r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 150792cfc458af013998f4ef6bdf5f74
d5179b2dcb11d06f82606bf6eb6648319998d63e
72937c756d3feeae6d04a6f445398b0436bdf559f8c7437e3a3233263943900e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "72937C756D3FEEAE6D04A6F445398B0436BDF559F8C7437E3A3233263943900E"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8428
Expires: Tue, 29 Nov 2022 00:28:53 GMT
Date: Mon, 28 Nov 2022 22:08:25 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9408cc0694fcbea57966c3a3ba906092
fddcee1fdcf3209298e41a4b1b5560357fa165f0
6ef7120d9463f56e3ddfadd5766d02da8523f34061b13bdba54bf9ab72a1e979
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5601
Cache-Control: max-age=136577
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:08:25 GMT
Etag: "63848df9-1d7"
Expires: Wed, 30 Nov 2022 12:04:42 GMT
Last-Modified: Mon, 28 Nov 2022 10:31:21 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 28 Nov 2022 21:19:33 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2932
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3b56944f0e5716fd4fad2ec18994d4be
61cafa4de31ba960d1145ec37272f6f6b6944e0c
4fd46b0b6a2ea24f5ce175985a3933c04b4c01bd3e32bee2e50a61a65eef7af4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4FD46B0B6A2EA24F5CE175985A3933C04B4C01BD3E32BEE2E50A61A65EEF7AF4"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12071
Expires: Tue, 29 Nov 2022 01:29:36 GMT
Date: Mon, 28 Nov 2022 22:08:25 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: n07WaqCPmdwB6sm7urvtgsI2qkme81DL4jtOmcLQ9u9SK0PFbzF2vl7ry6LcMnvt3BpsNGO1fAk=
x-amz-request-id: ADRRHB7C4NTBVRX5
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 28 Nov 2022 21:42:14 GMT
age: 1571
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 22:08:25 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country={{country}}
20.106.149.200200 OK 264 kB URL HTTP/1.1 secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country={{country}}
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (24953)
Size 264 kB (264151 bytes)
Hash 491376cc52444fbf96b08dfe0583e23e
f3e3d20d3029bc491bfee651f1cd5242643ce3dc
a5565c237bcc41b5603a96dcc0b388dec61707d6314f80654d8421dba88e17aa
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /login.php?Verification=TRUE&Country={{country}} HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 22:08:25 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
secure-truist-login-online.duckdns.org/as/s41726790920868
20.106.149.200200 OK 5.5 kB URL HTTP/1.1 secure-truist-login-online.duckdns.org/as/s41726790920868
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (5537)
Hash 64b868e22ffef1f224b869de726b825d
dcf2b762fa538402830676cce8a4c5e679047db6
7755cf60d7a2e8ab769068f918431c6579d2a586e9a4687a966eac8962c35a52
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /as/s41726790920868 HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country={{country}}
Cookie: dtCookie=v_4_srv_-2D68_sn_2KRG6SMLKK868MPGTTMT55GSUE3911OL; rxVisitor=16696733046092BRHNU8AII6BN1IUN8GOK0509I1ULSS9; dtPC=-68$473304588_493h1vGANSECUPAKMRWGBULJKUQKMUCKMRAMDI-0e0; rxvt=1669675104613|1669673304613
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 22:08:25 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:48 GMT
Accept-Ranges: bytes
Content-Length: 5538
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
secure-truist-login-online.duckdns.org/as/dbc-min.js
20.106.149.200200 OK 1.0 kB URL HTTP/1.1 secure-truist-login-online.duckdns.org/as/dbc-min.js
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (1008)
Hash b11f34c50275765a9b3a0acbe1bd75aa
6103a85e4b0cf9fdca904a5793fb8af8c7a6dcea
3a646c145be3980978aaa0740511189e7d4aaac97f7731321fddb3a3e52f1a35
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /as/dbc-min.js HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country={{country}}
Cookie: dtCookie=v_4_srv_-2D68_sn_2KRG6SMLKK868MPGTTMT55GSUE3911OL; rxVisitor=16696733046092BRHNU8AII6BN1IUN8GOK0509I1ULSS9; dtPC=-68$473304588_493h1vGANSECUPAKMRWGBULJKUQKMUCKMRAMDI-0e0; rxvt=1669675104613|1669673304613
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 22:08:25 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:50 GMT
Accept-Ranges: bytes
Content-Length: 1009
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
secure-truist-login-online.duckdns.org/as/AppMeasurement.min.js
20.106.149.200200 OK 34 kB URL HTTP/1.1 secure-truist-login-online.duckdns.org/as/AppMeasurement.min.js
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (32768)
Hash d860c16ac938f7d839f0ec158d02d0f0
8710f81ed151233677f7e32b229cb35293dd6840
9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /as/AppMeasurement.min.js HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country={{country}}
Cookie: dtCookie=v_4_srv_-2D68_sn_2KRG6SMLKK868MPGTTMT55GSUE3911OL; rxVisitor=16696733046092BRHNU8AII6BN1IUN8GOK0509I1ULSS9; dtPC=-68$473304588_493h1vGANSECUPAKMRWGBULJKUQKMUCKMRAMDI-0e0; rxvt=1669675104613|1669673304613
