Report - collectcob.com/a3803b2bb569a955223a3cfe5341059a/

Report Overview

Submitted URL

collectcob.com/a3803b2bb569a955223a3cfe5341059a/
IP

108.179.253.94

ASN

#46606 UNIFIEDLAYER-AS-1
Submitted

2023-03-23T15:40:37Z

Access

public
Website Title
Final URL
Tags

chase financial phishing
urlquery detections

Phishing - Chase

Detections

urlquery

143
Network Intrusion Detection

62
Threat Detection Systems

0

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03T13:26:46Z	2023-03-29T05:09:31Z	413	5882	34.160.144.191
contile.services.mozilla.com (1)	1114	2021-05-27T20:32:35Z	2023-03-29T05:09:31Z	333	391	34.117.237.239
collectcob.com (72)	unknown	2022-10-01T20:04:02Z	2023-03-24T03:40:22Z	35137	261100	108.179.253.94
push.services.mozilla.com (1)	2140	2014-10-24T10:27:06Z	2023-03-29T05:09:32Z	606	127	54.148.35.137
img-getpocket.cdn.mozilla.net (7)	1631	2018-06-22T01:36:00Z	2023-03-29T05:09:12Z	3801	58051	34.120.237.76
r3.o.lencr.org (7)	344	2020-12-02T09:52:13Z	2023-03-29T05:09:11Z	2366	6203	23.36.76.226
firefox.settings.services.mozilla.com (2)	867	2020-06-04T22:08:41Z	2023-03-29T05:09:03Z	782	2374	35.241.9.150

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-03-23T15:40:34Z	medium	108.179.253.94	Client IP	ET PHISHING Cloned Website Phishing Landing - Saved Website Comment Observed
2023-03-23T15:40:35Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:35Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:35Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:35Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:35Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:35Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:35Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:35Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:36Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:36Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:36Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:36Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:36Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:36Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:36Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:36Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:36Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:36Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:36Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:36Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:36Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:36Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:36Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:37Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:37Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:37Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:37Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:37Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:37Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:37Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:37Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:37Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:37Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:37Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:37Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:37Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:38Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:38Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:38Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:38Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:38Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:38Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:38Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:38Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:39Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:39Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:39Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:39Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:39Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:39Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:39Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:39Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:40Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:40Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:40Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:40Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:40Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:40Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:40Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:40Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016
2023-03-23T15:40:40Z	medium	108.179.253.94	Client IP	ET PHISHING Possible Phishing Redirect Feb 09 2016

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (91)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

65fc860bc043f3fb83bdc3debdcd322d

418010755deae099ef1284e402813c5837a10f42

d93d50c523c7f735987aba09db628259441eb75efe713a2df3c214e1fb8b5171

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D93D50C523C7F735987ABA09DB628259441EB75EFE713A2DF3C214E1FB8B5171"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6540
Expires: Thu, 23 Mar 2023 17:29:25 GMT
Date: Thu, 23 Mar 2023 15:40:25 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

bea3185dd820a31c1981317f37c3456d

1a548a5d27270fc11df9011837a7149571cedd78

469b97bf9f57401b3c9571039483589f2815f4794212b75c7c85cfefe0ae71e9

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "469B97BF9F57401B3C9571039483589F2815F4794212B75C7C85CFEFE0AE71E9"
Last-Modified: Wed, 22 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19462
Expires: Thu, 23 Mar 2023 21:04:47 GMT
Date: Thu, 23 Mar 2023 15:40:25 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

84db75194692d4afe13196bda6f22da8

4c1f49bc973a4917f146d93c8d598344edc021f6

a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Alert, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 23 Mar 2023 15:15:07 GMT
content-type: application/json
age: 1518
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

51a5d4696a6090c295850554508b51ce

c44e143c2223546e64b19f543b8101aaf3b11e97

8794223d5e8d4d276c35e2fdcc24bf99694240634dd749cd9b5bf874dec055cf

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8794223D5E8D4D276C35E2FDCC24BF99694240634DD749CD9B5BF874DEC055CF"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4670
Expires: Thu, 23 Mar 2023 16:58:15 GMT
Date: Thu, 23 Mar 2023 15:40:25 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

e7bace7c1e04d44012e37ddffe36e5d5

3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2

6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: XtupeKA+iZn5ANNS43Fl30mtZoQA/y0AG49TDLprnd/MMlzoBhYmDwddCUIS2IERhR9xBO0c/g4=
x-amz-request-id: VK3EAEMZJPBQPWWY
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 23 Mar 2023 14:54:05 GMT
age: 2780
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 15:40:25 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

collectcob.com/a3803b2bb569a955223a3cfe5341059a/

108.179.253.94

200 OK

3582

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1183)

Size

3582
Hash

32ddf7d239fd3b54b3aab89d12ac2e28

00fdf3ff92775119530062d1b73f684a25defc36

26b1840584611d0c75a03f4fbda3576184d22bad0caabc286b43a69fc11cef4d

Detections

NIDS	Severity	Alert
suricata	medium	ET PHISHING Cloned Website Phishing Landing - Saved Website Comment Observed

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/ HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 15:40:25 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc; path=/
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3582
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Last-Modified, Retry-After, Content-Length, Alert, Cache-Control, Expires, Content-Type, Backoff, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 23 Mar 2023 15:14:33 GMT
age: 1553
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/logon.css

108.179.253.94

200 OK

14657

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/logon.css
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

ASCII text, with very long lines (65536), with no line terminators

Size

14657
Hash

dad398907cff978b625e6fb10c3b5d6e

4bb4228dc68d19cc9308132a5a1be3ecc8d4a2da

9437516af631263ee63bbfe9bd53d265570a9ac61bc258adf84cbb3eb0853532

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/logon.css HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 15:40:26 GMT
Server: Apache
Last-Modified: Thu, 23 Mar 2023 14:10:17 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 14657
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/css

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css

108.179.253.94

200 OK

55160

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

ASCII text, with very long lines (65536), with no line terminators

Size

55160
Hash

dea471d0c37b261b8669b56a01d737a5

f3af4198470d5797e30c6e691c1dce427892c53f

ac29b88bcf2d3d0f35a5e8b6a8e9565394d249b284fda2a5c4213defb0d21002

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 15:40:26 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 23 Mar 2023 14:10:17 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: text/css

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

050ca4dc2182e0a27573b0d9f32b7834

bec14dc5af0d0b32210470673511acd8db404308

b6129b9d1848f75265dca4446c5399927bdaf15c7b49c083765847b0fe276eaf

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B6129B9D1848F75265DCA4446C5399927BDAF15C7B49C083765847B0FE276EAF"
Last-Modified: Wed, 22 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7474
Expires: Thu, 23 Mar 2023 17:45:00 GMT
Date: Thu, 23 Mar 2023 15:40:26 GMT
Connection: keep-alive

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/Capture.PNG

108.179.253.94

200 OK

1062

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/Capture.PNG
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

PNG image data, 133 x 16, 8-bit/color RGBA, non-interlaced\012- data

Size

1062
Hash

3b847fb5f5b6ec3e30a955259b200c10

39b692f575af837d011f500d8f0dc3e269205cfe

922579c97e77c029923625e04383db0a7d2060e94170a7493f7f15b111eb832b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/Capture.PNG HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 15:40:26 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 23 Mar 2023 14:10:17 GMT
Accept-Ranges: bytes
Content-Length: 1062
Keep-Alive: timeout=5, max=75
Content-Type: image/png

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/opensans-regular.ttf

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/opensans-regular.ttf
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/opensans-regular.ttf HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:26 GMT
Server: Apache
location: 2cb4622ac2e383c87500dd915075e039
Content-Length: 0
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/chase.png

108.179.253.94

200 OK

18850

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/chase.png
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

PNG image data, 300 x 100, 8-bit/color RGBA, non-interlaced\012- data

Size

18850
Hash

d0c0f6acacbbbe60a4fd29c30f6385f6

9df86966c89c761d6f1883f848f295073b889c48

be2e9a139a53a358658b746924656ebcb08cafe09636949e4cdcd2cde9ce6d5d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/chase.png HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 15:40:26 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 23 Mar 2023 14:10:17 GMT
Accept-Ranges: bytes
Content-Length: 18850
Keep-Alive: timeout=5, max=75
Content-Type: image/png

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/dcefont.woff

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/dcefont.woff
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/fonts/dcefont.woff HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:26 GMT
Server: Apache
location: 6371e0bd35a3d683a70aa2061c5c0eac
Content-Length: 0
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/background.mobile.night.4.jpeg

108.179.253.94

200 OK

89366

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/background.mobile.night.4.jpeg
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 568x319, components 3\012- data

Size

89366
Hash

3fa44c385411c3153446c0ae89c258e6

e386b939ff81fcd030663dc22cbaabd92c927c99

4dcf3aa360ee96e6cf8b9f57b214499e20503a3c24eb0ffb8f2229e3c2114795

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/background.mobile.night.4.jpeg HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 15:40:26 GMT
Server: Apache
Last-Modified: Thu, 23 Mar 2023 14:10:17 GMT
Accept-Ranges: bytes
Content-Length: 89366
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/jpeg

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/2cb4622ac2e383c87500dd915075e039

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/2cb4622ac2e383c87500dd915075e039
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/2cb4622ac2e383c87500dd915075e039 HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:26 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
location: 0580f3389155a856006a132d512a8159
Content-Length: 0
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/6371e0bd35a3d683a70aa2061c5c0eac

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/6371e0bd35a3d683a70aa2061c5c0eac
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/fonts/6371e0bd35a3d683a70aa2061c5c0eac HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:26 GMT
Server: Apache
location: 1922e9d35808da6d87c31dfbcdc499d3
Content-Length: 0
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

push.services.mozilla.com/

54.148.35.137

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

54.148.35.137:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: GrXfc5wNJw8d2G+i8WTkcQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: pHhHVQhDRnL8VAjoJUixWwXhv/Y=

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/opensans-semibold.woff

108.179.253.94

200 OK

25108

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/opensans-semibold.woff
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Web Open Font Format, TrueType, length 25108, version 1.0\012- data

Size

25108
Hash

33b58dcbc5aa1ae12fa76473c21ffe44

82a3345756101d0f95fe1dab285e9f9c4e79871f

d2113460c69de50edc6206a20deec3c2bc2733929f53817f1faca74ab34c33e3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/opensans-semibold.woff HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 15:40:26 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 23 Mar 2023 14:10:17 GMT
Accept-Ranges: bytes
Content-Length: 25108
Keep-Alive: timeout=5, max=75
Content-Type: font/woff

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/0580f3389155a856006a132d512a8159

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/0580f3389155a856006a132d512a8159
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/0580f3389155a856006a132d512a8159 HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:26 GMT
Server: Apache
location: dd1c349b46be7b518cc631bd35c44f82
Content-Length: 0
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/1922e9d35808da6d87c31dfbcdc499d3

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/1922e9d35808da6d87c31dfbcdc499d3
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/fonts/1922e9d35808da6d87c31dfbcdc499d3 HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:27 GMT
Server: Apache
location: 29800d33586987cfb9f445d9bb169736
Content-Length: 0
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/dd1c349b46be7b518cc631bd35c44f82

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/dd1c349b46be7b518cc631bd35c44f82
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/dd1c349b46be7b518cc631bd35c44f82 HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:27 GMT
Server: Apache
location: 48bdaa0122a33efc6a9e0efa7ea99ce7
Content-Length: 0
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/29800d33586987cfb9f445d9bb169736

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/29800d33586987cfb9f445d9bb169736
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/fonts/29800d33586987cfb9f445d9bb169736 HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:27 GMT
Server: Apache
location: b17bc0573d2cfc0ac0ea86779fcdf9b7
Content-Length: 0
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/48bdaa0122a33efc6a9e0efa7ea99ce7

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/48bdaa0122a33efc6a9e0efa7ea99ce7
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/48bdaa0122a33efc6a9e0efa7ea99ce7 HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:27 GMT
Server: Apache
location: 349f0b4cea33d0454cf37e44a8818d52
Content-Length: 0
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/b17bc0573d2cfc0ac0ea86779fcdf9b7

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/b17bc0573d2cfc0ac0ea86779fcdf9b7
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/fonts/b17bc0573d2cfc0ac0ea86779fcdf9b7 HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:27 GMT
Server: Apache
location: ec2f23bf1ce00359b500a31e4dd0343f
Content-Length: 0
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/349f0b4cea33d0454cf37e44a8818d52

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/349f0b4cea33d0454cf37e44a8818d52
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/349f0b4cea33d0454cf37e44a8818d52 HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:27 GMT
Server: Apache
location: 09c80c252d06838f681bd04dd7f483fd
Content-Length: 0
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/ec2f23bf1ce00359b500a31e4dd0343f

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/ec2f23bf1ce00359b500a31e4dd0343f
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/fonts/ec2f23bf1ce00359b500a31e4dd0343f HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:27 GMT
Server: Apache
location: 6ccfb07020ac8e43461910d728de8dd7
Content-Length: 0
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/09c80c252d06838f681bd04dd7f483fd

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/09c80c252d06838f681bd04dd7f483fd
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/09c80c252d06838f681bd04dd7f483fd HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:27 GMT
Server: Apache
location: 70c43f34806ac466d4bc4908fe4b110f
Content-Length: 0
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/6ccfb07020ac8e43461910d728de8dd7

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/6ccfb07020ac8e43461910d728de8dd7
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/fonts/6ccfb07020ac8e43461910d728de8dd7 HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:27 GMT
Server: Apache
location: 58d3ed814bc7d3a713011e6a04e47d27
Content-Length: 0
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/70c43f34806ac466d4bc4908fe4b110f

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/70c43f34806ac466d4bc4908fe4b110f
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/70c43f34806ac466d4bc4908fe4b110f HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:27 GMT
Server: Apache
location: 125ebec2a8872b23aa4c530e147e55f4
Content-Length: 0
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/58d3ed814bc7d3a713011e6a04e47d27

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/58d3ed814bc7d3a713011e6a04e47d27
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/fonts/58d3ed814bc7d3a713011e6a04e47d27 HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:27 GMT
Server: Apache
location: abd28aaa7a4f1364105170282ea11d2e
Content-Length: 0
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/125ebec2a8872b23aa4c530e147e55f4

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/125ebec2a8872b23aa4c530e147e55f4
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/125ebec2a8872b23aa4c530e147e55f4 HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:27 GMT
Server: Apache
location: a6f8777c6a1acacce7aa8dbd6d3b2a20
Content-Length: 0
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/abd28aaa7a4f1364105170282ea11d2e

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/abd28aaa7a4f1364105170282ea11d2e
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/fonts/abd28aaa7a4f1364105170282ea11d2e HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:27 GMT
Server: Apache
location: cceec9fd71e31af582067946fbad2c7c
Content-Length: 0
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/a6f8777c6a1acacce7aa8dbd6d3b2a20

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/a6f8777c6a1acacce7aa8dbd6d3b2a20
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/a6f8777c6a1acacce7aa8dbd6d3b2a20 HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:27 GMT
Server: Apache
location: 2614f9a8fc8ab55c8ff61bdf17bde28a
Content-Length: 0
Keep-Alive: timeout=5, max=66
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

a0d3d7099bbc5fed74a6e78e1a3096bf

96afaf8b3ac053577c56aca5f4a20d8655ecb771

c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3430
Expires: Thu, 23 Mar 2023 16:37:38 GMT
Date: Thu, 23 Mar 2023 15:40:28 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

a0d3d7099bbc5fed74a6e78e1a3096bf

96afaf8b3ac053577c56aca5f4a20d8655ecb771

c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3430
Expires: Thu, 23 Mar 2023 16:37:38 GMT
Date: Thu, 23 Mar 2023 15:40:28 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

a0d3d7099bbc5fed74a6e78e1a3096bf

96afaf8b3ac053577c56aca5f4a20d8655ecb771

c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3430
Expires: Thu, 23 Mar 2023 16:37:38 GMT
Date: Thu, 23 Mar 2023 15:40:28 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08561a1f-1d19-45db-be98-107d6b1ed25d.jpeg

34.120.237.76

200 OK

10480

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08561a1f-1d19-45db-be98-107d6b1ed25d.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

10480
Hash

6f0b9e85381489dcf646c251722b21d4

5f7ea91288a2170bcabdca6be296718c4191eacd

911f803271ad9053ebac3787bdde9b75ec604acc6aa28692cc8e4c5c4fb61483

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08561a1f-1d19-45db-be98-107d6b1ed25d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 10480
x-amzn-requestid: 58aa8272-4b4e-4a2f-9d6e-d47f70891c49
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJptHG7JoAMFSwA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2320-2fd6502b1271d5c13b4ebbe9;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:28 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: V_1L8vYf9-uS_-cGgsCstGC__IYpLZjEa0gOlsYgYOWwNJxxXJo83g==
via: 1.1 2241406ac19fffc8f35d6ddef8e22f56.cloudfront.net (CloudFront), 1.1 b23fb37cd7fff033ab21e3284f558a28.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 22:09:40 GMT
age: 63048
etag: "5f7ea91288a2170bcabdca6be296718c4191eacd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6692

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5be1b286-007a-44a5-a6fd-872190ecfa0b.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

6692
Hash

c05bfdf1411a931d8ea9adc64b07bc74

156ef59e53564a4f2b27002b2695fafecd578d82

15d17c0df2d2b0625ecf5f576a7ff630ae8b923b28be354ad23aec6a284a801a

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5be1b286-007a-44a5-a6fd-872190ecfa0b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 6692
x-amzn-requestid: 3a0f6a8d-89b1-43f4-8a15-8749bdbc047b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM9d9FcOoAMFaFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b75f2-3540256d6be3d4f85bba65ea;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:41:06 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: PNAVsyfdAHjn5F6Rt1uz1U46QCIGvTCqZatbAurr6Ilu0quHWExuSw==
via: 1.1 e92cc925fc8895560cd0628c67f58828.cloudfront.net (CloudFront), 1.1 aabd01c4a20dae837d162bd972422efc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:43:34 GMT
age: 64614
etag: "156ef59e53564a4f2b27002b2695fafecd578d82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/cceec9fd71e31af582067946fbad2c7c

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/cceec9fd71e31af582067946fbad2c7c
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/fonts/cceec9fd71e31af582067946fbad2c7c HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:28 GMT
Server: Apache
location: 9daf1292fdb2c5f99bbebdf8145385c6
Content-Length: 0
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

34.120.237.76

200 OK

10284

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F261caab9-983c-4eb1-9fca-fd73dc738e9e.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

10284
Hash

4e89d0b1281259e7399294fb5fa19d2b

5035ed41f497c97faefae9cdaf42dc07ab468557

f404d286deab5b4759be6e554e6488faab3b4f7988a86eb57520dac4e0d6a192

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F261caab9-983c-4eb1-9fca-fd73dc738e9e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 10284
x-amzn-requestid: e4d2c324-d0b0-436d-9739-29269e62aed0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM6hjEqtIAMFvXA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b713c-5a5bd6b60c1f52ab580f1757;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:21:00 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: g53sZY66fiEL8H79MzI7c7rqI-c-XxMvgB3myz79aw_lE9Aqgc66LQ==
via: 1.1 ffc1e24c06bfbb135c0a4d240b382048.cloudfront.net (CloudFront), 1.1 6ca7826fb0f4c565b1af9c7737725c48.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 07:32:23 GMT
age: 29285
etag: "5035ed41f497c97faefae9cdaf42dc07ab468557"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4905

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F772d9c75-9796-494f-9fc4-91d04e2bac53.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

4905
Hash

90f64fe111aa6e90ebf52e0335d21b75

4f25bdbffca3803b02c196c38491223684d36b4d

37894e16112286470b7fd2e0bbd5ca74944e6cb5ca6e8aff189c4515122a0d40

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F772d9c75-9796-494f-9fc4-91d04e2bac53.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 4905
x-amzn-requestid: bdcd62f9-d742-48af-9aa0-b13afc1846ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM9EnFLIoAMF5cg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b7550-63fc3df77b023fca782a53ea;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:38:24 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: we0zl0U_rfWuSW8_WX8vqLOYOCoeGP-4UUNb0r3f0mEICnLXASqC5A==
via: 1.1 b3cdce1c2fc39b89f45c98c417351f26.cloudfront.net (CloudFront), 1.1 d042f60a962591f741406f28a8170c5a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 03:39:03 GMT
age: 43285
etag: "4f25bdbffca3803b02c196c38491223684d36b4d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4912

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a816157-9568-4e7f-a034-14b2f1982949.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

4912
Hash

f4a771935927950222124e14b56046df

d07fe53e4ac41048497b2732c017f6666c3eda9e

4e8388626074646c2336711be0a170ceab367c343648a32d2389dd87640251d0

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a816157-9568-4e7f-a034-14b2f1982949.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 4912
x-amzn-requestid: d8fcf495-12af-42ae-ad69-0ea07b1a8669
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM8H3Fl1IAMFYgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b73cb-01cbd1981a57e53b3d3cde93;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:31:55 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: 4xGMCVWy2EXLLN8keteGLQvQjOp6KH97rkn_FK10eyng0-5EudcOig==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 174acb08636ac7d9e9a778bbf1bcbc52.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:43:33 GMT
etag: "d07fe53e4ac41048497b2732c017f6666c3eda9e"
content-type: image/jpeg
age: 64615
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5950

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93c300c4-e707-428c-9ae5-d4699c20a7ef.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

5950
Hash

800c2662fd6ab8829a02b7d63084c38d

0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239

76545e9f75dc558fdb7b54550934c7775318fb4150a9309f60e65d982d2e576e

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93c300c4-e707-428c-9ae5-d4699c20a7ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 5950
x-amzn-requestid: ce85112e-428d-4ca1-9dac-1d6c8c6dc74a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CKyF9EI3oAMFtyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a96f2-05c5948d6f74948b1c67d68c;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 05:49:38 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: lnMR6Lh4T37cFhMwb1qXIxjoPBghVFOGUz7HTt65DegMaxlElZxfjQ==
via: 1.1 59456abf79b201034ab5c9cfef7355e2.cloudfront.net (CloudFront), 1.1 599f04a365a179d553682d476509c388.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:43:32 GMT
age: 64616
etag: "0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/2614f9a8fc8ab55c8ff61bdf17bde28a

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/2614f9a8fc8ab55c8ff61bdf17bde28a
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/2614f9a8fc8ab55c8ff61bdf17bde28a HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:28 GMT
Server: Apache
location: ba9da19261ac01962b8b5f4f0f50dc74
Content-Length: 0
Keep-Alive: timeout=5, max=65
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/9daf1292fdb2c5f99bbebdf8145385c6

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/9daf1292fdb2c5f99bbebdf8145385c6
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/fonts/9daf1292fdb2c5f99bbebdf8145385c6 HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:28 GMT
Server: Apache
location: cf98a8672caf2e916aad3533836ab17e
Content-Length: 0
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/ba9da19261ac01962b8b5f4f0f50dc74

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/ba9da19261ac01962b8b5f4f0f50dc74
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/ba9da19261ac01962b8b5f4f0f50dc74 HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:28 GMT
Server: Apache
location: 259f24d8cf49d22071fbe1ec108accbc
Content-Length: 0
Keep-Alive: timeout=5, max=64
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/cf98a8672caf2e916aad3533836ab17e

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/cf98a8672caf2e916aad3533836ab17e
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/fonts/cf98a8672caf2e916aad3533836ab17e HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:28 GMT
Server: Apache
location: 4a1a871d725805d7887d620f14549bd9
Content-Length: 0
Keep-Alive: timeout=5, max=66
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/259f24d8cf49d22071fbe1ec108accbc

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/259f24d8cf49d22071fbe1ec108accbc
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/259f24d8cf49d22071fbe1ec108accbc HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:28 GMT
Server: Apache
location: 7f4377c6cac9e8934af5c50d57d805bd
Content-Length: 0
Keep-Alive: timeout=5, max=63
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/4a1a871d725805d7887d620f14549bd9

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/4a1a871d725805d7887d620f14549bd9
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/fonts/4a1a871d725805d7887d620f14549bd9 HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:28 GMT
Server: Apache
location: 6d5fa0dfdb78ca89433b99a12090559b
Content-Length: 0
Keep-Alive: timeout=5, max=65
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/7f4377c6cac9e8934af5c50d57d805bd

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/7f4377c6cac9e8934af5c50d57d805bd
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/7f4377c6cac9e8934af5c50d57d805bd HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:28 GMT
Server: Apache
location: edbfdd539ec4d471258c06dc2de6fd94
Content-Length: 0
Keep-Alive: timeout=5, max=62
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/6d5fa0dfdb78ca89433b99a12090559b

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/6d5fa0dfdb78ca89433b99a12090559b
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/fonts/6d5fa0dfdb78ca89433b99a12090559b HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:28 GMT
Server: Apache
location: 9c5cc0d7598537d7e60bbcc26b3eb847
Content-Length: 0
Keep-Alive: timeout=5, max=64
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/edbfdd539ec4d471258c06dc2de6fd94

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/edbfdd539ec4d471258c06dc2de6fd94
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/edbfdd539ec4d471258c06dc2de6fd94 HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:28 GMT
Server: Apache
location: 6baf4dbeb5ae1e87a11b13b5f8bc9b07
Content-Length: 0
Keep-Alive: timeout=5, max=61
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/9c5cc0d7598537d7e60bbcc26b3eb847

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/9c5cc0d7598537d7e60bbcc26b3eb847
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/fonts/9c5cc0d7598537d7e60bbcc26b3eb847 HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:28 GMT
Server: Apache
location: 62146033e8278d4dabceda00f245a199
Content-Length: 0
Keep-Alive: timeout=5, max=63
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/6baf4dbeb5ae1e87a11b13b5f8bc9b07

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/6baf4dbeb5ae1e87a11b13b5f8bc9b07
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/6baf4dbeb5ae1e87a11b13b5f8bc9b07 HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:28 GMT
Server: Apache
location: ea7ab10ae4376c81de48ffde383ae0fb
Content-Length: 0
Keep-Alive: timeout=5, max=60
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/62146033e8278d4dabceda00f245a199

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/62146033e8278d4dabceda00f245a199
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/fonts/62146033e8278d4dabceda00f245a199 HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:28 GMT
Server: Apache
location: 505e0fece384c485e9b4d7439c481e4c
Content-Length: 0
Keep-Alive: timeout=5, max=62
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/ea7ab10ae4376c81de48ffde383ae0fb

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/ea7ab10ae4376c81de48ffde383ae0fb
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/ea7ab10ae4376c81de48ffde383ae0fb HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:28 GMT
Server: Apache
location: 3eddfa470f58bc438a677f4bbc068d02
Content-Length: 0
Keep-Alive: timeout=5, max=59
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/505e0fece384c485e9b4d7439c481e4c

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/505e0fece384c485e9b4d7439c481e4c
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/fonts/505e0fece384c485e9b4d7439c481e4c HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:28 GMT
Server: Apache
location: 3f9bcd30701ca21b70f2d4e26cf40725
Content-Length: 0
Keep-Alive: timeout=5, max=61
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/3eddfa470f58bc438a677f4bbc068d02

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/3eddfa470f58bc438a677f4bbc068d02
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/3eddfa470f58bc438a677f4bbc068d02 HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:29 GMT
Server: Apache
location: 358f8f5ff577c2540cf5d3607227f595
Content-Length: 0
Keep-Alive: timeout=5, max=58
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/3f9bcd30701ca21b70f2d4e26cf40725

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/3f9bcd30701ca21b70f2d4e26cf40725
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/fonts/3f9bcd30701ca21b70f2d4e26cf40725 HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:29 GMT
Server: Apache
location: 50ca9711a2405613f498eb2f65e32cad
Content-Length: 0
Keep-Alive: timeout=5, max=60
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/358f8f5ff577c2540cf5d3607227f595

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/358f8f5ff577c2540cf5d3607227f595
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/358f8f5ff577c2540cf5d3607227f595 HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:29 GMT
Server: Apache
location: 86dd2f6750eccddf00230cc0e671551d
Content-Length: 0
Keep-Alive: timeout=5, max=57
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/50ca9711a2405613f498eb2f65e32cad

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/50ca9711a2405613f498eb2f65e32cad
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/fonts/50ca9711a2405613f498eb2f65e32cad HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:29 GMT
Server: Apache
location: ce9e5f4b707e68a53d9f171e2e338424
Content-Length: 0
Keep-Alive: timeout=5, max=59
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/86dd2f6750eccddf00230cc0e671551d

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/86dd2f6750eccddf00230cc0e671551d
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/86dd2f6750eccddf00230cc0e671551d HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:29 GMT
Server: Apache
location: d0927e7612811c299a1f7609a6fe6d5f
Content-Length: 0
Keep-Alive: timeout=5, max=56
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/ce9e5f4b707e68a53d9f171e2e338424

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/ce9e5f4b707e68a53d9f171e2e338424
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/fonts/ce9e5f4b707e68a53d9f171e2e338424 HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:29 GMT
Server: Apache
location: 466ad85bbe5bc5ed44477910efb192f1
Content-Length: 0
Keep-Alive: timeout=5, max=58
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/d0927e7612811c299a1f7609a6fe6d5f

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/d0927e7612811c299a1f7609a6fe6d5f
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/d0927e7612811c299a1f7609a6fe6d5f HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:29 GMT
Server: Apache
location: de875758e24232a06b71c45f15588c6e
Content-Length: 0
Keep-Alive: timeout=5, max=55
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/466ad85bbe5bc5ed44477910efb192f1

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/466ad85bbe5bc5ed44477910efb192f1
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/fonts/466ad85bbe5bc5ed44477910efb192f1 HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:29 GMT
Server: Apache
location: 2100706b30ecc18ea0554cf5dff0fc04
Content-Length: 0
Keep-Alive: timeout=5, max=57
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/chase-touch-icon-152x152.png

108.179.253.94

200 OK

3306

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/chase-touch-icon-152x152.png
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

PNG image data, 152 x 152, 8-bit/color RGB, non-interlaced\012- data

Size

3306
Hash

c914a8a86590b23691476a4178ea3a52

af16ec4fc3b5446cac17ec8f0044286b835d3295

f3446f452fc926c9182a2a43780faa169e533df8446d4f9a5f62ac2fb5b375e6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/chase-touch-icon-152x152.png HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 15:40:29 GMT
Server: Apache
Last-Modified: Thu, 23 Mar 2023 14:10:17 GMT
Accept-Ranges: bytes
Content-Length: 3306
Keep-Alive: timeout=5, max=54
Connection: Keep-Alive
Content-Type: image/png

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/dcefont.ttf

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/dcefont.ttf
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/fonts/dcefont.ttf HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:29 GMT
Server: Apache
location: 1ede9f940e909273bd9ab0290a0f9a9e
Content-Length: 0
Keep-Alive: timeout=5, max=56
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/chasefavicon.ico

108.179.253.94

200 OK

32038

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/chasefavicon.ico
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data

Size

32038
Hash

5744986eb3dc6f2da92157a651889902

5a558b58498fab2aeb742acdab51e0c2fbc78385

625816f80596303e9de8e68695973369faa462b416202825b03899c781464fb9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/chasefavicon.ico HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 15:40:29 GMT
Server: Apache
Last-Modified: Thu, 23 Mar 2023 14:10:17 GMT
Accept-Ranges: bytes
Content-Length: 32038
Cache-Control: max-age=604800
Expires: Thu, 30 Mar 2023 15:40:29 GMT
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: image/x-icon

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/1ede9f940e909273bd9ab0290a0f9a9e

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/1ede9f940e909273bd9ab0290a0f9a9e
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/fonts/1ede9f940e909273bd9ab0290a0f9a9e HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:29 GMT
Server: Apache
location: 04b00fe86fc94f14e9d2858261e79c5f
Content-Length: 0
Keep-Alive: timeout=5, max=53
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/04b00fe86fc94f14e9d2858261e79c5f

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/04b00fe86fc94f14e9d2858261e79c5f
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/fonts/04b00fe86fc94f14e9d2858261e79c5f HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:29 GMT
Server: Apache
location: e4f2ba9c2573a61083c7ed5bbe6418ce
Content-Length: 0
Keep-Alive: timeout=5, max=52
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/e4f2ba9c2573a61083c7ed5bbe6418ce

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/e4f2ba9c2573a61083c7ed5bbe6418ce
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/fonts/e4f2ba9c2573a61083c7ed5bbe6418ce HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:30 GMT
Server: Apache
location: 5099385fbeeb55235f17f0c41e4cb8ae
Content-Length: 0
Keep-Alive: timeout=5, max=51
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/5099385fbeeb55235f17f0c41e4cb8ae

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/5099385fbeeb55235f17f0c41e4cb8ae
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/fonts/5099385fbeeb55235f17f0c41e4cb8ae HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:30 GMT
Server: Apache
location: bdb4240417d303a59b9d484a0166137f
Content-Length: 0
Keep-Alive: timeout=5, max=50
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/bdb4240417d303a59b9d484a0166137f

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/bdb4240417d303a59b9d484a0166137f
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/fonts/bdb4240417d303a59b9d484a0166137f HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:30 GMT
Server: Apache
location: 4fd615b3694a396c495b09aaf554a4b6
Content-Length: 0
Keep-Alive: timeout=5, max=49
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/4fd615b3694a396c495b09aaf554a4b6

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/4fd615b3694a396c495b09aaf554a4b6
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/fonts/4fd615b3694a396c495b09aaf554a4b6 HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:30 GMT
Server: Apache
location: d9e481ce16c5afb51cc82d838f920e39
Content-Length: 0
Keep-Alive: timeout=5, max=48
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/d9e481ce16c5afb51cc82d838f920e39

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/d9e481ce16c5afb51cc82d838f920e39
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/fonts/d9e481ce16c5afb51cc82d838f920e39 HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:30 GMT
Server: Apache
location: bc062811d05d1f7a71fefef836e8009b
Content-Length: 0
Keep-Alive: timeout=5, max=47
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/bc062811d05d1f7a71fefef836e8009b

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/bc062811d05d1f7a71fefef836e8009b
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/fonts/bc062811d05d1f7a71fefef836e8009b HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:30 GMT
Server: Apache
location: 9df6d141d74220ce0707bad953a522fa
Content-Length: 0
Keep-Alive: timeout=5, max=46
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/9df6d141d74220ce0707bad953a522fa

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/9df6d141d74220ce0707bad953a522fa
IP

108.179.253.94:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phishing Redirect Feb 09 2016

HTTP Headers

                                        GET /a3803b2bb569a955223a3cfe5341059a/css/fonts/9df6d141d74220ce0707bad953a522fa HTTP/1.1
Host: collectcob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/blue-ui.css
Connection: keep-alive
Cookie: PHPSESSID=e7ecb9fc635c8fd559e7e9a9fd56e9dc

                                        HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 15:40:30 GMT
Server: Apache
location: f47e427a10ac9ca86a7e880b444fccaf
Content-Length: 0
Keep-Alive: timeout=5, max=45
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/f47e427a10ac9ca86a7e880b444fccaf

108.179.253.94

302 Moved Temporarily

URL HTTP/1.1

collectcob.com/a3803b2bb569a955223a3cfe5341059a/css/fonts/f47e427a10ac9ca86a7e880b444fccaf
IP

108.179.253.94:0

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (91)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

Detections

HTTP Headers

URL HTTP/2

IP

ASN