Report - hungtingon.serveirc.com/vfy/

Report Overview

Submitted URL
hungtingon.serveirc.com/vfy/
IP
35.80.21.195
ASN
#16509 AMAZON-02
Submitted
2022-12-08 08:23:23
Access
Website Title
Final URL
Tags
None
urlquery detections
Phishing - Huntington
Suspicious - DynDNS domain

Detections

urlquery
72
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
px.ads.linkedin.com	522	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	2.5 kB	13.107.42.14
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.36.77.32
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	3.9 kB	93.184.220.29
hungtingon.serveirc.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	23 kB	2.0 MB	35.80.21.195
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	44.237.163.41
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	390 B	45 kB	142.250.74.8
www.facebook.com	99	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	866 B	349 B	31.13.72.36
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
www.huntington.com	56151	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	462 B	2.0 kB	95.101.10.201
snap.licdn.com	1044	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	389 B	4.9 kB	95.101.11.57
s.yimg.com	375	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	363 B	6.9 kB	188.125.94.204
cdn.linkedin.oribi.io	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	1.0 kB	143.204.55.87
trk.clinch.co	5423	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	958 B	34.203.147.81
mef957.dynatrace-managed.com	107553	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	873 B	167 B	100.24.162.178
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.8 kB	9.8 kB	142.250.74.131
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	2.3 kB	216.58.207.228
cdn.clinch.co	7154	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	393 B	5.3 kB	95.101.10.121
sp.analytics.yahoo.com	816	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	919 B	212.82.100.181
www.google.no	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.5 kB	3.0 kB	142.250.74.163
ocsp.godaddy.com	698	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340 B	2.3 kB	192.124.249.36
ensighten.huntingtonbank.com	91425	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	811 B	38 kB	34.242.179.188
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	48 kB	34.120.237.76
connect.facebook.net	139	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	381 B	29 kB	157.240.200.14
googleads.g.doubleclick.net	42	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.6 kB	7.6 kB	142.250.74.162
www.linkedin.com	608	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	787 B	2.7 kB	13.107.42.14

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (40)

	URL	Size	First Seen	Last Seen
	hungtingon.serveirc.com/vfy/assets/js/jquery-3.5.1.min.js.download	90 kB	2023-03-07	2024-04-26
Pretty URL hungtingon.serveirc.com/vfy/assets/js/jquery-3.5.1.min.js.download IP 35.80.21.195 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-26 10:42:46 Times Seen139367 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	hungtingon.serveirc.com/vfy/assets/js/oo_engine.min.js.download	46 kB	2023-03-07	2024-04-08
Pretty URL hungtingon.serveirc.com/vfy/assets/js/oo_engine.min.js.download IP 35.80.21.195 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:24 Last Seen2024-04-08 20:09:57 Times Seen402 Hash 3023bde795e4926691e3691ace0d9356 053c86b53ec7bca624cffc3f6321697d35a1c5d5 1bf7836282cf0a1f1cae452a2b7d03f4857827aa682e36562831fe3bc34f30a5 Loading...

	hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852	149 B	2023-03-07	2024-04-08
Pretty URL hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852 IP 35.80.21.195 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:24 Last Seen2024-04-08 20:09:57 Times Seen54 Hash ac7f43c44fed4cf6e09d96b5a4357066 8e27fa7a539f5061bddf860541196d42c3655295 1a942a06f7da3702b3aba558359f26651da850132325b59469c65476655d3443 Loading...

	hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852	26 B	2023-03-07	2024-04-26
Pretty URL hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852 IP 35.80.21.195 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-04-26 05:35:34 Times Seen19696 Hash 91e37f24be76111b93a0ff728b96cddb e1740ea479e156d424cb918060d779528ecc8fae 49ef43da1c84ec34b398aaab43e8debad168559596297c7586e9c9e8239c79bf Loading...

	ensighten.huntingtonbank.com/huntington/com/serverComponent.php?r=2126829006.7238393&namespace=Bootstrapper&staticJsPath=ensighten.huntingtonbank.com/huntington/com/code/&publishedOn=Thu%20Oct%2022%2001:05:05%20GMT%202020&ClientID=1035&PageID=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852	320 B	2023-03-08	2023-03-08
Pretty URL ensighten.huntingtonbank.com/huntington/com/serverComponent.php?r=2126829006.7238393&namespace=Bootstrapper&staticJsPath=ensighten.huntingtonbank.com/huntington/com/code/&publishedOn=Thu%20Oct%2022%2001:05:05%20GMT%202020&ClientID=1035&PageID=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852 IP 34.242.179.188 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 21:53:50 Last Seen2023-03-08 21:53:50 Times Seen1 Hash dc47e542914f46526cb3fe02b877c8d6 5f6cc45341c9ddf5f077467bac07b188ee039198 cec01ba2b04ffcc8c8b1315a4501897ef68db4e002de501c048c13f687f67f35 Loading...

	cdn.clinch.co/a_js/client_pixels/clq/script.min.js	15 kB	2023-03-08	2023-09-14
Pretty URL cdn.clinch.co/a_js/client_pixels/clq/script.min.js IP 95.101.10.121 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:06:56 Last Seen2023-09-14 03:55:58 Times Seen111 Hash c12dd0f8c53c6d8f8a5c845a2f892307 5e880be41d047f1b7754e93e8a44347d28482702 b4006b2b20c4ba8ac04ddd00bb13dc8fe178503b89b31481e4b43243795bcb7b Loading...

	www.googletagmanager.com/gtag/js?id=AW-786635084&l=dataLayer&cx=c	138 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=AW-786635084&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 21:53:50 Last Seen2023-03-08 21:53:51 Times Seen1 Hash 6012eeda513b9418e59b244fe94a16d7 7b48b9373b5e7dd35c5b395f455e369e376b6c3f 5898e22f9ebad5f04b3661c63d052dd33da234d73ef2ca0ffc3ead0b2df54894 Loading...

	hungtingon.serveirc.com/vfy/assets/js/	16 kB	2023-03-08	2023-03-08
Pretty URL hungtingon.serveirc.com/vfy/assets/js/ IP 35.80.21.195 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 21:53:50 Last Seen2023-03-08 21:54:59 Times Seen1 Hash fa8316640645cc7682dc72155c9071ab bc05804a2f8821d7f3426a697f33449ee11db4f5 c3306a4938b8907e33f172d29cea7fd6510ce0ec3df3054e651ca6fb3d029cae Loading...

	hungtingon.serveirc.com/vfy/assets/js/06bebd2b36rn240c2a1532a26141a767	72 kB	2023-03-07	2024-04-08
Pretty URL hungtingon.serveirc.com/vfy/assets/js/06bebd2b36rn240c2a1532a26141a767 IP 35.80.21.195 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:41 Last Seen2024-04-08 20:09:58 Times Seen386 Hash 335f2776eaf4ca7eca9953d2240c3316 5f5702f072d8e721dd3557ccd2a0944b3cc58fa5 ca9ee108c9cd3072864c1fcfe42f8fa40f829a33267388e0adbf41fa8b2da9a5 Loading...

	hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852	26 B	2023-03-07	2024-04-26
Pretty URL hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852 IP 35.80.21.195 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:36 Last Seen2024-04-26 05:35:36 Times Seen19698 Hash 0096b3a75c132c10f6a90df56192e4d7 07cfa420d654e1531d97a9dccd23f4bede5edde7 7e519b79026424c478dc1b72f347eb1327c9d01dc2458973bafe2690ca7d016d Loading...

	hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852	26 B	2023-03-07	2024-04-26
Pretty URL hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852 IP 35.80.21.195 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:36 Last Seen2024-04-26 05:35:33 Times Seen19702 Hash 813f7afe12806d2df1c685b53ab49c0e 8ebc2ee97e18dd336b670b53dbccdfb8788a5825 ab008176ac77145e392d8392787e81c90c2592a54b1590d8779c74f956c0e46a Loading...

	ensighten.huntingtonbank.com/huntington/com/code/e4e4515980f369e0500408adfa565653.js?conditionId0=422774	145 kB	2023-03-08	2023-09-14
Pretty URL ensighten.huntingtonbank.com/huntington/com/code/e4e4515980f369e0500408adfa565653.js?conditionId0=422774 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:06:56 Last Seen2023-09-14 03:55:59 Times Seen150 Hash 5828bc2a2ceaa2961527eedaf4167b77 166d54624e012273fa58054d82c8148435c6f51f d8b4316c52fee0d44615da1b505f567a8b0e62a3db556fa55320e8e7be025c28 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/391028924/?random=1670487796432&cv=11&fst=1670487796432&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=802027307.1670487796&data=event%3Dgtag.config&rfmt=3&fmt=4	2.3 kB	2023-03-08	2023-03-08
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/391028924/?random=1670487796432&cv=11&fst=1670487796432&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=802027307.1670487796&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 142.250.74.162 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 21:53:50 Last Seen2023-03-08 21:53:50 Times Seen1 Hash 49e28a1d4e5f4e18a3e69ead57a4b034 c3c9a880684f33fd96e1ae13b51be5948e559d36 8d0b776ae40437793881706ad6bb21ac508b4264ac4e79762585a1e616600495 Loading...

	hungtingon.serveirc.com/vfy/assets/js/toolkit.min.js.download	462 kB	2023-03-07	2024-04-08
Pretty URL hungtingon.serveirc.com/vfy/assets/js/toolkit.min.js.download IP 35.80.21.195 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:24 Last Seen2024-04-08 20:09:57 Times Seen81 Hash 325f5dd8b44503ea1799409a40addb9e 3887ffbc86f01677d34cce7ac8839305e175e97a dbe44f4b698a44798e63a0177f6283a2dff01335f142be72dccfedd66e91554e Loading...

	www.googletagmanager.com/gtag/js?id=DC-10701487	113 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=DC-10701487 IP 142.250.74.8 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 21:53:50 Last Seen2023-03-08 21:53:51 Times Seen1 Hash 13fe1b88707c9a053f08c82bbde3759b 530b1e8fd642ab16160e6bb7b284de5227bbbe65 328afe55e9d118f20817933747c2890af4ec2d8afb6df48ddd17dff8f1f0a105 Loading...

	snap.licdn.com/li.lms-analytics/insight.min.js	13 kB	2023-03-08	2023-03-12
Pretty URL snap.licdn.com/li.lms-analytics/insight.min.js IP 95.101.11.57 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:40 Last Seen2023-03-12 12:54:15 Times Seen1 Hash 795b6295a518e0a829d7b29695163231 9cada4433e63280a008cbb0a2a0bdb5af5e57206 641153b2ad78e5d095645419060a4ea0854b1b3ec5ff27e99644c9f8d461610c Loading...

	www.googletagmanager.com/gtag/js?id=AW-849073348&l=dataLayer&cx=c	139 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=AW-849073348&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 21:53:50 Last Seen2023-03-08 21:53:50 Times Seen1 Hash 3a1d207b8e4629e6ad190e0e80cab1a6 409c09095582c5636ffd190f6b9367ae3a4343e7 7eb3d8525486ca49e48a4629cbf4ee7dc162d807a4bcd7777ce24fbe8437f0e6 Loading...