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 22:08:25 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:52 GMT
Accept-Ranges: bytes
Content-Length: 33557
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
secure-truist-login-online.duckdns.org/as/styles.300dc7a1784cb961.css
20.106.149.200200 OK 74 kB URL HTTP/1.1 secure-truist-login-online.duckdns.org/as/styles.300dc7a1784cb961.css
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (65536), with no line terminators
Hash 59376fa41035970dd399af380e087aea
190ecfa3c0b1136fe97c4034dc4f0853f87871a8
fdeec756eeb5e1678d56c408ab7b587cffdc028141bb321e6f9fc2ab07434f94
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /as/styles.300dc7a1784cb961.css HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country={{country}}
Cookie: dtCookie=v_4_srv_-2D68_sn_2KRG6SMLKK868MPGTTMT55GSUE3911OL; rxVisitor=16696733046092BRHNU8AII6BN1IUN8GOK0509I1ULSS9; dtPC=-68$473304588_493h1vGANSECUPAKMRWGBULJKUQKMUCKMRAMDI-0e0; rxvt=1669675104613|1669673304613
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 22:08:25 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:50 GMT
Accept-Ranges: bytes
Content-Length: 73801
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
secure-truist-login-online.duckdns.org/as/AppMeasurement_Module_AudienceManagement.min.js
20.106.149.200200 OK 25 kB URL HTTP/1.1 secure-truist-login-online.duckdns.org/as/AppMeasurement_Module_AudienceManagement.min.js
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type exported SGML document, ASCII text, with very long lines (24999)
Hash 26a8cd142b539700557eb4710c3d56bd
46452cb34f2c181ebe255c96c9ea9522f1537500
4858af0bdd1175d3f6c795eb053e7cae348ecb67f0633020d7d925c7672de871
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /as/AppMeasurement_Module_AudienceManagement.min.js HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country={{country}}
Cookie: dtCookie=v_4_srv_-2D68_sn_2KRG6SMLKK868MPGTTMT55GSUE3911OL; rxVisitor=16696733046092BRHNU8AII6BN1IUN8GOK0509I1ULSS9; dtPC=-68$473304588_493h1vGANSECUPAKMRWGBULJKUQKMUCKMRAMDI-0e0; rxvt=1669675104613|1669673304613
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 22:08:25 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:52 GMT
Accept-Ranges: bytes
Content-Length: 25152
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 28 Nov 2022 21:11:12 GMT
cache-control: public,max-age=3600
age: 3433
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
secure-truist-login-online.duckdns.org/as/runtime.24e47bcca0e5b8df.js
20.106.149.200200 OK 4.0 kB URL HTTP/1.1 secure-truist-login-online.duckdns.org/as/runtime.24e47bcca0e5b8df.js
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (3988), with no line terminators
Hash 19e82f6632beff47a591d8d9898844eb
745646fd24b19616736b1334a77595c8158c3096
53f683216b31c885d6613df4f654d8c76ee381c5e59d14c1580c4fb04f7e8dd1
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /as/runtime.24e47bcca0e5b8df.js HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country={{country}}
Cookie: dtCookie=v_4_srv_-2D68_sn_2KRG6SMLKK868MPGTTMT55GSUE3911OL; rxVisitor=16696733046092BRHNU8AII6BN1IUN8GOK0509I1ULSS9; dtPC=-68$473304588_493h1vGANSECUPAKMRWGBULJKUQKMUCKMRAMDI-0e0; rxvt=1669675104613|1669673304613
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 22:08:25 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:52 GMT
Accept-Ranges: bytes
Content-Length: 3988
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
secure-truist-login-online.duckdns.org/as/polyfills.87d6b856162b755f.js
20.106.149.200200 OK 34 kB URL HTTP/1.1 secure-truist-login-online.duckdns.org/as/polyfills.87d6b856162b755f.js
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (33921), with no line terminators
Hash a41a401158c68bce6c0449d976f94254
b6712540e7ca18ed5bf7a684a7fa6f60f77775eb
0a032317a19ef60ee4bf3a0bd74b3cdfff1e1a2e1d7cdef29f0de71c5e6e3f2e
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /as/polyfills.87d6b856162b755f.js HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country={{country}}
Cookie: dtCookie=v_4_srv_-2D68_sn_2KRG6SMLKK868MPGTTMT55GSUE3911OL; rxVisitor=16696733046092BRHNU8AII6BN1IUN8GOK0509I1ULSS9; dtPC=-68$473304588_493h1vGANSECUPAKMRWGBULJKUQKMUCKMRAMDI-0e0; rxvt=1669675104613|1669673304613
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 22:08:25 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:52 GMT
Accept-Ranges: bytes
Content-Length: 33921
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
secure-truist-login-online.duckdns.org/as/styles_r.css
20.106.149.200200 OK 160 kB URL HTTP/1.1 secure-truist-login-online.duckdns.org/as/styles_r.css
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (65536), with no line terminators
Size 160 kB (159564 bytes)
Hash ae87d30c231b13077aeaac8434f6a15d
63e2826f29e6912a7f52c0557dc19f3e87b64ace
3298955245d7912cfe82f3cb67dc8e40c9ca08a1c0106ac68e4813f721d75523
