r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7989fc4a69327c765a7e4e68f46c169b
1f3e8e6e9e640c3d99ec52dc947b68fa9c1d335b
b15c98c58fae6a49e831bc0db617bedf8538bbfa011a84553debdcbe461433d0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B15C98C58FAE6A49E831BC0DB617BEDF8538BBFA011A84553DEBDCBE461433D0"
Last-Modified: Tue, 07 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17123
Expires: Thu, 09 Mar 2023 17:35:21 GMT
Date: Thu, 09 Mar 2023 12:49:58 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 8f33f56c329fe0b1570d2ee3e000ce4e
b11fcecd7cc1210d3f3b4e1426a37d3cd138119e
ebcb744a032452533c000c0a9f193fd2566b2389729c41b6c5ed69b9e4cd42d4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EBCB744A032452533C000C0A9F193FD2566B2389729C41B6C5ED69B9E4CD42D4"
Last-Modified: Tue, 07 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13677
Expires: Thu, 09 Mar 2023 16:37:55 GMT
Date: Thu, 09 Mar 2023 12:49:58 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 6d096b44c5db01960a5d03dbb2a238c0
8e818de0e82041f2d9edeb14ddaf3916983b3729
8c69b4883e45e3e993ffdf24922c6ff7f0131f1eece0c3d0016137ca29f48d04
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8C69B4883E45E3E993FFDF24922C6FF7F0131F1EECE0C3D0016137CA29F48D04"
Last-Modified: Tue, 07 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4823
Expires: Thu, 09 Mar 2023 14:10:22 GMT
Date: Thu, 09 Mar 2023 12:49:59 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ed282214b024a7895d90e229e92bb1cc
1f447aa59287ce2b45860a1a909d005a41305f77
a35ae9f89cbc77ed5fe849acdc2701592799c335f2674776d69c25bca0a00c2e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Backoff, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 09 Mar 2023 12:13:43 GMT
content-type: application/json
age: 2176
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
truistservi3e.line.pm/n/login.php
54.186.41.38301 Moved Permanently 249 B URL HTTP/1.1 truistservi3e.line.pm/n/login.php
IP 54.186.41.38:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 41f758101fdb1edb67378036b58fe0f5
e072202415101dd08e945b197d96596732279581
a2c44c2b15c84279139103fba5d8f27d1c230481526dfd6705ef229a4b9effe4
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain
GET /n/login.php HTTP/1.1
Host: truistservi3e.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 09 Mar 2023 12:49:58 GMT
Server: Apache
Location: https://truistservi3e.line.pm/n/login.php
Content-Length: 249
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: CSSj/Ynyn2hgGULDIJGEOxf06zdr7TRfEX1igXueIivL+oMjXhAOpwTeyyGPVi1Rm8H8+2UnwRY=
x-amz-request-id: JNEH6QEGY71EVN1J
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 09 Mar 2023 12:18:25 GMT
age: 1894
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 09 Mar 2023 12:49:59 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Type, Last-Modified, Retry-After, Expires, Pragma, Content-Length, Cache-Control, Alert, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 09 Mar 2023 12:03:42 GMT
age: 2777
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash bc9a86b8d3035b57b58750f8896202e8
1485042fff689cadbf0c7a540f430993f23d45e3
b06e4961e184d51008f4adb9c8fe571f08b21b4728e5eac0bb4795861e03aa2f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B06E4961E184D51008F4ADB9C8FE571F08B21B4728E5EAC0BB4795861E03AA2F"
Last-Modified: Tue, 07 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5829
Expires: Thu, 09 Mar 2023 14:27:08 GMT
Date: Thu, 09 Mar 2023 12:49:59 GMT
Connection: keep-alive
push.services.mozilla.com/
54.186.109.55101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.186.109.55:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: IpXTE0KTbC3hCajxQ1BbIw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: HDh5SgqZA/WnBHWE7WCaRkqeg0w=
truistservi3e.line.pm/n/login_files/dbc-min.js.download
54.186.41.38200 OK 1.0 kB URL HTTP/1.1 truistservi3e.line.pm/n/login_files/dbc-min.js.download
IP 54.186.41.38:0
File type ASCII text, with very long lines (1008)
Hash b11f34c50275765a9b3a0acbe1bd75aa
6103a85e4b0cf9fdca904a5793fb8af8c7a6dcea
3a646c145be3980978aaa0740511189e7d4aaac97f7731321fddb3a3e52f1a35
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /n/login_files/dbc-min.js.download HTTP/1.1
Host: truistservi3e.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://truistservi3e.line.pm/n/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 09 Mar 2023 12:50:00 GMT
Server: Apache
Last-Modified: Fri, 24 Feb 2023 08:28:26 GMT
Accept-Ranges: bytes
Content-Length: 1009
X-Robots-Tag: noindex,nofollow,nosnippet,notranslate,noimageindex,noyaca
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
truistservi3e.line.pm/n/login.php
54.186.41.38200 OK 222 kB URL HTTP/1.1 truistservi3e.line.pm/n/login.php
IP 54.186.41.38:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (64515)
Size 222 kB (221722 bytes)
Hash 3a56b8febf752a139a9564ab8a4789ac
5acf6873a6cd5d9dd45018785fb4863674282bd0
a8f3669ee94b24838025ebcd1fc744f86ce3457b6589f17cf6c662828860ca93
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain
GET /n/login.php HTTP/1.1
Host: truistservi3e.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Date: Thu, 09 Mar 2023 12:49:59 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
truistservi3e.line.pm/n/login_files/AppMeasurement.min.js.download
54.186.41.38200 OK 34 kB URL HTTP/1.1 truistservi3e.line.pm/n/login_files/AppMeasurement.min.js.download
IP 54.186.41.38:0
File type ASCII text, with very long lines (32717)
Hash dfdd9e1f988805f0c2fbb10cd6b8f034
b6cd42821dd2e732919fd053a4665af0e15e0335
d6d01246a30e9d483531c27721f73f266fa4af35effdb21683ac02a620ab8aaf
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /n/login_files/AppMeasurement.min.js.download HTTP/1.1
Host: truistservi3e.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://truistservi3e.line.pm/n/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 09 Mar 2023 12:50:00 GMT
Server: Apache
Last-Modified: Fri, 24 Feb 2023 08:28:38 GMT
Accept-Ranges: bytes
Content-Length: 34341
X-Robots-Tag: noindex,nofollow,nosnippet,notranslate,noimageindex,noyaca
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
truistservi3e.line.pm/n/login_files/styles.6cd828e508340e2d.css
54.186.41.38200 OK 74 kB URL HTTP/1.1 truistservi3e.line.pm/n/login_files/styles.6cd828e508340e2d.css
IP 54.186.41.38:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 0d2136dc326d813ef82ce0813a8ff3c0
1b7f2d8e592ea0ea7aa50e3cfc246dc9eb2db9ce
469abd33627b943e324d47d2c3f9bf6bb780972c27390b6172fbab754bfd894a
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
GET /n/login_files/styles.6cd828e508340e2d.css HTTP/1.1
Host: truistservi3e.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://truistservi3e.line.pm/n/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 09 Mar 2023 12:50:00 GMT
Server: Apache
Last-Modified: Fri, 24 Feb 2023 08:28:30 GMT
Accept-Ranges: bytes
Content-Length: 73595
X-Robots-Tag: noindex,nofollow,nosnippet,notranslate,noimageindex,noyaca
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
truistservi3e.line.pm/n/login_files/runtime.2e78a8b3cb68b6d0.js.download
54.186.41.38200 OK 4.0 kB URL HTTP/1.1 truistservi3e.line.pm/n/login_files/runtime.2e78a8b3cb68b6d0.js.download
IP 54.186.41.38:0
File type ASCII text, with very long lines (3988), with no line terminators
Hash 8dc019d42a13a9f7944ffe3262bafe6a
684d79fbd7b74f677838dd8fdb30436b16749cff
5442fd442efe0c3d534e135b34e408268e4b6e3cd36f62913472761dc525f2e9
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /n/login_files/runtime.2e78a8b3cb68b6d0.js.download HTTP/1.1
Host: truistservi3e.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://truistservi3e.line.pm/n/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 09 Mar 2023 12:50:00 GMT
Server: Apache
Last-Modified: Fri, 24 Feb 2023 08:28:44 GMT
Accept-Ranges: bytes
Content-Length: 3988
X-Robots-Tag: noindex,nofollow,nosnippet,notranslate,noimageindex,noyaca
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
truistservi3e.line.pm/n/login_files/launch-866a03735382.min.js.download
54.186.41.38200 OK 191 kB URL HTTP/1.1 truistservi3e.line.pm/n/login_files/launch-866a03735382.min.js.download
IP 54.186.41.38:0
File type ASCII text, with very long lines (32765)
Size 191 kB (190740 bytes)
Hash 0849b4af4aa7f6d809521c48b54246a5
9e887dcf02fbc67c46ab3d91d59cc6801855fb94
e4c98966eb5bd15c87c5cd1d73d4bd61dd369067acdaa53f3cc00574fe6ee9ab
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /n/login_files/launch-866a03735382.min.js.download HTTP/1.1
Host: truistservi3e.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://truistservi3e.line.pm/n/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 09 Mar 2023 12:50:00 GMT
Server: Apache
Last-Modified: Fri, 24 Feb 2023 08:28:34 GMT
Accept-Ranges: bytes
Content-Length: 190740
X-Robots-Tag: noindex,nofollow,nosnippet,notranslate,noimageindex,noyaca
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
truistservi3e.line.pm/n/login_files/ruxitagentjs_A27NVfgqrux_10257221222094147.js.download
54.186.41.38200 OK 210 kB URL HTTP/1.1 truistservi3e.line.pm/n/login_files/ruxitagentjs_A27NVfgqrux_10257221222094147.js.download
IP 54.186.41.38:0
File type ASCII text, with very long lines (2009)
Size 210 kB (210522 bytes)
Hash a7518fca394ad8fd4587bc9e3739094f
e08c0de9ead8f859c8b50283c6fbb9d1a235b21d
ee8c4acc6108ef69231ba78b1958f136374a6fb398d9452eb92b1d2731b2489a
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /n/login_files/ruxitagentjs_A27NVfgqrux_10257221222094147.js.download HTTP/1.1
Host: truistservi3e.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://truistservi3e.line.pm/n/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 09 Mar 2023 12:50:00 GMT
Server: Apache
Last-Modified: Fri, 24 Feb 2023 08:28:20 GMT
Accept-Ranges: bytes
Content-Length: 210522
X-Robots-Tag: noindex,nofollow,nosnippet,notranslate,noimageindex,noyaca
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
truistservi3e.line.pm/n/login_files/truist_common.js.download
54.186.41.38200 OK 244 kB URL HTTP/1.1 truistservi3e.line.pm/n/login_files/truist_common.js.download
IP 54.186.41.38:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 244 kB (243685 bytes)
Hash e704a93e8c1771bbaf3536a7c13357d3
718c61d347683c8cf98e81b70dc8f056e1a1892a
bedee6e2fb27b21699a697393b1b278c414886f62eb34ed32ffc15c827bcc604
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /n/login_files/truist_common.js.download HTTP/1.1
Host: truistservi3e.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://truistservi3e.line.pm/n/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 09 Mar 2023 12:50:00 GMT
Server: Apache
Last-Modified: Fri, 24 Feb 2023 08:28:44 GMT
Accept-Ranges: bytes
Content-Length: 243685
X-Robots-Tag: noindex,nofollow,nosnippet,notranslate,noimageindex,noyaca
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
truistservi3e.line.pm/n/login_files/AppMeasurement_Module_AudienceManagement.min.js.download
54.186.41.38200 OK 25 kB URL HTTP/1.1 truistservi3e.line.pm/n/login_files/AppMeasurement_Module_AudienceManagement.min.js.download
IP 54.186.41.38:0
File type exported SGML document, ASCII text, with very long lines (24999)
Hash d220d501715e0484d0dddeac614f902c
2c97bb2f41fa88ca23907caabc4c46be586c31c1
b01bd01687b15585b2740273c8c3c6674dd9f559cfe52eeffdf43b1f93a12d05
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /n/login_files/AppMeasurement_Module_AudienceManagement.min.js.download HTTP/1.1
Host: truistservi3e.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://truistservi3e.line.pm/n/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 09 Mar 2023 12:50:00 GMT
Server: Apache
Last-Modified: Fri, 24 Feb 2023 08:28:40 GMT
Accept-Ranges: bytes
Content-Length: 25152
X-Robots-Tag: noindex,nofollow,nosnippet,notranslate,noimageindex,noyaca
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
truistservi3e.line.pm/n/login_files/styles_r.css
54.186.41.38200 OK 160 kB URL HTTP/1.1 truistservi3e.line.pm/n/login_files/styles_r.css
IP 54.186.41.38:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 160 kB (160369 bytes)
Hash 8d25856b298ea173f28d0463f07bd9dd
5433efcc0739057b4e7d3deb4ae6e7dcd6fcce61
89c441ab378719e882ea78d7eb0aafd9e3fda817d2255d5f7fa7bd2f0e04da15
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
GET /n/login_files/styles_r.css HTTP/1.1
Host: truistservi3e.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://truistservi3e.line.pm/n/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 09 Mar 2023 12:50:00 GMT
Server: Apache
Last-Modified: Fri, 24 Feb 2023 08:28:36 GMT
Accept-Ranges: bytes
Content-Length: 160369
X-Robots-Tag: noindex,nofollow,nosnippet,notranslate,noimageindex,noyaca
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
truistservi3e.line.pm/n/login_files/polyfills.87d6b856162b755f.js.download
54.186.41.38200 OK 34 kB URL HTTP/1.1 truistservi3e.line.pm/n/login_files/polyfills.87d6b856162b755f.js.download
IP 54.186.41.38:0
File type ASCII text, with very long lines (33921), with no line terminators
Hash a41a401158c68bce6c0449d976f94254
b6712540e7ca18ed5bf7a684a7fa6f60f77775eb
0a032317a19ef60ee4bf3a0bd74b3cdfff1e1a2e1d7cdef29f0de71c5e6e3f2e
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /n/login_files/polyfills.87d6b856162b755f.js.download HTTP/1.1
Host: truistservi3e.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://truistservi3e.line.pm/n/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 09 Mar 2023 12:50:00 GMT
Server: Apache
Last-Modified: Fri, 24 Feb 2023 08:28:46 GMT
Accept-Ranges: bytes
Content-Length: 33921
X-Robots-Tag: noindex,nofollow,nosnippet,notranslate,noimageindex,noyaca
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
truistservi3e.line.pm/n/login_files/scripts.1c82821384a86f51.js.download
54.186.41.38200 OK 162 kB URL HTTP/1.1 truistservi3e.line.pm/n/login_files/scripts.1c82821384a86f51.js.download
IP 54.186.41.38:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 162 kB (162165 bytes)
Hash d260f493770fd7a5ec4caf09e788726a
0575d3d4e11d738d5b34cb4422c12b5fe6f961ab
30792010f2ad793afae6214bbb28bfd1cedc615ea2370a1862d7a5ae8787a09a
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /n/login_files/scripts.1c82821384a86f51.js.download HTTP/1.1
Host: truistservi3e.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://truistservi3e.line.pm/n/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 09 Mar 2023 12:50:00 GMT
Server: Apache
Last-Modified: Fri, 24 Feb 2023 08:28:46 GMT
Accept-Ranges: bytes
Content-Length: 162165
X-Robots-Tag: noindex,nofollow,nosnippet,notranslate,noimageindex,noyaca