	connect.facebook.net/signals/config/5140493269326436?v=2.9.89&r=stable	300 kB	2023-03-08	2023-03-11
Pretty URL connect.facebook.net/signals/config/5140493269326436?v=2.9.89&r=stable IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:06:56 Last Seen2023-03-11 19:06:29 Times Seen1 Hash 47a2ceac784704cf27a314f974080d2b 621d1ea59f2aaf99b59e0840baf9d04ca4a4e634 f95532f6a756f59790e8a259bc55d022af8744d5742ddfe3f0d581f58962235e Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/849073348/?random=1670487796391&cv=11&fst=1670487796391&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=802027307.1670487796&data=event%3Dgtag.config&rfmt=3&fmt=4	2.3 kB	2023-03-08	2023-03-08
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/849073348/?random=1670487796391&cv=11&fst=1670487796391&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=802027307.1670487796&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 142.250.74.162 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 21:53:50 Last Seen2023-03-08 21:53:50 Times Seen1 Hash b6a4782bbee33d22bbd1f877a101b816 a42b7d5ff329abad11711bced0f8e5a119d809cc 4b56b6c5d90cfb3b5a9f67bdd651908594a8bb8de48f27a4be0fe8ddde5e6f41 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/849063932/?random=1670487796416&cv=11&fst=1670487796416&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=802027307.1670487796&data=event%3Dgtag.config&rfmt=3&fmt=4	2.3 kB	2023-03-08	2023-03-08
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/849063932/?random=1670487796416&cv=11&fst=1670487796416&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=802027307.1670487796&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 142.250.74.162 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 21:53:50 Last Seen2023-03-08 21:53:50 Times Seen1 Hash b9c04f89b7fef94b3b7cb5248f4dcf21 4bf38e3350206d845b8d811b1e7bd24e2377201e 14e32538d09cae0992ac36b727d8db71803b4d1585c87bb6350e29164dbc807f Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/786635084/?random=1670487796375&cv=11&fst=1670487796375&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=802027307.1670487796&data=event%3Dgtag.config&rfmt=3&fmt=4	2.3 kB	2023-03-08	2023-03-08
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/786635084/?random=1670487796375&cv=11&fst=1670487796375&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=802027307.1670487796&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 142.250.74.162 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 21:53:50 Last Seen2023-03-08 21:53:50 Times Seen1 Hash 7594fe26d72100d183d88b64808f2085 eb8a8b31501ec9bce13b563729706a1d53e0a520 fbf2944c61f7cdce0d8736985adc8b75ce501568ff605ae3d9fb185fb7d94314 Loading...

	hungtingon.serveirc.com/vfy/assets/js/121543311796381	21 kB	2023-03-07	2024-04-08
Pretty URL hungtingon.serveirc.com/vfy/assets/js/121543311796381 IP 35.80.21.195 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:24 Last Seen2024-04-08 20:09:58 Times Seen87 Hash e3bf3fa0a912c14bfe1c0b7282fbfa8a 96b0a4a037c23ce2e7bc90c146610c473549665a 1358a42f383b6e651d8412fbd5ab4c3e89b8c427d325815783e78d00d95e4138 Loading...

	hungtingon.serveirc.com/vfy/assets/js/inqChatLaunch10006663.js.download	22 kB	2023-03-07	2024-04-08
Pretty URL hungtingon.serveirc.com/vfy/assets/js/inqChatLaunch10006663.js.download IP 35.80.21.195 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:24 Last Seen2024-04-08 20:09:58 Times Seen93 Hash 1c9d96d3f228156fd7e9df9c531871d1 a118554b1208e30af4a0fef948c9566b8e7f4a94 648d971972fc0140127ab99989b3b55a28e8e3c2fcbf281390bbb7edf5000f26 Loading...

	hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852	33 B	2023-03-07	2024-04-08
Pretty URL hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852 IP 35.80.21.195 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:24 Last Seen2024-04-08 20:09:57 Times Seen39 Hash 9671cdd78be44428a6396c3962992821 956a083d2f430a50e7193ca9cfc72b8ba11407c1 c786cc12c5317c364317a10c584eb7bff7e321c5e38d0d121d35801f2f3b89f3 Loading...

	hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852	26 B	2023-03-07	2024-04-26
Pretty URL hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852 IP 35.80.21.195 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-04-26 05:35:34 Times Seen19700 Hash 8cf91652fc7787b535b26f390f9ed9af d39e49793059ab3b8a97b61bac69ad2a451c8ff2 f876a7b1e6234843f5d8487af055addd42fe6018d4f4e2f29ab08c0f08a85d94 Loading...

	www.googletagmanager.com/gtag/js?id=AW-391028924&l=dataLayer&cx=c	183 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=AW-391028924&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 21:53:50 Last Seen2023-03-08 21:53:51 Times Seen1 Hash a6092a67219aa4543cf59ba090fcb90b 3069ac65e40f39b46f5db7340a618a6a0bc81325 a890dcbfbf0bf18c3ffff964ca2625418ddccb6e38ebc3b5322e162b2b961345 Loading...

	hungtingon.serveirc.com/vfy/assets/js/fbevents.js.download	90 kB	2023-03-07	2024-04-08
Pretty URL hungtingon.serveirc.com/vfy/assets/js/fbevents.js.download IP 35.80.21.195 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:09:33 Last Seen2024-04-08 20:09:58 Times Seen98 Hash 61df3554472fe8057b5ae4537648d00d 125767dc32df57aa86a64801d9457923e378b397 e37570ef85a3553930ba20dfab7280bfcead8a2238b536b5c03c629c35b3d4ca Loading...

	hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852	482 B	2023-03-07	2024-04-08
Pretty URL hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852 IP 35.80.21.195 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:24 Last Seen2024-04-08 20:09:57 Times Seen54 Hash 30092b66bd92ab05d4da2dbf5e412263 5e7611ebcec6a5b90317d3cc2d30f47c80dfb87a 19e22d179543fb3fc0d5dcc8502f6fbec83d3422090578ce035173b297fa6620 Loading...

	hungtingon.serveirc.com/vfy/assets/js/js	97 kB	2023-03-07	2024-04-08
Pretty URL hungtingon.serveirc.com/vfy/assets/js/js IP 35.80.21.195 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:40 Last Seen2024-04-08 20:09:58 Times Seen87 Hash 67e765e44e7d18ed41711d7e4935bc50 0289b9754b56ba057550a7e7d62e0b3587e43f2d e5973becebda7e91d869447913826e69cd123d87e1a6f2ddf8897d72a63a3c6c Loading...

	hungtingon.serveirc.com/vfy/assets/js/95b0da5c7fc415e06807cc694ee0021c.js.download	154 kB	2023-03-07	2024-04-08
Pretty URL hungtingon.serveirc.com/vfy/assets/js/95b0da5c7fc415e06807cc694ee0021c.js.download IP 35.80.21.195 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:24 Last Seen2024-04-08 20:09:57 Times Seen196 Hash d33104f26092658d2becbbfa66e9d1fb 9c33f190903b2664af1f20b3a16ce2dca13d8a49 4249e4f7acbb2de46e66922b8ae70689820a9a6eb9a6f98a77d13190b7c2559e Loading...

	hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852	26 B	2023-03-07	2024-04-26
Pretty URL hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852 IP 35.80.21.195 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:37 Last Seen2024-04-26 05:35:34 Times Seen19698 Hash 339aaaa033bd435bc3d3442976b21150 309497f761b4649d113688cb611242810ed2a8bc 47536a23eb95f0f1d8f00b6ef54ac4553cc05d06ddce49260dab7dc9f083296d Loading...

	s.yimg.com/wi/ytc.js	17 kB	2023-03-07	2024-03-04
Pretty URL s.yimg.com/wi/ytc.js IP 188.125.94.204 ASN #10310 YAHOO-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:36 Last Seen2024-03-04 14:29:23 Times Seen1244 Hash 6a624022b5d271dcefb070b0b6670abc e9a0a059a5cefc0cd9e6cc0e8d7bd8d64c23936b 249c4eba880cfb74e1b6e1d1048def310636dc3b1ce5b3fe525703fd4025238f Loading...

	hungtingon.serveirc.com/vfy/assets/js/bat.js.download	28 kB	2023-03-07	2024-04-08
Pretty URL hungtingon.serveirc.com/vfy/assets/js/bat.js.download IP 35.80.21.195 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:18 Last Seen2024-04-08 20:09:58 Times Seen222 Hash f07693f6368c988acd20de4362479103 d04355e119fac2c9104c4fe98015e22f3f181d93 4dd6c09ddcb0e53a6290cc1df35224856073ba5f89d4134bd7c69e4fd9c6f515 Loading...

	unknown	0 B	2023-03-07	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-26 11:00:55 Times Seen37090253 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	hungtingon.serveirc.com/vfy/assets/js/site-survey.min.js.download	7.5 kB	2023-03-07	2024-04-08
Pretty URL hungtingon.serveirc.com/vfy/assets/js/site-survey.min.js.download IP 35.80.21.195 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:24 Last Seen2024-04-08 20:09:58 Times Seen286 Hash 374ca92abaa98bc7b2f19fe64114a18b 4c0a1441026a9337d322d7ae5536df1427e5c140 7d24af619103660b68ae10e64670d3393f5a9e679ef9d69e72a7479071aeb806 Loading...

	hungtingon.serveirc.com/vfy/assets/js/outdated.min.js.download	1.1 kB	2023-03-07	2024-04-08
Pretty URL hungtingon.serveirc.com/vfy/assets/js/outdated.min.js.download IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:24 Last Seen2024-04-08 20:09:58 Times Seen89 Hash bc854aab7af244173e4dc2ca2a8f471a 1f0444814fabf2d764af527d1718e376ca0c89c1 11a2b7d65804df37c5d5801da23212eddb8530ffb15a5b67d77a8ccdcb5b8199 Loading...

	connect.facebook.net/en_US/fbevents.js	105 kB	2023-03-08	2023-11-28
Pretty URL connect.facebook.net/en_US/fbevents.js IP 157.240.200.14 ASN #32934 FACEBOOK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:10 Last Seen2023-11-28 17:55:58 Times Seen32 Hash a6ef7927128284961f4cadd572969f09 57e21033749687e69de710a0be6d4244edf1fe51 d5c905d7ce4679b183eb11f7c6811682ddffbf0f037590360ae2b1a84a51ef1b Loading...

	hungtingon.serveirc.com/vfy/assets/js/7a8ba97f	33 kB	2023-03-07	2024-04-08
Pretty URL hungtingon.serveirc.com/vfy/assets/js/7a8ba97f IP 35.80.21.195 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:24 Last Seen2024-04-08 20:09:58 Times Seen66 Hash af77eedae6083a5bd6f07cec713ab58d 2804fbe107e6af68bf7e2d39cfb176987e1fc9ad 06af35b557f7713851c46e61fd940a1dcf2381d6372582a63abc43dfdee46c33 Loading...

	hungtingon.serveirc.com/vfy/assets/js/ruxitagentjs_ICA27SVfjoqrux_10197200831173448.js.download	182 kB	2023-03-07	2024-04-08
Pretty URL hungtingon.serveirc.com/vfy/assets/js/ruxitagentjs_ICA27SVfjoqrux_10197200831173448.js.download IP 35.80.21.195 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:23:04 Last Seen2024-04-08 20:09:58 Times Seen94 Hash 227400e4070ac91189e80b05077abe20 714374d4c852c2058b1df7f4a6ff9f7acc164867 d42a94bdd0158c8df1d1ea4ae03da23f0007e9b6d5b38c05eb4797ffe90e1cf8 Loading...

		Size	First Seen	Last Seen
	#1 Eval - b2c2041f8d99c45e0f21474fe4f8b7bc	17 B	2023-03-07	2024-04-26
Pretty Observations First Seen2023-03-07 01:03:01 Last Seen2024-04-26 01:51:27 Times Seen7451 Hash b2c2041f8d99c45e0f21474fe4f8b7bc 0b876666393469c726a2e3edbb29544c03a92154 17f5bfdbae6b35ae8bc3b27c069526d694021fe1e37a8027678e770fbb05e061 Loading...

HTTP Transactions (103)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9385
Expires: Thu, 08 Dec 2022 10:59:37 GMT
Date: Thu, 08 Dec 2022 08:23:12 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2acd891dc6eb1f09f57a2b086791781
1e2088306501a61edcca1ade62c4d54f23b3b083
51148fed95cc00d60dc3640350f135b1b2763ff0e3cfbffc40f0948317894be9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51148FED95CC00D60DC3640350F135B1B2763FF0E3CFBFFC40F0948317894BE9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20533
Expires: Thu, 08 Dec 2022 14:05:25 GMT
Date: Thu, 08 Dec 2022 08:23:12 GMT
Connection: keep-alive

hungtingon.serveirc.com/vfy/

35.80.21.195

301 Moved Permanently

244 B

URL HTTP/1.1
hungtingon.serveirc.com/vfy/
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
244 B (244 bytes)
Hash
480ee0139c329ee7ffeeb2b14150b21a
6c8a4bea6236facc716f452136f00b14ff4cb3bc
60aee8e7795d711d8a6cfa1e84b0f808312800c5d16c43e431705301c6f6980c

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/ HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Thu, 08 Dec 2022 08:23:12 GMT
Server: Apache
Location: https://hungtingon.serveirc.com/vfy/
Content-Length: 244
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
00e7703bd74975689fc9050356aaca6b
9788fe6a36d6f278e8da329ebc5dd87bcd212317
593bc437ff8a8233516c62613d50220fcb25b9f967ed5fb384c253f0db135103

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "593BC437FF8A8233516C62613D50220FCB25B9F967ED5FB384C253F0DB135103"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6978
Expires: Thu, 08 Dec 2022 10:19:30 GMT
Date: Thu, 08 Dec 2022 08:23:12 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 08 Dec 2022 08:08:09 GMT
content-type: application/json
age: 903
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: jTa091aZZfGmfBRs3BI/b8UQCtJX8Z5xxCrsq4n9R9WRc+uWVfQzoOfGyD9ZHbTYkItniheV6kA=
x-amz-request-id: 3QY9HARQ102BXP2M
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 08 Dec 2022 07:47:50 GMT
age: 2122
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:23:12 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 08 Dec 2022 08:07:55 GMT
age: 917
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
053aff7451e55d4269dd9610ab070f3f
b3376256d11d159b0c7280ba1515b78d7d9e12ca
24114ca560fe70d03185bd66985603fd5a03dc310aa9a8ea7a7b3723ed46ce3e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6073
Cache-Control: max-age=95090
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:13 GMT
Etag: "639057aa-1d7"
Expires: Fri, 09 Dec 2022 10:48:03 GMT
Last-Modified: Wed, 07 Dec 2022 09:06:50 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

44.237.163.41

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.237.163.41:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: IKp2RIwcz22yxv++Ylsl5Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: HoBMlpNnMfsEaszb93/E888DuU8=

hungtingon.serveirc.com/vfy/

35.80.21.195

302 Found

0 B

URL HTTP/1.1
hungtingon.serveirc.com/vfy/
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/ HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 302 Found
Date: Thu, 08 Dec 2022 08:23:12 GMT
Server: Apache
location: login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852

35.80.21.195

200 OK

147 kB

URL HTTP/1.1
hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3686)
Size
147 kB (146775 bytes)
Hash
a5d37435ed7dfe018f25f91bf94f8e6d
8e7b44891ec066d77c96d2763fa7a5ddd5f95f75
263c1c214a87243791fd4d0e7167aadc79ef3a3063ee30ab37f44fd63d1f9afc

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852 HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:13 GMT
Server: Apache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

hungtingon.serveirc.com/vfy/assets/css/site-survey.min.css

35.80.21.195

200 OK

4.4 kB

URL HTTP/1.1
hungtingon.serveirc.com/vfy/assets/css/site-survey.min.css
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (4339)
Size
4.4 kB (4388 bytes)
Hash
b7d2a4622e5ba8af4ae30cd30c8938c1
3626734028846b756f4f0e946b5b815311305b81
8aa0a535b8d47209c6a2dfc8f3168f5922e84d5aafb98e8a9db0300dddadacaf

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/assets/css/site-survey.min.css HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 12:51:36 GMT
Accept-Ranges: bytes
Content-Length: 4388
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

hungtingon.serveirc.com/vfy/assets/fonts/muli-v11-latin-700.woff2

35.80.21.195

200 OK

17 kB

URL HTTP/1.1
hungtingon.serveirc.com/vfy/assets/fonts/muli-v11-latin-700.woff2
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
Web Open Font Format (Version 2), TrueType, length 17128, version 1.0\012- data
Size
17 kB (17128 bytes)
Hash
8f65fa68cfb5d8cc4f4fa728a470332b
62b57f937d710caae3ee52435ba0c408e8653c43
34f3c7445d22c1509aeecc5d020b6d24c9e2f63b3c0514cebbc3813798965273

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/assets/fonts/muli-v11-latin-700.woff2 HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:26:30 GMT
Accept-Ranges: bytes
Content-Length: 17128
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff2

hungtingon.serveirc.com/vfy/assets/fonts/HuntingtonApexWeb-Bold.woff2

35.80.21.195

200 OK

20 kB

URL HTTP/1.1
hungtingon.serveirc.com/vfy/assets/fonts/HuntingtonApexWeb-Bold.woff2
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
Web Open Font Format (Version 2), TrueType, length 19712, version 1.66\012- data
Size
20 kB (19712 bytes)
Hash
ee5e65624970575e475f375b29b0b22b
6e622749b6f7092e825eb7ed90b74c3d70fa43b9
deb1a78860a2c7ab88ddaa4a522a47ad93e26f1cc1bdd1425d108f770ce93215

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/assets/fonts/HuntingtonApexWeb-Bold.woff2 HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:25:42 GMT
Accept-Ranges: bytes
Content-Length: 19712
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff2

hungtingon.serveirc.com/vfy/assets/fonts/HuntingtonApexWeb-Medium.woff2

35.80.21.195

200 OK

20 kB

URL HTTP/1.1
hungtingon.serveirc.com/vfy/assets/fonts/HuntingtonApexWeb-Medium.woff2
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
Web Open Font Format (Version 2), TrueType, length 19976, version 1.131\012- data
Size
20 kB (19976 bytes)
Hash
3a077fd2bd5357dd3e08636baa59af5b
266784e6eb28365e3779a398e462193572b0278a
04de03ec90e95f24e347dc8ff91e6354eb0a73288e1431003e9e10de59e12d1d

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/assets/fonts/HuntingtonApexWeb-Medium.woff2 HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:37:44 GMT
Accept-Ranges: bytes
Content-Length: 19976
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff2

hungtingon.serveirc.com/vfy/assets/fonts/HuntingtonApexWeb-Book.woff2

35.80.21.195

200 OK

21 kB

URL HTTP/1.1
hungtingon.serveirc.com/vfy/assets/fonts/HuntingtonApexWeb-Book.woff2
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
Web Open Font Format (Version 2), TrueType, length 20592, version 1.66\012- data
Size
21 kB (20592 bytes)
Hash
a075767d12a8cc86d52367ef3aacec11
9aef8898e7a319ee5cbe08c5b0cec63512561d7d
e744a36d486c70943378751b1d1623c2c8f25ee10abd89365ff20162d98dd555

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/assets/fonts/HuntingtonApexWeb-Book.woff2 HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:26:02 GMT
Accept-Ranges: bytes
Content-Length: 20592
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff2

hungtingon.serveirc.com/vfy/assets/fonts/HuntingtonApexWeb-MediumCaps.woff2

35.80.21.195

200 OK

19 kB

URL HTTP/1.1
hungtingon.serveirc.com/vfy/assets/fonts/HuntingtonApexWeb-MediumCaps.woff2
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
Web Open Font Format (Version 2), TrueType, length 18636, version 1.131\012- data
Size
19 kB (18636 bytes)
Hash
6bcfcbed1f0aa26a245423d2e4bcde4f
d17df2ba457e3009ee38db903b88671885c3984e
9a5b0c5eba9dfa18bae071303b7cd96ef716a5bb6d8dcf39dd53a6e931dc6b22

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/assets/fonts/HuntingtonApexWeb-MediumCaps.woff2 HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:26:14 GMT
Accept-Ranges: bytes
Content-Length: 18636
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff2

hungtingon.serveirc.com/vfy/assets/fonts/muli-v11-latin-600.woff2

35.80.21.195

200 OK

17 kB

URL HTTP/1.1
hungtingon.serveirc.com/vfy/assets/fonts/muli-v11-latin-600.woff2
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
Web Open Font Format (Version 2), TrueType, length 17080, version 1.0\012- data
Size
17 kB (17080 bytes)
Hash
b6e5b86d74352699fff02e4bdc5185e5
f01de24cfaf2f20e715e4d49023fcb19b1a62d1d
d09bb7e3de3760ca1d9375090796e4f1cf180f43c6457a874ed22c3b0a0b07ea

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/assets/fonts/muli-v11-latin-600.woff2 HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:26:56 GMT
Accept-Ranges: bytes
Content-Length: 17080
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: font/woff2

hungtingon.serveirc.com/vfy/assets/fonts/muli-v11-latin-300.woff2

35.80.21.195

200 OK

17 kB

URL HTTP/1.1
hungtingon.serveirc.com/vfy/assets/fonts/muli-v11-latin-300.woff2
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
Web Open Font Format (Version 2), TrueType, length 16872, version 1.0\012- data
Size
17 kB (16872 bytes)
Hash
3d9d9afae68fc95977ec200c119c42a1
2b44b2f5ec04f2f06fd28c9041fb8fa582ab8fcc
f43ea36b900ae7aa4ec07956e9b1223ab00dac1f766d97580b1e2bfe721cdc24

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/assets/fonts/muli-v11-latin-300.woff2 HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:26:44 GMT
Accept-Ranges: bytes
Content-Length: 16872
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: font/woff2

hungtingon.serveirc.com/vfy/assets/js/121543311796381

35.80.21.195

200 OK

21 kB

URL HTTP/1.1
hungtingon.serveirc.com/vfy/assets/js/121543311796381
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (6957)
Size
21 kB (21019 bytes)
Hash
e3bf3fa0a912c14bfe1c0b7282fbfa8a
96b0a4a037c23ce2e7bc90c146610c473549665a
1358a42f383b6e651d8412fbd5ab4c3e89b8c427d325815783e78d00d95e4138

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/assets/js/121543311796381 HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:18:44 GMT
Accept-Ranges: bytes
Content-Length: 21019
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7675
Expires: Thu, 08 Dec 2022 10:31:09 GMT
Date: Thu, 08 Dec 2022 08:23:14 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7675
Expires: Thu, 08 Dec 2022 10:31:09 GMT
Date: Thu, 08 Dec 2022 08:23:14 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7675
Expires: Thu, 08 Dec 2022 10:31:09 GMT
Date: Thu, 08 Dec 2022 08:23:14 GMT
Connection: keep-alive

hungtingon.serveirc.com/vfy/assets/js/bat.js.download

35.80.21.195

200 OK

28 kB

URL HTTP/1.1
hungtingon.serveirc.com/vfy/assets/js/bat.js.download
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (28050), with no line terminators
Size
28 kB (28050 bytes)
Hash
f07693f6368c988acd20de4362479103
d04355e119fac2c9104c4fe98015e22f3f181d93
4dd6c09ddcb0e53a6290cc1df35224856073ba5f89d4134bd7c69e4fd9c6f515