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /as/styles_r.css HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country={{country}}
Cookie: dtCookie=v_4_srv_-2D68_sn_2KRG6SMLKK868MPGTTMT55GSUE3911OL; rxVisitor=16696733046092BRHNU8AII6BN1IUN8GOK0509I1ULSS9; dtPC=-68$473304588_493h1vGANSECUPAKMRWGBULJKUQKMUCKMRAMDI-0e0; rxvt=1669675104613|1669673304613
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 22:08:25 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:50 GMT
Accept-Ranges: bytes
Content-Length: 159564
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
secure-truist-login-online.duckdns.org/as/truist_common.js
20.106.149.200200 OK 243 kB URL HTTP/1.1 secure-truist-login-online.duckdns.org/as/truist_common.js
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (65536), with no line terminators
Size 243 kB (242738 bytes)
Hash 96883d65a2154b539f6d35d275d0204d
ffcdd9ad3c2eb9e2dc9bdf345b7634b7c0602e20
c9732b242d6e796c25b89e5c167f282fd75a499b8797c06d3451e6cbe28af3eb
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /as/truist_common.js HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country={{country}}
Cookie: dtCookie=v_4_srv_-2D68_sn_2KRG6SMLKK868MPGTTMT55GSUE3911OL; rxVisitor=16696733046092BRHNU8AII6BN1IUN8GOK0509I1ULSS9; dtPC=-68$473304588_493h1vGANSECUPAKMRWGBULJKUQKMUCKMRAMDI-0e0; rxvt=1669675104613|1669673304613
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 22:08:25 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:50 GMT
Accept-Ranges: bytes
Content-Length: 242738
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
secure-truist-login-online.duckdns.org/as/scripts.1c82821384a86f51.js
20.106.149.200200 OK 162 kB URL HTTP/1.1 secure-truist-login-online.duckdns.org/as/scripts.1c82821384a86f51.js
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (65536), with no line terminators
Size 162 kB (162165 bytes)
Hash d260f493770fd7a5ec4caf09e788726a
0575d3d4e11d738d5b34cb4422c12b5fe6f961ab
30792010f2ad793afae6214bbb28bfd1cedc615ea2370a1862d7a5ae8787a09a
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /as/scripts.1c82821384a86f51.js HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country={{country}}
Cookie: dtCookie=v_4_srv_-2D68_sn_2KRG6SMLKK868MPGTTMT55GSUE3911OL; rxVisitor=16696733046092BRHNU8AII6BN1IUN8GOK0509I1ULSS9; dtPC=-68$473304588_493h1vGANSECUPAKMRWGBULJKUQKMUCKMRAMDI-0e0; rxvt=1669675104613|1669673304613
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 22:08:25 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:52 GMT
Accept-Ranges: bytes
Content-Length: 162165
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
secure-truist-login-online.duckdns.org/as/tru_lg_hrz_rgb_wht_rev.png
20.106.149.200200 OK 15 kB URL HTTP/1.1 secure-truist-login-online.duckdns.org/as/tru_lg_hrz_rgb_wht_rev.png
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 1927 x 767, 8-bit/color RGBA, non-interlaced\012- data
Hash 84796985e04a9f463f26293d1919f3c4
db0a67a0de6fe6a06c4254b82e72e64ed80f0400
d938ee89009d30e5f4abe089c40c5d3ef3b4ae7e1965d451faadb7e61ccc32d9
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /as/tru_lg_hrz_rgb_wht_rev.png HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country={{country}}
Cookie: dtCookie=v_4_srv_-2D68_sn_2KRG6SMLKK868MPGTTMT55GSUE3911OL; rxVisitor=16696733046092BRHNU8AII6BN1IUN8GOK0509I1ULSS9; dtPC=-68$473304588_493h1vGANSECUPAKMRWGBULJKUQKMUCKMRAMDI-0e0; rxvt=1669675104613|1669673304613
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 22:08:26 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:52 GMT
Accept-Ranges: bytes
Content-Length: 14599
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
secure-truist-login-online.duckdns.org/as/trulogo_horz-trupurple.png
20.106.149.200200 OK 4.4 kB URL HTTP/1.1 secure-truist-login-online.duckdns.org/as/trulogo_horz-trupurple.png
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 365 x 86, 8-bit/color RGBA, non-interlaced\012- data
Hash fe2af793fe57fcace53f91cfed335a8e
250d1d12ba58cade61d74f7f61dbc90bf2556bda
d2e2e20fc9729fb0389392bde5a8fd1b4cb390dd8689ce7a1c3fe83cc91b0d52
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /as/trulogo_horz-trupurple.png HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country={{country}}
Cookie: dtCookie=v_4_srv_-2D68_sn_2KRG6SMLKK868MPGTTMT55GSUE3911OL; rxVisitor=16696733046092BRHNU8AII6BN1IUN8GOK0509I1ULSS9; dtPC=-68$473304588_493h1vGANSECUPAKMRWGBULJKUQKMUCKMRAMDI-0e0; rxvt=1669675104613|1669673304613
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 22:08:26 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:52 GMT
Accept-Ranges: bytes
Content-Length: 4376
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
23.38.200.237200 OK 12 kB URL HTTP/2 assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
IP 23.38.200.237:0
File type ASCII text, with very long lines (32768)
Hash e616df092766c7ab7904619f971a35cc
a960429c42802a43e3ce728fc4d1e8bdab10e606
082ae7647bfdb639846791e5c0ca39b96544dff3aed0c365973c9589cd5b091e
GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 12163
expires: Mon, 28 Nov 2022 23:08:26 GMT
date: Mon, 28 Nov 2022 22:08:26 GMT
cache-control: no-cache
access-control-allow-origin: http://secure-truist-login-online.duckdns.org
timing-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7ab2ef968cb6a3078f4b9cb2dda813d4
e669116047ca058a2c1b2999ff0ea8682719162c
6ddecf0b21c44f3851da8efeb6ecdc6c8e9b83d7681153c31952b4ec8c23c940
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6199
Cache-Control: max-age=132108
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:08:26 GMT
Etag: "63847a2f-1d7"
Expires: Wed, 30 Nov 2022 10:50:14 GMT
Last-Modified: Mon, 28 Nov 2022 09:06:55 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
secure-truist-login-online.duckdns.org/as/launch-866a03735382.min.js
20.106.149.200200 OK 8.8 kB URL HTTP/1.1 secure-truist-login-online.duckdns.org/as/launch-866a03735382.min.js
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)\012- data
Hash 6f56f25549f094ee43918a26715f4c6b
0b75d52207556fa7879017f81a9445006a637047
57a0cc8a8dfd7a1ab1aa40a84c53b0db4caf025c5c5499bea095b91924139a96
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /as/launch-866a03735382.min.js HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country={{country}}
Cookie: dtCookie=v_4_srv_-2D68_sn_2KRG6SMLKK868MPGTTMT55GSUE3911OL; rxVisitor=16696733046092BRHNU8AII6BN1IUN8GOK0509I1ULSS9; dtPC=-68$473304588_493h1vGANSECUPAKMRWGBULJKUQKMUCKMRAMDI-0e0; rxvt=1669675104613|1669673304613
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 22:08:25 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:50 GMT
Accept-Ranges: bytes
Content-Length: 186614
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 04a1e174fccea9e65be21b0c9746de94
a62527b64c568170053ef10f12f479c61848a6a8
b14de7ab62003f342cb84b98caa3bd291bf24d9cefdad1571edfd94aa0a483da
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4681
Cache-Control: max-age=119794
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:08:26 GMT
Etag: "63845003-1d7"
Expires: Wed, 30 Nov 2022 07:25:00 GMT
Last-Modified: Mon, 28 Nov 2022 06:06:59 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=AA7A3BC75245B3BC0A490D4D%40AdobeOrg&d_nsid=0&ts=1669673305347
34.253.88.93200 OK 1.3 kB URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=AA7A3BC75245B3BC0A490D4D%40AdobeOrg&d_nsid=0&ts=1669673305347
IP 34.253.88.93:0
File type JSON data\012- , ASCII text, with very long lines (4008), with no line terminators
Hash 2056036ffd7f19a7f78b3b8c782b6053
26f6f523917b090f7e9d605bbc9c53b79beae604
396f1c3b6542cf3d921470c31d46763224082a1e1cbeee12c2360fbf308013c7
GET /id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=AA7A3BC75245B3BC0A490D4D%40AdobeOrg&d_nsid=0&ts=1669673305347 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://secure-truist-login-online.duckdns.org
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://secure-truist-login-online.duckdns.org
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-02fc48b13.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=43589337093564204360449590094083273140; Max-Age=15552000; Expires=Sat, 27 May 2023 22:08:26 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: Xd2MX02OQcg=
Content-Length: 1340
Connection: keep-alive
secure-truist-login-online.duckdns.org/as/main.6b2b5be7c0191f9e.js
20.106.149.200200 OK 2.2 MB URL HTTP/1.1 secure-truist-login-online.duckdns.org/as/main.6b2b5be7c0191f9e.js
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (65536), with no line terminators
Size 2.2 MB (2164385 bytes)
Hash 339a7b86b7bd9fa983e83fa76a63498a
6c890b832e26f7617a5861940706a1f129cc576a
8e7a992bcf52f3c70ac93d33ae5a90702425fc13486f55b3531f5519a5da45ad
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /as/main.6b2b5be7c0191f9e.js HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country={{country}}
Cookie: dtCookie=v_4_srv_-2D68_sn_2KRG6SMLKK868MPGTTMT55GSUE3911OL; rxVisitor=16696733046092BRHNU8AII6BN1IUN8GOK0509I1ULSS9; dtPC=-68$473304588_493h1vGANSECUPAKMRWGBULJKUQKMUCKMRAMDI-0e0; rxvt=1669675104613|1669673304613
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 22:08:25 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 10:21:02 GMT
Accept-Ranges: bytes
Content-Length: 2164385
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
secure-truist-login-online.duckdns.org/as/dest5.html
20.106.149.200200 OK 14 kB URL HTTP/1.1 secure-truist-login-online.duckdns.org/as/dest5.html
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash cbec4d4de9f31f17f6f9331f89383d7d
5524cbfba00706b21a72cb1c57e4e575b4e7ad1f
b26151b6cbca0ba0a30c98391039c7d300c1f344c8e118f932c6787470305128
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /as/dest5.html HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country={{country}}
Cookie: dtCookie=v_4_srv_-2D68_sn_2KRG6SMLKK868MPGTTMT55GSUE3911OL; rxVisitor=16696733046092BRHNU8AII6BN1IUN8GOK0509I1ULSS9; dtPC=-68$473304588_493h2vGANSECUPAKMRWGBULJKUQKMUCKMRAMDI-0e0; rxvt=1669675105347|1669673304613; dtLatC=50; dtSa=-; AMCV_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1176715910%7CMCIDTS%7C19325%7CvVersion%7C5.4.0
