urlquery - report: quickhouses.pt/americanfirst/

Fully Qualifying Domain Name	Rank	First Seen	Last Seen	IP	Comment
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03 12:26:46 UTC	2023-01-23 17:21:06 UTC	34.160.144.191
contile.services.mozilla.com (1)	1114	2021-05-27 18:32:35 UTC	2023-01-23 17:12:20 UTC	34.117.237.239
cdnjs.cloudflare.com (2)	235	2012-05-23 12:49:49 UTC	2023-01-23 17:54:03 UTC	104.17.24.14
push.services.mozilla.com (1)	2140	2014-10-24 08:27:06 UTC	2023-01-23 17:26:14 UTC	54.149.93.186
img-getpocket.cdn.mozilla.net (6)	1631	2017-09-01 03:40:57 UTC	2023-01-23 17:33:59 UTC	34.120.237.76
r3.o.lencr.org (6)	344	2020-12-02 08:52:13 UTC	2023-01-23 17:12:05 UTC	23.36.77.32
firefox.settings.services.mozilla.com (2)	867	2020-05-25 20:06:39 UTC	2023-01-23 17:13:12 UTC	35.241.9.150
code.jquery.com (2)	634	2012-05-21 17:28:02 UTC	2023-01-23 17:12:39 UTC	69.16.175.10
ajax.aspnetcdn.com (1)	693	2012-05-24 13:35:31 UTC	2023-01-23 13:30:44 UTC	152.199.19.160
ocsp.digicert.com (3)	86	2012-05-21 07:02:23 UTC	2023-01-23 18:22:47 UTC	93.184.220.29
stackpath.bootstrapcdn.com (1)	2467	2018-04-05 04:41:29 UTC	2023-01-23 21:42:36 UTC	104.18.11.207
quickhouses.pt (15)	0	2019-12-30 21:48:17 UTC	2023-01-24 14:24:46 UTC	185.32.189.194	Unknown ranking

Scan Date	Severity	Indicator	Comment
2023-01-24	2	quickhouses.pt/americanfirst/	America First Credit Union

Scan Date	Severity	Indicator	Comment
2023-01-24	2	quickhouses.pt/americanfirst/	Phishing
2023-01-24	2	quickhouses.pt/americanfirst/adobe/data/js/css/index_1.html	Phishing
2023-01-24	2	quickhouses.pt/americanfirst/asset/analytics/ads/js/actions.js	Phishing
2023-01-24	2	quickhouses.pt/americanfirst/adobe/data/js/css/roboto-latin-500.020c97dc.woff2	Phishing
2023-01-24	2	quickhouses.pt/americanfirst/adobe/data/js/css/roboto-latin-400.479970ff.woff2	Phishing

Date	UQ / IDS / BL	URL	IP
2023-01-24 19:23:37 +0000	16 - 0 - 8	quickhouses.pt/americanfirst	185.32.189.194
2023-01-24 19:23:23 +0000	16 - 0 - 6	quickhouses.pt/americanfirst/	185.32.189.194
2023-01-24 16:37:02 +0000	16 - 0 - 8	quickhouses.pt/americanfirst	185.32.189.194
2023-01-24 16:36:37 +0000	16 - 0 - 6	quickhouses.pt/americanfirst/	185.32.189.194
2023-01-24 10:24:33 +0000	0 - 0 - 1	momentoscarbela.com/host11/admin/	185.32.189.194

Date	UQ / IDS / BL	URL	IP
2023-03-30 19:09:23 +0000	0 - 1 - 0	ipss-santanatalia.com/seu/seu.php	185.32.189.80
2023-03-22 14:28:56 +0000	2 - 0 - 0	talhoboutiquedacarne.pt/blesss/auth/ksnnq/ast (...)	185.32.188.5
2023-03-20 07:45:35 +0000	0 - 1 - 0	www.plresende.pt/wp-content/uploads/SUPORTE-P (...)	185.32.189.201
2023-03-12 16:04:59 +0000	0 - 2 - 0	ftp.nunotavares.biz/	185.32.188.31
2023-03-09 14:48:31 +0000	0 - 0 - 2	restauranteamarina.com/ingles	185.32.188.31

Date	UQ / IDS / BL	URL	IP
2023-01-24 19:23:37 +0000	16 - 0 - 8	quickhouses.pt/americanfirst	185.32.189.194
2023-01-24 19:23:23 +0000	16 - 0 - 6	quickhouses.pt/americanfirst/	185.32.189.194
2023-01-24 16:37:02 +0000	16 - 0 - 8	quickhouses.pt/americanfirst	185.32.189.194
2023-01-24 16:36:37 +0000	16 - 0 - 6	quickhouses.pt/americanfirst/	185.32.189.194

Date	UQ / IDS / BL	URL	IP
2023-03-23 01:40:20 +0000	0 - 0 - 3	mob10l-afcu.web.app/	199.36.158.100
2023-03-21 14:28:20 +0000	14 - 0 - 7	www.mobilifarma.com.ar/32TvreRgtrInbdew23/	200.58.111.45
2023-03-21 14:27:22 +0000	13 - 0 - 10	verify56-americafirst.web.app/	199.36.158.100
2023-03-21 14:26:41 +0000	14 - 0 - 11	verify56-americafirst.firebaseapp.com/	199.36.158.100
2023-03-14 17:24:42 +0000	10 - 0 - 4	setpointapp.com/afcu/0/DOMAIN/indexs.html?acct=	35.213.180.130

HTTP Transactions (41)

Request	Response
GET /americanfirst/ HTTP/1.1 Host: quickhouses.pt User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1	URL: quickhouses.pt/americanfirst/ FQDN: quickhouses.pt IP: 185.32.189.194 HASH: 65cd35a0af166f01c3713a184e0c3a27e735986cc1e8b59929ba174dc401d0c3 185.32.189.194 HTTP/1.1 200 OK Content-Type: text/html Date: Tue, 24 Jan 2023 16:36:26 GMT Server: Apache Last-Modified: Fri, 08 Apr 2022 12:41:38 GMT Accept-Ranges: bytes Content-Length: 33357 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3970), with CRLF line terminators Size: 33357 Md5: 636a0d5c4650abe144994004f31833c9 Sha1: 3998a1e7e881f5a619fba6aecccb8f56c3c601fd Sha256: 65cd35a0af166f01c3713a184e0c3a27e735986cc1e8b59929ba174dc401d0c3 Alerts: urlquery: - Phishing - America First Credit Union Blocklists: - openphish: America First Credit Union - fortinet: Phishing
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 0582b6180687dd95c7fd728f1b9db4495b807151e309b608ad203d69708f9da6 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "0582B6180687DD95C7FD728F1B9DB4495B807151E309B608AD203D69708F9DA6" Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=7540 Expires: Tue, 24 Jan 2023 18:42:07 GMT Date: Tue, 24 Jan 2023 16:36:27 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: f5e46725831d8d722872bf68d752f4c5 Sha1: cf37793a1b73e3f84fe6c37fb27382c83b49dbc0 Sha256: 0582b6180687dd95c7fd728f1b9db4495b807151e309b608ad203d69708f9da6
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: cb028034340b709ece65e45e8fc1a26a64dd85926beaa542f308d3f1d5ee2c84 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "CB028034340B709ECE65E45E8FC1A26A64DD85926BEAA542F308D3F1D5EE2C84" Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3186 Expires: Tue, 24 Jan 2023 17:29:33 GMT Date: Tue, 24 Jan 2023 16:36:27 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 0be6cec5607bb65c06dbadd33456aec1 Sha1: 9d13129e936eb5fc82e403931884cdc8c6e6ab92 Sha256: cb028034340b709ece65e45e8fc1a26a64dd85926beaa542f308d3f1d5ee2c84
GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: firefox.settings.services.mozilla.com/v1/ FQDN: firefox.settings.services.mozilla.com IP: 35.241.9.150 HASH: 6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e 35.241.9.150 HTTP/2 200 OK content-type: application/json access-control-allow-origin: * access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 939 via: 1.1 google date: Tue, 24 Jan 2023 15:42:44 GMT age: 3223 cache-control: max-age=3600,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size: 939 Md5: bf0c602d32b3c14606f22a86183b5e3c Sha1: 6eabd8d83475eba731968abe1a05a8bfd272f160 Sha256: 6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 9750518efd869da5ff74ba65a196445bd4340c909157cc1a420f62c1d07224a0 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "9750518EFD869DA5FF74BA65A196445BD4340C909157CC1A420F62C1D07224A0" Last-Modified: Mon, 23 Jan 2023 16:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=10901 Expires: Tue, 24 Jan 2023 19:38:08 GMT Date: Tue, 24 Jan 2023 16:36:27 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 6cd4f1da1215c7473500807c185f2449 Sha1: b14db0c67cf1f5faf85648ed8f94baf2dd03808b Sha256: 9750518efd869da5ff74ba65a196445bd4340c909157cc1a420f62c1d07224a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: content-signature-2.cdn.mozilla.net/chains/remote-setti (...) FQDN: content-signature-2.cdn.mozilla.net IP: 34.160.144.191 HASH: adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c 34.160.144.191 HTTP/2 200 OK content-type: binary/octet-stream x-amz-id-2: zsF9upugkwXHWMcUCea9pJG+3vRIQb1LK7h39xqX3ZNNPoI2lKk7q8smkio7JXhr3YxFPq84KfaAVwpIcIzjFA== x-amz-request-id: Y05ZGT383MH16X2K content-disposition: attachment accept-ranges: bytes server: AmazonS3 content-length: 5348 via: 1.1 google date: Tue, 24 Jan 2023 15:48:13 GMT age: 2894 last-modified: Mon, 09 Jan 2023 18:04:21 GMT etag: "7b922915ebf1fa3639b333f994c74f24" cache-control: public,max-age=3600 alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: PEM certificate\012- , ASCII text Size: 5348 Md5: 7b922915ebf1fa3639b333f994c74f24 Sha1: 144a3f80b98fd0652d4614f24cf6cbbee40f8938 Sha256: adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: contile.services.mozilla.com/v1/tiles FQDN: contile.services.mozilla.com IP: 34.117.237.239 HASH: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3 34.117.237.239 HTTP/2 200 OK content-type: application/json server: nginx date: Tue, 24 Jan 2023 16:36:27 GMT content-length: 12 access-control-allow-credentials: true access-control-expose-headers: content-type vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with no line terminators Size: 12 Md5: 23e88fb7b99543fb33315b29b1fad9d6 Sha1: a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /ajax/libs/popper.js/1.14.0/umd/popper.min.js HTTP/1.1 Host: cdnjs.cloudflare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: http://quickhouses.pt Connection: keep-alive Referer: http://quickhouses.pt/ Sec-Fetch-Dest: script Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/pop (...) FQDN: cdnjs.cloudflare.com IP: 104.17.24.14 HASH: 91d57502b7260e6752c2b5f1636d77707929fa9f09da28589691e61816a448f9 104.17.24.14 HTTP/2 200 OK content-type: application/javascript; charset=utf-8 date: Tue, 24 Jan 2023 16:36:27 GMT content-length: 6458 access-control-allow-origin: * cache-control: public, max-age=30672000 content-encoding: br etag: "5eb03fa9-500f" last-modified: Mon, 04 May 2020 16:15:37 GMT cf-cdnjs-via: cfworker/kv cross-origin-resource-policy: cross-origin timing-allow-origin: * x-content-type-options: nosniff vary: Accept-Encoding cf-cache-status: HIT age: 2803388 expires: Sun, 14 Jan 2024 16:36:27 GMT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FbGI670E%2BnIOHFmrDpNCR6r5vmurb7edrxEsGn13is8%2Fz31zcS5Y%2BI3T5J6%2FJsHOz6WLPademYNcLLazlFm2fOPzi6z%2FysYdTc%2BlnwhQh7c4GClOJdgAD%2BPzq4g9t2zeZ5lqpJ0f"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security: max-age=15780000 server: cloudflare cf-ray: 78ea3026fef2b51b-OSL alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 X-Firefox-Spdy: h2 --- Additional Info --- Magic: ASCII text, with very long lines (20322) Size: 6458 Md5: df9fe6d48e380554eb0ec9687bed3246 Sha1: 207263d754220200c1916edfbda262f62223ecf5 Sha256: 91d57502b7260e6752c2b5f1636d77707929fa9f09da28589691e61816a448f9
GET /ajax/libs/jquery.mask/1.14.10/jquery.mask.js HTTP/1.1 Host: cdnjs.cloudflare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: http://quickhouses.pt/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jque (...) FQDN: cdnjs.cloudflare.com IP: 104.17.24.14 HASH: fcc8a86d2e89e8fbe9815d50c23bf205191ab8a6c0bec67358cd975d94283ff8 104.17.24.14 HTTP/2 200 OK content-type: application/javascript; charset=utf-8 date: Tue, 24 Jan 2023 16:36:27 GMT content-length: 4517 access-control-allow-origin: * cache-control: public, max-age=30672000 content-encoding: br etag: "5eb03ec3-4e98" last-modified: Mon, 04 May 2020 16:11:47 GMT cf-cdnjs-via: cfworker/kv cross-origin-resource-policy: cross-origin timing-allow-origin: * x-content-type-options: nosniff vary: Accept-Encoding cf-cache-status: HIT age: 8383302 expires: Sun, 14 Jan 2024 16:36:27 GMT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ooK21AXjlIlUPwJuyLAfkHqqMkEI5fDskaMQ8zNi%2B8SSH36%2F0FsOaJj%2BPny%2F2taZ8u9a6dW0BpGBn6lLqxo5bEUber2ojpn5tAPY9KhJJmnkSgGuw6798BBi6yvCC2NbtoOwXVXm"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security: max-age=15780000 server: cloudflare cf-ray: 78ea30271c9d1bfa-OSL alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 X-Firefox-Spdy: h2 --- Additional Info --- Magic: ASCII text Size: 4517 Md5: e40e054c5726f042bad463e3774a2777 Sha1: 5c9413b72837a440b327444104830c35ae3b052c Sha256: fcc8a86d2e89e8fbe9815d50c23bf205191ab8a6c0bec67358cd975d94283ff8
GET /americanfirst/adobe/data/js/css/index_1.html HTTP/1.1 Host: quickhouses.pt User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://quickhouses.pt/americanfirst/ Upgrade-Insecure-Requests: 1	URL: quickhouses.pt/americanfirst/adobe/data/js/css/index_1.html FQDN: quickhouses.pt IP: 185.32.189.194 HASH: b5d1cc340a095d374fe03137d3b45a6b8772ab148672d13e3d15ffb3d94db019 185.32.189.194 HTTP/1.1 200 OK Content-Type: text/html Date: Tue, 24 Jan 2023 16:36:26 GMT Server: Apache Last-Modified: Fri, 08 Apr 2022 12:41:38 GMT Accept-Ranges: bytes Content-Length: 7069 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550) Size: 7069 Md5: cdb27a0a2c3b25c23454a4454c2c78d6 Sha1: c7ed38e2a97b9033975cb81cc63b0031b93a3a2f Sha256: b5d1cc340a095d374fe03137d3b45a6b8772ab148672d13e3d15ffb3d94db019 Alerts: urlquery: - Phishing - America First Credit Union Blocklists: - fortinet: Phishing
GET /jquery-3.3.1.slim.min.js HTTP/1.1 Host: code.jquery.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: http://quickhouses.pt Connection: keep-alive Referer: http://quickhouses.pt/ Sec-Fetch-Dest: script Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: code.jquery.com/jquery-3.3.1.slim.min.js FQDN: code.jquery.com IP: 69.16.175.10 HASH: cc938c08b93e67c94c68995709f52133c62cac78991f42058503b9c3d9e4b0b0 69.16.175.10 HTTP/2 200 OK content-type: application/javascript; charset=utf-8 date: Tue, 24 Jan 2023 16:36:27 GMT content-encoding: gzip content-length: 24038 last-modified: Fri, 20 Aug 2021 17:47:53 GMT accept-ranges: bytes server: nginx etag: W/"611feac9-1111d" cache-control: max-age=315360000, public access-control-allow-origin: * vary: Accept-Encoding x-sp-metadata: HS256.CJuuwJ4GEocBCiRjMjBiYTQ3MC1lZjdhLTQ1YTEtYWI2Mi1jYjA1YjU0NjY3NTkQ+OiCoKvU+wIaBgiLksCeBiIMOTEuOTAuNDIuMTU0KPDzAjADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGM3ZDJiNGM0ODRhNDEzZTE5MWRlNmFjZmYyZGIyMDA5GiwIARIkY2ZkNWRjM2YtMTFmYy00OGFiLTgwNWEtMDM0ZmU1ZTU1MzI3GOa7ASIYCAISFGNkczIzMC5zazEuaHdjZG4ubmV0.ezM3cYh1TGm/bEIbXBjmDmzV+X99CxDYBUEqkvOZoqk= x-hw: 1674578187.dop022.sk1.t,1674578187.cds022.sk1.hn,1674578187.cds230.sk1.c X-Firefox-Spdy: h2 --- Additional Info --- Magic: ASCII text, with very long lines (65247) Size: 24038 Md5: 0f2e7d37e730fdbb1d8a1e8638529ecb Sha1: c21d16978a858baa75be15cb7e799ff000929429 Sha256: cc938c08b93e67c94c68995709f52133c62cac78991f42058503b9c3d9e4b0b0
GET /jquery-3.2.1.min.js HTTP/1.1 Host: code.jquery.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: http://quickhouses.pt/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: code.jquery.com/jquery-3.2.1.min.js FQDN: code.jquery.com IP: 69.16.175.10 HASH: 4dc681da48ba2b417e613e8e027ff5322963c3a3697a8ba97973cfefb48def5e 69.16.175.10 HTTP/2 200 OK content-type: application/javascript; charset=utf-8 date: Tue, 24 Jan 2023 16:36:27 GMT content-encoding: gzip content-length: 30125 last-modified: Fri, 20 Aug 2021 17:47:53 GMT accept-ranges: bytes server: nginx etag: W/"611feac9-15283" cache-control: max-age=315360000, public access-control-allow-origin: * vary: Accept-Encoding x-sp-metadata: HS256.CJuuwJ4GEoYBCiQ0NTVjYjE0Mi03ZGRiLTRiN2EtOGMyNS1mN2QzNGIyYjhmNDkQ+OiCoKvU+wIaBgiLksCeBiIMOTEuOTAuNDIuMTU0KLlXMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogYzdkMmI0YzQ4NGE0MTNlMTkxZGU2YWNmZjJkYjIwMDkaLAgBEiRkMmZkYTAxMC00NDQ3LTQ5ZDgtYTQzNC0wNDljNDg0NjVhZjkYresBIhgIAhIUY2RzMjIyLnNrMS5od2Nkbi5uZXQ=.lzqJb52RUy3lT6Wz1x3EJnIKkmTYBhX/lagWdpiQo8Y= x-hw: 1674578187.dop023.sk1.t,1674578187.cds022.sk1.hn,1674578187.cds222.sk1.c X-Firefox-Spdy: h2 --- Additional Info --- Magic: ASCII text, with very long lines (32058) Size: 30125 Md5: 148f8d3ffd9cc02048c5f4d1cc83c407 Sha1: 9f2b89cfd151be6a29b4d43ad64d164fb8471046 Sha256: 4dc681da48ba2b417e613e8e027ff5322963c3a3697a8ba97973cfefb48def5e
GET /ajax/jQuery/jquery-3.3.1.min.js HTTP/1.1 Host: ajax.aspnetcdn.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: http://quickhouses.pt/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js FQDN: ajax.aspnetcdn.com IP: 152.199.19.160 HASH: b2f13ad730928958c09d89e6e32bb6a227c0260d032a39ca464d998a59e57a66 152.199.19.160 HTTP/2 200 OK content-type: application/javascript content-encoding: gzip accept-ranges: bytes access-control-allow-origin: * age: 27579682 cache-control: public,max-age=31536000 date: Tue, 24 Jan 2023 16:36:27 GMT etag: "80288516b793d31:0" last-modified: Mon, 22 Jan 2018 19:27:49 GMT server: ECAcc (ska/F7A8) timing-allow-origin: * vary: Accept-Encoding x-cache: HIT x-content-type-options: nosniff x-xss-protection: 1; mode=block content-length: 30394 X-Firefox-Spdy: h2 --- Additional Info --- Magic: ASCII text, with very long lines (65451) Size: 30394 Md5: a263be51483c81a54aa8c85104a93e55 Sha1: 555a54a73531c553bd2aede6abc25c128b63312e Sha256: b2f13ad730928958c09d89e6e32bb6a227c0260d032a39ca464d998a59e57a66
POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.digicert.com/ FQDN: ocsp.digicert.com IP: 93.184.220.29 HASH: 6e27735043b51d87079b1880c13e710a8cae766dd85794289bac929e2b4e5627 93.184.220.29 HTTP/1.1 200 OK Content-Type: application/ocsp-response Accept-Ranges: bytes Age: 1558 Cache-Control: 'max-age=158059' Date: Tue, 24 Jan 2023 16:36:27 GMT Last-Modified: Tue, 24 Jan 2023 16:10:29 GMT Server: ECS (ska/F71C) X-Cache: HIT Content-Length: 278 --- Additional Info --- Magic: data Size: 278 Md5: 8d21d2558eeb388eb558037eeed4425f Sha1: be86ec7afc7ad2689070a8d3b70f8294857fe9b9 Sha256: 6e27735043b51d87079b1880c13e710a8cae766dd85794289bac929e2b4e5627
GET /americanfirst/asset/analytics/ads/js/actions.js HTTP/1.1 Host: quickhouses.pt User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://quickhouses.pt/americanfirst/	URL: quickhouses.pt/americanfirst/asset/analytics/ads/js/act (...) FQDN: quickhouses.pt IP: 185.32.189.194 HASH: 3006a7f5d160a928d4f8fe1572e645d91201447f88257ed27022ff07beffb8dd 185.32.189.194 HTTP/1.1 200 OK Content-Type: application/javascript Date: Tue, 24 Jan 2023 16:36:26 GMT Server: Apache Last-Modified: Fri, 08 Apr 2022 12:41:38 GMT Accept-Ranges: bytes Content-Length: 1340 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive --- Additional Info --- Magic: ASCII text, with CRLF line terminators Size: 1340 Md5: bfef294446761f81225bda51229dfdad Sha1: 930cedeac977eb7ad969772600deffaff8174dc0 Sha256: 3006a7f5d160a928d4f8fe1572e645d91201447f88257ed27022ff07beffb8dd Alerts: urlquery: - Phishing - America First Credit Union Blocklists: - fortinet: Phishing
GET /americanfirst/asset/analytics/ads/js/style.css HTTP/1.1 Host: quickhouses.pt User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://quickhouses.pt/americanfirst/	URL: quickhouses.pt/americanfirst/asset/analytics/ads/js/sty (...) FQDN: quickhouses.pt IP: 185.32.189.194 HASH: 7924e7e8b95825e4cefbfc31444ea9247e1b0d04cb066b56f06addf9cc7c5eaf 185.32.189.194 HTTP/1.1 200 OK Content-Type: text/css Date: Tue, 24 Jan 2023 16:36:26 GMT Server: Apache Last-Modified: Fri, 08 Apr 2022 12:41:38 GMT Accept-Ranges: bytes Content-Length: 414 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive --- Additional Info --- Magic: ASCII text, with CRLF line terminators Size: 414 Md5: f9653fbeecf34b04791fee59eb3e253b Sha1: fcbbad7c6616682a22a9d0de09d715c61cb17722 Sha256: 7924e7e8b95825e4cefbfc31444ea9247e1b0d04cb066b56f06addf9cc7c5eaf Alerts: urlquery: - Phishing - America First Credit Union
GET /americanfirst/adobe/data/js/css/app.76ff82e5.css HTTP/1.1 Host: quickhouses.pt User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://quickhouses.pt/americanfirst/	URL: quickhouses.pt/americanfirst/adobe/data/js/css/app.76ff (...) FQDN: quickhouses.pt IP: 185.32.189.194 HASH: ff7c1455abe0a7bc7da593da4f46d258b47b70c61cd37b2f2890f8063930d034 185.32.189.194 HTTP/1.1 200 OK Content-Type: text/css Date: Tue, 24 Jan 2023 16:36:26 GMT Server: Apache Last-Modified: Fri, 08 Apr 2022 12:41:38 GMT Accept-Ranges: bytes Content-Length: 2555 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive --- Additional Info --- Magic: ASCII text, with very long lines (2555), with no line terminators Size: 2555 Md5: 45fdfaabff062b120c343417bdb06350 Sha1: 332147dbfd8ffbb33144494cc90abe385ed6dff2 Sha256: ff7c1455abe0a7bc7da593da4f46d258b47b70c61cd37b2f2890f8063930d034 Alerts: urlquery: - Phishing - America First Credit Union
POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.digicert.com/ FQDN: ocsp.digicert.com IP: 93.184.220.29 HASH: 6e27735043b51d87079b1880c13e710a8cae766dd85794289bac929e2b4e5627 93.184.220.29 HTTP/1.1 200 OK Content-Type: application/ocsp-response Accept-Ranges: bytes Age: 1558 Cache-Control: 'max-age=158059' Date: Tue, 24 Jan 2023 16:36:27 GMT Last-Modified: Tue, 24 Jan 2023 16:10:29 GMT Server: ECS (ska/F71C) X-Cache: HIT Content-Length: 278 --- Additional Info --- Magic: data Size: 278 Md5: 8d21d2558eeb388eb558037eeed4425f Sha1: be86ec7afc7ad2689070a8d3b70f8294857fe9b9 Sha256: 6e27735043b51d87079b1880c13e710a8cae766dd85794289bac929e2b4e5627
GET /americanfirst/adobe/data/js/css/chunk-vendors.eab46e62.css HTTP/1.1 Host: quickhouses.pt User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://quickhouses.pt/americanfirst/	URL: quickhouses.pt/americanfirst/adobe/data/js/css/chunk-ve (...) FQDN: quickhouses.pt IP: 185.32.189.194 HASH: dd66ac6aaff011d49ba95602e75d12741be4e1cdb6a3ab587233a5f5879a6eae 185.32.189.194 HTTP/1.1 200 OK Content-Type: text/css Date: Tue, 24 Jan 2023 16:36:26 GMT Server: Apache Last-Modified: Fri, 08 Apr 2022 12:41:38 GMT Accept-Ranges: bytes Content-Length: 716803 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive --- Additional Info --- Magic: Unicode text, UTF-8 text, with very long lines (60387) Size: 716803 Md5: fa58619b967a7b4a132981b548401f8d Sha1: abd8234b95cc2bf19fa27f3afa472beb7ce3aa9d Sha256: dd66ac6aaff011d49ba95602e75d12741be4e1cdb6a3ab587233a5f5879a6eae Alerts: urlquery: - Phishing - America First Credit Union
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: firefox.settings.services.mozilla.com/v1/buckets/main/c (...) FQDN: firefox.settings.services.mozilla.com IP: 35.241.9.150 HASH: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300 35.241.9.150 HTTP/2 200 OK content-type: application/json access-control-allow-origin: * access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 329 via: 1.1 google date: Tue, 24 Jan 2023 16:17:31 GMT age: 1136 last-modified: Fri, 25 Mar 2022 17:45:46 GMT etag: "1648230346554" cache-control: max-age=3600,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size: 329 Md5: 0333b0655111aa68de771adfcc4db243 Sha1: 63f295a144ac87a7c8e23417626724eeca68a7eb Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /americanfirst/adobe/data/js/css/368f9486f1d69178fbf8bf2dcfbc491b23e4b261.png HTTP/1.1 Host: quickhouses.pt User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://quickhouses.pt/americanfirst/	URL: quickhouses.pt/americanfirst/adobe/data/js/css/368f9486 (...) FQDN: quickhouses.pt IP: 185.32.189.194 HASH: 83b34f00b6612015c941c3865d2c047ae5ce567f13530491ac4ed773b13b1bd3 185.32.189.194 HTTP/1.1 200 OK Content-Type: image/png Date: Tue, 24 Jan 2023 16:36:27 GMT Server: Apache Last-Modified: Fri, 08 Apr 2022 12:41:38 GMT Accept-Ranges: bytes Content-Length: 3580 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive --- Additional Info --- Magic: PNG image data, 277 x 94, 8-bit/color RGBA, non-interlaced\012- data Size: 3580 Md5: aa3ffca4509491de728b7f7e60a7ef63 Sha1: 368f9486f1d69178fbf8bf2dcfbc491b23e4b261 Sha256: 83b34f00b6612015c941c3865d2c047ae5ce567f13530491ac4ed773b13b1bd3 Alerts: urlquery: - Phishing - America First Credit Union
GET /americanfirst/adobe/data/js/css/21d7d23b5082cfbd7662ecf888a9879cef5e3b6d.png HTTP/1.1 Host: quickhouses.pt User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://quickhouses.pt/americanfirst/	URL: quickhouses.pt/americanfirst/adobe/data/js/css/21d7d23b (...) FQDN: quickhouses.pt IP: 185.32.189.194 HASH: a6690102b24638424202c679e3c3fafe83bdaa641e40dca06968bcad77f70821 185.32.189.194 HTTP/1.1 200 OK Content-Type: image/png Date: Tue, 24 Jan 2023 16:36:27 GMT Server: Apache Last-Modified: Fri, 08 Apr 2022 12:41:38 GMT Accept-Ranges: bytes Content-Length: 1998 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive --- Additional Info --- Magic: PNG image data, 55 x 62, 8-bit/color RGBA, non-interlaced\012- data Size: 1998 Md5: ae659b5597c9500445cc6f80a4281459 Sha1: 21d7d23b5082cfbd7662ecf888a9879cef5e3b6d Sha256: a6690102b24638424202c679e3c3fafe83bdaa641e40dca06968bcad77f70821 Alerts: urlquery: - Phishing - America First Credit Union
GET /americanfirst/adobe/data/js/css/78bdeddcd621c8d0d38dce1c2bfedd9330602f96.png HTTP/1.1 Host: quickhouses.pt User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://quickhouses.pt/americanfirst/	URL: quickhouses.pt/americanfirst/adobe/data/js/css/78bdeddc (...) FQDN: quickhouses.pt IP: 185.32.189.194 HASH: df808b2ea829eac97e99d46d91fa6a005269d58a9dfd57ff40f7084e6f027f7b 185.32.189.194 HTTP/1.1 200 OK Content-Type: image/png Date: Tue, 24 Jan 2023 16:36:27 GMT Server: Apache Last-Modified: Fri, 08 Apr 2022 12:41:38 GMT Accept-Ranges: bytes Content-Length: 2913 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive --- Additional Info --- Magic: PNG image data, 99 x 40, 8-bit/color RGBA, non-interlaced\012- data Size: 2913 Md5: 6265054874bcf3c370bef6bb64646fe9 Sha1: 78bdeddcd621c8d0d38dce1c2bfedd9330602f96 Sha256: df808b2ea829eac97e99d46d91fa6a005269d58a9dfd57ff40f7084e6f027f7b Alerts: urlquery: - Phishing - America First Credit Union
GET /americanfirst/adobe/data/js/css/logo-desktop-inverse.a3a99f3a.png HTTP/1.1 Host: quickhouses.pt User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://quickhouses.pt/americanfirst/	URL: quickhouses.pt/americanfirst/adobe/data/js/css/logo-des (...) FQDN: quickhouses.pt IP: 185.32.189.194 HASH: c9a0078a7b8e70e1437317247095c89510a6c40bdb3bb37a26318133e2c1ab54 185.32.189.194 HTTP/1.1 200 OK Content-Type: image/png Date: Tue, 24 Jan 2023 16:36:27 GMT Server: Apache Last-Modified: Fri, 08 Apr 2022 12:41:38 GMT Accept-Ranges: bytes Content-Length: 8898 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive --- Additional Info --- Magic: PNG image data, 390 x 134, 8-bit/color RGBA, non-interlaced\012- data Size: 8898 Md5: a3a99f3aea38a0574c84d332fc5f871f Sha1: 5a3bcb4c445e47551ad7fb98a1d57a34432c298d Sha256: c9a0078a7b8e70e1437317247095c89510a6c40bdb3bb37a26318133e2c1ab54 Alerts: urlquery: - Phishing - America First Credit Union
GET /americanfirst/asset/analytics/ads/js/loading.gif HTTP/1.1 Host: quickhouses.pt User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://quickhouses.pt/americanfirst/	URL: quickhouses.pt/americanfirst/asset/analytics/ads/js/loa (...) FQDN: quickhouses.pt IP: 185.32.189.194 HASH: 5e3d5246b17e19e65385092db07554d8e1c5c4a226a6d7f97824b8e1e8571e34 185.32.189.194 HTTP/1.1 200 OK Content-Type: image/gif Date: Tue, 24 Jan 2023 16:36:27 GMT Server: Apache Last-Modified: Fri, 08 Apr 2022 12:41:38 GMT Accept-Ranges: bytes Content-Length: 38636 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive --- Additional Info --- Magic: GIF image data, version 89a, 200 x 200\012- data Size: 38636 Md5: d10ef01e81faa2c2d812bdf670b4e072 Sha1: 77d09a57b2091fd7665dff763a5eab23e0ff907e Sha256: 5e3d5246b17e19e65385092db07554d8e1c5c4a226a6d7f97824b8e1e8571e34 Alerts: urlquery: - Phishing - America First Credit Union
GET /americanfirst/adobe/data/js/css/roboto-latin-500.020c97dc.woff2 HTTP/1.1 Host: quickhouses.pt User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Connection: keep-alive Referer: http://quickhouses.pt/americanfirst/adobe/data/js/css/chunk-vendors.eab46e62.css	URL: quickhouses.pt/americanfirst/adobe/data/js/css/roboto-l (...) FQDN: quickhouses.pt IP: 185.32.189.194 HASH: 24369e1b2461af9dcefecaf9cc93d64cf22a4c5bac32506100b9e21014507bcf 185.32.189.194 HTTP/1.1 200 OK Content-Type: font/woff2 Date: Tue, 24 Jan 2023 16:36:27 GMT Server: Apache Last-Modified: Fri, 08 Apr 2022 12:41:38 GMT Accept-Ranges: bytes Content-Length: 15872 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive --- Additional Info --- Magic: Web Open Font Format (Version 2), TrueType, length 15872, version 1.0\012- data Size: 15872 Md5: 020c97dc8e0463259c2f9df929bb0c69 Sha1: 8f956a31154047d1b6527b63db2ecf0f3a463f24 Sha256: 24369e1b2461af9dcefecaf9cc93d64cf22a4c5bac32506100b9e21014507bcf Alerts: urlquery: - Phishing - America First Credit Union Blocklists: - fortinet: Phishing
GET /americanfirst/adobe/data/js/css/d4c16de980048679c0662f782e29945ab5125717.png HTTP/1.1 Host: quickhouses.pt User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://quickhouses.pt/americanfirst/	URL: quickhouses.pt/americanfirst/adobe/data/js/css/d4c16de9 (...) FQDN: quickhouses.pt IP: 185.32.189.194 HASH: 986dae282bc4d35f7234bbf7c3eafd4b4bb990b89143be1f5c8a8aa4a04ee2b4 185.32.189.194 HTTP/1.1 200 OK Content-Type: image/png Date: Tue, 24 Jan 2023 16:36:27 GMT Server: Apache Last-Modified: Fri, 08 Apr 2022 12:41:38 GMT Accept-Ranges: bytes Content-Length: 3311 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive --- Additional Info --- Magic: PNG image data, 250 x 54, 8-bit/color RGBA, non-interlaced\012- data Size: 3311 Md5: cf4f20bf0af1f7b4b77126ac20180c2c Sha1: d4c16de980048679c0662f782e29945ab5125717 Sha256: 986dae282bc4d35f7234bbf7c3eafd4b4bb990b89143be1f5c8a8aa4a04ee2b4 Alerts: urlquery: - Phishing - America First Credit Union
GET /americanfirst/adobe/data/js/css/roboto-latin-400.479970ff.woff2 HTTP/1.1 Host: quickhouses.pt User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Connection: keep-alive Referer: http://quickhouses.pt/americanfirst/adobe/data/js/css/chunk-vendors.eab46e62.css	URL: quickhouses.pt/americanfirst/adobe/data/js/css/roboto-l (...) FQDN: quickhouses.pt IP: 185.32.189.194 HASH: 48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3 185.32.189.194 HTTP/1.1 200 OK Content-Type: font/woff2 Date: Tue, 24 Jan 2023 16:36:27 GMT Server: Apache Last-Modified: Fri, 08 Apr 2022 12:41:38 GMT Accept-Ranges: bytes Content-Length: 15736 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive --- Additional Info --- Magic: Web Open Font Format (Version 2), TrueType, length 15736, version 1.0\012- data Size: 15736 Md5: 479970ffb74f2117317f9d24d9e317fe Sha1: 81c796737cbe44d4a719777f0aff14b73a3efb1e Sha256: 48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3 Alerts: urlquery: - Phishing - America First Credit Union Blocklists: - fortinet: Phishing
POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.digicert.com/ FQDN: ocsp.digicert.com IP: 93.184.220.29 HASH: 209ecb3765937d0eee4bc85fd639e407f1e68772c9e5bb3dbbab65658d6ebb0c 93.184.220.29 HTTP/1.1 200 OK Content-Type: application/ocsp-response Accept-Ranges: bytes Age: 4296 Cache-Control: max-age=150114 Date: Tue, 24 Jan 2023 16:36:28 GMT Etag: "63cf9fa6-1d7" Expires: Thu, 26 Jan 2023 10:18:22 GMT Last-Modified: Tue, 24 Jan 2023 09:06:46 GMT Server: ECS (ska/F71C) X-Cache: HIT Content-Length: 471 --- Additional Info --- Magic: data Size: 471 Md5: a0016981f79a7a1df58a5c1fbefb7cd5 Sha1: d3a37f6798941d94312f5d1eb0aa31fe55228cd3 Sha256: 209ecb3765937d0eee4bc85fd639e407f1e68772c9e5bb3dbbab65658d6ebb0c
GET /americanfirst/adobe/data/js/css/favicon.ico HTTP/1.1 Host: quickhouses.pt User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://quickhouses.pt/americanfirst/	URL: quickhouses.pt/americanfirst/adobe/data/js/css/favicon.ico FQDN: quickhouses.pt IP: 185.32.189.194 HASH: 0534a1a2f971f20a153479d5e01ad4051a8af96221bb5f7c80ff06a759d1ea2e 185.32.189.194 HTTP/1.1 200 OK Content-Type: image/x-icon Date: Tue, 24 Jan 2023 16:36:27 GMT Server: Apache Last-Modified: Fri, 08 Apr 2022 12:41:38 GMT Accept-Ranges: bytes Content-Length: 1150 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive --- Additional Info --- Magic: MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data Size: 1150 Md5: 5f0fb15bba173e0aa54bd6434418f8fe Sha1: fc16c82f44707eb5045be0f68cfcfce4a4ac29d9 Sha256: 0534a1a2f971f20a153479d5e01ad4051a8af96221bb5f7c80ff06a759d1ea2e Alerts: urlquery: - Phishing - America First Credit Union
GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: BZbFlGQKB/u8+7so/cg7OQ== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket	URL: push.services.mozilla.com/ FQDN: push.services.mozilla.com IP: 54.149.93.186 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 54.149.93.186 HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: IGYtAkHeE/4Y1DVDzQWCPdIIBN8= --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 989830d93a90c30051b948a26ce403fb4370587ed3407d8d77ad0ad9cc28eb7a 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "989830D93A90C30051B948A26CE403FB4370587ED3407D8D77AD0AD9CC28EB7A" Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=8469 Expires: Tue, 24 Jan 2023 18:57:38 GMT Date: Tue, 24 Jan 2023 16:36:29 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: d5528af26e629a9bfbf0c421146b921f Sha1: 1e4f99245d551384bedfe9b59b5f9905127d87bf Sha256: 989830d93a90c30051b948a26ce403fb4370587ed3407d8d77ad0ad9cc28eb7a
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 989830d93a90c30051b948a26ce403fb4370587ed3407d8d77ad0ad9cc28eb7a 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "989830D93A90C30051B948A26CE403FB4370587ED3407D8D77AD0AD9CC28EB7A" Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=8469 Expires: Tue, 24 Jan 2023 18:57:38 GMT Date: Tue, 24 Jan 2023 16:36:29 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: d5528af26e629a9bfbf0c421146b921f Sha1: 1e4f99245d551384bedfe9b59b5f9905127d87bf Sha256: 989830d93a90c30051b948a26ce403fb4370587ed3407d8d77ad0ad9cc28eb7a
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 989830d93a90c30051b948a26ce403fb4370587ed3407d8d77ad0ad9cc28eb7a 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "989830D93A90C30051B948A26CE403FB4370587ED3407D8D77AD0AD9CC28EB7A" Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=8469 Expires: Tue, 24 Jan 2023 18:57:38 GMT Date: Tue, 24 Jan 2023 16:36:29 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: d5528af26e629a9bfbf0c421146b921f Sha1: 1e4f99245d551384bedfe9b59b5f9905127d87bf Sha256: 989830d93a90c30051b948a26ce403fb4370587ed3407d8d77ad0ad9cc28eb7a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67efee66-d227-4c28-89a3-8fd7f382049b.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: d4dbc79e3383e83f861ccf8cde3e78ba427a66cd3fa99c17e23ec935867de4ad 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 8308 x-amzn-requestid: 1988d3b3-5e1a-41fd-83f5-092eddb9185f x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: fNys5GDKoAMFdbA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63cefe52-2349fde60b7db8a34c996717;Sampled=0 x-amzn-remapped-date: Mon, 23 Jan 2023 21:38:26 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: 5_1j_Z6HZ3DSGFPAACJduM5D9eAqMQT42GgI61x8dHAmPQtUexpEYQ== via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google date: Mon, 23 Jan 2023 21:59:05 GMT age: 67044 etag: "42d5b4b4a091778d98c351f0002d8656449d0243" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 8308 Md5: 91b2e12a39dc4f63b9d52e8800cce1f2 Sha1: 42d5b4b4a091778d98c351f0002d8656449d0243 Sha256: d4dbc79e3383e83f861ccf8cde3e78ba427a66cd3fa99c17e23ec935867de4ad
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F987410c8-c934-4399-b586-efb1a5111e3b.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 09afde8ec60dd1471e0ce33ed11ae4542b6813ad02e2abf037629a8ae5cfe240 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 12102 x-amzn-requestid: 54ba881d-c54b-49fa-a5b3-20b8d80f2a35 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: fNyrNG1AIAMFxTg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63cefe47-1acbf1c34a4dbfdd506d3383;Sampled=0 x-amzn-remapped-date: Mon, 23 Jan 2023 21:38:15 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: Ies4Oa0AiQaj9sEkpSZ-WZHMiRVYMV6IeLWDWq_G69cwBYi-RuKLGQ== via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google date: Mon, 23 Jan 2023 22:08:04 GMT age: 66505 etag: "6aae9d763dec58740cdfbfe46f6c69986b81414d" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 12102 Md5: c29ea116f715297b757c81dab8d1b5f3 Sha1: 6aae9d763dec58740cdfbfe46f6c69986b81414d Sha256: 09afde8ec60dd1471e0ce33ed11ae4542b6813ad02e2abf037629a8ae5cfe240
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09ccbe5e-77b1-4d6d-98f5-a477f3861d8c.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 373097662c419eef9f4a19ce9f3bcead70f6eafbf0acf44806685eece43ce251 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 12758 x-amzn-requestid: c3540562-8c62-4957-9528-7ae952daebaa x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: e9gf1E87oAMFpsQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63c87acb-49fd3f78275937e24d23fca3;Sampled=0 x-amzn-remapped-date: Wed, 18 Jan 2023 23:03:39 GMT x-amz-cf-pop: SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: c5YOTqrEv9RLv_lKsrC377yost8auxYRPLubBFGjIWtnbueiGMJYGw== via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google date: Tue, 24 Jan 2023 04:36:21 GMT age: 43208 etag: "0f5d2a6d846f4f8f85dd7e8089e643cacc57d8a9" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 12758 Md5: 7458f7a9b2070055df6f1d496794e43e Sha1: 0f5d2a6d846f4f8f85dd7e8089e643cacc57d8a9 Sha256: 373097662c419eef9f4a19ce9f3bcead70f6eafbf0acf44806685eece43ce251
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc4185640-fb99-4630-b465-c5251587ba55.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: b5e459d4af69cc97c4aaf810654f3d583670e470c82d12a5e8f59c97c97cda11 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 5557 x-amzn-requestid: 8573b326-0255-45d0-8e93-eaf4bc0d420f x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: fNzFUHThIAMFoBw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63cefeee-16c3abdd257b834525087045;Sampled=0 x-amzn-remapped-date: Mon, 23 Jan 2023 21:41:02 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: 8BWgeONZO6KHihZoI0pfCbH3HXDC3AAlN--ABwaRm0T9V4HP9ogx0g== via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google date: Mon, 23 Jan 2023 22:04:30 GMT age: 66719 etag: "5b5619ecb739f2605b0c77f3e6608249399cb77c" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 5557 Md5: 538f5b944f86cfc1b68f06187558841b Sha1: 5b5619ecb739f2605b0c77f3e6608249399cb77c Sha256: b5e459d4af69cc97c4aaf810654f3d583670e470c82d12a5e8f59c97c97cda11
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b12041d-fdaa-483d-b290-d584ffb6ea13.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: c762b17d3e43d773966490d1186ebc352a78d47781c77a4f048e32fee9732b7d 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 7642 x-amzn-requestid: 3f4482cf-98a5-420e-abe7-17fd2d214da0 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: fNyxIF3aIAMFWoQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63cefe6d-0c1838dc7b4ab4650d54ee56;Sampled=0 x-amzn-remapped-date: Mon, 23 Jan 2023 21:38:53 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: RI2PzIKXk_H09T20cGoqTCC1WdRp3S5N6TOBX_lIcEk8wYaCIfCPJw== via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google date: Mon, 23 Jan 2023 22:08:04 GMT age: 66505 etag: "eb96120190e3a5c286ac5ec51ee8b163540377fd" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 7642 Md5: deb690b8f5503bf4bcf424e58ddb6b8c Sha1: eb96120190e3a5c286ac5ec51ee8b163540377fd Sha256: c762b17d3e43d773966490d1186ebc352a78d47781c77a4f048e32fee9732b7d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67794d4b-c63e-47af-b530-92b195f8e718.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 92b0423b09aa653ec7326d0aa05dbe137ba452ef21f118c7eb6499a8ccecc8fd 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 12907 x-amzn-requestid: c9f9a619-f0e1-4bc4-af2a-796b16aa1250 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: fNzFqF-lIAMFXIg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63cefef0-625e4bab03baa979605f13f8;Sampled=0 x-amzn-remapped-date: Mon, 23 Jan 2023 21:41:04 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: kPx_xJAOsrYKWFcHe6JlWILe3jbBtqFuOphGjZALwy4xJC3F2vE2Xw== via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google date: Mon, 23 Jan 2023 21:57:33 GMT age: 67136 etag: "7208e2e4beb739ae9aded4a207d48cb3572fad5f" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 12907 Md5: 16d9c0855b43a6c2351cb450187948e2 Sha1: 7208e2e4beb739ae9aded4a207d48cb3572fad5f Sha256: 92b0423b09aa653ec7326d0aa05dbe137ba452ef21f118c7eb6499a8ccecc8fd
GET /bootstrap/4.1.0/js/bootstrap.min.js HTTP/1.1 Host: stackpath.bootstrapcdn.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: http://quickhouses.pt Connection: keep-alive Referer: http://quickhouses.pt/ Sec-Fetch-Dest: script Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap (...) FQDN: stackpath.bootstrapcdn.com IP: 104.18.11.207 104.18.11.207 HTTP/2 200 OK content-type: application/javascript; charset=utf-8 date: Tue, 24 Jan 2023 16:36:27 GMT vary: Accept-Encoding cdn-pullzone: 252412 cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74 cdn-requestcountrycode: DE access-control-allow-origin: * cache-control: public, max-age=31919000 etag: W/"ce6e785579ae4cb555c9de311d1b9271" last-modified: Mon, 25 Jan 2021 22:04:05 GMT cdn-cachedat: 11/15/2022 10:39:35 cdn-proxyver: 1.03 cdn-requestpullcode: 200 cdn-requestpullsuccess: True cdn-edgestorageid: 1054 cdn-status: 200 timing-allow-origin: * cross-origin-resource-policy: cross-origin x-content-type-options: nosniff cdn-requestid: abfdfde12319d787180ad87aa6b0015f cdn-cache: HIT cf-cache-status: HIT strict-transport-security: max-age=31536000; includeSubDomains; preload server: cloudflare cf-ray: 78ea30279be8b505-OSL content-encoding: br alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 X-Firefox-Spdy: h2 --- Additional Info ---

URL	quickhouses.pt/americanfirst/
IP	185.32.189.194 (Portugal)
ASN	#62416 Sampling Line-servicos E Internet, Lda
UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed	2023-01-24 16:36:37 UTC
Status	Loading report..
IDS alerts	0
Blocklist alert	6
urlquery alerts	16 Phishing - America First Credit Union
Tags	afcu financial phishing

Overview

Domain Summary (12)

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 185.32.189.194

Last 5 reports on ASN: Sampling Line-servicos E Internet, Lda

Last 4 reports on domain: quickhouses.pt

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (10)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (41)

Overview

Domain Summary (12)

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 185.32.189.194

Last 5 reports on ASN: Sampling Line-servicos E Internet, Lda

Last 4 reports on domain: quickhouses.pt

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (10)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (41)

Network Intrusion Detection Systems