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/assets/js/bat.js.download HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Tue, 03 Nov 2020 10:06:48 GMT
Accept-Ranges: bytes
Content-Length: 28050
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

hungtingon.serveirc.com/vfy/assets/js/

35.80.21.195

200 OK

16 kB

URL HTTP/1.1
hungtingon.serveirc.com/vfy/assets/js/
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
16 kB (16373 bytes)
Hash
fa8316640645cc7682dc72155c9071ab
bc05804a2f8821d7f3426a697f33449ee11db4f5
c3306a4938b8907e33f172d29cea7fd6510ce0ec3df3054e651ca6fb3d029cae

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/assets/js/ HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a21d707-1bf7-4b7f-a23b-7e8f38dd40c5.jpeg

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a21d707-1bf7-4b7f-a23b-7e8f38dd40c5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10164 bytes)
Hash
3d44d17585c9a536c8da0e75ed90d175
9dc35d0f6b251004bc1ddc83aea9ee71c95aedd1
6d14a5b5c43b39244434560a83a2bfea6604a4d072943b6147293b7adfd1b7b7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a21d707-1bf7-4b7f-a23b-7e8f38dd40c5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10164
x-amzn-requestid: a0cb7259-0a07-44f5-91cd-e96b8d9c9cac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cnAPOGSnoAMFUUQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c472e-799b6ee425e29fb70ff7e4ea;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 07:07:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5Q2LRCrEYVZz_KldQARUQ26O1mv0G7rMAPQXGkBzUnERF-WjtZPMJA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 12:11:17 GMT
age: 72717
etag: "9dc35d0f6b251004bc1ddc83aea9ee71c95aedd1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5382e616-602f-4e00-bed7-d95c66a5000d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5245 bytes)
Hash
43fdc85bfd574fa803f0bcdc216ef622
27f558d5cdc150a50f080c054423500666b63d74
fafd2a81cddacdb4e5fd7c9963a784e6e56d06ac98f0bd4124fd74fa3ba015e0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5382e616-602f-4e00-bed7-d95c66a5000d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5245
x-amzn-requestid: 9770ebcd-fb1e-4b81-bb87-1e98ef024741
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy-E8HugoAMFsKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911085-54eb7a48323113d52329abf5;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 22:15:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: d2DHUS5fGT4uoPPdjDXmHUOQVF93ULtO4zSHRmrx7KMu3lO0y0K9ag==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:24:13 GMT
age: 35941
etag: "27f558d5cdc150a50f080c054423500666b63d74"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8659 bytes)
Hash
b87d6543345f73653ed4a49b37d7c959
c4f26846b8b72293368ff16915d49297cf12bbb9
aee6aa42e4b5b83b81f74801ff8f0039fc6d38036f42ee81875813c856cf5eef

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8659
x-amzn-requestid: 6f420d07-65d5-4bb2-9f1f-e56025de497b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czFSYFArIAMF46w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911c0f-0a295e5c48228d5806b4f107;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 23:04:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: TSh1BNzzIPhWCfYEiqvQJckSPAyhHobe-HK6msEVeEJ1ruX-_rMSSA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 23:35:32 GMT
age: 31662
etag: "c4f26846b8b72293368ff16915d49297cf12bbb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51f870bb-e67d-4a93-bab0-cf574561a496.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.4 kB (8438 bytes)
Hash
f4cbd333b74ebe10e77c1bdf1fec0269
bbcfa6a3ae98d5e3f4ffd3b0d6ee6934c7ca33a8
7c868974824cef2f1a08c4500d10490fbaa8515984391b822c70a5009ad8c225

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51f870bb-e67d-4a93-bab0-cf574561a496.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8438
x-amzn-requestid: 79861560-2468-4c0a-afd8-800d1e6d6814
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy4A5EbzIAMF9Rg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639106d2-0b1efe0b006b8b0b2f69870b;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:34:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OInz4Evmbh2Z4PL2ogGsw6iOF9I-u-KhBhAsHHiA46CuHcqHo2Z34A==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:13:07 GMT
age: 36607
etag: "bbcfa6a3ae98d5e3f4ffd3b0d6ee6934c7ca33a8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9367069b-64ab-4e4d-b8c9-fa115e0681a9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.7 kB (3744 bytes)
Hash
bdf4703f3372054a7aadce1cb0e11bd0
84d060f66accd412503d52c385ee47cb35795c07
c5853b653ee328e567e2456be12450e04c1704ed64fb6234f008532e4b6c8363

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9367069b-64ab-4e4d-b8c9-fa115e0681a9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3744
x-amzn-requestid: 73eab74b-e50c-46d1-adde-3ef85fb772f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cvlj7FDiIAMFmsQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638fb618-70ffb1925e3a9ef6081d1cd1;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 21:37:28 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: mNqZM4645fF2zaqXJgT68q_xIbg2tvE1KaqK1P2LzC307rl4OTZ33Q==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 21:58:04 GMT
age: 37510
etag: "84d060f66accd412503d52c385ee47cb35795c07"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d27bcd3-7b4f-4d99-8f0d-b7b98bfaa8d7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.6 kB (5620 bytes)
Hash
ce35df4fe4f77c950e40dc44b311bab4
aadf97d040e3577599581e892ee20f88d191bf91
f9c4cfc384213f77c0bbb252f3d6fbc22be60e1ecc158eece857d5050c8ced3c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d27bcd3-7b4f-4d99-8f0d-b7b98bfaa8d7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5620
x-amzn-requestid: fadda084-c7fc-4ec0-bad0-27e97b8349d6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy4gHGIMIAMFy_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6391079a-5dc824963fe82ab927205128;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:37:30 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MWB80hrfUMDjexNsySVGMXtm6Wva4t1gkJXaesFKRaGSkFS1r1zIrw==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:13:24 GMT
age: 36590
etag: "aadf97d040e3577599581e892ee20f88d191bf91"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

hungtingon.serveirc.com/vfy/assets/js/ytc.js.download

35.80.21.195

200 OK

15 kB

URL HTTP/1.1
hungtingon.serveirc.com/vfy/assets/js/ytc.js.download
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (14972), with no line terminators
Size
15 kB (14972 bytes)
Hash
49db10c8315384e8dad2e92a6841ed81
f576976a579cd50da6b717db5d48e1ea7137f744
63896532a7015ab5b7288359c02124980a5075e9267f0ba3fbfc7c3f5038b478

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/assets/js/ytc.js.download HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Tue, 03 Nov 2020 10:06:48 GMT
Accept-Ranges: bytes
Content-Length: 14972
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript

hungtingon.serveirc.com/vfy/assets/js/jquery-3.5.1.min.js.download

35.80.21.195

200 OK

90 kB

URL HTTP/1.1
hungtingon.serveirc.com/vfy/assets/js/jquery-3.5.1.min.js.download
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (65451)
Size
90 kB (89476 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/assets/js/jquery-3.5.1.min.js.download HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:18:46 GMT
Accept-Ranges: bytes
Content-Length: 89476
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript

hungtingon.serveirc.com/vfy/assets/js/fbevents.js.download

35.80.21.195

200 OK

90 kB

URL HTTP/1.1
hungtingon.serveirc.com/vfy/assets/js/fbevents.js.download
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (64379)
Size
90 kB (90273 bytes)
Hash
61df3554472fe8057b5ae4537648d00d
125767dc32df57aa86a64801d9457923e378b397
e37570ef85a3553930ba20dfab7280bfcead8a2238b536b5c03c629c35b3d4ca

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/assets/js/fbevents.js.download HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:18:44 GMT
Accept-Ranges: bytes
Content-Length: 90273
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

hungtingon.serveirc.com/vfy/assets/js/js

35.80.21.195

200 OK

97 kB

URL HTTP/1.1
hungtingon.serveirc.com/vfy/assets/js/js
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (2639)
Size
97 kB (96892 bytes)
Hash
67e765e44e7d18ed41711d7e4935bc50
0289b9754b56ba057550a7e7d62e0b3587e43f2d
e5973becebda7e91d869447913826e69cd123d87e1a6f2ddf8897d72a63a3c6c

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/assets/js/js HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Tue, 03 Nov 2020 10:06:48 GMT
Accept-Ranges: bytes
Content-Length: 96892
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive

hungtingon.serveirc.com/vfy/assets/js/95b0da5c7fc415e06807cc694ee0021c.js.download

35.80.21.195

200 OK

154 kB

URL HTTP/1.1
hungtingon.serveirc.com/vfy/assets/js/95b0da5c7fc415e06807cc694ee0021c.js.download
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (543)
Size
154 kB (154122 bytes)
Hash
d33104f26092658d2becbbfa66e9d1fb
9c33f190903b2664af1f20b3a16ce2dca13d8a49
4249e4f7acbb2de46e66922b8ae70689820a9a6eb9a6f98a77d13190b7c2559e

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/assets/js/95b0da5c7fc415e06807cc694ee0021c.js.download HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:18:46 GMT
Accept-Ranges: bytes
Content-Length: 154122
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

hungtingon.serveirc.com/vfy/assets/js/7a8ba97f

35.80.21.195

200 OK

33 kB

URL HTTP/1.1
hungtingon.serveirc.com/vfy/assets/js/7a8ba97f
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (19024)
Size
33 kB (32863 bytes)
Hash
af77eedae6083a5bd6f07cec713ab58d
2804fbe107e6af68bf7e2d39cfb176987e1fc9ad
06af35b557f7713851c46e61fd940a1dcf2381d6372582a63abc43dfdee46c33

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/assets/js/7a8ba97f HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:15 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:18:48 GMT
Accept-Ranges: bytes
Content-Length: 32863
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive

hungtingon.serveirc.com/vfy/assets/js/toolkit.min.js.download

35.80.21.195

200 OK

462 kB

URL HTTP/1.1
hungtingon.serveirc.com/vfy/assets/js/toolkit.min.js.download
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Size
462 kB (461456 bytes)
Hash
325f5dd8b44503ea1799409a40addb9e
3887ffbc86f01677d34cce7ac8839305e175e97a
dbe44f4b698a44798e63a0177f6283a2dff01335f142be72dccfedd66e91554e

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/assets/js/toolkit.min.js.download HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:18:46 GMT
Accept-Ranges: bytes
Content-Length: 461456
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript

hungtingon.serveirc.com/vfy/assets/js/inqChatLaunch10006663.js.download

35.80.21.195

200 OK

22 kB

URL HTTP/1.1
hungtingon.serveirc.com/vfy/assets/js/inqChatLaunch10006663.js.download
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (999)
Size
22 kB (22354 bytes)
Hash
1c9d96d3f228156fd7e9df9c531871d1
a118554b1208e30af4a0fef948c9566b8e7f4a94
648d971972fc0140127ab99989b3b55a28e8e3c2fcbf281390bbb7edf5000f26