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 22:08:26 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:52 GMT
Accept-Ranges: bytes
Content-Length: 13579
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html
secure-truist-login-online.duckdns.org/assets/tru-core-icon-sprite.svg
20.106.149.200404 Not Found 315 B URL HTTP/1.1 secure-truist-login-online.duckdns.org/assets/tru-core-icon-sprite.svg
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /assets/tru-core-icon-sprite.svg HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country={{country}}
Cookie: dtCookie=v_4_srv_-2D68_sn_2KRG6SMLKK868MPGTTMT55GSUE3911OL; rxVisitor=16696733046092BRHNU8AII6BN1IUN8GOK0509I1ULSS9; dtPC=-68$473304588_493h2vGANSECUPAKMRWGBULJKUQKMUCKMRAMDI-0e0; rxvt=1669675105347|1669673304613; dtLatC=50; dtSa=-; AMCV_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1176715910%7CMCIDTS%7C19325%7CvVersion%7C5.4.0
HTTP/1.1 404 Not Found
Date: Mon, 28 Nov 2022 22:08:26 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
push.services.mozilla.com/
52.38.139.17101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.38.139.17:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: eWd1k19PuWpwU4GHk+fSYA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: vwf5xOvyqWLLlFNKfBSuvJLZYNE=
sstats.truist.com/id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=AA7A3BC75245B3BC0A490D4D%40AdobeOrg&mid=40221915462710535630978118076528904731&ts=1669673305682
13.36.218.177200 OK 48 B URL HTTP/2 sstats.truist.com/id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=AA7A3BC75245B3BC0A490D4D%40AdobeOrg&mid=40221915462710535630978118076528904731&ts=1669673305682
IP 13.36.218.177:0
File type JSON data\012- , ASCII text, with no line terminators
Hash aa1a8569de9c3c2ca655cbde9bc4deec
2b95b6553c91972227be5f1fb551927c64aa30a3
af11f6dec9d5a69b07c416dd7332be005b7c6c127e1b459ffc0aeb0a3c70a688
GET /id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=AA7A3BC75245B3BC0A490D4D%40AdobeOrg&mid=40221915462710535630978118076528904731&ts=1669673305682 HTTP/1.1
Host: sstats.truist.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://secure-truist-login-online.duckdns.org
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://secure-truist-login-online.duckdns.org
access-control-allow-credentials: true
date: Mon, 28 Nov 2022 22:08:26 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_ecid=MCMID%7C40221915462710535630978118076528904731; Path=/; Domain=truist.com; Max-Age=63072000; Expires=Wed, 27 Nov 2024 22:08:08 GMT; SameSite=Lax;
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 48
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
secure-truist-login-online.duckdns.org/dias/info/config
20.106.149.200404 Not Found 315 B URL HTTP/1.1 secure-truist-login-online.duckdns.org/dias/info/config
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /dias/info/config HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
x-dtpc: -68$473304588_493h4vGANSECUPAKMRWGBULJKUQKMUCKMRAMDI-0e0
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country={{country}}
Cookie: dtCookie=v_4_srv_-2D68_sn_2KRG6SMLKK868MPGTTMT55GSUE3911OL; rxVisitor=16696733046092BRHNU8AII6BN1IUN8GOK0509I1ULSS9; dtPC=-68$473304588_493h4vGANSECUPAKMRWGBULJKUQKMUCKMRAMDI-0e0; rxvt=1669675106562|1669673304613; dtLatC=50; dtSa=-; AMCV_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1176715910%7CMCIDTS%7C19325%7CMCMID%7C40221915462710535630978118076528904731%7CMCAAMLH-1670278105%7C6%7CMCAAMB-1670278105%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1669680506s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.4.0; AMCVS_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1
HTTP/1.1 404 Not Found
Date: Mon, 28 Nov 2022 22:08:27 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11432
Expires: Tue, 29 Nov 2022 01:18:59 GMT
Date: Mon, 28 Nov 2022 22:08:27 GMT
Connection: keep-alive
dias.bank.truist.com/ui/favicon.ico
104.84.152.161200 OK 14 kB URL HTTP/2 dias.bank.truist.com/ui/favicon.ico
IP 104.84.152.161:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (672)
Hash e1e4b3fbce7102cff990029b79ff270c
a01a9879b937e9c1bf95b9f1d3673be4c8bc2e41
16944ce34d66701a5a29d4227669ac19940fb229599cf4cde5f789ffa7b32a56
GET /ui/favicon.ico HTTP/1.1
Host: dias.bank.truist.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: text/html
etag: W/"1074-1667961614000:dtagent10247220811100421uywL"
last-modified: Wed, 09 Nov 2022 02:40:13 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
x-frame-options: DENY
x-content-type-options: nosniff
cache-control: max-age=0
x-oneagent-js-injection: true
expires: Sun, 20 Nov 2022 19:46:41 GMT
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains
server-timing: dtRpid;desc="-114749188", dtSInfo;desc="0"
vary: Accept-Encoding
content-encoding: gzip
date: Mon, 28 Nov 2022 22:08:27 GMT
content-length: 13674
X-Firefox-Spdy: h2
dias.bank.truist.com/ui/assets/images/father-son.png
104.84.152.161200 OK 140 kB URL HTTP/2 dias.bank.truist.com/ui/assets/images/father-son.png
IP 104.84.152.161:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1600x1600, components 3\012- data
Size 140 kB (140237 bytes)
Hash 13ef1dd9531309bed82c8587228ecb23
322ea99d980c4266d0d6ec4034994545b351e73f
2fb0edc4309fcb422b5a0a0649b316449435e6a4f9ae2f3dc294d4c207028d25
GET /ui/assets/images/father-son.png HTTP/1.1
Host: dias.bank.truist.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-length: 140237
content-type: image/png
etag: W/"140237-1667961614000"
last-modified: Wed, 09 Nov 2022 02:40:14 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
x-frame-options: DENY
x-content-type-options: nosniff
x-oneagent-js-injection: true
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 28 Nov 2022 22:08:27 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11432
Expires: Tue, 29 Nov 2022 01:18:59 GMT
Date: Mon, 28 Nov 2022 22:08:27 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1172c72b-d329-4446-80cb-92b8cf104425.jpeg
34.120.237.76200 OK 3.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1172c72b-d329-4446-80cb-92b8cf104425.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9cd333c474420e235831d96ed881167e
5008d7344dd85ae61a598c17e7baf427def3e25d
2178a96e120661e43d8e8ed0df1fcf500caf4c58db9e1bedaf0706af0a80b286
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1172c72b-d329-4446-80cb-92b8cf104425.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3944
x-amzn-requestid: 8a6732c1-72da-4a73-ba51-8533c6a01a9c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cVNmfFgeIAMFjLw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6385295c-0c807d93277bfb7f6b13c2ee;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 21:34:20 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oW4xFfsPp-Jmf28Uc88iZ2jLgtMRjn2gW0orrJ4K201r6Y6OlHkacQ==
via: 1.1 995664ee945c06fc706b5cb8e0e650dc.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:46:51 GMT
age: 1296
etag: "5008d7344dd85ae61a598c17e7baf427def3e25d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9082acd6-44fd-454b-b215-451cf6d822a1.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9082acd6-44fd-454b-b215-451cf6d822a1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5ab97acd46d3380fa12711c96b3c2d35
b703ea2cc2fcd68e60135ff77d5a5f1b93fac128
aeeaa56714fbd157e788cd24da03d43ede527959e2563e6d7d99489753dee85f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9082acd6-44fd-454b-b215-451cf6d822a1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8106
x-amzn-requestid: 73d1b662-99a8-4ad7-95f9-c0b1ebf7c45a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cVNnQEhQoAMFbLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63852961-64954bc92997c9302e291381;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 21:34:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UO4hCMgPgR4-ld-QCKgNPrq4p1gduUSA5R4ffZmnFodBj-1_NcFLmg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:37:21 GMT
age: 1866
etag: "b703ea2cc2fcd68e60135ff77d5a5f1b93fac128"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F306bb762-e2a8-4771-9a39-086c46f94b11.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F306bb762-e2a8-4771-9a39-086c46f94b11.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 415b1b1d5a29fc17b4114bb3df1d1c22
600859401c885cc2cdd1f199cccc198eb41d6a04
abfbf4ecf2423736a29686859f6a8f2b77204b48f3f60d208f6d491e80611e7f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F306bb762-e2a8-4771-9a39-086c46f94b11.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7549
x-amzn-requestid: bb37235a-8c7d-47fe-abb6-6cc633560165
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP-7lHmsoAMF9lA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638311e3-1f2a4abc40119f3e026dc393;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:29:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ds96jURZ0epaXMg2oTUETRQCpHwlVJrl5hTqvpUAWEGVa5rbDve1FA==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:46:42 GMT
age: 1305
etag: "600859401c885cc2cdd1f199cccc198eb41d6a04"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7faa45dd-b9de-4dae-a2d6-ee678d7d3906.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7faa45dd-b9de-4dae-a2d6-ee678d7d3906.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ae2e2986caa15a90b615147f229b51ec
c6dfd277cdbd057472e6df6ad1a200f50684d442
ec3799922c38ee6394601744ff4b2c405ee44c4718a2b90c104134657f8b480b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7faa45dd-b9de-4dae-a2d6-ee678d7d3906.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9015
x-amzn-requestid: 9f657586-a44e-46f0-8c38-f1bf26142486
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cVOlEE6ZoAMFUPw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63852aed-1da2400f4165dd553418f8b9;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 21:41:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: mqdz1NhVCqmSrhYLIF0miDzrBiS82SUU6ZRFzDMllbCwS70hC0rMRQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:46:55 GMT
