Report - www.huntington-banking.bhipvitality.com/login.php?cmd=login_submit&id=6fb90b6791121a31afb9c9ec66f84a0e6fb90b6791121a31afb9c9ec66f84a0e&session=6fb90b6791121a31afb9c9ec66f84a0e6fb90b6791121a31afb9c9ec66f84a0e

Report Overview

Submitted URL
www.huntington-banking.bhipvitality.com/login.php?cmd=login_submit&id=6fb90b6791121a31afb9c9ec66f84a0e6fb90b6791121a31afb9c9ec66f84a0e&session=6fb90b6791121a31afb9c9ec66f84a0e6fb90b6791121a31afb9c9ec66f84a0e
IP
162.241.218.142
ASN
#46606 UNIFIEDLAYER-AS-1
Submitted
2023-03-30 21:36:20
Access
public
Website Title
Final URL
Tags
huntington financial phishing
urlquery detections
Phishing - Huntington

Detections

urlquery
23
Network Intrusion Detection
2
Threat Detection Systems
22

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-31T18:12:04Z	4.1 kB	11 kB	23.36.77.32
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-31T18:18:04Z	413 B	5.9 kB	34.160.144.191
www.huntington-banking.bhipvitality.com	unknown	2023-03-24T17:45:50Z	2023-04-01T00:25:17Z	4.9 kB	2.2 MB	162.241.218.142
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-31T18:12:09Z	333 B	391 B	34.117.237.239
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-31T18:12:03Z	686 B	1.4 kB	142.250.74.131
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-31T18:13:52Z	606 B	238 B	34.117.65.55
smallenvelop.com	405085	2014-10-25T12:56:31Z	2023-04-01T00:25:18Z	439 B	17 kB	194.1.147.82
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-31T07:51:33Z	3.8 kB	73 kB	34.120.237.76
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-31T18:14:44Z	782 B	2.4 kB	35.241.9.150

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-03-30 21:36:35	high	Client IP	162.241.218.142	ET PHISHING Generic Phishkit Activity (GET)
2023-03-30 21:36:40	medium	162.241.218.142	Client IP	ET PHISHING Suspicious HTML Decimal Obfuscated Title - Possible Phishing Landing Apr 19 2017

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-03-24	medium	www.huntington-banking.bhipvitality.com/	Huntington Bank
2023-03-24	medium	www.huntington-banking.bhipvitality.com/	Huntington Bank
2023-03-24	medium	www.huntington-banking.bhipvitality.com/	Huntington Bank
2023-03-24	medium	www.huntington-banking.bhipvitality.com/	Huntington Bank
2023-03-24	medium	www.huntington-banking.bhipvitality.com/	Huntington Bank
2023-03-24	medium	www.huntington-banking.bhipvitality.com/	Huntington Bank
2023-03-24	medium	www.huntington-banking.bhipvitality.com/	Huntington Bank
2023-03-24	medium	www.huntington-banking.bhipvitality.com/	Huntington Bank
2023-03-24	medium	www.huntington-banking.bhipvitality.com/	Huntington Bank
2023-03-24	medium	www.huntington-banking.bhipvitality.com/	Huntington Bank
2023-03-24	medium	www.huntington-banking.bhipvitality.com/	Huntington Bank

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	www.huntington-banking.bhipvitality.com/login.php?cmd=login_submit&id=6fb90b6791121a31afb9c9ec66f84a0e6fb90b6791121a31afb9c9ec66f84a0e&session=6fb90b6791121a31afb9c9ec66f84a0e6fb90b6791121a31afb9c9ec66f84a0e	96 B	2023-03-07	2023-08-23
Pretty URL www.huntington-banking.bhipvitality.com/login.php?cmd=login_submit&id=6fb90b6791121a31afb9c9ec66f84a0e6fb90b6791121a31afb9c9ec66f84a0e&session=6fb90b6791121a31afb9c9ec66f84a0e6fb90b6791121a31afb9c9ec66f84a0e IP 162.241.218.142 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2023-08-23 00:42:32 Times Seen974 Hash 413a00885bbfc45acf8ed919c6592147 1bbf290a9d153e6c713d61d6b2795dea2d79fce1 4593a076a63fefab53aa34590f2e751618766ed8ffd6d0022d85265111bf37fb Loading...

	ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js	86 kB	2023-03-07	2024-04-20
Pretty URL ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-20 06:18:29 Times Seen380318 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

	www.huntington-banking.bhipvitality.com/login.php?cmd=login_submit&id=6fb90b6791121a31afb9c9ec66f84a0e6fb90b6791121a31afb9c9ec66f84a0e&session=6fb90b6791121a31afb9c9ec66f84a0e6fb90b6791121a31afb9c9ec66f84a0e	64 B	2023-03-07	2023-11-03
Pretty URL www.huntington-banking.bhipvitality.com/login.php?cmd=login_submit&id=6fb90b6791121a31afb9c9ec66f84a0e6fb90b6791121a31afb9c9ec66f84a0e&session=6fb90b6791121a31afb9c9ec66f84a0e6fb90b6791121a31afb9c9ec66f84a0e IP 162.241.218.142 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2023-11-03 01:49:34 Times Seen989 Hash 6a9f46a3ed1778e19fcd613072b4530c 90b09342bf88623a80546972f95ece44765fa5ca 55f9434349d57a1d968c00614f5e3ff676b42cb1bfec9cf344b2e2c71ceac3d0 Loading...

HTTP Transactions (38)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7af19a5145a4ee99bdf18831bad04bfd
7bdd2a4785b999ef54a2644211d2b2b7190fb8e1
3237bf0111ecdec3615c4d2d49a602f48f800335d0194f52b600bdaefbd63ed0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3237BF0111ECDEC3615C4D2D49A602F48F800335D0194F52B600BDAEFBD63ED0"
Last-Modified: Thu, 30 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12857
Expires: Fri, 31 Mar 2023 01:10:26 GMT
Date: Thu, 30 Mar 2023 21:36:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b93010cbf31ba3ec785b4088e5d0f529
c0f1ab8a2aae3c445a8f24959a4eea433a345caf
2cc1a5865dee7636b82a68deddd3aff8b697e846e37789a694cc3c7c47340590

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2CC1A5865DEE7636B82A68DEDDD3AFF8B697E846E37789A694CC3C7C47340590"
Last-Modified: Wed, 29 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15930
Expires: Fri, 31 Mar 2023 02:01:39 GMT
Date: Thu, 30 Mar 2023 21:36:09 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bc86ef2a0cee04915bc360f5821adc8f
3658f9028cce204d38f7f48fcfaa2a8e4f54383a
aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Retry-After, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 30 Mar 2023 21:28:18 GMT
content-type: application/json
age: 471
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
76218c893040d958ae1c4231cdd2133c
6a7b336dee91d4aec26ace0a5883ecdfac52e68f
d35492b04d16ed00e9e195e7c84c99aa6a2b8a93abeb656baae0918986f0a7e4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D35492B04D16ED00E9E195E7C84C99AA6A2B8A93ABEB656BAAE0918986F0A7E4"
Last-Modified: Wed, 29 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8411
Expires: Thu, 30 Mar 2023 23:56:20 GMT
Date: Thu, 30 Mar 2023 21:36:09 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: e9GYSFOgvD+V3pZ0zlN6K20I7eoOjb1q5MFlEHahC3laswFosV03fk+Yl1Z8O0+MlMfHB7+BicFD4RpgIIfZOg==
x-amz-request-id: M0KQVW7VEHF3M9C2
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 30 Mar 2023 21:33:50 GMT
age: 139
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

www.huntington-banking.bhipvitality.com/login.php?cmd=login_submit&id=6fb90b6791121a31afb9c9ec66f84a0e6fb90b6791121a31afb9c9ec66f84a0e&session=6fb90b6791121a31afb9c9ec66f84a0e6fb90b6791121a31afb9c9ec66f84a0e

162.241.218.142

200 OK

1.5 kB

URL HTTP/1.1
www.huntington-banking.bhipvitality.com/login.php?cmd=login_submit&id=6fb90b6791121a31afb9c9ec66f84a0e6fb90b6791121a31afb9c9ec66f84a0e&session=6fb90b6791121a31afb9c9ec66f84a0e6fb90b6791121a31afb9c9ec66f84a0e
IP
162.241.218.142:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (311), with CRLF line terminators
Size
1.5 kB (1519 bytes)
Hash
206ddc7ef3537c9cfc21afaf320cb09b
6de9fb7a61332514f4bf28423594319dc4e14123
eecf7270a07507502e63d09759c02d28bde510d886cee5d36e19d1baccd636e3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	phishing	Phishing - Huntington
openphish	Huntington Bank

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)
suricata	medium	ET PHISHING Suspicious HTML Decimal Obfuscated Title - Possible Phishing Landing Apr 19 2017

HTTP Headers

GET /login.php?cmd=login_submit&id=6fb90b6791121a31afb9c9ec66f84a0e6fb90b6791121a31afb9c9ec66f84a0e&session=6fb90b6791121a31afb9c9ec66f84a0e6fb90b6791121a31afb9c9ec66f84a0e HTTP/1.1
Host: www.huntington-banking.bhipvitality.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Thu, 30 Mar 2023 21:36:09 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Cache-Control: max-age=7200
Expires: Thu, 30 Mar 2023 23:36:09 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 1519
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 30 Mar 2023 21:36:09 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
7117d0725779b203269d6c54c3ccedcf
24f4e806fd15c39484288a88c67117c918ce0829
ecfdfee4723c973d404d5e580a8cead357de755354328bfa40c1041350a76504

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 30 Mar 2023 21:36:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
7117d0725779b203269d6c54c3ccedcf
24f4e806fd15c39484288a88c67117c918ce0829
ecfdfee4723c973d404d5e580a8cead357de755354328bfa40c1041350a76504

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 30 Mar 2023 21:36:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c27692476ee7e74a751ecf7e00417f68
92d13019cb7dfce5d9162073269a49159f6ba780
343557c4d1143fe6642e41353ac9da957c1f1353dc424106ee55a9003d2948a8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "343557C4D1143FE6642E41353AC9DA957C1F1353DC424106EE55A9003D2948A8"
Last-Modified: Thu, 30 Mar 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16540
Expires: Fri, 31 Mar 2023 02:11:49 GMT
Date: Thu, 30 Mar 2023 21:36:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ae064c74a3769d42109473ad05d56fb9
d48029ab8568cee6ab7416d3b476ed792d780a56
9852216f395a42f7b4792e852f9f9fa83e07d917a979237d5d7406a1d74edc4f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9852216F395A42F7B4792E852F9F9FA83E07D917A979237D5D7406A1D74EDC4F"
Last-Modified: Wed, 29 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10460
Expires: Fri, 31 Mar 2023 00:30:29 GMT
Date: Thu, 30 Mar 2023 21:36:09 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Pragma, Backoff, Expires, Last-Modified, Content-Type, Alert, Retry-After, Cache-Control, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 30 Mar 2023 21:14:37 GMT
age: 1292
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1d108eee072815a675f64492942dc062
8efaea1971f660565b0ffa7d0793f985bed88b1e
a6b6a5e7c48551f91dc9f0086535609e58a6186066f768377dc43f9162e783c6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A6B6A5E7C48551F91DC9F0086535609E58A6186066F768377DC43F9162E783C6"
Last-Modified: Wed, 29 Mar 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19383
Expires: Fri, 31 Mar 2023 02:59:12 GMT
Date: Thu, 30 Mar 2023 21:36:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1d108eee072815a675f64492942dc062
8efaea1971f660565b0ffa7d0793f985bed88b1e
a6b6a5e7c48551f91dc9f0086535609e58a6186066f768377dc43f9162e783c6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A6B6A5E7C48551F91DC9F0086535609E58A6186066F768377DC43F9162E783C6"
Last-Modified: Wed, 29 Mar 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19383
Expires: Fri, 31 Mar 2023 02:59:12 GMT
Date: Thu, 30 Mar 2023 21:36:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1d108eee072815a675f64492942dc062
8efaea1971f660565b0ffa7d0793f985bed88b1e
a6b6a5e7c48551f91dc9f0086535609e58a6186066f768377dc43f9162e783c6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A6B6A5E7C48551F91DC9F0086535609E58A6186066F768377DC43F9162E783C6"
Last-Modified: Wed, 29 Mar 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19383
Expires: Fri, 31 Mar 2023 02:59:12 GMT
Date: Thu, 30 Mar 2023 21:36:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1d108eee072815a675f64492942dc062
8efaea1971f660565b0ffa7d0793f985bed88b1e
a6b6a5e7c48551f91dc9f0086535609e58a6186066f768377dc43f9162e783c6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A6B6A5E7C48551F91DC9F0086535609E58A6186066F768377DC43F9162E783C6"
Last-Modified: Wed, 29 Mar 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19383
Expires: Fri, 31 Mar 2023 02:59:12 GMT
Date: Thu, 30 Mar 2023 21:36:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1d108eee072815a675f64492942dc062
8efaea1971f660565b0ffa7d0793f985bed88b1e
a6b6a5e7c48551f91dc9f0086535609e58a6186066f768377dc43f9162e783c6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A6B6A5E7C48551F91DC9F0086535609E58A6186066F768377DC43F9162E783C6"
Last-Modified: Wed, 29 Mar 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19383
Expires: Fri, 31 Mar 2023 02:59:12 GMT
Date: Thu, 30 Mar 2023 21:36:09 GMT
Connection: keep-alive

push.services.mozilla.com/

34.117.65.55

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.117.65.55:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: T/Nh3y0AB1C7FGB/HS76yA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: vrdteh4rZAuvjNO3RVjdM/noSKQ=
Date: Thu, 30 Mar 2023 21:36:09 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

smallenvelop.com/wp-content/uploads/2014/08/Preloader_11.gif

194.1.147.82

404 Not Found

17 kB

URL HTTP/2
smallenvelop.com/wp-content/uploads/2014/08/Preloader_11.gif
IP
194.1.147.82:0
ASN
#210250 K Media Tech Ltd.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9698), with CRLF, LF line terminators
Size
17 kB (16901 bytes)
Hash
6f66b96efe9b7d511eb58b83d78ef3aa
c9d2967321c283d33db393026731bc4e0c8fc40c
c7082d84a81b0c01635c34cf9e1093ef87e9b24a0aa9ca211964b2c2fa370773

HTTP Headers

GET /wp-content/uploads/2014/08/Preloader_11.gif HTTP/1.1
Host: smallenvelop.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.huntington-banking.bhipvitality.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
date: Thu, 30 Mar 2023 21:36:09 GMT
content-type: text/html; charset=UTF-8
content-length: 16901
x-powered-by: PHP/7.4.33
set-cookie: PHPSESSID=2j4qujs5rkqumje1kv9u9n6v1g; path=/; secure; HttpOnly
pragma: no-cache
cache-control: public,max-age=3600
x-ua-compatible: IE=edge
link: <https://smallenvelop.com/wp-json/>; rel="https://api.w.org/"
content-encoding: br
vary: Accept-Encoding,Origin
wpx: 1
x-turbo-charged-by: LiteSpeed
x-edge-location: WPX CLOUD/NOR01
server: WPX CLOUD/NOR01
X-Firefox-Spdy: h2

www.huntington-banking.bhipvitality.com/images/h7.png

162.241.218.142

200 OK

2.2 kB

URL HTTP/2
www.huntington-banking.bhipvitality.com/images/h7.png
IP
162.241.218.142:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 235 x 18, 8-bit/color RGBA, non-interlaced\012- data
Size
2.2 kB (2173 bytes)
Hash
89d1dce74976f4574fe237cbe7355d3b
e90ddc2059f5479defc732e925fcc9cef4931db2
84298908d1434625c1b0ad441dd7c3306ee3163c498a51473f9f35b02b529cf0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	phishing	Phishing - Huntington
openphish	Huntington Bank

HTTP Headers

GET /images/h7.png HTTP/1.1
Host: www.huntington-banking.bhipvitality.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.huntington-banking.bhipvitality.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 15 Jul 2019 15:55:38 GMT
accept-ranges: bytes
content-length: 2173
cache-control: max-age=86400
expires: Fri, 31 Mar 2023 21:36:09 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
date: Thu, 30 Mar 2023 21:36:09 GMT
server: Apache
X-Firefox-Spdy: h2

www.huntington-banking.bhipvitality.com/images/hgn.png

162.241.218.142

200 OK

1.3 kB

URL HTTP/2
www.huntington-banking.bhipvitality.com/images/hgn.png
IP
162.241.218.142:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 104 x 46, 8-bit/color RGBA, non-interlaced\012- data
Size
1.3 kB (1310 bytes)
Hash
3f5d727c4d2e21598d45cc23f5735c1c
8dce595793457d42ed60977c5898e8da07ea7698
b5425e9eb7353db1fd728960db79c51f65004b03c58214d09b028c15cc379418

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	phishing	Phishing - Huntington
openphish	Huntington Bank

HTTP Headers

GET /images/hgn.png HTTP/1.1
Host: www.huntington-banking.bhipvitality.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.huntington-banking.bhipvitality.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 15 Jul 2019 15:56:00 GMT
accept-ranges: bytes
content-length: 1310
cache-control: max-age=86400
expires: Fri, 31 Mar 2023 21:36:09 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
date: Thu, 30 Mar 2023 21:36:09 GMT
server: Apache
X-Firefox-Spdy: h2

www.huntington-banking.bhipvitality.com/images/h8.png

162.241.218.142

200 OK

2.9 kB

URL HTTP/2
www.huntington-banking.bhipvitality.com/images/h8.png
IP
162.241.218.142:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 295 x 36, 8-bit/color RGBA, non-interlaced\012- data
Size
2.9 kB (2879 bytes)
Hash
9ca8f64ca7b7e4b7a9e6fc9d88d2572c
2056f1590fd95a2dc023d717fd5160b57d82469f
12976ecafc16fe238d544a1e16762ba92798d6d44a07f7b6252dbdeb8b3efd02

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	phishing	Phishing - Huntington
openphish	Huntington Bank

HTTP Headers

GET /images/h8.png HTTP/1.1
Host: www.huntington-banking.bhipvitality.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.huntington-banking.bhipvitality.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 15 Jul 2019 15:56:28 GMT
accept-ranges: bytes
content-length: 2879
cache-control: max-age=86400
expires: Fri, 31 Mar 2023 21:36:09 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
date: Thu, 30 Mar 2023 21:36:09 GMT
server: Apache
X-Firefox-Spdy: h2

www.huntington-banking.bhipvitality.com/images/h1.png

162.241.218.142

200 OK

19 kB

URL HTTP/2
www.huntington-banking.bhipvitality.com/images/h1.png
IP
162.241.218.142:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 1349 x 156, 8-bit/color RGBA, non-interlaced\012- data
Size
19 kB (19268 bytes)
Hash
d5cc42886b927d1ded4729b8043d4d0f
5be045749c9ac75e134c38f3d6905f39846d2d31
f284cbd4eff46e8c6062d237b3a0a209ad2776528f1233d08eadedaa80f0fdbf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	phishing	Phishing - Huntington
openphish	Huntington Bank

HTTP Headers

GET /images/h1.png HTTP/1.1
Host: www.huntington-banking.bhipvitality.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.huntington-banking.bhipvitality.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Mon, 15 Jul 2019 15:27:22 GMT
accept-ranges: bytes
content-length: 19268
cache-control: max-age=86400
expires: Fri, 31 Mar 2023 21:36:09 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
date: Thu, 30 Mar 2023 21:36:09 GMT
server: Apache
X-Firefox-Spdy: h2

www.huntington-banking.bhipvitality.com/images/h5.png

162.241.218.142

200 OK

43 kB

URL HTTP/2
www.huntington-banking.bhipvitality.com/images/h5.png
IP
162.241.218.142:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 1349 x 282, 8-bit/color RGBA, non-interlaced\012- data
Size
43 kB (43097 bytes)
Hash
0853e60c7ab442056ecde3120a982608
ff1dac5339cfc8daf8eed0d11ed1eed1268b8783
97f0f71e3aaf8472f45c69beab027158718474cb6e1456be91302526dafc1575

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	phishing	Phishing - Huntington
openphish	Huntington Bank

HTTP Headers

GET /images/h5.png HTTP/1.1
Host: www.huntington-banking.bhipvitality.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.huntington-banking.bhipvitality.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Thu, 13 Feb 2020 17:16:50 GMT
accept-ranges: bytes
content-length: 43097
cache-control: max-age=86400
expires: Fri, 31 Mar 2023 21:36:09 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
date: Thu, 30 Mar 2023 21:36:09 GMT
server: Apache
X-Firefox-Spdy: h2

www.huntington-banking.bhipvitality.com/images/h4.png

162.241.218.142

200 OK

313 kB

URL HTTP/2
www.huntington-banking.bhipvitality.com/images/h4.png
IP
162.241.218.142:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 1349 x 371, 8-bit/color RGBA, non-interlaced\012- data
Size
313 kB (313194 bytes)
Hash
d68811cff396c6555427b73145b37a57
715ea5ea8d93a2addabe27e709a3411f8d513922
986a311ba8cccf0203588c6dda00595dc4f45f59bcc1daa5b7c57579fc2eacc2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	phishing	Phishing - Huntington
openphish	Huntington Bank

HTTP Headers

GET /images/h4.png HTTP/1.1
Host: www.huntington-banking.bhipvitality.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.huntington-banking.bhipvitality.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Mon, 15 Jul 2019 15:36:44 GMT
accept-ranges: bytes
content-length: 313194
cache-control: max-age=86400
expires: Fri, 31 Mar 2023 21:36:09 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
date: Thu, 30 Mar 2023 21:36:09 GMT
server: Apache
X-Firefox-Spdy: h2

www.huntington-banking.bhipvitality.com/images/h3.png

162.241.218.142

200 OK

326 kB

URL HTTP/2
www.huntington-banking.bhipvitality.com/images/h3.png
IP
162.241.218.142:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 1349 x 493, 8-bit/color RGBA, non-interlaced\012- data
Size
326 kB (326149 bytes)
Hash
442512ab91e9eb4afc39370c3525870f
5d7200fb742b9309d86758c7101c743c9c791558
b61428d8488d902b009224c5f6f968d6b9be3b7fbe4c6910d3ff22e48f2d8a68

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	phishing	Phishing - Huntington
openphish	Huntington Bank

HTTP Headers

GET /images/h3.png HTTP/1.1
Host: www.huntington-banking.bhipvitality.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.huntington-banking.bhipvitality.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Mon, 15 Jul 2019 15:36:30 GMT
accept-ranges: bytes
content-length: 326149
cache-control: max-age=86400
expires: Fri, 31 Mar 2023 21:36:09 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
date: Thu, 30 Mar 2023 21:36:09 GMT
server: Apache
X-Firefox-Spdy: h2

www.huntington-banking.bhipvitality.com/images/h2.png

162.241.218.142

200 OK

592 kB

URL HTTP/2
www.huntington-banking.bhipvitality.com/images/h2.png
IP
162.241.218.142:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 1349 x 591, 8-bit/color RGBA, non-interlaced\012- data
Size
592 kB (591908 bytes)
Hash
db2c4cd8ab90eb8727ad6fb1e9d3b120
32181727948f815dc025004dac904675d603141d
a9b1c6a588900962422deaa653d53a7391a556c87d9bff525658dbfe132f6ead

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	phishing	Phishing - Huntington
openphish	Huntington Bank

HTTP Headers

GET /images/h2.png HTTP/1.1
Host: www.huntington-banking.bhipvitality.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.huntington-banking.bhipvitality.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Mon, 15 Jul 2019 16:21:52 GMT
accept-ranges: bytes
content-length: 591908
cache-control: max-age=86400
expires: Fri, 31 Mar 2023 21:36:09 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
date: Thu, 30 Mar 2023 21:36:09 GMT
server: Apache
X-Firefox-Spdy: h2

www.huntington-banking.bhipvitality.com/images/h6.png

162.241.218.142

200 OK

844 kB

URL HTTP/2
www.huntington-banking.bhipvitality.com/images/h6.png
IP
162.241.218.142:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 1127 x 528, 8-bit/color RGBA, non-interlaced\012- data
Size
844 kB (844128 bytes)
Hash
3e6f7ea039f47fb2034c7db471890e9c
7ef0dafb02d5522fa85aad2e0f559153cee0d2c5
6bbfdbd90ac2717480bdd38effdfc68d2f54097e5755612e798a544dbab5da92

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	phishing	Phishing - Huntington
openphish	Huntington Bank

HTTP Headers

GET /images/h6.png HTTP/1.1
Host: www.huntington-banking.bhipvitality.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.huntington-banking.bhipvitality.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Mon, 15 Jul 2019 15:36:58 GMT
accept-ranges: bytes
content-length: 844128
cache-control: max-age=86400
expires: Fri, 31 Mar 2023 21:36:10 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
date: Thu, 30 Mar 2023 21:36:10 GMT
server: Apache
X-Firefox-Spdy: h2

www.huntington-banking.bhipvitality.com/images/favicon.ico

162.241.218.142

200 OK

1.3 kB

URL HTTP/2
www.huntington-banking.bhipvitality.com/images/favicon.ico
IP
162.241.218.142:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
1.3 kB (1282 bytes)
Hash
96f1746cd5f33f542e18900d31019f6a
4beb3ef71e57b2aa048f43e59f0805c3f1257412
980822c2935a8c30bc02aee1c1bd033a4c5bc3cb63b9eb83a63d159f62158db8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	phishing	Phishing - Huntington
openphish	Huntington Bank

HTTP Headers

GET /images/favicon.ico HTTP/1.1
Host: www.huntington-banking.bhipvitality.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.huntington-banking.bhipvitality.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 20 Sep 2018 01:32:40 GMT
accept-ranges: bytes
content-length: 1282
cache-control: max-age=31536000
expires: Fri, 29 Mar 2024 21:36:10 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/x-icon
date: Thu, 30 Mar 2023 21:36:10 GMT
server: Apache
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17040
Expires: Fri, 31 Mar 2023 02:20:11 GMT
Date: Thu, 30 Mar 2023 21:36:11 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17040
Expires: Fri, 31 Mar 2023 02:20:11 GMT
Date: Thu, 30 Mar 2023 21:36:11 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc2075fc9-4e24-4d01-853a-8aa29cb2b832.jpeg

34.120.237.76

200 OK

4.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc2075fc9-4e24-4d01-853a-8aa29cb2b832.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.5 kB (4549 bytes)
Hash
2021c271f9290204bd14cd2a3a1680fc
39b68cbcaba381d63dc67bc289fb67c849adb9ff
a84c5dd1e52d7cd535e04cb455891a1442000eb0e4381031c976b4cf3be96f2f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc2075fc9-4e24-4d01-853a-8aa29cb2b832.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4549
x-amzn-requestid: 70e07309-5fc5-4307-b455-29a187eae0d6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CkBoBHFFoAMFx5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6424afcc-298f18fd0cf0b37465a74c13;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Wed, 29 Mar 2023 21:38:20 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 0bqn9l0Lqaavg48Uv9xRI7-zbdu1OfBuxITVjbhnIhmT79W_dzC72g==
via: 1.1 f193acd25f2604e189bfbfaf539aaa06.cloudfront.net (CloudFront), 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 29 Mar 2023 21:41:40 GMT
age: 86071
etag: "39b68cbcaba381d63dc67bc289fb67c849adb9ff"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9230d52f-0316-48dd-9c8a-231c8091c313.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (13520 bytes)
Hash
774be594ff620b3c0559c1d6df5cdb19
39e47800138c74f1d9be4d80fc46d062c661c334
911c5154354c8f46cf0f900f1030536569055c748035960fcf5e850d24747a1d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9230d52f-0316-48dd-9c8a-231c8091c313.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13520
x-amzn-requestid: a686a0ab-8bd4-4721-b2dc-58ae073a47d4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CkAzsGwWoAMFgEA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6424ae7d-70f61c697c0a31362bf67fde;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Wed, 29 Mar 2023 21:32:45 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: odMILI3YunDc3TA76IHEP02HE_nWz8b4osZW-7EjT_XYw9PhFWUBBQ==
via: 1.1 e39f48cc8f516dc1072afdb086c71f32.cloudfront.net (CloudFront), 1.1 ef6538ee7be7b17c84d06edb0f4c0a1a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 29 Mar 2023 21:44:59 GMT
age: 85872
etag: "39e47800138c74f1d9be4d80fc46d062c661c334"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f7d2537-a0a5-4a19-9229-144648b886b8.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12233 bytes)
Hash
db24198518d1a093c5c03e92e53925a2
288898a60e0a029946e7d770d2b0c64b6f3bf51d
4a15da439fa1a3ccdd3d329f250bacaab581287183293c4e367b05c2a83eb66d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f7d2537-a0a5-4a19-9229-144648b886b8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12233
x-amzn-requestid: 781fd422-c720-49d7-bc90-6f8b18751caf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CkAynHgNoAMFvCA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6424ae76-5327bf334c985816289507b9;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Wed, 29 Mar 2023 21:32:38 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: nwdrJGU7u4C_ZtSQkSASfZ2qj8a31rIr87g_K8YvrrsoVN5yeN8CRQ==
via: 1.1 185f4b03b711932fc7e735c08fdc5abe.cloudfront.net (CloudFront), 1.1 fec77e486350d1bd33f526a760d8b5a4.cloudfront.net (CloudFront), 1.1 google
date: Wed, 29 Mar 2023 21:52:11 GMT
age: 85440
etag: "288898a60e0a029946e7d770d2b0c64b6f3bf51d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85885238-8732-476a-b37c-1eac5dbc3e90.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.0 kB (6049 bytes)
Hash
253f48aa7cbf667d52cb37fda10cdb1f
e29478b866f90402b48d2b516d01d60a863c9cf9
b4a73ab71250b9e4a3f95e28dbf50dd000e1f338c7c3ac9f3351c1f6d6d3bfff

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85885238-8732-476a-b37c-1eac5dbc3e90.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6049
x-amzn-requestid: 2d1a2a66-8b63-44f0-83ec-10628a5fcac6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CgvBFFMGIAMFhCg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235ed3-2a90bf0365925acb3b348489;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:40:35 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: bXiCIy2ZqOyLvougeQikdsmaIJ9BfMPpOO4oU-3nEGY33FQGCm0ZoQ==
via: 1.1 c28e01aa413e9ea602538ccda1511062.cloudfront.net (CloudFront), 1.1 49cdeca097624936e070b73619df7da8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 29 Mar 2023 21:50:29 GMT
age: 85542
etag: "e29478b866f90402b48d2b516d01d60a863c9cf9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b95f765-7590-4263-b0a3-4db9c87a60df.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10271 bytes)
Hash
424b55535e5fd622b2fc96aac1246324
cf7cf08aa8969a86bf03695af2129686fd62fe86
c4bb26a7b2c431282b53b4df9999b9cc8e61369a79c606688a76499b31a65127

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b95f765-7590-4263-b0a3-4db9c87a60df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10271
x-amzn-requestid: db0d1fe4-060a-4e61-90f3-ec9befee1295
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CkBoXGh5oAMFfzw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6424afce-2e9251552b4acdcb19e02dfc;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Wed, 29 Mar 2023 21:38:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: 1cXec9_e-KpzyTwiHaNAaf0y5i12tw7BkZTXnduS5ek7yAAZ0LXTWw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 d0387b833e3ca8cb748a1296b4b4bf2a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 29 Mar 2023 21:48:07 GMT
age: 85684
etag: "cf7cf08aa8969a86bf03695af2129686fd62fe86"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.9 kB (9859 bytes)
Hash
da174e6ccc9451c5071ba10eeb97f6f6
c38827a9ac1218768839877263e1f2984fbdc454
76da406c8ae8cd6ca8471928f3aec3876aed2c21bc10edc0fbdaef5c100c1030

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9859
x-amzn-requestid: c00efe5b-7fdb-445a-a924-75ddd461b72b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: COQPtHizoAMF7-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641bfa64-3eb90ae703b78e8a06130540;Sampled=0
x-amzn-remapped-date: Thu, 23 Mar 2023 07:06:12 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: nZfXy-IsoHliuLodEocEZlH-IvmIV9G-noSmSEU1wmuMPfBx3rLJ9w==
via: 1.1 02f1a759e4ec9fab6fc17c080dd851dc.cloudfront.net (CloudFront), 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 11:37:45 GMT
age: 35906
etag: "c38827a9ac1218768839877263e1f2984fbdc454"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F611db66e-eb19-4ce3-9ee4-93c32afc29a5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.8 kB (8795 bytes)
Hash
d1e861b518e06e17ce657c5f9fc15daf
214322b88798120159ab55c7121c8775727b8fc7
3438eb2b7e18d784416c139b42c036eefff3759602e4ce553815c628e1cb5016

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F611db66e-eb19-4ce3-9ee4-93c32afc29a5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 8795
x-amzn-requestid: 33d91f7c-7d04-405b-8060-33e438ed09f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CkAz2GwKoAMFW5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6424ae7e-54ba3517206ac61c50167c3e;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Wed, 29 Mar 2023 21:32:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: UlRpbu9inpiwKEkyo7rthLcsidkdF4_CJtp4l4Q0EbXMB-75e61rBg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 1570d93226c1bbca2ebaad510cff3e0c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 29 Mar 2023 21:54:44 GMT
age: 85294
etag: "214322b88798120159ab55c7121c8775727b8fc7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (38)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type