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/assets/js/inqChatLaunch10006663.js.download HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:15 GMT
Server: Apache
Last-Modified: Tue, 03 Nov 2020 10:06:50 GMT
Accept-Ranges: bytes
Content-Length: 22354
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

hungtingon.serveirc.com/vfy/assets/js/oo_engine.min.js.download

35.80.21.195

200 OK

46 kB

URL HTTP/1.1
hungtingon.serveirc.com/vfy/assets/js/oo_engine.min.js.download
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (45689), with no line terminators
Size
46 kB (45689 bytes)
Hash
3023bde795e4926691e3691ace0d9356
053c86b53ec7bca624cffc3f6321697d35a1c5d5
1bf7836282cf0a1f1cae452a2b7d03f4857827aa682e36562831fe3bc34f30a5

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/assets/js/oo_engine.min.js.download HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:15 GMT
Server: Apache
Last-Modified: Tue, 03 Nov 2020 10:06:50 GMT
Accept-Ranges: bytes
Content-Length: 45689
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

hungtingon.serveirc.com/vfy/assets/js/Bootstrap.js.download

35.80.21.195

200 OK

226 kB

URL HTTP/1.1
hungtingon.serveirc.com/vfy/assets/js/Bootstrap.js.download
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (603)
Size
226 kB (225981 bytes)
Hash
8746e0eaa34beca77c5679a495ed1d3a
f8bc25c85508043935f3e63ff5cd1196c35762d6
83acf00ba4050132d8547daca62a4fca4670029aaa75b01c5e99179cbc6d4991

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/assets/js/Bootstrap.js.download HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:15 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:18:46 GMT
Accept-Ranges: bytes
Content-Length: 225981
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

hungtingon.serveirc.com/vfy/assets/js/site-survey.min.js.download

35.80.21.195

200 OK

7.5 kB

URL HTTP/1.1
hungtingon.serveirc.com/vfy/assets/js/site-survey.min.js.download
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (7496)
Size
7.5 kB (7541 bytes)
Hash
374ca92abaa98bc7b2f19fe64114a18b
4c0a1441026a9337d322d7ae5536df1427e5c140
7d24af619103660b68ae10e64670d3393f5a9e679ef9d69e72a7479071aeb806

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/assets/js/site-survey.min.js.download HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:15 GMT
Server: Apache
Last-Modified: Tue, 03 Nov 2020 10:06:50 GMT
Accept-Ranges: bytes
Content-Length: 7541
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript

hungtingon.serveirc.com/vfy/assets/js/06bebd2b36rn240c2a1532a26141a767

35.80.21.195

200 OK

72 kB

URL HTTP/1.1
hungtingon.serveirc.com/vfy/assets/js/06bebd2b36rn240c2a1532a26141a767
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (65536), with no line terminators
Size
72 kB (72012 bytes)
Hash
335f2776eaf4ca7eca9953d2240c3316
5f5702f072d8e721dd3557ccd2a0944b3cc58fa5
ca9ee108c9cd3072864c1fcfe42f8fa40f829a33267388e0adbf41fa8b2da9a5

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/assets/js/06bebd2b36rn240c2a1532a26141a767 HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:15 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:18:48 GMT
Accept-Ranges: bytes
Content-Length: 72012
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive

hungtingon.serveirc.com/vfy/assets/css/toolkit.min.css

35.80.21.195

200 OK

354 kB

URL HTTP/1.1
hungtingon.serveirc.com/vfy/assets/css/toolkit.min.css
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (65536), with no line terminators
Size
354 kB (354237 bytes)
Hash
c1a238b15d787d129d19c3b1e840ef82
f0a5a113d05a63617959d39aa735a47762c22a80
9aa364658609b56150bae76849da9138758ad120cb89fea2dd947017ce1c3f25

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/assets/css/toolkit.min.css HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:18:46 GMT
Accept-Ranges: bytes
Content-Length: 354237
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css

hungtingon.serveirc.com/vfy/assets/img/EHL_Black_HouseOnly.svg

35.80.21.195

200 OK

707 B

URL HTTP/1.1
hungtingon.serveirc.com/vfy/assets/img/EHL_Black_HouseOnly.svg
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
707 B (707 bytes)
Hash
422002ff598ec781dc753d0627bec1ee
d440d6acb305d644a4ba824a28c97f04511aac95
4808c0ca2576dc18bf8df509199edef7a4a2b809fde09ecc6688f998e855486e

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/assets/img/EHL_Black_HouseOnly.svg HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:15 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 11:24:14 GMT
Accept-Ranges: bytes
Content-Length: 707
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/svg+xml

hungtingon.serveirc.com/vfy/assets/img/oo_icon_retina_black.gif

35.80.21.195

200 OK

552 B

URL HTTP/1.1
hungtingon.serveirc.com/vfy/assets/img/oo_icon_retina_black.gif
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 18 x 18\012- data
Size
552 B (552 bytes)
Hash
0f74fe3f4f85d3c7f096f2416efa893a
bffedd9c6e9b04c0e6f7f77bd689013de5e8d01e
15f5836e52324d46e89eed325a5de5158f0d9bb29d59e1ffc381d961a1f6980d

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/assets/img/oo_icon_retina_black.gif HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:15 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 13:29:26 GMT
Accept-Ranges: bytes
Content-Length: 552
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: image/gif

hungtingon.serveirc.com/vfy/assets/img/lockup.svg

35.80.21.195

200 OK

3.9 kB

URL HTTP/1.1
hungtingon.serveirc.com/vfy/assets/img/lockup.svg
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (3937), with CRLF line terminators
Size
3.9 kB (3942 bytes)
Hash
760da63259e763df170dc8720b8d8a41
efd755d6b9efdb7ce688a77f4d68dee3498162eb
9ce0c7443f6975ac01655f26813947926a374c68f28289dd198fc6299203beed

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/assets/img/lockup.svg HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:15 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 11:24:14 GMT
Accept-Ranges: bytes
Content-Length: 3942
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/svg+xml

hungtingon.serveirc.com/vfy/assets/img/logo-honeycomb.svg

35.80.21.195

200 OK

844 B

URL HTTP/1.1
hungtingon.serveirc.com/vfy/assets/img/logo-honeycomb.svg
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (841), with no line terminators
Size
844 B (844 bytes)
Hash
d7ce1f5e222e75801ed22741962ac64b
3cf38997840e2047e145a747cbb220cee28adaab
83e4d5829d43cb3723521baf4e6a8f7130f0bf91cb957ee14d9c7dde2d9ccb93

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/assets/img/logo-honeycomb.svg HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:15 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:18:48 GMT
Accept-Ranges: bytes
Content-Length: 844
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/svg+xml

hungtingon.serveirc.com/vfy/assets/js/nuanceChat.html

35.80.21.195

404 Not Found

315 B

URL HTTP/1.1
hungtingon.serveirc.com/vfy/assets/js/nuanceChat.html
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/assets/js/nuanceChat.html HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Cookie: dtCookie=-5$ILMI6FSMABTS0U35LV4M1OKQR0PFJFI1; rxVisitor=16704877944829MDVIN080N6678MM1R2OCLRI8KP4FFCN; dtPC=-5$87794474_296h6vSVQRANLNMGCGPKRUHVGNIRHPPCUCCUDS-0; rxvt=1670489595014|1670487794484; dtSa=-; dtLatC=689
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Date: Thu, 08 Dec 2022 08:23:15 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

hungtingon.serveirc.com/resources/06bebd2b36rn240c2a1532a26141a767

35.80.21.195

404 Not Found

315 B

URL HTTP/1.1
hungtingon.serveirc.com/resources/06bebd2b36rn240c2a1532a26141a767
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

POST /resources/06bebd2b36rn240c2a1532a26141a767 HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-dtpc: -5$87794474_296h6vSVQRANLNMGCGPKRUHVGNIRHPPCUCCUDS-0
Content-Type: text/plain;charset=UTF-8
Content-Length: 1335
Origin: https://hungtingon.serveirc.com
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Cookie: dtCookie=-5$ILMI6FSMABTS0U35LV4M1OKQR0PFJFI1; rxVisitor=16704877944829MDVIN080N6678MM1R2OCLRI8KP4FFCN; dtPC=-5$87794474_296h6vSVQRANLNMGCGPKRUHVGNIRHPPCUCCUDS-0; rxvt=1670489595014|1670487794484; dtSa=-; dtLatC=689
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Date: Thu, 08 Dec 2022 08:23:15 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
da956e057260390fdb0f031611642013
9a6e98aab555fffbb13725ed243d0710de42946f
bde9720713f98ab261e1c89c5981a26ae8120ba67a48d7e0c7214ebeca9529c8

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3908
Cache-Control: max-age=151278
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:15 GMT
Etag: "63913b9d-1d7"
Expires: Sat, 10 Dec 2022 02:24:33 GMT
Last-Modified: Thu, 08 Dec 2022 01:19:25 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
9dbb9fb1b63181ccda38275fa8d6d7d5
2cd8350dd8487afcf2bf131f7e0330ae50c6f81c
9106822a6921abeef993518f668a3f73852273493df0409f336f9f981a3c8c9f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4747
Cache-Control: max-age=90179
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:15 GMT
Etag: "639049ab-1d7"
Expires: Fri, 09 Dec 2022 09:26:14 GMT
Last-Modified: Wed, 07 Dec 2022 08:07:07 GMT
Server: ECS (amb/6B95)
X-Cache: HIT
Content-Length: 471

www.huntington.com/Presentation/Styles/site-survey.min.css?v=9wo2OrXUNeUe10c3vTcwXGC1EiWtIEx5MI-aYe1RKSk1

95.101.10.201

200 OK

1.2 kB

URL HTTP/2
www.huntington.com/Presentation/Styles/site-survey.min.css?v=9wo2OrXUNeUe10c3vTcwXGC1EiWtIEx5MI-aYe1RKSk1
IP
95.101.10.201:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (4339)
Size
1.2 kB (1249 bytes)
Hash
19ac7c952619cab53123eee38648d8bd
47e839324893deeef4e9f6b46dff135e1542dc9a
1a8ffa5f523a7a462b51616592473a2799bb0d687c1391d7d2ba3e5a58f95d78

HTTP Headers

GET /Presentation/Styles/site-survey.min.css?v=9wo2OrXUNeUe10c3vTcwXGC1EiWtIEx5MI-aYe1RKSk1 HTTP/1.1
Host: www.huntington.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-type: text/css
etag: "01efff054ccd81:0"
last-modified: Mon, 19 Sep 2022 18:23:40 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer-when-downgrade
server-timing: dtSInfo;desc="0", dtRpid;desc="-943239442"
x-ua-compatible: IE=edge
content-length: 1249
cache-control: public, max-age=1566383
expires: Mon, 26 Dec 2022 11:29:39 GMT
date: Thu, 08 Dec 2022 08:23:16 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2

hungtingon.serveirc.com/vfy/assets/img/favicon-16x16.png

35.80.21.195

200 OK

629 B

URL HTTP/1.1
hungtingon.serveirc.com/vfy/assets/img/favicon-16x16.png
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
629 B (629 bytes)
Hash
b3edcae46fea41cde6b830ecfe7f89e4
f031fd0f0050d9601254e35eecb6d573585418f9
5c838bb93e9d85d3badb18e708a16a8287505922eada63ed4fb7495eaefb0a17

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/assets/img/favicon-16x16.png HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Cookie: dtCookie=-5$ILMI6FSMABTS0U35LV4M1OKQR0PFJFI1; rxVisitor=16704877944829MDVIN080N6678MM1R2OCLRI8KP4FFCN; dtPC=-5$87794474_296h6vSVQRANLNMGCGPKRUHVGNIRHPPCUCCUDS-0; rxvt=1670489595235|1670487794484; dtSa=-; dtLatC=689; loginCookie=personalLogin
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:16 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:32:32 GMT
Accept-Ranges: bytes
Content-Length: 629
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: image/png

hungtingon.serveirc.com/resources/06bebd2b36rn240c2a1532a26141a767

35.80.21.195

404 Not Found

315 B

URL HTTP/1.1
hungtingon.serveirc.com/resources/06bebd2b36rn240c2a1532a26141a767
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

POST /resources/06bebd2b36rn240c2a1532a26141a767 HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-dtpc: -5$87794474_296h10vSVQRANLNMGCGPKRUHVGNIRHPPCUCCUDS-0
Content-Type: text/plain;charset=UTF-8
Content-Length: 1554
Origin: https://hungtingon.serveirc.com
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Cookie: dtCookie=-5$ILMI6FSMABTS0U35LV4M1OKQR0PFJFI1; rxVisitor=16704877944829MDVIN080N6678MM1R2OCLRI8KP4FFCN; dtPC=-5$87794474_296h10vSVQRANLNMGCGPKRUHVGNIRHPPCUCCUDS-0; rxvt=1670489595545|1670487794484; dtSa=-; dtLatC=689; loginCookie=personalLogin
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Date: Thu, 08 Dec 2022 08:23:16 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

hungtingon.serveirc.com/akam/11/pixel_7a8ba97f

35.80.21.195

404 Not Found

315 B

URL HTTP/1.1
hungtingon.serveirc.com/akam/11/pixel_7a8ba97f
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	huntington	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

POST /akam/11/pixel_7a8ba97f HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
x-dtpc: -5$87794474_296h13vSVQRANLNMGCGPKRUHVGNIRHPPCUCCUDS-0
Content-Length: 2834
Origin: https://hungtingon.serveirc.com
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Cookie: dtCookie=-5$ILMI6FSMABTS0U35LV4M1OKQR0PFJFI1; rxVisitor=16704877944829MDVIN080N6678MM1R2OCLRI8KP4FFCN; dtPC=-5$87794474_296h13vSVQRANLNMGCGPKRUHVGNIRHPPCUCCUDS-0; rxvt=1670489595894|1670487794484; dtSa=-; dtLatC=689; loginCookie=personalLogin
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Date: Thu, 08 Dec 2022 08:23:16 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

ensighten.huntingtonbank.com/huntington/com/serverComponent.php?r=2126829006.7238393&namespace=Bootstrapper&staticJsPath=ensighten.huntingtonbank.com/huntington/com/code/&publishedOn=Thu%20Oct%2022%2001:05:05%20GMT%202020&ClientID=1035&PageID=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852

34.242.179.188

200 OK

38 kB

URL HTTP/2
ensighten.huntingtonbank.com/huntington/com/serverComponent.php?r=2126829006.7238393&namespace=Bootstrapper&staticJsPath=ensighten.huntingtonbank.com/huntington/com/code/&publishedOn=Thu%20Oct%2022%2001:05:05%20GMT%202020&ClientID=1035&PageID=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
IP
34.242.179.188:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (823)
Size
38 kB (37537 bytes)
Hash
c4f4fede393274527dc82a8e3ebb45c8
a77f5236aaae037b33678b765d2ec91483139083
492d14496a0424f3fa4ecef2660cebbd5bc9e9629bffb2bb44d9057a037e9fb9

HTTP Headers

GET /huntington/com/serverComponent.php?r=2126829006.7238393&namespace=Bootstrapper&staticJsPath=ensighten.huntingtonbank.com/huntington/com/code/&publishedOn=Thu%20Oct%2022%2001:05:05%20GMT%202020&ClientID=1035&PageID=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852 HTTP/1.1
Host: ensighten.huntingtonbank.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:23:16 GMT
content-type: text/javascript
vary: Accept-Encoding
expires: Thu, 08 Dec 2022 08:23:15 GMT
cache-control: no-cache, no-store
x-cache: Miss from cloudfront
via: 1.1 8c8084716542b7132c319aa80cffeee6.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
x-amz-cf-id: l6A3VB8Go5kPIcyWQ766zFu8qwWXgzd1ZXTOu2pTTcLIVXh-9X7hcA==
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
c7a5f887bbc7d30b9cfe15163c3d8ddb
21d65790a1d10a06d198b54218365aa474126e1c
2a2e7930f967d947cc5293c95221913e24596773577bbf56ff402db6236bbda1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=DC-10701487

142.250.74.8

200 OK

44 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=DC-10701487
IP
142.250.74.8:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1921)
Size
44 kB (44135 bytes)
Hash
dc5117400b8c20539b9ccdae5ed5deff
6958b597fd2eed50cc256076ee92da3fff3db2f2
0a04062bccfeeb60b9e96ef69b68ef5567b75ca616334b058f1b99dd5a4da75b

HTTP Headers

GET /gtag/js?id=DC-10701487 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 08 Dec 2022 08:23:16 GMT
expires: Thu, 08 Dec 2022 08:23:16 GMT
cache-control: private, max-age=900
last-modified: Thu, 08 Dec 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44135
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

cdn.clinch.co/a_js/client_pixels/clq/script.min.js

95.101.10.121

200 OK

4.6 kB

URL HTTP/1.1
cdn.clinch.co/a_js/client_pixels/clq/script.min.js
IP
95.101.10.121:0
ASN
#20940 Akamai International B.V.

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (14797), with no line terminators
Size
4.6 kB (4567 bytes)
Hash
87474300d7f17748e3ed24b42d4bee2b
9d2c3a1f2b9cffdcb309ea2a2b13bed7b693042c
0388ad3b8fc80cfb336b71fabe7c01a2a8d8ff699fb448f4105a7d9ff5f680ef

HTTP Headers

GET /a_js/client_pixels/clq/script.min.js HTTP/1.1
Host: cdn.clinch.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
x-amz-id-2: GOUPBDUqUrWxvP4/HKrzDYlrArfvlOmQz/pa4jdSpy+ixsYiakPlmO04sxkhp2bewI29qI1gmfQ=
x-amz-request-id: C4V9F73KCAC1YNPX
Last-Modified: Tue, 11 Jan 2022 12:52:46 GMT
ETag: "666e09028e21421106f9ecd0ceb1ddac"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: application/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=26879445
Expires: Sun, 15 Oct 2023 10:54:01 GMT
Date: Thu, 08 Dec 2022 08:23:16 GMT
Content-Length: 4567
Connection: keep-alive
Access-Control-Max-Age: 86400
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET,HEAD,OPTIONS
Access-Control-Allow-Origin: *

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
c7a5f887bbc7d30b9cfe15163c3d8ddb
21d65790a1d10a06d198b54218365aa474126e1c
2a2e7930f967d947cc5293c95221913e24596773577bbf56ff402db6236bbda1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

snap.licdn.com/li.lms-analytics/insight.min.js

95.101.11.57

200 OK

4.6 kB

URL HTTP/2
snap.licdn.com/li.lms-analytics/insight.min.js
IP
95.101.11.57:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (12961)
Size
4.6 kB (4581 bytes)
Hash
c1a25b303b61b25e995516f5559bcdea
3c16a6fa3a2a6dc59d57a9ea1588c4f259884688
2063d2d1415ce9437e9331cb9a798714a5b2e106a65d6dc0ef0d426a5a4c30f2

HTTP Headers

GET /li.lms-analytics/insight.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Thu, 17 Nov 2022 18:52:45 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=84462
date: Thu, 08 Dec 2022 08:23:16 GMT
content-length: 4581
x-cdn: AKAM
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
7d047c6733f9c8d5998cae08d314f084
c23a8dce8a76dd01e22650fc1c19af2bae963008
d13c4f663e010387e21eece93c733faf5f2c3f9ff8ffca7aad99235aa990bea5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6227
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:16 GMT
Last-Modified: Thu, 08 Dec 2022 06:39:29 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471

connect.facebook.net/en_US/fbevents.js

157.240.200.14

200 OK

27 kB

URL HTTP/2
connect.facebook.net/en_US/fbevents.js
IP
157.240.200.14:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (64348)
Size
27 kB (27340 bytes)
Hash
44ecaa3c2a4929a40141edc4540aaf84
f29a573182333b2500d41bfc389d6c5232dfb348
6589fe14578dedd4df678a909afadd7e5bc7f57c7e3e24518a7f5faac7383396

HTTP Headers

GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: R+d3vOq2djJ6zr34iE4F7MknSL1fogWDK5Vxl549tguqM3yXzl8Zuhmfyv5AYbccBt9BtX/7YxRO2jRti5KG2Q==
content-length: 27340
x-fb-trip-id: 1679558926
date: Thu, 08 Dec 2022 08:23:16 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
7d047c6733f9c8d5998cae08d314f084
c23a8dce8a76dd01e22650fc1c19af2bae963008
d13c4f663e010387e21eece93c733faf5f2c3f9ff8ffca7aad99235aa990bea5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6227
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:16 GMT
Last-Modified: Thu, 08 Dec 2022 06:39:29 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471

s.yimg.com/wi/ytc.js

188.125.94.204

200 OK

5.9 kB

URL HTTP/2
s.yimg.com/wi/ytc.js
IP
188.125.94.204:0
ASN
#10310 YAHOO-1

File type
ASCII text, with very long lines (16553), with no line terminators
Size
5.9 kB (5929 bytes)
Hash
2f6a1b8a4843f74a5ba54c055fcb3850
919a5f9166f3f9c73803cebd312ad016570a30d8
1b6439153633e4e2dc23c743e14218931c1b4912bc7a3ad64bfee1d2d6982f50

HTTP Headers

GET /wi/ytc.js HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: d3j7rZlGBvV5MnpPwtNmQ7Q2XzQAR3tz7nxMqWf8NlIDcWbRmX5iHkEw2KSXj1GL04wI8bQ9n8w=
x-amz-request-id: 1DE4F7GTKPMVM2E2
date: Thu, 08 Dec 2022 07:46:40 GMT
last-modified: Tue, 14 Jun 2022 12:21:31 GMT
x-amz-expiration: expiry-date="Thu, 20 Jul 2023 00:00:00 GMT", rule-id="oath-standard-lifecycle"
etag: "6a624022b5d271dcefb070b0b6670abc-df"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=3600
x-amz-version-id: .QD3nDfK79S8_ikLSJXTL23Tdis9tg0C
accept-ranges: bytes
content-type: application/javascript
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin, Accept-Encoding
content-encoding: gzip
age: 2197
content-length: 5929
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

cdn.linkedin.oribi.io/partner/291554/domain/hungtingon.serveirc.com/token

143.204.55.87

200 OK

0 B

URL HTTP/2
cdn.linkedin.oribi.io/partner/291554/domain/hungtingon.serveirc.com/token
IP
143.204.55.87:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /partner/291554/domain/hungtingon.serveirc.com/token HTTP/1.1
Host: cdn.linkedin.oribi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://hungtingon.serveirc.com/
Origin: https://hungtingon.serveirc.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-length: 0
date: Thu, 08 Dec 2022 07:16:26 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: content-type
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
x-cache: Hit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: MO3Jccg2AITYlgXNg8ORvkAqZd1iYb5PAnbO3klRjvyIZ6p9ZV6IPw==
age: 4011
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
07a86cf9d9c8389ebd9c52303c83b27f
fd3524d701bdf111c541b6fc9e038bffcc3b5d6c
de08c944b2cb2671078e452d870757622e286f7214d736ab2c1b1d1c2ab8dcfb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
07a86cf9d9c8389ebd9c52303c83b27f
fd3524d701bdf111c541b6fc9e038bffcc3b5d6c
de08c944b2cb2671078e452d870757622e286f7214d736ab2c1b1d1c2ab8dcfb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
07a86cf9d9c8389ebd9c52303c83b27f
fd3524d701bdf111c541b6fc9e038bffcc3b5d6c
de08c944b2cb2671078e452d870757622e286f7214d736ab2c1b1d1c2ab8dcfb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
07a86cf9d9c8389ebd9c52303c83b27f
fd3524d701bdf111c541b6fc9e038bffcc3b5d6c
de08c944b2cb2671078e452d870757622e286f7214d736ab2c1b1d1c2ab8dcfb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

googleads.g.doubleclick.net/pagead/viewthroughconversion/849073348/?random=1670487796391&cv=11&fst=1670487796391&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=802027307.1670487796&data=event%3Dgtag.config&rfmt=3&fmt=4

142.250.74.162

200 OK

967 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/849073348/?random=1670487796391&cv=11&fst=1670487796391&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=802027307.1670487796&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2285), with no line terminators
Size
967 B (967 bytes)
Hash
9483b5714a4d6b7e76e29b441c3854c3
64fed7e3df0b05557e4080bc504ec09e52b51da8
97c3965e37bbc589a95e1d606d910e849710e6169c2857036dd17e8220155127

HTTP Headers

GET /pagead/viewthroughconversion/849073348/?random=1670487796391&cv=11&fst=1670487796391&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=802027307.1670487796&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 08:23:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 967
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 08-Dec-2022 08:38:17 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/849063932/?random=1670487796416&cv=11&fst=1670487796416&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=802027307.1670487796&data=event%3Dgtag.config&rfmt=3&fmt=4

142.250.74.162

200 OK

970 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/849063932/?random=1670487796416&cv=11&fst=1670487796416&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=802027307.1670487796&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2285), with no line terminators
Size
970 B (970 bytes)
Hash
7736dc7132fb67175756c1b81ea06015
319cd88e20ed7e3f7501318765e1e4d4c756691f
ab516445b396d567a43f97f1c7ef3590e5b6e87038f7c1fcb4e9fe6d477e3e59

HTTP Headers

GET /pagead/viewthroughconversion/849063932/?random=1670487796416&cv=11&fst=1670487796416&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=802027307.1670487796&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 08:23:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 970
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 08-Dec-2022 08:38:17 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/391028924/?random=1670487796432&cv=11&fst=1670487796432&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=802027307.1670487796&data=event%3Dgtag.config&rfmt=3&fmt=4

142.250.74.162

200 OK

969 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/391028924/?random=1670487796432&cv=11&fst=1670487796432&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=802027307.1670487796&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2283), with no line terminators
Size
969 B (969 bytes)
Hash
376627b5170ebab942f9f6794bd61daa
2af6363d6ff5e1be78e5c3c64e85c41e4a99de10
ae5d82427de36a5885ca85495c6de8d1c6dc1734f4113ad50e0ae99a10b63ed9

HTTP Headers

GET /pagead/viewthroughconversion/391028924/?random=1670487796432&cv=11&fst=1670487796432&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=802027307.1670487796&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 08:23:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 969
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 08-Dec-2022 08:38:17 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/786635084/?random=1670487796375&cv=11&fst=1670487796375&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=802027307.1670487796&data=event%3Dgtag.config&rfmt=3&fmt=4

142.250.74.162

200 OK

968 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/786635084/?random=1670487796375&cv=11&fst=1670487796375&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=802027307.1670487796&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2285), with no line terminators
Size
968 B (968 bytes)
Hash
6328c397e1532e8ba7c0f9d9a9719c3c
4a01292d4dd9b58cbc61725dcb66d4714086bec1
90122b6ad0dfa105d25f0038b6781e538d7bcc3689680a8730b39df0c83b677f

HTTP Headers

GET /pagead/viewthroughconversion/786635084/?random=1670487796375&cv=11&fst=1670487796375&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=802027307.1670487796&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 08:23:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 968
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 08-Dec-2022 08:38:17 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
07a86cf9d9c8389ebd9c52303c83b27f
fd3524d701bdf111c541b6fc9e038bffcc3b5d6c
de08c944b2cb2671078e452d870757622e286f7214d736ab2c1b1d1c2ab8dcfb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8274b291596906eb3779dccb82ec41cb
b2ec554df1fa55e18a4316b76ac617dc626b7598
69129be0a1c2e3d1dfc602aea4ef004ea01b3bfa6c5863bd225843472f1bb7c8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8129d4d0ebab3efc528f57883dfb30ba
be557eee6cd854421ec872673041867c73369fa2
ed95fb60948c81a74657e5964798a07145fe91fee47cb270006f62294a5670b1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8129d4d0ebab3efc528f57883dfb30ba
be557eee6cd854421ec872673041867c73369fa2
ed95fb60948c81a74657e5964798a07145fe91fee47cb270006f62294a5670b1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8129d4d0ebab3efc528f57883dfb30ba
be557eee6cd854421ec872673041867c73369fa2
ed95fb60948c81a74657e5964798a07145fe91fee47cb270006f62294a5670b1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdn.linkedin.oribi.io/partner/291554/domain/hungtingon.serveirc.com/token

143.204.55.87

200 OK

104 B

URL HTTP/2
cdn.linkedin.oribi.io/partner/291554/domain/hungtingon.serveirc.com/token
IP
143.204.55.87:0
ASN
#16509 AMAZON-02

File type
data
Size
104 B (104 bytes)
Hash
f300e2a4e2aa8ab2dbe3727e273fe4dd
5aa7e29e67ba7e1c003ea9902d9e407e9ed1de33
aad40f368d389709abeef0de0ac56af4c39ef25c8a5aa91bc851e6088a4366a6

HTTP Headers

GET /partner/291554/domain/hungtingon.serveirc.com/token HTTP/1.1
Host: cdn.linkedin.oribi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: *
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://hungtingon.serveirc.com
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/json
date: Thu, 08 Dec 2022 08:23:17 GMT
access-control-allow-origin: *
cache-control: public, max-age=3600
content-encoding: gzip
vary: accept-encoding
x-cache: Miss from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: SJbG82DW8qa_9gng0tcMWz1VnAnevvzJOFMIJTCwXFVHx2qNeb3DGg==
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8129d4d0ebab3efc528f57883dfb30ba
be557eee6cd854421ec872673041867c73369fa2
ed95fb60948c81a74657e5964798a07145fe91fee47cb270006f62294a5670b1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

sp.analytics.yahoo.com/sp.pl?a=10000&d=Thu%2C%2008%20Dec%202022%2008%3A23%3A16%20GMT&n=0&b=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&.yp=10030245&f=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&enc=UTF-8&tagmgr=gtm%2Censighten

212.82.100.181

200 OK

0 B

URL HTTP/2
sp.analytics.yahoo.com/sp.pl?a=10000&d=Thu%2C%2008%20Dec%202022%2008%3A23%3A16%20GMT&n=0&b=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&.yp=10030245&f=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&enc=UTF-8&tagmgr=gtm%2Censighten
IP
212.82.100.181:0
ASN
#34010 Yahoo! UK Services Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sp.pl?a=10000&d=Thu%2C%2008%20Dec%202022%2008%3A23%3A16%20GMT&n=0&b=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&.yp=10030245&f=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&enc=UTF-8&tagmgr=gtm%2Censighten HTTP/1.1
Host: sp.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:23:17 GMT
expires: Thu, 08 Dec 2022 08:23:17 GMT
pragma: no-cache
cache-control: no-cache, private, must-revalidate
content-type: application/x-javascript
accept-ranges: bytes
content-length: 0
server: ATS
age: 0
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
set-cookie: A3=d=AQABBPWekWMCEE8IcUepOZJJOG0h_OS-D9QFEgEBAQHwkmObYwAAAAAA_eMAAA&S=AQAAApTlCgf-l36IlpgzFMMdkqk; Expires=Fri, 8 Dec 2023 14:23:17 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/849063932/?random=1670487796416&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3681601466&rmt_tld=1&ipr=y

142.250.74.163

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/849063932/?random=1670487796416&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3681601466&rmt_tld=1&ipr=y
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/849063932/?random=1670487796416&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3681601466&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 08:23:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.facebook.com/tr/?id=5140493269326436&ev=PageView&dl=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&rl=&if=false&ts=1670487796686&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmensighten&ec=0&o=29&fbp=fb.2.1670487796684.882204831&it=1670487796402&coo=false&dpo=LDU&dpoco=0&dpost=0&eid=a151289a-5a5a-45d4-8547-9be5d7ca5f22&rqm=GET

31.13.72.36

200 OK

0 B

URL HTTP/2
www.facebook.com/tr/?id=5140493269326436&ev=PageView&dl=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&rl=&if=false&ts=1670487796686&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmensighten&ec=0&o=29&fbp=fb.2.1670487796684.882204831&it=1670487796402&coo=false&dpo=LDU&dpoco=0&dpost=0&eid=a151289a-5a5a-45d4-8547-9be5d7ca5f22&rqm=GET
IP
31.13.72.36:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /tr/?id=5140493269326436&ev=PageView&dl=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&rl=&if=false&ts=1670487796686&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmensighten&ec=0&o=29&fbp=fb.2.1670487796684.882204831&it=1670487796402&coo=false&dpo=LDU&dpoco=0&dpost=0&eid=a151289a-5a5a-45d4-8547-9be5d7ca5f22&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin: 
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Thu, 08 Dec 2022 08:23:17 GMT
X-Firefox-Spdy: h2

www.google.com/pagead/1p-user-list/391028924/?random=1670487796432&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=590188933&rmt_tld=0&ipr=y

216.58.207.228

200 OK

42 B

URL HTTP/2
www.google.com/pagead/1p-user-list/391028924/?random=1670487796432&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=590188933&rmt_tld=0&ipr=y
IP
216.58.207.228:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/391028924/?random=1670487796432&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=590188933&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 08:23:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.com/pagead/1p-user-list/849063932/?random=1670487796416&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3681601466&rmt_tld=0&ipr=y

216.58.207.228

200 OK

42 B

URL HTTP/2
www.google.com/pagead/1p-user-list/849063932/?random=1670487796416&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3681601466&rmt_tld=0&ipr=y
IP
216.58.207.228:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/849063932/?random=1670487796416&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3681601466&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 08:23:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.com/pagead/1p-user-list/786635084/?random=1670487796375&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2858718718&rmt_tld=0&ipr=y

216.58.207.228

200 OK

42 B

URL HTTP/2
www.google.com/pagead/1p-user-list/786635084/?random=1670487796375&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2858718718&rmt_tld=0&ipr=y
IP
216.58.207.228:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/786635084/?random=1670487796375&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2858718718&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 08:23:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

px.ads.linkedin.com/collect?v=2&fmt=js&pid=291554&time=1670487796314&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852

13.107.42.14

302 Found

0 B

URL HTTP/2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=291554&time=1670487796314&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
IP
13.107.42.14:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /collect?v=2&fmt=js&pid=291554&time=1670487796314&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852 HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D291554%26time%3D1670487796314%26url%3Dhttps%253A%252F%252Fhungtingon.serveirc.com%252Fvfy%252Flogin.php%253Fcmd%253Dlogin_submit%2526id%253D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%2526session%253D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQIKqN-qZ34eFwAAAYTw1O4C3zvlr3TLqppxvNTORxMxfGz9J2PhLSX3xXu30Ev-5cBUAII-rpW1tA; Max-Age=2592000; Expires=Sat, 07 Jan 2023 08:23:17 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQIUVv9104ycHgAAAYTw1O4CAbyJ3BD19tESNE9AvogleZNhmCjPYw7iF9yWRqdajEDaPWe8U0xhM19aPckioA; Max-Age=2592000; Expires=Sat, 07 Jan 2023 08:23:17 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&4b7d605f-eaee-4bdf-8797-3dcc92dff8fd"; domain=.linkedin.com; Path=/; Secure; Expires=Fri, 08-Dec-2023 08:23:17 GMT; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2392:u=1:x=1:i=1670487797:t=1670574197:v=2:sig=AQGXNl2QlJLkaq4FlMKszpoJTiajyYvz"; Expires=Fri, 09 Dec 2022 08:23:17 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXvTL/BkkInJWlB4VTNrQ==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 793A150653A64F2DB8E7AB5394B80E07 Ref B: OSL30EDGE0217 Ref C: 2022-12-08T08:23:17Z
date: Thu, 08 Dec 2022 08:23:16 GMT
content-length: 0
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/391028924/?random=1670487796432&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=590188933&rmt_tld=1&ipr=y

142.250.74.163

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/391028924/?random=1670487796432&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=590188933&rmt_tld=1&ipr=y
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/391028924/?random=1670487796432&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=590188933&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 08:23:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/849073348/?random=1670487796391&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1504173547&rmt_tld=1&ipr=y

142.250.74.163

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/849073348/?random=1670487796391&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1504173547&rmt_tld=1&ipr=y
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/849073348/?random=1670487796391&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1504173547&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 08:23:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/786635084/?random=1670487796375&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2858718718&rmt_tld=1&ipr=y

142.250.74.163

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/786635084/?random=1670487796375&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2858718718&rmt_tld=1&ipr=y
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/786635084/?random=1670487796375&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2858718718&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 08:23:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8129d4d0ebab3efc528f57883dfb30ba
be557eee6cd854421ec872673041867c73369fa2
ed95fb60948c81a74657e5964798a07145fe91fee47cb270006f62294a5670b1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a938af990a97b9856e1174d11c72cbf7
b57716fd0ea9a1e9e0a0595ff593f939560c0abf
6ab769333b231097d077edfbc1c3fc9560de5ae9bfeb5b8360dea8b7fadbcb44

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D291554%26time%3D1670487796314%26url%3Dhttps%253A%252F%252Fhungtingon.serveirc.com%252Fvfy%252Flogin.php%253Fcmd%253Dlogin_submit%2526id%253D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%2526session%253D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26liSync%3Dtrue

13.107.42.14

302 Found

0 B

URL HTTP/2
www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D291554%26time%3D1670487796314%26url%3Dhttps%253A%252F%252Fhungtingon.serveirc.com%252Fvfy%252Flogin.php%253Fcmd%253Dlogin_submit%2526id%253D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%2526session%253D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26liSync%3Dtrue
IP
13.107.42.14:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D291554%26time%3D1670487796314%26url%3Dhttps%253A%252F%252Fhungtingon.serveirc.com%252Fvfy%252Flogin.php%253Fcmd%253Dlogin_submit%2526id%253D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%2526session%253D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26liSync%3Dtrue HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hungtingon.serveirc.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=291554&time=1670487796314&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&2b17c3f3-6341-4663-8b56-9317912e7a83"; Domain=.linkedin.com; Expires=Fri, 08-Dec-2023 08:23:17 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&202212080823170ce418ff-87fb-4cbc-8a00-1d144a9659abAQFtsm8e-EXEAcEz0izOOYzGBoFr9fBl"; Domain=.www.linkedin.com; Expires=Fri, 08-Dec-2023 08:23:17 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2NzA0ODc3OTc7MjswMjH2hsFifQFJ4iA5kBI3ar9pwxvyeNxnxReBXw0co3qnpA==; Domain=.linkedin.com; Expires=Tue, 06 Jun 2023 08:23:17 GMT; Path=/; Secure; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2450:u=1:x=1:i=1670487797:t=1670574197:v=2:sig=AQFSFXsE8FQDFY3or55xbGwZ8sMlDxPH"; Expires=Fri, 09 Dec 2022 08:23:17 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
content-security-policy: default-src *; connect-src 'self' *.licdn.com *.linkedin.com wss://*.linkedin.com dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/status linkedin.sc.omtrdc.net/b/ss/ *.qualtrics.com *.adyen.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; worker-src blob: 'self'; frame-src blob: lnkd-communities: voyager: *; frame-ancestors 'self' teams.microsoft.com client.learningapp.microsoft.com onyx.www.linkedin.com
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-fabric: prod-lva1
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXvTL/EGM6jtd/drr+LhQ==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 5CCB948D85214FBB88BA67A05CDA06F7 Ref B: OSL30EDGE0217 Ref C: 2022-12-08T08:23:17Z
date: Thu, 08 Dec 2022 08:23:16 GMT
content-length: 0
X-Firefox-Spdy: h2

13.107.42.14

200 OK

0 B

URL HTTP/2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=291554&time=1670487796314&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&liSync=true
IP
13.107.42.14:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /collect?v=2&fmt=js&pid=291554&time=1670487796314&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&liSync=true HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hungtingon.serveirc.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&744b8f88-a68a-4eab-835a-10fdb585c222"; domain=.linkedin.com; Path=/; Secure; Expires=Fri, 08-Dec-2023 08:23:17 GMT; SameSite=None
lidc="b=TGST09:s=T:r=T:a=T:p=T:g=2432:u=1:x=1:i=1670487797:t=1670574197:v=2:sig=AQEcY0cUGLzU59h5W0NrcLskxl22OOL1"; Expires=Fri, 09 Dec 2022 08:23:17 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAXvTL/GxN614pqYZ49Ijw==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 8E06D121D4224BB7A8E50617FA84FB44 Ref B: OSL30EDGE0217 Ref C: 2022-12-08T08:23:17Z
date: Thu, 08 Dec 2022 08:23:16 GMT
content-length: 0
X-Firefox-Spdy: h2

ocsp.godaddy.com/

192.124.249.36

200 OK

1.8 kB

URL HTTP/1.1
ocsp.godaddy.com/
IP
192.124.249.36:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1777 bytes)
Hash
8a541c10ac474902624085bf2b0b05e1
117daf2204d51ba509228cfab320f6de36b8edd4
e41fe2f2a49964823cd193cdb1f6778481064eb98d339df36d06ecd6fdf466ec

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 08 Dec 2022 08:23:20 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 07 Dec 2022 20:09:34 GMT
Expires: Thu, 08 Dec 2022 20:09:34 GMT
ETag: "117daf2204d51ba509228cfab320f6de36b8edd4"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

trk.clinch.co/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&version=3.4&a=1670487799273

34.203.147.81

302 Found

0 B

URL HTTP/2
trk.clinch.co/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&version=3.4&a=1670487799273
IP
34.203.147.81:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&version=3.4&a=1670487799273 HTTP/1.1
Host: trk.clinch.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Thu, 08 Dec 2022 08:23:20 GMT
content-length: 0
location: https://trk.clinch.co/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&version=3.4&a=1670487799273&try2=true
server: clinch
set-cookie: clinch-sid=a9efb644-f658-4363-b7b8-34c0257458a0; expires=Sun, 08 Dec 2024 08:23:20 GMT; domain=clinch.co; path=/; secure; samesite=none
X-Firefox-Spdy: h2

34.203.147.81

200 OK

79 B

URL HTTP/2
trk.clinch.co/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&version=3.4&a=1670487799273&try2=true
IP
34.203.147.81:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
79 B (79 bytes)
Hash
70c92fdbfdaad0989a68617939cf615c
4cc7e0778377d6e89b665e1741c798b9df21693a
3a2f25076dd3c45cd69196f5c15d3ae2678b208bc5f8ac053d54d4a1fb792006

HTTP Headers

GET /trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&version=3.4&a=1670487799273&try2=true HTTP/1.1
Host: trk.clinch.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hungtingon.serveirc.com/
Connection: keep-alive
Cookie: clinch-sid=a9efb644-f658-4363-b7b8-34c0257458a0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:23:20 GMT
content-type: text/html
content-length: 79
server: clinch
cache-control: no-store
x-robots-tag: none
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d63221bfad18bc76302aa82447ab2376
e3e80b2f3bd9729603da5342416e74a6007b8e34
7aa5721f358062550c450932d22f80617d3b833e9fb95731f8b47c75b9456a0c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7AA5721F358062550C450932D22F80617D3B833E9FB95731F8B47C75B9456A0C"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=97
Expires: Thu, 08 Dec 2022 08:24:57 GMT
Date: Thu, 08 Dec 2022 08:23:20 GMT
Connection: keep-alive

mef957.dynatrace-managed.com/bf/55ab56e3-f58b-45f8-a01d-56e2db48866f?dtCookie=-5%24ILMI6FSMABTS0U35LV4M1OKQR0PFJFI1;dtLatC=689;referer=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852;visitID=SVQRANLNMGCGPKRUHVGNIRHPPCUCCUDS-0;app=0bd76d7cc9264013;end=1

100.24.162.178

200 OK

28 B

URL HTTP/1.1
mef957.dynatrace-managed.com/bf/55ab56e3-f58b-45f8-a01d-56e2db48866f?dtCookie=-5%24ILMI6FSMABTS0U35LV4M1OKQR0PFJFI1;dtLatC=689;referer=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852;visitID=SVQRANLNMGCGPKRUHVGNIRHPPCUCCUDS-0;app=0bd76d7cc9264013;end=1
IP
100.24.162.178:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with no line terminators
Size
28 B (28 bytes)
Hash
b3b616cdccc63672fb7dfb1c9cf17b94
209c6645bf2bfc5aa3114d56846f37b51f018728
1280314b5bc8ff4f42b0ae1b45c42bceeddce7f4a09a13e24aa7f316dd4ae028

HTTP Headers

POST /bf/55ab56e3-f58b-45f8-a01d-56e2db48866f?dtCookie=-5%24ILMI6FSMABTS0U35LV4M1OKQR0PFJFI1;dtLatC=689;referer=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852;visitID=SVQRANLNMGCGPKRUHVGNIRHPPCUCCUDS-0;app=0bd76d7cc9264013;end=1 HTTP/1.1
Host: mef957.dynatrace-managed.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 3003
Origin: https://hungtingon.serveirc.com
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:20 GMT
Content-Type: text/plain;charset=utf-8
Cache-Control: no-cache
Content-Length: 28

hungtingon.serveirc.com/vfy/assets/js/ruxitagentjs_ICA27SVfjoqrux_10197200831173448.js.download

35.80.21.195

200 OK

0 B

URL HTTP/1.1
hungtingon.serveirc.com/vfy/assets/js/ruxitagentjs_ICA27SVfjoqrux_10197200831173448.js.download
IP
35.80.21.195:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /vfy/assets/js/ruxitagentjs_ICA27SVfjoqrux_10197200831173448.js.download HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:18:46 GMT
Accept-Ranges: bytes
Content-Length: 182288
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (40)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations