nov 2022 04:46:33 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b75c00c21f5854618bc06d14b8d83c40
ae14f585ae9682e6c2fad146c12c00ee4d83e8f3
a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16941
Expires: Fri, 25 Nov 2022 09:28:54 GMT
Date: Fri, 25 Nov 2022 04:46:33 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b75c00c21f5854618bc06d14b8d83c40
ae14f585ae9682e6c2fad146c12c00ee4d83e8f3
a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16941
Expires: Fri, 25 Nov 2022 09:28:54 GMT
Date: Fri, 25 Nov 2022 04:46:33 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00e89fb5-5cb3-4f68-936b-5ee31d6061bc.jpeg

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00e89fb5-5cb3-4f68-936b-5ee31d6061bc.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (8006 bytes)
Hash
8b6ee13d43732f7c764a49500d092865
5d15fd672e968d59b541e4d5d0d01cd5e69f4075
fc3623d527147e1c6aab399251ed8d527e6eefdee6ad7183f00df2613498bfe4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00e89fb5-5cb3-4f68-936b-5ee31d6061bc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8006
x-amzn-requestid: 78aab013-df11-464b-a1c7-ee41b7e77b40
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB-AHSrIAMFvKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe38c-4d795f410a57fc2c21d7075d;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:08 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: q53jN1uOtSdeThbk2_0UF6Rl3g4_-_TW7uK1_6Z5oDwSTSRk8XRjyQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:35:08 GMT
etag: "5d15fd672e968d59b541e4d5d0d01cd5e69f4075"
content-type: image/jpeg
age: 25885
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.3 kB (4309 bytes)
Hash
841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: a22b4d7e-e208-4bda-81c2-d13e6463380e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: blE0hGNioAMF_Tg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6371e81c-1b13846866f56a0e47675e56;Sampled=0
x-amzn-remapped-date: Mon, 14 Nov 2022 07:02:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 0sYKpJWi2Tv9Atz3PYXm5j7kmncAOxjcLcK4hgAkJ5b4pNMDmjdB6g==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 07:14:07 GMT
age: 77546
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ba10698-9bc6-45a1-b97d-7209a0a31f7c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5211 bytes)
Hash
7d0105e45becaf777227cac49e320321
d279a0b70061fe3d8268f1e69c515c0c4439dc80
ea9571213d9a57318cde036c108d4c973c627ce4cd225534ee246349ed4ba3a9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ba10698-9bc6-45a1-b97d-7209a0a31f7c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5211
x-amzn-requestid: 706d0037-bbff-417a-9fa3-8ebbbf7b4df1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB8wFOToAMF12Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe384-01b6908212b2ab9c5caa34a0;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:00 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: _FkuS0I2--xiqT4sOKa8ACg8BtI97R-bGe2UZ3o91wfqn_WgktspiQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:36:27 GMT
age: 25806
etag: "d279a0b70061fe3d8268f1e69c515c0c4439dc80"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d60bb22-4a30-4570-8561-eb3a2833a058.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8277 bytes)
Hash
f59a591b222397ff0f01c22a0786e660
6a8504212141af411a18ce58960c8bb52e8116ac
624847cfdfcd770d2dee8a2b85f3c7c480cda58ba2aef1135184f3dffc30d1f1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d60bb22-4a30-4570-8561-eb3a2833a058.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8277
x-amzn-requestid: e84a5668-cd91-42af-b6de-5eb694ea56e6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB-KFtmIAMF00Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe38d-64513fb257d83b9847c82929;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: rIKW7gaK37mlbk_TUo63AH9-XDOoF3Z-5mGaeOkzmESFLJ3GHz60lA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:35:10 GMT
etag: "6a8504212141af411a18ce58960c8bb52e8116ac"
content-type: image/jpeg
age: 25883
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bd50a26-dc90-4a0f-9ac7-e2950f1e9d5f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8275 bytes)
Hash
4c67bf2eb6ca2d7e2b34df1dbe8e7b36
cdacea802c72450973140387aafacae9df78b0aa
52c1b293ec45c98077953699dcc48d77d4aee2bb12f38ef21c692af9171b6db2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bd50a26-dc90-4a0f-9ac7-e2950f1e9d5f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8275
x-amzn-requestid: 350ffdb7-723f-4dfc-95e8-e76364d1313d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB8xGPAoAMFbWA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe384-10d4c566779b9b9f4bb9112d;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:00 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Uj2zluKZJzwlcymflJicV2rFLgOEYzWuhZsThZPRbCwiNoYxCgbEwg==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:35:01 GMT
etag: "cdacea802c72450973140387aafacae9df78b0aa"
content-type: image/jpeg
age: 25892
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F216636c8-4200-4f0d-83d2-8579be32f1ac.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.3 kB (4270 bytes)
Hash
648677a7e7bab1896a190d2e5fb7243c
6217a262002244ef3f2e8034076a735cafd9888a
72f2913f7c0770ebab0f2683bdc1ec5a5db8872e8f2c62a8fd5c9178b95dbb06

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F216636c8-4200-4f0d-83d2-8579be32f1ac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4270
x-amzn-requestid: 7327f8fb-804b-4d09-83dc-628e35ffa74b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB8xFwXoAMFkqQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe384-33f83cea2c585279140f4f59;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:00 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: NLXTbS53l_c-lByM8Ym4_tfOlgP2lB-F1dYxOSfdeEfBSM41X0Cpug==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:35:01 GMT
etag: "6217a262002244ef3f2e8034076a735cafd9888a"
content-type: image/jpeg
age: 25892
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
12d47444a99e246ddc16f6ef337f46ac
b615c2b03e98f144a696647dddb8b16574710704
e9d008ec982eb21a1354b8c67dbbb2c854db4391e72f9dc20082d955669acbe5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=155328
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:46:33 GMT
Etag: "63800469-1d7"
Expires: Sat, 26 Nov 2022 23:55:21 GMT
Last-Modified: Thu, 24 Nov 2022 23:55:21 GMT
Server: nginx
Content-Length: 471

hpuusyr2.ml/ruxitagentjs_D_10251220909040818.js

162.144.35.96

404 Not Found

315 B

URL HTTP/1.1
hpuusyr2.ml/ruxitagentjs_D_10251220909040818.js
IP
162.144.35.96:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /ruxitagentjs_D_10251220909040818.js HTTP/1.1
Host: hpuusyr2.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hpuusyr2.ml/Bank/Cancel-transfer/AFCU.com/pass.html
Cookie: dtCookie=v_4_srv_-2D34_sn_KV4ICADTMJ9CIO1VIMVABJ66L8773TSP; rxVisitor=1669351592159SBR271TIOO6PMFTD9NNBADVGPR3HI74I; dtPC=-34$151592154_538h5vJQROJSHULBCAJFWRURKJEBPPIPFVSCOM-0e0; rxvt=1669353392411|1669351592160; dtLatC=80; dtSa=-; AMCV_A7873BC75245AD770A490D4D%40AdobeOrg=-1124106680%7CMCIDTS%7C19322%7CvVersion%7C5.2.0; mbox=session#a254b9f9d4ce451c9147a03dab0f893c#1669353453; at_check=true

HTTP/1.1 404 Not Found
Date: Fri, 25 Nov 2022 04:46:33 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

sstats.americafirst.com/id?d_visid_ver=5.2.0&d_fieldgroup=MC&mcorgid=A7873BC75245AD770A490D4D%40AdobeOrg&ts=1669351592411

15.188.95.229

200 OK

48 B

URL HTTP/2
sstats.americafirst.com/id?d_visid_ver=5.2.0&d_fieldgroup=MC&mcorgid=A7873BC75245AD770A490D4D%40AdobeOrg&ts=1669351592411
IP
15.188.95.229:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
48 B (48 bytes)
Hash
50a243efe9723cd748f2d4af800950a3
04306fc1b99195da083476df65e3f41328f3556c
3c89a706a43912caca24201a299651b9a77109341d382e53a8c2d58b87d2aac1

HTTP Headers

GET /id?d_visid_ver=5.2.0&d_fieldgroup=MC&mcorgid=A7873BC75245AD770A490D4D%40AdobeOrg&ts=1669351592411 HTTP/1.1
Host: sstats.americafirst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://hpuusyr2.ml
Connection: keep-alive
Referer: http://hpuusyr2.ml/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: http://hpuusyr2.ml
access-control-allow-credentials: true
date: Fri, 25 Nov 2022 04:46:33 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: AMCV_A7873BC75245AD770A490D4D%40AdobeOrg=0%7CMCMID%7C83563918922041444550439466589941913458; Path=/; Domain=americafirst.com; Max-Age=63072000; Expires=Sun, 24 Nov 2024 04:46:46 GMT;
s_ecid=MCMID%7C83563918922041444550439466589941913458; Path=/; Domain=americafirst.com; Max-Age=63072000; Expires=Sun, 24 Nov 2024 04:46:46 GMT; SameSite=Lax;
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 48
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=A7873BC75245AD770A490D4D%40AdobeOrg&d_nsid=0&d_mid=83563918922041444550439466589941913458&ts=1669351592745

52.50.158.189

200 OK

901 B

URL HTTP/1.1
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=A7873BC75245AD770A490D4D%40AdobeOrg&d_nsid=0&d_mid=83563918922041444550439466589941913458&ts=1669351592745
IP
52.50.158.189:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (2321), with no line terminators
Size
901 B (901 bytes)
Hash
f2abcf4927031ad7f4ba412c5add1f2f
bd651565ff70b57735e270eea0cc85768c0c6264
63f4b841c16032a49b2a141aee5cb3f6f3069189d51e3d04b55fa23a0a104844

HTTP Headers

GET /id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=A7873BC75245AD770A490D4D%40AdobeOrg&d_nsid=0&d_mid=83563918922041444550439466589941913458&ts=1669351592745 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://hpuusyr2.ml
Connection: keep-alive
Referer: http://hpuusyr2.ml/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://hpuusyr2.ml
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-0bb46f593.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=87537210585608718830906881878756892158; Max-Age=15552000; Expires=Wed, 24 May 2023 04:46:33 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: Yj24K4/ZQR0=
Content-Length: 901
Connection: keep-alive

americafirstcreditun.tt.omtrdc.net/rest/v1/delivery?client=americafirstcreditun&sessionId=a254b9f9d4ce451c9147a03dab0f893c&version=2.4.0

52.30.207.127

200

309 B

URL HTTP/1.1
americafirstcreditun.tt.omtrdc.net/rest/v1/delivery?client=americafirstcreditun&sessionId=a254b9f9d4ce451c9147a03dab0f893c&version=2.4.0
IP
52.30.207.127:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (363), with no line terminators
Size
309 B (309 bytes)
Hash
163072614977e956eef4de12ea549852
b8feae51e944d0c2461f30a3b4e76ace1a95a97e
5420f61c89f3b864b8ced6bd8fb9b65b85619bf9794b6a69b4983a3a9d4f8916

HTTP Headers

POST /rest/v1/delivery?client=americafirstcreditun&sessionId=a254b9f9d4ce451c9147a03dab0f893c&version=2.4.0 HTTP/1.1
Host: americafirstcreditun.tt.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/plain
Content-Length: 810
Origin: http://hpuusyr2.ml
Connection: keep-alive
Referer: http://hpuusyr2.ml/

HTTP/1.1 200 
Date: Fri, 25 Nov 2022 04:46:33 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
Access-Control-Allow-Origin: http://hpuusyr2.ml
Access-Control-Allow-Credentials: true
X-Request-ID: ca4e38a36809507b728e123e15c39af0
Timing-Allow-Origin: *
Accept-CH: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
Content-Encoding: gzip

americafirstcreditunion.demdex.net/dest5.html?d_nsid=0

3.248.120.148

200 OK

2.8 kB

URL HTTP/1.1
americafirstcreditunion.demdex.net/dest5.html?d_nsid=0
IP
3.248.120.148:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Size
2.8 kB (2791 bytes)
Hash
ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12

HTTP Headers

GET /dest5.html?d_nsid=0 HTTP/1.1
Host: americafirstcreditunion.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hpuusyr2.ml/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Fri, 25 Nov 2022 04:46:33 GMT
DCS: dcs-prod-irl1-1-v045-0168100b3.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 28 Oct 2022 11:02:57 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: HVr/BX9jRBM=
Content-Length: 2791
Connection: keep-alive

secure.americafirst.com/fonts/roboto-latin-400.479970ff.woff2

216.51.43.116

200

16 kB

URL HTTP/1.1
secure.americafirst.com/fonts/roboto-latin-400.479970ff.woff2
IP
216.51.43.116:0
ASN
#17150 AFCU

File type
Web Open Font Format (Version 2), TrueType, length 15736, version 1.0\012- data
Size
16 kB (15736 bytes)
Hash
479970ffb74f2117317f9d24d9e317fe
81c796737cbe44d4a719777f0aff14b73a3efb1e
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3

HTTP Headers

GET /fonts/roboto-latin-400.479970ff.woff2 HTTP/1.1
Host: secure.americafirst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://secure.americafirst.com/
Origin: http://hpuusyr2.ml
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
Age: 2
Date: Fri, 25 Nov 2022 04:46:32 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 155
ETag: W/"15736-1654822658000:dtagent10251220909040818yzGJ"
X-OneAgent-JS-Injection: true
Timing-Allow-Origin: *
Server-Timing: dtRpid;desc="-1955212070", dtTao;desc="1", dtSInfo;desc="0"
Accept-Ranges: bytes
Last-Modified: Fri, 10 Jun 2022 00:57:37 GMT
Content-Type: font/woff2
Content-Length: 15736
Keep-Alive: timeout=60
Referrer-Policy: STRICT-ORIGIN
Expect-CT: "enforce,max-age=30"
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Permissions-Policy: geolocation=(self "https://FAKE URL.com")
X-Powered-By: Fake Name
Server: Fake Name
Strict-Transport-Security: max-age=2592000

secure.americafirst.com/fonts/roboto-latin-500.020c97dc.woff2

216.51.43.116

200

16 kB

URL HTTP/1.1
secure.americafirst.com/fonts/roboto-latin-500.020c97dc.woff2
IP
216.51.43.116:0
ASN
#17150 AFCU

File type
Web Open Font Format (Version 2), TrueType, length 15872, version 1.0\012- data
Size
16 kB (15872 bytes)
Hash
020c97dc8e0463259c2f9df929bb0c69
8f956a31154047d1b6527b63db2ecf0f3a463f24
24369e1b2461af9dcefecaf9cc93d64cf22a4c5bac32506100b9e21014507bcf

HTTP Headers

GET /fonts/roboto-latin-500.020c97dc.woff2 HTTP/1.1
Host: secure.americafirst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://secure.americafirst.com/
Origin: http://hpuusyr2.ml
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
Age: 2
Date: Fri, 25 Nov 2022 04:46:32 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 155
ETag: W/"15872-1654822658000:dtagent10251220909040818yzGJ"
X-OneAgent-JS-Injection: true
Timing-Allow-Origin: *
Server-Timing: dtRpid;desc="-1418055283", dtTao;desc="1", dtSInfo;desc="0"
Accept-Ranges: bytes
Last-Modified: Fri, 10 Jun 2022 00:57:37 GMT
Content-Type: font/woff2
Content-Length: 15872
Keep-Alive: timeout=60
Referrer-Policy: STRICT-ORIGIN
Expect-CT: "enforce,max-age=30"
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Permissions-Policy: geolocation=(self "https://FAKE URL.com")
X-Powered-By: Fake Name
Server: Fake Name
Strict-Transport-Security: max-age=2592000

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a0111a2443450172e5d2b48d350a8f57
75e89d4cd001303e66a93880f96d6c47e7d665ab
c9865c82b8f373aeb3a7333b0f65408211d832aba753c35d3544ecb2913f4f64

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:46:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a0111a2443450172e5d2b48d350a8f57
75e89d4cd001303e66a93880f96d6c47e7d665ab
c9865c82b8f373aeb3a7333b0f65408211d832aba753c35d3544ecb2913f4f64

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:46:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/analytics.js

142.250.74.174

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (20039 bytes)
Hash
47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hpuusyr2.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Fri, 25 Nov 2022 04:41:08 GMT
expires: Fri, 25 Nov 2022 06:41:08 GMT
cache-control: public, max-age=7200
age: 325
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a0111a2443450172e5d2b48d350a8f57
75e89d4cd001303e66a93880f96d6c47e7d665ab
c9865c82b8f373aeb3a7333b0f65408211d832aba753c35d3544ecb2913f4f64

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:46:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

hpuusyr2.ml/favicon.ico

162.144.35.96

404 Not Found

315 B

URL HTTP/1.1
hpuusyr2.ml/favicon.ico
IP
162.144.35.96:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: hpuusyr2.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hpuusyr2.ml/Bank/Cancel-transfer/AFCU.com/pass.html
Cookie: dtCookie=v_4_srv_-2D34_sn_KV4ICADTMJ9CIO1VIMVABJ66L8773TSP; rxVisitor=1669351592159SBR271TIOO6PMFTD9NNBADVGPR3HI74I; dtPC=-34$151592154_538h1vJQROJSHULBCAJFWRURKJEBPPIPFVSCOM-0e0; rxvt=1669353392752|1669351592160; dtLatC=80; dtSa=-; AMCV_A7873BC75245AD770A490D4D%40AdobeOrg=-1124106680%7CMCIDTS%7C19322%7CMCMID%7C83563918922041444550439466589941913458%7CMCAID%7CNONE%7CMCOPTOUT-1669358792s%7CNONE%7CMCAAMLH-1669956392%7C6%7CMCAAMB-1669956392%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CvVersion%7C5.2.0; mbox=session#a254b9f9d4ce451c9147a03dab0f893c#1669353453|PC#a254b9f9d4ce451c9147a03dab0f893c.37_0#1732596393; at_check=true; AMCVS_A7873BC75245AD770A490D4D%40AdobeOrg=1

HTTP/1.1 404 Not Found
Date: Fri, 25 Nov 2022 04:46:33 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.158:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
bf7ce90e45e1602d32af4a1af78289c5
159b0ecd06be80423088e4dacc877ae3814aa259
04d96c85099b7a5f1a7b9d62c0f3ee98332108a7258691f309f44891a9c8d486

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=124221
Date: Fri, 25 Nov 2022 04:46:33 GMT
Etag: "637f7925-1d7"
Expires: Sat, 26 Nov 2022 15:16:54 GMT
Last-Modified: Thu, 24 Nov 2022 14:01:09 GMT
Server: ECS (dcb/7F60)
X-Cache: Miss from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: VOwzv1UU0f1ClgY251ymtHrNnTzZzNa4jUXfLx7Xnrto3zF2FvKslg==
Age: 4545

secure.americafirst.com/fonts/roboto-latin-400.60fa3c06.woff

216.51.43.116

200

20 kB

URL HTTP/1.1
secure.americafirst.com/fonts/roboto-latin-400.60fa3c06.woff
IP
216.51.43.116:0
ASN
#17150 AFCU

File type
Web Open Font Format, TrueType, length 20268, version 1.1\012- data
Size
20 kB (20268 bytes)
Hash
60fa3c0614b8fb2f394fa29944c21540
42c8ae79841c592a26633f10ee9a26c75bcf9273
c1dc87f99c7ff228806117d58f085c6c573057fa237228081802b7d8d3cf7684

HTTP Headers

GET /fonts/roboto-latin-400.60fa3c06.woff HTTP/1.1
Host: secure.americafirst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://secure.americafirst.com/
Origin: http://hpuusyr2.ml
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
Age: 2
Date: Fri, 25 Nov 2022 04:46:32 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 155
ETag: W/"20268-1654822658000:dtagent10251220909040818yzGJ"
X-OneAgent-JS-Injection: true
Timing-Allow-Origin: *
Server-Timing: dtRpid;desc="-2126339943", dtTao;desc="1", dtSInfo;desc="0"
Accept-Ranges: bytes
Last-Modified: Fri, 10 Jun 2022 00:57:37 GMT
Content-Type: font/woff
Content-Length: 20268
Keep-Alive: timeout=60
Referrer-Policy: STRICT-ORIGIN
Expect-CT: "enforce,max-age=30"
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Permissions-Policy: geolocation=(self "https://FAKE URL.com")
X-Powered-By: Fake Name
Server: Fake Name
Strict-Transport-Security: max-age=2592000

cm.everesttech.net/cm/dd?d_uuid=87537210585608718830906881878756892158

54.77.60.152

302

0 B

URL HTTP/1.1
cm.everesttech.net/cm/dd?d_uuid=87537210585608718830906881878756892158
IP
54.77.60.152:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cm/dd?d_uuid=87537210585608718830906881878756892158 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hpuusyr2.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 
Date: Fri, 25 Nov 2022 04:46:33 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y4BIqQAAAJVdLgNe; Domain=.everesttech.net; Expires=Sat, 25-Nov-2023 04:46:33 GMT; Path=/
everest_session_v2=Y4BIqQAAAJVdLwNe; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y4BIqQAAAJVdLgNe
Server: AMO-cookiemap/1.1

secure.americafirst.com/fonts/roboto-latin-500.87284894.woff

216.51.43.116

200

20 kB

URL HTTP/1.1
secure.americafirst.com/fonts/roboto-latin-500.87284894.woff
IP
216.51.43.116:0
ASN
#17150 AFCU

File type
Web Open Font Format, TrueType, length 20464, version 1.1\012- data
Size
20 kB (20464 bytes)
Hash
87284894879f5b1c229cb49c8ff6decc
fb1bd3baf122d5d350eb387f0536c20da71f09df
ba98f991d002c6bfaaf7b874652ffdcde9261a86925db87df3ed2861ea080adf

HTTP Headers

GET /fonts/roboto-latin-500.87284894.woff HTTP/1.1
Host: secure.americafirst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://secure.americafirst.com/
Origin: http://hpuusyr2.ml
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
Age: 2
Date: Fri, 25 Nov 2022 04:46:32 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 155
ETag: W/"20464-1654822658000:dtagent10251220909040818yzGJ"
X-OneAgent-JS-Injection: true
Timing-Allow-Origin: *
Server-Timing: dtRpid;desc="-1622630629", dtTao;desc="1", dtSInfo;desc="0"
Accept-Ranges: bytes
Last-Modified: Fri, 10 Jun 2022 00:57:37 GMT
Content-Type: font/woff
Content-Length: 20464
Keep-Alive: timeout=60
Referrer-Policy: STRICT-ORIGIN
Expect-CT: "enforce,max-age=30"
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Permissions-Policy: geolocation=(self "https://FAKE URL.com")
X-Powered-By: Fake Name
Server: Fake Name
Strict-Transport-Security: max-age=2592000

dpm.demdex.net/ibs:dpid=411&dpuuid=Y4BIqQAAAJVdLgNe

52.50.158.189

302 Found

0 B

URL HTTP/1.1
dpm.demdex.net/ibs:dpid=411&dpuuid=Y4BIqQAAAJVdLgNe
IP
52.50.158.189:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ibs:dpid=411&dpuuid=Y4BIqQAAAJVdLgNe HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://hpuusyr2.ml/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v045-083f91df3.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4BIqQAAAJVdLgNe
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=56646245772241343920282813283095419145; Max-Age=15552000; Expires=Wed, 24 May 2023 04:46:33 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: O3O9tBxIQ/U=
Content-Length: 0
Connection: keep-alive

dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4BIqQAAAJVdLgNe

52.50.158.189

200 OK

59 B

URL HTTP/1.1
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4BIqQAAAJVdLgNe
IP
52.50.158.189:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
59 B (59 bytes)
Hash
1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13

HTTP Headers

GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4BIqQAAAJVdLgNe HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://hpuusyr2.ml/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-2-v045-00960800d.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: B2mwcxOKT9M=
Content-Length: 59
Connection: keep-alive

hpuusyr2.ml/rb_91ff799f-0e75-4cb9-8377-13f2f674d3ac?type=js3&sn=v_4_srv_-2D34_sn_KV4ICADTMJ9CIO1VIMVABJ66L8773TSP&svrid=-34&flavor=post&vi=JQROJSHULBCAJFWRURKJEBPPIPFVSCOM-0&modifiedSince=1668344567239&rf=http%3A%2F%2Fhpuusyr2.ml%2FBank%2FCancel-transfer%2FAFCU.com%2Fpass.html&bp=3&app=ec967b149da485d6&crc=4095322521&en=ztho6o9v&end=1

162.144.35.96

404 Not Found

315 B

URL HTTP/1.1
hpuusyr2.ml/rb_91ff799f-0e75-4cb9-8377-13f2f674d3ac?type=js3&sn=v_4_srv_-2D34_sn_KV4ICADTMJ9CIO1VIMVABJ66L8773TSP&svrid=-34&flavor=post&vi=JQROJSHULBCAJFWRURKJEBPPIPFVSCOM-0&modifiedSince=1668344567239&rf=http%3A%2F%2Fhpuusyr2.ml%2FBank%2FCancel-transfer%2FAFCU.com%2Fpass.html&bp=3&app=ec967b149da485d6&crc=4095322521&en=ztho6o9v&end=1
IP
162.144.35.96:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

HTTP Headers

POST /rb_91ff799f-0e75-4cb9-8377-13f2f674d3ac?type=js3&sn=v_4_srv_-2D34_sn_KV4ICADTMJ9CIO1VIMVABJ66L8773TSP&svrid=-34&flavor=post&vi=JQROJSHULBCAJFWRURKJEBPPIPFVSCOM-0&modifiedSince=1668344567239&rf=http%3A%2F%2Fhpuusyr2.ml%2FBank%2FCancel-transfer%2FAFCU.com%2Fpass.html&bp=3&app=ec967b149da485d6&crc=4095322521&en=ztho6o9v&end=1 HTTP/1.1
Host: hpuusyr2.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/plain;charset=UTF-8
Content-Length: 576
Origin: http://hpuusyr2.ml
Connection: keep-alive
Referer: http://hpuusyr2.ml/Bank/Cancel-transfer/AFCU.com/pass.html
Cookie: dtCookie=v_4_srv_-2D34_sn_KV4ICADTMJ9CIO1VIMVABJ66L8773TSP; rxVisitor=1669351592159SBR271TIOO6PMFTD9NNBADVGPR3HI74I; dtPC=-34$151592154_538h-vJQROJSHULBCAJFWRURKJEBPPIPFVSCOM-0e0; rxvt=1669353393361|1669351592160; dtLatC=80; dtSa=-; AMCV_A7873BC75245AD770A490D4D%40AdobeOrg=-1124106680%7CMCIDTS%7C19322%7CMCMID%7C83563918922041444550439466589941913458%7CMCAID%7CNONE%7CMCOPTOUT-1669358792s%7CNONE%7CMCAAMLH-1669956392%7C6%7CMCAAMB-1669956392%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCSYNCSOP%7C411-19329%7CvVersion%7C5.2.0; mbox=session#a254b9f9d4ce451c9147a03dab0f893c#1669353453|PC#a254b9f9d4ce451c9147a03dab0f893c.37_0#1732596393; at_check=true; AMCVS_A7873BC75245AD770A490D4D%40AdobeOrg=1; _ga=GA1.2.413146302.1669351593; _gid=GA1.2.23366600.1669351593

HTTP/1.1 404 Not Found
Date: Fri, 25 Nov 2022 04:46:34 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

162.144.35.96

404 Not Found

315 B

URL HTTP/1.1
hpuusyr2.ml/rb_91ff799f-0e75-4cb9-8377-13f2f674d3ac?type=js3&sn=v_4_srv_-2D34_sn_KV4ICADTMJ9CIO1VIMVABJ66L8773TSP&svrid=-34&flavor=post&vi=JQROJSHULBCAJFWRURKJEBPPIPFVSCOM-0&modifiedSince=1668344567239&rf=http%3A%2F%2Fhpuusyr2.ml%2FBank%2FCancel-transfer%2FAFCU.com%2Fpass.html&bp=3&app=ec967b149da485d6&crc=2512044577&en=ztho6o9v&end=1
IP
162.144.35.96:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

HTTP Headers

POST /rb_91ff799f-0e75-4cb9-8377-13f2f674d3ac?type=js3&sn=v_4_srv_-2D34_sn_KV4ICADTMJ9CIO1VIMVABJ66L8773TSP&svrid=-34&flavor=post&vi=JQROJSHULBCAJFWRURKJEBPPIPFVSCOM-0&modifiedSince=1668344567239&rf=http%3A%2F%2Fhpuusyr2.ml%2FBank%2FCancel-transfer%2FAFCU.com%2Fpass.html&bp=3&app=ec967b149da485d6&crc=2512044577&en=ztho6o9v&end=1 HTTP/1.1
Host: hpuusyr2.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/plain;charset=UTF-8
Content-Length: 2784
Origin: http://hpuusyr2.ml
Connection: keep-alive
Referer: http://hpuusyr2.ml/Bank/Cancel-transfer/AFCU.com/pass.html
Cookie: dtCookie=v_4_srv_-2D34_sn_KV4ICADTMJ9CIO1VIMVABJ66L8773TSP; rxVisitor=1669351592159SBR271TIOO6PMFTD9NNBADVGPR3HI74I; dtPC=-34$151592154_538h-vJQROJSHULBCAJFWRURKJEBPPIPFVSCOM-0e0; rxvt=1669353393361|1669351592160; dtLatC=80; dtSa=-; AMCV_A7873BC75245AD770A490D4D%40AdobeOrg=-1124106680%7CMCIDTS%7C19322%7CMCMID%7C83563918922041444550439466589941913458%7CMCAID%7CNONE%7CMCOPTOUT-1669358792s%7CNONE%7CMCAAMLH-1669956392%7C6%7CMCAAMB-1669956392%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCSYNCSOP%7C411-19329%7CvVersion%7C5.2.0; mbox=session#a254b9f9d4ce451c9147a03dab0f893c#1669353453|PC#a254b9f9d4ce451c9147a03dab0f893c.37_0#1732596393; at_check=true; AMCVS_A7873BC75245AD770A490D4D%40AdobeOrg=1; _ga=GA1.2.413146302.1669351593; _gid=GA1.2.23366600.1669351593

HTTP/1.1 404 Not Found
Date: Fri, 25 Nov 2022 04:46:35 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

162.144.35.96

404 Not Found

315 B

URL HTTP/1.1
hpuusyr2.ml/rb_91ff799f-0e75-4cb9-8377-13f2f674d3ac?type=js3&sn=v_4_srv_-2D34_sn_KV4ICADTMJ9CIO1VIMVABJ66L8773TSP&svrid=-34&flavor=post&vi=JQROJSHULBCAJFWRURKJEBPPIPFVSCOM-0&modifiedSince=1668344567239&rf=http%3A%2F%2Fhpuusyr2.ml%2FBank%2FCancel-transfer%2FAFCU.com%2Fpass.html&bp=3&app=ec967b149da485d6&crc=702793986&en=ztho6o9v&end=1
IP
162.144.35.96:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

HTTP Headers

POST /rb_91ff799f-0e75-4cb9-8377-13f2f674d3ac?type=js3&sn=v_4_srv_-2D34_sn_KV4ICADTMJ9CIO1VIMVABJ66L8773TSP&svrid=-34&flavor=post&vi=JQROJSHULBCAJFWRURKJEBPPIPFVSCOM-0&modifiedSince=1668344567239&rf=http%3A%2F%2Fhpuusyr2.ml%2FBank%2FCancel-transfer%2FAFCU.com%2Fpass.html&bp=3&app=ec967b149da485d6&crc=702793986&en=ztho6o9v&end=1 HTTP/1.1
Host: hpuusyr2.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/plain;charset=UTF-8
Content-Length: 3958
Origin: http://hpuusyr2.ml
Connection: keep-alive
Referer: http://hpuusyr2.ml/Bank/Cancel-transfer/AFCU.com/pass.html
Cookie: dtCookie=v_4_srv_-2D34_sn_KV4ICADTMJ9CIO1VIMVABJ66L8773TSP; rxVisitor=1669351592159SBR271TIOO6PMFTD9NNBADVGPR3HI74I; dtPC=-34$151592154_538h-vJQROJSHULBCAJFWRURKJEBPPIPFVSCOM-0e0; rxvt=1669353393361|1669351592160; dtLatC=80; dtSa=-; AMCV_A7873BC75245AD770A490D4D%40AdobeOrg=-1124106680%7CMCIDTS%7C19322%7CMCMID%7C83563918922041444550439466589941913458%7CMCAID%7CNONE%7CMCOPTOUT-1669358792s%7CNONE%7CMCAAMLH-1669956392%7C6%7CMCAAMB-1669956392%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCSYNCSOP%7C411-19329%7CvVersion%7C5.2.0; mbox=session#a254b9f9d4ce451c9147a03dab0f893c#1669353453|PC#a254b9f9d4ce451c9147a03dab0f893c.37_0#1732596393; at_check=true; AMCVS_A7873BC75245AD770A490D4D%40AdobeOrg=1; _ga=GA1.2.413146302.1669351593; _gid=GA1.2.23366600.1669351593

HTTP/1.1 404 Not Found
Date: Fri, 25 Nov 2022 04:46:37 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (63)

URL HTTP/1.1