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement_Module_AudienceManagement.min.js
2.18.172.233200 OK 8.8 kB URL HTTP/2 assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement_Module_AudienceManagement.min.js
IP 2.18.172.233:0
File type exported SGML document, ASCII text, with very long lines (24999)
Hash 753f93d291c48425bacf2eb9b49af1b8
57addc900449e93b1ffdb17b801924ef04882423
ba0b01787fff115c87c40274a96f4df218c04625dbd64887e44c34ba4552882c
GET /extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement_Module_AudienceManagement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://truistservi3e.line.pm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "d220d501715e0484d0dddeac614f902c:1663863410.217006"
last-modified: Thu, 22 Sep 2022 16:16:50 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 8755
expires: Thu, 09 Mar 2023 13:50:00 GMT
date: Thu, 09 Mar 2023 12:50:00 GMT
cache-control: no-cache
access-control-allow-origin: https://truistservi3e.line.pm
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement.min.js
2.18.172.233200 OK 12 kB URL HTTP/2 assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement.min.js
IP 2.18.172.233:0
File type ASCII text, with very long lines (32717)
Hash 9edbefe8919a34cc9ec5343e49caf90d
9e8f2b92a35df8e01814e558d10248a928ea2504
c276e66ee697edfb8fbe70a13d6cb8498b21fb998d10d6faaf3999f34f5525cc
GET /extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://truistservi3e.line.pm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "dfdd9e1f988805f0c2fbb10cd6b8f034:1663863409.614694"
last-modified: Thu, 22 Sep 2022 16:16:49 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 12384
expires: Thu, 09 Mar 2023 13:50:00 GMT
date: Thu, 09 Mar 2023 12:50:00 GMT
cache-control: no-cache
access-control-allow-origin: https://truistservi3e.line.pm
timing-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 2bd2d182adb12942423f64f0acdf6283
5718a378fe7edbdae207beb8951e768467e6c14c
c08206e64cc3ce3fedeafba4321a9101a8e187a5d6d14c2d0805c7bdaf8be756
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6299
Cache-Control: max-age=154918
Content-Type: application/ocsp-response
Date: Thu, 09 Mar 2023 12:50:01 GMT
Etag: "64097784-1d7"
Expires: Sat, 11 Mar 2023 07:51:59 GMT
Last-Modified: Thu, 09 Mar 2023 06:07:00 GMT
Server: ECAcc (ska/F7A5)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 54939002388023971ddb6b7e7ad53403
21f73b23a35299dfbae64d57dd2762625a9a09f5
8f8b0574ea2dc28302dee0a9868c1c145f66a6735353d236a8bd024c624f55a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8F8B0574EA2DC28302DEE0A9868C1C145F66A6735353D236A8BD024C624F55A1"
Last-Modified: Thu, 09 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5789
Expires: Thu, 09 Mar 2023 14:26:30 GMT
Date: Thu, 09 Mar 2023 12:50:01 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 54939002388023971ddb6b7e7ad53403
21f73b23a35299dfbae64d57dd2762625a9a09f5
8f8b0574ea2dc28302dee0a9868c1c145f66a6735353d236a8bd024c624f55a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8F8B0574EA2DC28302DEE0A9868C1C145F66A6735353D236A8BD024C624F55A1"
Last-Modified: Thu, 09 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5789
Expires: Thu, 09 Mar 2023 14:26:30 GMT
Date: Thu, 09 Mar 2023 12:50:01 GMT
Connection: keep-alive
dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=AA7A3BC75245B3BC0A490D4D%40AdobeOrg&d_nsid=0&ts=1678366200845
34.240.169.134200 OK 1.3 kB URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=AA7A3BC75245B3BC0A490D4D%40AdobeOrg&d_nsid=0&ts=1678366200845
IP 34.240.169.134:0
File type JSON data\012- , ASCII text, with very long lines (4008), with no line terminators
Hash 5a4616b40fcfbb766bbbfec7a009b6e3
fab52afc06c273e7a625d037c0e9da20cf31bae9
b26f99e1c86c00925a8e1ad655c8411fde4f090ffd037881ab609df5baf48143
GET /id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=AA7A3BC75245B3BC0A490D4D%40AdobeOrg&d_nsid=0&ts=1678366200845 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://truistservi3e.line.pm
Connection: keep-alive
Referer: https://truistservi3e.line.pm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://truistservi3e.line.pm
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v046-0647cef17.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=04963228942558333690341925295397043127; Max-Age=15552000; Expires=Tue, 05 Sep 2023 12:50:01 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: ptPgRKnRSck=
Content-Length: 1341
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 54939002388023971ddb6b7e7ad53403
21f73b23a35299dfbae64d57dd2762625a9a09f5
8f8b0574ea2dc28302dee0a9868c1c145f66a6735353d236a8bd024c624f55a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8F8B0574EA2DC28302DEE0A9868C1C145F66A6735353D236A8BD024C624F55A1"
Last-Modified: Thu, 09 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5789
Expires: Thu, 09 Mar 2023 14:26:30 GMT
Date: Thu, 09 Mar 2023 12:50:01 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 54939002388023971ddb6b7e7ad53403
21f73b23a35299dfbae64d57dd2762625a9a09f5
8f8b0574ea2dc28302dee0a9868c1c145f66a6735353d236a8bd024c624f55a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8F8B0574EA2DC28302DEE0A9868C1C145F66A6735353D236A8BD024C624F55A1"
Last-Modified: Thu, 09 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5789
Expires: Thu, 09 Mar 2023 14:26:30 GMT
Date: Thu, 09 Mar 2023 12:50:01 GMT
Connection: keep-alive
truistservi3e.line.pm/n/login_files/trulogo_horz-trupurple.png
54.186.41.38200 OK 4.4 kB URL HTTP/1.1 truistservi3e.line.pm/n/login_files/trulogo_horz-trupurple.png
IP 54.186.41.38:0
File type PNG image data, 365 x 86, 8-bit/color RGBA, non-interlaced\012- data
Hash fe2af793fe57fcace53f91cfed335a8e
250d1d12ba58cade61d74f7f61dbc90bf2556bda
d2e2e20fc9729fb0389392bde5a8fd1b4cb390dd8689ce7a1c3fe83cc91b0d52
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
GET /n/login_files/trulogo_horz-trupurple.png HTTP/1.1
Host: truistservi3e.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://truistservi3e.line.pm/n/login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 09 Mar 2023 12:50:01 GMT
Server: Apache
Last-Modified: Fri, 24 Feb 2023 08:28:44 GMT
Accept-Ranges: bytes
Content-Length: 4376
X-Robots-Tag: noindex,nofollow,nosnippet,notranslate,noimageindex,noyaca
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedc26d16-1c93-451f-bc00-adf9e2f92fac.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedc26d16-1c93-451f-bc00-adf9e2f92fac.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f32c8032ccfea50340a5f5e8a45bd091
86cfba31fca35364a5b1642285f14665ff4c5386
d1f1cd14a388cbb02731e58cb8267b808402b8cb3a4e90be90858ae04af3c6f2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedc26d16-1c93-451f-bc00-adf9e2f92fac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9081
x-amzn-requestid: 2ac239fb-ca70-41d5-8c86-fa398ac9a226
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BezeLGXFIAMF8ow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6408ff8d-24722910513f5bd32e2411aa;Sampled=0
x-amzn-remapped-date: Wed, 08 Mar 2023 21:35:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: N7CdHUf92t4MRdgtsbaMlU8TVIF1NgUfD8xkZiZMSZVGJpiQzNuXew==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 6bdc2963c9ed59b475ec36c35e5932a4.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Mar 2023 21:45:27 GMT
etag: "86cfba31fca35364a5b1642285f14665ff4c5386"
content-type: image/jpeg
age: 54274
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77aed517-9267-42f7-8747-6a004e114481.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77aed517-9267-42f7-8747-6a004e114481.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fe30e1b1728d593ffb1bfc6a2dbab090
9e15bc699f57b89fc504357b7f60638b3aac7e3f
9bf0c8e5a80ebec282c40057d8316f773b67d974997e6e1cae108376e9fb1136
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77aed517-9267-42f7-8747-6a004e114481.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6323
x-amzn-requestid: e556bad3-90a4-48fc-8eb2-c1bb150c4e36
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BbhB1GOioAMF-NA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6407aed8-00fc2fbb653b62d648123ab9;Sampled=0
x-amzn-remapped-date: Tue, 07 Mar 2023 21:38:32 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: C8b2nTwDYsveBUgzZ_2vRanLcrxX8lUv7edm1bJ6YUZ5TGFG-iBoVQ==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 9adef5b1c5fc9ca80d6f4f8d19e103a2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Mar 2023 21:43:59 GMT
age: 54362
etag: "9e15bc699f57b89fc504357b7f60638b3aac7e3f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fab5f13a1-64f5-41ac-aa1b-5fb0a6b438d4.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fab5f13a1-64f5-41ac-aa1b-5fb0a6b438d4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cd029abcba5db74cecb02bad1a036c43
bc714ee0389e279919dde08149be61c4dc9ab0a7
10ae90728b38f7aeba134961a7b80c68c213a09eeef618ef3d66f3305b19834e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fab5f13a1-64f5-41ac-aa1b-5fb0a6b438d4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4770
x-amzn-requestid: 963dae3d-8336-4a5b-8b25-c3617f946d73
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BUZkWFhLIAMF6FQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6404d61b-1b705b460f7539f97c3dd7e5;Sampled=0
x-amzn-remapped-date: Sun, 05 Mar 2023 17:49:15 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: HM56vjzUqmaOjBHUlhgopx3n5qjLe3x6v-AleC5P9ZRCJt5ndUZSsw==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 6af3b573d8970d5db2a4d03354335b84.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Mar 2023 22:35:48 GMT
age: 51253
etag: "bc714ee0389e279919dde08149be61c4dc9ab0a7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F834c2aef-aac4-479f-968e-6e2512e6b3a7.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F834c2aef-aac4-479f-968e-6e2512e6b3a7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0a2b1e2520b334c727a108a6ef9e3a5b
bb9f22ac357ef47cac278a35acfec2a3c45b9778
44395dbddf288edbb6e450aedbdbef228904b39ff4816a11113be7e5c7f209b2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F834c2aef-aac4-479f-968e-6e2512e6b3a7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: 0596691a-f410-4aaf-9b05-f9e24f776901
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BezeKGgGIAMF4UA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6408ff8d-4a4a6e5e1ba9967f11131c82;Sampled=0
x-amzn-remapped-date: Wed, 08 Mar 2023 21:35:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: 1XWxXaZjyNC3WJc099cqyObZeW32Ir4ufa9mGOKLLtrAJJwBu6nydw==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 82893cc36087a50f9a150a621d10e740.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Mar 2023 21:45:27 GMT
etag: "bb9f22ac357ef47cac278a35acfec2a3c45b9778"
content-type: image/jpeg
age: 54274
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff38cea88-980c-4bc3-9bc7-9a1bd822bec7.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff38cea88-980c-4bc3-9bc7-9a1bd822bec7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8f45f111388e764cdc6482be2307e0a1
f849869251bd94a51243604d94f9dd708930d3e2
8e7b32b34a50ba9ca3834a7d915b245590bd19d96ae13aa9881cdea8b7f5fcc2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff38cea88-980c-4bc3-9bc7-9a1bd822bec7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7804
x-amzn-requestid: c100b707-4225-449e-b028-4d9f9da81b3f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BfIm7H1_IAMFRYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6409215f-192127435abb06342b869fff;Sampled=0
x-amzn-remapped-date: Wed, 08 Mar 2023 23:59:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: yaOxtlUTgbRwPPBnoaojhuHQpKYLKsn3R1BKlJlBK4kkrG3EElHuTQ==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 b618c0f73dc30c968057784ed0185d7a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 09 Mar 2023 00:14:35 GMT
etag: "f849869251bd94a51243604d94f9dd708930d3e2"
content-type: image/jpeg
age: 45326
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffcb7b5b1-0c4b-408c-8cd5-9eefd08402b5.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffcb7b5b1-0c4b-408c-8cd5-9eefd08402b5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 05f4cdc3272aedc4a6fb7b7eef4177fd
014fa1c8bb655e3dc2d7047fe1934fa3d4d28195
27b6a951f9fe1bbc7ab5290a170aa0506f1e5fc12b188427b3eead0140ee3fab
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffcb7b5b1-0c4b-408c-8cd5-9eefd08402b5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4779
x-amzn-requestid: 2b17d9dd-5471-4d32-b49b-d02d656ff32d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BWPHqF6oIAMF9rA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64059230-40d6f50a5c99b19a09bc10f6;Sampled=0
x-amzn-remapped-date: Mon, 06 Mar 2023 07:11:44 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: Q9-UoPTYCnyFdkOejus088TOAvKfyxOTRSI27U0KPo_kxF3Bn1iORQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 da4fa914888b330b3e8a08632b8e41be.cloudfront.net (CloudFront), 1.1 google
date: Thu, 09 Mar 2023 08:07:50 GMT
age: 16931
etag: "014fa1c8bb655e3dc2d7047fe1934fa3d4d28195"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
truistservi3e.line.pm/n/login_files/dest5.html
54.186.41.38200 OK 7.0 kB URL HTTP/1.1 truistservi3e.line.pm/n/login_files/dest5.html
IP 54.186.41.38:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash adb22670f65af773576c4c4cc8ada19b
ef555a6a5532425732eff227a123e5a5ad4b8726
c4a819f7e3d4bf07bee7f005433ee4c988c2ec129d7ca7a4cd98f252d0ea8e62
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /n/login_files/dest5.html HTTP/1.1
Host: truistservi3e.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://truistservi3e.line.pm/n/login.php
Cookie: AMCV_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=179643557%7CMCIDTS%7C19426%7CvVersion%7C5.5.0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 09 Mar 2023 12:50:01 GMT
Server: Apache
Last-Modified: Fri, 24 Feb 2023 08:29:02 GMT
Accept-Ranges: bytes
Content-Length: 7028
X-Robots-Tag: noindex,nofollow,nosnippet,notranslate,noimageindex,noyaca
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html
truistservi3e.line.pm/n/assets/tru-core-icon-sprite.svg
54.186.41.38404 Not Found 315 B URL HTTP/1.1 truistservi3e.line.pm/n/assets/tru-core-icon-sprite.svg
IP 54.186.41.38:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /n/assets/tru-core-icon-sprite.svg HTTP/1.1
Host: truistservi3e.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://truistservi3e.line.pm/n/login.php
Cookie: AMCV_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=179643557%7CMCIDTS%7C19426%7CvVersion%7C5.5.0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Thu, 09 Mar 2023 12:50:01 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
truistservi3e.line.pm/n/login_files/TruistTrio_W_Rg.04d859e067287eae.woff
54.186.41.38404 Not Found 315 B URL HTTP/1.1 truistservi3e.line.pm/n/login_files/TruistTrio_W_Rg.04d859e067287eae.woff
IP 54.186.41.38:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /n/login_files/TruistTrio_W_Rg.04d859e067287eae.woff HTTP/1.1
Host: truistservi3e.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://truistservi3e.line.pm/n/login_files/styles_r.css
Cookie: AMCV_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=179643557%7CMCIDTS%7C19426%7CvVersion%7C5.5.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Thu, 09 Mar 2023 12:50:01 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
truistservi3e.line.pm/n/login_files/TruistTrio_W_Bd.6cc851b981bf7dd1.woff
54.186.41.38404 Not Found 315 B URL HTTP/1.1 truistservi3e.line.pm/n/login_files/TruistTrio_W_Bd.6cc851b981bf7dd1.woff
IP 54.186.41.38:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /n/login_files/TruistTrio_W_Bd.6cc851b981bf7dd1.woff HTTP/1.1
Host: truistservi3e.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://truistservi3e.line.pm/n/login_files/styles_r.css
Cookie: AMCV_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=179643557%7CMCIDTS%7C19426%7CvVersion%7C5.5.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Thu, 09 Mar 2023 12:50:01 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
truistservi3e.line.pm/n/login_files/father-son.09ab23b1a8413f101f8b.png
54.186.41.38200 OK 140 kB URL HTTP/1.1 truistservi3e.line.pm/n/login_files/father-son.09ab23b1a8413f101f8b.png
IP 54.186.41.38:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1600x1600, components 3\012- data
Size 140 kB (140237 bytes)
Hash 13ef1dd9531309bed82c8587228ecb23
322ea99d980c4266d0d6ec4034994545b351e73f
2fb0edc4309fcb422b5a0a0649b316449435e6a4f9ae2f3dc294d4c207028d25
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
GET /n/login_files/father-son.09ab23b1a8413f101f8b.png HTTP/1.1
Host: truistservi3e.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://truistservi3e.line.pm/n/login.php
Cookie: AMCV_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=179643557%7CMCIDTS%7C19426%7CvVersion%7C5.5.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 09 Mar 2023 12:50:01 GMT
Server: Apache
Last-Modified: Thu, 16 Dec 2021 10:07:06 GMT
Accept-Ranges: bytes
Content-Length: 140237
X-Robots-Tag: noindex,nofollow,nosnippet,notranslate,noimageindex,noyaca
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash b75bd911851e445797ef3f016631637b
0c248f682fee84e3672ec6498f47948fdcac9d18
56a2b9761208f108de198ad8ec6e06f172f355732f3035e3cef673a94d3b36dd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=155112
Content-Type: application/ocsp-response
Date: Thu, 09 Mar 2023 12:50:01 GMT
Etag: "640990e1-1d7"
Expires: Sat, 11 Mar 2023 07:55:13 GMT
Last-Modified: Thu, 09 Mar 2023 07:55:13 GMT
Server: nginx
Content-Length: 471
sstats.truist.com/id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=AA7A3BC75245B3BC0A490D4D%40AdobeOrg&mid=09584068392151763741085782873067651096&cl=34041600&ts=1678366201305
15.236.117.205200 OK 48 B URL HTTP/2 sstats.truist.com/id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=AA7A3BC75245B3BC0A490D4D%40AdobeOrg&mid=09584068392151763741085782873067651096&cl=34041600&ts=1678366201305
IP 15.236.117.205:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 0edcec3bc2a3c51f26064f5fa761d75a
086915f13769968ab00bb2b4475f2d59375b5571
da26a18c59824522c3fd00dfd2a485d5aa4af03a778b1a7026a3b20e993f85e5
GET /id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=AA7A3BC75245B3BC0A490D4D%40AdobeOrg&mid=09584068392151763741085782873067651096&cl=34041600&ts=1678366201305 HTTP/1.1
Host: sstats.truist.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://truistservi3e.line.pm
Connection: keep-alive
Referer: https://truistservi3e.line.pm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://truistservi3e.line.pm
access-control-allow-credentials: true
date: Thu, 09 Mar 2023 12:50:01 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_ecid=MCMID%7C09584068392151763741085782873067651096; Path=/; Domain=truist.com; Max-Age=34041600; Expires=Sat, 06 Apr 2024 12:50:50 GMT; SameSite=Lax;
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 48
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
truistservi3e.line.pm/n/login_files/main.6b47975291ab4afc.js.download
54.186.41.38200 OK 2.2 MB URL HTTP/1.1 truistservi3e.line.pm/n/login_files/main.6b47975291ab4afc.js.download
IP 54.186.41.38:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 2.2 MB (2180974 bytes)
Hash 2c2c657aff31f02b8098ce515dbcc5c1
b8b9a6b7d38a8eb91cb5cbd194a42a7479ad2378
835ea86eed199f3a97cc78115521ab7a20cdf6f02add43fe00484ff6d682fb4f
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /n/login_files/main.6b47975291ab4afc.js.download HTTP/1.1
Host: truistservi3e.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://truistservi3e.line.pm/n/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 09 Mar 2023 12:50:00 GMT
Server: Apache
Last-Modified: Fri, 24 Feb 2023 08:28:50 GMT
Accept-Ranges: bytes
Content-Length: 2180974
X-Robots-Tag: noindex,nofollow,nosnippet,notranslate,noimageindex,noyaca
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
truistservi3e.line.pm/dias/info/config
54.186.41.38404 Not Found 315 B URL HTTP/1.1 truistservi3e.line.pm/dias/info/config
IP 54.186.41.38:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /dias/info/config HTTP/1.1
Host: truistservi3e.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Referer: https://truistservi3e.line.pm/n/login.php
Cookie: AMCV_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=179643557%7CMCIDTS%7C19426%7CMCMID%7C09584068392151763741085782873067651096%7CMCAAMLH-1678971001%7C6%7CMCAAMB-1678971001%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1678373401s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.5.0; AMCVS_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Thu, 09 Mar 2023 12:50:02 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.r2m01.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash 34ef526bbcd1e7a311970f5e44ab0d88
ceab916419134a3be0ae0af74b748f11cf9327b7
f76daad636a6b5fb1941f41b7856d0e8a072924a552ccef5975d4a2e3f788815
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=132808
Date: Thu, 09 Mar 2023 12:50:02 GMT
Etag: "64092ce1-1d7"
Expires: Sat, 11 Mar 2023 01:43:30 GMT
Last-Modified: Thu, 09 Mar 2023 00:48:33 GMT
Server: ECAcc (bsa/EB2A)
X-Cache: Miss from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: qNGKXHndqC6fJNNq-ohB76sjpo0OG66eCEewJBblCL-gXw-YgXSIrA==
Age: 3297
cm.everesttech.net/cm/dd?d_uuid=04963228942558333690341925295397043127
54.229.62.148302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=04963228942558333690341925295397043127
IP 54.229.62.148:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=04963228942558333690341925295397043127 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://truistservi3e.line.pm/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Thu, 09 Mar 2023 12:50:02 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~ZAnV_gAAAIyVNwMx; Domain=.everesttech.net; Expires=Fri, 08-Mar-2024 12:50:02 GMT; Path=/
everest_session_v2="ZAnV@gAAAIyVOAMx"; Version=1; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZAnV_gAAAIyVNwMx
Server: AMO-cookiemap/1.1
dpm.demdex.net/ibs:dpid=411&dpuuid=ZAnV_gAAAIyVNwMx
34.240.169.134302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=ZAnV_gAAAIyVNwMx
IP 34.240.169.134:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=ZAnV_gAAAIyVNwMx HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://truistservi3e.line.pm/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v046-0ebef7d37.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=ZAnV_gAAAIyVNwMx
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=47340107077882526904114659179032059723; Max-Age=15552000; Expires=Tue, 05 Sep 2023 12:50:02 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: xFxF103xRek=
Content-Length: 0
Connection: keep-alive
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=ZAnV_gAAAIyVNwMx
34.240.169.134200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=ZAnV_gAAAIyVNwMx
IP 34.240.169.134:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=ZAnV_gAAAIyVNwMx HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://truistservi3e.line.pm/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-2-v046-05db1e5fa.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: cKHFRZKyRhM=
Content-Length: 59
Connection: keep-alive
dias.bank.truist.com/ui/favicon.ico
95.101.10.145200 OK 14 kB URL HTTP/2 dias.bank.truist.com/ui/favicon.ico
IP 95.101.10.145:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (833)
Hash 4df4d005bf945c174f007de32d8039cf
c87aa59a4d67e496135efccc0350bc43aaf4a878
23cf44f1018c634cf5b532114f89e9f27e888c3039d2be3fb5676eed5f5a0fa8
GET /ui/favicon.ico HTTP/1.1
Host: dias.bank.truist.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://truistservi3e.line.pm/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: text/html
etag: W/"1074-1671676884000:dtagent10251220909040818Sbvg"
last-modified: Thu, 22 Dec 2022 02:41:23 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
x-frame-options: DENY
x-content-type-options: nosniff
cache-control: max-age=0
x-oneagent-js-injection: true
expires: Thu, 29 Dec 2022 20:37:07 GMT
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains
server-timing: dtRpid;desc="-325815727", dtSInfo;desc="0"
vary: Accept-Encoding
content-encoding: gzip
date: Thu, 09 Mar 2023 12:50:02 GMT
content-length: 14472
X-Firefox-Spdy: h2