age: 1292
etag: "c6dfd277cdbd057472e6df6ad1a200f50684d442"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 03014221d7f49b50ffc2d1b0a0e75457
772d86ad983042a728ee3490630a9cf1134ad0dd
81fb954fa569955907952987e9d8efd1dac80e0e4a682826abf3c5d90eb31771
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10176
x-amzn-requestid: c2231955-5c78-4073-8399-b8b90f1add78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMo3oHpSoAMF5Qw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bb63-55a1cb004ac73c8b02f2fb8d;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:08:19 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uGocx-Lv8ieJVvICjnTGQZyzaQzjVdICX2RZaNyBTQvUKeIcNxaCJQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 07:38:02 GMT
age: 52225
etag: "772d86ad983042a728ee3490630a9cf1134ad0dd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1ee10f9-36dd-4ca4-986e-a80758149640.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1ee10f9-36dd-4ca4-986e-a80758149640.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 516776052e5e906ea9f42d25bae5cc85
be4c4d01fc67218e26a3e9d27a2f708e639c9d4b
28e70e38cfad65ad8a7a68ab1dc78747c7013a87b854fc35b163cc5765cd0570
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1ee10f9-36dd-4ca4-986e-a80758149640.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8460
x-amzn-requestid: 51416479-3854-4f1a-9d86-35e104c57f6a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cVNnkHuZIAMF-_A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63852963-180b323d4a45fa2f29f9b1fc;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 21:34:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ieDA8l_Up51cFaB9IExlSs8A5m-H77va1rCVF_WRMg_FN53Xakipuw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:46:55 GMT
age: 1292
etag: "be4c4d01fc67218e26a3e9d27a2f708e639c9d4b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash 3abfda95da9161a7940e489ba957e237
ddedb2266b851ea1e32ea00962e126b99d7709e4
7bddacb5331afb1e017c6a1e3cfaec6812354693597686f07328c2186200a538
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=145314
Date: Mon, 28 Nov 2022 22:08:27 GMT
Etag: "6384bf1f-1d7"
Expires: Wed, 30 Nov 2022 14:30:21 GMT
Last-Modified: Mon, 28 Nov 2022 14:01:03 GMT
Server: ECS (bsa/EB17)
X-Cache: Miss from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 8uF1avA9vWgDDyy60d_6F92Rmt4FAUCen_KDfO5wnnAIF4BpWYG7mQ==
Age: 1758
cm.everesttech.net/cm/dd?d_uuid=43589337093564204360449590094083273140
99.80.65.0302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=43589337093564204360449590094083273140
IP 99.80.65.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=43589337093564204360449590094083273140 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Mon, 28 Nov 2022 22:08:27 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y4UxWwAAAM2VJwMx; Domain=.everesttech.net; Expires=Tue, 28-Nov-2023 22:08:27 GMT; Path=/
everest_session_v2=Y4UxWwAAAM2VKAMx; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y4UxWwAAAM2VJwMx
Server: AMO-cookiemap/1.1
dpm.demdex.net/ibs:dpid=411&dpuuid=Y4UxWwAAAM2VJwMx
34.253.88.93302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=Y4UxWwAAAM2VJwMx
IP 34.253.88.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=Y4UxWwAAAM2VJwMx HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://secure-truist-login-online.duckdns.org/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v045-0ba4161da.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4UxWwAAAM2VJwMx
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=33515721461809339832552773281616751152; Max-Age=15552000; Expires=Sat, 27 May 2023 22:08:27 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: 0rHSe4pHStw=
Content-Length: 0
Connection: keep-alive
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4UxWwAAAM2VJwMx
34.253.88.93200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4UxWwAAAM2VJwMx
IP 34.253.88.93:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4UxWwAAAM2VJwMx HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://secure-truist-login-online.duckdns.org/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-2-v045-08c859e6d.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: d6Ckn30xSa0=
Content-Length: 59
Connection: keep-alive
secure-truist-login-online.duckdns.org/ui/rb_dd022447-99bb-4e4a-8e68-67aec1c3d505?type=js3&sn=v_4_srv_-2D68_sn_2KRG6SMLKK868MPGTTMT55GSUE3911OL&svrid=-68&flavor=post&vi=GANSECUPAKMRWGBULJKUQKMUCKMRAMDI-0&modifiedSince=1668734971679&rf=http%3A%2F%2Fsecure-truist-login-online.duckdns.org%2Flogin.php%3FVerification%3DTRUE%26Country%3D%7B%7Bcountry%7D%7D&bp=3&app=307988b0f4afb8ec&crc=256287127&en=9va2smjd&end=1
20.106.149.200404 Not Found 315 B URL HTTP/1.1 secure-truist-login-online.duckdns.org/ui/rb_dd022447-99bb-4e4a-8e68-67aec1c3d505?type=js3&sn=v_4_srv_-2D68_sn_2KRG6SMLKK868MPGTTMT55GSUE3911OL&svrid=-68&flavor=post&vi=GANSECUPAKMRWGBULJKUQKMUCKMRAMDI-0&modifiedSince=1668734971679&rf=http%3A%2F%2Fsecure-truist-login-online.duckdns.org%2Flogin.php%3FVerification%3DTRUE%26Country%3D%7B%7Bcountry%7D%7D&bp=3&app=307988b0f4afb8ec&crc=256287127&en=9va2smjd&end=1
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery DynDNS domain detected
POST /ui/rb_dd022447-99bb-4e4a-8e68-67aec1c3d505?type=js3&sn=v_4_srv_-2D68_sn_2KRG6SMLKK868MPGTTMT55GSUE3911OL&svrid=-68&flavor=post&vi=GANSECUPAKMRWGBULJKUQKMUCKMRAMDI-0&modifiedSince=1668734971679&rf=http%3A%2F%2Fsecure-truist-login-online.duckdns.org%2Flogin.php%3FVerification%3DTRUE%26Country%3D%7B%7Bcountry%7D%7D&bp=3&app=307988b0f4afb8ec&crc=256287127&en=9va2smjd&end=1 HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/plain;charset=UTF-8
Content-Length: 2430
Origin: http://secure-truist-login-online.duckdns.org
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country={{country}}
Cookie: dtCookie=v_4_srv_-2D68_sn_2KRG6SMLKK868MPGTTMT55GSUE3911OL; rxVisitor=16696733046092BRHNU8AII6BN1IUN8GOK0509I1ULSS9; dtPC=-68$473304588_493h-vGANSECUPAKMRWGBULJKUQKMUCKMRAMDI-0e0; rxvt=1669675107168|1669673304613; dtLatC=50; dtSa=-; AMCV_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1176715910%7CMCIDTS%7C19325%7CMCMID%7C40221915462710535630978118076528904731%7CMCAAMLH-1670278105%7C6%7CMCAAMB-1670278105%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1669680506s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19332%7CvVersion%7C5.4.0; AMCVS_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1
HTTP/1.1 404 Not Found
Date: Mon, 28 Nov 2022 22:08:29 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
secure-truist-login-online.duckdns.org/ui/rb_dd022447-99bb-4e4a-8e68-67aec1c3d505?type=js3&sn=v_4_srv_-2D68_sn_2KRG6SMLKK868MPGTTMT55GSUE3911OL&svrid=-68&flavor=post&vi=GANSECUPAKMRWGBULJKUQKMUCKMRAMDI-0&modifiedSince=1668734971679&rf=http%3A%2F%2Fsecure-truist-login-online.duckdns.org%2Flogin.php%3FVerification%3DTRUE%26Country%3D%7B%7Bcountry%7D%7D&bp=3&app=307988b0f4afb8ec&crc=3401754070&en=9va2smjd&end=1
20.106.149.200404 Not Found 315 B URL HTTP/1.1 secure-truist-login-online.duckdns.org/ui/rb_dd022447-99bb-4e4a-8e68-67aec1c3d505?type=js3&sn=v_4_srv_-2D68_sn_2KRG6SMLKK868MPGTTMT55GSUE3911OL&svrid=-68&flavor=post&vi=GANSECUPAKMRWGBULJKUQKMUCKMRAMDI-0&modifiedSince=1668734971679&rf=http%3A%2F%2Fsecure-truist-login-online.duckdns.org%2Flogin.php%3FVerification%3DTRUE%26Country%3D%7B%7Bcountry%7D%7D&bp=3&app=307988b0f4afb8ec&crc=3401754070&en=9va2smjd&end=1
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery DynDNS domain detected
POST /ui/rb_dd022447-99bb-4e4a-8e68-67aec1c3d505?type=js3&sn=v_4_srv_-2D68_sn_2KRG6SMLKK868MPGTTMT55GSUE3911OL&svrid=-68&flavor=post&vi=GANSECUPAKMRWGBULJKUQKMUCKMRAMDI-0&modifiedSince=1668734971679&rf=http%3A%2F%2Fsecure-truist-login-online.duckdns.org%2Flogin.php%3FVerification%3DTRUE%26Country%3D%7B%7Bcountry%7D%7D&bp=3&app=307988b0f4afb8ec&crc=3401754070&en=9va2smjd&end=1 HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/plain;charset=UTF-8
Content-Length: 3907
Origin: http://secure-truist-login-online.duckdns.org
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country={{country}}
Cookie: dtCookie=v_4_srv_-2D68_sn_2KRG6SMLKK868MPGTTMT55GSUE3911OL; rxVisitor=16696733046092BRHNU8AII6BN1IUN8GOK0509I1ULSS9; dtPC=-68$473304588_493h-vGANSECUPAKMRWGBULJKUQKMUCKMRAMDI-0e0; rxvt=1669675107168|1669673304613; dtLatC=50; dtSa=-; AMCV_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1176715910%7CMCIDTS%7C19325%7CMCMID%7C40221915462710535630978118076528904731%7CMCAAMLH-1670278105%7C6%7CMCAAMB-1670278105%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1669680506s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19332%7CvVersion%7C5.4.0; AMCVS_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1
HTTP/1.1 404 Not Found
Date: Mon, 28 Nov 2022 22:08:31 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
secure-truist-login-online.duckdns.org/as/ruxitagentjs_A27Vfgqrux_10247220811100421.js
20.106.149.200200 OK 0 B URL HTTP/1.1 secure-truist-login-online.duckdns.org/as/ruxitagentjs_A27Vfgqrux_10247220811100421.js
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /as/ruxitagentjs_A27Vfgqrux_10247220811100421.js HTTP/1.1
Host: secure-truist-login-online.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-truist-login-online.duckdns.org/login.php?Verification=TRUE&Country={{country}}
Cookie: dtCookie=v_4_srv_-2D68_sn_2KRG6SMLKK868MPGTTMT55GSUE3911OL; rxVisitor=16696733046092BRHNU8AII6BN1IUN8GOK0509I1ULSS9; dtPC=-68$473304588_493h1vGANSECUPAKMRWGBULJKUQKMUCKMRAMDI-0e0; rxvt=1669675104613|1669673304613
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 22:08:25 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:50 GMT
Accept-Ranges: bytes
Content-Length: 199861
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript